Monday, March 12, 2018

Cameras at Women’s Apparel Shop Hacked

A viral Peeping Tom who hacked into the closed-circuit TV surveillance camera at a women’s bathing suit shop has led to a warning from the Israel Police Cybercrimes Unit that similar systems may be compromised and violate the privacy of unsuspecting persons.

According to police, an unidentified 41-year-old man was arrested on Wednesday after he allegedly used his computer to hack into the CCTV system at a high-end boutique in northern Tel Aviv and recorded customers as they undressed and tried on bathing suits.

While details of the incident remain unclear due to a gag order, police said the suspect subsequently posted the videos to a social media page. more

So, uh, why were there cameras in the changing areas in the first place? Better learn how to spot the cam.

Sunday, March 11, 2018

Has Your Information Been Compromised? Check Here to See

via peerlyst.com
"We build NoSecrets to inform the public that their information is being traded and sold not just on the dark web, but between data brokering companies."

Do data brokers hold information about you that they should not hold, thus putting you at risk?

You can check here.

Friday, March 9, 2018

Pruitt Do It In a SCIF

African Union Bugged by China: Cyber Espionage as Evidence of Strategic Shifts
A number of African leaders have turned to Chinese investment as a viable alternative to Western development aid. The recent allegations of Chinese cyberespionage of the African Union's headquarters might prompt them to reconsider... Although this sort of spycraft is fairly routine, it signals Africa’s growing strategic importance to China. In a world of finite resources, states spy on states that matter to them. more

Russia has found yet another way surreptitiously to influence U.S. public policy: Stealing the identities of real Americans and then using these identities to file fake comments during the comment submission period preceding the formulation of public policies... Researchers, journalists, and public servants have found a wide range of fake comments and stolen identities in the public proceedings of the Labor Department, Consumer Financial Protection Bureau, Federal Energy Regulatory Commission, and Securities and Exchange Commission. more

The impact of a data breach should not be underestimated. A breach can lead to regulatory investigations by a number of agencies, including the Federal Bureau of Investigation, Secret Service, Immigration and Customs Enforcement as well as through enforcement actions by regulators including State Attorneys General, the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC), among many others. more

So, is it any wonder paranoia is forcing SCIF spending...

The Environmental Protection Agency is spending nearly $25,000 to build a soundproof communications booth in Administrator Scott Pruitt’s office, according to media reports.

The Washington Post first reported details of the contract on Tuesday evening, which will cost the government $24,570.

The “privacy booth” will be installed by Oct. 9, so Pruitt can have “a secured communication area in the administrator’s office so secured calls can be received and made,” EPA spokeswoman Liz Bowman told the Post in a statement.

“Federal agencies need to have one of these so that secured communications, not subject to hacking from the outside, can be held,” Bowman continued. “This is something which a number, if not all, cabinet offices have and EPA needs to have updated.” more sing-a-long (for what it's worth)

Wednesday, March 7, 2018

A Very Weird Tale of Corporate Espionage and Murder and More Corporate Espionage

Apotex claims longtime chemist went rogue and stole drug secrets...

Apotex Inc., the generic-drug giant founded by murdered billionaire Barry Sherman, has been waging a year-long court battle against an ex-employee who was fired for allegedly stealing millions of dollars’ worth of pharmaceutical trade secrets from a laboratory computer—in the hopes of launching a rival company in his native Pakistan...

Barry Sherman, 75, and his wife, Honey Sherman, 70, were discovered strangled inside their North York mansion nearly three months ago, the victims of what police have labeled a “targeted” double homicide. Since then, detectives have said little else about the high-profile murders...

News of the lawsuit comes at the same time as Apotex tries to defend itself against similar allegations of corporate espionage. In a court action launched last July in the United States, Sherman’s company is accused of using sex, lies and USB drives to illegally obtain valuable trade secrets from the world’s largest generic drug-maker, Israel’s Teva Pharmaceutical Industries Ltd. As Maclean’s reported last month, a Pennsylvania judge denied Apotex’s attempt to throw out the sensational lawsuit, which accuses a former Teva executive of leaking confidential information to her boyfriend—then-Apotex CEO Jeremy Desai. Desai abruptly resigned in January, six weeks after the Shermans were killed, “to pursue other opportunities.” more

Further insights... Business Espionage: The Employee Competitor… and what to do about it.

Australian Spy Who Revealed Bugging Under 'Effective House Arrest'

The spy who blew the whistle on Australia’s bugging of Timor-Leste’s cabinet room during sensitive oil and gas negotiations is still under “effective house arrest” and has been treated disgracefully by Australia in retaliation for his actions, his lawyer says.

The Australian secret intelligence service agent, known only as Witness K, had his passport seized in 2013 as he prepared to give evidence in The Hague on an Australian bugging operation.

In 2004, Witness K was involved in a covert mission to listen in on the Timor-Leste cabinet aimed at giving Australia the upper hand during negotiations to carve up oil and gas reserves in the Timor Sea, estimated to be worth about $53bn. more

Secret Agent Man & Daughter

Intrigue continues to swirl as the “poisoned spy”, Sergei Skripal, and his daughter, Yulia, remain in intensive care. Counter-terrorism police have taken over the investigation. Boris Johnson has said the possibility of a Russian assassination attempt means UK officials might boycott the World Cup.

This morning, Shaun Walker examines how the Skripal case looks like a warning about the fate awaiting those who collaborate with western intelligence agencies.

And more details are emerging about the life of the former double agent, known in his Salisbury neighborhood as a genial man with a penchant for Polish sausage and lottery scratch cards. more video sing-a-long

Monday, March 5, 2018

Court Admits Husband's Illegal Bugging into Evidence

Turkey - A top appeals court decided that evidence collected through illegal bugging could not be used by itself to prove guilt but could be used in conjunction with other evidence in a 2015 case where a man in the Aegean province of Aydın believed his wife was cheating on him and installed a bugging application onto her cell phone.

The application turned the cell phone into a recording device. The recordings showed the woman really was cheating on him with a colleague from work. The man immediately filed for divorce, demanding compensation from his wife and the custody of their child. more


An app that can help determine if an Android phone is infected with spyware.

10 New Attacks on 4G LTE Discovered

A group of researchers has uncovered ten new attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals.

The attacks exploit design flaws in the communications protocol and unsafe practices employed by the stakeholders and can be used to achieve things like impersonating existing users, spoofing the location of the victim device, delivering fake emergency and warning messages, eavesdropping on SMS communications, and more.

Among the uncovered attacks they consider one particularly worrying: an authentication relay attack that allows an adversary to impersonate an existing user (mobile phone) without possessing any legitimate credentials.

“Through this attack the adversary can poison the location of the victim device in the core networks, thus allowing setting up a false alibi or planting fake evidence during a criminal investigation,” they pointed out. more

Cuba's Sonic Attacks - Possibly a Side-Effect of Spying

Its surveillance tools may have transmitted ultrasonic sounds by mistake...

Remember those 'sonic attacks' against the American and Canadian embassies last summer, making staff queasy and raising all kinds of questions as to what happened? There might have an answer. University of Michigan researchers have theorized that the incidents were really the result of ultrasonic signals from poorly functioning surveillance equipment. While individual ultrasonic signals can't harm people outside of extreme circumstances, multiple signals can clash with each other and produce a sound that's just low enough to be audible.

The scientists tested their hypothesis by replicating the "chirping" from an AP video using two ultrasonic emitters that combined tones, one at 25kHz and another at 180Hz. That produced a similar-sounding 7kHz frequency with ripples of sound at an even 180Hz spacing. The team even built a device that would simulate eavesdropping by playing a song instead of the 180Hz tone. more

Security Scrapbook fans knew this might be a botched spying attempt, and how it worked, last August. ~Kevin

Wednesday, February 28, 2018

Invention: Simple Device Allows Fast Lockdowns in Schools

As school carpenter Cory Webster replaced dozens of deteriorating rubber door stoppers that were installed to help keep Palos Verdes Peninsula classrooms safe in the event of a lockdown, he thought there must be a better way...

The 123 Lock-down Latch works much like a hotel door bumper: a teacher simply slides the metal lever to prevent a locked door from closing. When a lockdown happens, anyone inside the classroom can slide the lever back and the door closes and locks...

Because most classroom doors can only be locked from the outside with a key, the teacher can leave the door locked but with the latch engaged during passing period to allow students in and out easily. In the event of an active shooter, it’s not always safe for a teacher to step outside to lock the door. With the latch, there’s no need to fumble for keys or leave the classroom to secure the door. more

Austria: Bugging Devices Found... and then, a break-in!

The office of Austrian far-right leader and vice chancellor Heinz-Christian Strache was broken into this week, shortly after bugging devices were discovered there, and a criminal inquiry has been launched, prosecutors said on Thursday.

The break-in occurred on Wednesday night while Strache, whose Freedom Party entered the governing coalition after elections in October, was out for dinner, his spokesman said, confirming an earlier report by broadcaster Oe24.

The spokesman said the electronic surveillance devices had been discovered last week behind a mirrored wall by intelligence service specialists. “This was a routine check after moving into a new office,” he said. more

TSCM 101 - When you find one bug, don't stop looking. A post-discovery break-in may indicate the removal of additional, and more sophisticated bugs. Later discovery of these devices might implicate who planted them in the first place.  ~Kevin

Tuesday, February 27, 2018

Smartphone Goes Dark at the Flip of a Switch

Cybersecurity firm DarkMatter has launched its first smartphone, designed to stop spy agencies listening to you.

An Android device called Katim, it was made available commercially Monday at Mobile World Congress in Barcelona, Spain, and has a 5.2-inch display, as well as a high level of encryption...

One security feature built by the Middle East-based firm is called "shield mode," which disconnects power from the microphone and camera on the device so that nobody can spy on your conversations. more

The Case of the License Plate ICE Pick

The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database, according to a contract finalized earlier this month. The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians...

ICE agents would be able to query that database in two ways. A historical search would turn up every place a given license plate has been spotted in the last five years, a detailed record of the target’s movements. That data could be used to find a given subject’s residence or even identify associates if a given car is regularly spotted in a specific parking lot. more

As foreshadowed...

Personal Phone Calls at Work Can Put Employers in Jeopardy

This from a California court: Employers unwise to permit use of company telephones for personal calls—at least if the employer plans to record those calls.
  • Two-party consent means two-party consent: All parties to a call must be told the call is going to be recorded and must consent.
  • Employers with recording systems should consider barring use of company telephones for personal calls and making sure that people receiving calls on a recorded line automatically are informed, up front, that the call will be recorded.
  • Barring all personal calls is not necessary, but it may offer some protection against the legal consequences of a breakdown in the employer’s system of ensuring notice to all parties before the recording begins.
In a for-publication opinion, the California Court of Appeal has warned employers that it is not enough to tell employees they have no right of privacy if they use the employer’s telephones for personal calls: the employer might still be liable to third persons whose telephone calls are recorded. Rojas v. HSBC Card Servs. Inc., ___ Cal. App. 4th ___, No. D071442, 2018 WL 802094 (Cal. Ct. App. Fourth Dist. Jan. 16, 2018). more

Note: Many other states follow the more restrictive version of Federal law–two party consent–as well. ~Kevin

Saturday, February 24, 2018

Extortionography and the Missouri Gov. Eric Greitens Felony Indictment

Missouri Gov. Eric Greitens, who was once considered a rising star in the Republican Party, has been under siege since January, when accusations emerged that he threatened to use a nude photo to blackmail his former hairstylist, with whom he was having an extramarital affair.

Greitens had allegedly threatened the woman by saying he would distribute a nude photo he had secretly taken of her if she exposed their relationship.

The accusations stemmed from a covert recording by the woman’s ex-husband published by KMOV in St. Louis, in which the woman is heard describing how Greitens invited her to his home in 2015 and, with her consent, taped her hands to exercise rings and blindfolded her. He then allegedly took a photo of her naked. more

What is extortionography?