via futilitycloset.com
Mathematician Yutaka Nishiyama of the Osaka University of Economics has designed a nifty paper boomerang that you can use indoors. A free PDF template (with instructions in 70 languages!) is here.
Hold it vertically, like a paper airplane, and throw it straight ahead at eye level, snapping your wrist as you release it. The greater the spin, the better the performance. It should travel 3-4 meters in a circle and return in 1-2 seconds. Catch it between your palms.
Friday, October 24, 2014
Thursday, October 23, 2014
Ask the Consultant - Spycam Question Received this Week
"Have you ever been called upon by a client to check for unauthorized or hidden cameras?
And to that end, is there some technology available to security professionals (not what the Secret Service uses) that can identify wireless cameras?"
Yes. The video voyeurism craze had prompted requests from corporate clients, country clubs, private schools and religious institutions (usually in response to an incident), and occasionally pro-actively, for due diligence purposes.
DIY detecting cameras in situ can be accomplished in several ways...
by Kevin D. Murray CPP, CISM, CFE
And to that end, is there some technology available to security professionals (not what the Secret Service uses) that can identify wireless cameras?"
Yes. The video voyeurism craze had prompted requests from corporate clients, country clubs, private schools and religious institutions (usually in response to an incident), and occasionally pro-actively, for due diligence purposes.
DIY detecting cameras in situ can be accomplished in several ways...
 |
| Spycam finds courtesy Murray Associates. |
- Physical inspection - If you know where a spycam is likely to be looking (bathroom, bedroom, office, etc.), stand there and do a 360ยบ turn. The camera will be in your line-of-sight (take into account mirrors).
- Look for the lens - This may be accomplished with this device, or with this app. Neither solution is 100% effective, however.
- If the device is not recording internally, but broadcasting a FM radio-frequency signal, there are these detectors 1 2 . Neither solution is 100% effective, however.
- If the camera is transmitting to the Internet via Wi-Fi (popular with the baby monitors), detection options 1 & 2 are the best bet for the amateur sleuth. A professional TSCM team will be able to conduct a Wi-Fi analysis to absolutely detect the transmitter.
- Thermal imaging is also very effective for finding "live" cameras (as opposed to the battery powered ones that just snap photos upon sensing movement). This has become affordable this year with the introduction of this iPhone add-on.
- Call us. In addition to Wi-Fi analysis, we also use Non-Linear Junction Detection (NLJD), more sensitive thermal imaging, and spectrum analysis detection techniques.
by Kevin D. Murray CPP, CISM, CFE
...which left us wondering about the clowns in business and government who spy.
A new study finds that more Americans fear spying from corporations than the government (but only slightly).
In total, 82 percent of Americans fear corporations, while 74 percent fear the government.
The data comes from a new Chapman University survey of everything that freaks Americans out. In addition to Internet fears, around 65 percent of Americans also fear public speaking — meaning that more Americans are concerned about Internet privacy than speaking in public.
Interesting, but unrelated: 20 percent of Americans are at least somewhat afraid of clowns. (more)
In total, 82 percent of Americans fear corporations, while 74 percent fear the government.The data comes from a new Chapman University survey of everything that freaks Americans out. In addition to Internet fears, around 65 percent of Americans also fear public speaking — meaning that more Americans are concerned about Internet privacy than speaking in public.
Interesting, but unrelated: 20 percent of Americans are at least somewhat afraid of clowns. (more)
Wednesday, October 22, 2014
Why the IT Guy Can't Protect Your Information
- Most “computerized” information is available
elsewhere long before it is put into a computer. - Hacking is only one tool in the spy's kit.
- Data theft is the low-hanging fruit of the business
espionage world. Pros use bucket trucks. - Traditional spying is invisible. Hacking leaves trails.
Result... IT guy gets budget. Company is still a sieve.
Go Holistic
Close All Loopholes
Loophole 1: Information Generation
People generate information. They talk, discuss, plan. The human voice contains the freshest information.
Conduct Technical Surveillance Countermeasures (TSCM) inspections of offices, labs, conference and boardrooms on a scheduled basis. TSCM works.
Ford Motors found voice recorders hidden in seven of their conference rooms this summer.
Loophole 2: Information Transmission
People communicate. They phone, fax, email, hold teleconferences — over LAN, Wi-Fi and cables.
Traditional wiretapping and VoIP/Wi-Fi transmission intercepts are very effective spy tools. TSCM sweeps discover attacks.
Loophole 3: Information Storage
People store information all over the place; in unlocked offices, desks, and file cabinets. Photocopiers store all print jobs in memory. TSCM surveys identify poor storage, and the perimeter security gaps which put storage at risk.
Loophole 4: Information Handling
People control information. Educate them. Security briefings don’t have to be long and tedious. Establish basic rules and procedures. Enforce them.
Effective information security requires a holistic protection plan. IT security is an important part of this plan, but it is only one door to your house of information.
by Kevin D. Murray CPP, CISM, CFE
Tuesday, October 21, 2014
Watergate - Ben Bradley Dies at 93
Ben Bradlee, the former top editor of The Washington Post who oversaw
the paper's coverage of the Watergate scandal, has died, the newspaper
said Tuesday.
He was 93.
He was 93.
Yo, Jimmy. You know how to use this thing?
Newly released documents definitively show that local law enforcement in Washington, DC, possessed a cellular surveillance system—commonly known as a "stingray"—since 2003.
However, these stingrays literally sat unused in a police vault for six years until officers were trained on the devices in early 2009.
"It's life imitating The Wire," Chris Soghoian, a staff technologist at the American Civil Liberties Union, told Ars. "There's an episode in Season 3 where [Detective Jimmy] McNulty finds a [stingray] that has been sitting on the shelf for a while." (more)
"It's life imitating The Wire," Chris Soghoian, a staff technologist at the American Civil Liberties Union, told Ars. "There's an episode in Season 3 where [Detective Jimmy] McNulty finds a [stingray] that has been sitting on the shelf for a while." (more)
Traveling to China? Have an iPhone? Clear Your Cloud First
Chinese authorities just launched “a malicious attack on Apple” that could capture user names and passwords of anyone who logs into the iCloud from anywhere in the country, the well-respected censorship watchdog GreatFire.org reports.
With that information, a hacker can view users contacts, photos, messages and personal information stored in the cloud.
China has an estimated 100 million iPhone users in China, and all of them could be vulnerable, GreatFire reports, thanks to a “man in the middle” attack that tricks users into believing they are logging into a secure connection, when they are actually logging into a Chinese government-controlled site instead. (more)
China has an estimated 100 million iPhone users in China, and all of them could be vulnerable, GreatFire reports, thanks to a “man in the middle” attack that tricks users into believing they are logging into a secure connection, when they are actually logging into a Chinese government-controlled site instead. (more)
A Police Commander's Wife, Their Unlicensed PI Business and Spyware...
Woo-woo-woo-woo-woo-woo, nyunt, nyunt, nyunt!
A Monterey County woman was charged with wiretapping a police officer and possessing "illegal interception devices,” according to the Northern California District Attorney’s office. The District Attorney said that Kristin Nyunt, age 40, allegedly intercepted communications made by a police officer on his mobile phone.
Nyunt is the ex-wife of former Pacific Grove Police Commander John Nyunt, and she has already been sentenced to eight years and four months in prison after pleading guilty in July to five counts of identity theft, two counts of computer network fraud, one count of residential burglary, and two counts of forgery.
In the latest charges [PDF], the District Attorney accused Nyunt of using illegal spyware including MobiStealth, StealthGenie, and mSpy to intercept "sensitive law enforcement communication” in real time. Nyunt allegedly placed the spyware on a police officer’s phone surreptitiously, although court documents do not detail how or why...
...between 2010 and 2012, Nyunt and her husband operated an unlicensed private investigator business called Nyunt Consulting and Investigative Services Corporation and used access to their customers’ devices and information to later commit identity theft. (more)
A Monterey County woman was charged with wiretapping a police officer and possessing "illegal interception devices,” according to the Northern California District Attorney’s office. The District Attorney said that Kristin Nyunt, age 40, allegedly intercepted communications made by a police officer on his mobile phone.
Nyunt is the ex-wife of former Pacific Grove Police Commander John Nyunt, and she has already been sentenced to eight years and four months in prison after pleading guilty in July to five counts of identity theft, two counts of computer network fraud, one count of residential burglary, and two counts of forgery.
...between 2010 and 2012, Nyunt and her husband operated an unlicensed private investigator business called Nyunt Consulting and Investigative Services Corporation and used access to their customers’ devices and information to later commit identity theft. (more)
Staples Suspects Hackers - That Was Easy
Staples, the nation’s largest office supply retailer, said Monday it is investigating a "potential issue" involving credit card data at its stores.
Staples spokesman Mark Cautela said in an email that the retailer has contacted law enforcement to help with its investigation.
"We take the protection of customer information very seriously and are working to resolve the situation," Cautela said in an email. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis." (more) (now-hack-the button)
"We take the protection of customer information very seriously and are working to resolve the situation," Cautela said in an email. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis." (more) (now-hack-the button)
Monday, October 20, 2014
Business Phone VoIP Hack - Phreaking Expensive
Bob Foreman’s architecture firm ran up a $166,000 phone bill in a single weekend last March. But neither Mr. Foreman nor anyone else at his seven-person company was in the office at the time... (hackers) routed $166,000 worth of calls from the firm to premium-rate telephone numbers in Gambia, Somalia and the Maldives...
The scheme works this way, telecommunications fraud experts say: Hackers sign up to lease premium-rate phone numbers, often used for sexual-chat or psychic lines, from one of dozens of web-based services that charge dialers over $1 a minute and give the lessee a cut...
Hackers then break into a business’s phone system and make calls through it to their premium number, typically over a weekend, when nobody is there to notice. With high-speed computers, they can make hundreds of calls simultaneously, forwarding as many as 220 minutes’ worth of phone calls a minute to the pay line...
...telecom experts advise people to turn off call forwarding and set up strong passwords for their voice mail systems and for placing international calls. (more)
Hackers then break into a business’s phone system and make calls through it to their premium number, typically over a weekend, when nobody is there to notice. With high-speed computers, they can make hundreds of calls simultaneously, forwarding as many as 220 minutes’ worth of phone calls a minute to the pay line...
...telecom experts advise people to turn off call forwarding and set up strong passwords for their voice mail systems and for placing international calls. (more)
A Royal Sting Spybusting Trick You Can Use
Kate Middleton reportedly thinks that someone is keeping a close eye on the day-to-day happenings of the palace.
The reports have suggested that there is an over enthusiastic photographer or someone who is getting to know all the royal secrets.
"Middleton's paranoid that someone inside the palace is leaking her secrets. It's her worst nightmare," a source told Life &Style magazine...
The report added that the royal couple is taking required step to have a very private life. "They're trying desperately to find out who's spying on them by giving out false information to different people. If any of that information comes out, they'll know who's responsible." (more)
The reports have suggested that there is an over enthusiastic photographer or someone who is getting to know all the royal secrets."Middleton's paranoid that someone inside the palace is leaking her secrets. It's her worst nightmare," a source told Life &Style magazine...
The report added that the royal couple is taking required step to have a very private life. "They're trying desperately to find out who's spying on them by giving out false information to different people. If any of that information comes out, they'll know who's responsible." (more)
Sunday, October 19, 2014
Business Espionage via Crowd Sourcing
Crowd sourcing any part of your secret project can blow your cover and evaporate your competitive advantages. Take your marketing materials for example. Just requesting help on a crowd source web site can alert the competition to your plans.
via frankie.bz...
Two weeks ago I discovered through a crowd sourcing portal for graphic design that a competitor of my client is preparing to launch a whole new product line. They where pitching for a “name” and “logo design” for a range of products.
I informed my client about the pitch and ask them if they knew something about the new product line. They didn’t and neither did the market – a scoop so to say. The information in the pitch was valuable to my client since it contained a very good description about the features of the new product line and when it will be launched. Therefore the client informed its sales force and they are now prepared to answer questions of their clients.
What can we learn from this experience?
via frankie.bz...
Two weeks ago I discovered through a crowd sourcing portal for graphic design that a competitor of my client is preparing to launch a whole new product line. They where pitching for a “name” and “logo design” for a range of products.
I informed my client about the pitch and ask them if they knew something about the new product line. They didn’t and neither did the market – a scoop so to say. The information in the pitch was valuable to my client since it contained a very good description about the features of the new product line and when it will be launched. Therefore the client informed its sales force and they are now prepared to answer questions of their clients.
What can we learn from this experience?
- Do not crowd source design of “secret” products – especially if the pitch can be seen without any registration
- Do not describe your product in the project brief – send the description to an interested designer after he has signed a non disclosure agreement
- Do not link directly to your competitors site – I’ve found out about the pitch because I’ve seen hundreds of visitors coming from a non-industry related site
- Do prohibit your employees to blog, twitter, Facebook about a new product
- Use a project code name that does not relate to your industry or product
- Do not use Cloud-Services for your product development - unless you are sure that none of the information can be made available to the public
- Visit crowd sourcing portals on a regular basis and search for projects related to your industry and competitors
- Use Google Alerts not only to monitor the web activity of your firm and brands, but also of your competitors
- Use crowd sourcing traditionally by letting the crowd search through social networks, forums and the web for information about your competitors
- Sign up and monitor the support forums of your main competitors (if they have one). If they don’t have one try to open a user-to-user support forum for your competitors products – and see what happens.
1958 - The Hollow Coin Spy Case
CIA Archives: The Hollow Coin - Espionage Case of Rudolf Abel (1958)
Vilyam (Willie) Genrikhovich (August) Fisher (ะะธะปััะผ ะะตะฝัะธั ะพะฒะธั ะคะธัะตั) (July 11, 1903 — November 16, 1971) was a noted Soviet intelligence officer. He is generally better known by the alias Rudolf Abel, which he adopted on his arrest. His last name is sometimes given as Fischer; his patronymic is sometimes less exactly transliterated as Genrikovich.
The Hollow Nickel Case (also known as The Hollow Coin), refers to the method that the Soviet Union spy Vilyam Genrikhovich Fisher (aka Rudolph Ivanovich Abel) used to exchange information between himself and his contacts, including Mikhail Nikolaevich Svirin and Reino Hรคyhรคnen.
On June 22, 1953, a newspaper boy (fourteen-year-old newsie Jimmy Bozart), collecting for the Brooklyn Eagle, at an apartment building at 3403 Foster Avenue in Brooklyn, New York, was paid with a nickel (U.S. five cent piece) that felt too light to him. When he dropped it on the ground, it popped open and contained microfilm inside. The microfilm contained a series of numbers.
He told the daughter of a New York City Police Department officer, that officer told a detective who in two days told an FBI agent about the strange nickel. After the FBI obtained the nickel and the microfilm, they tried to find out where the nickel had come from and what the numbers meant...
Vilyam (Willie) Genrikhovich (August) Fisher (ะะธะปััะผ ะะตะฝัะธั ะพะฒะธั ะคะธัะตั) (July 11, 1903 — November 16, 1971) was a noted Soviet intelligence officer. He is generally better known by the alias Rudolf Abel, which he adopted on his arrest. His last name is sometimes given as Fischer; his patronymic is sometimes less exactly transliterated as Genrikovich.
The Hollow Nickel Case (also known as The Hollow Coin), refers to the method that the Soviet Union spy Vilyam Genrikhovich Fisher (aka Rudolph Ivanovich Abel) used to exchange information between himself and his contacts, including Mikhail Nikolaevich Svirin and Reino Hรคyhรคnen.
On June 22, 1953, a newspaper boy (fourteen-year-old newsie Jimmy Bozart), collecting for the Brooklyn Eagle, at an apartment building at 3403 Foster Avenue in Brooklyn, New York, was paid with a nickel (U.S. five cent piece) that felt too light to him. When he dropped it on the ground, it popped open and contained microfilm inside. The microfilm contained a series of numbers.
He told the daughter of a New York City Police Department officer, that officer told a detective who in two days told an FBI agent about the strange nickel. After the FBI obtained the nickel and the microfilm, they tried to find out where the nickel had come from and what the numbers meant...
Chinese Phone Turns Smart Spy
China-based leading smartphone manufacturer Xiaomi, which recently marked a successful entry into the Indian market, is allegedly a security threat. It has been accused by the Indian Air Force (IAF) of sending user data to remote servers located in China -- a charge that amounts to spying...
Field Reports
• F-secure, a leading security solution company, recently carried out a test of Xiaomi Redmi 1s, the company’s budget smartphone, and found that the phone was forwarding carrier name, phone number, IMEI (the device identifier) and numbers from address book and text messages back to Beijing.
• A Hong Kong-based mobile phone user claims to have tested the Redmi Note smartphone and found it was automatically connected to an IP address hosted in China. The data transmitted included photo in media storage and text messages also.
According to the PhoneArena report, looking up the website of the company owning the IP address in the range 42.62.48.0-42.62.48.255 reveals that the website owner is www.cnnic.cn. CNNIC is the administrative agency responsible for Internet affairs under the Ministry of Information Industry of People’s Republic of China. It is based in the Zhongguancun hi-tech district of Beijing.
Therefore, the IAF in its alert to all of its Commands has stated that air warriors and their family members are advised to refrain from using these devices. (more)
 |
| Xiaomi MI Hongmi 1280x720 MIUI V5 |
• F-secure, a leading security solution company, recently carried out a test of Xiaomi Redmi 1s, the company’s budget smartphone, and found that the phone was forwarding carrier name, phone number, IMEI (the device identifier) and numbers from address book and text messages back to Beijing.
• A Hong Kong-based mobile phone user claims to have tested the Redmi Note smartphone and found it was automatically connected to an IP address hosted in China. The data transmitted included photo in media storage and text messages also.
According to the PhoneArena report, looking up the website of the company owning the IP address in the range 42.62.48.0-42.62.48.255 reveals that the website owner is www.cnnic.cn. CNNIC is the administrative agency responsible for Internet affairs under the Ministry of Information Industry of People’s Republic of China. It is based in the Zhongguancun hi-tech district of Beijing.
Therefore, the IAF in its alert to all of its Commands has stated that air warriors and their family members are advised to refrain from using these devices. (more)
Saturday, October 18, 2014
Privacy Rights Fact Sheets
Privacy Fact Sheets
California Medical Privacy Series
Friday, October 17, 2014
Even Good Spys Have a Bad Day Once in a While
The Australian Security Intelligence Organisation (Asio) inadvertently spied on its own employees,
in one of a series of surveillance breaches in the past 12 months compiled by Australia’s intelligence watchdog.
The Inspector General of Intelligence and Security (Igis) annual report was tabled in parliament on Thursday, and identified a series of breaches of Asio’s spying powers at a time when the federal government is granting the agency unprecedented new powers. (more)
The Inspector General of Intelligence and Security (Igis) annual report was tabled in parliament on Thursday, and identified a series of breaches of Asio’s spying powers at a time when the federal government is granting the agency unprecedented new powers. (more)
Binder Flaw Threatens to Blow Apart Android Security
Security researchers have warned of a serious security flaw in Android which could potentially leave every device open to attack.
The vulnerability is in the operating system’s ubiquitous inter-process communication (IPC) tool known as Binder, according to a Black Hat Europe presentation on Thursday by Check Point researchers Nitay Artenstein and Idan Revivo...
“Subverting this component allows an attacker to see and control almost all important data being transferred within the system,” the two say in their research paper. (more)
“Subverting this component allows an attacker to see and control almost all important data being transferred within the system,” the two say in their research paper. (more)
Hackers Target Hong Kong Protesters via iPhones
When the Hong Kong protests were at their height, activists using WhatsApp received messages advertising a program that promised to help them coordinate protests.
When the demonstrators downloaded the program through a link in the message, it turned out to be malicious software—most likely created by the Chinese government—that hacked their smartphones.
Lacoon Mobile Security, based in San Francisco, began to analyze the phony app after spotting unusual communication on the networks of its corporate clients, some of whose employees had downloaded it. In tracing the spyware’s path to the websites where it sent data, Lacoon’s researchers found a much rarer species of malware: a version that can steal information from iPhones. (more) (video)
When the demonstrators downloaded the program through a link in the message, it turned out to be malicious software—most likely created by the Chinese government—that hacked their smartphones.
Lacoon Mobile Security, based in San Francisco, began to analyze the phony app after spotting unusual communication on the networks of its corporate clients, some of whose employees had downloaded it. In tracing the spyware’s path to the websites where it sent data, Lacoon’s researchers found a much rarer species of malware: a version that can steal information from iPhones. (more) (video)
Thursday, October 16, 2014
FBI to Congress - More Power Please
The FBI is asking Congress to give it new powers to force technology companies to turn over private information on their customers.
FBI Director James Comey warned Thursday that new technologies are making it easy for criminals to hide incriminating information from police...
For several years, the FBI has been warning about the problem of new technologies allowing criminals to "go dark." But Comey explained that his new push was prompted by the decisions by Apple and Google to provide default encryption on their phones that will make it impossible to unlock them for police, even when faced with a court order. (more)
For several years, the FBI has been warning about the problem of new technologies allowing criminals to "go dark." But Comey explained that his new push was prompted by the decisions by Apple and Google to provide default encryption on their phones that will make it impossible to unlock them for police, even when faced with a court order. (more)
Tunnel Vision Focus on IT Security - The Biggest Mistake...
...companies make when securing sensitive data.
FACTS
• All pre-computer era information theft tactics still work, and are still used.
• Most “computerized” information is available long before it is put into a computer.
• Data theft is the low hanging fruit of the business espionage world. The real pros use ladders.
Murray's Holistic Approach to Information Security
1. Protect information while it is being generated (discussions, audio and video communications, strategy development). Conduct Technical Surveillance Countermeasures (TSCM) inspections of offices and conference rooms on a scheduled basis. Example: Ford Motors found voice recorders hidden in seven of their conference rooms this summer.
2. Protect information while it is in transit (phone, teleconference, Board meetings, off-site conferences). Wiretapping and Wi-Fi are still very effective spy tools. Check for wiretaps on a scheduled basis, and/or encrypt the transmissions. Conduct pre-meeting TSCM inspections. Tip: Never let presenters use old technology FM wireless microphones. The signal travels further than you think, and is easily intercepted.
3. Protect how information is stored. Unlocked offices, desk and file cabinets are a treasure trove of the freshest information. Print centers store a copy of all print jobs. Limit written distribution of sensitive information. Crosscut shred sensitive waste paper. All these vulnerabilities and more should be covered during the security survey portion of your TSCM inspection.
4. Educate the people to whom sensitive information is entrusted. Security briefings don’t have to be long and tedious. Establish basic rules and procedures. Explain the importance of information security in terms they can understand, e.g. “Information is business blood. If it stays healthy and in the system, your job, and chances for advancement, stay healthy.”
Effective information security requires a holistic protection plan. IT security is an important part of this plan, but it is only one door to your house of information.
There is more you need to know. Contact a TSCM specialist for further assistance. (counterespionage.com)
FACTS
• All pre-computer era information theft tactics still work, and are still used.
• Most “computerized” information is available long before it is put into a computer.
• Data theft is the low hanging fruit of the business espionage world. The real pros use ladders.
Murray's Holistic Approach to Information Security
1. Protect information while it is being generated (discussions, audio and video communications, strategy development). Conduct Technical Surveillance Countermeasures (TSCM) inspections of offices and conference rooms on a scheduled basis. Example: Ford Motors found voice recorders hidden in seven of their conference rooms this summer.
2. Protect information while it is in transit (phone, teleconference, Board meetings, off-site conferences). Wiretapping and Wi-Fi are still very effective spy tools. Check for wiretaps on a scheduled basis, and/or encrypt the transmissions. Conduct pre-meeting TSCM inspections. Tip: Never let presenters use old technology FM wireless microphones. The signal travels further than you think, and is easily intercepted.
3. Protect how information is stored. Unlocked offices, desk and file cabinets are a treasure trove of the freshest information. Print centers store a copy of all print jobs. Limit written distribution of sensitive information. Crosscut shred sensitive waste paper. All these vulnerabilities and more should be covered during the security survey portion of your TSCM inspection.
4. Educate the people to whom sensitive information is entrusted. Security briefings don’t have to be long and tedious. Establish basic rules and procedures. Explain the importance of information security in terms they can understand, e.g. “Information is business blood. If it stays healthy and in the system, your job, and chances for advancement, stay healthy.”
Effective information security requires a holistic protection plan. IT security is an important part of this plan, but it is only one door to your house of information.
There is more you need to know. Contact a TSCM specialist for further assistance. (counterespionage.com)
Cell Phone Eavesdropping Just Became Really Difficult
Scientists have invented a new method to encrypt telephone conversations that makes it very difficult to 'eavesdrop'.
Professor Lars Ramkilde Knudsen from Technical University of Denmark (DTU) has invented a new method called dynamic encryption to ensure that all telephone calls are encrypted and eavesdroppers are unable to decrypt information in order to obtain secrets...
The new method expands the AES algorithm with several layers which are never the same... The new system can prove hugely effective in combating industrial espionage, said Knudsen.
Industrial espionage occurs when different players discover and steal trade secrets such as business plans from companies, technical know-how and research results, budgets and secret plans using phone tapping. (more)
Professor Lars Ramkilde Knudsen from Technical University of Denmark (DTU) has invented a new method called dynamic encryption to ensure that all telephone calls are encrypted and eavesdroppers are unable to decrypt information in order to obtain secrets...
The new method expands the AES algorithm with several layers which are never the same... The new system can prove hugely effective in combating industrial espionage, said Knudsen.
Industrial espionage occurs when different players discover and steal trade secrets such as business plans from companies, technical know-how and research results, budgets and secret plans using phone tapping. (more)
Wednesday, October 15, 2014
Chinese Renovation Plan Creates Waldorf-Hysteria
Concerned about potential security risks, the U.S. government is taking a close look at last week's sale of New York's iconic Waldorf Astoria hotel to a Chinese insurance company.
U.S. officials said Monday they are reviewing the Oct. 6 purchase of the Waldorf by the Beijing-based Anbang Insurance Group, which bought the hotel from Hilton Worldwide for $1.95 billion. Terms of the sale allow Hilton to run the hotel for the next 100 years and call for "a major renovation" that officials say has raised eyebrows in Washington, where fears of Chinese eavesdropping and cyber espionage run high. (more)
U.S. officials said Monday they are reviewing the Oct. 6 purchase of the Waldorf by the Beijing-based Anbang Insurance Group, which bought the hotel from Hilton Worldwide for $1.95 billion. Terms of the sale allow Hilton to run the hotel for the next 100 years and call for "a major renovation" that officials say has raised eyebrows in Washington, where fears of Chinese eavesdropping and cyber espionage run high. (more)
Rogue Bank Security Department Buys Wiretaps
The accusations read like a pulp thriller: Citigroup employees in Mexico are suspected of pocketing millions of dollars in kickbacks from vendors. And bodyguards for bank executives bought audio recordings of personal phone calls and created shell companies to disguise their fraud...
The security unit’s primary purpose was to protect the Banamex leadership, but at some point, the unit started operating beyond its approved duties, according to the person briefed on the matter who was not authorized to speak publicly because of the criminal investigation. The security unit was also providing protection and security consulting services for people outside the bank, sometimes as a courtesy and at other times for money, the internal investigation found. The conduct spanned more than a decade, the investigation found, extending into last year...
Citigroup’s outside lawyers have turned over information to law enforcement officials in Mexico and the United States, but there are many things the bank doesn’t know about the rogue security unit. For example, the security team had purchased audio surveillance files from “third parties” that included cellphone and landline conversations of dozens of people — some of a highly personal nature, the person said. The Banamex unit then transcribed many of these files. It was unclear why the security team was amassing records of the personal conversations. The bank’s investigators are still working to determine why the security unit gathered the conversations, involving dozens of people, many of whom had nothing to do with the bank. (more)
The security unit’s primary purpose was to protect the Banamex leadership, but at some point, the unit started operating beyond its approved duties, according to the person briefed on the matter who was not authorized to speak publicly because of the criminal investigation. The security unit was also providing protection and security consulting services for people outside the bank, sometimes as a courtesy and at other times for money, the internal investigation found. The conduct spanned more than a decade, the investigation found, extending into last year...
Citigroup’s outside lawyers have turned over information to law enforcement officials in Mexico and the United States, but there are many things the bank doesn’t know about the rogue security unit. For example, the security team had purchased audio surveillance files from “third parties” that included cellphone and landline conversations of dozens of people — some of a highly personal nature, the person said. The Banamex unit then transcribed many of these files. It was unclear why the security team was amassing records of the personal conversations. The bank’s investigators are still working to determine why the security unit gathered the conversations, involving dozens of people, many of whom had nothing to do with the bank. (more)
Tuesday, October 14, 2014
Aaron's Settles Spy Software Installation Charges
Aaron's Inc., the nation's second-largest chain of rent-to-own appliance and furniture stores,
agreed to pay $28.4 million to settle allegations that it violated California consumer privacy and protection laws by allowing software that secretly monitored consumers to be installed on rental computers, according to regulators.
The Atlanta-based retailer allegedly overcharged customers, left out important contract disclosures and installed software that could track the keystrokes of people who rented computers and even activate webcams or microphones to record users. (more)
The Atlanta-based retailer allegedly overcharged customers, left out important contract disclosures and installed software that could track the keystrokes of people who rented computers and even activate webcams or microphones to record users. (more)
Monday, October 13, 2014
Word on the Street: Hertz has cameras in their cars!
...from an anonymous blog entry...
I am a regular renter from Hertz (President's Circle)... I got into a rental car at O'Hare airport.
I immediately noticed the new NeverLost and I was completely shocked to see a camera built into the device looking at me. The system can't be turned off from what could tell...
I know rental car companies have been tracking the speed and movements of their vehicles for years but putting a camera inside the cabin of the vehicle is taking their need for information a little TOO FAR. I find this to be completely UNACCEPTABLE. In fact, if I get another car from Hertz with a camera in it, I will move our business from Hertz completely.
I influence car rentals of many others and I don't think anyone would want to be on camera while they are driving around or sitting at a red light.
Given what Hertz has invested in this system, I wonder how much consumer pressure will make them to pull the plug on this. Business is built one customer at a time and they will no longer have me as a customer. What are your thoughts? (more)
Further investigations revealed...
...the Hertz NeverLost 6 platform will include an ARM Cortex-A9 architecture with quad cores running at 1GHz, a high-res TFT display, Bluetooth and Wi-Fi connectivity and a GPS module that engineers built around SiRFstarIV architecture. Also included are a keypad, camera module, accelerometers and a Gyros sensor board...
I am a regular renter from Hertz (President's Circle)... I got into a rental car at O'Hare airport.
I immediately noticed the new NeverLost and I was completely shocked to see a camera built into the device looking at me. The system can't be turned off from what could tell...
I know rental car companies have been tracking the speed and movements of their vehicles for years but putting a camera inside the cabin of the vehicle is taking their need for information a little TOO FAR. I find this to be completely UNACCEPTABLE. In fact, if I get another car from Hertz with a camera in it, I will move our business from Hertz completely.
I influence car rentals of many others and I don't think anyone would want to be on camera while they are driving around or sitting at a red light.
Given what Hertz has invested in this system, I wonder how much consumer pressure will make them to pull the plug on this. Business is built one customer at a time and they will no longer have me as a customer. What are your thoughts? (more)
Further investigations revealed...
...the Hertz NeverLost 6 platform will include an ARM Cortex-A9 architecture with quad cores running at 1GHz, a high-res TFT display, Bluetooth and Wi-Fi connectivity and a GPS module that engineers built around SiRFstarIV architecture. Also included are a keypad, camera module, accelerometers and a Gyros sensor board...
Huff Butt Dial Blues
If a person accidentally calls someone from their cell phone, do they have a right to privacy protecting any conversation heard on the other end? The courts don’t think so.
Jim Huff, then chairman of the Kenton County (Kentucky) Airport Board, which manages Cincinnati’s international airport, was at a conference in Italy on October 24, 2013, when he unintentionally dialed airport offices while his phone was in his pocket and reached Carol Spaw. Spaw listened to Huff’s conversation for 90 minutes, even writing down some of his remarks and passing them along to a third party.
Huff claimed Spaw’s actions violated his right to privacy, since he never intended to “pocket dial” her in the first place.
But a federal judge didn’t agree, ruling individuals don’t have a reasonable expectation of privacy due to the common problem of pocket dialing and “butt calls.” (more) (sing-a-long)
Jim Huff, then chairman of the Kenton County (Kentucky) Airport Board, which manages Cincinnati’s international airport, was at a conference in Italy on October 24, 2013, when he unintentionally dialed airport offices while his phone was in his pocket and reached Carol Spaw. Spaw listened to Huff’s conversation for 90 minutes, even writing down some of his remarks and passing them along to a third party. Huff claimed Spaw’s actions violated his right to privacy, since he never intended to “pocket dial” her in the first place.
But a federal judge didn’t agree, ruling individuals don’t have a reasonable expectation of privacy due to the common problem of pocket dialing and “butt calls.” (more) (sing-a-long)
Nixon Offered To Illegally Wiretap New York Mayor John Lindsay
The disclosure that Nixon offered to wiretap Lindsay comes via the detailed diaries of Dr. W. Kenneth Riland, who was Rockefeller’s osteopath and confidante.
He also treated Nixon and gained his confidence, too. (more)
Chinese Espionage Now Rampant in Taiwan
As relations improve between Beijing and Taipei, military morale still continues to fall as fewer Taiwan military officers see a future in an ever-shrinking armed forces. Many are beginning to cash in on their intimate knowledge of military secrets, including classified information on US military equipment.
Over the past several years, Taiwan military officers have sold China information on the E-2K Hawkeye airborne early warning aircraft, Patriot Advanced Capability-3 and PAC-2 anti-ballistic missile systems, Hawk air defense missile system, and the Raytheon Palm IR-500 radiometric infrared camera.
China uses retired Taiwan military officers to help recruit spies in the armed forces. Retired officers receive all-expense paid trips to China by the United Front Work Department, said a Taiwan security specialist. While there, they are lionized for returning to the “homeland” and given tours of their ancestral homes. Before they return, money is offered to help the “motherland” in the future, and “unfortunately many take it,” he said. (more)
China uses retired Taiwan military officers to help recruit spies in the armed forces. Retired officers receive all-expense paid trips to China by the United Front Work Department, said a Taiwan security specialist. While there, they are lionized for returning to the “homeland” and given tours of their ancestral homes. Before they return, money is offered to help the “motherland” in the future, and “unfortunately many take it,” he said. (more)
Saturday, October 11, 2014
The Case of the Eavesdropping Corvettes
General Motors may have to take the sting out of its new Stingray.
The 2015 Corvette offers a personal video recording option that lets owners surreptitiously record video and audio when the car is in the hands of other drivers — like parking attendants. But now the automaker is concerned that the so-called valet mode may run afoul of eavesdropping laws in some states.
The laws in question involve audio recording only, and require that both parties give consent to be recorded. The Corvette’s recorder not only stores video shot through the windshield, but also data on speed and acceleration as well as audio recordings from inside the car. (more)
The laws in question involve audio recording only, and require that both parties give consent to be recorded. The Corvette’s recorder not only stores video shot through the windshield, but also data on speed and acceleration as well as audio recordings from inside the car. (more)
Subscribe to:
Posts (Atom)