Security Scrapbook - Espionage & Privacy News of the Week.
April 30, 2004
To: Clients, colleagues and friends.
Subject: Espionage & Privacy News of the Week.
===================================================
Kevin's Security Scrapbook is published on an irregular
basis for a select audience. HTML versions are archived at http://www.spybusters.com/Security_Scrapbook.html
=================================================== SPECIAL SECTION -- Security Director News
SPECIAL SECTION -- Spy News, Silhouettes Style
SPECIAL SECTION -- Warrentless GPS Tracking
SPECIAL SECTION -- New Age Surveillance
SPECIAL SECTION -- Mental Moss ===================================================
SPECIAL SECTION -- Security Director News
Extortionography Tale #045 - Prediction: Media will win, again. A Fortune 500 company has filed a lawsuit against a San Antonio, Texas-based television station, its owner and a reporter, alleging that the station possesses illegally obtained proprietary documents. The company is seeking a return of the documents, as well as the identity of the person who gave them to the station. http://www.msnbc.msn.com/id/4839274/ Why this is important to you! http://www.spybusters.com/Extortionography.html
Cautionary Tale #478 - "Trade your password for a pen?" Workers are prepared to give away their passwords for a cheap pen, according to a somewhat unscientific - but still illuminating - survey published today. Nine in ten (90 per cent) of office workers at London's Waterloo Station gave away their computer password for a cheap pen, compared with 65 per cent last year. Men were slightly more likely to reveal their password with 95 per cent of blokes, compared to 85 per cent of women quizzed, prepared to hand over their password on request. The survey also found the majority of workers (80 per cent) would take confidential information with them when they change jobs and would not keep salary details confidential if they came across them. http://www.theregister.co.uk/2003/04/18/
Cautionary Tale #479 - Pens work better. A survey of office workers in London found that almost three quarters would reveal their network-access password in exchange for a bar of chocolate. http://zdnet.com.com/2100-1105_2-5195282.html
Cautionary Tale #480 - Oops. We paid too much for that password!
"I would sell out my company for a Tic-Tac!" http://tinyurl.com/228jm
Your Cell Phone's Built-in Bug? The Times has gone to the British Palace of Westminster to prove that 'bluesnarfing' is a threat to the country's security. The claims are based on software developed by Adam Laurie of A.L. Digital that software running on his ordinary Panasonic notebook can break the security of Bluetooth on standard mobile handsets. And in this case turn Bluetooth handsets into 'bugs'. He seems to maintain that the Nokia 6310 and Sony Ericsson T610 are the most vulnerable. http://www.theinquirer.net/?article=15518 Additional information on Bluesnarfing... http://www.thebunker.net/release-bluestumbler.htm
More Spy Phone News... Hong Kong - Suspicious wives in China and Hong Kong are converting their husbands’ mobile phones into bugging devices to catch them cheating with mistresses, a news report said on Saturday. Women are paying to have a chip installed on the handsets so that they can secretly listen on in their husbands wherever they are, according to the Hong Kong Standard. In some cases the chips are being bought by suspicious bosses who want to catch out errant employees and are being sold through websites and by private detectives, the newspaper said. Once the chip is installed, the suspicious partner can ring the handset which will answer without ringing or vibrating. The caller will then be able to listen in on any sound in the vicinity of the phone. ... Security consultant Kevin Murray of the US-based firm Spybusters (Murray Associates) told the newspaper the devices began circulating out of Taiwan about two years ago. They are now being sold across the region and worldwide. http://tinyurl.com/37ons See 17 different spy phones here... http://www.endoacustica.com/english/spy_telephone.htm
Spyware in the office. What to do, and why... Even in computing environments that encrypt data, spyware remains a threat to the security of corporate data because its keystroke-logging components capture input before it's encrypted. ... Perhaps one of the biggest concerns regarding spyware in the corporation is the challenge it presents to organizations struggling to demonstrate compliance with government regulations for information security. ... These regulations include the Health Insurance Portability and Accountability Act, established to ensure the privacy of patient information; the Sarbanes-Oxley Act, established to ensure that financial statements are resistant to fraud; the Gramm-Leach-Bliley Act, established to safeguard customer information; and even the California Data Privacy Law (California SB 1386), established to protect the confidential information of state residents.
- Use antivirus software that identifies spyware.
- Download and execute code only from trusted sites.
- Update information security policies, if necessary, to include spyware. If file-sharing software is allowed, establish procedures for ensuring that it's configured correctly. If personal Internet use is allowed, establish criteria for appropriate use.
- Use discretion when clicking through online advertisements; ads that appear in a program's user interface are probably spyware.
- Review and revise firewall policies, if necessary, to ensure that only authorized outbound traffic is allowed. It may be necessary to install desktop firewalls to make sure spyware is blocked as it attempts to phone home.
- Become familiar with spyware sources and create rules to block access. http://computerworld.com/securitytopics/security/story/
Cautionary Tale #481 - The Photo That Framed You! Business travellers are unwittingly making company secrets available to rivals by ignoring the risks of local wireless networks, known as wi-fi hotspots, security experts warn. ... "It's actually happening: there is competitive intelligence being gathered," said Richard Hollis, chief executive of Orthus, a security firm. ... "I'm walking into corporations and commercial hotspots that are finding things on their networks that they didn't put there and it's scaring the hell out of them. What if someone used such a network to store paedophile images or to attack a bank? The company would be liable," said Mr Hollis. http://tinyurl.com/2k6yk
SPECIAL SECTION -- Spy News, Silhouettes Style
Decrypt this...
Sha na na na, sha na na na na, The highly secretive National Security Agency is looking to hire 7,500 workers over the next five years in the spy agency's largest recruiting campaign since the 1980s. The NSA, an element of the Defense Department based at Fort Meade in Maryland, conducts electronic wiretapping and signals gathering for foreign intelligence purposes. http://salon.com/news/wire/2004/04/10/nsa/index_np.html
And when I go back to the house
I hear the woman's mouth
Preaching and a crying,
Tell me that I'm lying... New York - Mark Laffey, 34, was arrested Wednesday and charged with criminal eavesdropping for allegedly rigging a hidden tape recorder to record wife Maureen's phone calls at their Oyster Bay estate. ... Mark Laffey, the chief operating officer of Century 21 Laffey Associates Fine Homes, spent the night in jail and was arraigned on the charge the next morning... http://www.nypost.com/news/regionalnews/19431.htm
Yip yip yip yip yip yip yip yip
Mum mum mum mum mum mum
Daybreak's morning WOOD-TV news flash... Michigan - A local TV station producer is facing a felony charge after allegedly setting up a hidden video camera in his roommate's bedroom. Gallagher, 28, who has produced the Daybreak early morning news program at WOOD-TV (Channel 8) is to appear in Grand Rapids District Court next week for a preliminary hearing on a charge of installing an eavesdropping device, according to court records. http://www.mlive.com/news/grpress/index.ssf?/base/news-14/
SPECIAL SECTION -- Warrantless GPS Tracking
NY - Nassau police detective secretly planted an electronic tracking device on the undercarriage of a car driven by a Lawrence man suspected of a string of burglaries. For nearly a month, every car trip taken by Richard D. Lacey, 27, a security guard, was recorded by the tracking device -- a global positioning system commonly known as GPS. Lacey didn't have a clue. However, in a case that has broad implications for law enforcement, Lacey's lawyer is challenging the police department's high-tech tactics... http://www.newsday.com/news/local/longisland
OR -- The Oregon Supreme Court confronted the issue of whether the government can secretly track its workers without search warrants if they're using government vehicles. ... Investigators put an electronic tracking device on her Forest Service truck, and she was seen setting one fire by people in a surveillance plane who tracked the vehicle. www.kgw.com/ news-local/stories/kgw_041504
WA - Last September, the Washington state Supreme Court was the first in the nation to issue a ruling on law enforcement's use of GPS to investigate crimes. In a unanimous decision, the court ruled that a GPS tracking device is an intrusive method of surveillance and said law enforcement officials in that state must get a warrant before attaching one to a suspect's car. http://www.newsday.com/news/local/longisland/ny-ligps
"Every bond you break, every step you take, I'll be watchin' you." (It ain't just The Police anymore.)
Since 2002, more rental cars have been fitted with such systems, which instantly can relay information on your car's speed, route and position to the rental company. This is done by wireless devices and Global Positioning System receivers that pinpoint location. ... AirIQ, a Toronto company that derives most of its business from equipping U.S. rental cars with tracking systems, reported revenue was up 30 percent in the third quarter of 2003 from the previous year. http://tinyurl.com/225hr
Hey cops! Get ready for our summer road trip... Manalapan, FL - One of the nation's richest towns has decided to digitally record the license plate of every car that meanders through its small stretch of mansions on the Palm Beach County, Fla., coast and to run an automatic background check on each driver. http://www.kansascity.com/mld/kansascity/news/nation/
Welcome to Bug City.
New York City's cell phones, pagers, landlines and even computers were wiretapped by investigators more than in any other city in the country last year, new statistics show. And it's not the FBI doing most of the listening. Local law enforcement agencies are leading the pack when it comes to getting a judge's okay to tap into New York's private chatter. Last year, judges approved 246 wiretap orders - covering thousands of people - for New York City law enforcement, compared with 118 in Los Angeles, seven in Miami, five in Chicago and 117 in the entire state of New Jersey. ... Queens was the most-bugged borough, with 5,808 people tapped by District Attorney Richard Brown in 2003. http://www.nydailynews.com/front/story/189462p-163870c.html
Mind Monkey of the Week
Eavesdropping: - An Aural Analogue of Voyeurism?
by Elisabeth Weis
"If voyeurism is such a fertile subject for film, to what extent is there an aural equivalent? I propose a possible psychoanalytic basis for considering an erotics of cinematic eavesdropping and suggest that it may be a neglected aspect of the compelling connection between audiences and films. I then turn to the film texts themselves and find that the device of diegetic eavesdropping raises a broad and complex range of moral and narrational as well as psychoanalytic issues..." http://lavender.fortunecity.com/hawkslane/575/eavesdropping.htm
Note: "diegetic eavesdropping" is sound whose source is visible on the screen, or whose source is implied to be present by the action of the film.
Felix Lighter-cam...
No one would imagine that this inconspicuous Zippo look-alike actually contains a digital camera capable of holding over 300 images. The JB1 uses ST Micro technology to capture highly-detailed images with incredibly small file sizes. Sneaking a pic indoors is kept stealthy thanks to LiteSync technology that allows you to take clear images in fluorescent lighting without using a flash. (see product photo) http://www.spygear4u.com/addprod.asp?productid=638
"Ick, its an Eckbox," or...
"I can see you're just my type." Eckbox is software designed to aid in a specific type of security testing against a spying attack known as van Eck Phreaking or TEMPEST. It involves picking up radiation leaking from an electronic device, such as a monitor, and interpreting the signal to recreate the data contained in the device. This can be thought of as a sort of shoulder-surfing. http://eckbox.sourceforge.net/
Tell thieves 'scat' in no uncertain terms... The "Brief Safe" is an innovative new diversion safe that can secure your cash, documents, and other small valuables from inquisitive eyes and thieving hands, both at home and when you're traveling. Items can be hidden right under their noses... http://www.shomer-tec.com/item.cfm?Action=Search&variable=1164
Eavesdropping Detection Services
United Kingdom Eavesdropping Detection Services
