KGB Hotel Listening Post Now a Tourist Museum

Estonia - Old Town Tallinn in Estonia feels like it should be on top of a wedding cake, the old city walls, church steeples, narrow cobblestone streets, and pastel colors putting forth a true Medievil vibe...

There are many hotels located within the Old Town walls to choose from, but if you want a true taste of KGB history during your visit, consider the Sokos Hotel Viru just outside Old Town. Opened in 1972, it's the largest hotel in Estonia with over 500 rooms, and during Soviet occupation, the KGB had an office on the top floor (the 23rd floor, which did not have a button on the elevator).

They always denied their presence, but they bugged the guests, literally. 

The KGB tapped 60 rooms, installed mics in the plates in the dining room, instructed elevator attendants to keep track of guests’ comings and goings, and drilled holes through hotel room walls to take photographs and keep a watch on suspected guests, which included visiting journalists and Finnish visitors who would hold meet and greets with their families in the lobby (the visiting Fins weren’t allowed to visit their family in their homes under Soviet Law). Even if you don’t stay the night, be sure to pop in for a drink and to check out the museum that allows you to tour the former KGB offices. (more)

Read More

Spybuster Tip # 523: Twitter Password Security Test

WARNING

The link below is a clever gag.
Similar sites are password collection scams.

If you take the test on any of them, don't enter real information.

http://www.ismytwitterpasswordsecure.com/

Read More

FutureWatch: Trojan Horse Wi-Fi's and More - In Your Mail

This promotion is legitimate.
But, imagine this small, inexpensive technology as an espionage tool...

Microsoft is putting in real WiFi hardware hotspots inside some copies of the latest issue of Forbes magazine. The unique Office 365 promotion was revealed in a post on the Slickdeals.net message board. The WiFi router, when activated, offers 15 days of free WiFi service via T-Mobile's network on up to five devices at once.


In any case, if you get one of these Forbes magazine ads, keep in mind that the router still needs to be charged; it apparently lasts up to three hours on a single charge. (more)

BTW, for your techie types, it uses a Mediatek chip (RT5350), "The world's smallest wireless router-on-a-chip."

Hiding electronic gadgets in the mail is not a new idea. 

Many years ago, a company hollowed out a book, planted a computer mouse inside, and mailed it to top executives. 

We detected one of these books during a weekend sweep. It was on an executive's desk, in the unopened mail.  

Was it a bug?  
Was it a bomb? 

No, just a insensitive marketing gag. 

Apparently, the company is no longer in business.

FutureWatch: This will happen again, but next time it might be a bug ...or, a bomb. 

Regularly scheduled TSCM inspections can find these things lurking in your office.

Read More

How to Bug an Entire Country - Drop Poop & Rocks

During the Cold War, both sides liberally used the “bug”--the remote listening device--to surreptitiously get wind of what the other side was up to by listening in on a room, a building, or, in the case of East Berlin, an entire city.

Click to enlarge

But in America’s cooling war in Afghanistan, U.S. forces may undertake what could be the biggest bugging operation of all time, planting sensors all over the entire country that could feed the U.S. military intelligence from inside that country for the next two decades. It’s the rough equivalent of bugging an entire country.


The palm-sized devices at the U.S. military’s disposal aren’t listening devices per se, but they would detect anyone moving nearby and report the movement back to an intelligence outpost, letting special operators know when a remote mountain pass or a known smuggling trail is being utilized. Some of the sensors could be buried, others disguised as rocks or other geological artifacts. 

CIA monkey poop sensor - Vietnam era.

The point is, they would be littered all across Afghanistan’s landscape, a lingering legacy of a decade-long conflict that would last 20 years more. (more)

Read More

Interesting Security Technologies - Sunpass Bug & Butterfly Authentication

Doug Blakeway, President & CEO, Nanotech Security Corp., reveals new surveillance technologies in the company's Annual Report...

(from their subsidiary) "The CTR-1300 JOEY, a disguised Variable Power Audio Transmitter Utilizing a new LiPo internal battery and incorporated into the Garage Door Opener, EZ Pass, and Sunpass as disguises."

and, the latest in anti-counterfeiting technology...

Click to enlarge.

"Nanotech is developing what it sees as a highly sophisticated and commercially viable nanotechnology for use in anti-counterfeiting as well as product and document authentication. It will potentially be used to authenticate a huge range of items, including currency, legal documents and commercial products.
 
The specialized optical features are comprised of arrays of hundreds of millions of nano-holes–implanted directly onto various substrates and which emit unique light signatures that we believe cannot be reproduced by a counterfeiter.  

KolourOptics® is the trade name for this revolutionary authentication feature which produces nano-scale surface structures similar to those found on the wings of the iridescent blue Morpho Butterfly.
 
The features can be directly applied to banknotes and other valuable documents and products and will produce light signatures are both “overt” (visible to the naked eye) and some that are “covert” (machine readable only)." (more)

Read More

Spouse Spying Increase Seen By 92% of Divorce Attorneys

In this new age of technology, spy gadgets are no longer just for actors in James Bond movies. Studies show more spouses are using spy equipment to catch the other red-handed.


The American Academy of Matrimonial Lawyers says in the past three years 92 percent of divorce attorneys saw an increase in evidence from text messages, emails and GPS trackers. In fact in 2011, a Minnesota man was thrown in jail for installing a GPS on his wife's car as he searched for proof she was cheating.

Read More

Latest in Government Work Clothes - Immunity Suits

...documents show that the Justice Department secretly agreed to provide AT&T and other participating providers with so-called “2511 letters” that granted them immunity for activity that might otherwise have violated federal wiretapping laws. (more)

Read More

Spy Stories Behind "Peggy Sue" and "Winnie the Pooh"

U.S. country star Jerry Naylor revealed he used his international fame as cover to work as a secret agent for the CIA... Naylor, 74, who replaced Buddy Holly in the Crickets, says he was recruited on more than 100 occasions to spy for America under his guise as a touring singer. (more)

The man who created Winnie the Pooh was a First World War spy, top secret files reveal. The papers — rescued from a skip — prove AA Milne worked for a covert arm of military intelligence in a propaganda war against the Germans. They uncover the secret double life of the man behind Tigger, Christopher Robin and Piglet — and should have been burned. (more)

Read More

Verizon's Tilt-Shift-Focus on Espionage

Ninety-six percent of cyber espionage cases targeting intellectual property and business trade secrets were attributed to “threat actors in China,” while the remaining four percent were unknown, according to the “2013 Data Breach Investigations Report," which is issued by Verizon, a large U.S. telecom firm...

“Verizon doesn't explain how they determine that an event is state-sponsored, nor how they distinguish between legitimate attacks originating from China and those which use compromised servers in Chinese IP space,” said Jeffrey Carr, CEO of Taia Group, a cyber-security firm. “Hence, any conclusion that they try to draw about the government of China has to be taken with a great degree of skepticism.”
Carr said he believes a lot of the espionage originating in China could “actually be the work of non-state actors working in the Chinese IP space.” (more) 

Keep in mind this report is from a telecommunications company. It is a tilt-shift-focus photo. The center of attention is their product – data-motion. Non-IT methods of espionage are out of focus. 

The result is a distorted reality field with micro-bickering over "who" is to blame, instead of what can be done about it.

Wake up. Pockets are being picked. "Who" doesn't matter. Keeping your intellectual wallet safe matters. 

Successful counterespionage requires a clear, sharp, holistic vision. Beware the tilt-shift folks who focus on IT alone. They miss all the end runs. Budget for a 360º lens. ~Kevin

Read More

New Book - "Eavesdropping, Surveillance and Espionage"

New Book
 "...examines the escalating security and privacy threats from spy cameras, audio bugs, telephone bugs, GPS trackers, GSM listening devices, surveillance software, smart-phone compromises and other high-tech technologies that are actively marketed to civilians. Modern security professionals must grasp the magnitude of these emerging threats, how they are identified and the counter-measures by which they are neutralized."

The press release explains...

"Eavesdropping, Surveillance And Espionage: Threats, Techniques and Countermeasures is a comprehensive introduction to TSCM specifically for law enforcement, private investigators, homeland security, key military personnel, foreign service and diplomatic staff, intelligence operatives, private security contractors, TSA, security advisors and other security professionals in the private and public sectors.

Authored by Norbert Zaenglein, author of Disk Detective, Secret Software and the Covert Bug Book, the new TSCM book fills a much needed gap in security awareness related to civilian surveillance capabilities, a development that impacts military, government, diplomatic venues, homeland security, corporations, businesses and the general public.

The essential new security manual explains how mass production of sophisticated surveillance technology pattered after law-enforcement and intelligence-grade spy devices has marshaled the once secretive spy trade into civilian circles with far-reaching implications and consequences." (preview)

Note: Only available at http://www.modernprivacy.info/

Read More

Detecting and Preventing Eavesdropping - U.S. Government Advice

(A long, but worthwhile read.)

Detecting and Preventing Eavesdropping

Any indication that an adversary or competitor is using illegal means to collect information should alert you to the possibility, at least, that listening devices might be planted in your office or home. There are a number of specific warning signs that you may be the target of eavesdropping. Of course, if eavesdropping is done by a professional, and done correctly, you may not see any of these signs.

One of the most common indicators of eavesdropping is that other people seem to know something they shouldn’t know. If you learn that an activity, plan, or meeting that should be secret is known to an adversary or competitor, you should ask yourself how they might have learned that.

An eavesdropper will often use some pretext to gain physical access to your office or home. It is easy for an outsider to gain access to many office buildings by impersonating a technician checking on such things as the air conditioning or heating. The only props needed are a workman’s uniform, hard hat, clipboard with some forms, and a belt full of tools. If challenged, the imposter might threaten not to come back for three weeks because he is so busy. In one version of this technique, the eavesdropper actually causes a problem and then shows up unrequested to fix it. In other words, you must verify that anyone performing work in or around your office was actually requested and is authorized to do this work. If a worker shows up without being asked, this suggests an attempted eavesdropping operation and should be reported immediately to your security office. Even when the work is requested, outside service personnel entering rooms containing sensitive information should always be accompanied and monitored.

Gifts are another means of infiltrating a bug into a target office. Be a little suspicious if you receive from one of your contacts a gift of something that might normally be kept in your office -- for example, a framed picture for the wall or any sort of electronic device. Electronic devices are especially suspicious as they provide an available power supply, have space for concealing a mike and transmitter, and it is often difficult to distinguish the bug from other electronic parts. Have any gift checked by a technical countermeasures specialist before keeping it in a room where sensitive discussions are held.

Unusual sounds can be a tip off that something is amiss. Strange sounds or volume changes on your phone line while you are talking can be caused by eavesdropping. However, they can also be caused by many other things and are relatively common, so this is not a significant indicator unless it happens repeatedly. On the other hand, if you ever hear sounds coming from your phone while it is hung up, this is significant and definitely should be investigated. If your television, radio, or other electrical appliance in a sensitive area experiences strange interference from some other electronic device, this should also be investigated if it happens repeatedly.

Illegal entry to your office or home to install an eavesdropping device sometimes leaves telltale signs, especially if done by an amateur. Evidence of improper entry with nothing being taken is suspicious. Installing an eavesdropping device sometimes involves moving ceiling tiles, electrical outlets, switches, light fixtures, or drilling a pinhole opening in the wall or ceiling of the target room (drilling in from the other side of the wall or ceiling). This can leave a small bit of debris, especially white dry-wall dust that should not be cleaned up. It should be reported to the security office.

In summary, protection against the installation of eavesdropping devices requires:

• Alert employees.
• Round the clock control over physical access by outsiders to the area to be protected.
• Continuous supervision/observation of all service personnel allowed into the area for repairs or to make alterations.
• Thorough inspection by a qualified technical countermeasures specialist of all new furnishings, decorations, or equipment brought into the area.

What to Do if You Suspect
You Have Been Bugged

If you suspect you are bugged, do not discuss your suspicions with others unless they have a real need to know. Above all, do not discuss your suspicions in a room that might be bugged. Do not deviate from the normal pattern of conversation in the room. Advise your security officer promptly, but do not do it by phone. The bug may be in the telephone instrument. Do it in person, and discuss the problem in an area that you are confident is secure.

These security measures are important to ensure that the perpetrator does not become aware of your suspicions. A perpetrator who becomes aware you are suspicious will very likely take steps to make it more difficult to find the device. He may remove the device or switch it off remotely.

1. Never try to find a bug or wiretap yourself. What’s the point? If you are suspicious enough to look, you already know you should not have any sensitive conversation in that room. If there is a bug there, do-it-yourself approaches probably will not find it. If you look and don’t find it, that certainly shouldn’t give you any sense of confidence that you can speak freely in that room. Don’t be misled by what you see on television, in the movies, or in spy-shop catalogs. Detecting bugs is difficult even for the professionals who specialize in that work.

Technical Security Countermeasures
A Technical Security Countermeasures (TSCM) survey, also known as a "sweep," is a service provided by highly qualified personnel to detect the presence of technical surveillance devices and hazards and to identify technical security weaknesses that could facilitate a technical penetration of the surveyed facility. It consists of several parts.

• An electronic search of the radio frequency (RF) spectrum to detect any unauthorized emanations from the area being examined.
• An electronically enhanced search of walls, ceilings, floors, furnishings, and accessories to look for clandestine microphones, recorders, or transmitters, both active and quiescent.
• A physical examination of interior and exterior areas such as the space above false ceilings and heating, air conditioning, plumbing, and ventilation systems to search for physical evidence of eavesdropping.
• Identification of physical security weaknesses that could be exploited by an eavesdropper to gain access to place technical surveillance equipment in the target area.

During the survey, TSCM team members may enter office areas where employees are working. Employees should be advised in writing, not orally, that a technical security inspection is being conducting and that they should not discuss it in the office before, during, or after the survey.  
(Note: Most private sector surveys are conducted after-hours.)
(original government post)

Read More

Interesting Question About Jamming Bugs & SpyCams

Q. "Looking for a bug jammer that will block out all bugs video or audio near my doorway looking at the rj4000 from the bug jammer store wondering if what they say is true they claim it will block 1 g bugs and 1.2 g bugs with a jamming frequency between 900 to 1000 mhz and 1100 mhz to 1300mhz for bugs"

A. Good thing you asked.  

You really don't want to solve your problem this way.

Here's why...
• Jamming is illegal in the U.S. http://www.fcc.gov/encyclopedia/jammer-enforcement
"seizure of unlawful equipment" " subjects the operator to possible fines, imprisonment, or both"

• Your imported purchase runs the risk of being confiscated by Customs before it even reaches you.

• The RF jammer RJ4000 ALSO jams 2.4 GHz Wi-Fi and 1.5 GHz GPS signals. Your neighbors will complain.

Estimated area of noticeable interference. Actual jamming area is less.

But, yes, it will probably do what they say, assuming the bug/spycam transmitter is less powerful than the jammer's transmitter.

Best advice: Think of an alternate way to solve your concerns. ~Kevin

Read More

How Obama's BlackBerry got secured

(Updated: November 1, 2013)

Around January 20, 2009, when Barack Obama took over the office of president of the United States, there was quite a lot of media attention about the fact that he had to give up his BlackBerry, because it was considered to be a security risk.

This caused almost world wide media attention, but the follow-up was less accurately covered and a number of different stories were told. Here we will show that Obama actually kept his beloved BlackBerry, but only after it had been secured by special encryption software and some additional security measures.

Barack Obama using his BlackBerry 8830 during the election campaign in 2008
(Photo: Getty Images)

Obama's predecessor, George W. Bush, also used a BlackBerry during the 2000 presidential campaign, but had to give it up, as well as the use of any e-mail software, upon taking office. Three days earlier, he sent out a final e-mail to 42 friends and family members to inform them that he would no longer correspond electronically.

Eight years later, Barack Obama was also forced to give up his BlackBerry, not only because of concerns that its communications and e-mail could be intercepted, but also because of the Presidential Records Act of 1978. This makes all written White House communications public property and subject to examination under the Freedom of Information Act (FOIA).

However, this time Obama definitely wanted keep using this popular business phone to stay in touch with people outside the White House bubble. Therefore, the Secret Service, The White House Communications Agency (WHCA) and the National Security Agency (NSA) went looking for a solution.

US President Obama using a silver BlackBerry 8830
Nokia E61 or E62, as recognized by someone here

Sectéra Edge

Some media suggested Obama had to change his BlackBerry for the Sectéra Edge, a highly secured PDA, which is produced by General Dynamics for the US military. But the Sectéra Edge is quite big, heavy (340 grams) and bulky and therefore hardly convenient for someone used to a BlackBerry. This solution would also require everyone that Obama would like to communicate with to have the same phone, which is priced between 2650,- and 3350,- USD. Secure communications are only possible if both ends use the same (or compatible) encryption devices.

According to other sources, the Sectéra Edge was only used in addition to Obama's BlackBerry, until a permanent solution was worked out. Reports weren't clear about how exactly these two devices were combined. Probably the Sectéra Edge acted like an encryptor, which was plugged into the BlackBerry, so Obama could keep using this device to make a call or send out an e-mail, which then went through the Sectéra Edge, encrypting it, before going over the telecommunications network.

The Sectéra Edge, manufactured by General Dynamics

Compromise

That latter, temporary solution must have been even more cumbersome, so a compromise was made, in which president Obama could keep using a BlackBerry, but equipped with a software package to encrypt phone calls and text and email messages.

For this purpose, the security agencies choose the SecurVoice application, which was developed by The Genesis Key, in cooperation with engineers from BlackBerry manufacturer Research In Motion (RIM). SecurVoice should not be confused with Secure-Voice.com, nor with SecuVOICE, which is used for securing the smart phone of the German chancellor Merkel.

After the NSA did all the necessary tests and checking to make sure the software met federal standards like FIPS 140-2, the highly secured BlackBerry was delivered to the president somewhere in May or June 2009. He also gave up his old e-mail address and switched to a new one, which is kept secret.

Maybe we can see the new, secured BlackBerry in this picture below, where there are two BlackBerrys lying in front of Obama. The silver one seems to be the BlackBerry 8830, which he already used during the election campaign. The black one, probably a BlackBerry 8900, could then be the new secure one, as we can see the president using this one in later pictures:

President Barack Obama works with Jon Favreau, director of speechwriting, on the Normandy speech
aboard Air Force One enroute to Paris. In front of him are a black and a silver Blackberry.
(White House photo by Pete Souza, June 5, 2009 - click for a bigger picture!)

Detail from the picture above, showing the two BlackBerrys

The secure BlackBerry was not only issued to the president, but also to a small group of people with whom he likes to stay in close contact with. This because, as said, it's only possible to have secure communications if both ends are using the same encryption method. This limited Obama's goal of keeping in touch with the outside world: encryption (still) means exclusion.

The number of people able to message and call the president is probably only between ten and twenty. Included are vice-president Biden, Obama's chief of staff and some of his top advisers, his press secretary, first lady Michelle Obama, a few other family members, and a small group of personal friends from Chicago.

On October 30, 2013, Obama's press secretary Jay Carney said that the president will continue to use his (secured) BlackBerry, despite concerns about eavesdropping which came up after it was revealed that NSA intercepted the communications of 35 world leaders.


The Genesis Key

The SecurVoice software for the presidential BlackBerry was developed for a small company called The Genesis Key, Inc., based in Washington DC. This company was founded in October 2008 by W. Steven Garrett, who took the name from an item used in the 1986 computer game The Legend of Zelda.

The software was developed in the previous four years, apparantly for one of the projects of Steve I. Cooper, a former special assistant to the president, senior director for information integration, and CIO (Chief Information Officer) for the Office of Homeland Security. He is now a member of the advisory board of SecurDigital, Inc., a firm founded in October 2009 by Bruce Magown and Steven Garrett to distribute the SecurVoice software applications.

Steven Garrett is a man with a quite surprising background. His Linked-In profiles show that he has been involved in a very wide range of businesess, like manufacturing plants for Fannies Fat Free Cheesecakes and Fat Free Burger (providing microwave-ready cheeseburgers to military commissaries) and marketing & sales for Lion Sportswear and Faded Glory Jeans. He also developed a highly secure appartment building, named Garrett Place. At his twitter account he describes himself as "Proven Rainmaker, Change Agent, Strategist, and Driving Force for Unprecedented, Exponential Growth in Revenues, Earnings, and Market Valuation".


SecurVoice

The Genesis Key released the SecurVoice software in December 2008, claiming this to be the world's first completely secure voice and data encryption solution. Allthough there were already a number of other hardware and software encryption solutions, the SecurVoice application should be able to protect global voice connections between and within all types of cell, satellite, PBX, SDR and VOIP phones and phone systems.

SecurVoice is 100% Java based, which should make it device- and carrier-independent, but according to the website, the software is currently only operational on the Blackberry operating system version 4.5 and up. Software porting for other operating systems, like Symbian, Brew, Windows Mobile, Google, and iPhone is said to be underway.

With SecurVoice, each phone can be loaded with up to three levels of security, each one accessible through a separate icon and recognizable by a different ringtone. When dialing a number and this number has a cryptographic key associated with it, then the call is automatically placed as a secured call. If a phone number has no cryptographic key associated with it, then the cell phone operates normally and the call is placed unencrypted.

The SecurVoice software comes in two versions:
- Phone-to-Phone (P2P), where secure calls are made directly from one cell phone to another. The price for government users is 1795,- USD per application.
- Phone-to-Server (P2S), where secure calls are routed from the phone to an enterprise server and back. The price of a server license is between 2500,- and 25.000,- USD.

It's likely, that for Obama the server solution was chosen. This allows a centralized key management, monitoring of all secure calls and record keeping of the messages. One source says the president may have to wait up to 50 minutes for an e-mail reply, as the system actively sniffs out incoming messages for viruses or Trojan horses.

Overview of the SecurVoice application options
(by The Genesis Key/SecurDigital)

Encryption

The SecurVoice software features a dual-layered, or hybrid encryption scheme, which means it combines symmetrical and asymmetrical encryption algorithms. It performs the voice encryption in real time by using a fast symmetric cipher, using a strong key. This key is then encrypted with a public-key or asymmetrical cryptosystem, like RSA or ECC, and transmitted together with the encrypted message. This is also how the vast majority of present-day communications encryption works.

The SecurVoice symmetric encryption uses a 256-bit session (conversation) key, which replaces the encryption every second with non-reoccurring numbers. This session key is a combination (salted hash) of the sender Base Secure Key (stored in the recipient key store) and a random session key. According to the manufacturer, SecurVoice uses classified Type 1 encryption algorithms, which are restricted to government and military users. For corporate users, public crypto algorithms like AES are used.

In case of a SecurVoice enterprise server, the software converts voice into encrypted data, which is then sent over the carrier network to the SecurVoice Enterprise Server where it is decrypted. It is then re-encrypted and sent back over the carrier network to the receiving phone, where it is decrypted and converted back to voice. It's also possible to select different encryption algorithms, so that, for example, encryption from a cell phone to the enterprise server may be the AES algorithm with a 128-bit, while from the server to the receiving phone this may be done by using Elliptic Curve Cryptography (ECC).

President Obama using his BlackBerry 8900 in the limousine while traveling
from the University of Indonesia to the airport in Jakarta, Indonesia.
(White House Photo by Pete Souza, November 10, 2010)

Security risks

As Obama wanted to keep using a BlackBerry device, the security solution is software only. This still leaves risks like compromised hardware and hacking by means of social engineering. Therefore, some security specialists say that it's not impossible to hack Obama's BlackBerry and that foreign states and other hackers will likely try to do so.

To minimize these risks, the secured BlackBerrys prevent forwarding e-mail messages from the president and sending him attachments. His secret e-mail address is likely to be changed regularly as well and Obama's friends and staff members were lectured about these security issues.

Another risk of the president using a BlackBerry, like a cell phone in general, is that enemies can try to track the president's location in real-time, even when GPS is disabled. Every cell phone regularly transmits it's IMEI-number to the cell tower, and this can be intercepted by devices like a Triggerfish. How this tracking can be done, and countered, is described in this, respectively this article.

One source says the presidential BlackBerry can only connect to a secure base station, which can be used to hide the IMEI-number of the device and thus prevent tracking it. This would mean the White House Communications Agency has to carry such a secure base station wherever the president goes.

There must be also a secure base station inside the presidential limousine, as we can see in the picture above. First because using a foreign cell phone network would be a big security risk, but also because the limousine is most likely constructed like a Faraday cage, and therefore a BlackBerry could only be used if there's a base station in the car itself (and probably also in Air Force One). The secure base station is probably connected to a secure satellite link with Washington.

President Obama uses his BlackBerry for calling Mitt Romney
(White House photo by Pete Souza, November 6, 2012)

President Obama using his old BlackBerry, during a campaign
visit to Albuquerque, New Mexico in August 2008

Conclusion

As we have seen, president Obama has kept his BlackBerry, but only after it had been secured. This took quite some effort: newly developed software had to be tested within a couple of months, all his contacts have to use the same software, limiting their number to a rather small group, and a secure base station has to follow the president. Nonetheless, this ad hoc solution for the president marks the beginning of an era in which top level mobile communications will no longer be secured with dedicated hardware, but by using software applications for regular commercial smartphones.



Sources and Links
- FoxNews.com: Obama Getting Super-Secure BlackBerry
- New York Times: Symbol of Elite Access: E-Mail to the Chief
- Washington Times: Obama soon to get secure BlackBerry
- The Telegraph: Barack Obama's BlackBerry 'no fun'
- September 2010: The X-Change Corporation Acquires Genesis Key, Inc.
- Radio interview about SecurVoice: Telecom Junkies - Secret Agent Phone
- Interview with Steven Garrett: Wireless Technology Risks and Enterprise Security
- See also: securvoice.blogspot.com

Read More

Sand Sized Gyroscopes to Track You Anywhere

Mini-gyroscopes developed to guide smartphones and medical equipment...
Prof. Koby Scheuer of Tel Aviv University`s School of Physical Engineering is now scaling down this crucial sensing technology for use in smartphones, medical equipment and more futuristic technologies.

Working in collaboration with Israel`s Department of Defense, Prof. Scheuer and his team of researchers have developed nano-sized optical gyroscopes that can fit on the head of a pin — and, more usefully, on an average-sized computer chip — without compromising the device`s sensitivity... Measuring a millimeter by a millimeter (0.04 inches by 0.04 inches), about the size of a grain of sand, the device can be built onto a larger chip that also contains other necessary electronics...

Nano-gyroscopes integrated into common cellphones could provide a tracking function beyond the capabilities of existing GPS systems. "If you find yourself in a place without reception, you would be able to track your exact position without the GPS signal," he says.
There are benefits to medical science as well... (more)

Read More

Pentagon’s Spies Pimp Their Phones

The Pentagon has big plans for its spy agency. But first it’s going to upgrade its secret agents’ cellphones.

That’s the gist of a recent request for information from the cryptic Virginia Contracting Activity (or VACA), the public face for the Defense Intelligence Agency’s secretive contract business. According to the request, the DIA is looking for a company with the “ability to work and store classified information at the SECRET Collateral Level” to design custom “cellular phone point-to-point communication systems.” In other words, a private communications link. (more)

Read More

Top Wi-Fi Routers Easy to Hack, Says Study

The most popular home wireless routers are easily hacked and there's little you can do to stop it, says a new study by research firm Independent Security Evaluators.

Thirteen popular routers were tested and found vulnerable to hacks in a new study by research firm Independent Security Evaluators.

The Wi-Fi router you use to broadcast a private wireless Internet signal in your home or office is not only easy to hack, says a report released today, but the best way to protect yourself is out of your hands.

Click to enlarge.

The report, written by research firm Independent Security Evaluators of Baltimore, found that 13 of the most popular off-the-shelf wireless routers could be exploited by a "moderately skilled adversary with LAN or WLAN access." It also concludes that your best bet for safer Wi-Fi depends on router vendors upping their game. All 13 routers evaluated can be taken over from the local network, with four of those requiring no active management session. Eleven of the 13 can be taken over from a Wide-Area Network (WAN) such as a wireless network, with two of those requiring no active management session. (more)

How to Hack-proof Your Wireless Router
(Maybe not hack-proof but at least hack-resistant.)

Read More

DoD Inspector General v. Army Commercial Mobile Devices (CMD)

There are lessons for your organization in this report. 
Insert your organization's name where you see the word "Army".

Click to enlarge.

"The Army did not implement an effective cybersecurity program for commercial mobiles (sic) devices. If devices remain unsecure, malicious activities could disrupt Army networks and compromise sensitive DoD information." (full report)

Read More

If you travel with a cell phone, tablet and/or laptop...

...this should interest you...

35,000. That’s how many business travelers depart the United States every day. With them goes over 40,000 cell phones, more than 50,000 laptops, and nearly 500,000 pages of business documents holding privileged information. When you travel abroad, your company is at risk. 

Among Enemies tells you how to protect yourself.

Luke Bencie has traveled to more than 100 countries over the past 15 years on behalf of the U.S. intelligence community, as well as for the private defense industry. 

While abroad, he has experienced, firsthand and sometimes painfully, the threat of espionage and the lengths to which foreign intelligence services and other hostile global competitors will go to steal American business secrets. 

Mr. Bencie currently serves as the managing director of Security Management International, LLC, a security-consulting firm in the Washington, D.C. area.

Read More

Sen. Mitch McConnell's "Bug" - Recorded Acoustical Leakage

The center of political intrigue and an FBI investigation in Kentucky's U.S. Senate race is the otherwise inconspicuous second floor hallway of the Watterson West office building in Louisville.

...behind plain, black doors is Sen. Mitch McConnell's campaign headquarters.

It is in this hallway on February 2 that two members of the Progress Kentucky SuperPAC allegedly recorded a private campaign strategy meeting underway inside an office on the other side of one of those plain, black doors, according to Jacob Conway a member of the Jefferson County Democratic Party's Executive Committee.

"You have about a half an inch gap right there where a recording device or a microphone could have been inserted," Benton said, pointing to the bottom of the door...

With the campaign's permission, WHAS11 tested whether an iPhone voice memo program could successfully record a conversation by placing the phone's mouthpiece at the bottom door opening.

Playback of the test recording confirmed that it captured the voices of campaign workers meeting behind the door. The workers had been advised of the recording test...

Some legal analysts suggest that if the closed door meeting could be heard from the hallway, the recording might not be a crime. During the WHAS11 visit, some voices could be heard, without electronic assistance, from the hallway. (more)

Imagine, two guys in the hallway listening under the door. Eavesdropping doesn't get any more basic than that. Spying tricks haven't changed, there are just more of them these days. All the old tricks still work. 

If they had their offices inspected by a TSCM team they would have been notified about the acoustical leakage vulnerability... in time to protect themselves.

Read More

FREE Security "Green" Papers on Laptop, Mobile Phones & Storage Devices

IT Governance is a supplier of corporate and IT Governance related books, toolkits, training and consultancy. They offer a wealth of knowledge and experience. 

Their Green Papers contain information and guidance on specific problems and discuss many issues. Here are two just published this month...

Technical Briefing on Laptop and Mobile Storage Devices

Technical Briefing on Mobile Phones and Tablets

About two dozen more may be found here.

Read More

... thus, giving new meaning to a bright idea!

Optogenetics is the process by which genetically-programmed neurons or other cells can be activated by subjecting them to light. Among other things, the technology helps scientists understand how the brain works, which could in turn lead to new treatments for brain disorders.

Presently, fiber optic cables must be wired into the brains of test animals in order to deliver light to the desired regions. That may be about to change, however, as scientists have created tiny LEDs that can be injected into the brain.

The LEDs were developed by a team led by Prof. John A. Rogers from the University of Illinois at Urbana-Champaign, and Prof. Michael R. Bruchas from Washington University. The lights themselves can be as small as single cells and are printed onto the end of a flexible plastic ribbon that’s thinner than a human hair. Using a micro-injection needle, they can be injected precisely and deeply into the brain, with a minimum of disturbance to the brain tissue. (more)

FutureWatch - Mico-sensors to allow downloading of consciousness - knowledge, visuals, ideas, etc..

Read More

Small Business Espionage Attacks Up 42%

Smaller companies, their websites and their intellectual property are increasingly being targeted by cyberattacks, a new report on IT security trends says.

Targeted attacks were up 42 per cent in 2012 compared to the year before, and businesses with fewer than 250 employees are the fastest growing segment being targeted, according to the annual internet security threat report issued Tuesday by Symantec...

The type of information being targeted by attackers is also changing — financial information is now losing ground to other kinds of competitive data, the report found. (more)

Read More

McConnell's Suspected Bugger Has Hand Out

The man who is suspected of bugging Senate Minority Leader Mitch McConnell’s office has started a legal defense fund aimed at raising $10,000 — and so far, he’s received $185.

Breitbart reported that Curtis Morrison, who’s also a Progress Kentucky volunteer, said in a message about his fund that he’s cooperating with the FBI. But he’s struggling to pay for his legal defense...

A Kentucky Democratic Party operative and the founder of Progress Kentucky outed Mr. Morrison last week as the person who allegedly bugged Mr. McConnell’s office, Breitbart reported. (more)

Read More

The Schizo Illinois Eavesdropping Law

There was major development Tuesday in the fight over the state's controversial eavesdropping law. A court decision now allows citizens to record the audio of police officers on the job in public.

Citizens can legally record video of police officers doing their jobs on the public way, as long as you don't interfere, but the Illinois Eavesdropping Act does not permit you to record audio.

If you do, you're still subject to arrest and criminal charges, even though two state court judges in Illinois have declared the law unconstitutional.

It remains a law on the books without clarity though a new agreement just approved by a federal court judge will change things in Cook County. (more)

Weird.

Read More

RFID Tracks Jewelry Popularity

Interesting application of RFID technology.

RFID smart shelves can help retailers analyze market demand. 

Beyond sales reports, retailers want to understand which items had the highest shopper interest. For example, while one jewelry item is picked up 100 times and sold 90 time, another jewelry item is picked up 100 times but only sold 10 times. Retail statistics monitoring shopper behavior cannot be accurately counted by man.

However, the RFID Jewelry Smart Shelf Solution developed by Alpha Solutions enables retailers to clearly see data on which types of jewelry are picked up frequently. From the data obtained, discount promotions and programs can be made for the jewelry types that are having trouble selling.

Read More

There is a Magazine for Everything... Even Penetration Testing

Kamil Sobieraj, editor of PenTest Magazine introduced me to his publication this week. It was an eye-opener. If you have anything to do with protecting information, you will find this as interesting as I did... 

 PenTest Magazine is a weekly downloadable IT security magazine, devoted exclusively to penetration testing. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. All aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions are covered.

48 issues per year (4 issues in a month).

A different title is published every week of the month:
• PenTest Regular – 1st Monday
• Auditing & Standards PenTest – 2nd Monday
• PenTest Extra – 3rd Monday
• Web App Pentesting – 4th Monday

...about 200 pages of content per month.

Each issue contains...
• News
• Tools testing and reviews
• Articles – advanced technical articles showing techniques in practice
• Book review
• Interviews with IT security experts
(more)

Nice to know there is a smart way to keep up with the bad guys.

Read More

Campaign Headquarters Bugged - FBI Investigating

Senate Minority Leader Mitch McConnell (R-Ky.) accused opponents Tuesday of bugging his headquarters and asked for an FBI investigation after a recording from an internal campaign meeting surfaced in a magazine report.

The 12-minute audiotape released by Mother Jones magazine reveals McConnell and his campaign staff at a Feb. 2 meeting lampooning actress Ashley Judd — then a potential Senate candidate — and comparing her to “a haystack of needles” because of her potential political liabilities. Judd has since decided not to run.



“We’ve always said the left will stop at nothing to attack Sen. McConnell, but Nixonian tactics to bug campaign headquarters is above and beyond,” campaign manager Jesse Benton said in a statement. (more)

UPDATE: "It is our understanding that the tape was not the product of a Watergate-style bugging operation. We cannot comment beyond that." – David Corn, Editor, Mother Jones (more)

Note: More than one person is heard speaking on the tapes (above is just an excerpt). Based on this, (and room echoes) the FBI will be able to figure out the location of the microphone. Hope everyone remembers where they were sitting.

Read More

Shodan - The Scary Search Engine

Cautionary Tale...
Unlike Google, which crawls the Web looking for websites, Shodan navigates the Internet's back channels. It's a kind of "dark" Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet...

It's stunning what can be found with a simple search on Shodan. Countless traffic lights, security cameras, home automation devices and heating systems are connected to the Internet and easy to spot.

Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.

What's really noteworthy about Shodan's ability to find all of this -- and what makes Shodan so scary -- is that very few of those devices have any kind of security built into them. (more)

Read More

Free - Computer Security Tools Book

"Open Source Security Tools: A Practical Guide to Security Applications"

Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses.

Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. Seasoned security expert Tony Howlett has reviewed the overwhelming assortment of these free and low-cost solutions to provide you with the “best of breed” for all major areas of information security.

By Tony Howlett. Published by Prentice Hall. Part of the Bruce Perens' Open Source Series.

Offered Free by: informIT

A 600-page PDF, written in 2004, which still contains useful information.

Read More

Son Bugs Mom (yawn)... with a Wiretap!

UK - Police have arrested a Lincoln man on suspicion that he bugged his 90-year-old mother’s phone. 

Richard Stamler, 59, was arrested Thursday night for unlawful interception of communications, a felony, Lincoln Police Officer Katie Flood said.

Stamler’s sister called police March 28 to say she found a recording device in the basement of her mother’s home that had been connected to the phone line, Flood said.

The woman played the tape, Flood said, and recognized her brother’s voice reciting date information. The device was set to record any time someone in the house picked up a phone. (more)

Read More