Security Director Alert: USB Killer Stick II

Remember the USB Killer stick that indiscriminately and immediately fries about 95 percent of devices? (See the Security Scrapbook warning about it from last September.)

Well, now the company has released a new version that is even more lethal! And you can also buy an adapter pack, which lets you kill test devices with USB-C, Micro USB, and Lightning ports.

Further Reading: USB Killer, yours for £50, lets you easily fry almost every device

If you haven't heard of the USB Killer before, it's essentially a USB stick with a bunch of capacitors hidden within. When you plug it into a host device (a smartphone, a PC, an in-car or in-plane entertainment system), those capacitors charge up—and then a split second later, the stick dumps a huge surge of electricity into the host device, at least frying the port, but usually disabling the whole thing...

The new USB Killer V3, which costs about £50/$50, is apparently 1.5 times more powerful than its predecessor, is more lethal (it pumps out eight to 12 surges per second), and is itself more resistant to setups that might cause the USB Killer to fry itself. more

Spybusters Tip #783 - Block your USB ports with a USB lock and security tape. Aside from Killer Stick sabotage, USB ports are virus injection portals.

German Parents told to Destroy Cayla

An official watchdog in Germany has told parents to destroy a talking doll called Cayla because its smart technology can reveal personal data.

The warning was issued by the Federal Network Agency (Bundesnetzagentur), which oversees telecommunications.

Researchers say hackers can use an insecure bluetooth device embedded in the toy to listen and talk to the child playing with it.

Manufacturer Genesis Toys has not yet commented on the German warning. more

Who Was the First Person to Record Sound?

In 1857, Édouard-Léon Scott de Martinville patented a device for recording sound: A person spoke or sang into a barrel, causing a membrane of parchment to vibrate and a pig bristle to record a mark on a moving surface of glass or paper.

This was useful in studying the characteristics of sound, but a century and a half would pass before we had the technology to play back the recordings. In 2008, audio historians recovered Scott’s “phonautograms” from the French patent office and converted his waveforms into digital audio files.


The recording below was made on April 9, 1860. It’s the French folk song “Au clair de la lune,” recorded 28 years before Edison’s first wax cylinder. more

Coals to Newcastle Espionage (not just any coal)

A federal jury on Thursday convicted a Chinese scientist in Kansas of conspiring to steal samples of a variety of genetically engineered rice seeds from a U.S. research facility, the U.S. Justice Department said, the latest attempt at agricultural theft linked to China.

Weiqiang Zhang, 50, a Chinese national living in Manhattan, Kansas, was convicted on three counts, including conspiracy to steal trade secrets and interstate transportation of stolen property, the department said in a statement.

Zhang, who has a doctorate from Louisiana State University, worked as a rice breeder for Kansas-based Ventria Bioscience Inc, which develops genetically programmed rice used in the therapeutic and medical fields.

He stole hundreds of rice seeds produced by Ventria and stored them at his Manhattan residence, the statement said. more

How to tell if Someone is a Spy (infographic)

"One never knows, do one?" ~Fats Waller

Click to enlarge.

One Expensive GPS Tracker

UK - An “obsessive” dad stalked a woman by placing a tracking device on her car and posted ‘revenge porn’ on Facebook...repeatedly called his victim and turned up at her home and workplace uninvited.

John Wyn Williams, prosecuting, said: “She was advised by the police to check her car and found strapped to the bottom an iPhone used as a tracking device.” more

GPS trackers sell for less than $100. these days. A professional TSCM inspection, priceless. ~Kevin

Fox Sexual Harassment Lawsuit wants to Include Electronic Surveillance

In what were described by National Public Radio’s David Folkenflik as “explosive allegations,” former host Andrea Tantaros claimed Fox News conducted “electronic surveillance” and potentially “violated securities laws by not reporting [lawsuit] settlements to the Securities and Exchange Commission.”

The allegations of surveillance and securities fraud originate from a sexual harassment lawsuit filed in 2016 by Tantaros naming Fox News, Ailes, and on-air personalities Scott Brown and Bill O’Reilly, “alleging retaliation by Ailes after she tried to complain about harassment.” Tantaros has spoken out about the “pervasive … culture of misogyny and sexism” at Fox News, and claimed that she was sexually harassed by Ailes “numerous times.”

Moreover, the allegations of “electronic surveillance” come on the heels of Fox News’ parent company News Corp’s 2011 phone hacking scandal, and reports that Fox News even “hired a private investigator in late 2010 to obtain the personal home- and cell-phone records of” Media Matters’ own Joe Strupp. Now, according to The Washington Post, Tantaros’ lawyer is accusing Fox of electronic surveillance...

In the hearing, Burstein expressed his wish to amend the Tantaros suit by adding racketeering and electronic surveillance charges — a reference to the intelligence unit once operated by Ailes to spy on Fox News talent and critics. The judge told Burstein that he could not so amend the complaint. more

Spy Radio History - The Rhode & Schwarz ESM500A

This receiver was used by the top government surveillance agencies worldwide during the 1990's (CIA, NSA, GCHQ, BND, etc.) Some countries may still be using it today.

Depending upon the installed options, it would have set the purchaser back from $25,000 to $40,000 USD.

ESM series receivers are highly prized by premium receiver collectors, radio museums, and amateur radio / TSCM enthusiasts. It is is considered to be one of the best communications receivers ever made.

More photos and a chance to own it, here.

Ticketmaster Allegedly Hacked Start-up to Steal Trade Secrets

A startup ticketing company alleged in a legal filing that Live Nation Entertainment Inc., the country’s biggest concert promoter, hacked into its computer systems and stole trade secrets.

The allegations, included in an amended antitrust lawsuit that was originally filed by Brooklyn-based Songkick in 2015, are based on information that the company said came to light in the discovery process.

Filed in U.S. District Court in Los Angeles Wednesday, the complaint alleges that Live Nation’s Ticketmaster unit obtained unauthorized access to Songkick’s computers with the help of an executive who has worked at both companies. more

Spybuster Tip #512 — Change all passwords whenever an employee is terminated or quits. ~Kevin

Samsung Warns its "Smart TV" Listens to Every Word

Samsung has confirmed that its "smart TV" sets are listening to customers' every word, and the company is warning customers not to speak about personal information while near the TV sets.

The company revealed that the voice activation feature on its smart TVs will capture all nearby conversations. The TV sets can share the information, including sensitive data, with Samsung as well as third-party services...

Samsung has now issued a new statement clarifying how the voice activation feature works. "If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search," Samsung said in a statement. "At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV." more

How to make your smart-ass TV dumb, by making it deaf and blind. ~Kevin

Security Director Alert: Must See Video About Printer Security

My team and I have been giving the IT folks nightmares about this for years. 
Now, you can too!
Watch this... 
~Kevin

At a time when hacking dominates much of the news, HP is turning to Mr. Robot himself to highlight its new security platform designed to protect business printers. The Palo Alto-based company has tapped Christian Slater for a year-long digital series called "The Wolf" in order to draw attention to cybersecurity in the workplace.

"Sheep never realize a wolf's around until it's too late. Then they do exactly what the wolf expects them to do. They run into each other, they fall down—they become dinner. Time to eat," says a spectacled Mr. Slater in the series' 30-second trailer.


The first six-minute episode shows the actor lurking outside offices, sending sheep cartoons to oblivious workers, crashing birthday parties and sending suspicious spa gift certificates via email. At one point, he even howls. more

Today Only - "Q" Gadgets from WWII up for Auction

James Bond's gadgets may seem far-fetched, but they do have a basis in fact as an auction in Kent, UK shows.

C & T Auctioneers is running an online auction through February 14 that includes a collection of authentic "Q" gadgets from the Second World War and beyond that were used by spies behind enemy lines and to help Allied POWs escape and evade capture.

During the Second World War, Britain's Special Operations Executive (SOE) was tasked by Prime Minister Winston Churchill to "set Europe ablaze" by dropping agents behind Axis lines to carry out espionage and sabotage as well as coordinating resistance movements. But they didn't go unarmed.

Thanks to Charles Fraser-Smith (Ian Fleming's inspiration for the character Q), SOE agents were equipped with gadgets to help them in their clandestine work. At the C&T auction, five of the eight items on sale were made for the SOE. more

Your New U.N.C.L.E. — Private Sector Intelligence Firms

UK - Private intelligence companies are part of a booming business in London and the British government complains it is having trouble retaining talented agents who are being drawn by high salaries and more growth opportunities in a blossoming industry estimated to be worth $19 billion.

Yesterday's Intelligence Office Entrance

“Our mission is to fill a gap of knowledge or information in any situation,” said Patrick Grayson, founder and CEO of GPW, a respected mid-sized London intelligence firm. “There’s always something people should or could know in addition to what they do know. Our job is to answer that question. To fill that gap in knowledge.”

With legal firms as their key clients, Gray’s company has set up shop on London’s Chancery Lane in the heart of the city’s legal district, where solicitors and judges dressed in the traditional court garb that includes white wigs and black robes can be seen walking between the courts and their offices in the medieval Inner Temple area...

Today's Intelligence Office Entrance

“Britain has been a very fertile place for information, intelligence gathering, and that has to do with our position in the globe, the British tradition of exploring foreign parts and relying on accurate information to expand its interests,” said Grayson.

Getting that accurate information requires tools that are reminiscent of the movies. Gear commonly used include jamming equipment to ensure that boardroom discussions are not being recorded and bug-searching devices...

Observers say the British government faces a brain drain as agents employed by police forces, the military and civilian intelligence agencies leave their jobs for better paying positions in private sector firms that often bill at rates of more than $1,000 an hour. more

Security Director Alert: Site Seeing In China - Not All Sites Can Be Seen

Traveling to China? 

Need to connect with specific websites?

Check to see if you will be able to connect.

The New York Times is an example of one popular site which is blocked.

Fortunately, GreatFire.org has a work-around for this, and other helpful tips.

Check here for our 20 additional traveler's tips. ~Kevin

Eavesdrop on Elevators

Did you know that some elevators talk to their bosses?

Yes, machines do have a secret life.
Eavesdrop on one.
Fascinating!

Workplace Eavesdropping - Time to Consider a Recording in the Workplace Policy

PA - A Fayetteville man is accused of secretly recording a conversation regarding a workplace dispute and posting the recording on Facebook.

John Frederick Richards III, 54, is charged with felony intercepting communications and "disclose intercepted communications," according to court documents. more

A Spycam Detection Program & Recording in the Workplace Policy is available here.

P.S. If you are going to break eavesdropping laws,  don't post the evidence on Facebook. ~Kevin

FutureWatch: Powerless Bugs or Teslabestiola II (update)

Back in 2013, the Security Scrapbook alerted you to Ambient Backscatter as a developing technology with extreme potential, including electronic surveillance / eavesdropping. 

At that time I said, "Ambient Backscatter research is in its infancy. Imagine the possibilities. Technical espionage could see its biggest advancement since the transistor."

Today, Jeeva Wireless, is developing this technology and is about to come out of stealth mode. 

The technology is so interesting, NASA has posted Federal contract opportunity NND1710133Q, "a sole source contract under the authority FAR 13.106-1(b)(1)(i)."

Here is the update...

"A group of University of Washington engineers has raised capital to develop and commercialize a power-efficient way to generate WiFi transmissions.


Jeeva Wireless just reeled in a $1.2 million round, co-founder Shyamnath Gollakota confirmed with GeekWire. He declined to provide more details about the cash and how Jeeva will use it, as the Seattle startup is still in stealth mode.

The company’s co-founders are the same UW researchers who co-authored a study last year for a Passive Wi-Fi system that can generate WiFi transmissions using 10,000 times less power than conventional methods.

Not even low-power options such as Bluetooth Low Energy and Zigbee can match the system’s energy efficiency, based on the study that earned the UW team a place on MIT Technology Review’s top-ten list of breakthrough technologies in 2016. With the fresh funding, it appears that the company is ready to commercialize its innovation" more

This Month's SpyCam Darwin Award - Shot While Spycaming

NY - An Erie County man has been arrested after spying on his neighbors with his cell phone.

Investigators said David Schindley's phone had more than 50 videos held closely to the windows of bedrooms, bathrooms or other rooms. The videos go back to this past October.

Schindley was taken into custody on Sunday after he was shot by a homeowner on the 500 block of Bald Eagle Drive. Deputies said the homeowner heard a noise and thought Schindley was trying to break into his home.

Schindley was shot in the leg, the homeowner who shot the suspect was not charged. more

Television-Spying Case - Vizio to Pay $2.2 Million

The Federal Trade Commission said Monday that Vizio used 11 million televisions to spy on its customers.

The company agreed to pay $2.2 million to settle a case with the FTC and the New Jersey attorney general’s office after the agencies accused it of secretly collecting — and selling — data about its customers’ locations, demographics and viewing habits.

“Before a company pulls up a chair next to you and starts taking careful notes on everything you watch (and then shares it with its partners), it should ask if that’s O.K. with you,” Kevin McCarthy, an attorney with the FTC’s Division of Privacy and Identity Protection, wrote in a blog post. “Vizio wasn’t doing that, and the FTC stepped in.”

As part of the settlement, Vizio neither confirmed nor denied wrongdoing. more

All Black's Bugging Scandal - Update

Australia - The security guard accused of fabricating the All Blacks hotel bugging scandal that rocked last year’s Bledisloe Cup has vehemently denied any wrongdoing saying: “I don’t know anything about this ­stupid bloody bug.”

Gravel-voiced Adrian Gard, 51... was charged with public mischief after a listening device was unearthed in the All Blacks’ team meeting room at the InterContinental in Double Bay...

Gard, who has 31 years’ experience in the security industry, is at the centre of a bizarre cloak and dagger scandal after a device similar to that used by law enforcement and spying agencies was discovered in a routine sweep of the team’s meeting room in August ahead of the clash with Australia. It was reportedly found in the foam of a chair...

Police will allege the security chief, who has protected the All Blacks for more than 10 years, claimed he “found” the device but investigators do not believe it was stuffed in a chair.

Gard, from Brisbane, will face court next month for the offence which relates to providing police with false information carrying a maximum 12-month sentence. more

Sad Story of the Beaten Bean Counter, or Wiretap Whistleblower Wasted

The Ninth Circuit on Monday dealt a final blow to a career prosecutor whose whistleblower lawsuit claimed the nation’s largest telecommunications bilked the federal government for surveillance services for two decades. 

The Ninth Circuit panel affirmed dismissal of prosecutor John Christopher Prather’s whistleblower suit...

He said the reduced labor should have lowered costs, but that the telecoms began charging law enforcement agencies, including the FBI and the Justice Department, fees 10 times higher than they should have been.

Prather, who reviewed the telecoms’ rate sheets and developed surveillance budgets as part of his duties supervising wiretapping activities, grew suspicious, and filed a qui tam action in 2009 under the False Claims Act. more previously in the Security Scrapbook

All Blacks Bugging: Man Charged

A man, understood to be a security consultant for New Zealand's All Blacks rugby team, has been charged over a listening device found in the team's Sydney hotel room during last year's Bledisloe Cup.

The device — described as similar to that used by law enforcement and spy agencies — was found inside a chair during a routine security search of the team's meeting room at the Intercontinental Hotel at Double Bay ahead of a Bledisloe Cup match against Australia last year.

Adrian Gard, 51, is understood to be a consultant for BGI Security which was contracted by the All Blacks during their Bledisloe Cup campaign.

He has been charged with public mischief over the bugging incident. more

Car Wars: Fifty Years of Backstabbing Infighting And Industrial Espionage (book)

Car Wars - An "astonishing...eye-opening chronicle" (Publisher's Weekly) of backstabbing, infighting, and industrial theft and espionage in the world's biggest business. It makes empires; it destroys economies; it shapes history.

Welcome to the world's biggest business--the automobile industry. A hundred years ago there were six highly experimental cars. Today there are close to 400 million cars on the planet: set bumper to bumper on a six-lane highway, they would stretch well over 200,000 miles, more than eight times around the earth.

With hundreds of billions of dollars at stake, is it any wonder that the major car companies wage a relentless war against one another, where (almost) anything goes? Here is the story of all the schemes and deceits, treacheries and shady deals in the battle for the world's car markets since the dawn of the global economy fifty years ago. more

The James Bond Movie Director Who Actually Was A Spy

That James Bond creator Ian Fleming drew literary inspiration from his wartime work in espionage is relatively well known. But the heroic World War Two exploits of the director of Bond films including Goldfinger and Live and Let Die are less well documented. more

Guy Hamilton's daring exploits can be relived on Inside Out South West on BBC One on Monday 6 February at 19:30 BST and on the iPlayer for 30 days thereafter

Security Director Alert - Check the Security of Your Networked Printers

Following recent research that showed many printer models are vulnerable to attacks, a hacker decided to prove the point and forced thousands of publicly exposed printers to spew out rogue messages.

Stackoverflowin claims to be a high-school student from the U.K. who is interested in security research...

The issue of publicly exposed printers is not new and has been exploited before to print rogue and sometimes offensive messages. However, the issue was renewed last week when researchers from Ruhr-University Bochum in Germany published a paper on different attacks against network printers and an assessment of 20 printer models. The researchers also released a Printer Exploitation Toolkit and published a printer hacking wiki.

Users should make sure that their printers can't be accessed through a public Internet Protocol address at all, Stackoverflowin said. However, if they need to do this, they should enforce access rules in their routers and only whitelist certain IP addresses, or set up a virtual private network, he said. more

I occasionally find networked printers are a back door to company networks. The most common issue is unsecured WiFi access. Have your IT department review this post and then double-check the security of the printers. Or, contact me for a complete technical information security inspection (TSCM). ~Kevin

Weird TSCM Science - Tuning Windows to Block Radio Frequency Eavesdropping

A new flexible material developed by engineers at the University of California, San Diego (UCSD) is claimed to be able to tune out various portions of the electromagnetic spectrum while allowing others to pass through, such as being opaque to infra-red but transparent to visible light, for example. This material has the potential to vastly improve the efficiencies of solar cells, or create window coatings that not only let in visible light and keep out heat, but also stop electronic eavesdropping by blocking electromagnetic signals.

Though still very much at the working prototype stage, the researchers intend to further their research by analyzing the effects of different materials, physical arrangements, and semiconductor properties in an attempt to create materials that absorb light at different wavelengths for use in a variety of applications.

The results of this research were recently published in the journal Proceedings of the National Academy of Sciences. more

How to be a Spy

Are you cut out for 00 status?

Rule #1 - Don't look goofy.

In America, spies in trench coats are usually bugging your office and listening in on your phone calls. In Britain, her majesty’s secret servants are busy code breaking between rounds of cricket.

In Vienna, instead, you just spend a day at the coffee house and, if you listen carefully, you will soon be up-to-date about the latest rumors of this city that loves secrets – and even more, to gossip about them on the sly...

Luckily, the city offers everything you need to live the high life of a spy. more

Even Your Car is Spying on You

You may not know this, but your car is collecting lots of information about your driving habits and history.
Who has access to this data and for what purpose? We speak with Lauren Smith, policy counsel at The Future of Privacy Forum. audio download

Recent Spy Camera News

A radiologist at a private practice has been spared jail after stashing his mobile phone in an air vent to record patients using the unisex toilet. more

An Orleans Parish judge dealt several setbacks late Tuesday to a prominent New Orleans breast reconstruction surgeon who faces rape and video voyeurism charges. Dr. Alireza Sadeghi, 41, is accused of raping and surreptitiously filming his now-estranged wife and of videotaping four nude patients in the operating room without their consent. In at least one instance, prosecutors claim, Sadeghi forwarded the footage to a friend. His trial is scheduled for March 20. more

A Utah man and student at BYU-Idaho has been accused of placing a small camera in the bathroom of a Rexburg apartment where six female students live... Rexburg police say a small camera was found hidden inside a towel hook mounted in the bathroom. more

A handyman who was jailed for 24 weeks after he hid a spy camera in a woman's bathroom after being invited round to fix her banisters is appealing his conviction... The court had heard Burnett, 41, planted the covert device in a vase in the victim's bathroom and could control it using an app on his mobile phone. When the victim went to change the flowers in the bathroom two months later she discovered the device and contacted the police. more

Some Indiana lawmakers suggest drone users with nefarious intentions could be flying under the radar under existing laws. ...the proposal creates a “remote aerial voyeurism” crime and addresses penalties for sex offenders operating drones inappropriately. more

Shaun Turner accessed his victims’ personal webcams but was caught by the Eastern Regional Operations Unit (ERSOU) following a tip-off. Turner, 29, of Race Course View, Cottenham, was used a malware system known as a Remote Access Trojan or ‘RAT’, a court heard. The RATs used by Turner enabled him to download all files held on his victims’ computers – including personal pictures, videos and identity documents. In addition, he deployed software to victims’ computers that streamed live images taken by their webcam to his own computer to view. more