Spycam News: Docs Know What's Up

The National Healthcare Professionals Association of South Africa has filed papers in the Pretoria High Court

accusing 19 medical aid schemes of spying on doctors and sneaking hidden cameras into their consulting rooms...

The lawsuit specifically named Discovery, stating that the scheme has sent spies and private investigators with concealed video cameras and recording equipment into private consultation rooms without consent. more

Where Smartphones Became Spyware Piñatas

A spying scandal in Mexico widened after it was confirmed by experts that several of the country’s top opposition leaders — along with journalists and human rights advocates — were targeted by high-tech spyware exclusively sold to governments.

The Internet watchdog group Citizen Lab exposed the scandal (in June) in a report that showed that spyware known as Pegasus had been used in recent years to infiltrate the cellphones of 12 prominent journalists and rights activists, all of whom had been critical of the Mexican government...

The victims received messages with links to the malware, which, when activated, allows outsiders to remotely access a phone’s data as well as activate its camera and microphone. more

Business Espionage Cautionary Tale - Bugs, Taps and Now... Drones

Australia - An international drug syndicate used drones to conduct counter-surveillance on police...

"During the investigation phase, this syndicate has used aerial drones to conduct counter-surveillance on police activity," Commander Beveridge said.

"The syndicate was using a drone when they were holding their meetings, to conduct counter-surveillance, to see if anyone, like law enforcement, was watching...

"It did cause the surveillance staff to initiate procedures and methodologies to defeat it. "These syndicates are getting a lot more sophisticated, and so are we. We've just got to be awake to it." more

Murray Associates Industrial Espionage Takeaway Points:
• Even with an upper floor office you are no longer immune to optical surveillance.
• If you have window blinds, use them.
• Make sure computer screens and whiteboards don't face windows.
• Institute a clear desk policy.
• If you see a drone, don't assume it's some hobbyist playing. Take a photo or movie for evidence.
• Be alert. A drone in your parking lot can grab all license plate numbers in a minute. (One of the first warning signs of an espionage attack.)

FutureWatch: Is Privacy the New Luxury?

There is nothing more luxurious than your own private island.

A secluded space, which is owned only by you. Private islands are the definition of privacy, security, peace, tranquility and an extraordinary lifestyle. There are only a handful of people in the world who have the opportunity to provide themselves and their family with the exclusive privacy and seclusion.

Enjoy it while you can...

Sea level rise accelerated by the melting of glaciers due to rising global temperatures has put many island nations on high alert, as their very survival hangs in the balance.

NASA researchers recently predicted that we are currently "locked into at least three feet of sea level rise, and probably more" by the end of the century.

Specifically, the Intergovernmental Panel on Climate Change listed the "Marshall Islands, Kiribati, Tuvalu, Tonga, the Federated States of Micronesia and the Cook Islands (in the Pacific Ocean); Antigua and Nevis (in the Caribbean Sea); and the Maldives (in the Indian Ocean)," as the most vulnerable nations to the effects of climate change. more

Business Espionage: The Slow Burn Costs

"Businesses need to be aware of the full costs of a cyber-attack, in particular, the “slow-burn” costs (i.e. those associated with the long-term impacts of a cyber-attack, such as the loss of competitive advantage and customer churn). When added to immediate costs (i.e. legal
and forensic investigation fees, and extortion pay outs), slow burn costs can dramatically increase the final bill." Lloyd's Report - in association with KPMG and legal firm DAC Beachcroft more

Lloyd's is promoting their cyber-insurance with this report. Their warning, however, actually applies to all forms of business espionage. Insurance is for the disaster. A good Technical Information Security Survey can prevent disasters. You need both.

15 Photos of ATM Scams

Take note of some of the most common ways thieves will try to steal your credit card details.


 Fourteen more photos.

Stepfather Accused of Murder Preceded by Spycam

Man accused of killing stepdaughter may have photographed her through peep holes.

Detectives found a photo they believe is of 13-year-old Jayden Glomb in her bathroom wearing a sports bra, apparently taken secretly by her stepfather who is now accused of killing her, court documents say.

Property seized so far in the investigation includes an endoscope camera, spy camera, thumb drives, clothing and photographs, according to a search warrant.The Tucson Police Department’s crime laboratory has begun to analyze the contents of a home computer that was used by Joshua Lelevier, 37, who was arrested May 31 in Jayden’s suffocation death. more

Cyber Espionage: Canada and China Agree to Knock it Off

The Chinese government has reached a landmark agreement with Canadian authorities that pledges to halt "economic cyber espionage", a technique long-used by Beijing to hack into large firms and steal trade secrets, often including details of proprietary technology and military plans...

"The two sides agreed that neither country's government would conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages," a portion of the deal stated.

According to the Globe and Mail, which first reported the deal, the accord solely covers economic espionage, declining to mention online espionage, surveillance and hacking to spy on state activity. more

Other business espionage items the accord does not cover...

• Electronic eavesdropping.
• Telephone wiretapping.
• Physical penetration of the workplace.
• Social Engineering.
• Infiltration of the workforce.
• Subversion of employees. (blackmail, payoffs, etc.)
• Optical surveillance.

A good Technical Information Security Survey will cover these vulnerabilities for you.

Dumb Thought #1: Spying — Dumb Thought #2...

On June 22, Kevin Patrick Mallory was brought before a US federal judge for his first hearing on charges that he sold highly classified documents to a Chinese intelligence agent.

These documents, which are considered "National Defense Information," included at least one Top Secret document and three classified as Secret and were found on a phone Mallory had been provided by his Chinese contacts.

Mallory, a 60-year-old former Central Intelligence Agency employee had thought the documents were in messages that had been deleted automatically from the device. Mallory faces life in prison if convicted. more

Things We See — Blue Bucket Blues

Not all information security issues are this obvious. 

Finding all of them requires an independent Technical Information Security Survey. more

Business Espionage: America's Cup Teams Spy

The definition of a spy is that he or she operates furtively. But there's been no secrecy around the blatant spying of Oracle and Team New Zealand on each other's boats during the five-day America's Cup break.

Both teams have dropped all pretense about their intelligence-gathering ahead of the final resuming in Bermuda this Sunday New Zealand time.

With Peter Burling and the red-hot Kiwis leading 3-0 in the first-to-seven-wins showdown, desperate Oracle spies went about their work today with the subtlety of a sledgehammer...

Team New Zealand has been doing the same thing, assiduously gaining as much information as possible... more

How a Calgary Woman Brought Down the CanadaCreep Account

Canada - The Twitter user who initially raised alarm about the 'CanadaCreep' is relieved to hear her actions may have taken a voyeur off the street.

Jeffrey Robert Williamson, 42, is accused of filming women without their knowledge and posting the images online under the Twitter handle ‘CanadaCreep.’

He was charged last week with three counts each of voyeurism and publication of voyeuristic recordings in relation to three alleged incidents and later released on bail, but freedom would be short-lived... more

Snapchat is Now Your New GPS Ankle Bracelet

Bored Snapchat users looking for something to do should update their apps today: they'll be greeted with a new map view that shows where exactly their friends are and what they're up to. 

Snap Map, as the company is calling it, can be activated by pinching your fingers together on the camera view when you first start the app. Once in map view, you'll see "Actionmoji" versions of your nearby friends, which include their names and profile photos in a configuration that vaguely resembles the tags you might find on plants for sale at the nursery.

When you tap on one of your friends' icons, you'll see stories they've posted recently...

What if none of your friends are around or they haven't posted anything interesting recently? Not to worry: the map view will also show a heat map based on the activity of other Snapchat users. more

TSCM Questions We Get - "How small is a bug's microphone?"

A. Very small.
You probably carry the one shown in the photo, in your cell phone.


In some cases, microphones are invisible. Before you say impossible, hear me out...

You are surrounded by items which can be commandeered for surveillance eavesdropping wherever you go. Solids and liquids conduct sound even better than air. Vibrations through these items may be picked up and amplified at some distance using: a piezoelectric contact microphone, a hydrophone, or light / sound beams (laser / ultrasonic).

Optimic1140 fiber optical microphone

There is also one esoteric microphone to consider—the fiber optic microphone. No wires. No electricity. Just connected to a clear glass thread.

It is so unusual, many people who claim to be technical surveillance countermeasures (TSCM) technicians don't know it exists.

So, when you add Technical Information Security Surveys to your organization's security program, ask the vendor what they know about fiber optic microphones. Good ones will tell you all about it, and how it works. They will also be impressed with you for asking.

Click here for more questions we get.

Security Alert: If Your Phone Says Avaya... ask IT about this.

Internet telephony company Avaya has patched a high-severity vulnerability in its Aura Application Enablement Services product that put phone call and API data running through the server at risk for interception.

Researchers at Digital Defense found a vulnerability where an attacker could, without authentication, abuse Remote Procedure Calls (RPC) into the server and modify input in such a way that they would be granted remote administrative access...

“Anything that passes through that server [would be at risk],” said Mike Cotton, vice president of research and development... “An attacker could send malformed input at the interfaces and take control over the service and any voice data...  “Eventually you can get root command through remote compromise,” he said.

In an advisory updated June 14, Avaya said versions 6.3.1, 6.3.2, 6.3.3 and 7.x are affected. The company said that versions 6.3.1, 6.3.2 and 6.3.3 should install Super Patch 7 and apply AE Services 6.3.3.7 security hotfix. Users on 7.0.x should upgrade to 7.0.1 and install Super Patch 4 and AE Services 6.3.3.7 security hotfix as well. Users on 7.1 should apply AE Services 7.1.0.0.0 Security Hotfix.

“Certainly for enterprises that use the product, this is a high-impact vulnerability,” Cotton said. “The ultimate severity is how many business-critical apps are attached to this thing and where it’s sitting within the network infrastructure. This is something I would prioritize and move to the top of patching lists.” more