Friday, August 11, 2017

The Cuban "Acoustic Attack" - Eavesdropping, TSCM, or Other?

The FBI is reportedly investigating who was behind an “acoustic attack” that inflicted at least two staffers of the U.S. Embassy in Havana with sudden hearing loss. Washington expelled two Cuban diplomats earlier this year in response to the incident, the U.S. State Department said on Wednesday.

The Cuban foreign ministry said it was investigating the allegations.

Citing officials familiar with the investigation, The Associated Press reported on Wednesday that embassy staff in Havana began suffering from hearing loss in the fall of 2016. U.S. officials later concluded that a device operating outside the range of audible sound has been installed inside or near diplomatic residences in Havana. more

Media speculation as to what and who is rampant. 

Some what theories, which the media has missed, include: 
• An ultrasonic bugging device (an eavesdropping attack).
• An ultrasonic room flooding device (an eavesdropping countermeasure). 


If either of these were incompetently programmed–thus producing a higher than safe level of audio power output–people would experience hearing loss and other sickness symptoms (headache, nausea, disorientation, etc.).

As to who... A bugging device could be planted by anyone, not just the Cubans. An ultrasonic room flooding device would be placed by whoever has control of the room, in an effort to deter electronic eavesdropping attempts — mixing differing frequencies of ultrasound has a detrimental effect on microphones. This is a rarely used Technical Surveillance Countermeasures (TSCM) tactic due to the fine balance between effectiveness and dangerousness. It zaps hearing aids, too.

An "acoustic attack" just to cause intentional harm seems unlikely. The results of the investigation should be interesting, if they see the light of day. Ultra-unlikely. ~Kevin

Visit us at counterespionage.com to learn how business and governments protect themselves against electronic eavesdropping attacks.

Now Available at Your Favorite Android App Store...

Hackers have flooded Android app stores, including the official Google Play store, with over 1,000 spyware apps, which have the capability to monitor almost every action on an infected device.

Dubbed SonicSpy, the malware can silently record calls and audio, take photos, make calls, send text messages to numbers specified by the attackers, and monitor calls logs, contacts, and information about wi-fi access points.

In total, SonicSpy can be ordered to remotely perform 73 different commands and its suspected to be the work of malware developers in Iraq. more  Antidote: SpyWarn 2.0

Surveillance Feeds Become Reality TV & Movie

They may be blocked from watching YouTube, but China’s 751 million internet users can binge on real-time video streams of yoga studios, swimming lessons, alpaca ranches and thousands of other scenes captured by surveillance cameras.

Much of what’s available would be unthinkable in the West...

In China, however, surveillance is both pervasive and widely accepted. And that’s the subject of a new film by one of China’s best-known contemporary artists.

In “Dragonfly Eyes,” director Xu Bing uses real surveillance footage to tell the story of an ill-fated romance between a young woman who works on a dairy farm and a technician who watches her through the farm’s surveillance system. Mr. Xu believes it’s the first full-length fiction film to be made entirely with surveillance footage. 

Creating “Dragonfly Eyes” convinced Mr. Xu of the prescience of “The Truman Show,” the 1998 satire starring Jim Carrey as a man whose every moment is telecast live without his knowledge, the director said.


“The entire world has become a gigantic film studio,” he said. more sing-a-long

Friday, August 4, 2017

Drone Over Your Home? It’s the Insurance Inspector

When Melinda Roberts found shingles in her front yard after a storm, her insurer didn’t dispatch a claims adjuster to investigate. It sent a drone.

The unmanned aircraft hovered above Ms. Roberts’ three-bedroom Birmingham, Ala., home and snapped photos of her roof. About a week later a check from Liberty Mutual Insurance arrived to cover repairs.

“It took a lot less time than I was expecting,” Ms. Roberts said.

Drones, photo-taking apps and artificial intelligence are accelerating what has long been a clunky, time-consuming experience: the auto or home-insurance claim. more

Electronic Eavesdropping & Wiretapping: Two More Reasons Businesses Need TSCM Inspections

There are two different types of wiretapping threats that can harm startups and established businesses alike -- especially if they house proprietary, confidential information.

When espionage hits. It feels like this.
First, there's government wiretapping. You might assume the simplest way to eliminate this threat is to abide by the law, but you’d be forgetting that, aside from the U.S. government, there are plenty of countries that have proven they’re willing to use Big Brother-style surveillance tactics to compromise private companies. If you work with an opposition party or in a sensitive industry in another country, your client’s government might target your business. 

Then, there's old-fashioned corporate espionage. If a competing company is desperate to get an edge over your business, it may use wiretapping to steal your information or otherwise compromise your company to gain an advantage. more

Thursday, August 3, 2017

Murray's TSCM Tip # 623 - Hiding in Plain Sight - The USB Microphone

USB microphones have many legitimate uses, students recording lectures, for example. Much more sensitive than a laptop's built-in microphone, they are perfect for that application. They also make eavesdropping on co-workers very easy.

The Plausible Deniability Bonus... Hey, it's not a bug. It's a legitimate piece of office equipment.

If you see one of these in a laptop, always assume it is recording. Some USB microphones have a red tally light, but a dot of black paint (or a piece of electrical tape) can cripple that tip-off. 

From the seller...
"This microphone is capable of picking up all of the sounds in large room (range of approximately 80 feet) or it can pick up small area its up to you, because you control the amplifier power! It's small size makes it perfect for situations where you don't want to draw attention to the fact that you are recording audio right into your computer."

Visit counterespionage.com to learn more about what you can do to detect and deter electronic eavesdropping.

Tuesday, August 1, 2017

Security Researchers: Amazon Echo Can be Turned Into a Spying Device

Security researchers have recently shown that the popular Amazon Echo speaker can be hacked to eavesdrop on conversations without permission.

Security firm MWR InfoSecurity claims it was able to exploit a vulnerability which turns the Alexa-fueled device into a “wiretap” without altering its standard functionalities.

But before you get all alarmed, let us tell you the vulnerability was found to affect only 2015 and 2016 versions of the Amazon Echo. On top of that, in order to successfully hack the speaker, a hacker would need to have physical access to it. So you might want to lock your Amazon Echo away when your computer wiz cousin comes over for a visit. more

Monday, July 24, 2017

National Private Investigator Day - Birthday of Eugene Francois Vidocq

Today, July 24, marks National Private Investigator (PI) Day. National PI Day is a time dedicated to celebrate the contributions of licensed Private Investigators. It also provides an opportunity to demonstrate the value of professional Private Investigators to the public. After all, Private Investigators provide a fundamental and vital role in society today.

The July 24 holiday commemorates the birth year of Eugene Francois Vidocq, the very first Private Investigator who founded the first known detective agency in 1833. Vidocq’s birthday is on July 24. His legendary reputation is credited greatly with shaping the way law enforcement and investigations are carried out today.

More than 80,000 Private Investigator professionals across the United States will observe the holiday. These professional in the United States will also be joined by their international Private Investigator colleagues. Today, we say THANK YOU to all those who have made the commitment to serve as a Private Investigators.

Professional Private Investigators often find themselves working with attorneys, families, law enforcement officials, insurance companies, business owners and others. Their scope of services can vary greatly, but can include conducting background checks, finding missing persons, reuniting families, preventing fraud and abuse, and more. more

Sunday, July 23, 2017

OSS 75th Anniversary - Awarded Congressional Gold Medal

This year marks the 75th anniversary of the Office of Strategic Services, an espionage unit that was crucial in winning World War II. And in time with the occasion, the agency is being awarded one of the nation’s highest civilian honors — Congressional Gold Medal. 

Before there was the CIA there was the OSS. The Office of Strategic Services was the predecessor to CIA and U.S. Special Operations Command that includes the Navy SEALs and the Green Berets.

The agency was created after the attack on Pearl Harbor and when it became apparent that Hitler was a threat to the world.

“The actual date is June 13th, 1942 when President Roosevelt signed the executive order 69 that created the OSS and named then Col. Donovan as its director. [Donovan] eventually became a two-star general,” said Charles Pinck, president of the OSS Society. Pinck’s father was part of the OSS who went behind enemy lines in China, which was occupied by the Japanese...

“They were out of the box thinkers. They were daring, they were extraordinary,” said Patrick O’Donnell, author of four books on the OSS and an expert on special operations history. more

Extra Credit - Spy Gadgets of World War II

Business Espionage: Half of German Firms Hit by Spying Last Two Years

More than half the companies in Germany have been hit by spying, sabotage or data theft in the last two years, the German IT industry association Bitkom said...

Some 53 per cent of companies in Germany have been victims of industrial espionage, sabotage or data theft in the last two years, Bitkom found – up from 51 per cent in a 2015 study...

Arne Schoenbohm, president of Germany’s BSI federal cyber agency, said many big companies and especially those operating critical infrastructure were generally well-prepared for cyber attacks. But many smaller and medium-sized companies did not take the threat seriously enough, he said...

Some 62 per cent of companies affected found those behind the attacks were either current or former employees. Forty-one per cent blamed competitors, customers, suppliers or service providers for the attacks, Bitkom said...

The BSI urged companies in Europe’s largest economy to make information security a top priority... more

Spy House for Sale

MONTCLAIR, N.J. (AP) — A New Jersey home that has been vacant since the FBI arrested a family of undercover Russian spies living there is heading for sale.

Vladimir and Lydia Guryev lived in the home in Montclair under the names Richard and Cynthia Murphy before they were arrested in 2010 along with eight other spies accused of leading double lives, complete with false passports, secret code words, fake names, invisible ink and encrypted radio.

The parents of two young daughters had pleaded guilty to conspiring to act as an unregistered agent of a foreign country and were deported to Russia in exchange for four people convicted of betraying Moscow to the West being let out of prison there.

Their story partially inspired the FX drama “The Americans,” about two undercover Russian spies that live in the U.S. with two young children. more

Friday, July 21, 2017

The Case for Corporate Counterintelligence

Excellent article explaining why corporations need a Counterintelligence Program. Make sure your program is holistic. Round it out by adding in Technical Surveillance Countermeasures (TSCM), and technical information security elements. 

Q: I am trying to garner support for creating a corporate counterintelligence (CI) program within our security organization; we are an international company with people and facilities in multiple countries. What does a “good” corporate CI program look like?


A: ...For its lifeblood, does your organization rely on: Patented or copyrighted products? Trade secrets? Proprietary information, technology, services or processes? Are supply chain vendors/subcontractors hired to support any of those areas? Is research and development a core capability? Does your organization provide goods or services not provided by anyone else? Are foreign nationals employed in the organization (domestically or internationally)? Are US citizen employees assigned to facilities outside the US? If you answered yes to any of these, then your organization is a viable candidate for a dedicated CI program... more

Eavesdropping Comes Out of the Closet – Gets Job as Reality Show

There are some people who love to eavesdrop — they can't help themselves. Then there are others who not only love to listen in, but also have a strong case of schadenfreude and take pleasure in the hardship of others. For these special individuals, there's a podcast that will be their newest obsession: Where Should We Begin.

Couples therapist and author Esther Perel hosts this addictive series, and it's better than reality TV, because you know these drama-filled conversations aren't scripted. During each session, strangers can listen in on private therapy sessions with the psychologist from Belgian. Although the names and identifying characteristics are left out, everything else is fair game in the episodes. more
 

Amazing $1.00 Gadget for Savvy Investigators

I recently came across this gadget on eBay.

It's a Bluetooth wireless remote control for smartphones (iOS & Android). Basically made for the selfie crowd, investigators will find applications for it as well. Not bad for a buck.

It comes with a battery. No instructions needed. Just flip the side switch, and pair it with your phone.

You can now be up to 30 feet away from your phone and snap photos, or take movies.

How can you go wrong for $1.00? Did I mention shipping was FREE! The catch... it will take about a month to arrive. Mine came from Thailand, probably via message in a bottle.

Need one quicker, a California ebay'er has them for $4.20, Free shipping.

Yet Another Caught on Open Microphone

Off-topic comments between OJ Simpson and his lawyer were caught on a hot mic as the parole board returned to tell him their decision. 

Among the things discussed were cookies, ice cream, President Donald Trump and former Associated Press Special Correspondent Linda Deutsch, who covered Simpson’s double murder trial.

“My best to my favorite lady, you know who I’m speaking of,” he said. “Tell her I wanted to call her but I don’t call anybody from here other than my family.” more

People are caught on open microphones quite often.
Rule #1 - If you see a microphone assume it is on. Watch what you say.

Rule #2 - If you don't see a microphone, don't assume one is not there and listening. Watch what you say, until you have had the area swept by a competent Technical Surveillance Countermeasures (TSCM) team.