Friday, August 15, 2014

The 1-Click Conference Call Trick - Ease or Espionage?

from the website...
"We made CCALL because it’s a pain in the axx to enter conference codes from a mobile phone. If you've ever had a calendar invite with a long conference ID and scribbled it on the back of your hand to avoid jumping between the email, your calendar and your phone app then you understand why we did this."

Question: Do you think this a clever public service, or a clever social engineering eavesdropping / espionage trick? Doesn't matter. I know what I am telling my clients.

Wednesday, August 13, 2014

Need a Reason to Buy an iPhone?

Spies hate iPhones...
The secrets of one of the world’s most prominent surveillance companies, Gamma Group, spilled onto the Internet last week, courtesy of an anonymous leaker who appears to have gained access to sensitive corporate documents. And while they provide illuminating details about the capabilities of Gamma’s many spy tools, perhaps the most surprising revelation is about something the company struggles to do: It can’t easily hack into your typical iPhone. (more)

Saturday, August 9, 2014

The NSA is Inventive - Just Look at Their Patents

What do a voice identifier, an automated translator, a "tamper-indicating" document tube, and a supersecure manhole cover have in common? They're all technologies for which the secretive National Security Agency (NSA) has been granted patents by the U.S. government, giving the agency the exclusive rights to its inventions.

The four technologies represent a tiny fraction of the more than 270 sleuthy devices, methods, and designs for which the nation's biggest intelligence agency has been granted a patent since 1979, the earliest year for which public figures are available. As the patent holder, the NSA can license the particular technology -- for a fee -- to anyone who wants to use it, so long as the patent hasn't expired.

The NSA's cryptologists and computer scientists have been busy over the years inventing methods of encrypting data, analyzing voice recordings, transferring digital files, and removing distortion from intercepted communications -- all things you'd expect from the world's largest and most sophisticated eavesdropping agency. And the digital spooks have patented gadgets straight out of a James Bond flick, such as tamper-indicating envelopes and finely tuned radio antennas. (more) (The List)

More Bad Publicity About USB Security

Cyber-security experts have dramatically called into question the safety and security of using USB to connect devices to computers.

Berlin-based researchers Karsten Nohl and Jakob Lell demonstrated how any USB device could be used to infect a computer without the user's knowledge.

The duo said there is no practical way to defend against the vulnerability.

The body responsible for the USB standard said manufacturers could build in extra security.

But Mr Nohl and Mr Lell said the technology was "critically flawed". (more with videos)

Friday, August 8, 2014

China, Sex, Spycams and PIs... A Cautionary Tale

(June) A covert sex tape involving a senior executive and his Chinese lover was the trigger for a major investigation into corruption at British drugs giant GlaxoSmith-Kline...

The video of married Mark Reilly and his girlfriend was filmed by secret camera and emailed anonymously to board members of the pharmaceutical firm.

It led to an investigation that has rocked the £76billion company... (more)

(Yesterday) A British private investigator (PI) has been sentenced to two and a half years in jail by a Chinese court after becoming embroiled in a sex and whistleblowing scandal at the drug firm GlaxoSmithKline.

Peter Humphrey, 58, was also fined 200,000 yuan (£19,300), and his wife, Yu Yingzeng – a naturalised American citizen – was sentenced to two years and fined 150,000 yuan in the first case of its kind involving foreigners in China...

GSK had hired them to investigate why the company's then head of China operations, Mark Reilly, had been filmed surreptitiously having sex with his Chinese girlfriend in his guarded luxury home. (more)

Money Saving Spy Tips
1. No area you think is private is private until a competent TSCM team says so.
2. The "girlfriend" spy is an old trick.
3. Bugs, taps and spycams are old spy tricks. #3 used with #2 will cost you.
4. Executives: beware of #2, check for #3 frequently.
5. PIs, working in China has its risks.
6. Blackmail works, especially when state sponsored.
7. Proactive TSCM is far cheaper than a mess like this.

The Ford Motors Bugging Case - FBI Continues Investigation

The FBI has taken a computer disk and internal Ford e-mails in a continuing investigation of a former employee who was fired in June after the company found recording devices she had hidden in a building on its Dearborn, Mich., world headquarters campus.

Ford fired Sharon Leach, 43, a mechanical staff engineer who worked at Ford for 16 years, in late June after company security personnel saw her leave and return to the same conference room on multiple occasions. She told them she was recording conference meetings using the bugs...

According to court records, the FBI seized eight listening devices from Ford headquarters on July 11. It earlier had seized more than two dozen items from Leach's Wyandotte, Mich., home weeks earlier, including bank statements, tax records, a shipping bag, a Post-It note with numbers and a key chain with keys labeled "do not duplicate." (more)

Free Tip: Recover Files Locked by Cryptolocker Ransomware

If your computer files have been (or will be) held for ransom by Cryptolocker, bookmark this site...

FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by CryptoLocker.

These folks will analyze one of your locked files and send you the decode key, FREE.

Thursday, August 7, 2014

Coming Soon - The "Pssst. Don't go walking there alone" App

SketchFactor is a navigation app that shows the relative sketchiness of an area. It's focused on improving city exploration on foot. SketchFactor empowers users to report sketchy experiences, read sketchy incidents, and get directions to where they need to go in the least sketchy way possible.

What does sketchy mean?
Sketchy means a number of different things. To you, it may mean dangerous. To someone else, it may mean weird.

What can I report?
You can report any sketchy incident you see fit. (more)

FutureWatch: If this gains traction, like Yelp, it will become a whole lot more than just a personal app. Police, criminologists, city planners, security consultants, taxi cab companies and more will find use for the data this generates. Imagine a real-time SketchFactor overlay for Google maps.

FBI Citizens Academy - Hey, corporate America, turn around and pay attention.

“The top secret, government, political secrets, all that top secret stuff that you kind of think about spies, probably less than 10% of what they are trying to go after.” 

FBI experts say that 90% of what they go after, is industrial and trade secret espionage, and the target: students and executives from companies traveling abroad carrying trade secrets from their research and development at universities and companies.. And it's highly sought after.

“Every company, your research and development, it’s your next product down the road, and if I can steal that information and beat you to the market it's going to be devastating for you as a company.” (more) (video)

Tuesday, August 5, 2014

Nixon Tapes Released for 40th Anniversary of Resignation

Forty years ago this Friday, Richard Nixon became the first and only president of the United States to resign from office. He signed his resignation agreement, boarded a helicopter for San Clemente, Calif., and largely retreated into the shadows of history.

A decade later, he sat down with former White House aide Frank Gannon to share his own account of his final days in the Oval Office. Segments culled from those 30 hours of interviews were aired publicly just once, on CBS News. This week, The Richard Nixon Foundation and the Richard Nixon Presidential Library and Museum are releasing a series of clips of those interviews in commemoration of the 40th anniversary of the resignation.

In the first installments of the video series entitled “A President Resigns,” the disgraced president recalls learning that the infamous tape that became known as “the smoking gun” had been released. The tape revealed that Nixon had been aware of the break-in at the Watergate, despite his repeated denials. (more)

Monday, August 4, 2014

FutureWatch: Eavesdropping on Potato Chip Bags... You may be next.

Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.

In other experiments, they extracted useful audio signals from videos of aluminum foil, the surface of a glass of water, and even the leaves of a potted plant. The researchers will present their findings in a paper at this year’s Siggraph, the premier computer graphics conference.


“When sound hits an object, it causes the object to vibrate,” says Abe Davis, a graduate student in electrical engineering and computer science at MIT and first author on the new paper. “The motion of this vibration creates a very subtle visual signal that’s usually invisible to the naked eye. People didn’t realize that this information was there.” (more)

Spy Tradecraft FutureWatch - 3-D Room Scan Mapping

Despite the promise of Google's Movidius-equipped Project Tango, there are still no depth-sensing, SLR-stomping smartphones on the market. But Movidius thinks that could change soon, thanks to its brand new chip: the Myriad 2 vision processor unit (VPU). 

"The Myriad 2 is going to provide more than 20x the power efficiency of the Myriad 1, and enable camera features that were not possible before in mobile devices," CEO Remi El-Ouazzane tells me. If you'll recall, Tango's original tech brought faster focus, improved depth of field, near-optical zooming and higher light sensitivity to smartphone cameras (and now, tablets).

It also let researchers scan a room in 3D to provide interior navigation, among other cool tricks. (more)

From a Security Scrapbook Blue Blaze Irregular...
So, letting uncleared persons into secure facilities just became even more stupid. With new processing chips, surreptitious video recording becomes even more dangerous. Movidius makes the chips. And Matterport makes the 3D modelling software. This is very cool but at the same time very disturbing. How many tradecraft applications will this have? Security managers should see, at least, the Matterport video.

USB - Unfixable Security Broken

It is well known that USB drives can be dangerous. Companies run strict screening policies and it has long been known that running unknown ‘exe’ files is a bad idea. But what if the threat was undetectable, unfixable and could be planted into any USB device be it a USB drive, keyboard, mouse, web camera, printer, even smartphone or tablet? Well this nightmare scenario just became reality.

The findings will be laid out in a presentation next week from security researchers Karsten Nohl and Jakob Lell who claim the security of USB devices is fundamentally broken. More to the point they said it has always been fundamentally broken, but the holes have only just been discovered.


To demonstrate this the researchers created malware called ‘BadUSB’. It can be installed on any USB device and take complete control over any PC to which it connects. This includes downloading and uploading files, tracking web history, adding infected software into installations and even controlling the keyboard so it can type commands.

“It can do whatever you can do with a keyboard, which is basically everything a computer does,” explains Nohl... (more)

The short-term solution to BadUSB isn’t a technical patch so much as a fundamental change in how we use USB gadgets. To avoid the attack, all you have to do is not connect your USB device to computers you don’t own or don’t have good reason to trust—and don’t plug untrusted USB devices into your own computer. ...or, treat USB sticks the same way you would hypodermic needles. (more)

Android Warning - Don't Click SMS Links Without Thinking First

A virus known as 'Andr/SlfMite-A' has been recently discovered that is spreading throughout the Android world through text messages (SMS)...
Andr/SlfMite-A virus sends SMSs, which includes a malicious link. If you unknowingly click on the embedded link within the SMS, then the virus easily get installed on your phone. Once the virus is downloaded onto your phone, it secretly sends text messages with malicious link to the first 20 contacts from your contact list. 

These self-replicating 'worms' send SMSs to your contact list, thus playing with the trust that the receiver has in you. Just because the person from your contact thinks that the message is from you and hence is a genuine text message, they might just get tricked into clicking the link and unknowingly allow the virus to get installed onto their phone. (more)

PI Tip #251 - Clean Up Your Crummy Surveillance Videos - FREE

VideoCleaner is FREE professional open-source video enhancement software. With VideoCleaner, you can brighten poorly lit scenes, increase detail clarity, correct the viewing perspective, reverse lens distortion, repairs VHS recordings, improve color contrast, isolate channels, and so much more.

VideoCleaner makes faint movements, distant traffic signal color changes, and small details obvious. You can annotate on-screen with text and highlighting, correct playback speed, provide sweeping or adjacent before-after views, and extract stills.

Being open-source means that you can customize VideoCleaner to fit your needs and delve deep into the science. Everything is free, even the support.
VideoCleaner is free without any purchase price, support or update fees. You are welcome to use VideoCleaner and its components for any legal purpose, personal or commercial, without any requirements or obligations beyond the open-source General Public License (GPL) of its components. You are free to redistribute this software in accordance with its associated GPL. (more)