"My password is stronger than your password!"

"Oh, yea... Prove it!"
...even strong passwords can be cracked in seconds using an open source tool called Ophcrack.

Ophcrack is an extremely fast password cracker because it uses a special algorithm called rainbow tables. Brute-force cracking tools typically try thousands of combinations of letters, numbers and special characters each second, but cracking a password by attempting every conceivable combination can take hours or days. (by Scott Sidel)

SpyCam Story #447 - The Neighbor

Q. "I am being overlooked by a neighbor's camera and was just wondering if there was a anything that could interrupt or jam the filming/picture of a WIRED night/day cctv. Any ideas would be much appreciated. Many thanks."

A. I love easy questions. Once you have tried all the civil things (a polite request to re-aim the camera, threat of filing a voyeurism complaint with the police, etc.) there is always the sharp stick in the eye approach.
Here is what other people are doing...
Ouch #1
Ouch #2
Ouch #3
Ouch #4
Ouch #5
Good luck!
Kevin

She said the man in the gabardine suit was a spy

FB-I said "Be careful his bowtie is really a wi-fi"
Next time you flip open your laptop as you wait for a flight or work at a coffee shop, beware, says the Federal Bureau of Investigation. The person next to you may be stealing your personal bank account information, address book and other files from your computer.

The agency warned earlier this week that the information on your computers may not be protected when using some of the 68,000 Wi-Fi hot spots, or local wireless Internet connections, around the country.

"Odds are there's a hacker nearby, with his own laptop, attempting to 'eavesdrop' on your computer to obtain personal data that will provide access to your money or even to your company's sensitive information," the FBI said in a advisory on its Web site.

Think that's bad, the FBI goes further to warn that if a hacker hooks into your computer, you are also connecting to his computer. That means you could be unknowingly downloading viruses and worms.

Protect yourself:
• Update the security protection on your computer with current versions of operating systems, web browsers, firewalls and antivirus and anti-spyware software.
• When tapped into a Wi-Fi network, don't conduct financial transactions or use e- mail and instant messaging.
• Change the default setting on your laptop so you have to manually select the Wi-Fi network you connect to.
• Turn off your laptop's Wi-Fi capabilities when you're not using them. (more)
Clients... Ask us to demonstrate this during our next eavesdropping detection audit.

The Dawn of the VoIP Bug

"...transform the existing power lines in your home or small office into a high-speed network solution. Without running wires, PLC-185S takes advantage of your existing electrical wiring to create or extend a network environment. PLC-185S is also an ideal solution for homes or small offices where concrete walls, floors in multi-storied buildings, or other architectural barriers could inhibit a wireless signal.

Just plug the PLC-185S into an electrical outlet and it can turn every electrical outlet into a possible network connection to connect to any network devices, such as wireless router, network cameras, and video servers." or VoIP bugs :) (more)

SpyCam Story #443 - Reality YOU tube

Millions of Americans have wireless cameras in their homes and cars, purchased for security or to monitor children — but it turns out the devices could be making those they're meant to protect more vulnerable.

Reporter Tom Regan of ABC News' Atlanta station, WSB-TV, investigated how video cameras may be providing an unwelcome window into your private life.

From a baby's nursery, to a restaurant, to an office, private scenes proved shockingly easy to eavesdrop on with minimal equipment in a recent WSB-TV outing.

Regan's team bought a $100 rearview camera from a local auto parts store, installed it in an S.U.V. and simply drove around. They were amazed by the images picked up by the wireless monitor that came with the rearview camera... (more with video report)

And so, our list of residential snitch devices grows longer...
• 1960's - AM wireless intercom systems.
• 1970's - FM wireless intercom systems.
• 1980's - Cordless telephones.
• 1990's - Wireless audio baby monitors.
• 2000's - Wireless TV baby/security monitors.

What ABC News didn't mention is that professional burglars have taken advantage of these technologies for over 50 years. Their latest tool is a sensitive, compact video scanner.

SpyCam Story #442 - Webcam Hijack Warning

Experts at SophosLabs™, are warning computer users about the importance of properly securing PCs, following news that a man who allegedly used computer malware to prey upon young women has been charged in Canada.

According to media reports, 27-year-old Daniel Lesiewicz has been charged with using spyware to take over the webcams of women as young as 14 and coerced them into posing naked for him. (more)

Cautionary Tale: Prevention = Cost-Effective

Hannaford spending millions to upgrade after security breach.
Background...
Yet Another Corporate Info-Loss Confession
"But, IT said our data was secure."

Hannaford Bros. Co. said it is spending millions of dollars to enhance the security of its data network following a massive security breach that exposed up to 4.2 million credit and debit card numbers to fraud...

Hannaford President and CEO Ron Hodge apologized again Tuesday to customers for concerns and inconvenience they experienced because of the breach...

In a conference call with reporters, Hodge and Bill Homa, senior vice president and chief information officer, declined to address the cause, scope and nature of the breach, citing the ongoing criminal investigation and pending litigation.

The Hannaford case is among the largest security breaches on record but is much smaller than the tens of millions of credit cards that were exposed at TJX Cos. of Framingham, Mass., which has 2,500 stores and includes the T.J. Maxx and Marshalls chains. (more)

The "millions" figure is likely just a system fix number. The final cost, which will include: public embarrassment, loss of customer good-will and customer ill-will lawsuit losses, can not be tallied just yet.

Recommendation:
Be smart.
Be frugal.
Be a corporate hero.
Spend the bucks to protect your company's communications privacy (voice and data). There is a good chance you will save money in the long run... a lot of money! ~Kevin

FutureWatch - Eavesdropping on GSM Cell Phones

A web service that will make it easy and inexpensive to crack the GSM A5/1 encryption protocol, quickly enough for a call that is still in progress, is slated to launch at the end of April. Living right at the intersection of open hardware, open source software, software as a service, and cryptography, the service will reduce the cost and effort of cracking GSM call encryption by at least an order of magnitude.

The service is being developed by members of the GSM Software Project and demonstrates just how much things have changed in the world since the GSM system was designed. Various approaches to cracking both A5/1 (the European standard) and A5/2 (the weaker US standard) have been available for some time but this one is unique in that it should be available to researchers and hackers at the end of April in hosted api form instead of pdf.

Back in 1997, this overview of the GSM system declared that "Enciphering is an option for the fairly paranoid, since the signal is already coded, interleaved, and transmitted in a TDMA manner, thus providing protection from all but the most persistent and dedicated eavesdroppers." After all, such a radio encoding scheme made the signals invisible to typical radio band scanners.

Today, however, the availability of the Universal Software Radio Peripheral (USRP), an open hardware software defined radio that sells for about $700, combined with work being done at GNU Radio project to codify the GSM waveform (also targeted for the end of this month), makes this once reasonable point of view seem quaint. Good encryption is now a must and it appears that A5 no longer qualifies. (more)

Data Land Mines

1. A slip of the finger reveals the company secret.
- Turn off that auto-fill feature.
2. People give away passwords and other secrets without thinking.
- Engage brain. Shut mouth.
3. A trusted partner ends up not being so trustworthy with your data.
- Share sparingly.
4. Web-based apps can be portals to leaks and thieves.
- VPN it instead.
5. Hoping the worse doesn’t happen only makes it worse.
- Plan for disasters.
6. Avoiding or diluting response leadership makes breaches worse.
- Designate a buck-stopper.
7. Handling breach details sloppily tips off the perp.
- Practice 'need-to-know'.
8. Trusting "silver bullet" technology hides real threats.
- There ain't no Lone Ranger.
9. Spending unthinkingly wastes resources you might need for important threats.
- Gauge threats.
10. Don't save the wrong data.
- Only store what you need.
(more)

Track My Treads - The TPMS Privacy Blowout

via hexview.com
New technologies always come with privacy issues.
Tire Pressure Monitoring Systems (TPMS) is one of those technologies.

What is TPMS?
TPMS lets on-board vehicle computers measure air pressure in the tires.

How does TPMS work?
In a typical TPMS, each wheel of the vehicle contains a device (TPMS sensor) - usually attached to the inflation valve - that measures air pressure and, optionally, temperature, vehicle state (moving or not), and the health of the sensor's battery. Each sensor transmits this information (either periodically or upon request) to the on-board computer in the vehicle. To differentiate between its own wheels and wheels of the vehicle in the next lane, each TPMS sensor contains a unique id.

TPMS transmits data that uniquely identifies your car!
Here is where privacy problems become obvious: Each wheel of the vehicle transmits a unique ID, easily readable using off-the-shelf receiver. Although the transmitter’s power is very low, the signal is still readable from a fair distance using a good directional antenna.

Why is this a problem?
If you live in the United States, chances are, you have heard about the “traffic-improving” ideas where transportation authorities looked for the possibility to track all vehicles in nearly real time in order to issue speeding tickets or impose mileage-adjusted taxes... Guess what? With minor limitations, TPMS can be used for the very purpose of tracking your vehicle in real time with no substantial investments! TPMS can also be used to measure the speed of your vehicle... (remember) car manufacturers know serial numbers of every part in your vehicle, including unique IDs of TPMS sensors.
("Your ticket is in the mail.")

Now, no article is complete unless it mentions terrorists...
It is now super easy to blow up someone's car. There's no need to fix the explosive to the vehicle. No more wires and buttons. No human factor. A high-school kid with passion for electronics can assemble a device that will trigger the detonator when the right vehicle passes by. (more)

Corporate Espionage Arrest - AMX Corp. V.P.

Short version: AMX Corporation's Vice President, David Goldenberg, was "arrested for allegedly participating in corporate espionage practices against a competing manufacturer's representative firm."

The following is from the Bergen County (NJ) Prosecutor's press release...
NJ - Bergen County Prosecutor John L. Molinelli announced the arrest of David A. Goldenberg, D.O.B. 05/18/1962, of 432 Golf Dr., Oceanside NY. Goldenberg was arrested on March 28, 2008, on charges of Unlawful Access of a Computer System / Network (2C:20-25b); Unlawful Access of Computer Data / Theft of Data (2C:20-25c); and Conducting an Illegal Wiretap (2A:156A-27)...

The arrest stemmed from an investigation concerning the following: The Paramus Police Department received a complaint from a Paramus based corporation known as Sapphire Marketing, who specializes in high-end audio/visual systems. Representatives of Sapphire reported that they were being suspiciously and consistently underbid for contracts by a competitor for whom David Goldenberg works. They expressed suspicion of corporate espionage. Based on anomalies that the complainant noticed within their computer network and more specifically their electronic mail (e-mail) system, they suspected that the company’s e-mail system had been compromised and that e-mail was being intercepted. The Paramus Police Department (a member of the Computer Crimes Task Force) and the Bergen County Prosecutor’s Office Computer Crimes Unit initiated an investigation.

The investigation revealed that Mr. Goldenberg had engineered the passwords protecting several of the complainant’s e-mail accounts. For a period of time, Mr. Goldenberg was intercepting and reading e-mails that related to potential contracts. Mr. Goldenberg then established a free e-mail account that he had control over, and created an automatic forward of the victim’s e-mail so that they would be sent to him directly. This afforded Mr. Goldenberg advanced knowledge of Sapphire’s customers and bid prices, thus further affording him an opportunity to underbid Sapphire. Sapphire Marketing estimates the loss in revenue from Mr. Goldenberg’s actions to exceed one-million dollars. Mr. Goldenberg was arrested without incident on this date. (more) (more - scroll down)

Goldenberg was hired by AMX June 11, 2007...
“David has a proven track record of satisfying the needs of his customers while boosting sales and profitability. He is also an aggressive marketer focused on value creation,” said Rashid Skaf, AMX president and CEO. “David is a dynamic leader who has proven that he can successfully manage and motivate a diverse team of individuals. I am confident that he will fit well into the AMX culture and accomplish great things with our company.” (more)

The Case of the Flacid Fob

Researchers from Ruhr University Bochum, Germany, presented a complete break of remote keyless entry systems based on the KeeLoq RFID technology. The shown vulnerability applies to all known car and building access control systems that rely on the KeeLoq cipher. "The security hole allows illegitimate parties to access buildings and cars after remote eavesdropping from a distance of up to 100 meters" says Prof. Christof Paar. "Eavesdropping on as little as two messages enables illegitimate parties to duplicate your key..."

A KeeLoq system consists of an active Radio Frequency Identification (RFID) transponders (e.g., embedded in a car key) and a receiver (e.g., embedded in the car door). Both the receiver and transponder use KeeLoq as encryption method for securing the over-the-air communication.

KeeLoq has been used for access control since the mid-1990s. By some estimates, it is the most popular of such systems in Europe and the US. Besides the frequent use of KeeLoq for garage door openers and other building access applications, it is also known that several automotive manufacturers like Toyota/Lexus (Chrysler, Daewoo, Fiat, GM, Honda, Volvo, VW, Clifford, Shurlok, Jaguar, etc.) base their anti-theft protection on assumed secure devices featuring KeeLoq.
(more)
(Hacker video explaining KeeLoq. Minutes: 36:18 - 41:35)
(How to Steal Cars - A Practical Attack on KeeLoq)

How to hack RFID-enabled credit cards for $8

...via tv.boingboing.net
A number of credit card companies now issue credit cards with embedded RFIDs (radio frequency ID tags), with promises of enhanced security and speedy transactions.

But on today's episode of Boing Boing tv, hacker and inventor Pablos Holman shows Xeni how you can use about $8 worth of gear bought on eBay to read personal data from those credit cards -- cardholder name, credit card number, and whatever else your bank embeds in this manner.

Fears over data leaks from RFID-enabled cards aren't new, and some argue they're overblown -- but this demo shows just how cheap and easy the "sniffing" can be.

Forget the tin foil hat.
Wrap it around your wallet and watch where you sit.
There may be an antenna under that chair.

Yet Another Corporate Info-Loss Confession

The Hannaford Bros. supermarket chain said Monday that a breach of its computer systems may have given criminals access to more than four million credit and debit cards issued by nearly 70 banks nationwide.

While the banks appear all but ready to blame Hannaford for failing to follow payment card industry standards on security, there are signs that this may be the first of many cases to surface this year wherein the affected retailer was hacked even though it appeared to be following all of the security rules laid out by the credit card associations. (more) (The List of the Zapped)

RFID Cards Hacked

Researchers and students of the Digital Security group of the Radboud University Nijmegen have discovered a serious security flaw in a widely used type of contactless smartcard, also called RFID tag. It concerns the "Mifare Classic" RFID card produced by NXP (formerly Philips Semiconductors). Earlier, German researchers Karsten Nohl en Henryk Plötz pointed out security weaknesses of this cards. Worldwide around 1 billion of these cards have been sold.

This type of card is used for the Dutch 'ov-chipkaart' [the RFID card for public transport throughout the Netherlands] and public transport systems in other countries (for instance the subway in London and Hong Kong). Mifare cards are also widely used as company cards to control access to buildings and facilities. All this means that the flaw has a broad impact. Because some cards can be cloned, it is in principle possible to access buildings and facilities with a stolen identity. This has been demonstrated on an actual system. (more)

"I reprogrammed a car fob, Mr. Cheney. Now I control you."

by Chris Soghoian...
A team of respected security researchers known for their work hacking RFID radio chips have turned their attention to pacemakers and implantable cardiac defibrillators.

The researchers will present their paper, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses," during the "Attacks" session of the 2008 IEEE Symposium on Security and Privacy, one of the most prestigious conferences for the computer security field...

By reading between the lines (millions of remotely implanted medical devices, able to administer electrical shocks to the heart, can be controlled remotely from distances up to 5 feet, designed by people who know nothing about security), it is easy to predict the gigantic media storm that this paper will cause when the full details (and a YouTube video of a demo, no doubt) are made public. (more)

Cracking GSM encryption just got easier

by Michael Kassner...
For all intents and purposes most everyone including the GSMA—an organization representing most of the mobile phone operators—considered and still considers GSM very secure. In reality A5/1, the technology used to encrypt GSM communications has been vulnerable for at least a decade. The sense of security seems to be based on the fact that the original attack venues require a great deal of computing power, time, and therefore money to accomplish the crack. So an organization would have to be particularly motivated to even want to crack GSM traffic. Care to guess who has enough motivation?

It appears that researchers David Hulton and Steve Miller have recently developed techniques to greatly reduce the time and required computing power needed to crack A5/1 encryption. The two researchers have even patented their work personally. The efficient modifications of the original crack open all sorts of doors making it easier for both black and white hat types to decode GSM conversations. (more)

Computer Bug Gets Upgrade

from the seller's website...
New for 2008! eBlaster 6.0
eBlaster has been the standard in remote monitoring software for parents and employers for almost a decade. It's time for a real innovative change, and we have some very exciting news.

Blaster 6.0 is now available, and we have added features we believe you're really going to like. Now, you have the ability to change options and settings remotely without having to return to the computer on which eBlaster is installed.

What Else is New in eBlaster 6.0?
NEW! Block Web Sites
-- Block inappropriate web sites by name immediately...
NEW! Block Chat/IM Contacts
-- Block all chat and instant messaging with specific people...
NEW! Online Searches
-- records searches made on Google, AOL, MSN, and Yahoo...
NEW! Screen Snapshots with Keyword Alerts
-- Now you can actually see EXACTLY what they saw...
NEW! MySpace Activity
-- All activity on the popular but potentially dangerous MySpace site...

When was the last time you checked your computer for spyware?
eBlaster detection.

Bugs - The Ultimate Bugs

The agency that the Pentagon set up to turn outlandish sci-fi concepts into reality has come closer to creating an army -- or air force -- of cybugs: cyber-moths and beetles that can spy on the enemy.

Inspired by Thomas Easton's 1990 novel, Sparrowhawk, in which animals enlarged by genetic engineering were fitted with implanted control systems, the Defence Advanced Research Projects Agency (DARPA) set out to insert microsystems into living insects as they undergo metamorphosis.

The plan is that their organs will grow around the chips and wires that make up the remote-control devices. (more)

Turn Old 78 RPM Records into MP3s and CDs

Ace sound engineer, Mike Stewart, spins advice about how to turn old 78rpm records into MP3 or CD recordings.

Sounds like it should be easy, but consider, "modern" record players won't play at 78rpm.
Now you know why Mike is the Ace.
(video tutorial)

Wireless security foiled by new exploits

Just when you thought your wireless network was locked down, a whole new set of exploits and hacker tools hits.

Josh_Wright: "Enterprises are doing ... better. We are seeing fewer open networks and more organizations moving to WPA/WPA2 from WEP. There is still more than a fair share of WEP networks, sometimes motivated by the need to support legacy wireless clients (such as VoIP phones, or Symbol scanners). A lot of the enterprises I talk to feel comfortable with the security of their WPA/WPA2 networks, but they often fail to realize that this is only one piece of a wireless security strategy. Failure to address client configuration and security issues, rogue detection and home/mobile users leaves organizations exposed to attack. (more)

When did you last check the security of your wireless network?
Idea... Have us preform an on-site wireless LAN security survey.

New Gadget Can Spy On Text Messages

Suspicious spouses can check out their husband or wife's deleted texts with a new gadget. The £76 ($149.00) device can get all the data off a mobile telephone's sim card - including messages and numbers that have been deleted. The information can then be transferred to a PC or laptop through a USB port. BrickHouse Security say it is ideal to "spy on your wife, husband, teens or colleague". (more)

SpyCam Story #437 - Pinhole PIN Bandits

UK - Police investigating a bank card cloning scam at a petrol station found a small, drilled hole in the ceiling above a chip-and-pin machine.

It is thought the hole, at a BP garage in Lincoln, was used to conceal a covert camera to record the pin numbers of unsuspecting motorists.

Lincolnshire Police said on Friday they had received more than 200 reports of fraudulent transactions from people who filled up at the petrol station, on the A46 at Damons Roundabout.
Victims' cards were used as far away as India and Dubai in what the force said was a national scam, not unique to the county. (more)

Unsecured Wi-Fi Could Compromise Your Identity

CBS3.com - Special Report...
The wireless internet signal you rely on for convenience could be making things easier for internet intruders. Police said hackers could be using your computer to download illegal music, child porn, or even your bank information.

Using a simple can antenna from his car, George Sandford can burglarize homes from hundreds of yards away out in the open and without wearing a mask.

"You can open bank accounts. You get drivers licenses, you can get practically anything you want," Sandford said.

All by using relatively low tech equipment, just about anyone with knowledge can hack into computers using unsecured wireless internet or Wi-Fi signals of unsuspecting people...

"I can build a body of information about you, your back accounts," Sandford said.

Jamie Smith spoke to one unsuspecting resident, "We were able to get onto your internet just a few seconds ago," and Rebecca Hansen of Swarthmore responded, "No."

Rebecca is a client of Tech Guides Incorporated and George Sandford is far from a thief. He is actually Tech Guides' security expert. He sat down and showed Rebecca how to secure her Wi-Fi something everyone should do.

"Not securing your wireless networking is pretty much putting a sign on your house saying 'Hey, we're open,'" Sanford said. Only about half of homes with Wi-Fi are locked. If you don't your computer's connection could be slowed down by others accidentally using your Wi-Fi. (complete story with video)

• Directions for securing your Wi-Fi

FREE Password Cracker

Here is how it works in geek-speak...
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.

Bottom line...
Your cat's name never was a good password anyway. Change it. (help)

Executive Briefing - "Wiretapping Made Easy"

from forbes.com...
Silently tapping into a private cellphone conversation is no longer a high-tech trick reserved for spies and the FBI. Thanks to the work of two young cyber-security researchers, cellular snooping may soon be affordable enough for your next-door neighbor.

In a presentation Wednesday at the Black Hat security conference in Washington, D.C., David Hulton and Steve Muller demonstrated a new technique for cracking the encryption used to prevent eavesdropping on global system for mobile communications (GSM) cellular signals, the type of radio frequency coding used by major cellular service providers including AT&T (nyse: T - news - people ), Cingular and T-Mobile. Combined with a radio receiver, the pair say their technique allows an eavesdropper to record a conversation on these networks from miles away and decode it in about half an hour with just $1,000 in computer storage and processing equipment...

Who will be the customers for their innovative espionage technique?
Hulton and Muller say they aren't sure yet. (more)

"Encryption can't save you now, Sonny Boy... Muhhahahaaaaa!"

from c|net, by Declan McCullagh...
Computer scientists have discovered a novel way to bypass the encryption used in programs like Microsoft's BitLocker and Apple's FileVault and then view the contents of supposedly secure files.

In a paper (PDF) published Thursday that could prompt a rethinking of how to protect sensitive data, the researchers describe how they can extract the contents of a computer's memory and discover the secret encryption key used to scramble files. (I tested these claims by giving them a MacBook with FileVault; here's a slideshow.)

"There seems to be no easy remedy for these vulnerabilities," the researchers say...

Their technique doesn't attack the encryption directly. Rather, it relies on gaining access to the contents of a computer's RAM--through a mechanism as simple as booting a laptop over a network or from a USB drive--and then scanning for encryption keys. How the scan is done is one of the most clever portions of the paper. (more)

Cheap & Secure Communications - for Security ...and Eavesdroppers

from the TriSquare website – TSX300...
"eXtreme Radio Service (eXRS) two-way radios use proprietary Frequency Hopping Spread Spectrum (FHSS) in the ISM band (900 MHz frequencies). 10 Billion channels." (more)

What does this walkie-talkie mean to you?
- "Secure Conversation – No Eavesdropping"
- Communications range of at least 1-2 miles.
- Very good communications within buildings.
- Voice Operated Transmit (VOX)
- No license required.
- Accessories include a headset.
- Cost: less than $100.00 per pair!

What else does this mean?
- A quick hack turns it into a long-range stealth bug!
- The average TSCM sweep team will likely miss it.
- Advanced Eavesdropping Detection will find it.

The Neighbor Stick

Finn Magee combined his industrial design talents with an imagination fermented within apartment walls to come up with what he calls the "Neighbour Rod".

Here, "Neighbor Stick" (as in, 'stick it to your neighbor') seemed a more appropriate moniker.

When the neighbors get noisy, bang on the wall, ceiling, floor with the big white rubber mallet end. When the neighbors get suspiciously quiet, use the stethoscope end.

By the way, that's Betty. She loves to listen.

Finn is one cool dude. More about him, here.

In December 2005, the Australian Institute of Criminology (AIC) was commissioned by the Australian High Tech Crime Centre (AHTCC) to conduct research into issues relating to key criminal justice issues concerning technology-enabled crime.

The report provides an instant eduction on technology enhanced crimes, and new crimes which have come into being because of advancements in technology.

Observations...
- It still takes the legal system about 10 years to catch up with technology changes.
- Technology has further cemented the need for international law enforcement cooperation.
- Technology is forcing some of the age-old crimes – that we rarely used to hear about – out of the darkness.
Very interesting document. Sign of the times.
(this report) (more reports)

SpyCam Story #431 - Sticky Fingers

Security Guard Arrested For Vending Burglary
NC - A covert machine/changer camera was installed at the location to help determine the cause of these chronic unexplained shortages.

The video revealed evidence that a security guard from the location, a federal facility, was opening a vending machine and stealing cash. This machine was used to store the account vending collections in a mother bag from all the machines. The security guard was taking the cafeteria manager's vending key from an unlocked desk drawer in the cafeteria office. Audit records indicate that this individual stole $1,000 over three months. (more)

This is a commom problem. Many of our counterespionage reports contain this obvious recommendation...
Do not leave keys behind.
The most common offense we see is: Admin locks the executive's office door at night and leaves the keys in their unlocked desk just a few feet away.

"Would locking the desk help?"
No. Desk locks are easily pickable (or destructible)... as are filing cabinet locks.

"What could be worse?"
Those big key control ca