Sunday, November 12, 2023

Court: Automakers Can Record & Intercept Owner Text Messages

A federal judge on Tuesday refused to bring back a class action lawsuit alleging four auto manufacturers had violated Washington state’s privacy laws by using vehicles’ on-board infotainment systems to record and intercept customers’ private text messages and mobile phone call logs.

The Seattle-based appellate judge ruled that the practice does not meet the threshold for an illegal privacy violation under state law, handing a big win to automakers Honda, Toyota, Volkswagen and General Motors, which are defendants in five related class action suits focused on the issue. One of those cases, against Ford, had been dismissed on appeal previously. more

NJ Jury Finds Attorney Illegally Recorded Ex-Son-In-Law

A New Jersey jury on Tuesday found that a law professor illegally wiretapped her ex-son-in-law
and invaded his privacy, awarding him $361,000 in damages, but also found that he painted her in a false light in social media posts alleging she framed him for a crime. more

NSA Unveils "Artificial Intelligence Security Center"

The National Security Agency is establishing a new “Artificial Intelligence Security Center” to help spur on the secure development and adoption of AI capabilities, and defend AI advancements from foreign adversaries.

NSA Director and Cyber Command chief Gen. Paul Nakasone broke the news during an event at the National Press Club on Thursday.

“The AI Security Center will become NSA’s focal point for leveraging foreign intelligence insights, contributing to the development of best practices guidelines, principles, evaluation methodology, and risk frameworks for AI security, with an end goal of promoting the secure development, integration, and adoption of AI capabilities within our national security systems and our defense industrial base,” Nakasone said...

The news about the center comes as the NSA also plans to establish a new “innovation pipeline” focused on China. more

Friday, November 3, 2023

Weekend Read: “Spymaster’s Prism: The Fight Against Russian Aggression”

November 1, 2023

I am pleased to announce that the paperback edition of my second book Spymaster’s Prism: The Fight Against Russian Aggression comes out today.

When the book was first published in the middle of the pandemic in 2021, there was only an emergent acknowledgement of the real threat posed by Russian "active measures" and espionage to Western interests. Though I devoted an entire section to Ukraine called "New Berlin", I could not have foretold how much the world would change only a year later, on 24 February 2022...

I hope that the release of the paperback of "Spymaster's Prism: The Fight Against Russian Aggression" will give you an opportunity to discover or revisit a thorough accounting of the Russian intelligence services relentless and unending campaign against the West and what we must continue to do to arrest it. Good Hunting! 

Wednesday, November 1, 2023

The CIA Teaches You How to Speak Like a Spy

Spy Speak Glossary 
You might walk the walk, but can you talk the talk? 

Being a spy is more than just the gadgets and the disguises. To be successful in the field, you need to speak like a spy. 

So, before you head out on your next mission, or write the next great American spy novel, take some time to familiarize yourself with our Spy Speak glossary.

Example: Rolled-up - when an undercover operation goes bad and is raided by opposing forces, resulting in agents or assets being arrested.

Shady Things You Can Do With a Flipper Zero

Since it’s evil week at Lifehacker, let’s take a look at a gadget that can be used for mild evil: the Flipper Zero. Despite its toy-like looks, this pocket-friendly multitool can be used for all kinds of hacking and penetration testing. 

It gives anyone, even newbs, an easy-to-understand way to interact with the invisible waves that surround us, whether they’re RFID, NFC, Bluetooth, wifi, or radio. It’s a like a hacker Swiss army knife that you can buy for less than $200.

You can use a Flipper Zero to control your TV, cheat your Nintendo, replace your work ID, open your hotel room door, and more. I’m sure you could see where the “evil” part could comes in. But on the other hand, it’s just a tool, and its ability to commit crimes is... more
Flipper Zero – Corporate Security Threat

Wednesday, October 18, 2023

Utah Lawyer Charged with Voyeurism...

...after employees find video of bathroom camera...

A lawyer in Vernal has been charged with stalking and voyeurism after
claims he installed a camera in a bathroom in his law office
... Investigators in Uintah County first responded to a report from Judd’s employees who said they discovered printed pornography photos and a memory cards in a folder in office personnel files, according to court documents. Documents state an employee viewed the files on one of the SD cards and found a video of Judd placing a camera inside an employee bathroom ceiling vent.


There were also recordings of women employed by Judd using the bathroom. When the recordings were recovered, employees examined the vent in the video but found the camera had been removed, according to documents...

The same employee said that one duty she performed at work was to order items for Judd on an Amazon account they both had access to. “The account history showed that several small spy cameras had been ordered beginning February 2021, and continuing through that year,” documents state. more

Is This a Bug?

This question comes from Reddit, where someone answered correctly.

We have a collection of many other "Is This a Bug?" photos and explanations.

Also, what to do if you think you found a bug.

World Spy News Roundup

PA - A Pittsburgh police commander previously placed on leave while officials investigated allegations he spied on colleagues has retired. Matthew Lackner, who had previously overseen the police bureau’s Zone 2 station in the Hill District, retired Tuesday, according to spokeswoman Cara Cruz. Mr. Lackner was placed on paid administrative leave earlier this month. A police source familiar with the incident said the commander was accused of putting a body-worn camera in an officer’s patrol vehicle to spy on the officer. more

Australia
- Robot vacuums don’t just collect dust — they can also collect data of their surroundings, sending it back to external servers, experts at The Australian Information Security Association (AISA) warned on Tuesday. more

China - China restricts foreign travel by bankers, state workers to curb spying... According to two analysts who spoke to the media, the moves reflect President Xi Jinping’s attention to national security in the midst of tense relations with the West. more

CA - The Five Eyes countries' intelligence chiefs came together on Tuesday to accuse China of intellectual property theft and using artificial intelligence for hacking and spying against the nations, in a rare joint statement by the allies. more

TX - It seems everything truly is bigger here in Texas, including the drama of partner snooping and infidelity! Recent data has exposed Texas as one of the leading states where the lines between privacy and suspicion are blurrier than ever. Relationship and sex expert Beth Darling joins the factor to talk about the data. more

USA - Ethical hacker helps prevent a potential espionage disaster for CIA. A glitch on X, formerly known as Twitter, could have opened a can of worms for the Central Intelligence Agency (CIA) had an ethical hacker on the microblogging website not sprung to action. more

Donald Trump is suing a private investigations firm over "shocking and scandalous" claims that he engaged in "perverted sexual acts" in Russia. The former US president is taking legal action against Orbis Business Intelligence, a London-based company co-founded by ex-British spy Christopher Steele, over a dossier containing rumours about him that caused a storm before his 2017 presidential inauguration. more

Survey - 53% of employees in the Middle East, Turkiye, and Africa region fear spying from drones... Corporate spies and hackers use drones to get trade secrets, confidential information, and other sensitive data from corporations and data centers. A drone can carry a device for hacking into corporate networks – for instance, a smartphone, a compact computer (e.g., Raspberry Pi), or a signal interceptor (e.g., Wi-Fi Pineapple [1]), and hackers use these devices to access corporate data and disrupt communications. All wireless communication (Wi-Fi, Bluetooth, RFID, etc.) is vulnerable to drone attacks. more

Finland - Dead man's estate and firm fined €5m in shipyard espionage case. A man who worked for the Meyer Turku shipyard copied files from the shipyard and a shipping company onto a hard drive and transferred them to his own consulting firm – but then died while the investigation was underway. more

VA - It could be years before Appian, a software company, sees a dollar of the $2 billion judgment it was awarded last year in a corporate espionage case against rival Pegasystems. more

INParents Attack Little League Umpire after children say he was taking photos of them in bathroom. A Little League umpire is facing charges for allegedly taking photos of children in the bathroom... Deputies in Warrick County said they were called to an area baseball field because of reports that parents were fighting an umpire. Authorities said the parents told them the brawl started because their children came running out of the bathroom screaming that Custer had taken photos of them. more

Yet Another USB Cautionary Tale

Duped with a malicious USB...

Mr Burgess (ASIO Director General Mike Burgess) referenced an unnamed Australian company that found global success making a product "similar to a motion detector" before their sales suddenly dropped.

"A little while later, their product started being returned to the factory because they were broken," he said.

"When they opened their branded products, they discovered they weren't their branded products, because the components were inferior, they were exact knock-offs."

The problem was eventually traced to an international conference, where someone had offered to share information with one of the company's employees by plugging a USB into their laptop.

"That USB downloaded malware onto that laptop, which later on, when they were connected back to their corporate network, was used to steal their intellectual property," he said.

"That intellectual property was passed from the intelligence services to state-owned enterprise that mass-produced the goods and sold them on the market that undercut them." more

More USB Security Information...

 • USB – Hacked Charging Cables

• USB – Malicious Spy Cable Detector Instructions

• USB – General Memory Stick Warning

• USB – Malicious Cables

• USB – NSA Type Cable Bug – $6.74

Extra USB Spy News - Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. "The attacker covertly spied on and harvested sensitive data from APAC government entities by exploiting a particular type of secure USB drive, protected by hardware encryption to ensure the secure storage and transfer of data between computer systems," Kaspersky said in its APT trends report for Q3 2023. more

Monday, October 16, 2023

The CARVER Mindset: How to Think Like a Spy - FREE

Luke Bencie (Mr. Carver Mindset), is a really smart guy. His book, Among Enemies: Counter-Espionage for the Business Traveler which first introduced me to him is excellent. Check out his other books, too. His Monday morning emails are always inspiring. I look forward to receiving them. Great way to start the week. The sign-up is at the bottom of this page.

I attended Carvercon 2022 at the University of South Florida and was impressed by the entire event. You can see this year’s event on-line, at no charge…

CARVERCON 2023 is coming November 1st (Day of the Dead). 
This year's theme is The CARVER Mindset: How to Think Like a Spy 

Friday, October 13, 2023

Smartphone Security: Delete These Apps

Smartphone owners have been urged to remove certain apps that could be spying on their activity.

Some of the most popular apps you love and have come to rely on could be posing more of a danger than they're worth. Here's what you need to know. ...some of those apps that you love and have come to rely on could actually be putting you at risk... We’ve (Reader's Digest) collected information about some of the worst offenders so that you can make an educated decision about which apps you trust with your privacy and which ones need to go...

CamScanner
Ana Bera is a cybersecurity expert with Safe at Last. She identified CamScanner, an app meant to imitate a scanner with your phone, as one of the apps consumers should be concerned about. “Cybersecurity experts have found a malicious component installed in the app that acts as a Trojan Downloader and keeps collecting infected files,” she explains. “This kind of app can seriously damage your phone and should be de-installed instantly. Luckily, once you remove it from your phone, it is highly unlikely that it will continue harming you.”

Weather apps
“Check your weather app,” says Shayne Sherman, CEO of TechLoris. “There have been several different weather apps out there that have been laced with Trojans or other malwares.” While the most benign of these claims to take your information purely for weather accuracy, he calls that questionable. “Watch your local forecast instead, and if you have Good Weather, delete it now,” he advises. “That one is especially dangerous.”

Facebook
Look, we all love our social networking apps. But cybersecurity expert Raffi Jafari, cofounder and creative director of Caveni Digital Solutions, says, “If you are looking for apps to delete to protect your information, the absolute worst culprit is Facebook. The sheer scale of their data collection is staggering, and it is often more intrusive than companies like Google. If you had to pick one app to remove to protect your data, it would be Facebook.”

WhatsApp
“This is a call to action for users who may be living under a rock and unaware of the vulnerabilities that were disclosed earlier this year,” says Michael Covington, VP of Product for mobile security leader Wandera. “The vulnerabilities with WhatsApp—both iOS and Android versions—allowed attackers to target users by simply sending a specially crafted message to their phone number. Once successfully exploited, the attackers would be granted access to the same things WhatsApp had access to, including the microphone, the camera, the contact list, and more.”

Instagram
Whatsapp and Instagram are both owned by Facebook, which is part of what makes them all a risk. Dave Salisbury, director of the University of Dayton Center for Cybersecurity and Data Intelligence, says that Instagram “requests several permissions that include but are not limited to modifying and reading contacts and the contents of your storage, locating your phone, reading your call log, modifying system settings, and having full network access.” Plus Nine More

Stores Silently Deploying Facial Recognition to Spy on Shoppers

Major retailers in the US are already using facial recognition cameras to spy on shoppers
, a campaigning group has warned...

Cameras are being used not just to catch persistent shoplifters, but also to monitor shoppers and analyze their emotions, so that stores can deliver personalized adverts on screens inside the store, George warned...

‘But it’s also being used for marketing purposes, they are gathering information on shoppers and seeing what they are buying and not buying - and using AI tools to analyse the emotions of shoppers and see what sort of ads to direct at them.’ more

Intense Competition Leads to Attempted Corporate Espionage

via Lexology - from the Troutman Papper law firm.
Side Note: Troutman Pepper has formed a Corporate Espionage Response Team to help clients combat the increasing incidence of corporate espionage.

Arthur AI, a New York-based AI company, received a request for a Zoom demonstration of its technology from a startup called OneOneThree. The head of technology at OneOneThree, Yan Fung, expressed interest in purchasing Arthur AI’s technology. But there were some immediate red flags.

First, prior to the Zoom meeting, Arthur AI employees recognized that OneOneThree had no website. The Timesarticle says that Fung told Arthur AI at the time that OneOneThree was in “stealth mode,” which is why it had no website. Then, when Arthur AI asked Fung to sign a nondisclosure agreement (NDA), he reportedly asked Arthur AI to “hold off on the NDA,” and Arthur AI agreed.

Despite these issues, a Zoom meeting was arranged to demo the technology. Fung said Karina Patel, OneOneThree’s “main engineer,” would dial in to the meeting. However, during the Zoom meeting, an attendee logged in under the name of Aparna Dhinakaran, which an Arthur AI employee immediately recognized as a founder of Arize AI, a rival startup. When recognized, the attendee quickly logged off. Arthur AI later deduced that Fung was, in fact, an employee of Arize AI named Dat Ngo, and OneOneThree was an inactive company of his.

After the call concluded, one of Arthur AI’s employees messaged Ngo via LinkedIn direct messaging. Ngo responded by trying to recruit the Arthur AI employee, according to the Times article. more

Lessons Learned:
  • Require NDAs Every Time.
  • Perform Proper Due Diligence and Act Consistently With Your Findings. 
  • Only Use Secure Communication Channels and Restrict Recording.
  • Train Employees on Spotting and Responding to Potential Threats.
  • Conduct a Prompt and Careful Investigation Into Suspected Activity.

Apple AirTag: Police Official Accused of Stalking

CA - A high-ranking Los Angeles Police Department official has been demoted and is facing the possibility of termination after being accused of stalking a fellow officer with whom he was romantically involved...

The female officer who accused Labrada of stalking contacted Ontario police after she discovered an AirTag — a small tracking device that can be attached to personal items — among her possessions, according to two sources familiar with the case.

A group of officers from a since-disbanded San Fernando Valley gang unit is under investigation for, among other misconduct, allegedly using the devices to track suspects without court authorization...

Ontario police had been investigating the stalking allegations, but the San Bernardino County district attorney’s office said Wednesday it did not have enough evidence to pursue charges against Labrada. more