Thursday, May 19, 2016

Eavesdropping on the Public in 1919

In 1919 a Chicago Theater bugged the seats...

Click to enlarge.
to find out what the audience was saying about the production they were watching. The hope was that the honest criticism (or praise) they heard would help them make future performances better. more

Think Video Surveillance is Just for Crime Prevention? Think again...

Sure, surveillance video can be used to “catch the bad guy” and deter incidents. But it can do so much more!

Download the Top 10 Values of Video Surveillance by Pivot3 to see how you could be leveraging your video for strategic business purposes beyond security.

See how video can help you:
  • Defend against fraudulent liability claims
  • Avoid fines from non-compliance
  • Improve the value of other business systems to your organization
  • And more!

Tuesday, May 17, 2016

CIA Former Agent Trains You to Survive... your wallet is decimated, however.

A new show where you learn CIA spy secrets that could save your life is headed to the Strip — it’s a two-day “Escape and Evasion” presentation hosted by former CIA agent Jason Hanson, who served with the agency for nearly a decade.

“Spy Escape & Evasion” debuts at the “Pin Up” theater in the Stratosphere on Aug. 17 with the first four back-to-back days, with future seminars to be announced.

It’s a $1,499.95 ticket price per person that includes hands-on personal training by Jason and his CIA team of former officers. He also will participate in meet-and-greet sessions, and 30 audience members will dine with him after the lectures and training sessions.

If you’ve ever dreamed of being 007 or wished you possessed the skills to protect yourself from danger like those in the CIA, these shows are for you. Jason’s courses are designed to keep individuals and their families safe from danger.

Here are topics Jason will cover in his fascinating show presented by Red Mercury Entertainment:
• How to escape rope, duct tape, zip ties and handcuffs in 30 seconds or less;
• secrets of situational awareness;
• important everyday carry gear bag;
• how to pick locks, hotwire a car and disappear without a trace;
• how to use social engineering to get almost anything you want;
• what to do when a crisis occurs; technical pen techniques;
• basic counter surveillance techniques;
• and hands-on training. more

...and then there is the Shark Tank $1,997 special.
...and then there is the $37 version.
...and then there is FREE CIA training.

Spying Using Phone Call Records – Study Says It's Easy

Stanford University researchers used call records to uncover heart problems, marijuana habits of volunteers. 

Phone metadata doesn’t reveal what people say, but such records of calls and text messages can help spy agencies, businesses or hackers discover private information about someone’s relationships, shopping interests and even health problems, according to a study published on Monday.

The research published in the journal Proceedings of the National Academy of Sciences showed that scans of call records help create detailed maps of not just the person being investigated, but also the lives of contacts in their phone history. Metadata is the term used for the receipt of a call or a text message included in the history of a phone, and these records are often maintained by a telecom service provider.

"Once a participant was labeled as in a relationship, we found that identifying the participant’s partner was trivial,” according to the researchers. “Our results suggest that, even without human review, a business or agency could draw sensitive inferences from a significant share of telephone records.” more

Intriguing Spy Stories From Internal NSA Reports

In the early months of 2003, the National Security Agency saw demand for its services spike

as a new war in Iraq, as well as ongoing and profound changes in how people used the internet, added to a torrent of new agency work related to the war on terror, according to a review of 166 articles from a restricted agency newsletter.

The Intercept today is releasing the first three months of SIDtoday, March 31 through the end of June 2003, using files provided by NSA whistleblower Edward Snowden. In addition, we are releasing any subsequent 2003 installments of SIDtoday series that began during this period. The files are available for download here.

We combed through these files with help from other writers and editors with an eye toward finding the most interesting stories... more

The NSA does excellent behind-the-scenes work. Since some of their work is now public you can now be thankful and proud. ~Kevin

Monday, May 16, 2016

Philly Cheesy Stake-Out... Outted

The Philadelphia Police Department admitted today that a mysterious unmarked license plate surveillance truck disguised as a Google Maps vehicle, which Motherboard first reported on this morning, is its own.

In an emailed statement, a department spokesperson confirmed:

“We have been informed that this unmarked vehicle belongs to the police department; however, the placing of any particular decal on the vehicle was not approved through any chain of command.

With that being said, once this was brought to our attention, it was ordered that the decals be removed immediately.” more

Sunday, May 15, 2016

Spycam Found in Hospital Bathroom

Harris Health Systems is confirming that a hidden camera was found in a staff restroom at Ben Taub General Hospital. 

Hospital staff turned the camera over to Houston police.

Harris Health Systems oversees the county's public hospitals, including Ben Taub.

Kese Smith of the Houston Police Department said Thursday that the camera was found concealed inside a fifth floor restroom at the hospital which is used mostly by staff but is also sometimes accessed by the public.

It was not immediately known what kind of camera was found or how long it had been in the staff restroom. more

Thursday, May 12, 2016

Alarming Security Defects in SS7, the Global Cellular Network—and How to Fix Them

The global network that transfers calls between mobile phone carriers has security defects that permit hackers and governments to monitor users’ locations and eavesdrop on conversations.

Courtesy ESD America
As more reports of these activities surface, carriers are scrambling to protect customers from a few specific types of attacks.

The network, called Signaling System 7, or SS7, is a digital signaling protocol that mobile phone carriers including AT&T, T-Mobile, and Sprint use to send messages to each other about who is a subscriber, where subscribers are located, and how calls should be routed to reach them.

SS7 began as a closed network shared among a few major mobile phone carriers, but grew porous as more carriers joined. Hackers and governments can now gain access by purchasing rights from a carrier (which many are willing to provide for the right price) or infiltrating computers that already have permission. more

One security firm advises:
"...we have two products that represent the world’s first comprehensive solution against
SS7 attacks: ESD Oversight Protect & ESD Oversight Detect. SS7 Network Penetration testing is
also available to carriers around the world who recognize the need to ensure their networks and their
subscribers are protected from the potential damaged these vulnerabilities expose."


Extra Credit — Ghosts in the Network: SS7 and RF Vulnerabilities in Cellular Networks — a presentation given at RSA Conference 2016

Tuesday, May 10, 2016

Med Students Caught Cheating with Spycams & Smart Watches

A top Thai medical college has caught students using spy cameras linked to smartwatches to cheat during exams in what some social media users have compared to a plot straight out of a Mission: Impossible movie.

Key points:
  • Thai students caught using spyglasses to send images of exam questions to accomplices
  • Accomplices sent answers back to students' smartwatches
  • Students paid 800,000 baht ($31,000) for equipment, answers
Arthit Ourairat, the rector of Rangsit University, posted pictures of the hi-tech cheating equipment on his Facebook page, announcing that the entrance exam in question had been cancelled after the plot was discovered.

Three students used glasses with wireless cameras embedded in their frames to transmit images to a group of as yet unnamed people, who then sent the answers to the smartwatches.

Mr Arthit said the trio had paid 800,000 baht ($31,000) each to the tutor group for the equipment and the answers.

"The team did it in real-time," Mr Arthit wrote. more

Checklist for Admissibility of Electronic Evidence


by Paul W. Grimm & Kevin F. Brady

HOPE Cranks it to Eleven this Summer - Tickets on Sale Now

Hackers On Planet Earth (HOPE) holds their 11th gathering July 22-24 in New York City.

Cory Doctorow is on tap to be their first keynote speaker.

Cory Doctorow (craphound.com) is a science fiction novelist, blogger, and technology activist. He is the co-editor of the popular weblog Boing Boing (boingboing.net), and a contributor to The Guardian, Publishers Weekly, Wired, and many other newspapers, magazines, and websites. (He even wrote an article for 2600 under a different name many years ago!) He is a special consultant to the Electronic Frontier Foundation (eff.org), you know, those superheroes who defend freedom in cyberspace on a daily basis. more

Why "Eleven"? The same reason Tesla auto sound systems peak at Eleven! video

The End of "A Little Bird Told Me"

At Twitter’s behest, US intelligence agencies have lost access to Dataminr, a company that turns social media data into an advanced notification system, according to the Wall Street Journal. While that may sound like a win for privacy, it’s a bit more complicated in practice.

The move leaves government officials without a valuable tool. Somewhat less clear is what sort of stand, if any, Twitter is taking...

“From the government perspective, it’s a good tool, because it gives real-time alerts to things that are happening before anyone really knows what’s going on,” says Aki Peritz, a former CIA counterterrorism expert and current adjunct professor at American University. “We want to allow law enforcement and the intelligence services to know bad things are happening in real time.” more

It's time to make peace with passwords. This free guide will help.

By now we're all well aware of what makes a bad password … it's us. 

A glance at SplashData's annual reporting on the world's worst passwords shows just how laughably bad at creating passwords us humans really are. But what's worse, as Steve Ragan's analysis of leaked passwords shows, is that many passwords on the naughty list adhere to the carefully crafted password policies in use in companies today.

How can security leaders do better? For one thing, we can stop blaming users, says Michael Santarcangelo. Instead, we can focus on providing them with technology that makes the job easier.

That's where this guide comes in. more

US Government Study of Spyware - Possible Precursor to New Laws

Why GAO Did This Study
Smartphone tracking apps exist that allow a person to not only surreptitiously track another person’s smartphone location information, but also surreptitiously intercept the smartphone’s communications—such as texts, e-mails, and phone calls. This type of monitoring—without a person’s knowledge or consent—can present serious safety and privacy risks...

The federal government has undertaken educational, enforcement, and legislative efforts to protect individuals from the use of surreptitious tracking apps, but stakeholders differed over whether current federal laws need to be strengthened to combat stalking. Educational efforts by the Department of Justice (DOJ) have included funding for the Stalking Resource Center, which trains law enforcement officers, victim service professionals, policymakers, and researchers on the use of technology in stalking. With regard to enforcement, DOJ has prosecuted a manufacturer and an individual under the federal wiretap statute for the manufacture or use of a surreptitious tracking app.

Some stakeholders believed the federal wiretap statute should be amended to explicitly include the interception of location data and DOJ has proposed amending the statute to allow for the forfeiture of proceeds from the sale of smartphone tracking apps and to make the sale of such apps a predicate offense for money laundering. Stakeholders differed in their opinions on the applicability and strengths of the relevant federal laws and the need for legislative action. Some industry stakeholders were concerned that legislative actions could be overly broad and harm legitimate uses of tracking apps. However, stakeholders generally agreed that location data can be highly personal information and are deserving of privacy protections. more full study