Captain Crunch sez... "Here's looking at you, matey."

It’s not quite “Minority Report”-levels of creepiness, but it’s getting there.

He saw this coming.

Mondelez International, whose properties include Chips Ahoy, Nabisco, Ritz and other high-profile snack brands, says it’s planning to debut a grocery shelf in 2015 that comes equipped with sensors to determine the age and sex of passing customers.

The shelf, which is hooked up to Microsoft’s Kinect controller, will be able to use basic facial features like bone structure to build a profile of a potential snacker, Mondelez chief information officer Mark Dajani told the Wall Street Journal. While pictures of your actual face won’t be stored (yet), aggregate demographic data from thousands of transactions will be. (more)

I spy a tipping point. We are sailing into Fedup Bay. Watch the backlash, me hardies.

Ex-School IT Director Faces Trial on Wiretapping Charge

PA - The former technology director for Easton Area School District accused of secretly recording a private meeting will face trial in Northampton County Court.

Thomas Drago, 54, acknowledged at a hearing Tuesday that prosecutors have enough evidence to merit a wiretap violation charge. Drago's attorney, Philip Lauer said his client will apply for a first-time offender's program. Drago remains free on $50,000 unsecured bail.

In August, Drago surrendered to authorities for allegedly recording a conversation with school officials without their permission. Drago, 54, of Bushkill Township resigned shortly before an internal probe this year uncovered nude photos on his work computer. (more)

Doc v. Doc Bugging Ends in House Call to Graybar Motel

India - Spying on his wife landed a qualified doctor husband behind bars on Saturday. 

Dr Gyaneshwar Maini, who owns a private hospital, was arrested for keeping a tab on the locations and conversations of his wife, while installing a high-quality Global Positioning System (GPS) along with a micro-mike packed in a black box in the steering wheel of her sedan car for the past eight months. 

The victim is also a qualified doctor and employed with a leading private hospital in Mohali.  

Police have also decided to take legal action against employees of a private firm, who installed the device in the car of the woman.

The GPS system, along with a mike, was in a black box worth Rs 18,000 ($293.76), which was detected with the help of an expert from a private company, which supplies these gadgets. 

The black box was linked with a 10-digit cell number used by Dr Maini's friend. Police said the installer of the device in the car has identified Dr Maini. In her complaint to the police, the woman suspected that there was some instrument in her car, which was keeping a tab on her movements and conversations, about which her husband would come to know even without her telling him. (more)

No more, "Gee, I thought you said..." — Record Your Cell Phone Calls

Here's a useful item for PIs, Security and LEOs — a way to document important cell phone calls, without app sapping charges. No more, "Gee, I thought you said..." 

Recording Cell Phone conversations using apps is not possible on iPhone, Droid or BlackBerry without paying per minute charges. The Call Mynah Cell Phone Recorder gives you complete control of Recording Cell Phone Calls. You decide to Record Mobile Phone Calls or not, set up your Call Mynah to Record Cell Phone (all calls) or only as you choose.

• 340 hours of Cell Phone Recording storage
• Connects to any mobile phone via Bluetooth to create a simple Cell Phone Call Recorder
• Automatically Record Cell Phone Calls (manual recording options too)
• Saves all Cell Phone Records, call details (date, time, number, duration, call type)
• Add comments to calls and flag as 'Important'
• Upload calls to your PC for easy management (software supplied)
• 150 Hours standby, 8 hours talking before battery charge
• Call recording warn tone or prompt can be sent to callers (optional)
• Handset, Speakerphone or Headset (supplied) operation
• Security features to prevent unauthorized listening to your calls (more)

RARE - Politico Admits to Phone Tapping & Butt Bugging

Zambia - Zambian President Admits to Spying on Fellow Officials
 
During his 2011 election campaign, the current president of Zambia, Michael Sata rose to popularity by playing on anti-Chinese sentiment and the anger of laborers over poor standards at the many large Chinese-run mines in Zambia... According to Global Voices, he tapped the phone of his foreign minister and also planted a bug underneath a chair in the office of the leader of Barotseland region, whose citizens want to secede from Zambia. (more)

Industrial Espionage Threats to Small and Medium-sized Enterprises (SMEs)

The former president of a transportation company in Texas was sentenced in federal court last month to five years in prison for hacking into his former employer’s computer network and stealing proprietary business information he intended to use for his start-up. The case underscores the fact that much like major corporations, small and medium-sized enterprises (SMEs) are targets for industrial espionage.

SMEs are in many ways are more vulnerable than big businesses, which are capable of employing a small army of security specialists to safeguard intellectual property, said Michel Juneau-Katsuya, president and CEO of the Northgate Group, an international security firm based in Canada.

SMEs very often perceive security as an extravagance. “In times of austerity that sin of security expense is one of the first things that get eliminated,” he told IMT.

To a certain extent, the strategic importance of protection has become even more critical for SMEs. When it comes to stolen prototypes or proprietary technology, larger companies seem more capable of absorbing the loss. “If you’re a big guy and you lose a gadget, you can probably recover from that,” he said. “But if you’re a small or medium-sized company, you lose your intellectual property, you might actually break your back and lose your company." (more)


Sometimes it is smart to be extravagant. ~Kevin

Yet Another Bird Spying Story

Headlines of fowl accused of spying for Israel are making rounds again in Middle Eastern press, with the most recent bird of espionage 'arrested' in Lebanon. Hezbollah and Iranian-affiliated websites reported today that an Israeli 'spy eagle' had been caught this past weekend in Lebanon. 

According to one Lebanese news site, the eagle had been caught in the town of Achkout by local hunters who alerted authorities after discovering that the bird had an ID ring attached to its leg with the words "Israel" and "Tel Aviv University" printed on it. (really bad spycraft :) 

"On the lookout for bird spies here."

The Hezbollah- affiliated Al-Manar TV, whose news site's section on Israel is simply called "Enemy Entity," claimed that the eagle was one of many birds sent by Israel to spy and gather information via GPS transmitters across the Middle East. The report pointed to the "arrest of birds carrying similar devices" in Saudi Arabia, Turkey and most recently in Egypt. (more) (sing-a-long)

Gordon Ramsay Knows What's Cooking... in His Daughter's Bedroom... using a SpyCam

Gordon Ramsay has admitted to being all kinds of inappropriate by revealing he put a video camera in his 15 year old daughter's bedroom to see what she gets up to with her boyfriend.

It seems Ramsay is not the first. Last year an American college student was granted a civil stalking order against her overprotective parents after they installed spying software on her electronic devices.(more)

Business Espionage - Top Businessman Bugs Other Top Businessman

Australia - When prominent Melbourne businessmen Grant Custance and David Morrell first crossed paths in 1975 as students at prestigious Geelong Grammar, neither could have foreseen that almost 40 years later they would be locked in a brutal feud involving police, lawyers, tracking devices and crisis management consultants.

The public stoush between the Toorak heavyweights, which dates to a business deal between the two in 2010 that landed Mr Custance in the Magistrates Court, has taken a new twist, with allegations Mr Custance paid for a private detective to shadow Mr Morrell and scrutinise his ''business practices and moral conduct''.
An electronic tracking device was fitted to Mr Morrell's luxury car in March last year, with other plans to ''manipulate and extract information from mobile phones, computers and listening devices'', according to a report prepared for Mr Custance by private investigator and former police officer Damian Marrett. The two-week surveillance was code-named Operation Bulldog and included extensive background checks, company searches and tailing Mr Morrell, who is a buyer's advocate with an extensive list of wealthy and powerful clients. (more)

Three Tips to Keep Your Mobile Data Safe

Keeping your mobile gear secure while you’re zipping across the grid is tricky business. Laptops and tablets—veritable gold mines of personal information—are popular targets for thieves. Law enforcement officials, meanwhile, could confiscate your smartphone and then examine the data—merely as a result of a routine traffic stop.

If you’re packing an Android device, it gets even trickier, because with such a device, you stand a better chance of falling prey to the booming mobile malware market. Independent malware testing lab AV-Test had less than 10,000 Android malware samples in its database by late 2011. Now, two years later, that number has blossomed to around 1.3 million.

Step One:
Encrypt everything

One of the easiest things you can do to protect an Android or iOS device is to take advantage of built-in hardware encryption. This feature will turn the data on your phone into nearly unreadable junk—unless it's properly unlocked with your password.

Let's start with the easy one: iOS. Owners of iPhones or iPads can rest easy knowing the data is already encrypted, provided you create a passcode from the lock screen.

Step Two:
Keep malware at bay

Android users are particularly vulnerable to malware. Google, unlike Apple, doesn’t vet applications before they go live on Google Play. This has proven an easy way for malware creators to sneak malicious apps onto Google’s app store. Malware-laden apps range from those offering free device wallpaper to games, and even to impostors that try to look like popular apps.

That’s why security vendors such as Avast, Kaspersky, and Lookout offer antivirus and security apps for Android to help keep you secure online. But how good are these apps, really? Back in late 2011, results from the AV-Test lab found that the free solutions were nearly useless.

Step Three:
Go Covert

You can protect your data from being nabbed by a Customs agent and downloaded into some massive data silo in the Utah desert. The Electronic Frontier Foundation suggests an interesting option: Leave the hard drive at home and boot your laptop from an SD card.

(Full instructions on how to create a Ubuntu boot disk or USB boot drive in Ubuntu guide for displaced Windows users.) ...Even if you don’t have any sensitive data to protect, this is such a great, secret-agent-style use for your laptop that you might want to try it simply for the cool factor. (more)

Eavesdropping on the Brain: Mind-Reading Devices Could be Possible in the Future

Could we read minds? Scientists are certainly one step closer after this latest study. Researchers have managed to collect the first solid evidence that the pattern of brain activity seen in someone performing a mathematical exercise under experimentally controlled conditions very similar to that observed when the person engages in quantitative thought in the course of daily life. The findings could lead researchers to a way to "eavesdrop" on the brain in real life. 

"This is exciting and a little scary," said Henry Greely who played no role in the study but is familiar with its contents, in a news release. "It demonstrates, first, that we can see when someone's dealing with numbers and, second, that we may conceivably someday be able to manipulate the brain to affect how someone deals with numbers."

In order to examine the thought processes of volunteers, the researchers monitored electrical activity in a region of the brain called the intraparietal sulcus. This part of the brain is known to be important in attention and hand motion. Previous studies have hinted that some nerve-cell clusters in this area are also involved in numerosity, the mathematical equivalent of literacy.

The scientists used a method called intracranial recording, which allowed them to monitor brain activity while people were immersed in real-life situations. The researchers tapped into the brains of three volunteers who were being evaluated for possible surgical treatment of their recurring, drug-resistant epileptic seizures; this involved removing a portion of the patient's skull and positioning packets of electrodes against the exposed brain surface. (more)

Two Arrested for Eavesdropping on Previous Employer's Conference Call

A man and a woman surrendered at Wilton Police headquarters on warrants issued by Norwalk Superior Court. They were charged with eavesdropping on a former employer.
 
The two had worked for a business at 64 Danbury Rd and been released from employment in March of 2013. During their employment they had participated in a weekly conference call with other employees beyond the site. During a June 2013 conference call, which included upwards of 50 people one of the employees picked up background noise, according to Wilton Police, and the noise was traced back to the cell phones belonging to the two former employees.

According to Wilton Police, the former employer was concerned because of the confidential nature of the conference calls, which may have included information pertaining to company strategy that might be used by a competitor and information concerning client relationships, billing and operations. (more)

Over the years, you have read many posts here about organizations being victimized by eavesdroppers on their conference calls. Hence...

Spybusters Tip # 879

CrowdCall, a specialized conference-calling app available for iOS and Android smartphones and the web. 

Instead of scheduling a dial-in line, e-mailing all parties involved and then hoping everyone calls at the appointed time, CrowdCall's interface lets users choose up to 20 participants from their contacts list and LinkedIn connections and dial them immediately (assuming the contacts have added their phone number to their LinkedIn profiles). When participants answer, they simply push "1" to enter the conference--they don't even need to have the app to participate.

...one feature in particular makes it attractive to small businesses. Because the call originator controls invitations, unauthorized participants can't use dial-in information to access the call, providing a measure of security when discussing sensitive information. (more)

Video Game CEO Throws Employees Arrested for Spying Under the Virtual Bus

Two Bohemia Interactive developers have been arrested on the Greek island of Lemnos for spying, company CEO Marek Spanel confirmed today. The executive explained on the company's official forums that the firm will not go into further details on the matter.

According to Greek reports surfacing recently, the pair were in possession of videos and photos of military compounds in Lemnos at the time of their arrest. The Greek island is the main location for Bohemia Interactive's upcoming shooter Arma III, with the two reportedly claiming they were collecting reference material for the game. 

UPDATE: Bohemia Interactive CEO Marek Spanel has released a statement about the incident, claiming the two employees were visiting the island of Lemnos "with the sole purpose of experiencing the island's beautiful surroundings".

"Since its establishment in 1999, Bohemia Interactive has created games based only upon publicly available information," Spanel said. "We always respect the law and we've never instructed anybody to violate the laws of any country. The same is true for Arma III."

Spanel said the studio is training its efforts on supporting the two employees arrested in Greece, and that he hopes the incident is nothing more than "an unfortunate misunderstanding of their passion as artists and creators of virtual worlds". (more)

Forget the NSA. That Smartphone Snooper May Be Your Spouse

It's not just the National Security Agency spying on smartphones. Many ordinary people are also using sophisticated software to eavesdrop on the wireless communications of their lovers, children and business rivals.

According to a new study that examined the data traffic of mobile devices operating on the Middle Eastern network of a European carrier, hundreds of people had some form of surveillance software installed on their phones.

These aren't malicious apps that the users had been tricked into downloading. They're pieces of commercially available spyware that people with physical access to the devices have installed to secretly log each text message, phone call and contact, and in some cases, eavesdrop on calls in real time. (more)

Business Espionage Cautionary Tale - How Bugs Get Planted and More

Last Christmas Eve, a man broke into Adara Networks’ San Jose headquarters, using copies of both physical and electronic keys. He seemed to know exactly what he was looking for. The thief left rows of desks untouched as he cruised toward the lab holding the source code for Adara’s proprietary data-center networking software. Fortunately for Adara, he triggered an alarm on the lab door and fled.

“Snatch and grab” crimes, in which crooks enter an office and carts off a few loose laptops, happen occasionally in Silicon Valley. Chief Executive Officer Eric Johnson sensed that his case was more serious, though. Adara’s next-generation networking technology could be attractive to nations hoping to capture more of the global telecommunications market. So Johnson brought in contractors to sweep the offices for bugs, in case a foreign government was listening...

To make it harder for the thieves, some companies are paying for “penetration testing,” hiring security consultants to probe their defenses... Silicon Valley has a long history of thievery and espionage. (more)

Many of my reports for clients contain details and photos about how an after-hours espionage/eavesdropping attack can easily happen to them. They receive recommendations for remediation, too. 

Spybuster Tip #004: Periodic inspections help deter penetrations and information losses. Conduct them once per quarter.

D-Link Promises Fix for Home Router Firmware Flaw by End of the Month

A backdoor has been found in firmware used in several models of D-Link and Planex home routers. The flaw can easily be exploited to take control of vulnerable devices and spy on browsing activity. D-Link is aware of the issue and says a fix will be available by the end of the month. (more)

How NSA Breakthrough May Allow 'Burner' Phone Tracking

via Dan Goodin, Ars Technica 
In the HBO hit series The Wire, disposable cell phones were the bane of detectives' lives. Drug dealers obtained these prepaid "burners" in mass quantities with cash at multiple stores hundreds of miles away from where they were used.

After a week or two of use, a crook would destroy one cheap handset and fetch a new one. The Baltimore Police detectives' inability to tap the phones stymied their investigation into one of the city's most ruthless crime families — until they found a way to track the devices.

The National Security Agency may have made a similar breakthrough. Cato Institute researcher Julian Sanchez recently pulled a few sentences from a 2009 declaration by NSA Director Keith Alexander. They describe an unnamed tool that routinely accessed the vast database of call records assembled by the NSA. Sanchez argues that the purpose may be to identify burner phones used by NSA targets. (more) (via Schneier)

The Taliban's Ultimate Bug? - A Bomb in a Microphone!

A bomb planted inside a mosque killed the governor of Afghanistan's eastern Logar province as he was delivering a speech Tuesday morning to mark the Muslim holiday of Eid al-Adha, officials said...

Tuesday's explosion took place as Jamal was speaking inside the mosque to worshipers gathered for one of Islam's holiest days, said Logar's deputy police chief, Rais Khan Abbul Rahimzai.

The bomb was apparently planted inside a microphone in the front part of the mosque, said two officials, speaking on condition of anonymity because they were not authorized to speak to the media. (more)

The Rube Goldberg Toy I Want for My Birthday

The CIA’s Most Highly-Trained Spies Weren’t Even Human

There would be a rustle of oily black feathers as a raven settled on the window ledge of a once-grand apartment building in some Eastern European capital. The bird would pace across the ledge a few times but quickly depart. In an apartment on the other side of the window, no one would shift his attention from the briefing papers or the chilled vodka set out on a table. Nor would anything seem amiss in the jagged piece of gray slate resting on the ledge, seemingly jetsam from the roof of an old and unloved building. 

Those in the apartment might be dismayed to learn, however, that the slate had come not from the roof but from a technical laboratory at CIA headquarters in Langley, Virginia. In a small cavity at the slate’s center was an electronic transmitter powerful enough to pick up their conversation. The raven that transported it to the ledge was no random city bird, but a U.S.-trained intelligence asset. 

Half a world away from the murk of the cold war, it would be a typical day at the I.Q. Zoo, one of the touristic palaces that dotted the streets of Hot Springs, Arkansas, in the 1960s. With their vacationing parents inca tow, children would squeal as they watched chickens play baseball, macaws ride bicycles, ducks drumming and pigs pawing at pianos. You would find much the same in any number of mom-and-pop theme parks or on television variety shows of the era. But chances are that if an animal had been trained to do something whimsically human, the animal—or the technique—came from Hot Springs. 

Two scenes, seemingly disjointed: the John le Carré shadows against the bright midway lights of county-fair Americana. But wars make strange bedfellows, and in one of the most curious, if little-known, stories of the cold war, the people involved in making poultry dance or getting cows to play bingo were also involved in training animals, under government contract, for defense and intelligence work. (more)

NIST - Not Indelibly Secure & Trustworthy?

The National Institute of Standards and Technology (NIST) has an image problem. 

Last month, revelations surfaced indicating that the National Security Agency (NSA) may have planted a vulnerability in a widely used NIST-approved encryption algorithm to facilitate its spying activities. And cryptographers are also questioning subtle changes that might weaken a new security algorithm called Secure Hash Algorithm-3, or SHA-3. 

Encryption experts say NIST’s reputation has been seriously undermined but that the security community would like to continue using it as a standards body if it can show that it has reformed. (more)

Lawsuit Blames Companies for Hiring Voyeur

IN - A Hammond man who was convicted in 2011 of using his cellphone to record a woman in a Kmart changing room had a voyeurism conviction, so the victim is suing him, Kmart and the construction and staffing companies that hired him.

The companies shouldn’t have hired a convicted sex offender to remodel the bathroom, said Randy K. Fleming of Sarkisian, Fleming, Grabarek, Sarkisian.

The suit names Mark Anthony Fetzko, 28, of Hammond, as well as Kmart, Sturzenbecker Construction Company Inc. and Labor Ready Midwest Indiana as defendants. (more)

Blue Light Special - "Attention business owners." 
Avoid this type of lawsuit by doing your due diligence.
• Conduct quality background checks before hiring.
• Conduct periodic inspections for planted spycams in all areas where the visiting public and your employees have an expectation of privacy.

One Way Your Android Phone Can Get a Virus

Kevin McNamee stands in front of his laptop on a low stage, a phone in his hand as he scrolls through a program showing his phone’s screen, magnified on a projector screen beside him.

Bits of code start flashing up the screen as he injects command-and-control malware into the command window of the app for Rovio Entertainment Ltd.’s trademark game, Angry Birds – transforming the app into a new version he’s dubbed “Very Angry Birds.”

“And here we go,” he says, frowning down at the screen as he begins to run the new app.

McNamee was presenting at Sector 2013, a conference on all things IT security held in Toronto from Oct. 7 to 9. The director of Kindsight Security Labs at Alcatel-Lucent Canada Inc. in Ottawa, McNamee wanted to show how simple it is to use an Android software development kit to add in malware.

When a user downloads a malware-infested version of the app, he or she is asked to sign off on all kinds of permissions, like access to contact lists, the camera, and so on. If a user carelessly checks off ‘yes’ on all the options, the app is activated with a piece of malware called “Droid Whisper,” and the hacker who wrote it now has access to the phone owner’s contact lists, location, messages, camera, and microphone. That means someone can remotely listen in and record phone conversations, send messages to the phone owner’s contacts, and even take pictures from that phone.

This process can work by injecting malware into basically any Android app by using its application package tool, and it just runs as a service in the background, McNamee said. (more) (presentation)

George Washington's Top-Secret Spy Ring Coming to Cable TV

VA - Gov. Bob McDonnell says a television series about George Washington's top-secret spy ring will be filmed in central Virginia.

The pilot for the AMC Studios project was shot in the Richmond area earlier this year, and AMC has ordered a 10-episode season that will start on AMC in 2014. McDonnell says the first season of the series will begin filming this fall and be completed in the spring.

The working title for the series is "Turn." It's based on the nonfiction book "Washington's Spies: The Story of America's First Spy Ring," by Alexander Rose. It's about the band of spies who helped Washington win the Revolutionary War. (more)

Betty Boop, The Muppets & Three Wiretappers Explain NSA Spying

An entertaining short video 
about NSA spying v. the 4th Amendment to the Constitution, 
as explained in part by...

World's Heaviest Non-Electronic Eavesdropping Device

The massive concrete acoustic mirrors, or "listening ears," lining the southeast coast of England were built between the world wars to monitor the skies for the telltale sounds of airborne invasion.

Constructed between 1927 and 1930, the sound mirrors were part of Britain's national defense strategy. Their parabolic shape collected and magnified sound waves in the air over the English Channel and directed them at a microphone positioned just in front of the parabola. Anti-aircraft defenses were then deployed. The mirrors effectively gave Britain a 15-minute warning of an impending attack. 

The site features three different reflectors, including a 200-foot-long curved wall, a 30-foot-tall parabolic dish, and a 20-foot-tall shallow dish. All three can be seen in Greatstone, located on the northeast side of the Dungeness Nature Reserve. (more)

Hannah Anderson - Be Careful What You Say Around the Hotel Staff

via allvoices.com...
Was Hannah Anderson (kidnapping victum) heard rehearsing her story for the 'Today' show interview that airs today? According to one Pierre Hotel employee -- who wishes to remain anonymous for very obvious reasons -- she was. The hotel employee reached out to me privately and shared that she had been eavesdropping while Anderson's "newly hired PR person" coached her on what to say to Savannah Guthrie during their interview. To be clear, the anonymous tipster told me that she had witnessed a "very damning prep meeting."

The Pierre Hotel employee continued to say the following... (more)

Attorney & PI -- 75-100 Illegal Bugs and Surveillance Devices

CA - Mary Nolan, a family law attorney in San Ramon, California, pleaded guilty in federal court, to four counts of tax evasion and one count of unlawful interception of communications, announced United States Attorney Melinda Haag.

Nolan, 61, entered guilty pleas to all of the substantive counts in the indictment.... according to the plea agreement, Nolan caused her staff to illegally eavesdrop by accessing a listening device that private investigator Christopher Butler had installed in a vehicle used by “N.F” (a victim). Nolan agreed to resign her bar license and never to practice law again.

Butler, who pleaded guilty to unlawful interception and several other offenses on May 4, 2012, admitted having installed approximately seventy-five to one hundred unlawful listening devices at the request of clients or their attorneys, including the listening device in “N.F.’s” vehicle in August 2007. Butler was sentenced to 60 months’ imprisonment on this charge, to be served concurrently with the 96-month sentence on his other counts of conviction. (more)

International Spy Museum Looking for a New Safe House

The International Spy Museum, one of the most popular private attractions in (Washington, DC), would relocate to the former Carnegie Library in Mount Vernon Square under a plan by D.C. officials.

Carnegie Library

Events DC, which manages the District’s convention and sports business, announced Monday that it planned to renovate and expand the historic library building by moving the Spy Museum to the museum’s underground space and building a new “sculpted glass pavilion” on the north side of the building that would house a new visitors center, a café and the Spy Museum store...

In all, the project would add 58,000 square feet to the property, but the idea requires layers of approval from local and federal stakeholders because of the historic state of the grounds and library building, which was completed in 1903 and served as the city’s central library until 1970. (more)

... or, say Beetlejuice three times.

Taiwan - Rumors saying that people can verify if their cellphones or landlines are under surveillance by dialing *960*# and *26 are false, telecommunication experts said recently, as the snowballing controversy surrounding the wiretapping of government officials conducted by the Special Investigation Division (SID) of the Supreme Prosecutors’ Office sparked concern among the public that private citizens are also under surveillance. (more) (sing-a-long)

Russia's Herculean Feat - Eavesdrop on All Olympic Communications

Russia is preparing to monitor the communications of athletes and others taking part in the Sochi Winter Olympics at an unprecedented level, according to official documents.

Government tender documents indicate all communications equipment at the Black Sea resort will be tapped, including wi-fi and mobile phone networks, to allow eavesdropping through the Russian SORM (System for Operative Investigative Activities) interception system, The Guardian reported.

Documents seen by Russian journalists Andrei Soldatov and Irinia Borogan point to deep packet inspection (DPI) being used to filter all communications around Sochi, with intelligence agencies being able to sort these, search for keywords and identify and monitor people.

The monitoring plans were discovered on the Russian government Zakupki ("purchases") procurement agency website. By law, all Russian government agencies must buy equipment through Zakupki. This includes the country's intelligence agencies. (more)

Hey, kids! Want a smart watch? All right. Who said "house arrest ankle bracelet"?!?!

AT&T announced a new smart device that goes on the wrist today, but it’s not the Galaxy Gear. This is the Filip, a pseudo-smartwatch for kids that parents can use to keep tabs on their offspring with an unparalleled level of accuracy. This device acts as a phone, GPS tracker, and a panic button all in one somewhat awkward package.

The Filip plugs into an iOS or Android app that allows parents to set five trusted numbers that the watch can place calls to. The announcement glosses over the phone call functionality, but it appears to be entirely speakerphone-based. The app is also used to pull locations from the watch in real time, send direct SMS, and set up “Safe Zones.” A Safe Zone is basically a geo-fence that the watch is supposed to stay inside of. If it leaves the Safe Zone, an alert will be pushed to the smartphone app. This is truly helicopter parenting gone high-tech...

There are only two buttons on the Filip, one of which is a big red panic button. When it’s held for three seconds, the device will go into emergency mode and start ambient sound recording. It also sends text messages to all five trusted numbers and places a call to the first number in the list. False alarms will be quite the affair.

AT&T will be the exclusive network provider for the Filip, but no pricing has been announced. The closest thing to a release date is “in the coming months.” (more)

Business Espionage: Eavesdropping Discovery at Nortel - Update

The Department of National Defence will have to decide whether it is still worth the risk to move into the former Nortel campus after the discovery of listening devices at the facility, say security analysts.

The DND is not releasing details about where exactly the electronic eavesdropping devices were found or whether they were left over from an industrial espionage operation when Nortel occupied the complex in Ottawa’s west end.

Nortel was the target of a number of spy and computer hacking operations, with the main culprits suspected of being associated with China.

But security analysts say other listening devices could remain in the sprawling campus at 3500 Carling Ave. The question is whether they can all be found and whether they are still active...

Sources say the bugs are believed to have been planted when Nortel occupied the campus. (more)

12 Detained After Bugging Device Found

After it was revealed in the media on Sept. 17 that two listening devices had been found in the office of the Prime Ministry's Overseas Turks Agency (YTB), police have detained 12 suspects in simultaneous operations in the provinces of Ankara, İstanbul and Ardahan, linked to the investigation, Turkish news agencies reported on Monday.

On Sept. 17, the Türkiye daily claimed that two female co-founders and current members of the ruling Justice and Development Party (AK Party) were spying for Iran, reportedly gathering intelligence for Tehran by planting listening devices in the office of the YTB, although the claim was at least partly denied by Deputy Prime Minister Bekir Bozdağ later that day. (more)

Anti-Eavesdropping Just Became Kinky

What if any object around you could play back sound at the touch of your finger? That is the idea behind Ishin-Denshin, an electronic art project that has just won an honourable mention at the ARS Electronica festival in Linz, Austria.


Ishin-Denshin works by getting the user to whisper a message into a microphone, which encodes the sound and then converts it into an electrical signal which modulates an electrostatic field around the human body. When the charged person touches their finger to another person's earlobe, the field causes it to vibrate slightly, reproducing the sound for the touched person to hear. The name comes from a Japanese expression meaning an unspoken understanding. (more)

School Principal's DIY Investigation Ends in Wiretapping Conviction

A middle school principal from Fort Worth, Texas, has been found guilty of wire-tapping after she got her daughter to plant a camera in the locker room of another high school. 

Wendee Long, 47, had her daughter, who was 17 at the time, hide a recording cell phone to catch the basketball coach from Argyle High School yelling at the team.

Long allegedly planted the device after her two daughters had complained the coach shouted too much.

Her teenage daughter Caydan, who did not face any charges, placed a camera phone inside a locker and pressed record.

It did not capture coach Skip Townsend, 61, saying or doing anything inappropriate during the half-time meeting, authorities told WFAA-TV. Someone anonymously sent the video to the superintendent and several board members and Long turned herself in to authorities. (more)

Business Espionage: Eavesdropping Devices Found at Nortel Complex

Canada - Workers preparing the former Nortel complex as the new home for the Department of National Defence have discovered electronic eavesdropping devices, prompting new fears about the security of the facility.

It’s not clear whether the devices were recently planted or left over from an industrial espionage operation when Nortel occupied the complex...

Recently released DND documents indicate that concerns about the security surrounding the former Nortel campus at 3500 Carling Ave. were raised last year...
 
Last year it was also revealed that Nortel had been the target of industrial espionage for almost a decade... (more)

Note: Nortel Networks Corporation was once a major data networking and multinational telecommunications company. The company filed for protection from creditors on January 14, 2009 and later shut its doors.

Commercial Espionage Fears Prompts... a conference?!?!

Jamacia - Commercial espionage affecting Jamaican businesses are to be addressed at a two-day conference on Cyber Security and Digital Forensics, to be staged at the University of the West Indies from September 30 to October 1.

Mr. Robinson said he became aware of the level of corporate espionage occurring in Jamaica recently, and the conference will address this concern in a fulsome way.

“We’re not talking about a man hacking into a website and defacing it. We’re talking about criminals doing this for financial gain, or to prove a point. They can hack into a critical national infrastructure and disrupt the country in a significant way; for example your Air Traffic Control system, and you know the damage that can be done,” the State Minister said.

“There are just so many ways someone with a computer can create havoc and we need to be on top of that as a country,” he emphasized. (more)

The "Let's Talk About This" love boat sailed a long time ago. It's time for action. BTW... Corporate espionage via computers is only one hole in your security dike. Be sure your security program handles it all.

Business Espionage - Bra Biz Ops Man Bugged

Michelle Mone's firm bugged director's office amid fears he was about to jump ship to ex-husband's new company, tribunal hears 

MICHELLE MONE monitored recordings from a bug in a director’s office amid fears he was about quit for a job work with her ex, her new business partner claimed yesterday.

Eliaz Poleg told an employment tribunal he came up with the idea of bugging Scott Kilday’s plant pot.

Poleg – the chairman of the company formed from the sale of Michelle’s MJM firm – said he made the move as he had “extreme concerns” over Kilday’s loyalty to the troubled bra business.

Kilday now works for Michelle’s ex-husband Michael, who was bought out of MJM two days before the sale to MAS Holdings. Kilday walked out on MJM after finding the bug.

Poleg told the tribunal in Glasgow: “I know there was stuff on it because Michelle said she was listening and replacing the machine tapes. (more)

When Business Espionage Doesn't Work the Next Step is Sabotage

Real News or Business Sabotage? You decide...

The following "news story" was found in Yahoo News. It is filled with anonymous quotes, no proof, no substance, no follow-up with the side being attacked.

“Apple’s new operating system is making me nauseous and giving me a headache - just like when you try to read in the car,” says one user.

Others complain of “vertigo” when apps “zoom” in and out - and say that using iOS 7 devices has left them feeling ill for days.

Apple’s new iOS 7 operating system has been downloaded 200 million times - and some users are complaining that the animations make them seasick - or worse. (more)

To our clients... In addition to your TSCM bug sweeps and our other business espionage reductions, keep an eye out for business sabotage. Document it. Go after it.

Yet Another Good Reason to Conduct TSCM Sweeps

Police have arrested eight men in connection with a £1.3m theft by a gang who remotely took control of the computer system of a Barclays bank branch.

A man posing as an IT engineer gained access to the Swiss Cottage branch in north London on 4 April, fitting a keyboard video mouse (KVM) device, which enabled the gang to remotely transfer funds to bank accounts under its control. (more)

Fingerprint Security Appears Risky on iPhone, and Elsewhere

Reason 1. - iPhone's fingerprint biometrics defeated, hackers claim.
Just one day after the new fingerprint-scanning Apple iPhone-5s was released to the public, hackers claimed to have defeated the new security mechanism. After their announcement on Saturday night, the Chaos Computer Club posted a video on YouTube which appears to show a user defeating Apple’s new TouchID security by using a replicated fingerprint. Apple has not yet commented on this matter, and, as far as I can tell, no third-party agency has publicly validated the video or the hacker group’s claim. In theory, the techniques used should not have defeated the sub-dermal analysis (analyzing three dimensional unique aspects of fingerprints rather than just two-dimensional surface images) that Apple was supposed to have used in its fingerprint scanner. (more)

Reason 2. - Mythbusters.



Reason 3. - When You're Busted.
Police can't compel you to spill your password, but they can compel you to give up your fingerprint.

"Take this hypothetical example coined by the Supreme Court: If the police demand that you give them the key to a lockbox that happens to contain incriminating evidence, turning over the key wouldn’t be testimonial if it’s just a physical act that doesn’t reveal anything you know.

However, if the police try to force you to divulge the combination to a wall safe, your response would reveal the contents of your mind — and so would implicate the Fifth Amendment. (If you’ve written down the combination on a piece of paper and the police demand that you give it to them, that may be a different story.)" (more)

Is Your Cell Phone Talking to Your Carrier, or Behind Your Back to a Rogue?

It's not easy to tell, but very important if you want to have a confidential conversation.

What is a rogue or IMSI catcher?
"An IMSI catcher is essentially a false mobile tower acting between the target mobile phone(s) and the service providers real towers. As such it is considered a Man In the Middle (MITM) attack. It is used as an eavesdropping device used for interception and tracking of cellular phones and usually is undetectable for the users of mobile phones. Such a virtual base transceiver station (VBTS) is a device for identifying the International Mobile Subscriber Identity (IMSI) of a nearby GSM mobile phone and intercepting its calls." (more)

Folks with a Cryptophone know...

"Each week an increasing number of Cryptophone customers are becoming aware of disturbing, yet unfortunately not surprising changes to the cellular network in their area.

This screenshot sent in by a customer shows the Cryptophone 500 alerting them to changes in the mobile network. In this case standard network encryption has been turned off. This is often an indication that a rogue base station or “IMSI Catcher” is active in the area.

While this knowledge would be of great to concern to most people, Cryptophone users can rest easy knowing that even in the presence of an ‘active’ attack’s like this, their communications are still completely secure." (more) (more)

Think the problem is theoretical? 

"Recently leaked brochures advertising next generation spy devices give outsiders a glimpse into the high-tech world of government surveillance. And one of the most tantalizing of the must-have gizmos available from a company called GammaGroup is a body-worn device that surreptitiously captures the unique identifier used by cell phones." (more)

"Hacker intercepts phone calls with homebuilt $1,500 IMSI catcher, claims GSM is beyond repair" (more) 

"Septier IMSI Catcher (SIC) has been designed as a tactical solution intended to extract GSM entities. Based on the Septier GUARDIAN infrastructure, Septier IMSI Catcher provides its users with the capability of extracting IMSI and IMEI of GSM Mobile Stations (MS) that are active in the system's effective range.

Septier IMSI Catcher is the perfect solution for both extracting identities from MS in its area of coverage (when these identities are previously unknown) and detecting the presence of known cell phones in the area, notifying the system user about those phones. Septier IMSI Catcher can be equipped with an add-on 3G module that allows identity extraction for 3G cell phones as well. It has several configurations that allow meeting the specific requirements of every operation and are suitable for various working conditions." (more)

Ex-Sheriff Pleads Guilty to Wiretapping

WV - Former Clay County Sheriff Miles Slack pleaded guilty Tuesday to a federal charge that he hacked his wife’s work computer.

Slack entered the plea to a wiretapping charge Tuesday in U.S. District Court in Charleston. He faces up to five years in prison. Sentencing was set for Dec. 19.

The government said Slack secretly installed a keystroke logger on a computer in the Clay County Magistrate Court office in April where his wife worked. They were married at the time but have since divorced.

Spyware devices can be purchased online and typically are 1-2 inches long and attached to the keyboard cable. Once installed, they can intercept anything typed on that keyboard. (more)

Afraid of Getting a Virus from a Public Recharging Station?

 For every scare, there is an inventor with an answer...
via int3.cc...

Have you ever plugged your phone into a strange USB port because you really needed a charge and thought: "Gee who could be stealing my data?." We all have needs and sometimes you just need to charge your phone. "Any port in a storm." as the saying goes. Well now you can be a bit safer. "USB Condoms" prevent accidental data exchange when your device is plugged in to another device with a USB cable. USB Condoms achieve this by cutting off the data pins in the USB cable and allowing only the power pins to connect through.Thus, these "USB Condoms" prevent attacks like "juice jacking".

Use USB-Condoms to:
* Charge your phone on your work computer without worrying...
* Use charging stations in public without worrying...

If you're going to run around plugging your phone into strange USB ports, at least be safe about it. ;-) (more)

New iPhones Are Coming - Learn How to Sanitize Your Old One

Planning on buying a new iPhone? 

Whether you trade-in, sell or gift your old one, do this first. Erase all your personal data. 

Here's how:
1. Plug your phone into the charger, or make sure you have enough charge to complete the process.
2. Take a moment to back-up the phone. iTunes or iCloud make this easy.
3. Go to SETTINGS > GENERAL > RESET
4. Press ERASE ALL CONTENT AND SETTINGS. Press CONFIRM.
5. (Optional) Press all the other RESETS.
6. Double-check to make sure all your data has gone to the bit-bucket in the sky.

Enjoy your new phone!

How Law Enforcement Can Watch Tweets in Real-time

BlueJay, the "Law Enforcement Twitter Crime Scanner," provides real-time, geo-fenced access to every single public tweet so that local police can keep tabs on #gunfire, #meth and #protest (yes, those are real examples) in their communities. 

BlueJay is the product of BrightPlanet, whose tagline is "Deep Web Intelligence" and whose board is populated with people like Admiral John Poindexter of Total Information Awareness infamy.

BlueJay allows users to enter a set of Twitter accounts, keywords and locations to scan for within 25-mile geofences (BlueJay users can create up to five such fences), then it returns all matching tweets in real-time. If the tweets come with GPS locations, they are plotted on a map. The product can also export databases of up to 100,000 matching tweets at a time. (more)

New Mobile Survey Reveals 41% of Employees Are Deliberately Leaking Confidential Data

Congratulations and condolences to the nation’s CIOs for being responsible for data security. 

There’s now more job security but now there’s less information security too. Because, according to a new survey from uSamp, 41% of workers used an unsanctioned cloud service for document storage in the last 6 months, despite the fact that 87% of these workers knew their company had policies forbidding such practices.

Welcome to the mobile workplace. It’s less secure and loaded with risk.

And, according to the research, the estimated annual cost to remedy the data loss is about $1.8 billion. So what’s a CIO to do? On the one hand, it’s her job to help employees remain productive, but it’s also her job to secure the company’s confidential information.

Six IT experts were asked about their take on the matter, here are their suggestions... (more) 

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

"Secure" Integrated Circuit Chip Salami'ed into Spilling Secrets

A technique has been developed to bypass elaborate physical protections and siphon data off the most secure chips potentially including those used to protect military secrets.

The proof-of-concept technique demonstrated by researchers at Berlin's Technical University and security consultancy IOActive was successfully applied to a low-security Atmel chip commonly used in TiVo video recording devices. But the research team found that their complex and expensive attack could be applied to successfully pry data from highly-secure chips.

The attack used a polishing machine to mill down the silicon on the target chip until it was 30 micrometers thin.

The chip was then placed under a laser microscope fitted with an infrared camera to observe heat emanating from where encryption algorithms were running.

A focused ion-beam was then shot at the chip which dug a series of two micrometer -deep trenches in which wiretap probes were inserted.

Together, the elaborate techniques if bolstered by the use of more expensive equipment not available to the researchers could potentially bypass the most advanced chip security mechanisms. (more)