The Smartphone Turns 20

The First Smartphone

Click to enlarge.

IBM debuted a prototype device, code named "Angler," on November, 23, 1992 at the COMDEX computer and technology trade show in Las Vegas, Nevada, United States... BellSouth executives gave the finished product its final name, "Simon Personal Communicator", before its public debut at the Wireless World Conference in November, 1993... In addition to its ability to make and receive cellular phone calls, Simon was also able to send and receive facsimiles, e-mails and cellular pages. Simon included many applications including an address book, calendar, appointment scheduler, calculator, world time clock, electronic note pad, handwritten annotations and standard and predictive stylus input screen keyboards. (1)


The Simon could be upgraded to run third party applications either by inserting a PCMCIA card or by downloading an application to the phone's internal memory. Atlanta, Georgia-based PDA Dimensions developed "DispatchIt", the only aftermarket, third-party application developed for Simon. The DispatchIt application costs were US$2,999 for the host PC software and US$299 for each Simon software client. (2)

Read More

Security Alert: Patch Your Samsung Printers

Samsung printers contain a hardcoded backdoor account that could allow remote network access exploitation and device control via SNMP. (Yes, your print job may be stolen before the paper hits the tray.) Details of the exploit have been published... Samsung has stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices. (more)

Read More

Everything You Need to Know About Shredding Sensitive Waste Paper

Scraps of seemingly useless information tossed in the trash may be synergistically related. Analysis can reveal the big picture to outsiders. Reducing the availability of these puzzle parts is an important counterespionage responsibility. Stealing trash is believed to be the number one business espionage trick.

Shredding Checklist

• Encourage the destruction of all waste paper as soon as it becomes waste.
• Make a deskside crosscut shredder your primary weapon.
• Large volume waste will require a larger, bulk crosscut shredder.
• Place a shredder or locked bin next to photocopy machines in sensitive areas.
• Extend shredding efforts to key executives’ home offices as well.
• Never save confidential papers in a box under the desk “to be shredded later.”
• Always use crosscut type (or better) shredders.
• Retire any strip-cut shredders you are using.
• Once shredders or locked bins are in place, remind people to use them.
• Do not entrust bulk wastepaper destruction to paper recyclers unless they can destroy on-site using a truck-mounted shredder (and you can watch). Cart and shred only when sheer bulk dictates this as the logical choice and the material is not highly sensitive. Otherwise, destroy it yourself before recycling.

The big shredder purchasing mistake… Buying just one large central shredder for everyone to use. Reason: Not everyone will use it. Why? Too inconvenient.

People are too busy to be bothered to walk over to a shredder every time they should. A better choice - several convenient deskside crosscut shredders, or locked storage bins. This is one perk which has a very positive payback.

Did You Know?…  

There are people who will reassemble shredded strips, and computer programs which can optically piece together shredded strips, too.

Buyers Guide to Shredders 

Shredder manufacturers and distributors...

http://tinyurl.com/Dahle-Shredders

http://tinyurl.com/Lynde-Ordway

http://tinyurl.com/abcosolutions

http://tinyurl.com/abe-online

http://tinyurl.com/alleghenyshredders

http://tinyurl.com/ameri-shred

http://tinyurl.com/papershredders

http://tinyurl.com/cumminsshredders

http://tinyurl.com/Dahle4Shredders

http://tinyurl.com/eccobusiness

http://tinyurl.com/FellowesShredders

http://tinyurl.com/gbc-shredder

http://tinyurl.com/IdealShredders

http://tinyurl.com/industrialshredders

http://tinyurl.com/intimus

http://tinyurl.com/mbmcorp

http://tinyurl.com/semshred

http://tinyurl.com/somatcompany

http://tinyurl.com/whitakerbrothers

• Replace your stripcut shredders with crosscut (or better) models. Stripcut models do not provide business-level security.  
• Deskside crosscut shredders are also available from retails stores such as Staples or Office Depot.

~Kevin

Read More

Police Strip Cut Shreds Used as Parade Confetti

Ethan Finkelstein, was at the NYC Thanksgiving Day Parade and noticed something weird about the confetti... "and it says 'SSN' and it's written like a social security number, and we're like, 'That's really bizarre.'

"There are phone numbers, addresses, more social security numbers, license plate numbers and then we find all these incident reports from police."

One confetti strip indicates that it's from an arrest record, and other strips offer more detail. "This is really shocking," Finkelstein said. "It says, 'At 4:30 A.M. a pipe bomb was thrown at a house in the Kings Grant' area."

A closer look shows that the documents are from the Nassau County Police Department. The papers were shredded, but clearly not well enough.

They even contain information about Mitt Romney's motorcade, apparently from the final presidential debate, which took place at Hofstra University in Nassau County last month. (more)

UPDATE: ...Sources close to the investigation into the incident told PIX11 News that an employee of the Nassau County Police Department was watching the parade near 65th Street and Central Park West, along the parade route. He had brought shredded NCPD documents with him for his family and friends to use as confetti... (more) (video)

Read More

TSCM Bug Sweeps: When, and When Not To - Part I

The following provides advice specifically meant for: 
Private Investigators, 
Security Directors, 
Security Consultants 
and TSCM professionals.

Technical Surveillance Countermeasures (TSCM), or bug sweep, is an analysis of an area to detect illegal covert electronic surveillance. In addition to listening devices, sweeps also take into account optical, data, and GPS tracking devices.
 
A typical case involving a private individual...
Someone contacts you to “find a bug”. They are sure their: significant other, landlord, neighbor, or the amorphous “they” knows their every thought and move. What do you do? Is a bug sweep really the best first step? 

Probably not. (more)

The article goes on to answer the question using this scenario:
 
A typical case involving a business client... 
Word about something has leaked out. “Check everything!”, barks the boss. What do you do? Is an inspection for bugs and wiretaps the best first step? (more)

Part II will appear later in December. ~Kevin

Read More

Spying Accusations Stoke America's Cup Rivalries

Spying is set to spark new battle lines in the America’s Cup as tempers fray on Auckland’s Hauraki Gulf. 

At odds are the €90m Italian team Luna Rossa, backed by the Prada luxury goods house, and the San Francisco-based, Lord knows how many millions Oracle team, holders of the cup and backed by computer software billionaire Larry Ellison.

Spying has been going on forever as rival teams assess the performance of their competitors – if Oracle is indeed spying on Luna Rossa it will also be spying on Team New Zealand (TNZ) and if it is not it would be astonishing. (more)

Read More

Is Your Cell Phone Protected by the 4th Amendment?

Judges and lawmakers across the country are wrangling over whether and when law enforcement authorities can peer into suspects’ cellphones, and the cornucopia of evidence they provide.

A Rhode Island judge threw out cellphone evidence that led to a man being charged with the murder of a 6-year-old boy, saying the police needed a search warrant. A court in Washington compared text messages to voice mail messages that can be overheard by anyone in a room and are therefore not protected by state privacy laws.

In Louisiana, a federal appeals court is weighing whether location records stored in smartphones deserve privacy protection, or whether they are “business records” that belong to the phone companies.

“The courts are all over the place,” said Hanni Fakhoury, a criminal lawyer with the Electronic Frontier Foundation, a San Francisco-based civil liberties group. “They can’t even agree if there’s a reasonable expectation of privacy in text messages that would trigger Fourth Amendment protection.”

The issue will attract attention on Thursday when a Senate committee considers limited changes to the Electronic Communications Privacy Act, a 1986 law that regulates how the government can monitor digital communications. Courts have used it to permit warrantless surveillance of certain kinds of cellphone data. (more)

Read More

Mannequin Spies - Will Dummy Shoppers Revolt?

An Italian firm selling mannequins that secretly monitor the age, race and gender of customers using facial recognition software has come under fire from privacy groups. The information logged by the dummies is then used to implement more effective marketing strategies by stores in the US and Europe.

And the manufacturer now plans to add audio recording to the dummies' capabilities, listening in on customers' discussions about their clients' products.

Click to enlarge

The mannequins, known as "EyeSee" are manufactured by Italian company Almax and retail for £3,200 each.

Privacy campaigners agree, describing the technology as "creepy" and "totally disproportionate."

Emma Carr, deputy director of campaign group Big Brother Watch, told the Daily Mail newspaper: "The use of covert surveillance technology by shops, in order to provide a personalised service, seems totally disproportionate.

"The fact that the cameras are hidden suggests that shops are fully aware that many customers would object to this kind of monitoring. 

"Keeping cameras hidden in a mannequin is nothing short of creepy." (more)

As Seen on Predicted on TV in 1960!

(YouTube)

 

Read More

Bilateral Hotlines Worldwide

(Updated: June 14, 2013)

In a previous article we discussed the Washington-Moscow Hotline, being the most famous bilateral hotline. It was soon followed by direct communication links between a number of other countries with nuclear capabilities. In general these hotlines started as teletype connection, being upgraded with facsimile units in the eighties and were eventually turned into dedicated secure computer networks. An exception is the hotline between Washington and London, which was a phone line already since 1943.

These hotlines between the heads of governments, are meant to prevent (nuclear) war in times of severe crisis. For preventing misunderstandings and miscommunications in less critical situations, countries have also set up lower level telephone hotlines between their defense or foreign ministers. For example, the United States has so called Defense Telephone Links with at least 23 other states.

Overview of both top level and lower level bilateral hotlines worldwide
reflecting political and military relationships between countries
(Click for a bigger version)

UNITED STATES - RUSSIA
- In 1963 the United States and the Soviet Union established the Direct Communications Link (DCL) or Washington-Moscow Hotline. This highly secured connection originally used teletype machines, which were replaced by facsimile units in 1988 and is using e-mail since 2008.
- In 1990 both countries agreed to establish a direct, secure telephone link between Washington and Moscow. This might be the Direct Voice Link (DVL), which is maintained by the White House Communications Agency.

Between the US and Russia there are also the following lower level communication links:

- In 1988 the Nuclear Risk Reduction Center (NRRC) was established at the US Department of State, which is used to exchange information in support of arms control treaties. After the split-up of the Soviet Union this secure data exchange connection, called Government-to-Government Communication Link (GGCL), was extended to Ukraine, Belarus, and Kazakhstan.
- In 2000 the US and Russia signed an agreement for the establishement of a Joint Data Exchange Center (JDEC) to share early warning information on missile and space launches to reduce the risk that a test launch could be misread as a missile attack. It's not clear whether this center has already been realized or not.

Besides these bilateral hotlines with Russia, the United States also has the following lower level communication links with other nations:

- There is a secure telephone line called Foreign Affairs Link (FAL) between the US Department of State and Russia (since 1999), Japan, Mexico, Germany and Israel.

- There is a Defense Telephone Link (DTL) between the US Department of Defense and Russia (since 1994), China (since 2008), Albania, Oman, Qatar, Latvia, Lithuania, Slovenia, Saudi Arabia, Ukraine, Bulgaria, Kuwait, Estonia, Slovakia, Kazakhstan, Macedonia, Bahrain, Israel (since 1996), United Arab Emirates, Poland, Romania, Czech Republic and Austria.

- In September 2011, the United States proposed opening a direct military hotline with Iran to avoid a possible conflict erupting over the Iranian nuclear program. Tehran declined the offer.



UNITED STATES - UNITED KINGDOM
- During World War II, two decades before the hotline Washington-Moscow was established, there was a hotline between the Cabinet War Room bunker under Downing Street and the White House in Washington. From 1943-1946 this link was made secure by using the very first voice encryption machine, called SIGSALY. In the fifties and sixties the Washington-London hotline was secured by the KY-9, probably succeeded by the KY-3 voice encryption devices. Eventually, the British prime minister was directly connected to the US Defense Red Switch Network (DRSN).


UNITED STATES - GERMANY
- In 1969 president Nixon offered the German prime minister (Bundeskanzler) to set up a secure teletype hotline, like the US already had with Moscow and London. Earlier, president Johnson had called kanzler Erhard by using a standard phone line.



UNITED STATES - CHINA
- On April 29, 1998 the United States and China signed an agreement to set up a direct telephone link between the presidents of both countries.
- On February 29, 2008 both countries agreed to set up a Defense Telephone Link (DTL) between the US Department of Defense and China’s Ministry of National Defense, which became operational in April 2008. Until 2011 this hotline was used only four times.



RUSSIA - CHINA
- A hotline connection between Moscow and Bejing was used during the 1969 frontier confrontation between the two countries. The Chinese however refused the Russian peace attempts, and informed Moscow that the direct communications link "was no longer "advantageous" and normal diplomatic channels would suffice". After a reconciliation between the former enemies, the hotline between China and Russia was revived in 1996.* It's not clear whether this hotline is for record or voice communications.
- A telephone hotline between the defence ministries of Russia and China became operational on March 14, 2008.



RUSSIA - NORTH KOREA
- Apparently there was a facsimile-hotline between Moscow and Pyongyang, which was used in 1968, when North Korea captured the American spy ship USS Pueblo.*



RUSSIA - FRANCE
- Since 1966 there was a direct teletype connection between the French president and the Kremlin. In 1989 the teletype equipment was replaced by high speed facsimile units.*


RUSSIA - UNITED KINGDOM
- Since 1967 there was a direct teletype connection between the British prime minister and the Kremlin. In 2011 this hotline was upgraded to a better-encrypted telephone link.


RUSSIA - GERMANY
- In 1989 a facsimile connection was established between the West-German capital Bonn and Moscow.* The Soviet Union also had a hotline with Erich Honecker as leader of the former East-German Republic (DDR). During a short period before East and West Germany were united in 1991, there was a hotline between Honecker and the West-German Bundeskanzler Helmut Kohl.*



ISRAEL - EGYPT
- In 2009 Israeli prime minister Ehud Olmert and Egyptian president Hosni Mubarak agreed to pass on relevant intelligence information immediately using a hotline, primarily to combat smuggling from Sinai into the Gaza Strip.



INDIA - PAKISTAN
- In 2004 India and Pakistan agreed to set up a secure hotline between their foreign ministers, aimed at preventing misunderstandings that might lead to nuclear war.
- In 2011 both countries agreed to set up a 24/7 non-encrypted hotline between their interior ministers, that will facilitate real-time information sharing on terrorist threats. The Director-General of Military Operations of the two countries already had a hotline.


INDIA - CHINA
- Since 2005 there's a non-encrypted hotline between the foreign ministers of India and China for building "mutual political trust".
- In 2009 both countries agreed to set up a hotline between their prime ministers, which was meant as a confidence building measure and to maintain regular contacts at the highest level.


INDIA - RUSSIA
- There's also a non-encrypted hotline between Delhi and Moscow, which was established before 2009.



SOUTH KOREA - NORTH KOREA
- An existing direct communication line between North and South Korea was cut off by North Korea on May 26, 2010. This hotline was reopend in January 2011 and was maintained by the international Red Cross. North Korea again cut off this hotline on March 11, 2013.



CHINA - SOUTH KOREA
- In September 2012, China and South Korea agreed to set up a consular hotline between their defense ministries to protect rights of their citizens who are staying in the other country. In April 2013 both countries agreed to set up a second, 24-hour hotline to deal with the rising tension over North Korea.


CHINA - VIETNAM
- In June 2013, China and Vietnam agreed to set up a naval hotline between their defense departments, in order to keep a peaceful and secure maritime environment in the South China Sea, amid escalating maritime tensions over disputed South China Sea islands.


In 2010, China and Japan agreed to establish a hotline between their political leaders, following a series of naval incidents, but the plan wasn't realized. Defence officials of the two countries also agreed in 2011 to set up a military-to-military hotline by the end of 2012, but the talks stalled due to heightened tensions over the territorial row. In February 2013, Japan again suggested to establish a China-Japan hotline.


When more information about these hotlines becomes available, it will be added here. Some of the most notable bilateral hotlines will be discussed later on this weblog.



Links and Sources (PDF)
- National Communications System, Forty Years of Service to the Nation: 1963-2003, 2003
- Haraldur Þór Egilsson, The Origins, Use and Development of Hot Line Diplomacy, Institute Clingendael, 2003
- US Department of State, Bureau of Information Resource Management (IRM), 2011

Read More

Patent Wars - VoIP Wiretaps

After Microsoft acquired Skype, we looked at a Microsoft patent called "Legal Intercept" meant for monitoring and recording VoIP communications. At that time, there were questions about if Microsoft would ruin Skype by making a backdoor for easy spy and pry government and law enforcement access. But a California-based company called VoIP-Pal already had such a surveillance patent that is meant to "allow government agencies to 'silently record' VoIP communications."

The Microsoft patent was filed in December 2009, but a company called Digifonica (International) Limited had filed a similar wiretapping VoIP patent in 2007. Then, in May 2012, VoIP-Pal attained five VoIP patents from the acquisition of Digifonica Gibraltar. One of the five patents is called "Lawful Intercept" and is meant for "intercepting VoIP and other data communications." (more)

Read More

Spy College... for your 21st Century careers

At the University of Tulsa school, students learn to write computer viruses, hack digital networks and mine data from broken cellphones. Many graduates head to the CIA or NSA.

Stalking is part of the curriculum in the Cyber Corps, an unusual two-year program at the University of Tulsa that teaches students how to spy in cyberspace, the latest frontier in espionage.

Students learn not only how to rifle through trash, sneak a tracking device on cars and plant false information on Facebook. They also are taught to write computer viruses, hack digital networks, crack passwords, plant listening devices and mine data from broken cellphones and flash drives.

It may sound like a Jason Bourne movie, but the little-known program has funneled most of its graduates to the CIA and the Pentagon's National Security Agency, which conducts America's digital spying. Other graduates have taken positions with the FBI, NASA and the Department of Homeland Security. (more)

Read More

From our "Persistence is Futile" file...

Top code-breakers at one of Britain's intelligence agencies, the GCHQ, say they have failed to decipher a message found attached to the leg of a dead Second World War pigeon. (more)

Can YOU crack the code?
RE HHAT VM RIYNZ LXJT MJRBTXAN
Give up? Crack it here. Your code number is 1943.

Read More

Student Balks at Stalk (Psst. Just make the tags more stylish.)

A court challenge has delayed plans to expel a Texan student for refusing to wear a radio tag that tracked her movements.

Style is everything in high school.*

Religious reasons led Andrea Hernandez to stop wearing the tag that revealed where she was on her school campus.

The tags were introduced to track students and help tighten control of school funding.

A Texan court has granted a restraining order filed by a civil rights group pending a hearing on use of the tags.

ID badges containing radio tags started to be introduced at the start of the 2012 school year to schools run by San Antonio's Northside Independent School District (NISD). The tracking tags gave NISD a better idea of the numbers of students attending classes each day - the daily average of which dictates how much cash it gets from state coffers. (more)

In other tracking news...

As U.S. turns to ear tags over brands, cattle ranchers fear end of tradition

* Get 'um here pard'ner.

Read More

Holiday Shopping Safety Infographic

Click to enlarge.

Click to enlarge.

Read More

Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices

Thanks to protections enshrined in the U.S. Constitution, the government generally can’t snoop through your laptop for no reason. 

But those privacy protections don’t safeguard travelers at the U.S. border, where the U.S. government can take an electronic device, search through all the files, and keep it for a while for further scrutiny – without any suspicion of wrongdoing whatsoever. (more) (pdf guide)

Read More

The Wall Street Wiretap Sword Of Damocles

Mark Pomerantz, a former federal prosecutor, says the government wants everybody on Wall Street to believe all their conversations are being taped.

Pomerantz tells MarketWatch that the perception of wiretaps being employed in a widespread way is great for deterrence. However, he said he didn’t think they were being employed extensively by federal prosecutors. (more)

Read More

Researchers Find iOS is Rich Target for Spying Software

Takeaway: The popularity of Apple devices makes them a prime target for spying programs, malware, and simple thievery.

According to a report in TechWeek Europe, researchers have found that spying programs like SpyEra, SpyBubble and StealthGenie are used by attackers much more heavily on devices running iOS. In two samplings of infected devices, Israeli mobile security company Lacoon found that significantly more iOS devices were being targeted over other mobile operating systems (74 % in one sampling and 52 % in a second sampling).

Attackers are, of course, taking advantage of the relative popularity of Apple devices, and are using the spying programs in highly targeted attacks — for example, against business executives — “to watch over personal and business data, letting the attackers view all the victim’s emails, text messages and geo-location information.” (more)

Read More

Cyber Espionage Infographic

Click or download to enlarge.

Infographic courtesy F-Secure

Read More

Commander Petraeus' phones

Last week, David Petraeus resigned as director of the Central Intelligence Agency (CIA), after admitting he had an extramarital affair with his biographer Paula Broadwell. This led to many news reports and also many pictures on the internet.

Some of them give a nice look at the telecommunications equipment which general Petraeus used when, from July 2010 to July 2011, he was commander of the International Security Assistance Force (ISAF) in Kabul, Afghanistan:

ISAF Commander Petraeus being interviewed by Paula Broadwell
(Photo: paulabroadwell.com, date unknown)

In this picture we see the following telecommunication devices:

Video conferencing screens
On Petraeus' desk we see two Centric 1700 MXP video teleconferencing screens, made by the Norwegian manufacturer Tandberg. In 2010 this company was bought by Cisco Systems, and so the 1700 MXP screens are often used by US military officials. They are equipped with a HD camera and have a widescreen LCD screen, which operates both as a video conferencing system and PC display.

STE
Left of the personal computer screen we see a Secure Terminal Equipment (STE), made by L3 Communications. The STE is a phone capable of encrypting calls up to the level of Top Secret/SCI. This phone can be used to have a secure line to anyone with a similar device.

IST-2
Right behind the chair of commander Petraeus is an Integrated Services Telephone 2 (IST-2), made by Telecore Inc. This is a so called "red phone", which is part of the Defense Red Switch Network (DRSN), connecting the President, the Secretary of Defense and all mayor US command centers. This is the primary telephone network for military command and control communications.

VoIP phones
In the picture above we see three of four Voice over IP (VoIP) phones: at the right end a Cisco SPA and the other three being phones from the Cisco 7970-series. It's likely each of these phones is part of a separate telephone network. Nowadays many military phone networks use Voice over IP, often with Cisco IP phone sets. These phones have no encryption capability, but their voice data networks can easily be secured with specific network encryptors.
In the picture below we can see al four VoIP phones, neatly aligned on a shelf and with an organizational chart at the left side of them:

General David Petraeus in his office at the ISAF headquarters in Kabul.
(Photo: Adam Ferguson/The New York Times, March 8, 2011)

Printers
Also in this picture we see three printers on a table at the left side of the room. Apparently there are separate printers for different computer networks, in order to keep documents of different classification levels separated.
At the upper left corner of the front of at least the first two printers we can see the colored classification labels: a green sticker for Unclassified materials on the printer in the foreground and a red sticker for materials classified as Secret on the printer in the middle. The third printer seems to have no marking, but we can assume this one is for Top Secret (orange sticker) or Top Secret/SCI (yellow sticker) documents.


This kind of communications equipment is typical for US military commanders in similar positions. Therefore one can quite easily recognize it also on other pictures of American military commanders and command centers. Contrarily, pictures in which we can see the equipment used in Petraeus' last office, that of director of the CIA, are very rare - but we keep looking!


UPDATE February 5, 2013:

A reader of this weblog kindly noticed me of another picture of general Petraeus in his office, with clearly visible another kind of communications device. It's an HH2G Tetrapol handheld radio device, sitting in a desktop adapter, so it can be more or less used like a phone:

General David Petraeus in his office in ISAF headquarters in Kabul, Afghanistan
(Photo: Chris Hondros/Getty Images Europe, October 21, 2010)

The Tetrapol secure voice and data radio network was installed in 2004 by Cogent Defence and Security Networks, the UK operating company of EADS Defence and Communications Systems Group. This trunked Tetrapol ISAF Command Network, with end-to-end security, provides command communications coverage for the NATO Area of Responsibility in the Kabul region.

Read More

City Hall Fingered for Eavesdropping - Claims 'Inadvertance'

Chicago City Hall officials violated Illinois' strict eavesdropping law when they ‘inadvertently’ recorded conversations with Chicago Tribune reporters without their consent.

The Tribune sent the city a letter Friday demanding that officials stop secretly recording conversations with reporters. The newspaper also requested copies of the recorded conversations.

“This failure was due to inadvertence – not some practice or plan to record interviews without consent,” City Attorney Stephen Patton stated in a letter responding to the Tribune. (more)

Read More

What the Well Dressed Spy Wants for Christmas

Upon first glance, it appears to be a standard pair of cuff links.

However, a covert, hidden handcuff key has been engineered in to the design. This concealed hand cuff key will to open almost all Standard Hand cuffs. It’s also designed to hold your French Cuffs closed. A must have for any international SPY or the average citizen looking for some styling carbon fiber inlaid cuff links that happen to open hand cuffs.

*WARNING: The use of this product may result in you being shot.*

Don’t Break the law. 
You are not Bond'ed. (more) (more weird cufflinks)

Read More

Scientific Breakthrough Gives Paranoids Another Thing to Worry About

Click to enlarge.

A tiny ear-powered device extracts energy from an ear and transmits information wirelessly to a nearby radio. (more)

Read More

2012 China Report Released... no surprises.

The U.S.-China Economic and Security Review Commission was created by Congress to report on the national security implications of the bilateral trade and economic relationship between the United States and the People's Republic of China.

"This Report conveys our findings from the past year, along with providing recommendations to Congress about how best to respond to some of the problems we have identified."
2012 REPORT TO CONGRESS
 
Excerpts:
"Travelers to China sometimes report Chinese officials tampering with their electronic devices upon entry or exit. Customs or border enforcement entities may perform or enable such activities."

"Some corporate entities in China may engage in, support, or benefit from cyber espionage. The prevalence of stste-owned or -controlled enterprises in the telecommunications and IT sectorsin China mean that such activities would often constitute state sponsorship."

Just coincidence?

 

Read More

This Week in Spy News

The chairman of Stow College in Glasgow has resigned after a row over a recorded conversation on a device branded a "spy-pen". (more)
 
Outdated laws have created loopholes that allow government and law enforcement agencies to request information and conduct electronic surveillance without warrants. The piece of legislation at the heart of the issue is the Electronic Communications Privacy Act, passed in 1986. (more)
 
Ex-British spy, turning 90, happily living in Russia... 
The spy, George Blake, betrayed British intelligence starting in the 1950s; he was found out in 1961 and sentenced to 42 years in prison. But he escaped five years later using a rope ladder made of knitting needles, made his way to the Soviet Union and has been living out his last years serenely in a cottage outside Moscow. (more)

Two Simple Spy Tricks That David Petraeus Could Have Used To Hide His Affair...
Does the head of the world's top spy agency really think he can hide behind a Gmail account and a pseudonym? Apparently so. Even bumbling Boris Badenov from "Rocky and Bullwinkle" would have known better. (more)

The Maryland Transit Administration is bugging buses in Baltimore, and the bugged buses are what’s bugging civil rights advocates. Buses already have cameras, but ten buses now have microphones that are supposed to add to security by recording what’s said between passengers and the drivers. (more)

How to Stop Spies from Digging Up Your Personal Information...
The spies in our lives aren't like the ones in movies—they take the form of a suspicious lover, obsessive coworker, or jealous "friend." While you can't distrust everyone you meet and lead a happy life, you can protect your personal information from falling into the wrong hands. Here's how to guard yourself from spies without slipping into a state of constant paranoia. (more)

The chairman of Pirelli, Marco Tronchetti Provera, will go to trial over a long-running probe into alleged use of Telecom Italia data to snoop on Italy's elite, a judicial source said on Monday. ( more)

How to Snap Top Secret Photos Without Anyone Noticing...
Ever needed to snap a picture in a quiet building without anyone noticing? Or maybe you need to document misbehavior without getting caught? Taking snapshots on the sly isn't easy, but a few tricks can help you capture a moment without another soul noticing. (more)
 

Steampunk Spy-Fi: Real-life gadgets perfect for a Victorian Era James Bond...
What if the majesty of On Her Majesty's Secret Service was Queen Victoria? (more)

In France, a Mission to Return the Military's Carrier Pigeons to Active Duty...
Grounded After Modern Communication Devices Soared, Birds May Offer Low-Tech Solutions; No Round Trips (more)

Read More

Email Security - The Petraeus Case

...via Zack Whittaker
There's no such thing as a truly 'anonymous' email account, and no matter how much you try to encrypt the contents of the email you are sending, little fragments of data are attached by email servers and messaging companies. It's how email works and it's entirely unavoidable...which first led the FBI on a path that led up to the very door of Petraeus' office door in Langley, Virginia.

Ultimately, only Google had access to the emails. Because it's a private company, it does not fall under the scope of the Fourth Amendment. If the U.S. government or one of its law enforcement agencies wanted to access the private Petraeus email account, it would have to serve up a warrant.

In this case, however, the Foreign Intelligence Services Act (FISA) would not apply. Even the Patriot Act would not necessarily apply in this case, even though it does allow the FBI and other authorized agencies to search email. However, in this case, above all else, the Stored Communications Act does apply -- part of the Electronic Communications Privacy Act.

The act allows for any electronic data to be read if it has been stored for less than 180 days. In this case, the law was specifically designed -- albeit quite some time before email became a mainstream communications medium -- to allow server- or computer-stored data to be accessed by law enforcement.

However, a court order must be issued after the 180 days, and in this case it was...

Once it knew Ms. Broadwell was the sender of the threatening messages, the FBI got a warrant that gave it covert access to the anonymous email account. And that's how they do it. (more)

Read More

Watergate's Next Watergate

A history professor hopes that a federal court's recent order to release long-sealed Watergate documents will shed light on the motivations behind the infamous 1972 scandal and help set an example for how to unseal court records.

Federal District Judge Royce Lamberth in Washington, D.C., on Friday ordered the National Archives and Records Administration to review and release some of the documents within a month. The order came in response to Texas A&M history professor Luke Nichter's 2009 informal request to Lamberth to unseal a trove of documents relating to the 1973 trials of Watergate conspirators G. Gordon Liddy and James McCord.

Nichter's letter said that some of the sealed materials "purportedly will demonstrate that exposing a prostitution ring was the real motivation for the break-in." Liddy had alleged a similar theory in the mid-1990s, although he claimed that motive was unknown to him when he orchestrated the break-in. (more) (previous report)

Read More

Get Alerts from your Local Police & 5,000 other Public Safety Agencies

One thing Hurricane Sandy taught us was truth beats rumors. Sign up for the truth... 

"This service, NIXLE, delivers trustworthy and important neighborhood level public safety and community event notifications instantly sent to you by cell phone text message, email and web. There is NO spam or advertising and the service is available at no cost.

Register at www.nixle.com. This service is simple to use, reliable and trusted.

Stay connected to your world, from the public safety alerts that are relevant to you, to the important neighborhood advisories you want to know about and other valuable community information."

Read More

More iPhone Security Tips

Important Points
• iPhone / iPad / iPod muggings are common.
• Reduce risk...
-- Minimize usage while in very public places.
-- Use iOS's security features...
---- for tracking a stolen device and remote wiping of data.
---- for preventing thieves from: turning off tracking, accessing data and accounts.
• If theft occurs, go to the police first, not the phone company. 
-- Police will try to track. 
-- Carrier will shut off service.
• Seal the SIM card with serial numbered security tape to detect tampering.

Setting tips via Martin Williams...
1. Select Settings.
2. Click General.
3. Select Restrictions.
4. Set a Restrictions passcode.
5. Click Enable Restrictions.
6. Look for Deleting Apps and toggle the switch from On to Off. This will mean that no one can delete an app such as Find My iPhone without your Restrictions passcode.
7. Scroll down the list of options until you reach the Privacy section, here you’ll find a link to Locations Services, click it.
8. Select Don’t Allow Changes. This will mean it is impossible for a robber to disable the Find My iPhone application from broadcasting your GPS. You will now need manually to approve all new apps to access your location data.
9. Go back to the main Restrictions menu and select Accounts, changing this setting to Don’t Allow Changes. This makes it impossible for a mugger to disconnect your iCloud account that connects to Find My iPhone.
10. If your iPhone is stolen, it is only going to transmit its location for as long as a SIM card is inserted and is active.

Read More

Government Strength Mobile Spyware

In the secretive world of surveillance technology, he goes just by his initials: MJM. His mystique is such that other security professionals avoid using wireless Internet near him...

MJM -- Martin J. Muench -- is the developer of Andover, U.K.-based Gamma Group’s FinFisher intrusion software, which he sells to police and spy agencies around the world for monitoring computers and smartphones to intercept Skype calls, peer through Web cameras and record keystrokes...

Of Gamma’s products, FinFisher has become the flashpoint. It represents the leading edge of a largely unregulated trade in cybertools that is transforming surveillance, making it more intrusive as it reaches across borders and spies into peoples’ digital devices, whether in their living rooms or back pockets...

...researchers including Claudio Guarnieri of Boston-based security risk-assessment company Rapid7; Bill Marczak, a computer science doctoral candidate at the University of California Berkeley; and Marquis-Boire, whose day job is working as a security engineer at Google Inc., found computers that appeared to be command servers for FinSpy in at least 15 countries.

They also documented FinSpy’s ability to take over mobile phones -- turning on microphones, tracking locations and monitoring e-mails...


On Oct. 12, U.S. law enforcement officials warned smartphone users to protect themselves against FinFisher, calling it malware, or malicious software.

“FinFisher is a spyware capable of taking over the components of a mobile device,” the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and National White Collar Crime Center, said in a Website alert to the public. “FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.”

FinSpy Mobile can infect almost every kind of device, including Apple Inc.’s iPhones and smartphones running Google’s Android or Microsoft Corp.’s Windows systems, according to a pamphlet Muench provides. (more)

Read More

Meet the Superheroes Fighting for Your Right to Mobile Privacy

Five years into the smartphone era, the threats to user privacy have never been higher.  

The complex and mostly unregulated privacy concerns of the mobile ecosystem have driven many users to take their privacy into their own hands, whether that means deleting apps that ask for too much information or turning off location services.

However, the fight over mobile privacy is just really starting to take shape. We wanted to get a beat on where that fight is now, and about what – if truly anything – privacy advocates think will change the future of mobile towards a more user controlled experience... (more)

Read More

A Salute to Our Native American Code Talkers

George Smith, one of the Navajo code talkers who helped the U.S. military outfox the Japanese during World War II by sending messages in their obscure language, has died, the president of the Navajo Nation said.

"This news has saddened me," Ben Shelly, the Navajo president, said in a post Wednesday on his Facebook page. "Our Navajo code talkers have been real life heroes to generations of Navajo people."

Smith died Tuesday, Shelly said, and the Navajo Nation's flag is flying at half-staff until Sunday night to commemorate his life.

Several hundred Navajo tribe members served as code talkers for the United States during World War II, using a military communications code based on the Navajo language. They sent messages back and forth from the front lines of fighting, relaying crucial information during pivotal battles like Iwo Jima.

Military authorities chose Navajo as a code language because it was almost impossible for a non-Navajo to learn and had no written form. It was the only code the Japanese never managed to crack.

The Navajo code talkers participated in every assault the U.S. Marines carried out in the Pacific between 1942 and 1945.

The code talkers themselves were forbidden from telling anyone about the code -- not their fellow Marines, not their families -- until it was declassified in 1968.

Now in their 80s and 90s, only a handful of code talkers remain. (more)

Read More

Security Quote of the Day

"Protecting classified information depends, today more than ever, on the security awareness of employees. They can literally make or break your security program." NSI, Security NewsWatch

Read More

How to Surf the Web in Secret

via Brad Chacos...

They say no one can hear you scream in space, but if you so much as whisper on the Web, you can be tracked by a dozen different organizations and recorded for posterity. 

Simply visiting a website can allow its operators to figure out your general physical location, identify details about your device information, and install advertising cookies that can track your movements around the web. (Don't believe me? Check this out.)

Not everyone likes the idea of having his or her entire digital lives scraped, analyzed and (in countries with restrictive regimes) controlled outright by third parties. 

So please consider the following tools and tips, which will hide your IP address and have you surfing the web in blissful anonymity in no time. (more)

Checklist...
• Use a second web browser.
• Set it to anonymous / private mode.
• Have it wipe all cookies when closed.
• Use a web-based proxy. (Proxify, Anonymouse, Hide My Ass, or one from Proxy.org)
• Better... Use a virtual private network (VPN) like The Onion Router (aka TOR).
• Send your email anonymously via Anonymouse or Hide My Ass.

Read More