Wednesday, February 22, 2017

Flexi Morality - Expanded Cell Phone Spyware Laws Introduced

On three occasions this week, I asked a FlexiSpy salesperson a simple question: If I wanted to, could I use their spyware to snoop on my wife's cellphone without her knowing? The answer each time was yes. 

When asked if it was legal, they responded with a canned disclaimer explaining it was necessary to get the permission of the target. But what if I didn't want my wife to know? They could help me anyway...

Detect phone warming caused by spyware. (for clients only)
Even though I started each conversation telling the FlexiSpy salesperson I was a FORBES reporter, they were happy to offer suggestions about how one could install the app without permission of the target. One said I could "sneak to get her phone" and then install, a process that FlexiSpy would guide me through. He sought to allay any fears about getting caught, noting there was no icon and it would operate silently...

Meanwhile, lawmakers are seeking to expand laws that punish unwarranted, secret surveillance. Last week, Senators Ron Wyden, Jason Chaffetz and John Conyers introduced The Geolocation Privacy and Surveillance (GPS) Act. Specifically, it creates criminal penalties for "surreptitiously using an electronic device to track a person's movements that parallel the penalties that exist for illegal wiretapping." more  other cell phone spy gadgets

Howard Stern Sued for Eavesdropping on IRS Phone Call

Howard Stern is being sued for airing live a phone call that a woman thought she was having privately with an IRS agent. 

Stern was sued by Judith Barrigas on Monday for airing a 45-minute conversation that she had with IRS Agent Jimmy Forsythe, according to The Hollywood Reporter...

Before Barrigas was connected to Forsythe, though, the agent was on another line with Stern's show. He put the Stern show on hold to take the call with Barrigas.

Someone on Stern’s show was able to listen in on the Barrigas-Forsythe phone conversation and was apparently so intrigued by it that they decided to air the dialogue live on the radio show. 

The show, which has 30 million subscribers, shared Barrigas’ phone number on the air.. more full lawsuit

Tuesday, February 21, 2017

Business Espionage: Operation BugDrop - Major Eavesdropping Operation Using PC Microphones to Bug Targets

Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including critical infrastructure, news media, and scientific research.

The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by security firm CyberX.

Targets are initially infected using malicious Microsoft Word documents sent in phishing e-mails. Once compromised, infected machines upload the pilfered audio and data to Dropbox, where it's retrieved by the attackers. The researchers have dubbed the campaign Operation BugDrop because of its use of PC microphones to bug targets and send the audio and other data to Dropbox.

"Operation BugDrop is a well-organized operation that employs sophisticated malware and appears to be backed by an organization with substantial resources," the CyberX researchers wrote. more (Heads up. This hasn't hit hard in the Western Hemisphere yet, but be prepared.) 

Spybusters Tip #832: First line of defense... Disable macros on your Word software. Don't turn it back on if prompted to do so by something arriving in your email. ~Kevin

Monday, February 20, 2017

Revenge of the IT Guy (Case #254)

A sacked system administrator has been jailed...

after hacking the control systems of his ex-employer – and causing over a million dollars in damage. 

Brian Johnson, 44, of Baton Rouge, Louisiana, US, had worked at paper maker Georgia-Pacific for years, but on Valentine's Day 2014 he was let go.

He didn't take that lying down, and spent the next two weeks rifling through the firm's systems and wreaking havoc from his home. 

Johnson was still able to connect into Georgia-Pacific servers via VPN even after his employment was terminated.

Once back inside the corporate network, he installed his own software, and monkeyed around with the industrial control systems.

Artist's conception.
His target was the firm's Port Hudson, Louisiana, factory, which produces paper towels and tissues 24 hours a day. In a two-week campaign, he caused an estimated $1.1m in lost or spoiled production. more

Mr. Johnson's emotions imagined as music inside his head.

Czech Mate, or Here's Looking at You Id

Forty-foot statue of David Black Trifot is part of a new multi-genre space outside the city Photo Czech Centre, which is now open to the public. more

Friday, February 17, 2017

Security Director Alert: USB Killer Stick II

Remember the USB Killer stick that indiscriminately and immediately fries about 95 percent of devices? (See the Security Scrapbook warning about it from last September.)

Well, now the company has released a new version that is even more lethal! And you can also buy an adapter pack, which lets you kill test devices with USB-C, Micro USB, and Lightning ports.

Further Reading: USB Killer, yours for £50, lets you easily fry almost every device

If you haven't heard of the USB Killer before, it's essentially a USB stick with a bunch of capacitors hidden within. When you plug it into a host device (a smartphone, a PC, an in-car or in-plane entertainment system), those capacitors charge up—and then a split second later, the stick dumps a huge surge of electricity into the host device, at least frying the port, but usually disabling the whole thing...

The new USB Killer V3, which costs about £50/$50, is apparently 1.5 times more powerful than its predecessor, is more lethal (it pumps out eight to 12 surges per second), and is itself more resistant to setups that might cause the USB Killer to fry itself. more

Spybusters Tip #783 - Block your USB ports with a USB lock and security tape. Aside from Killer Stick sabotage, USB ports are virus injection portals.