Saturday, August 9, 2014

More Bad Publicity About USB Security

Cyber-security experts have dramatically called into question the safety and security of using USB to connect devices to computers.

Berlin-based researchers Karsten Nohl and Jakob Lell demonstrated how any USB device could be used to infect a computer without the user's knowledge.

The duo said there is no practical way to defend against the vulnerability.

The body responsible for the USB standard said manufacturers could build in extra security.

But Mr Nohl and Mr Lell said the technology was "critically flawed". (more with videos)

Friday, August 8, 2014

China, Sex, Spycams and PIs... A Cautionary Tale

(June) A covert sex tape involving a senior executive and his Chinese lover was the trigger for a major investigation into corruption at British drugs giant GlaxoSmith-Kline...

The video of married Mark Reilly and his girlfriend was filmed by secret camera and emailed anonymously to board members of the pharmaceutical firm.

It led to an investigation that has rocked the £76billion company... (more)

(Yesterday) A British private investigator (PI) has been sentenced to two and a half years in jail by a Chinese court after becoming embroiled in a sex and whistleblowing scandal at the drug firm GlaxoSmithKline.

Peter Humphrey, 58, was also fined 200,000 yuan (£19,300), and his wife, Yu Yingzeng – a naturalised American citizen – was sentenced to two years and fined 150,000 yuan in the first case of its kind involving foreigners in China...

GSK had hired them to investigate why the company's then head of China operations, Mark Reilly, had been filmed surreptitiously having sex with his Chinese girlfriend in his guarded luxury home. (more)

Money Saving Spy Tips
1. No area you think is private is private until a competent TSCM team says so.
2. The "girlfriend" spy is an old trick.
3. Bugs, taps and spycams are old spy tricks. #3 used with #2 will cost you.
4. Executives: beware of #2, check for #3 frequently.
5. PIs, working in China has its risks.
6. Blackmail works, especially when state sponsored.
7. Proactive TSCM is far cheaper than a mess like this.

The Ford Motors Bugging Case - FBI Continues Investigation

The FBI has taken a computer disk and internal Ford e-mails in a continuing investigation of a former employee who was fired in June after the company found recording devices she had hidden in a building on its Dearborn, Mich., world headquarters campus.

Ford fired Sharon Leach, 43, a mechanical staff engineer who worked at Ford for 16 years, in late June after company security personnel saw her leave and return to the same conference room on multiple occasions. She told them she was recording conference meetings using the bugs...

According to court records, the FBI seized eight listening devices from Ford headquarters on July 11. It earlier had seized more than two dozen items from Leach's Wyandotte, Mich., home weeks earlier, including bank statements, tax records, a buy.com shipping bag, a Post-It note with numbers and a key chain with keys labeled "do not duplicate." (more)

Free Tip: Recover Files Locked by Cryptolocker Ransomware

If your computer files have been (or will be) held for ransom by Cryptolocker, bookmark this site... https://decryptcryptolocker.com/

FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by CryptoLocker.

These folks will analyze one of your locked files and send you the decode key, FREE.

Thursday, August 7, 2014

Coming Soon - The "Pssst. Don't go walking there alone" App

SketchFactor is a navigation app that shows the relative sketchiness of an area. It's focused on improving city exploration on foot. SketchFactor empowers users to report sketchy experiences, read sketchy incidents, and get directions to where they need to go in the least sketchy way possible.

What does sketchy mean?
Sketchy means a number of different things. To you, it may mean dangerous. To someone else, it may mean weird.
 

What can I report?
You can report any sketchy incident you see fit. (more)


FutureWatch: If this gains traction, like Yelp, it will become a whole lot more than just a personal app. Police, criminologists, city planners, security consultants, taxi cab companies and more will find use for the data this generates. Imagine a real-time SketchFactor overlay for Google maps.

FBI Citizens Academy - Hey, corporate America, turn around and pay attention.

“The top secret, government, political secrets, all that top secret stuff that you kind of think about spies, probably less than 10% of what they are trying to go after.” 

FBI experts say that 90% of what they go after, is industrial and trade secret espionage, and the target: students and executives from companies traveling abroad carrying trade secrets from their research and development at universities and companies.. And it's highly sought after.

“Every company, your research and development, it’s your next product down the road, and if I can steal that information and beat you to the market it's going to be devastating for you as a company.” (more) (video)

Tuesday, August 5, 2014

Nixon Tapes Released for 40th Anniversary of Resignation

Forty years ago this Friday, Richard Nixon became the first and only president of the United States to resign from office. He signed his resignation agreement, boarded a helicopter for San Clemente, Calif., and largely retreated into the shadows of history.

A decade later, he sat down with former White House aide Frank Gannon to share his own account of his final days in the Oval Office. Segments culled from those 30 hours of interviews were aired publicly just once, on CBS News. This week, The Richard Nixon Foundation and the Richard Nixon Presidential Library and Museum are releasing a series of clips of those interviews in commemoration of the 40th anniversary of the resignation.

In the first installments of the video series entitled “A President Resigns,” the disgraced president recalls learning that the infamous tape that became known as “the smoking gun” had been released. The tape revealed that Nixon had been aware of the break-in at the Watergate, despite his repeated denials. (more)

Monday, August 4, 2014

FutureWatch: Eavesdropping on Potato Chip Bags... You may be next.

Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.

In other experiments, they extracted useful audio signals from videos of aluminum foil, the surface of a glass of water, and even the leaves of a potted plant. The researchers will present their findings in a paper at this year’s Siggraph, the premier computer graphics conference.


 

“When sound hits an object, it causes the object to vibrate,” says Abe Davis, a graduate student in electrical engineering and computer science at MIT and first author on the new paper. “The motion of this vibration creates a very subtle visual signal that’s usually invisible to the naked eye. People didn’t realize that this information was there.” (more)

Spy Tradecraft FutureWatch - 3-D Room Scan Mapping

Despite the promise of Google's Movidius-equipped Project Tango, there are still no depth-sensing, SLR-stomping smartphones on the market. But Movidius thinks that could change soon, thanks to its brand new chip: the Myriad 2 vision processor unit (VPU). 

"The Myriad 2 is going to provide more than 20x the power efficiency of the Myriad 1, and enable camera features that were not possible before in mobile devices," CEO Remi El-Ouazzane tells me. If you'll recall, Tango's original tech brought faster focus, improved depth of field, near-optical zooming and higher light sensitivity to smartphone cameras (and now, tablets).



It also let researchers scan a room in 3D to provide interior navigation, among other cool tricks. (more)

From a Security Scrapbook Blue Blaze Irregular...
So, letting uncleared persons into secure facilities just became even more stupid. With new processing chips, surreptitious video recording becomes even more dangerous. Movidius makes the chips. And Matterport makes the 3D modelling software. This is very cool but at the same time very disturbing. How many tradecraft applications will this have? Security managers should see, at least, the Matterport video.

USB - Unfixable Security Broken

It is well known that USB drives can be dangerous. Companies run strict screening policies and it has long been known that running unknown ‘exe’ files is a bad idea. But what if the threat was undetectable, unfixable and could be planted into any USB device be it a USB drive, keyboard, mouse, web camera, printer, even smartphone or tablet? Well this nightmare scenario just became reality.

The findings will be laid out in a presentation next week from security researchers Karsten Nohl and Jakob Lell who claim the security of USB devices is fundamentally broken. More to the point they said it has always been fundamentally broken, but the holes have only just been discovered.

BadUSB


To demonstrate this the researchers created malware called ‘BadUSB’. It can be installed on any USB device and take complete control over any PC to which it connects. This includes downloading and uploading files, tracking web history, adding infected software into installations and even controlling the keyboard so it can type commands.

“It can do whatever you can do with a keyboard, which is basically everything a computer does,” explains Nohl... (more)


The short-term solution to BadUSB isn’t a technical patch so much as a fundamental change in how we use USB gadgets. To avoid the attack, all you have to do is not connect your USB device to computers you don’t own or don’t have good reason to trust—and don’t plug untrusted USB devices into your own computer. ...or, treat USB sticks the same way you would hypodermic needles. (more)

Android Warning - Don't Click SMS Links Without Thinking First

A virus known as 'Andr/SlfMite-A' has been recently discovered that is spreading throughout the Android world through text messages (SMS)...
 
Andr/SlfMite-A virus sends SMSs, which includes a malicious link. If you unknowingly click on the embedded link within the SMS, then the virus easily get installed on your phone. Once the virus is downloaded onto your phone, it secretly sends text messages with malicious link to the first 20 contacts from your contact list. 


These self-replicating 'worms' send SMSs to your contact list, thus playing with the trust that the receiver has in you. Just because the person from your contact thinks that the message is from you and hence is a genuine text message, they might just get tricked into clicking the link and unknowingly allow the virus to get installed onto their phone. (more)

PI Tip #251 - Clean Up Your Crummy Surveillance Videos - FREE

VideoCleaner is FREE professional open-source video enhancement software. With VideoCleaner, you can brighten poorly lit scenes, increase detail clarity, correct the viewing perspective, reverse lens distortion, repairs VHS recordings, improve color contrast, isolate channels, and so much more.

VideoCleaner makes faint movements, distant traffic signal color changes, and small details obvious. You can annotate on-screen with text and highlighting, correct playback speed, provide sweeping or adjacent before-after views, and extract stills.

Being open-source means that you can customize VideoCleaner to fit your needs and delve deep into the science. Everything is free, even the support.
VideoCleaner is free without any purchase price, support or update fees. You are welcome to use VideoCleaner and its components for any legal purpose, personal or commercial, without any requirements or obligations beyond the open-source General Public License (GPL) of its components. You are free to redistribute this software in accordance with its associated GPL. (more)

Wealth Managers Enlist Spy Tools to Map Portfolios

Some of the engineers who used to help the Central Intelligence Agency solve problems have moved on to another challenge: determining the value of every conceivable investment in the world.

Five years ago, they started a company called Addepar, with the aim of providing clear and reliable information about the increasingly complex assets inside pensions, investment funds and family fortunes. In much the way spies diagram a communications network, Addepar filters and weighs the relationships among billions of dollars of holdings to figure out whether a portfolio is about to crash. (more)

Tuesday, July 29, 2014

Security Scrapbook Post #5000 - FREE SpyWarn™ Announcement

Thank you to everyone who has enjoyed and contributed to Kevin's Security Scrapbook over the years. 5000 is a milestone, and a good time for you to dig into the archives. Enjoy!

It is also a good time to let my clients (and potential clients) know about a new benefit of using Murray Associates services...

FREE SMARTPHONE SECURITY PROTECTION
 


1. Free Cell Phone MicSpike with Carry Container
    Prevents phones from being turned into bugging devices.


2. Free Anti-Spyware Kit for Smartphones
    Includes the MicSpike™ and more security items.
    SpyWarn™ security kit works for all types of phones.
    It is not available elsewhere. (patent pending)
    Details and free smartphone security tips at...
    https://counterespionage.com/sw.html

3. Free SpyWarn™ Android app.
    A forensic evaluation for discovering spyware
    infections on smartphones.
    Details at... http://www.spywarn.com


4. Free book, "Is My Cell Phone Bugged?
    Amazon rated...

    

 

EXCLUSIVE
Available only to clients and those whose offices we inspect.

LIMITED TIME OFFER
This is the perfect time to add our Information
Security / TSCM* services to your security program.
*Technical Surveillance Countermeasures (aka, a bug sweep)

Download our introductory booklet.
http://www.counterespionage.com/download.html

Have questions? Need an estimate?
Just call me... from a "safe" phone.

+1-908-832-7900

Best regards,
Kevin D. Murray, CPP, CISM, CFE, MPSC

"Hey, what's your TSCM provider doing for you?"

Monday, July 28, 2014

Son Bugs Mom's Phone - $500.00 Fine

IL - A judge has fined a Lincoln man $500 for bugging his 90-year-old mother’s phone.

Richard Stamler, 60, pleaded no contest to disturbing the peace last week, and Lancaster County District Judge Andrew Jacobsen fined him... 


Stamler’s sister called police March 28, 2013, after she found a recording device in the basement of their mother’s home that had been connected to the phone line and set to record any time someone in the house picked up a phone.

She told police she recognized her brother’s voice reciting date information on the tape. He admitted to police he recorded calls on his mother's phone, but didn't think it was illegal. (more)