FutureWatch: Germans Sweep Parliament for Bugs and Tapped Phones

The German parliament building may be soon checked for bugs and eavesdropping landlines to ensure privacy. Berlin is ramping up security amid a scandal over electronic surveillance by the US National Security Agency.

A plan to secure the Bundestag complex was prepared by the Federal Office for Information Security (BSI) and approved by the IuK, the parliamentary commission on information technology and communications, Der Spiegel magazine reported on Monday citing its sources. It is to be presented to MPs later this week.

One of the prime areas of interest for the BSI is posed by supposedly secure rooms, which are meant to be used for negotiations of officials related to confidential matters. The office wants to ensure that they are actually free of bugs, the report says.

They also want to check landlines in the building, because they can be used for remote eavesdropping on the parliament. (more)

The amazing part of the story is that TSCM inspections are apparently not routine.

Two All Beef Paddies, Special Sauce, Let Us Cheese the Spycam!

Ireland - MCDONALD’S has defended the use of a hidden camera in the bathroom of a Dublin restaurant.

The primitive device, hidden in a smoke alarm in men’s bathroom in its Temple Bar branch, is pointed towards the sink area.

This leaves urinals and cubicles out of view.

A statement from McDonald’s noted that means the camera is “fully compliant with all appropriate legislation and guidelines in this area”.

Data Protection laws state that there are circumstances in which a camera can be installed in a bathroom. (more)

Mobile Malware Sees ‘Exponential’ 614 Percent Growth

Chinese cybercriminals are increasingly targeting mobile users as they develop ever more sophisticated hacking tools, according to new research from security firm Trend Micro.

Its Mobile Cybercriminal Underground Market report revealed that Chinese hackers are using a variety of in-depth malware and malicious code programs to target users both at home and in the West, with mobile malware kits available to buy from as little as 100 yuan (around £10) on the black market.

“The barriers to launching cybercriminal operations are less in number than ever,” the report stated. “Toolkits are becoming more available and cheaper; some are even offered free of charge.” (more)

Turkish Watergate - First Audio Eavesdropping Tapes - Now Video

Turkey’s Prime Minister Recep Tayyip Erdogan, whose government has been ensnared by a series of anonymously leaked audio tapes of purported corruption, said his administration may face a new threat from covertly recorded video recordings.

“In these incidents, there is not just wiretapping, there is also filming,” Erdogan said in Ankara yesterday, according to state-run Anatolia news agency. “It’s even been stretched to the extreme of filming extramarital affairs, invading a family’s privacy and totally ignoring moral values.”

Speaking to local reporters after the release of audio tapes that the opposition said placed Erdogan at the center of a bribery scheme, the premier lashed out at the tactics. (more)

Kuwait Minister Warns on Eavesdropping Device Sales

KUWAIT -- Maximum penalties will be taken against any telecommunication company trading in eavesdropping devices, warned Minister of Communications Essa Al-Kanderi on Wednesday. Offenders will be referred to the public prosecution, the minister warned further, during a debate at the National Assembly. Some MPs charged during the discussions that a number of companies "possess" listening bugs, in violation of the Constitution and State Laws. (more)

County Jail Official Retires Amid Wiretap Charges

NJ - The deputy director of the Hudson County jail, who is facing federal charges he used a website to illegally wiretap fellow employees, has put in his retirement papers, officials said.

The retirement papers of Kirk Eady, 45, of East Brunswick, are dated retroactively to Feb. 1, Hudson County spokesman Jim Kennelly said.

Eady turned himself in to federal authorities on Feb. 15 after being charged with intentionally intercepting the wire, oral or electronic communications of others, according to a criminal complaint. (more)

Update - Rayney Phone Bugging Case

Australia - Former Perth barrister Lloyd Rayney will be making an application to put a permanent hold on charges of bugging his wife's phone, a court has heard. Rayney is accused of intercepting the calls of his wife Corryn in the lead up to her death in 2007. (more)

Previously reported in 2007...
She bootscoots. He taps. What could possibly go wrong? 
The Continuing Saga of the Rayney Wiretap 
Update - Rayney ‘phone’ man in key talks

Bogus Boris Netflix App

Android phones and tablets from four different manufacturers are arriving with malware “pre-installed” – a bogus version of Netflix which sends password and credit card information to Russia, according to app security specialist Marble Security.

David Jevans, CTO and founder of the company said that he was alerted to the problem by a company testing his product, software to help organizations manage mobile devices, after it repeatedly flagged Netflix as malicious, according to PC World’s report.

Jevans’ team analysed the app, and found that it was bogus, using tools including one that analyzed the app’s network traffic for signs of communication with known malicious servers. Jevans says, “This isn’t the real Netflix. You’ve got one that has been tampered with, and is sending passwords and credit card information to Russia.” (more)

A Black Eye for Blackphones

Australian law enforcement agencies are increasingly unable to monitor the communications of some of the country's most powerful criminals due to the rising prevalence of uncrackable encrypted phones. 

The phones are linked to a series of the underworld killings that rocked Sydney, several senior law enforcement officials told the ABC on condition of anonymity.

The phones are sold by dozens of companies worldwide and have legitimate uses.

But the law enforcement officials say thousands of the phones have been obtained by Australian criminals and they are using them to commit serious crimes, including murder. (more) (video report)

Interesting article, but... one half of my brain is saying wouldn't the LE's want criminals to think these phones are secure? And, once the general public views encryption as a criminal tool, the politicians would be free to pass laws restricting communications encryption so then only the outlaws (and selected others) would use it... kind-of-like gun silencers.

Or, maybe I've been "Snowed-in" over the long winter and have become cynical.

Crypto Bug Leaves Linux, Hundreds of Apps Open to Eavesdropping

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates ... indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. 

Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers. (more)

Chevron Wins Suit Fighting $9.5 Billion Ecuador Judgment - The Spy Pen Helped

Back in 2009, I posted this: Spy Pen May Kill $27 Billion Lawsuit. A little later: The Chevron Secret Recordings Case Continues. Chevron claimed that the Ecuadorian legal system was corrupt and they were not getting a fair hearing. 

They backed up their claim with covert videos showing the bribery and corruption. For a while they hosted the videos on their website, while saying they had nothing to do with the making of them.

The videos were made with nothing more than a cheap spy pen and video wristwatch bought from a SkyMall catalog. 

Now, a $9.5 Billion lawsuit is $0.00. If this doesn't prove the power of spy gadgets, nothing does. 

Got any cheap spy gadgets hanging around your offices? You don't know, do you? Call me.

Here is how the lawsuit ended today...
A federal judge ruled in favor of Chevron Corp. on Tuesday in a civil racketeering case, saying a record $9.5 billion environmental judgment in Ecuador against the oil giant was "obtained by corrupt means."

U.S. District Judge Lewis Kaplan found that New York lawyer Steven Donziger and his litigation team engaged in coercion, bribery, money laundering and other criminal conduct in pursuit of the 2011 verdict.
The decision barred Mr. Donziger and his two Ecuadorean co-defendants from profiting from the verdict.

The case in New York stems from a 2003 lawsuit filed by a group of Ecuadorean villagers from the Lago Agrio region over decades-old pollution from oil exploration in the Amazon rain forest by Texaco Inc., which Chevron acquired in 2001. The decision could hamper efforts to enforce the 2011 judgment by pursuing Chevron's assets in Canada and elsewhere. (more)

G-Men Chase Sprint'er Over Inflated Wiretap Billing

Sprint Corp. overcharged the Federal Bureau of Investigation, the Drug Enforcement Administration and other law-enforcement agencies by more than 50% to facilitate eavesdropping on phone calls, the U.S. Justice Department alleged in a lawsuit filed Monday.

The suit accuses Sprint of inflating the bills it submitted to federal law-enforcement agencies for wiretaps and other surveillance services to cover capital expenditures necessary to respond to the requests—something prohibited by federal law and Federal Communications Commission rules, according to the complaint filed in federal court in San Francisco.

Sprint covered up the fact that the extra charges were included in the bills paid by the FBI and others by disguising them as regular surveillance costs, the suit alleges. As a result, the federal government overpaid Sprint by $21 million over a period of three and a half years.
Sprint said it didn't break the law and will fight the charges. (more)

Florida Cops’ Secret Weapon: Warrantless Cell Phone Tracking

Police in Florida have offered a startling excuse for having used a controversial “stingray” cell phone tracking gadget 200 times without ever telling a judge: the device’s manufacturer made them sign a non-disclosure agreement that they say prevented them from telling the courts. (more)

Business Espionage: Rival CEO Posed as Exec to Get Secrets

The CEO of a sporting goods chain who once appeared on the TV show "Undercover Boss" pretended to be an executive from a rival company in an effort to get confidential information, according to a lawsuit.

Artist's conception. Not a real executive spying.

Dick's Sporting Goods claims in a lawsuit filed Feb. 20 in Mercer County Court that Mitchell Modell, CEO of Modell's Sporting Goods, showed up at a Dick's store in Princeton in February saying he was a Dick's senior vice president.

Dick's alleges Modell told employees he was to meet the Dick's CEO there and persuaded workers to show him the backroom of the store and to answer questions about the business. Modell gathered information about online sales, including a "ship from store" program that gets products to customers' doors quickly, the lawsuit said. (more)

Security Director Alert: Like electronic eavesdropping, business espionage via social engineering is one of the more common spy tricks. In addition to TSCM, make employee awareness about social engineering part of your counterespionage strategy. This story makes an excellent talking point.

If Your are Calling the FBI or Secret Service, ...

...don't get the phone number from a Google Maps listing.

Don't trust Google Maps, warns former map-jacker after he was ironically called a 'hero' by the feds he wiretapped.

The incident in question involves an individual posting their own phone number as a Secret Service field office phone number on Google Maps. When unsuspecting citizens utilize this incorrect third party phone number to contact the Secret Service the call is directed through the third party system and recorded. This is not a vulnerability or compromise of our phone system. Virtually any phone number that appears on a crowdsourcing platform could be manipulated in this way.

The Secret Service encourages the general public to visit their website at www.secretservice.gov to obtain accurate contact information for our field offices. (more) (video)