What is the First Thing a Spycam Sees?

All together now...
"The dumb owner setting it up!"

A bungling voyeur was captured on a video camera he set up to record women using the toilet at a party - in a stunt inspired by an American Pie film.

Adam Stephen Barugh, 26, used velcro to hide the small digital camera beneath a sink directly facing a toilet, after being invited to a house in Brotton.

His solicitor Paul Watson told Teesside Magistrates’ Court yesterday that the “prank” was inspired by watching the comedy film American Pie: Bandcamp, which features women being secretly filmed...

During the party, a female at the house noticed a small blue light coming from beneath the sink while using the toilet, and alerted her mum and sister.

Quickly hooking the camera up to a laptop, they discovered it had captured a full facial shot of Barugh setting up the camera, and videos of two women using the toilet. more

Woman Discovers Spycam in Her Bedroom... (then the action starts)

Ms. Wu, age 26, is suing her former roommate, identified by his last name Lin, for installing a spycam in her bedroom...

Ms. Wu noticed that there was a large black trashbag that didn’t belong to her, stuffed into the space above her closet. Inside, she discovered a camera, and a wire that ran from the camera across the hall into her roommate’s bedroom.

Ms. Wu waited for her roommate, Mr. Lin, to return home from work before confronting him about the camera.

Mr. Lin denied that he’d put a spycam in Ms. Wu’s room, but broke down her door to steal the camera back and packed up his computer equipment.

Ms. Wu, while attempting to stop him from leaving with the evidence, was thrown from the moving car. Ms. Wu said she’d still file charges against him for the spycam, despite the lack of evidence, and would also be filing a vehicular assault charge.  (more with video report)

The Starbucks Bathroom Spycam - Anatomy of the Crime

A 44-year-old man turned himself in Monday for being the "person of interest" sought for a spy camera being found hidden in a Starbucks restroom...

A female customer of the Starbucks was in the unisex restroom around when she found a four-inch long device--about the size of a marking pen--hidden behind a bracket. She pulled it out and called police...

Forensic laboratory investigators confirmed it's a video camera that recorded images of men and women using the restroom...

Police posted images on its Twitter and Facebook pages of the spy camera, its hiding place and a "person of interest" seen loitering outside the coffeehouse: a dark-haired man wearing a black shirt with a white stripe...

After intense local television coverage Monday morning, a Starbucks spokesman emailed a statement to KTLA that afternoon that said, "We take our obligation to provide a safe environment for our customers and partners (employees) very seriously. As a part of regular store operations, we monitor the seating areas and restrooms in our stores on a regular basis to identify potential safety or security concerns." more

Suggestion: Spycams in public restrooms are "foreseeable"; a legal term loosely meaning "you better do something about this."  At least one shift manager should receive spycam detection and deterrence training. Being pro-active and showing due diligence saves money (legal expenses and awards). Plus, if signage is posted, customer goodwill increases.

Spy Fears Drive U.S. Officials from Chinese-Owned Waldorf-Astoria Hotel

Fears of espionage have driven the U.S. government from New York’s famed Waldorf-Astoria Hotel, which has housed presidents and other top American officials for decades but was bought last year by a Chinese firm from Hilton Worldwide.

Instead, President Barack Obama, his top aides and staff along with the sizable diplomatic contingent who trek to Manhattan every September for the annual U.N. General Assembly will work and stay at the New York Palace Hotel, the White House and State Department said.

The Associated Press first reported the impending move in June but it wasn’t formally announced until Friday, a day after the final contract was signed with the Palace.

Officials said the change is due in large part to concerns about Chinese espionage, although White House and State Department spokesmen said the decision was based on several considerations, including space, costs and security. more

Baseball Eavesdropping - Apparatus for Transmitting Sound from a Baseball Field - US Patent #3045064

Filed June 1, 1959 by James S. Sellers, and granted July 17, 1962, this patent was for a system of hidden microphones, concealed within the bases on a baseball diamond. Apparently, the transmission of foul language was not a consideration.

Click to enlarge.

from the patent...
"It is highly desirable for the spectators at a baseball game to hear what is transpiring on the playing field, such as arguments at the bases between opposing players, and discussions between the umpires and players. By transmitting the sounds from the playing field to the grandstand, the spectators feel that they are taking part in the game. Also, it enables the spectators to judge a play better as they can hear the baseball strike the glove or mitt of a player.

Click to enlarge.

It is an object of my invention to provide apparatus for transmitting sound from a baseball field which is positioned beneath a base on a baseball field and does not interfere in any manner with the playing of the game.

It is a further object of my invention to provide apparatus for transmitting sound from a baseball field in which a resilient pad or support for the base is formed of a greater surface area than the base and has perforations or apertures in the area adjacent the base whereby sound may be transmitted through the perforations to a microphone there beneath.

An additional object of my invention is to provide a rigid support for the resilient pad to which the pad and the base may be secured to retain them in position, and with the rigid support having openings to permit the passage of sound there through to a microphone positioned there beneath." more

Windows 10 is a Window into Your World - Kill its Keystroke Logger

via Lincoln Spector, Contributing Editor, PCWorld 
 
Microsoft pretty much admits it has a keylogger in its Windows 10 speech, inking, typing, and privacy FAQ: “When you interact with your Windows device by speaking, writing (handwriting), or typing, Microsoft collects speech, inking, and typing information—including information about your Calendar and People (also known as contacts)…”

The good news is that you can turn off the keylogging. Click Settings (it’s on the Start menu’s left pane) to open the Settings program. You’ll find Privacy on the very last row.

Once in Privacy, go to the General section and Turn off Send Microsoft info about how I write to help us improve typing and writing in the future. While you’re there, examine the other options and consider if there’s anything else here that you may want to change.

Now go to the Speech, inking and typing section and click Stop getting to know me. (I really wanted to end that sentence with an exclamation point.)

You may also want to explore other options in Privacy. For instance, you can control which apps get access to your camera, microphone, contacts, and calendar. more

Spies Don't Often Complain, But When They Do They Prefer Revolting

It’s being called a ‘revolt’ by intelligence pros who are paid to give their honest assessment of the ISIS war—but are instead seeing their reports turned into happy talk.

More than 50 intelligence analysts working out of the U.S. military's Central Command have formally complained that their reports on ISIS and al Qaeda’s branch in Syria were being inappropriately altered by senior officials...

Some of those CENTCOM analysts described the sizable cadre of protesting analysts as a “revolt” by intelligence professionals who are paid to give their honest assessment, based on facts, and not to be influenced by national-level policy. more

Private Investigator Posts a TSCM Question to an Industry Newsgroup - Scary

Q. Looking for a cheap, do it yourself debugging product. Any recommendations?

It's one thing to be ignorant. We all are at one point. But, we do our own homework and learn. Copying other people's homework never leads to the A+ answer.

It's a, "Which end of the soldering iron should I hold?" question. If you don't know, better find something else to do. 

The Editor-in-Chief of PI Magazine, kindly responded with the following cogent reply... 

A. There really is no such thing as a cheap do-it-yourself debugging product. Even the most basic TSCM / debugging inspect requires you search for RF (radio frequency) signals, hidden video cameras that are either wired or wireless, on or off, hidden audio records, telephone instrument and phone line inspection, as well as searching for GPS trackers that can be battery operated or hardwired.

Each of the categories listed above require specialized equipment unique to the item(s) being searched. Even if you were to acquire a cheap RF detector, you wouldn’t know what type of signal you’re picking up or the source...  Just because you own a piece of equipment doesn’t mean you’ll know how to use it.

By the way, the FTC has been known to criminally charge private individuals and PIs for “theft by deception” for conducting bugsweeps without the proper equipment and training.

For anyone seeking to hire a Technical Surveillance Countermeasures (TSCM) "expert", this is a cautionary tale. Please, do your due diligence. The TSCM field is littered with gum-under-the-table trolls out to make a fast buck with cheap sweeps. ~Kevin 

UPDATE: A Blue Blazer Regular writes in with his two cents... "Doing it yourself is like do-it-yourself brain surgery."

Chess Cheat Caught Using Morse Code and Spy Camera

An Italian chess player has been removed from one of Italy’s most prestigious tournaments after allegedly using Morse code and a hidden camera to cheat. 

Arcangelo Ricciardi ranked at 51,366 in world when he entered the International Chess Festival of Imperia in Liguria, Italy and surprised his competitors when he easily escalated to the penultimate round...

Jean Coqueraut, the tournament's referee told La Stampa newspaper: “In chess, performances like that are impossible. I didn’t think he was a genius, I knew he had to be a cheat.”

He was “batting his eyelids in the most unnatural way,” added Mr Coqueraut. “Then I understood it. He was deciphering signals in Morse code.”

Mr Riccardi was forced to pass through a metal detector by the game organisers, revealing a sophisticated pendent hanging round his neck beneath his shirt, according to the Telegraph.

The pendant reportedly contained a small video camera, wires, which attached to his body, and a 4cm box under his arm pit.

To conceal the pendant around his neck, Mr Riccardi drank constantly from a glass of water and wiped his face with a handkerchief, according to Mr Coqueraut.

It is believed the camera was used to transmit the chess game to an accomplice or computer, which then suggested the moves Mr Riccardi should perform next. These moves were allegedly communicated to him through the box under his arm.

Mr Riccardi denies that he cheated and has claimed that the devices were good luck charms, according to reports. more

So You Want to be a PI...

A reporter contacted me and asked... 

Q. What would be your advice to someone who wants to become a PI? One way to think about this question is, what you would have wanted your younger self to know before entering the career. 

1. Know yourself. If you are not naturally inquisitive, not willing to work odd hours (24/7, including holidays), and not willing to accept financial risk once you are on your own... find something else to do.
   
2. Plan on working with an established, large PI firm when you first start out. You may have been a great detective in you law enforcement career, but you'll need to learn the business of doing business to succeed if you want to eventually go out on your own in the private sector. If you have little or no experience, working for a large investigations firm is the way to get some. Large firms will teach you if... you show aptitude, good sense and have excellent writing skills.
   
3. In addition to developing a general knowledge of private security, security hardware/software, etc., develop two specialties. This will make you unique and reduces the competitive pressures.
   
4. Be willing to learn other aspects of business, e.g. bookkeeping, marketing, advertising, public speaking, website development, social networking, etc. You will need these skills, or you will be paying someone else too much to do them for you.

  Q. What are the career path options someone like yourself has in the field?

The private investigations field is broad: surveillance, insurance investigations, undercover employee, secret shoppers, civil investigations, fraud and counterfeit, on-line research, computer forensics, accident reconstruction, technical surveillance countermeasures (TSCM), skip tracing, pre-trial research, corporate investigations, arson investigations, background checks, domestic investigations, infidelity investigations, and more. Most PI's have many of these fields listed on their menu. The really successful ones specialize in only one or two.

Then, there is the whole field of security consulting where knowledge and experience (and nothing else) are the items being sold. This is considered the top of the field at the end of the career path. For more information on this, visit the International Association of Professional Security Consultants (iapsc.org).

Spy equipment suppliers: Report exposes who sells surveillance tech to Colombia

A baby's car seat complete with audio and video recorder for covert surveillance...

Privacy International's investigative report reveals the companies selling surveillance tech to Columbia, despite that it may be used for unlawful spying. more 

The Spy Car You May Not Want

If, while driving, you were also chowing down food, yakking on your phone or getting distracted by the Labrador retriever, would your insurance company know?

A patent issued in August to Allstate mentions using sensors and cameras to record “potential sources of driver distraction within the vehicle (e.g. pets, phone usage, unsecured objects in vehicle).” It also mentions gathering information on the number and types of passengers — whether adults, children or teenagers.

And the insurer, based in suburban Chicago, isn’t just interested in the motoring habits of its own policyholders... more

Some Top Baby Monitors Lack Basic Security Features

Several of the most popular Internet-connected baby monitors lack basic security features, making them vulnerable to even the most basic hacking attempts, according to a new report from a cybersecurity firm.

The possibility of an unknown person watching their baby's every move is a frightening thought for many parents who have come to rely on the devices to keep an eye on their little ones. In addition, a hacked camera could provide access to other Wi-Fi-enabled devices in a person's home, such as a personal computer or security system.

The research released Wednesday by Boston-based Rapid7 Inc. looks at nine baby monitors made by eight different companies. They range in price from $55 to $260. more

26 Mobile Phone Models Contain Pre-Installed Spyware

What's in you pocket?
Over 190.3 million people in the US own smartphones, but many do not know exactly what a mobile device can disclose to third parties about its owner. Mobile malware is spiking, and is all too often pre-installed on a user’s device.

Following its findings in 2014 that the Star N9500 smartphone was embedded with extensive espionage functions, G DATA security experts have continued the investigation and found that over 26 models from some well-known manufacturers including Huawei, Lenovo and Xiaomi, have pre-installed spyware in the firmware.

However, unlike the Star devices, the researchers suspect middlemen to be behind this, modifying the device software to steal user data and inject their own advertising to earn money.

"Over the past year we have seen a significant increase in devices that are equipped with firmware-level spyware and malware out of the box which can take a wide range of unwanted and unknown actions including accessing the Internet, read and send text messages, install apps, access contact lists, obtain location data and more—all which can do detrimental damage,” said Christian Geschkat, G DATA mobile solutions product manager.

Further, the G DATA Q2 2015 Mobile Malware Report shows that there will be over two million new malware apps by the end of the year. more

Spycam News: What Happens in Vegas Doesn't Always Stay in Vegas

Police in North Las Vegas are looking for a man they say put a hidden camera in the bathroom of a business there...

Investigators have released a clip from video surveillance in the store showing the man they believe to be the suspect.

He is described as a Hispanic male adult, approximately 30 years of age, about 5’ 07”, weighing 190 lbs. He was last seen wearing black glasses, a gray polo shirt, light colored pants, and black sandals.

If you have any information that could help police in this case you’re asked to call them or Crimestoppers at 702-385-5555. more

UPDATE (9/2/2015) - North Las Vegas police say media reports led to the identification and arrest of a 37-year-old man believed to have recorded his own face while placing a hidden camera in the bathroom of a clothing store.

Officer Aaron Patty said Eduardo Rafael Chavez was arrested Tuesday. more

Communications Interception Device Bust Highlights the World of Non-Government Spying

Three men have been arrested by the South African Police Service in an undercover sting operation in which the Hawks posed as buyers for a cellphone locator and eavesdropping machine called a “Grabber”. The three are alleged to have listened in to government tenders related to the Airports Company of South Africa.

The machine is small enough to fit into a car or van and presidential authority is needed to operate one. The Grabber confiscated in South Africa at the beginning of this month was apparently used for corporate spying, reports The Star. The machine, made in Israel and worth over R25 million, was specially installed in a German-made multi-purpose vehicle. Two of the men arrested while trying to find a buyer for the device are a top businessman in the gold industry and a bank employee. more

TSMC Needs TSCM

Earlier this year, we covered the case of Liang Mong-song, a former TSMC engineer who stood unofficially accused of corporate espionage. Not long after we wrote the story, TSMC elected to file a lawsuit against Mong-song, and the Taiwan Supreme Court has now ruled in favor of the foundry company and against the engineer. Mong-song left TSMC and went to Samsung, not long before Samsung’s foundry plans took a significant leap forward. more

Number of Phones Infected by Dendroid Spying App Remains Unknown

An American student who hoped to sell enough malicious software to infect 450,000 Google Android smartphones pleaded guilty to a law meant to prevent hacking of phones and computers...

Infected phones could be remotely controlled by others and used to spy and secretly take pictures without the phone owner's knowledge, as well as to record calls, intercept text messages and otherwise steal information the owners downloaded on the devices...

Morgan Culbertson expected each person who bought Dendroid would be able to infect about 1500 phones with it, or 300,000 and 450,000 phones total. more

Illinois Law Allows Nursing Home Residents to Install Surveillance Equipment

Illinois Gov. Bruce Rauner signed legislation Aug. 21 supporters say will help prevent abuse and neglect of nursing home residents. The Authorized Electronic Monitoring in Long-Term Care Facilities Act allows nursing home residents to install audio and video surveillance equipment in their rooms.

Residents and their roommates must consent to having video or audio recording devices installed. The act allows legal guardians and family members to give consent for residents, if a physician determines a resident is incapable of doing so. Consent can be withdrawn at any time by residents or their roommates. more

Panel Upholds Christensen’s Conviction on Eavesdropping Charges

The Ninth U.S. Circuit Court of Appeals yesterday affirmed former powerhouse Los Angeles lawyer Terry N. Christensen’s conviction on charges of illegal eavesdropping and conspiracy.

Christensen—who practiced law in Los Angeles for more than 40 years at the famed Wyman Bautzer firm and at the firm he co-founded, Christensen Miller—was convicted along with former private investigator Anthony Pellicano, well known for his work on behalf of rich and famous clients. U.S. District Judge Dale Fischer of the Central District of California sentenced Christensen to three years in prison in 2008, but he has been free on bail pending appeal.

He has been under interim suspension from the State Bar since his conviction. more

Video Game Trade Secret Theft - Next Adventure - Game of War: Anul Stage

A manager at a maker of a popular videogame was arrested last week as he tried to board a plane for Beijing after allegedly stealing trade secrets, according to a federal criminal complaint unsealed Tuesday.

Jing Zeng, 42 years old, of San Ramon, Calif., allegedly downloaded data on how users interact with Game of War: Fire Age, one of the top-grossing games in Apple Inc.’s App Store. Mr. Zeng was a director of global infrastructure for the game’s maker, Machine Zone Inc...

On his LinkedIn profile, Mr. Zeng says that he left Machine Zone last month.

His current position: “Ready for next adventure.” more

A Conversation in the Bathroom with the Water Running Can't Beat a Noisebath®

Need to have a private conversation? 
No time to sweep the room for bugs?
Don't want to look like a paranoid hiding in the bathroom with the water running?

Take a Noisebath®... because running the water isn't very effective against determined eavesdroppers with high-tech filtering systems.

from the website...

Playing NOISEBATH masking source material through the speakers of a properly configured system creates a “bath” of noise around the target which mixes with the actual voices or equipment sounds to hinder the exploitation of the target’s acoustics.

NOISEBATH has been shown to be compatible with Secure Telephones. The masking sounds have negligible impact on the remote secure phone user and the local masking level can be adjusted by remote control.

There is up to a 25db reduction in sound level within the protection zone from the sound level outside the protection zone. NOISEBATH can be used with transducers on exterior windows and surfaces to protect against eavesdropping systems outside the room.

Noisebath® is the co-invention of Noel D. Matchet,  employed for 19 years at the National Security Agency where he was presented the Agency’s highest honor – The Exceptional Civilian Service Award for his contributions to information security. He has multiple patents to his credit. more

Surf Like A Spy

The default state of Internet privacy is a travesty. But if you're willing to work hard, you can experience the next best thing to absolute Internet anonymity...

1. Find a safe country
First, you would have to be physically located in a country that doesn't try its hardest to spy on you. Your best option is to find a country with good Internet connectivity that doesn't have enough resources to monitor everything its citizens are doing...

2. Get an anonymizing operating system
Next, you'll need an anonymizing operating system that runs on a resettable virtual machine running on secure portable media. The portable media device should use hardware-based encryption or a secure software-based encryption program. One of the top products on that list is Ironkey Workspace...

3. Connect anonymously
Next, you'll need to connect to the Internet using an anonymous method. The best approach would probably be to jump around random, different, open wireless networks, public or otherwise, as much as possible, rarely repeating at the same connection point. Barring that method, you would probably want to use a device built for anonymous wireless connections, like ProxyGambit...

4. Use Tor
Whatever Live OS and Internet connection method you use, make sure to go with an anonymizing browser, such as a Tor-enabled browser...

5. Don't use plug-ins
It's very important to remember that many of today's browser plug-ins, particularly the most popular ones, leave clues that reveal your identity and location. Don't use them if you want to preserve your anonymity.

6. Stick with HTTP/S
Don't use any protocols other than HTTP or HTTPS. Typically, other protocols advertise your identity or location. When working with HTTPS, use only handpicked, trusted certification authorities that don't issue "fake" identity certificates.

7. Avoid the usual applications
Don't install or use normal productivity software, like word processors or spreadsheets. They, too, will often "dial home" each time they're started and reveal information.

8. Set up burner accounts
You'll need a different email address, password, password question answers, and identity information for each website if you take the risk of creating logon accounts. This particular solution is not only for privacy nuts and should already be practiced by everyone already.

9. Never use credit cards
If you plan to buy anything on the Internet, you can't use a normal credit card and stay anonymous. You can try to use online money transfer services such as PayPal, but most have records that can be stolen or subpoenaed. Better, use an e-currency such as bitcoin or one of its competitors...

Each of these anonymizing methods can be defeated, but the more of them you add to your privacy solution, the harder it will be for another person or group to identify you... more

Report: Colts Still Sweep For Bugging Devices When They Visit Patriots

MA - It appears Peyton Manning left quite the lasting legacy in Indianapolis. Former Colts head coach Tony Dungy caused a major stir Thursday when he admitted Manning used to fear the New England Patriots bugged the visiting locker room at Gillette Stadium and even would go out into the hallway to discuss play-calling.

Manning left Indy in 2011, but apparently the team still takes precautionary measures whenever it comes to Foxboro, according to WTHR.com’s Bob Kravitz. more

Thousands Of Ashley Madison Clients About To Learn (The Hard Way) That Most Employers Monitor Email

Upwards of 36 million email addresses were compromised when hackers infiltrated Ashley Madison, a site designed to help married people have affairs. Those email addresses, first released as an ungainly data dump, are now easily searchable on a number of different sites, leaving millions of people, some more famous than others, susceptible to personal and, it turns out, professional backlash.

Amazingly, tens of thousands of people, including more than 15,000 military and government personnel, decided to use their work email addresses to sign up for a dalliance, and if you’re wondering whether that puts them at any professional risk, the answer is almost certainly yes. A majority of American businesses monitor what their employees do online in some way or other, and they are not shy about cracking down on misbehavior.

According to a survey conducted by the American Management Association and the ePolicy Institute, more than one-quarter of employers have fired employees for misusing their work email addresses and more than one-third have fired workers for misusing the Internet. more

Spotify Apologizes for Spying on Its Users

On Wednesday, Spotify quietly updated its terms and conditions to grant itself sweeping abilities to track every location, movement, and online activity of its users, even when those users weren’t using Spotify. That data, including information pulled from friends’ profiles, would then be transmitted to advertising partners.

This morning, Spotify CEO Daniel Ek back-pedaled on those terms and promised an entirely new set of terms of conditions, to be updated next week. He also pointed to the ability for users to opt-out of certain data collection activities, a claim that contradicts language in the recently-updated terms.

The following is a statement on the matter shared with Digital Music News this morning from Ek... more

Mayor Bugged - No, really. He has been indicted.

SC - The mayor of the town of Lyman has been indicted on charges of wiretapping and misconduct in office.

A statement from the South Carolina Law Enforcement Division sent to local media outlets says Mayor Rodney Turner was indicted Friday by a Spartanburg County grand jury.

The 58-year-old Turner was charged earlier in August. According to the indictment, Turner used electronic devices to intentionally intercept the communications of employees working in and around Lyman Town Hall. more 

He's Back... The Air Gap Computer Hack

Researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have discovered that virtually any cellphone infected with a malicious code can use GSM phone frequencies to steal critical information from infected “air-gapped” computers.

Air-gapped computers are isolated -- separated both logically and physically from public networks -- ostensibly so they cannot be hacked over the Internet or within company networks.


Led by BGU Ph.D. student Mordechai Guri, the research team discovered how to turn an ordinary air-gapped computer into a cellular transmitting antenna using software that modifies the CPU firmware. GSMem malicious software uses the electromagnetic waves from phones to receive and exfiltrate small bits of data, such as security keys and passwords...

This is the third threat the BGU cyber team has uncovered related to what are supposed to be secure, air-gapped computers. Last year, the researchers created a method called Air-Hopper, which utilizes FM waves for data exfiltration. Another research initiative, BitWhisper, demonstrated a covert bi-directional communication channel between two close-by air-gapped computers using heat to communicate. more

Everything You Believed About Telephone Security is Wrong - The SS7 Scandal

The scary version...
A massive security hole in modern telecommunications is exposing billions of mobile phone users in the world to covert theft of their data, bugging of their voice calls, and geo-tracking of their location from by hackers, fraudsters, rogue governments and unscrupulous commercial operators using hundreds of online portals across the planet.

In a world-first, 60 Minutes has proven the worst nightmares of privacy advocates around the world: that mobile phone calls and data are wide open to interception because of flaws in the architecture of the signalling system – known as SS7 - used to enable mobile phone roaming across telecommunications providers. Despite this concern, the Australian Government’s own Cyber Security Threat Report, published in June, makes no mention of what is probably the biggest threat to this country’s commercial secrets and individual privacy.


60 Minutes’ story shows how German hackers working from Berlin, given legal access to SS7 for the purposes of the demonstration, were able to intercept and record a mobile phone conversation between 60 Minutes reporter Ross Coulthart while he was speaking from Germany to Independent Australian Senator Nick Xenophon in Australia’s Parliament House. As further proof of the hack, Coulthart then made another phone call from London, England, to the Senator in Australia which the Berlin hackers were also able to intercept and record, even though they were in Germany 1000 kilometres distant. The Berlin hackers from SR Labs, who first warned of the vulnerability in SS7 in 2008, were also able to intercept and read the Senator’s SMS’ from Australia to Coulthart in London. The hackers were also then able to geo-track the Senator as he travelled to Japan on official business, mapping his movements around Tokyo and Narita down to the nearest cell tower (within a few hundred metres), and later precisely tracking around the streets of his South Australian home suburb when he returned to Australia.

The demonstration also shows how the key fraud protection relied on by banks to protect banking transactions from fraud – verification by SMS message – is useless against a determined hacker with access to the SS7 portal because they can intercept and use the SMS code before it gets to the bank customer. The same technique can also be used to take over someone’s online email account. The call-forwarding capacity of SS7 also allows any mobile to be forcibly redirected to call hugely expensive premium numbers, the cost of which is then billed to that customer’s account. SS7 also allows any number to be blocked, raising the fearful possibility that the vulnerability could be used by criminals or terrorists to stop a victim from calling police or emergency services. Cellular telephony is also used to remotely manage large industrial equipment, to send instructions to gas, electricity and other utililities and factories over 2G and 3G mobile communications. It is not inconceivable that an SS7 hack could be used to change settings or shut down a power station. more

The counterpoint version...
If you own a mobile phone, “you can be bugged, tracked and hacked from anywhere in the world”. That was the throughline of a particularly problematic story on the 60 Minutes program last night. It’s now being hailed as “the end of privacy” for all Australians, but let me assure you, that moment passed a long time ago.

“How it has been done, has never been shown before”, claimed the 20-minute report which demonstrated how a vulnerability in a global forwarding network can be “hijacked” to listen in on a user’s calls and text messages in real time.

After a lot of teasing and set-up, the report eventually took us to a basement in Germany, where security researcher Luca Melette demonstrated how he could intercept a phone call between the reporter and Australian Senator Nick Xenophon. Luca was able to intercept the call (if we’re to believe that there wasn’t any camera trickery going on), as well as a text message sent between the pair. Big drums. The hack has been reveeeeeeealed. more

Security Director Alert - NLRB Bans Blanket Confidentiality Policies for Workplace Investigations

It is common practice for employers to prohibit their employees from discussing ongoing workplace investigations. 

Many employers believe that this restriction is necessary to ensure the integrity and fairness of investigations involving employee misconduct. As a result, employers often have policies that require confidentiality in all workplace investigations.

According to a 2015 decision by the National Labor Relations Board (NLRB), these policies are illegal. The decision, known as Banner Estrella, states that employers cannot enforce a blanket policy requiring confidentiality during workplace investigations. Because of this decision, many employers will need to update their policies and human resources (HR) practices. more

Priest Fleas After Spycam Discovered in Chuch Bathroom

OR - Father Ysrael Bien logged on to a spy-gear website and paid $295 for the hidden camera that was discovered last spring in a Sherwood church bathroom, according to information turned over to police this week.

The camera, designed to look like an electrical outlet, came from the online retailer SpyGuy Security based in Dallas, Texas. Police served a search warrant for transaction records there Monday after the business tipped them off.

A Washington County judge signed a warrant Tuesday for Bien's arrest on misdemeanor charges of invasion of privacy, tampering with evidence and initiating a false report, but police think the priest may not be in the U.S.

They did not find him at his last known address in Sherwood. Another priest there told them that Bien had left the country....

A 15-year-old St. Francis parishioner found the hidden camera affixed to a bathroom wall on April 26. The device looked like a power outlet placed at waist-height near the toilet. Thinking that was odd, the teenager pulled it off the wall and brought it to the priest.  more

Hamas Claims: We Trapped a Dolphin Spying for Israel

Hamas claimed on Wednesday that the terrorist organization trapped a dolphin that was spying for Israel.

Sources in Gaza say that the dolphin was outfitted with spyware and cameras, Army Radio reports. Israel has not confirmed that it has a dolphin spying on its behalf. more

Dressing Room SpyCam'er Convicted - Taped over 30 Females

NY - A Victor businessman is slapped with the maximum sentence after illegally videotaping dozens women in and outside his store.

At least nine women spoke directly to Glen Siembor in court today. Calling him a despicable man.

Glen Siembor was sentenced to 5-15 years for video tapping over 30 females anywhere from the ages of 8 to 49...

Siembor was convicted of 33 counts of 2nd degree unlawful surveillance and one count of possession of child pornography.

Many of his videos were taken in his victor shop's dressing room.. With the victims either nude or partially nude stood. more

Trashnet - Garbage Trucks with License Plate Readers

CA - San Jose may enlist garbage trucks as eyes on the ground for a short-staffed police force.

Equipping trash haulers with license plate readers would turn them into roving scouts for the San Jose Police Department. Already, the trucks travel every city street every single week, covering more ground than a cop car.

Mayor Sam Liccardo proposed the idea with support from council members Raul Peralez—a former policeman—and Johnny Khamis. more

Freaks Tattoo Owner Charged - Spied on Female Employee with (11) Hidden Cameras

MO - In March 2014, a 21-year-old woman who worked at, and lived in an apartment above, Nu Troost Tattoo (4101 Troost) discovered an intricate system of wires and hidden cameras installed inside her apartment that led down to a computer in the basement of the building. When the police were called, they found 11 hidden video cameras in the apartment. Four had been installed in the tenant's bathroom, including one with a view of the shower and one facing the toilet.

The building and the business were owned by a 47-year-old man named Rodney Sanell, who also owned the three branches of Freaks Tattoo and Piercing: Freaks on Broadway, Freaks on 39th, and Freaks on Noland. The woman told police that Sanell had been in her apartment to install smoke detectors while she was out of town the previous October. She also said Sanell had sexually propositioned her several times — advances she had rebuffed.

As we reported at the time, the discovery shook up the local tattoo community. Some Freaks tattoo artists quit on principle, some had to scramble to find new jobs, and others — who had nothing to do with Sanell's activity — tried to repair the Freaks public image.

Today, Jackson County Prosecutor Jean Peters Baker announced that Sanell will face 42 counts of invasion of privacy for using cameras to "observe victims in states of full or partial nudity without their knowledge," Baker's office says. Five victims — names withheld — are listed in the complaint.  more

Tapes Released - Eavesdropping on Henry Kissinger's Telephone Conversations

CIA director William Colby’s openness about more odious U.S. intelligence practices did not go over well with Henry Kissinger.

Speaking on the phone with McGeorge Bundy, the National Security Advisor to Presidents John F. Kennedy and Lyndon B. Johnson, Kissinger referred to Colby as a “psychopath.”

[A film by the son of CIA spymaster William Colby has divided the Colby clan]

The two men were chatting about congressional investigations into the CIA activities post-Watergate and worried about leaks and misinformation.

“On top of it you have the pysopath(sic)/running the CIA. You accuse him of a traffic violation and he confesses murder,” Kissinger said in the June 1975 telephone conversation. Colby, Loop fans will recall, was replaced soon after as director of CIA by George H.W. Bush.

That conversation is part of 900 final Kissinger phone transcripts from the Gerald Ford administration released Wednesday by the National Security Archive, which sued the State Department in March to have them released. For history buffs the tapes are precious gold... more

...thus making future eavesdropping devices infinitely more effective.

Although the ability tends to wane as we get older, the human auditory system is pretty good at filtering out background noise and making a single voice able to be understood above the general hubbub of a crowded room.

But electronic devices, such as smartphones, aren't quite as gifted, which is why getting Siri or Google Now to understand you in crowded environments can be an exercise in futility. But now researchers have developed a prototype sensor that’s not only able to figure out the direction of a particular sound, but can also extract it from background noise.

To create the sensor, scientists at Duke University in Durham, North Carolina used a class of materials known as metamaterials, which boast properties not found in nature, and a signal processing technique known as compressive sensing. The disk-shaped device is made of plastic and doesn't have any electronic or moving parts. Rather, it features a honeycomb-like structure and is split into dozens of slices which each feature a unique pattern of cavities of different depths. It is these cavities that distort the sound waves and give the sensor its unique capabilities. more 

See Through Walls by the Glow of Your Wi-Fi

Researchers at University College London (UCL) have devised a system for detecting the Doppler shifts of ubiquitous Wi-Fi and mobile telephone signals to “see” people moving, even behind masonry walls 25 centimeters thick. 

The method, which could be useful in situations from hostage-takings to traffic control, won the Engineering Impact Award in the RF and Communications category at this National Instrument’s NI Week 2015 meeting (which convened in Austin, Tex., 3-9 August). more

Related...

Wi-Vi Sees Movement Behind Walls Using Cheap Wi-Fi Tech (2013)

Wireless Network Signals Produce See-Through Walls (2009)

Secrets: Managing Information Assets in the Age of Cyberespionage

The following is from Jim Pooley’s new book on trade secrets — Secrets: Managing Information Assets in the Age of Cyberespionage.

Bankrupt networking giant Nortel reveals that its key executives’ email passwords were stolen and the company’s network hacked for a decade.

Boeing, hiring away Lockheed employees who bring documents to their new employer, pays $615 million to avoid criminal prosecution, while two of its former managers are indicted.

Apple scrambles to recover a sample of its unreleased new model iPhone that was left by an employee in a bar – a year after the same thing happened in a different bar.

Starwood employees leave to join Hilton, taking with them ideas for a new kind of hotel.

And the owner of Thomas’ English Muffins goes to court to protect its “nooks and crannies” recipe from being used by a competitor.

What do these corporate crises all have in common? Trade secrets. They reflect the enormous value of – and threats to – the most important assets of modern business...

Reading my new book — Secrets: Managing Information Assets in the Age of Cyberespionage — will give you a deeper understanding of how your business differentiates itself from the competition, and how it must work to keep its edge. As an executive or manager or small-business owner you will come away armed to protect and exploit your company’s advantages. As an individual you will have a greater appreciation for what intellectually belongs to you and how to use it to advance your career without being sued. And whatever your interest or line of work, you will have a much better understanding of how information has become the global currency of the 21st century.

J. Wallace LaPrade, New York F.B.I. Chief in ’70s, Dies at 89

J. Wallace LaPrade, who oversaw the safe return of several celebrity kidnapping victims and was later fired as the Federal Bureau of Investigation’s New York chief, accused of not being forthcoming about the bureau’s role in illegally investigating radical groups in the 1970s, died on July 31 in Lexington, Va. He was 89. more 
(Thank you for giving me what I needed to get through college.)

NEW Cyber-Flashing - Thus proving there is a first time for everything.

Police are investigating a "new" crime of cyber-flashing after a commuter received an indecent image on her phone as she traveled to work. The victim received two pictures of an unknown man's (you know what) on her phone via Apple's Airdrop sharing function.

Lorraine Crighton-Smith, 34, said she felt "violated" and reported it to the British Transport Police (BTP). Supt Gill Murray said this particular crime was new to her force and urged people to report any other incidents. more

Four Things You Didn’t Know Could Be Hacked

At two big hacking conferences in Las Vegas over the past week, security pros revealed new vulnerabilities in daily items we never considered security risks. These events serve as annual displays of the latest hacking tricks.

Rifles 
The Austin, Texas-based company TrackingPoint makes auto-aiming rifles that increase a shooter’s accuracy and have Wi-Fi connectivity. Within the 100- to 150-feet range of the Wi-Fi and using a mobile phone, a hacker can compromise the weapon and change the target of the shooter, says Runa Sandvik, one of the researchers who presented at the annual hacker gathering Def Con last week.

In a demonstration for Wired, Sandvik and a research partner finagled with a rifle’s software to shift aim 2.5 feet to the left, hitting a different target...

Electronic skateboards 
Electric skateboards can make your ride smoother — until the board no longer listens to your controls and throws you off. Two researchers developed a hack they dubbed “FacePlant,” which gave them total control over digital skateboards by manipulating the Bluetooth connection.

An attacker could force the skateboard to connect to a laptop and then stop the board, alter its direction or disable its brakes.

Death records 
It’s pretty simple to kill someone off — at least on paper — Chris Rock, chief executive officer and founder of the security company Kustodian, showed in a presentation at Def Con. Using information found online, anyone can complete state electronic death records, Rock found, and then register to become a funeral director online to complete a certificate of death.

Why kill someone off officially, but not physically? For revenge against an ex-partner or a jerk boss, according to Rock’s presentation, or to enjoy the insurance benefits or access elderly parents’ estates.

Teslas
We already know that the modern car is like a smartphone on wheels in that it’s susceptible to hack attacks like any other connected device... What they found: Teslas are, in fact, built with more security in mind than the average vehicle. But they also found several vulnerabilities, and were able to remotely open and close trunks, lock and unlock doors and stop a Tesla, depending on what speed it was being driven at.

The researchers worked with Tesla, and Tesla automatically pushed an update to all the cars so drivers could patch the vulnerabilities within one to two weeks — unlike other car companies, which have had to issue recalls on vehicles with security flaws.  more

Four Reasons To See ‘The Man From U.N.C.L.E.'

• 60’s Cool Spy Style
• The Action
• Alicia Vikander, Elizabeth Debicki and Hugh Grant
• Perfect Soundtrack
more

Four Signs Your Boss Is Spying on You

Chances are, your boss is keeping an eye on you. Forty-three percent of companies actively monitor employee emails, according to the American Management Association (AMA), and roughly the same number track the time you spend on the phone and who you call (16% go so far as to record those calls). Nearly half of companies say they use video to reduce theft and workplace sabotage...

1. You’re secretly planning to quit – and your boss already knows
More companies, including Credit Suisse and AOL, are mining big data to make predictions about which employees are likely to leave their job in the near future. VoloMetrix, Inc., an analytics firm, examined employee emails and calendar data and discovered that it could predict up to a year in advance who would be putting in their notice, the Wall Street Journal reported...

2. You’re called out for a conversation that you thought was private
If your boss reprimands you for a less-than-professional conversation or email exchange that you thought was private, there’s a chance you have a tattletale co-worker. Or your supervisor may be spying on you, perhaps by scanning your email, monitoring your phone conversations, or even looking at the text messages you send on your work-issued device. If they’re using a key-logging program or other monitoring software, they may even know what you’re saying in your personal emails.

3. Your boss knows what you did this weekend before you tell him
Does your boss seem to know an awful lot about your personal life? He or she could be checking out your Facebook, Twitter, Instagram, or other social media profiles, even if you haven’t added him to your network or given him your password (something that some employers really do ask for, though laws about that are changing). Stalking your public profiles is a bit creepy, but it’s not all that unusual...

4. There’s some suspicious software on your devices
If your company’s IT department is monitoring your computer use, it’s not always going to be immediately obvious. However, you can poke around on your desktop to see if there are any telltale signs of monitoring software (Online Tech Tips has some advice on how to do that, if you’re so inclined). The same goes for unusual apps installed on smartphones... more

Spying Claim New Headache for SeaWorld

Accusations of spying have put a new twist on the battle between SeaWorld Entertainment and animal-welfare activists, which experts say could cause more trouble for the theme-park company.

Orlando-based SeaWorld has opened an investigation and placed an employee on paid leave after People for the Ethical Treatment of Animals accused the employee of attending protests posing as an activist...

It's not unheard of for both corporations and nonprofits to gather intelligence on critics or competitors, said Kirk O. Hanson, executive director of Santa Clara University's Markkula Center for Applied Ethics.

"To me, the line is crossed when one presents oneself deceptively and certainly is crossed when one tries to incite violent action," Hanson said.

Typically companies that snoop on critics hire outside firms to put some distance between them and the surveillance, said Gary Ruskin, who authored a 2013 report on corporate espionage for a nonprofit citizen-activism organization, Essential Information.

If management encouraged its own employee to spy, Ruskin said, "it's espionage incompetence on the part of SeaWorld." more