SpyCam Story #437 - Pinhole PIN Bandits

UK - Police investigating a bank card cloning scam at a petrol station found a small, drilled hole in the ceiling above a chip-and-pin machine.

It is thought the hole, at a BP garage in Lincoln, was used to conceal a covert camera to record the pin numbers of unsuspecting motorists.

Lincolnshire Police said on Friday they had received more than 200 reports of fraudulent transactions from people who filled up at the petrol station, on the A46 at Damons Roundabout.
Victims' cards were used as far away as India and Dubai in what the force said was a national scam, not unique to the county. (more)

Basic Email Security Tips

Chad Perrin at TechRepublic has some excellent tips...
There is a lot of information out there about securing your email. Much of it is advanced, and doesn’t apply to the typical end user. The following is a short list of some important security tips that apply to all email users...

1. Never allow an email client to fully render HTML or XHTML emails without careful thought.
2. If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve email. This means avoiding the use of Web based email services such as GMail, Hotmail, and Yahoo! Mail for email you wish to keep private for any reason.
3. It is always a good idea to ensure that your email authentication process is encrypted, even if the email itself is not. (lazy man's email encryption)
4. Digitally sign your emails. As long as you observe good security practices with email in general, it is highly unlikely that anyone else will ever have the opportunity to usurp your identity for purposes of email, but it is still a possibility. (What is a digital signature?)
5. If, for some reason, you absolutely positively must access an email account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.

Be aware of both your virtual and physical surroundings when communicating via email. Be careful. Trust no one that you do not absolutely have to trust, and recognize the dangers and potential consequences of that trust.

Your email security does not just affect you; it affects others, as well, if your email account is compromised. (full article with greater tip detail)

TSCM Technology - Keeping Pace

The tools of the trade change fast in the world of TSCM.
Blink, and you're sweep business is history.
Here are three examples of the latest tools...

Recently
Too many digital radio signals. Some of them flash on/off, quickly. Some frequency hop, quickly. Some hide within other signals. This year, a new instrument came out of the R&D labs called RSA6114A . It never blinks. It catches it all.

NOW
Too many digital radio signals. How can one identify them all? This week, a new instrument came out of the R&D labs called H600 RFhawk Signal Hunter. It knows all. It tells all... at a reasonable price.


The Future
Having Superman x-ray vision would be a big help in finding eavesdropping devices. A new instrument is in the R&D labs called LEXID. Handheld x-ray vision. Just point, and see!

TSCM challenges do not become easier with time. You can, however, count on us to keep pace and slightly ahead.

Unsecured Wi-Fi Could Compromise Your Identity

CBS3.com - Special Report...
The wireless internet signal you rely on for convenience could be making things easier for internet intruders. Police said hackers could be using your computer to download illegal music, child porn, or even your bank information.

Using a simple can antenna from his car, George Sandford can burglarize homes from hundreds of yards away out in the open and without wearing a mask.

"You can open bank accounts. You get drivers licenses, you can get practically anything you want," Sandford said.

All by using relatively low tech equipment, just about anyone with knowledge can hack into computers using unsecured wireless internet or Wi-Fi signals of unsuspecting people...

"I can build a body of information about you, your back accounts," Sandford said.

Jamie Smith spoke to one unsuspecting resident, "We were able to get onto your internet just a few seconds ago," and Rebecca Hansen of Swarthmore responded, "No."

Rebecca is a client of Tech Guides Incorporated and George Sandford is far from a thief. He is actually Tech Guides' security expert. He sat down and showed Rebecca how to secure her Wi-Fi something everyone should do.

"Not securing your wireless networking is pretty much putting a sign on your house saying 'Hey, we're open,'" Sanford said. Only about half of homes with Wi-Fi are locked. If you don't your computer's connection could be slowed down by others accidentally using your Wi-Fi. (complete story with video)

• Directions for securing your Wi-Fi

Global Info Survey - CIO's Get Smart

A growing number of organizations recognize information security can provide more than just protection of corporate assets, with the delivery of IT and operational efficiencies and improving overall business performance emerging as critical objectives. That is the word from Ernst & Young's 10th annual global information security survey. The survey canvassed nearly 1,300 senior executives in more than 50 countries. (more)

Abusive Teacher Caught On Tape

A Houston mother, who said her daughter was well-behaved at home, was worried about what was going on in her child's classroom because the girl had been suspended four times for bad behavior.

Teacher: 'Y'all Are Just Stupid Kids'
So, Diana Mijares decided to secretly bug her daughter's backpack and was shocked to hear what was on the tape.

"It made us concerned," Mijares said on "Good Morning America" today. "It was enough and we needed answers."

Megan Mijares' digital tape recorded mostly mundane moments at Memorial Elementary School's prekindergarten class, but then it captured the teacher yelling at the group of 4- and 5-year-olds. All of it happened without Megan's or her teacher's knowledge.

"You're just a bad kid," the teacher says on the six-hour tape. "You're mean to me, so I get to be mean to you."

The teacher, who was not identified, continues to harshly scold the children.

"You are all just stupid kids. I swear to God," the teacher says. "You are just all stupid kids." (more) (video)

"Grab the binoculars. The girls are headed for the Blue Lagoon!"

Regime revives Fiji spy agency
The interim Cabinet will revive the National Security Council and the Fiji Intelligence Services. A statement from the interim Cabinet said this was a move to combat threats of terrorism against Fiji. (more)

Liechtenstein reveals industrial spying probe

Liechtenstein, focus of international investigations over tax fraud, said on Wednesday a man convicted after stealing data from a Liechtenstein bank was now being investigated for industrial espionage...

"The investigations concern suspicion of spying out business secrets for the benefit of a foreign party," the Office of the Public Prosecutor said in a statement. (more)

German high court conditionally approves government data spying

Germany's Constitutional Court has determined that any data stored or exchanged on PCs is private and protected by the country's constitution -- just not if you're a suspect.

The court determined that data collection directly encroaches on citizens' rights, but that authorities will be allowed to spy on suspicious individuals with high court approval. (more)

2007 Electronic Monitoring & Surveillance Survey:

Over Half of All Employers Combined Fire Workers for E-Mail & Internet Abuse

From e-mail monitoring and Website blocking to phone tapping and GPS tracking, employers increasingly combine technology with policy to manage productivity and minimize litigation, security, and other risks. To motivate compliance with rules and policies, more than one fourth of employers have fired workers for misusing e-mail and nearly one third have fired employees for misusing the Internet, according to the 2007 Electronic Monitoring & Surveillance Survey from American Management Association (AMA) and The ePolicy Institute. (more)

PartnerSpy vs. PartnerSpy

In Scotland, where punches are not pulled, a daily newspaper instructs its readers, "How To Spy On Your Partner." For us, of course, it is a cautionary tale. These tactics may be employed by anyone, against anyone.

Partner vs. Partner is only one of many snoop scenarios. Here are some others:
- Employees vs. Management
- Ambitious Executive vs. Unsuspecting Executive
- Competitor vs. You
- Defendant vs. Plaintiff
- News Media / Protest Groups vs. Your Company

Being aware of 'everyman' spy technology is the first step toward protection. The second step is actively looking. Which, by the way, is what we do best for businesses and governments worldwide.

How To Spy On Your Partner
Feb 27 2008 By Craig McQueen

Lipstick on collars or smelling of a strange perfume used to be how cheating husbands got caught out. But in these days of big divorce settlements, spurned partners are gathering evidence the hi-tech way.

One US firm has produced a SIM card reader that opens text messages AFTER they've been deleted - and that's just the tip of the iceberg. Other surveillance gadgets used today would look at home in spy films. They're legal and freely available from websites spystoreuk.com, spycatcheronline.co.uk and brickhousesecurity.com

Here are a few of the best: (described in detail here)
- HIDDEN CAMERAS
- MOBILE PHONE TRACKING
- WIRELESS BUGS
- PHONE RECORDERS
- GPS TRACKING
- COMPUTER KEY LOGGING
- THE TEDDY CAM
- INTERCEPTOR SOFTWARE
- VEHICLE TRACKING

SpyCam Story #436 - SpyCam Goes to School

from "blammocamo"...
"I 'hid' my camera and caught some clips of what people were doing during spare period." (boring video) (many many more boring videos)

We've come a long way from the days of Alan Funt. SpyCam'ing is an acknowledged worldwide pass-time. One second you are anonymous, the next second your are a star on youtube.com. Laws are always about 10-years behind the technology. Look for spycams to make some creative legislation.

In the meantime, at least take some steps to protect your workplace and the intellectual property kept there.

Ideas...
- Establish security policy which includes videography.
- Conduct periodic sweeps for video bugging devices.
- Learn to recognize the spycamer's tricks. (1) (2) (3), for example.

FREE Password Cracker

Here is how it works in geek-speak...
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.

Bottom line...
Your cat's name never was a good password anyway. Change it. (help)

National Lottery operator employee spied on rivals

UK - A manager at Camelot, the national lottery operator, used false identities to gather intelligence on rival companies, according to an official investigation.

Alexia Latham, a media relations manager, used three aliases to glean information over a 10-month period as Camelot fought off competitors to win a lucrative 10-year licence...

Camelot, which has run the UK lottery since it started in 1994, was awarded a new 10-year licence by the NLC last August.

Following a close competition, the company beat off a rival bid from Sugal & Damani, which runs state lotteries in India. The new licence will begin in February next year. (more)

Turn your iPhone sideways, and "Open Channel D"

The Incredible World of SPY-Fi: Wild and Crazy Spy Gadgets, Props, and Artifacts from TV and the Movies
by Danny Biederman

from Publishers weekly...
Even people who aren’t big spy movie fans know that James Bond gets to play with some great gadgets. The same goes for the casts of Mission: Impossible, The Man from U.N.C.L.E. and I Spy.

Biederman has been immersed in the spy world, at least as Hollywood depicts it, from the time of his youth in the 1960s, when he was introduced to a world of "spies, gadgets, adventure, and beautiful women—everything that a ten-year-old boy could possibly want."

Since then he has collected over 4,000 props from various sets, amassing such an impressive trove that in 2000 the CIA asked him to exhibit it at its headquarters.

This book tells the story of each TV series and movie through Biederman’s props, which range from the coat hook used in U.N.C.L.E. to open a secret passageway, to the gold sofa that adorned James West’s private railroad car in The Wild Wild West.

Executive Briefing - "Wiretapping Made Easy"

from forbes.com...
Silently tapping into a private cellphone conversation is no longer a high-tech trick reserved for spies and the FBI. Thanks to the work of two young cyber-security researchers, cellular snooping may soon be affordable enough for your next-door neighbor.

In a presentation Wednesday at the Black Hat security conference in Washington, D.C., David Hulton and Steve Muller demonstrated a new technique for cracking the encryption used to prevent eavesdropping on global system for mobile communications (GSM) cellular signals, the type of radio frequency coding used by major cellular service providers including AT&T (nyse: T - news - people ), Cingular and T-Mobile. Combined with a radio receiver, the pair say their technique allows an eavesdropper to record a conversation on these networks from miles away and decode it in about half an hour with just $1,000 in computer storage and processing equipment...

Who will be the customers for their innovative espionage technique?
Hulton and Muller say they aren't sure yet. (more)

SpyCam Story #435 - Bottoms Up

UK - A council worker has been arrested on suspicion of spying on women in the toilets at Coventry's historic Council House. The arrest came after police were called in following a complaint by a victim. There are fears that a man may have somehow concealed himself underneath the floorboards of the toilets and filmed unsuspecting victims on his mobile phone. (more)

Industrial Espionage in Brazil

Brazil - Brazilian police said on Tuesday they were treating the theft of strategic data from Brazil's state-run energy giant Petrobras as a case of industrial espionage.

Petrobras confirmed last Thursday that four laptops and two RAM memory chips were stolen in late January from a transport container owned by the U.S. oil-field service company Halliburton, a longtime Petrobras business partner.

The data came from a drilling ship in the Santos basin, where a huge new oil reserve was recently discovered. The find could make Brazil one of the world's major oil producers...

Caetano confirmed it was not the first case of data robbery from Petrobras. The company reported similar cases to police about a year ago but said they did not involve important information.

He faulted the security in the latest case. (more)

Pellicano Wiretapping Case

The case is scheduled to resume March 5th. The Huffington Post claims they have the Witness List: "Chris Rock, Stallone, Bert Fields, Tom Cruise and hundreds more." The list of 244 people, however, has made the rounds and wound up here. Rambo says he is willing to testify, "Why not? I don't want to be left out." Stallone said he wasn't surprised to hear the allegations that such activity occurs in Hollywood. "In this town, nothing seems as it is," Stallone said. "There's so much skullduggery." (more)

Eavesdropping on private chats is... art!

Conversations from thousands of internet chatrooms, message boards and other public forums have been transformed into an electronic art piece.

Described as a unique portrait of the internet, the electronic art - called the Listening Post – forms a free exhibition at the Science Museum in London.

The piece samples text fragments of uncensored and unedited internet conversations over 231 small electronic screens standing approximately 4m high and 5m wide. The text is accompanied by computer-synthesized voices reading or singing the words that surge, flicker and disappear over the screens.

Listening Post is a collaboration by sound artist Ben Rubin and statistician and artist Mark Hansen, who wanted to address the question: "What would 100,000 people chatting online sound like?" (more)

Americans are not as bugged as they think

Israel - The number of wiretaps performed by the police rose 22 percent last year, from 1,128 in 2006 to 1,375, despite Knesset members' complaints that this tactic is overused. Over the last five years, the number of court-approved wiretaps has risen 42 percent.

By comparison, only 1,839 wiretaps were carried out in the entire United States in 2006.

According to Professor Yoram Shahar of the Interdisciplinary Center in Herzliya, this means that per capita, Israeli policemen use 20 times as many wiretaps as do their American counterparts, and a random Israeli is 30 times as likely to be wiretapped as a random American. (more)

FutureWatch - New technology spells end for wiretapping

It's the stuff the best spy stories are made of, the broadsheets this week had a small story in their technology sections about the Scientific and Technological Research Council of Turkey (TÜBİTAK) National Institute for Electronics and Encryption Research (UEKAE) having developed a completely original software package that allows mobile phones to be encrypted.

This makes it possible for mobiles to be safe enough to discuss national secrets without fear of interception. This type of protection is, officials at TÜBİTAK say, especially vital in the field of military communication when phone calls intercepted by foreign agencies could have potentially fatal consequences for soldiers in the field.

According to TÜBİTAK's February press statement, they have been working on the technology for 20 years and it will be offered first to Turkey's army and then to the public and private companies. This software, they say, will put Turkey in the top league of countries for protecting information and privacy. There will be many for whom the encrypted cell phone has come not a moment too soon and others who are already regretting the development. (more)

"Encryption can't save you now, Sonny Boy... Muhhahahaaaaa!"

from c|net, by Declan McCullagh...
Computer scientists have discovered a novel way to bypass the encryption used in programs like Microsoft's BitLocker and Apple's FileVault and then view the contents of supposedly secure files.

In a paper (PDF) published Thursday that could prompt a rethinking of how to protect sensitive data, the researchers describe how they can extract the contents of a computer's memory and discover the secret encryption key used to scramble files. (I tested these claims by giving them a MacBook with FileVault; here's a slideshow.)

"There seems to be no easy remedy for these vulnerabilities," the researchers say...

Their technique doesn't attack the encryption directly. Rather, it relies on gaining access to the contents of a computer's RAM--through a mechanism as simple as booting a laptop over a network or from a USB drive--and then scanning for encryption keys. How the scan is done is one of the most clever portions of the paper. (more)

Cheap & Secure Communications - for Security ...and Eavesdroppers

from the TriSquare website – TSX300...
"eXtreme Radio Service (eXRS) two-way radios use proprietary Frequency Hopping Spread Spectrum (FHSS) in the ISM band (900 MHz frequencies). 10 Billion channels." (more)

What does this walkie-talkie mean to you?
- "Secure Conversation – No Eavesdropping"
- Communications range of at least 1-2 miles.
- Very good communications within buildings.
- Voice Operated Transmit (VOX)
- No license required.
- Accessories include a headset.
- Cost: less than $100.00 per pair!

What else does this mean?
- A quick hack turns it into a long-range stealth bug!
- The average TSCM sweep team will likely miss it.
- Advanced Eavesdropping Detection will find it.

"...and, the 'Best Use of Spycam Technology' award goes to..."

Bird House Spy Cam
"Watch ‘em, but don’t touch ‘em!"

"Our Hawk Eye Nature Cam will open up undiscovered worlds of bird and wildlife behavior. Once you buy one of our wildlife monitoring cams, it probably won't be long before you buy another and another." (more)

Movies made with birdhouse spycams...
- Bats
- Baby Owls
- Flying Squirrel
- Baby Squirrels
- Hummingbirds
- Spooky Owls
- Baby birds feeding
- Squirrels

"Boss, this suspect gets a lot of email."

The FBI revealed that human error led to surveillance of an entire email network back in 2006, rather than the single email address approved by the secretive court which approves domestic wiretaps and other forms of e-surveillance...

The ISP involved allegedly misinterpreted a warrant for one email address to be a warrant for - ahem - the entire network. (more)

SpyCam Story #434 - Public Pool Perv

UK - A man who secretly filmed boys in a toilet and was caught with a camera at a children's swimming club has escaped a jail term. David Ashton (42) was arrested at Parkside Pool in Cambridge after staff were alerted to his suspicious behaviour during a parents-only training session for eight to 16-year-olds. Police found a video camera in a briefcase he was carrying. When officers searched his home, they discovered covert recordings of men and boys using a toilet cubicle, as well as other indecent images of children. (more)

Wiretap With Your Credit Card

That's right!
If you have a phone.
If you have a credit card.
You have a heavy-duty digital wiretap at your fingertips!

Of course, so does everyone else, so watch what you say 007.

...from the service provider's web site - callrecordercard.net...
It is easy to make high quality digital recordings. We will provide you with your own personal phone number in our state of the art, secure telecom switch.

- To record an important conversation, you first dial your personal phone number (PPN), which connects you to the recording equipment and then dial the number you want to record.

- To record incoming calls, the calls will automatically be recorded as they pass through our recording switch.

Your conversation will then be recorded and stored on our secure, password protected system, for you to play back as needed. Our advanced digital processors will record every word on both sides of the conversation.

Our clients use their Call Recorder Cards for both their business and personal needs. These are some of the typical uses of the Call Recorder Card:
- Record employee's calls to review their job performance
- Record details of complicated negotiations
- Maintains recorded records of verbal agreements
- Insurance investigator interviews
- Dictate recordings to be transcribed
- Dictate memos while on the road
- Disclosed monitoring of children's conversations
- Law enforcement investigations
not to mention...
- nailing that deadbeat jerk you used to be married to
- presenting a new cell phone to that special someone
- 'changing' the home phone number
- set up a sting
- or, post a PPN (pointed to [his/her name here] on-line, and wait for the fun to begin.

No need to have bulky recorders, or phone interceptor equipment. Simply follow the user friendly instructions to automatically direct your calls through our state of the art telecommunication switch.

Your important conversations will be stored in a safe digital format that only you can access and/or retrieve with your very own PIN (Personal Identification Number).

Testimonials (!?!?)
I had my housekeeper start making her calls through my Personal Phone Number. Lo and Behold! She spent hours a day on the phone just chatting! No wonder the housework never got done. O.G. - Connecticut

I gave a new cell phone to my teenager and told her that the calls were being recorded. Now I have peace of mind! Y.P. Texas

One interesting FAQ...
Q: Can I change the number that the other person will see on their caller ID when I make an outgoing call from my PPN?
A: Yes, when placing