KRACK Attack Leaves WPA2 WiFi Encryption Hacked – Do this…

By | Cybersecurity | No Comments

The video below explains Key Reinstallation Attacks (aka KRACK), for the technically curious. 

The short story is your communications privacy over WiFi is at risk. This includes your:

  • emails,
  • texts,
  • photos,
  • log-in ID’s and passwords,
  • credit card numbers,
  • and even your communications to websites which normally use https:// encryption.

In short, anything you assume is encrypted is up for grabs.

Solutions

  • Update your system software to the latest version. This includes all your devices which use WiFi.)
  • Update software on WiFi appearance points (APs) which implement the standard 802.11r
    (a.k.a. Fast-BSS Transition). This affects business WiFi more than residential WiFi.
  •  Upon connecting to a website make sure you see https:// and the locked symbol.
    Check here for additional information about KRACK solutions.

Risk Levels
Your risk of being a victim is highest whenever you use a public WiFi system. Risk is also high in densely populated areas.

Check Your Local Laws Before Recording

By | Recording | No Comments

PA – A Franklin County jury took just seven minutes to return a guilty verdict against Chambersburg man William Alexander Himchak III on felony counts of illegal wiretapping. Himchak, 50, recorded two phone calls with tax officials, then posted them online, violating the wiretap act laws that require both people to consent to a recording before the recording has started. more

Spybuster Tip #105: In the United States, federal law requires that only one party to a conversation has to consent to the recording of the conversation. Some states, however, require two parties (meaning ALL parties) need to consent. Pennsylvania is a two party state. You can discover what the legal requirements are in your state here.

Google Android Tracking You – Bad News / Good News / Bad News

By | Cybersecurity | No Comments

Bad News…
Your phone knows where you are at pretty much all times. This is no surprise—that’s part of the appeal. But while there are options to disable GPS and Location Services in the settings of Android phones, this won’t stop Google from knowing where you are. Short of turning off your phone, there’s actually no real way.

New details about the length to which Google tracks Android phones surfaced today from Quartz, which reports that Android phones will track your location even if you disable location services and even if you aren’t logged into the phone…

Good News…
The practical effect of this is that, so long as your Android phone is on and not inside a Faraday cage, your location data is being communicated. Google told Quartz that this practice has existed for 11 months, but that the information was never stored or used and furthermore that the process will now be ended.

Bad News…
While the practice is just generally creepy, it also can have profound legal implications. Loose restrictions allow law enforcement in many states to obtain cell tower location information without a warrant until an upcoming Supreme Court case will ultimately decide if this will remain legal. In the meantime, there’s nothing much to do besides be aware of how much and how easily your phone may be tracking you. If you really want privacy, you’ll just have to turn the thing all the way off. more

Voyeur Hides Spycam in Starbucks Toilet

By | Video Voyeurism | No Comments

A hidden camera recorded customers using the toilet in a branch of Starbucks for up to a month. 

The small device was found in the ceiling of the coffee shop close to the headquarters of MI6 in south London.

Police believe the camera was planted by a voyeur who apparently captured himself on film in the process.

It had recorded several video files of members of the public using the only customer toilet at the store in Vauxhall, detectives revealed.

They believe the camera had been installed for a maximum of four weeks “for the purpose of voyeurism”.
It was seized by police after a member of the public discovered it in a ceiling grate. more

It is surprising how many spycam’ers are caught because they captured themselves during the installation. This guy gets our Darwin Award. 

Spybusters Tip #361: Do-it-yourself Technical Surveillance Countermeasures (TSCM) for spy cameras by “members of the public” can be very effective. One just needs to know where to look, and what to look for. Learning the wheres and whats is easy. Check here for more information.

Video voyeurism is a foreseeable issue. Any business offering customers, visitors, and employees access to expectation of privacy areas (restrooms, changing areas, showers, etc.) has a duty of care to protect them against spycams.

Spybuster Tip #362: Management, train your security and facilities personnel how to conduct and document due diligence video voyeurism inspections to detect spycams on a regular basis. Just think of the legal fees, and PR damage this will save you.

The Patek Philippe Wiretapping Device

By | Espionage, Historical, Weird | No Comments

Patek Philippe is known for making some of the highest quality (and most expensive) watches in the world. But at some point, it also turned out an unexpected device: a wiretapping machine.

Auction Page

One of the lots in Antiquorum’s recent watch auction in Geneva was the Patek Philippe ZL 4 N and ZG 4, two desktop modules which the listing describe as “a fine and very rare, electronic wiretapping device and clock used by the Swiss police.” Hodinkee’s Jack Forster points out that it looks not unlike a clock synchronizing apparatus: the higher unit could be used to set the time, while the lower one has plugins for four coordinating timepieces.

But with all the testing, research, and verification that goes into high-end auctions (the units sold for CHF 11,250, about $11,366 at current exchange), this thing probably was used for what Antiquorum says it was: to listen in on the conversations of whoever was committing high crime in the world’s most famous neutral nation. As for having the Patek Philippe name attached, well, at least the Swiss police could count on knowing exactly what time any espionage they overheard was going to occur. more

Additional Information from a 2009 auction…
Description: Two Patek Philippe Master Clocks A. Electronic Master Clock Patek Philippe, Genève, Model L4031. Made circa 1975. Very fine, Electronic Center Seconds Master Clock. B. Digital Time Display Master Clock Patek Philippe, No. 841637 & No. 851900, Model ZG 4 & ZL 4. Made in the 1970s. Fine and rare, electric 110/220v aluminium and blue coated LED digital master clock display with day and month indication and control unit. To be sold without reserve C. Rectangular with two handles, wood-effect sides. D. Black with Arabic numerals, outer minute divisions, outer Arabic fivesecond numerals and divisions, brushed fascia with buttons for adjusting the 1/10 and 1/1000 seconds. White baton hands. M. Electronic, a very powerful Master Clock System capable of controlling an almost unlimited number of “slave” clocks and can be regulated to 1/1000th of a second. Dial and case signed. more

Corporate Espionage: Beware the Cupid Spy

By | Cybersecurity | No Comments

Between oversharing about their job and workplace with dating matches and divulging trade secrets, 25% of business leaders using dating apps may be accidentally threatening their workplace’s security, according to new research from Kaspersky Lab…

Of those using dating apps, 19% of business leaders have had their device infected via a dating app, including malware, spyware, or ransomware…

The work-related bragging can lead to infected devices and corporate espionage if trade secrets fall into the wrong hands, the report said. If malware allows a match access to a work device, the attacker may have access to work documents stored on that device. more sing-a-long

Foreign Agent Man

By | Espionage | No Comments

A new report by a U.S. government panel has called for staff members of Chinese state-run media groups in the U.S. to be made to register as foreign agents.

The U.S. China Economic and Security Review Commission alleged Wednesday that journalists at some Chinese media organizations engage in spying activities, feeding information back to the Chinese government.

The report comes just days after the production company behind the
American version of the Russian state-funded network RT officially filed
as a foreign agent following pressure from the Department of Justice. more

The concerns are justified. I’ve seen proof. ~Kevin

Wiretapper’s “Suicide” – Update

By | Espionage, Historical | No Comments

Greek officials did not adequately investigate the death of a telephone company executive found hanging in his apartment a day before lawmakers and the prime minister learned their cellphones had been tapped, the European Court of Human Rights ruled Thursday.

Costas Tsalikidis, a Vodafone Greece executive, was found hanging in his Athens apartment…

An investigation into the wiretaps revealed another telecom had planted spyware into Vodafone’s equipment, and that Tsalikidis had allowed the spyware’s placement and met regularly with the other telecom. The wiretaps went live in June 2004 and were removed a day before Tsalikidis’ death.

Tsalikidis’ family refused to accept the man had taken his own life and hired their own investigators, who uncovered several inconsistencies to the suicide theory.

  • a lack of injuries common during hanging, contradictions as to the rope marks on Tsalikidis’ neck,
  • and an extremely complex sailing knot used for the noose that would have been quite impossible given Tsalikidis’ complete lack of sailing experience…

Investigators … did find…

  • Tsalikidis’ hyoid bone was broken – an indication he’d been strangled.
  • Tsalikidis’ personality was not compatible with a suicide profile…

The court ordered the Greek government to pay Tsalikidis’ family $59,000 in damages.

After years of investigating, the Greek government issued an international arrest warrant for a CIA official they believe was at the heart of the wiretapping affair while he was stationed in Athens. more

Remember The Fugs?

Corporate Espionage: Spies Have a Deep Black Bag of Tricks

By | Espionage | No Comments

A Toronto-based private equity firm is alleging that its employees were targeted in a covert corporate espionage operation involving an agency with operations in London, Paris and Tel Aviv staffed by former members of the Israeli Defense Force and former agents of intelligence agency Mossad.

The agency cited in court documents filed by West Face Capital Inc. is Black Cube, the same one reportedly retained on behalf of former Hollywood mogul Harvey Weinstein to investigate women who had accused him of sexual misconduct…

Some, including the former general counsel of West Face, were wined and dined, and flown to England on the false pretense that they were being courted for employment with international companies, the court documents allege…

The court documents filed by West Face Wednesday say different approaches were used for each employee or former employee approached, but that there were common elements, including “using false businesses, websites, identities, LinkedIn profiles, and business cards.more

Wiretapper’s “Suicide” Revisited for Foul Play

By | Espionage | No Comments

An appeals court prosecutor in Athens has asked to see the case file concerning the death of a telecoms engineer in 2005 shortly before the outbreak of a scandal involving the wiretapping of Greece’s political leadership…

The decision to revisit the case came after the European Court of Human Rights (ECHR) deemed on Thursday that Greece had failed to fully investigate the circumstances surrounding the death of former Vodafone employee Costas Tsalikidis, 38, who was found hanged in his apartment.

The investigating prosecutor at the time, Ioannis Diotis, had ruled out foul play, concluding that Tsalikidis had committed suicide.

Tsalikidis’s death occurred the day after the spyware planted in Vodafone’s network was removed…

The spyware diverted phone conversations made by Vodafone’s subscribers to 14 “shadow” pay-as-you-go mobile phones, allowing calls to be monitored. more sing-a-long

Spy Store Helps You Be Big Brother

By | Espionage | No Comments

You’re not paranoid: Someone may be watching you. Friday’s opening of Spysite.com’s first New Jersey store, on Route 23, is the proof.

The new location specializes in covert surveillance. Got an overbearing boss? They’ll sell you a pen that will secretly record him. Suspect your neighbors are stealing your packages? Owner Grant Huber can sell you a camera and tell you where to hide it so no one suspects…

Employees will show buyers how to use all the gadgets they sell. more

Fun fact: Radio Shack employees were not allowed to instruct customers how to spy using their merchandise. For the answer as to why, click here. ~Kevin

Germany to Parents – Destroy Your Child’s Smartwatch

By | Internet of Things | No Comments

Germany’s regulatory arm for electricity, gas, telecommunications, post, and railway markets, has issued a ban on smartwatches designed for children over concerns that they can be used by parents to spy on their kids and teachers.

Furthermore, the regulatory office is urging parents to go a step further and physically destroy these smartwatches, should their children own one. The agency has also taken action against several firms that offer smartwatches designed for children.

“Via an app, parents can use such children’s watches to listen unnoticed to the child’s environment and they are to be regarded as an authorized transmitting system,” said Jochen Homann, president of the Federal Network Agency. “According to our research, parents’ watches are also used to listen to teachers in the classroom.more

TSCM Security Tip: Check Hotel Ownership

By | TSCM | No Comments

Many hotels, conference centers and resorts are controlled or owned by governments engaging in business espionage. Checking the ownership before booking your off-site meetings and general business travel can significantly reduce your risk of electronic surveillance.

Click for interactive map.

From a New York Times article, Foiling Cyberspies on Business Trips
Evan Anderson, chief executive of Invnt/IP, a group dedicated to combating nation-sponsored intellectual property theft…said he created a map of Chinese-owned hotels around the world in 2016 and was surprised by how many they were, including some in Silicon Valley where technology companies hold meetings. “Most people don’t realize that an individual Four Seasons hotel, Ritz-Carlton, or many other brands can be owned by a Chinese company with close ties to the Chinese government,” he said.

Checking venue ownership is the first step to reducing the risk of intellectual property theft. The second step is hiring a Technical Surveillance Countermeasures (TSCM) specialist. They will search for all types of electronic surveillance (i.e., audio bugging, video voyeurism, and data cybersecurity), before and during your stay.

Security directors from Fortune 1000 companies are invited to receive my free Off-Site Meeting Security Checklist — 25 recommendations / 5-page report. ~Kevin

Sports Espionage: Honduras Accuses Australia of Spying by Drone

By | Drone | No Comments

Honduras accused Australia of spying on their training sessions with a drone on Monday, as tensions heated up ahead of Wednesday’s decisive World Cup playoff match.

The Honduran National Football Federation (FENAFUTH) posed 18 seconds of footage of a drone flying above Sydney’s Olympic Stadium, where the team trained on Monday after their long flight from central America.

“Australia spied on Honduras’s official training session from a drone, causing discomfort among the Honduran team and delegation,” FENAFUTH said on its Twitter feed. more

How Pinkerton laid the foundation for the CIA and FBI

By | Uncategorized

Allan Pinkerton, the grandaddy of American private eyes, has a “true detective” story made for the binge-watch era.

Pinkerton (left). Restored image. Click to enlarge.

The organized investigation of suspicious behaviors has evolved in two directions. One is in the case of detective work, dealing with activities that endanger individual citizens. The other, integrally linked avenue is in intelligence, investigating threats to the state.

Flowing out of the same font, the modern incarnation of these entwined investigative avenues are largely the creation of two people.

In Europe, Eugene-Francois Vidocq may be considered the godfather of the former criminal turned secret agent who is largely responsible for the development of the modern, entwined arts of intelligence-gathering and criminal investigation. But stateside, his parallel, no less influential, was Lincoln’s spy master during the Civil War, Allan Pinkerton.

Born to an impoverished family in Glasgow in 1819… more

Economic Espionage: Web of Brain Sucking Spiders

By | Uncategorized

For Lt. Gen. Paul Nakasone, USA, commanding general, U.S. Army Cyber Command, one important perspective “is that our adversaries are antagonists,” he said. “Their capabilities are ever increasing.”

At first it was exploitation of data, then disruption and after that destruction. Before it was attacks on networks or a series of networks, now it also is data and critical infrastructure and key resources.

“I think that we are starting to see the trailers [preview] of the future war,” Gen. Nakasone warned. Actors that the United States has not thought of, non-nation states, anonymous, proxy adversaries, will have an impact as antagonists against countries, the general predicted. They are not only going after military networks, they are going after the economic might of that nation. “They are going after the key terrain that they know is fundamental to how a country operates.” more

Suspended Sentence for Swiss Spy Snooping

By | Espionage

Rarely has a spy case attracted as much attention in Germany as that of Daniel M. The bungling double agent passed on troves of bank data to German tax officials while allegedly gathering info on them for the Swiss.

A German court has handed a suspended sentence of one year and 10 months to the former Zurich police detective for spying on the German state of North Rhine-Westphalia’s (NRW) tax authority and some of its staff for nearly four years up to February 2015.

The regional court in Germany’s financial capital, Frankfurt, also slapped a fine of €25,000 ($29,000) on the 54-year-old Swiss double agent. more

Former Governor Wanted Wife Arrested for Eavesdropping

By | Uncategorized

AL – The former director of the Alabama Law Enforcement Agency (Spencer Collier) said former Governor Robert Bentley wanted to know why his wife, Dianne shouldn’t be arrested after he discovered she had been secretly recording his conversations with the aide suspected of being his mistress.

Collier said, “Once I become confident that Ms. Dianne was responsible for recording him, I told him and ended the investigation.

He wanted to know why she couldn’t be arrested for planting an eavesdropping device.

I explained that in my opinion, no [District Attorney] in AL or the [Attorney General] was willing to prosecute a wife for recording her spouse caught in the act of adultery… He became upset and stated that if she or anyone disseminated the information that he would demand that they be arrested.” more

Eavesdropper: The coding mistake that may be in your phone.

By | Cybersecurity

A simple coding error made in hundreds of apps may have exposed as many as 180 million smartphone users to having their text messages and phone conversations intercepted by hackers, security researchers warned.

The warning comes from experts at the cybersecurity firm Appthority, who spotted an error plaguing as many as 685 mobile apps—including one used for secure communications by a federal law enforcement agency

The issue, which has been dubbed Eavesdropper

Eavesdropper is an especially troublesome problem for a number of
reasons. First, most users are likely unaware of what API their mobile
apps use to handle certain features like texts and calls so it is
unlikely the average person would be able to spot if an app they are
using is vulnerable
. more

Attorney Suspended for 4 Years for Eavesdropping

By | Uncategorized

The state Supreme Court has suspended a northern Indiana attorney for at least four years after finding that he eavesdropped on private conversations between homicide suspects and their attorneys when he was a deputy prosecutor.

The court’s disciplinary commission recommended Robert Neary be disbarred. But the justices instead issued an order Monday prohibiting him from working as a lawyer for four years…

They found that when Neary was a LaPorte County deputy prosecutor, he committed attorney misconduct by listening to two homicide suspects’ confidential attorney-client conversations in incidents in 2012 and 2014 involving an audio feed and a video recording made in a police interview room. more

End-to-End Encryption App for Business Customers

By | Uncategorized

End-to-end encrypted messaging app Wire has introduced a version of its service for business customers…

Wire CEO Alan Duric told ZDNet that the company had 300 firms on the
Teams pilot and that businesses were using the service for their top
managers or M&A teams and issues like crisis communications.

Wire is also eyeing the Internet of Things, arguing that end-to-end encryption could be applied to messages to devices as well as chats with your colleagues.

“There is quite a bit of awareness that industrial espionage is not a myth and that they need to protect their data,” he said. more

The Secret Shoe, or The Well Bonded Sole

By | Uncategorized

(via maxim.com)
We’re not suggesting that you infiltrate an enemy’s ranks to take down a hostile foreign power, but if you ever want to dabble in some international espionage, have we got the shoe for you.

A dressy Derby Shoe made from fine deerskin may seem less critical than a working knowledge of close quarters combat or Russian. Still, “The Secret Shoe” from Oliver Sweeney is here to satisfy all your covert spy needs… and then some.

The luxury footwear provider teamed with VeryFirstTo.com to stash inside this unsuspecting-looking shoe two hidden compartments that can each hold three gadgets at a time.

Derby Shoe has provided 12 for you to pick from: the world’s smallest phone, a tiny video camera, a mini Swiss army knife, a tracking device, a money capsule, “the world’s most advanced contactless payment ring” and more.

There’s also room for a house key.

Click to enlarge.

Another badass feature you’ll make use of if you’re ever zip-tied and about to be tossed off a helicopter (there’s a chance) is the laces. They’re made of Kevlar, which means they can double as a friction saw that’s strong enough to cut through wood and plastic. more

If your organization isn’t picking up the tab for this, you’ll probably be interested in the selling price. $1307.50

Still interested?

That’s $1307.50 
…per shoe. ~Kevin