Spybuster Tip #715: How to Prevent Hacker Wi-Fi Attacks

If your Wi-Fi name (SSID) is on this list, you're at risk. 
If you ever used a Wi-Fi whose name (SSID) is on this list, you're at risk.

The list consists of approximately the 5000 most common SSIDs.

If a hacker uses this list to broadcast SSIDs, your laptop or phone may automatically connect to them. At that point, they see everything you do; user names, passwords, etc.

In a nutshell, program your device so that it does not automatically connect to a Wi-Fi SSID to which it has previously connected. Purge your previous connections list just to be sure.

Basic Spy Tradecraft: "Beware of pretty faces that you find..."

A German spy's romantic time in Latvia has ended up in a Munich court. The love-struck agent has lost his job, and a court case. 

A German spy fell in love with a Latvian woman in Riga and lost his job for violating policy. He has lost a legal battle against the BND intelligence agency.

The unnamed spy dated a Latvian woman while station chief in Riga, despite being instructed against having romantic relations with locals. Instead of informing the BND, he asked Latvia's intelligence agency to run a background check on his girlfriend, who came up clean.

Only after the Latvian woman had moved in with him did the station chief inform his superiors. That landed him in hot water, leading the BND to recall the spy and find him unfit for duty.

The man then sought compensation from the BND for lost earnings and other losses to the tune of 400,000 euros ($421,920). more sing-a-long

Spycam News: Multi-Millionaire Landlord Pleads Guilty to Secretly Filming his Tenants

Australia - A multi-millionaire Sydney landlord will face sentencing next month after pleading guilty to charges relating to secretly filming his tenants without consent to obtain sexual arousal.

Masaaki Imaeda, 66, installed hidden cameras into his rental properties so he could spy on tenants having sex or undressing...

After finding a warning about Imaeda and his spy cameras on a Japanese website, a husband and wife who rented a bedroom from him found a camera in their bedroom light fitting.

The young couple called police, who found multiple other hidden cameras inside the house...

He faces up to two years in prison. more

UK - A Starbucks customer in London was left “shocked and disgusted”* after finding a hidden camera above a toilet in a branch of the coffee shop. 

Ricci Arcari, 33, was at the Starbucks in Vauxhall when he spotted the device hidden in an air vent directly above the unisex toilet.

He told The Independent: “I go in [to the store] regularly. I ordered my drink and while I was waiting I popped in to use the toilet.

“I was standing using the toilet when I noticed a little glint Iike the way glass reflects.

“I stood on top of the toilet seat to get a better look and realised it was a webcam or some other kind of recording device.”

Mr Arcari, who used to work for Starbucks himself, said he ran out of the toilet, asked to speak to the store manager and showed him the camera.

The manager seemed “pretty shocked” and reportedly said “Oh God, that’s not good".

The device was immediately taken down and placed in a bag to be passed to police. more

 * May also be applied to the dirty air vent grill.
Protect yourself.

Business Espionage Today: Sling TV Launches Cloud DVR Hours Before DirecTV

Sling TV users will soon be able to record some TV shows and store them online for later viewing.

The feature, which will initially be available as an invite-only beta to users of Dish's online streaming video service, is being announced on the same day that a major rival is appearing on the scene. Details of AT&T's DirecTV Now will be unveiled at a press event in New York later today. more

Just coincidence? You decide. 
How secret is your marketing strategy? 
When was the last time you checked? ~Kevin

3 Ways Corporate Spies Might Be Watching Your Business and How to Stop Them

Business is a game of constant competition, but the widespread emergence of covert surveillance and tracking tools has expanded the playbook. Now, industrial espionage has a new dimension.

In the corporate world, the practice is nothing new. In fact, it's been a marketing tactic for decades... But the digital age has given corporate spying a new face. And with the modern proliferation of web-based spying options, corporate surveillance is more sophisticated and covert than ever.

Today, corporate spies for hire carry titles like "Competitive Intelligence Analyst" and "Competitive Market Strategist." There are many lucrative opportunities for these workers. And they might be watching your business right now. Here are three of the ways they do it—and also how to dodge their efforts. more

Turn Any Computer Into an Eavesdropping Device

Researchers at Israel’s Ben-Gurion University of the Negev have devised a way to turn any computer into an eavesdropping device by surreptitiously getting connected headphones or earphones to function like microphones.

In a paper titled "SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit," the researchers this week described malware they have developed for re-configuring a headphone jack from a line-out configuration to a line-in jack, thereby enabling connected headphones to work as microphones.

The exploit works with most off-the-shelf headphones and even when the computer doesn’t have a connected microphone or has a microphone that has been disabled, according to the researchers. more

 Spoiler Alert: It ain't easy to do, or likely to happen to you. ~Kevin

Business Espionage: GSM Bugs Are Mini Cell Phones in Disguise

(from a seller's website in the UK)
GSM bugs are also known as mobile phone bugs and infinity bugs. Based around mobile technology, these devices provide a discreet listening facility with an unlimited distance.

Click to enlarge.

Up until a few years ago radio frequency transmitters were relied upon to provide an eavesdropping solution, albeit over only relatively short distances, generally up to about 800 metres line of sight. These devices are still available, but have been outlawed by OFCOM legislation and are therefore not legal to sell into the UK or operate in the UK without a radio broadcast licence. GSM Bugs use the existing GSM network as a transmission tool.

When they fist became available, the GSM bugs were literally modified mobile phones that auto-answered silently to open up the microphone and listen into the surrounding environment. These devices are still available today and some dedicated (dead phone) units have had enhanced microphone adjustments to make them more attuned to pick up sounds in a wider area, turning them into dedicated listening devices.

As the technology has moved on, these eavesdropping devices have become smaller and more sophisticated. They are really only restricted in size at present by the battery size, however, some of the latest units are built into mains powered devices such as multi-plug adapters and mains sockets, thereby making them invisible to the naked eye and with no power consumption restrictions.

Some of these eavesdropping devices are obviously for the UK market.
Bugs for other electrical standards are also available. 

Do you have electrical extension strips in your office?
Have they been inspected and sealed by a TSCM specialist? 
~Kevin

Hot Tech History: The "iPod" of 1938

via Matt Novak 
 Today we take it for granted that we can bring music with us wherever we go.

But that obviously wasn’t always the case. As just one example of how cumbersome portable music could sometimes be, take a look at this portable radio receiver from 1938. It was all the rage in France.

The May 1938 issue of Short Wave and Television magazine included a photo-filled spread of new radio sets that had recently been featured at an electronics exhibit in Paris. As you can see in the photo on the far left, the latest “portable radio” included a strap so that you could lug it around with you.

Radio miniaturization was happening at a quick pace in the 1920s, and this was far from the only portable radio of the 1930s. But it’s a decent reminder that portability is and always has been relative... more

3D Industrial Espionage

Your 3-D printer is leaking, but not in ways you can see.

It leaks sounds and energy. That's not a problem — unless you want to keep your creation a secret. In that case, it's time to get serious about security. Computer scientists have now shown that hackers can eavesdrop on 3-D printers — and then copy what they made. All it takes is your average smartphone.

As 3-D printing becomes more widespread, thieves will find new ways to steal original designs, worries Wenyao Xu. This computer scientist at the State University of New York in Buffalo led the new work...

To hack these printers, a spy needs to merely “listen” to the noise and energy the machine emits, including the magnetic fields that vary as it works. Both sound and electromagnetic energy travel as waves. By tapping into these waves, Xu says, a spy could identify the shape of what was being printed. This would allow someone to steal a design without ever seeing the original.

“We need to prevent these attacks,” Xu says. more

The Most Intrusive Spying Powers in the “History of Western Democracy.”

Britain’s Investigatory Powers Bill, voted through Wednesday, 

gives the government what critics claim will be some of the most intrusive spying powers in the “history of Western democracy.”

U.K.-based Internet service providers will be expected to keep full records of every customer’s browsing history, stretching back a year, and the statute will provide enough legal clout for the government to force companies to decrypt data on demand as well as create security backdoors on the devices they sell in order to facilitate spying. more

The Spy Who Couldn't Spell Straight

...and now we're going to hear a story that sounds just too bizarre to be true. 

More than a decade before Edward Snowden famously leaked thousands of classified records to the world, another U.S. government contractor tried a similar move the old-fashioned way. His name is Brian Regan. And in 1999 and 2000, he smuggled classified documents out of his office and buried them in the woods hoping to sell them to a foreign government. But he was foiled in part by his own terrible spelling.

This thrilling story is out this month in a new book called "The Spy Who Couldn't Spell: A Dyslexic Traitor, An Unbreakable Code And The FBI's Hunt For America's Stolen Secrets." Michel Martin talked with author Yudhijit Bhattacharjee about the strange story of Brian Regan.

MM: Why do you think most people have never heard of this story?

YB: The main reason is that Brian Regan was arrested just two weeks before 9/11. And so his story got completely overshadowed by the coverage of what was arguably the biggest story of the last 20 years... more

How to Get Into a Locked iPhone... and what to do about it.

It's Pretty Easy For Someone To Access Your Photos And Other Personal Info On Your Locked iPhone

YouTuber iDeviceHelp is "not a hacker" but still managed to find a fairly simple way to get into a locked iPhone running iOS 9. No passcode needed.


If you have an iPhone you want to turn off SIRI when the screen is locked. ~Kevin

China Secretly Spying on Android Devices

According to Cybersecurity firm Kryptowire, some Android phones, including those from American phone manufacturer BLU, are being preinstalled with software that monitors where users go, who they call, and what they text. The information is then sent back to Chinese servers.

A software dedicated to spying on users is the trojan horse hidden inside some phones manufactured in China. Kryptowire, a Cybersecurity consulting firm, has released a report stating that such malware is being used to gather sensitive information such as GPS locations, text messages, etc. to send back to Chinese servers every 72 hours.

The piece of code has been lurking inside the Android operative system. As such, the program managed to conceal itself from the user’s perspective.

Tom Karygiannis from Kryptowire revealed that the malicious program was created by the Chinese company Adups, with the sole purpose of spying, stating that it isn’t the result of an error. Karygiannis said that the malware’s goal may be is to perform state espionage or to merely to sell advertising data....

Adups has over 700 million active users, and a market share exceeding 70% across 200+ countries and regions. 

The company’s software is used in phones, cars, and other devices. American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected, promptly stating that it had released an update to remove Adups’ spyware. more

Happy Holidays, or How Not to Get Scammed Online This Season

Protect yourself against online shopping scams by watching for these 10 telltale signs...

Many mom-and-pop retail stores maintain websites for selling their wares, and some entrepreneurs create online-only stores that ship products directly from warehouses. Unfortunately, scammers also use ecommerce as an opportunity to take shoppers' personal and financial information from afar. An odd-looking site or too-good-to-be-true deal might be the work of scammer rather than an ecommerce amateur. The following 10 signs can help shoppers distinguish between the two. more

Lawyers Should Not Bug Opposing Lawyer's Email

Alaska may have only about 2,500 active resident lawyers, but its bar ethics committee has become just the second authority in the country to weigh in on the practice of “bugging” the e-mail of opposing counsel.

The committee disapproved of this spy method in an opinion issued in late October, saying that it violated the Last Frontier’s version of Model Rule 8.4, which prohibits dishonesty and misrepresentation.

A “web bug” is a tracking device consisting of an object embedded in a web page or e-mail, that unobtrusively (usually invisibly) reveals whether and how a user has accessed the content. Other names for a web bug are web beacon, pixel tracker and page tag. more

Want to check who is secretly bugging you? Little Snitch for OSX does an excellent job and offers a free trial. Similar products exist for PC based computers. ~Kevin