Spy Store Helps You Be Big Brother

You're not paranoid: Someone may be watching you. Friday's opening of Spysite.com's first New Jersey store, on Route 23, is the proof.

The new location specializes in covert surveillance. Got an overbearing boss? They'll sell you a pen that will secretly record him. Suspect your neighbors are stealing your packages? Owner Grant Huber can sell you a camera and tell you where to hide it so no one suspects...

Employees will show buyers how to use all the gadgets they sell. more

Fun fact: Radio Shack employees were not allowed to instruct customers how to spy using their merchandise. For the answer as to why, click here. ~Kevin

Germany to Parents - Destroy Your Child's Smartwatch

Germany's regulatory arm for electricity, gas, telecommunications, post, and railway markets, has issued a ban on smartwatches designed for children over concerns that they can be used by parents to spy on their kids and teachers.

Furthermore, the regulatory office is urging parents to go a step further and physically destroy these smartwatches, should their children own one. The agency has also taken action against several firms that offer smartwatches designed for children.

"Via an app, parents can use such children's watches to listen unnoticed to the child's environment and they are to be regarded as an authorized transmitting system," said Jochen Homann, president of the Federal Network Agency. "According to our research, parents' watches are also used to listen to teachers in the classroom." more

TSCM Security Tip: Check Hotel Ownership

Many hotels, conference centers and resorts are controlled or owned by governments engaging in business espionage. Checking the ownership before booking your off-site meetings and general business travel can significantly reduce your risk of electronic surveillance.

Click for interactive map.

From a New York Times article, Foiling Cyberspies on Business Trips...
Evan Anderson, chief executive of Invnt/IP, a group dedicated to combating nation-sponsored intellectual property theft...said he created a map of Chinese-owned hotels around the world in 2016 and was surprised by how many they were, including some in Silicon Valley where technology companies hold meetings. “Most people don’t realize that an individual Four Seasons hotel, Ritz-Carlton, or many other brands can be owned by a Chinese company with close ties to the Chinese government,” he said.

---

Checking venue ownership is the first step to reducing the risk of intellectual property theft. The second step is hiring a Technical Surveillance Countermeasures (TSCM) specialist. They will search for all types of electronic surveillance (i.e., audio bugging, video voyeurism, and data cybersecurity), before and during your stay.

Security directors from Fortune 1000 companies are invited to receive my free Off-Site Meeting Security Checklist — 25 recommendations / 5-page report. ~Kevin

Sports Espionage: Honduras Accuses Australia of Spying by Drone

Honduras accused Australia of spying on their training sessions with a drone on Monday, as tensions heated up ahead of Wednesday's decisive World Cup playoff match.

The Honduran National Football Federation (FENAFUTH) posed 18 seconds of footage of a drone flying above Sydney's Olympic Stadium, where the team trained on Monday after their long flight from central America.


"Australia spied on Honduras's official training session from a drone, causing discomfort among the Honduran team and delegation," FENAFUTH said on its Twitter feed. more

Industrial Espionage “can be done cheaply and at scale”

The admonitions to business travelers headed to other countries should be familiar by now: Keep your laptop with you at all times. Stay off public Wi-Fi networks. Don’t send unencrypted files over the internet...

“There’s a difficult intersection between convenience and security,” said Samantha Ravich, who studies cyber-enabled economic warfare at the Foundation for Defense of Democracies, a policy institute focusing on national security...

The problem of intellectual property theft is not new, but it is now much more widespread. “Placing listening devices in conference rooms, hotels and restaurants is traditional Espionage 101,” Ms. Ravich said. But with tools like tiny inexpensive cameras and microphones or compromised Wi-Fi networks, corporate or state-sponsored industrial espionage “can be done cheaply and at scale,” she said. more

How Pinkerton laid the foundation for the CIA and FBI

Allan Pinkerton, the grandaddy of American private eyes, has a “true detective” story made for the binge-watch era.

Pinkerton (left). Restored image. Click to enlarge.

The organized investigation of suspicious behaviors has evolved in two directions. One is in the case of detective work, dealing with activities that endanger individual citizens. The other, integrally linked avenue is in intelligence, investigating threats to the state.

Flowing out of the same font, the modern incarnation of these entwined investigative avenues are largely the creation of two people.

In Europe, Eugene-Francois Vidocq may be considered the godfather of the former criminal turned secret agent who is largely responsible for the development of the modern, entwined arts of intelligence-gathering and criminal investigation. But stateside, his parallel, no less influential, was Lincoln’s spy master during the Civil War, Allan Pinkerton.

Born to an impoverished family in Glasgow in 1819... more

Takeaway: Don't Spy on Your Girlfriend's Affair

MI - A 43-year-old man was shot Friday while spying on a woman as she had an affair on Detroit's west side, police said. The man was spying on the 28-year-old woman around 2:20 a.m. in the 12000 block of Winthrop Street when she got caught having an affair, according to officials.

Police said when the man tapped on the window, the woman opened the window and fired shots. The man was shot in the arm, police said. He drove himself about two miles to the 8500 block of Lauder Street, where he called police. more

Economic Espionage: Web of Brain Sucking Spiders

For Lt. Gen. Paul Nakasone, USA, commanding general, U.S. Army Cyber Command, one important perspective “is that our adversaries are antagonists,” he said. “Their capabilities are ever increasing.”

At first it was exploitation of data, then disruption and after that destruction. Before it was attacks on networks or a series of networks, now it also is data and critical infrastructure and key resources.

"I think that we are starting to see the trailers [preview] of the future war," Gen. Nakasone warned. Actors that the United States has not thought of, non-nation states, anonymous, proxy adversaries, will have an impact as antagonists against countries, the general predicted. They are not only going after military networks, they are going after the economic might of that nation. “They are going after the key terrain that they know is fundamental to how a country operates.” more

Suspended Sentence for Swiss Spy Snooping

Rarely has a spy case attracted as much attention in Germany as that of Daniel M. The bungling double agent passed on troves of bank data to German tax officials while allegedly gathering info on them for the Swiss.

A German court has handed a suspended sentence of one year and 10 months to the former Zurich police detective for spying on the German state of North Rhine-Westphalia's (NRW) tax authority and some of its staff for nearly four years up to February 2015.

The regional court in Germany's financial capital, Frankfurt, also slapped a fine of €25,000 ($29,000) on the 54-year-old Swiss double agent. more

Former Governor Wanted Wife Arrested for Eavesdropping

AL - The former director of the Alabama Law Enforcement Agency (Spencer Collier) said former Governor Robert Bentley wanted to know why his wife, Dianne shouldn't be arrested after he discovered she had been secretly recording his conversations with the aide suspected of being his mistress.

Collier said, "Once I become confident that Ms. Dianne was responsible for recording him, I told him and ended the investigation.

He wanted to know why she couldn't be arrested for planting an eavesdropping device.

I explained that in my opinion, no [District Attorney] in AL or the [Attorney General] was willing to prosecute a wife for recording her spouse caught in the act of adultery... He became upset and stated that if she or anyone disseminated the information that he would demand that they be arrested." more

Eavesdropper: The coding mistake that may be in your phone.

A simple coding error made in hundreds of apps may have exposed as many as 180 million smartphone users to having their text messages and phone conversations intercepted by hackers, security researchers warned.

The warning comes from experts at the cybersecurity firm Appthority, who spotted an error plaguing as many as 685 mobile apps—including one used for secure communications by a federal law enforcement agency...

The issue, which has been dubbed Eavesdropper...

Eavesdropper is an especially troublesome problem for a number of reasons. First, most users are likely unaware of what API their mobile apps use to handle certain features like texts and calls so it is unlikely the average person would be able to spot if an app they are using is vulnerable. more

Attorney Suspended for 4 Years for Eavesdropping

The state Supreme Court has suspended a northern Indiana attorney for at least four years after finding that he eavesdropped on private conversations between homicide suspects and their attorneys when he was a deputy prosecutor.

The court's disciplinary commission recommended Robert Neary be disbarred. But the justices instead issued an order Monday prohibiting him from working as a lawyer for four years...

They found that when Neary was a LaPorte County deputy prosecutor, he committed attorney misconduct by listening to two homicide suspects' confidential attorney-client conversations in incidents in 2012 and 2014 involving an audio feed and a video recording made in a police interview room. more

End-to-End Encryption App for Business Customers

End-to-end encrypted messaging app Wire has introduced a version of its service for business customers...

Wire CEO Alan Duric told ZDNet that the company had 300 firms on the Teams pilot and that businesses were using the service for their top managers or M&A teams and issues like crisis communications.

Wire is also eyeing the Internet of Things, arguing that end-to-end encryption could be applied to messages to devices as well as chats with your colleagues.

"There is quite a bit of awareness that industrial espionage is not a myth and that they need to protect their data," he said. more

Video Voyeur Drones Grab Headlines – Business Espionage Drones Don't

A growing number of women in Port Lincoln, South Australia, have reported being woken at night by a drone spying on them in their homes.

One woman was sleeping alone on her remote hobby farm when she was woken up by an object banging into her window, only to realize it was a drone with a camera attached.

Another woman told the ABC of the anxiety and panic she now experiences at night due to a similar encounter, saying, “You’ll hear a noise and even if it’s not a drone you just get paranoid…

Two of the victims no longer shower at night for fear of the drone capturing them while naked.

In May this year, a Sydney woman reported having been spied on by a drone while she was getting out of the shower.

These disturbing instances reflect the growing problem of the law being ill-equipped to deal with fast-developing technology, such as drones and revenge porn — with women constituting the largest proportion of victims to cyber-crimes. more

Spybusters Tip #519 - Video voyeur drones are headline grabbers. Business espionage drones go unnoticed. 

If your office has a window, you have an information security vulnerability. One quick high resolution drone camera flyby and visible paperwork and whiteboard information is theirs. 

Close curtains, or angle blinds downward when you leave. No curtains? Develop the "clear desk" habit. Then, contact us to make sure the place isn't bugged.  ~Kevin

Private Eye Charged with Illegally Spying on Politicians

FL - ...It was only after all three politicians discovered mysterious GPS trackers under their vehicles and turned them over to the Florida Department of Law Enforcement that a criminal investigation began...Now, nearly a year after election day, the State Attorney’s Office has charged Victor Elbeze with illegal tracking after FDLE agents found his fingerprints on one of trackers...


Elbeze and his boss at the time, Steve Cohen, who owns the Hallandale Beach firm General Investigative Services, denied following any politicians...Cohen, a shadowy Russian national who recently changed his name from Stanislav Doudnik, refused to speak on camera and wouldn’t say who hired his firm, citing client confidentiality. But he said he never ordered Elbeze, who has left his employ, or anyone else to do anything illegal.   more

Spycam Found at Condo Building - Florida Legislators Targeted

FL - For at least three days in the final week of the 2017 legislative session, a covert surveillance camera recorded the comings and goings of legislators and lobbyists living on the sixth floor of the Tennyson condominium near the Capitol.

Click to enlarge.

Weeks later, in a dark parking lot of an Italian restaurant in Tallahassee, Sen. Jack Latvala of Clearwater, a Republican candidate for governor, was also being spied upon. Grainy photos show him standing and planting a kiss on the cheek, then the mouth, of a female lobbyist on the last night of the Legislature’s special session.

These weren’t routine smartphone photos captured for fun. They were the work of private investigators whose research has fueled an escalating barrage of rumors in the last week about sexual harassment in Tallahassee and infidelity among the state’s elected legislators.

Incoming Senate Democrat Leader Jeff Clemens of Lake Worth abruptly resigned Friday after admitting to an affair with a lobbyist. Politico Florida was the first to report on Tuesday that private investigators had documented at least four separate incidents involving Latvala dining with female lobbyists and that state law enforcement officers investigated the covert camera at the Tennyson. more

The Secret Shoe, or The Bonded Sole

(via maxim.com)
We're not suggesting that you infiltrate an enemy's ranks to take down a hostile foreign power, but if you ever want to dabble in some international espionage, have we got the shoe for you.

A dressy Derby Shoe made from fine deerskin may seem less critical than a working knowledge of close quarters combat or Russian. Still, "The Secret Shoe" from Oliver Sweeney is here to satisfy all your covert spy needs... and then some.

The luxury footwear provider teamed with VeryFirstTo.com to stash inside this unsuspecting-looking shoe two hidden compartments that can each hold three gadgets at a time.

Derby Shoe has provided 12 for you to pick from: the world's smallest phone, a tiny video camera, a mini Swiss army knife, a tracking device, a money capsule, "the world's most advanced contactless payment ring" and more.

There's also room for a house key.

Click to enlarge.

Another badass feature you'll make use of if you're ever zip-tied and about to be tossed off a helicopter (there's a chance) is the laces. They're made of Kevlar, which means they can double as a friction saw that's strong enough to cut through wood and plastic. more

If your organization isn't picking up the tab for this, you'll probably be interested in the selling price. $1307.50

Still interested?

That's $1307.50 
...per shoe. ~Kevin

Not So Covert Video Cam Sunglasses

Today is probably the only day a spy could get away with these...

Dorkier than Google Glass? You decide. more

TSCM Alert - Keylogger Used to Hack School Grades

Former University of Iowa student Trevor Graves was arrested last week and charged...with hacking into the school's system to change grades.

...Graves allegedly attached a keylogger to several university computers in order to compromise faculty, staff and student information. In January 2017 the scheme was identified when a keylogger was discovered and reported by a staff member...

The school estimated that about 250 people had their HawkID and password stolen.

The court documents state that Graves allegedly used the information taken to escalate his privileges within the school's computer system enabling him to change grades, an ability given only instructors. more

This school was lucky. They discovered the spying device almost by accident. 

Most electronic surveillance and subsequent information loss is never discovered, because... "If you don't look, you don't find."

Typical keystroke logger attached to keyboard cable.

Technical Surveillance Countermeasures (TSCM) inspections are not just about finding bugs and wiretaps. These exams also discover keyloggers, optical surveillance (spycams) and other methods of information loss.

Periodic TSCM exams are as vital to an organization's health as medical exams are to people. Think about that for a second... both can spot a cancer while it can still be cured.

Need a TSCM exam, or a local referral? Contact me. ~Kevin

USB Stick Security, or God Save the Queen

UK - Heathrow Airport officials have launched an internal investigation into how a USB memory stick containing the airport's security information was allegedly found on a London street...

The USB stick, which apparently held details such as the route which the Queen takes when using the airport and maps pin-pointing CCTV cameras and a network of tunnels and escape routes, was not given to police but instead was handed to a national newspaper, the Sunday Mirror.

The Sunday Mirror reported that an unemployed man said he was on the way to the library to search the internet for jobs when he found the USB stick in the leaves... he plugged the USB stick into a library computer a few days later and was amazed at what he found... more

Take away security tips...
• Encrypt information you put on a USB memory stick. Assume it will be lost or stolen.
• If you find a USB stick, don't plug it in. It may contain a virus. Dropping virus laden sticks in company parking lots is a simple spy trick.

Cuba Bugged by US Allegations of Sonic Attacks

Could the mysterious “sonic attacks” allegedly waged against U.S. Embassy employees in Cuba really just be the sounds of very loud crickets and cicadas?

That’s what Cuban officials seemed to suggest Thursday in a half-hour prime-time television special titled “Alleged Sonic Attacks.”

The special broadcast was Cuban officials’ most detailed defense to date against U.S. accusations that American diplomats in Havana were subjected to mysterious sounds that left them with a variety of ailments -- including headaches, hearing problems and concussions. more

Odd that it only affected American and Canadian diplomats. ~Kevin

When Amateurs Spy

Headline: Wedding crasher spying on ‘boyfriend’ sparks massive bridesmaids brawl: cops



Tip: Spy Rule #1 - Remain covert.

Want to know more?

Vacuum Cleaner Spy - Dishin' Your Dirt to a Pervert

Your vacuum cleaner can spy on you and send the video to hackers.

Sound like a science fiction horror story?

It's reality in 2017.

Researchers at CheckPoint... discovered that as a vulnerability in the LG SmartThinQ app that accompanies the firm's smart devices. As can be seen in the video below, by exploiting that weakness, the researchers were able to force an LG Hom-Bot smart vacuum cleaner to relay a video feed to them from its camera to them.

The vulnerability apparently emanated from how SmartThinQ handled authentication and authorization of users... - that is, the tickets that allow users to access the device's video feed.



What this means is that if you have a vulnerable app and use a Hom-Bot with it anyone who knows your username - which is typically your email address - could potentially access your device's video feed or other data from the device.

Furthermore, besides creating a problem for Hom-Bot, the vulnerability may affect other LG smart devices that connect to the same app.

LG has already fixed the vulnerability, so, if you have any LG smart device and use SmartThinQ, make sure to download the latest version (1.9.23). more

FutureWatch - Antenna-less Bugs - Easier to Hide

Antenna-less technology is based on replacing a complex and usually customized antenna design with an off-the-shelf, standardized, miniature component called antenna booster.

The Ever Shrinking Antenna.

Being surface-mount and chip-like in nature, the antenna booster fits seamlessly in an electronic printed circuit board, the same way any other electronic component does, such as a microprocessor, memory, amplifier, filter or switch.

It can be assembled with a conventional pick-and-place machine, making the design and manufacture of the next generation of IoT/mobile or wireless devices simpler, faster and more effective. more

Prolific Spy Camera Man Posts Videos Gets Caught

WI - A 28-year-old man is charged with surreptitiously filming women in various states of undress in three locations, including a Target changing room at the Fox River Mall.

Andrew R. Persen of Appleton was charged Monday with 10 counts of capturing an intimate representation without consent, five counts of invading privacy with a surveillance device and a single charge of posting a sexually explicit image without consent...

Besides Target, locations included his own bathroom and the bathroom and bedroom at a female friend's house, according to the criminal complaint...

According to the criminal complaint:
The friend told police on Oct. 11 that her friend had found a nude video of her on a pornography website and she believed Persen had posted it without her consent. The video was posted around June of this year and the website indicated it had hundreds of public views.

She said the username the video was posted under was one that Persen commonly used on social media...

Typical Bathroom Spycam Enclosures — Look for the pinhole.

Police searched Persen's house on Oct. 20 and found "numerous" electronic storage devices.

He said that he had put hidden cameras in his friend's bedroom and bathroom in the spring and also in a Target dressing room. He also said he put a camera in his own shower to capture another woman.

Police found videos of the friend filmed at her home. Two detailed in the complaint clearly show him installing the cameras.

One video showed a woman using his shower.

Investigators also found 66 video files that appeared to show the inside of a changing room at Target. If the date and time display is correct, it appears the videos were recorded between 3:20 p.m. and 7:15 p.m. on April 6.

One video appears to show him setting up the camera in the changing room at 3:18 p.m. with his face clearly visible. more

Unfortunately, this type of story appears in the news several times per week. And... these are the failures; this is the tip of all video voyeur activity.

You should really learn how to detect spycams, and then teach your family and friends how to do it as well. It's really simple, once you know how.

TSCM News - Professional Spybusters in Demand for Bug-Sweeping

In the trade it is known as TSCM but everyone else calls it bug-sweeping. It is not cockroaches that these pest controllers are hunting but eavesdropping devices that could be hidden anywhere from a mobile phone to the cable in the back of a computer.

Demand for the services of professional technical surveillance countermeasures specialists has grown dramatically along with public awareness of the dangers. Britain’s professional spy catchers have never been busier as businesses and wealthy individuals realise that they are being watched and listened to. 

According to James Williams, director of the TSCM Institute, the only professional body covering the emerging industry, “eavesdropping is on the increase” as the number of devices and ways to bug people have multiplied. more

If you are looking for a reliable firm (many are not), contact me for a referral in your area. ~Kevin

Corporate Espionage Fail - WeWork Staffers Caught

NYC - The battle in the red-hot co-working space business is heating up.

WeWork, the No. 1 player in the sector, allegedly sent two spies to infiltrate rival Knotel — to steal info and some customers, Knotel claimed.

The spies showed up at seven Knotel properties in Manhattan last month in a “systematic attempt to pilfer Knotel’s proprietary information and trade secrets,” according to a cease-and-desist letter the smaller company sent to WeWork...

The corporate espionage rookies might have pulled off the caper — except, in a totally random happening, a Knotel employee recognized one of them as a friend of a friend, according to sources close to Knotel.

While the pair used fake names to gain entry, according to the letter, a call to the Knotel worker’s pal got the spy’s real name — and a couple of social media inquiries turned up the fact that he worked for rival WeWork, sources said. more

SPYSCAPE in NYC is Set to Open in December

A museum dedicated to spycraft is landing soon in possibly the least inconspicuous place on Earth: midtown Manhattan.

The project, known as SPYSCAPE, is set to open in New York City this December — but details are, fittingly, under wraps. Archimedia, the creative and investment company behind the project, has acquired a number of spy artifacts and archival materials, and will use immersive storytelling to explore history’s greatest spy affairs, from the Enigma code crackers to the teenage hacker behind a recent breach of the CIA website.

The museum's website hints at interactive interrogation rooms, laser tunnels, and more. At the end of the tour, visitors will learn what kind of spy work they’re destined for — allegedly based on a proprietary “profiling system” created by the Head of Training for British Intelligence.

The museum space was designed by Ghanaian-British architect David Adjaye’s New York City-based firm, Adjaye Associates, whose many high-profile projects include Washington, D.C.’s new National Museum of African American History and Culture. more

Can't wait? Cuba's Spy Museum in Havana is open. (Optional, but recommended.) ~Kevin

Ransomware Security Infographic - Winning the War

via Trustwave...

Click graphic to enlarge. Click Trustwave for PDF.

Security Report: Kids Smartwatches Found to Act Like Bugs and Worse

The tests done by Mnemonic have uncovered critical security flaws in three of the apps and devices. 

As detailed in Mnemonic's report, two of the devices have flaws which could allow a potential attacker to take control of the apps, thus gaining access to children's real-time and historical location and personal details, as well as even enabling them to contact the children directly, all without the parents’ knowledge.

Additionally, several of the devices transmit personal data to servers located in North America and East Asia, in some cases without any encryption in place.

One of the watches also functions as a listening device, allowing the parent or a stranger with some technical knowledge to audio monitor the surroundings of the child without any clear indication on the physical watch that this is taking place. more

FutureWatch: After 51 Years MasterCard Boots Signatures

Mastercard Inc. is doing away with a rule requiring merchants to get signatures for transactions made with its credit and debit cards in the United States and Canada.

Announced early Thursday, Mastercard’s rule change goes into effect April 13, 2018, allowing issuers, merchants, and processors time to make adjustments, though merchants can adopt the change sooner, Mastercard says. Mastercard also issued a bulletin about the matter Wednesday afternoon. The new rule does not affect interchange, and applies only to point-of-sale transactions.

A majority of consumers believe that it would be easier to pay and that checkout lines would move faster if they didn’t have to sign for purchases, Mastercard says. more

So, why drop a 51 year old signature security requirement?

Mastercard announced that it’s adding fingerprint scanners to its “next generation” cards in order to safely verify the cardholder’s identity whenever they’re making in-store purchases. more

Most of Your Employees are Snoops

A new survey of IT security professionals reveals that 92 percent of respondents say employees at their organizations try to access information that is not necessary for their day-to-day work.

The study from identity management company One Identity also shows that IT security professionals themselves are among the worst offenders for corporate data snooping. One in three respondents admit to having accessed sensitive information that is not necessary for their day-to-day work -- showing an ongoing abuse of elevated rights given to the IT security role.

More than one in three (36 percent) of IT pros admit to looking for or accessing sensitive information about their company’s performance, beyond what is required to do for their job. 71 percent of executives admit seeking out extraneous information, compared to 56 percent of non-manager-level IT security team members. Additionally, 45 percent of executives admit to snooping for or accessing sensitive company performance information specifically, compared to just 17 percent of non-manager team members.

In smaller companies the problem is worse... more

No surprise here. Over half of the eavesdropping and information loss issues crossing my path (over the last four decades) are employee related. ~Kevin

Spybuster Tip #712: How to Vacuum Your Amazon Breadcrumbs

Amazon automatically tracks the products you browse on the site and compiles a visual list on your account’s home page, in case you are inspired to follow through with a purchase on a return visit.

If you find this sort of thing more creepy than helpful — or you share a computer and would rather not have others see your shopping whims — you can disable the tracking.

To do that, go to Amazon.com and log into your account. Click the Browsing History link at the top of the main page (just below the search window) to see the recent items you previously viewed while clicking around on the site. At the top of the page, click Manage History. more

Spike in Spy Camera Sales Online Causes Concern

Over a period of time, a sales engineer in Singapore amassed 280 obscene films, many of which depicted women in various stages of undress in public bathrooms and changing rooms.

The unsuspecting women, including schoolgirls, were filmed with secret cameras, and Joel Chew Weichen, 27, had collected the films for distribution.  

Based on checks by The Straits Times, a worrying trend has emerged - the sale of such cameras is on the rise.

On online shopping platform Lazada, which has more than 600,000 hidden camera products available, sales of such cameras have grown 1.5 times this year compared with last year. The cameras come disguised as clocks, pens and even smoke detectors.

A spokesman said spy pens, which can cost about $12, are the most popular. Spectacles with built-in cameras may cost about $85...

Chew, who was sentenced to six months in jail this month, was the first of five individuals to plead guilty to having the obscene films for distribution.

He was also part of groups that share and download such videos.

The victims were secretly filmed while in bathrooms in cafes, schools, offices, changing rooms of popular fashion outlets, and bathroom showers in private homes. more

Note: An on-line spycam detection training course is available to organizations and individuals.

My Sister Bugged my Teddy Bear

Chicago - Nobody feuds like a rich family with lawyers on the payroll.

But even by the standards of the tony North Shore, the bitter courtroom battles between the children of the late property developer Aaron Israel stands out.

The Israel brothers — Harvey, Alan and David — have been fighting on and off in court with their sister, Diane, and their late father over the family fortune for 25 years.

Now David Israel is suing his sister for more than $1 million, alleging she hired a private eye who bugged his Northbrook office with a recording device hidden inside a teddy bear.

A recently filed federal complaint includes a photo of the scarf-wearing pink bear, which David says he received from a cancer charity. According to the lawsuit, David cut open the bear and found a listening device inside it after he was taunted by an anonymous text-messager who told him about his office being bugged and said there was “a big surprise” inside the bear.

The taunting text and other creepy anonymous messages (including one telling him “A bit hot to be wearing that shirt don’t you think David?”) were sent by a private eye hired by Diane, according to David’s lawsuit, which also alleges that a listening device was installed in a plant pot, and that his Highland Park home and Gold Coast condo were bugged along with his cars.

Though the private eye, Michael Bucon, in April pleaded guilty to planting the bugs, Diane denies the allegations and wants U.S. District Judge Andrea Wood to throw out the lawsuit... more

How the All Blacks Bugging Story Ends

The security consultant who escaped conviction in a bugging case is reportedly back working with the All Blacks in Australia.

Adrian Gard, 52, was placed on a one-year good behaviour bond last month for breaching his security licence when organising a sweep of the Sydney hotel where the All Blacks were staying ahead of a test match against Australia in August of last year. more

Wi-Fi Traffic Open to Eavesdropping

Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting...

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks...

A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices.

The site warned that attackers can exploit the flaw to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol. "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on," more

Google Home Mini Caught 'Spying' on Owner

A flaw has been discovered in the new Google Home Mini that allows the device to secretly record without the user knowing and sending the information to Google.

The flaw was discovered last week by tech blogger Artem Russakovskii and written about on Android Police. Russakovskii, who was given a free sample device before the official launch later this month, first noticed the device continually turned on and off on its own. Later, when he checked the activity logs, he saw that the device was recording without being prompted.

"My Google Home Mini was inadvertently spying on me 24/7 due to a hardware flaw," Russakovskii wrote.

In a letter to Google, he added: "Needless to say, if a listening device records almost every minute of every day and stores it remotely, we're talking about a huge privacy violation." Google then sent out an engineer to pick up and examine the next day. They then said the problem stemmed from a a glitch on the device's touch pad.

FutureWatch - Microphone with an Ear and Brains, or how to stay ahead of the bad guys...

Clients know how quickly technology advances, and they occasionally ask...

"Aren't you always one step behind the bad guys?"

I've heard some colleagues agree, and even mention it themselves as a pre-sweep hedge against failure, along with the idiotic statement, "All bets are off once we leave." Talk about defeatist logic.

The bad guys question is a good one, however, and there are several answers. All depend upon the mindset of the TSCM team...

1. Yes, if you buy a detection gadget and only read the instructions.
2. Yes, if you just surf the Internet for education.
3. Yes, if you're getting your education from an annual TSCM seminar, or occasional training course.
4. No, if you pay attention to research papers, newly developing electronic components and processes, before they are used in surveillance devices.

Here is a Number 4 example I came across this week... a very tiny microphone with an ear, a brain, and almost no need to be fed electricity.

Wake-On Sound - Piezoelectric MEMS Microphone
PUI Audio's ZeroPower Listening™ piezoelectric MEMS microphone designed for ultra-low power always listening solutions. 

PUI Audio’s PMM-3738-VM1010-R is a single-ended analog MEMS microphone with wake-on sound. The wake-on sound mode allows for detection of voice activity while consuming only 5 μA of supply current (9 μW of power). In wake-on sound mode, a sound in the vocal band above the level threshold instantly alerts a processor of an acoustic event. The processor (DSP or voice processor) then switches the PMM-3738-VM1010-R into normal mode, with full audio output within 100 microseconds. Fast enough for the microphone to capture the triggering sound and pass it along for processing. This is the system architecture for ZeroPower Listening. 

Wake-on sound delivers voice activation to battery-powered voice-interface consumer devices, such as smart speakers, smart TV remote controls, smart headphones, and IoT smart home products, while drawing nearly zero power. 

PUI Audio’s PMM-3738-VM1010-R, the first wake-on sound MEMS microphone, brings voice activation to battery-powered devices of all kinds. Drawing a scant 5 μA of current while in listening mode, PUI Audio’s newest piezoelectric MEMS microphone is the only device that uses sound energy itself to wake a system from full power-down. 

The PMM-3738-VM1010-R features a configurable voice zone, allowing voice in a 5 foot to 20 foot radius-zone to trigger the system and increase to a higher-power mode. When the environment is quiet, the system can enter the low-power ”wake-on-sound” mode. 

Imagine the new types of eavesdropping devices this microphone will make possible.

Combine this with a battery powered bug that recharges using ambient radio-frequency signals, and you have a sleeper bug that could (theoretically) last forever. 

The bad guys probably haven't built and deployed this yet, but when they do, it won't be a surprise to us.

The posts tagged FutureWatch you see in the Security Scrapbook are examples of Number 4 attention to detail. Here are some more...
https://spybusters.blogspot.com/2017/03/futurewatch-cheap-difficult-to-detect.html
https://spybusters.blogspot.com/2013/08/solar-powered-smartphones-and-more.html

New Clickless Bluetooth Attack - Billions of Devices Vulnerable

Researchers have devised an attack that uses the wireless technology to hack a wide range of devices, including those running Android, Linux, and, until a patch became available in July, Windows.

BlueBorne, as the researchers have dubbed their attack, is notable for its unusual reach and effectiveness. Virtually any Android, Linux, or Windows device that hasn't been recently patched and has Bluetooth turned on can be compromised by an attacking device within 32 feet. It doesn't require device users to click on any links, connect to a rogue Bluetooth device, or take any other action, short of leaving Bluetooth on. The exploit process is generally very fast, requiring no more than 10 seconds to complete...

"Just by having Bluetooth on, we can get malicious code on your device," Nadir Izrael, CTO and cofounder of security firm Armis, told Ars. "BlueBorne abuses the fact that when Bluetooth is on, all of these devices are always listening for connections."
Patch now, if you haven't already. more

Cautionary Tale: Spycams in Schools

As the school season starts, unfortunately it's time to remind children to be alert for spycams. Unfortunately, this is a story which pops up at least once or twice per month. Different players, same teacher v. student scenario...

Canada - A gymnastics coach who secretly filmed his young athletes using the toilet has received a two-year sentence for making and possessing child pornography. 

Just one of many disguises.

Angelo Despotas, 48, betrayed the trust of the students he was supposed to be teaching, guiding and inspiring, provincial court Judge Jim Threlfall told a sentencing hearing in Kelowna, B.C.

"The damage done to the victims is incalculable," Threlfall said. "Many of the victims had trained with him for years."

Despotas earlier pleaded guilty to the charges and received two consecutive sentences of 14 months for making child pornography and 10 months for possessing it. more

The Good News, Bad News VPN Joke

In January this year, China announced a 14-month campaign to crack down on VPNs in a bid to tighten online surveillance
ahead of the 19th National Congress of the Communist Party of China which opens in October....

Unlike individual users, multinational firms operating in China are still permitted to use VPNs in what amounts to something of a legal grey area, but it is likely that this usage will be restricted to software approved by the government, which will presumably have backdoors installed to allow eavesdropping, raising fears of an increase in industrial espionage activities. more

Apple Watch is Center of Sports Spying Scandal

For decades, spying on another team has been as much a part of baseball’s gamesmanship as brushback pitches and hard slides. The Boston Red Sox have apparently added a modern — and illicit — twist: They used an Apple Watch to gain an advantage against the Yankees and other teams.

Investigators for Major League Baseball have determined that the Red Sox, who are in first place in the American League East and very likely headed to the playoffs, executed a scheme to illicitly steal hand signals from opponents’ catchers in games against the second-place Yankees and other teams, according to several people briefed on the matter...

The Yankees, who had long been suspicious of the Red Sox’ stealing catchers’ signs in Fenway Park, contended the video showed a member of the Red Sox training staff looking at his Apple Watch in the dugout. The trainer then relayed a message to other players in the dugout, who, in turn, would signal teammates on the field about the type of pitch that was about to be thrown, according to the people familiar with the case.

Baseball investigators corroborated the Yankees’ claims based on video the commissioner’s office uses for instant replay and broadcasts, the people said. more

What's with Boston anyway?!?! Spying football team. Spying baseball team. Ugh.  

Extra Credit: Turn Your iPhone into a Spy Camera Using Your Apple Watch [How-To]
Put this in your pocket to be extra covert. ~Kevin

"So, we created a picture of our suspect from DNA sweat found on the bugging device."

Damn interesting...
Identification of Individuals by Trait Prediction Using Whole-genome Sequencing Data

Researchers from Human Longevity, Inc. (HLI) have published a study in which individual faces and other physical traits were predicted using whole genome sequencing data and machine learning. This work, from lead author Christoph Lippert, Ph.D. and senior author J. Craig Venter, Ph.D., was published in the journal Proceedings of the National Academy of Sciences (PNAS).

Click to enlarge.

The authors believe that, while the study offers novel approaches for forensics, the work has serious implications for data privacy, deidentification and adequately informed consent. The team concludes that much more public deliberation is needed as more and more genomes are generated and placed in public databases. more

Wiretapping Gained Interest This Week... and why.

There was a big spike in wiretap searches this week...
Here's why...
Justice Department: No evidence Trump Tower was wiretapped

Eavesdropping Boss Must Pay for Unjust Dismissal

A woman whose boss used to eavesdrop on her phone conversations with clients has won €10,000 in compensation after she was sacked illegally five years ago.

An industrial tribunal heard how the firm’s managing director also installed monitoring software to see if she accessed Gmail and Facebook.

He continually victimized her and expected her to obey his orders unquestioningly, because, as he said, “I’m the boss!”

The MD regularly changed the password of her work e-mail and often called clients behind her back. He would turn up at meetings with them after listening in on her conversations, the labour tribunal heard. more sing-a-long

These Companies Can Track Any Phone Anywhere

Tracking or tapping phones across the planet used to be a niche capability. Now, a myriad of for-profit spy companies sell border-crossing surveillance of mobile phones. 

As soon as the target switches the phone on, it’s already too late. Digital spies have pinpointed the phone’s location and, without hacking the device itself, are tracking it from tens of thousands of miles away. This is not a capability limited to superpowers—private firms now provide global phone tracking and interception. more

Spy Tech Talk - A Method to Detect a Wiretap Attack

...encryption and other forms of protection are important for fiber optic/copper communications, but there is also the need to consider physical protection for the infrastructure where those cable are installed. Many communication wires could be at risk of being physically tapped...

RBtec has introduced a new system dedicated to protecting physical connections such as conduits, cable trays and any other means that hold communication cables. A new protective sensor has been introduced with a layout that links directly to a wire setup as a means of ensuring data is less likely to be tampered with. The design of the system is used to ensure that data is not going to be lost or harmed in any manner.

The sensor wire is a vibration sensor capable sensing the unique vibration associated with tampering. This is attached outside the pipe, sneaked inside the pipe or tray that a wire connection is linked up to. This connects right onto an alarm system through a series of relay outputs. It analyzes any vibrations on the conduit that cause mean someone is trying to accessing the data pipe and stops outside forces from getting in. more

Spy Tech Talk - How to Stop ISPs From Spying on Your IoTs

Botnets are not the only threat to your Internet of Things (IoT) devices: Your internet service provider (ISP) can also detect and track your in-home activities by analyzing internet traffic from smart devices, even when those devices use encryption, according to a paper from Princeton University researchers.

However, the researchers found a simple way to block ISPs from spying on your smart devices: Traffic shaping. more

When Spies Screw Up

Botched surveillance job may have led to strange injuries at US embassy in Cuba.

At first thought to be a deliberate attack, the outbreak of mysterious symptoms may be the result of shoddy espionage equipment, experts say...

The state department said it was investigating the outbreak, and that some of the worst affected diplomats had been evacuated to Miami for examination and treatment. more

But you already knew this, remember.