Steganography - Look at secrets, but not see them.

Altered with the proper steganography algorithm, this innocuous picture of a cat could be a carrier for corporate espionage.

Earlier this year, someone at the United States Department of Justice smuggled sensitive financial data out of the agency by embedding the data in several image files. Defeating this exfiltration method, called steganography, has proved particularly tricky, but one engineering student has come up with a way to make espionage work against itself.

Keith Bertolino, founder of digital forensics start-up E.R. Forensics, based in West Nyack, N.Y., developed a new way of disrupting steganography last year while finishing his electrical engineering degree at Northeastern University, in Boston.

FutureWatch...
Steganography is a moving target. Now exfiltrators are beginning to make use of streaming data technologies like voice over Internet Protocol (VoIP). Disrupting or even detecting hidden transmissions inside real-time phone calls is the next hurdle for digital forensics companies, and Hosmer says it poses a significantly more challenging problem.
(more)

Bug Bites... with Bluetooth

Smart spies can build their own bugs; ones which average TSCM detection equipment can't see.

One example of this are bugs which use off-the-shelf Bluetooth technology, like Bluegiga. Short range, but very effective.

Another example is second generation Zigbee which can transmit audio a much greater distance.

Both signals are digital. Both blend their transmissions into the sea of legitimate WiFi signals which surround us.

The cost for building these advanced bugging devices is less than $100. per bug.

Discovery requires the most advanced TSCM instrumentation... like what you will find only here.

Spy vs. Spy Display at State Department

Spy technology is now on display now in the lobby of the State Department Annex at 1400 Wilson Blvd. in Rosslyn, Va.

“Listening In: Electronic Eavesdropping in the Cold War Era” is an exhibit that pulls together spy technology circa 1955 through 1985. Produced by the Countermeasures Directorate’s Office of Security Technology in the Bureau of Diplomatic Security, the show displays a large array of Cold War era surveillance technology, including wired microphones and radio transmitters.

The U.S. Embassy in Moscow seems like it was one big recording booth in the 1960s. One photo shows Ambassador Henry Cabot Lodge Jr. in 1960 holding a listening device that had been discovered inside a large wooden carving of the Great Seal of the United States, a gift from the Soviet Union in 1945. Hidden magnetic microphones were especially popular in U.S. embassies in Eastern Europe. These were small microphones attached to long wooden tubes that could be deeply recessed into embassy walls.

Even Cold War era typewriters had countersurveillance mechanisms built into them. Included in the exhibit is an IBM Selectric typewriter. It coupled a motor to a mechanical assembly, so pressing different keys caused the motor to draw different amounts of current that were specific for each key. Close measurements of the current could reveal what was being typed on the machine. To prevent these measurements, State Selectric typewriters were equipped with “inertia” motors connected to a large flywheel. The spinning flywheel absorbed the stress of the mechanical assembly and masked the keys being typed. (more)
For more on the exhibit, click here.

Employee Instant Messaging Ban

Nearly three-quarters of U.K. businesses have banned the use of instant messaging (IM) citing security concerns, reports IM supplier ProcessOne.

The research noted that 88% of IT directors were concerned about the security risks created by employees using Windows Live Messenger, Yahoo Messenger and other IM services, with 56% citing the loss of sensitive business information as a primary concern. (more)
This ban - also being seen in US companies - is easy to enforce on corporate-owned networks. But, what about IM via personal cellular and laptop devices? Enforcement may seem impossible if the employee can snag a WiFi signal from a nearby coffee shop, hotel or unsecured appearance point.

If controlling unauthorized employee communications is an issue you are trying to solve, call me for the solution.

Security Director Alert - Track Missing Laptops

...for FREE!
A security friend at [a very large] Corporation contacted me this week about laptop losses. His company experienced "a dramatic increase in the past year" - primarily when employees traveled on business.

He was studying the problem. Was this just street crime, or was his company being targeted for industrial espionage reasons?

I pointed him to pertinent Security Scrapbook articles. The trend is clear, but what about a simple solution?

Here it is (assuming you have already done encryption and employee awareness training)...
Researchers at the University of Washington and the University of California, San Diego, have launched a new laptop tracking service, called Adeona that is free and private.

Here's how it works: A user downloads the free client software onto a laptop. That software then starts anonymously sending encrypted notes about the computer's whereabouts to servers on the Internet. If the laptop ever goes missing, the user downloads another program, enters a username and password, and then picks up this information from the servers, specifically a free storage service that has been around for several years, called OpenDHT.

The Mac version of Adeona even uses a freeware program called isightcapture to take a snapshot of whomever is using the computer. (more)

Q&A Time - GPS Trackers

This question comes from a novelist working on a plot.
We also receive similar inquiries from other folks
– corporate security directors to scared spouses!

Q. If a bad guy places a real-time GPS tracker on my hero's car, and knows my hero is a skilled investigator...
• Where might they put the tracker?
• Where might investigator not look for it, or find it?
• And, is there a detector that would allow him to find it? The car is parked either outside or in a parking garage, and the bad guys have lots of access to it.

A. The best answer could come from Lo-Jack mechanics. They do this type of covert installation daily.

Real-time GPS trackers are very cool devices. They are small and may be secreted anywhere in/on a vehicle (in hollow body panels, atop gas tanks, inside bumpers, under seats, within dash panels, etc.). The real trick hiding the power connection and the two antennas properly.

For long-term tracking, a connection has to be made to the car's 12 volt power bus, preferably where the connection can not be seen and the new power wire to the GPS device can not be seen. This part is fairly easy.

Next, get two radio-frequency signals to/from the tracking device...
• The satellite signal (to the device).
• The cellular signal (to/from the device).

A GPS antenna is required to receive the weak satellite signal...

(Either a standard size GPS remote antenna, or a much smaller GPS antenna)
Ideally, this antenna needs to "see" the sky. However, this doesn't mean the antenna will be visible to you.

A GPS antenna can "see" it's signal through non-metallic materials, like: back seat windows and decks, rubber material on bumpers, plastic tail-lights, etc. Make the antenna connecting cable look like the factory installed wiring and you're in!

The cellular GSM antenna is not as hard to position since it will work wherever a regular cell phone will work.

Again, hiding the cable is important. Imagine, embalming the antenna and cable in a car's undercoating; making it 100% invisible!

Caution: Do not position the GSM antenna cable near any of the car's audio wiring or you may hear the GSM transmission noise through the car sound system... a definite tip-off that something ain't Kosher.
(small GSM antennas)
How to detect a real-time GPS/GSM tracking device?
• Physical search.
• Take car to an isolated area and use a real-time spectrum analyzer and look for the cell site registration burst transmissions.
• Keep a cell phone detector in the car. If it alerts on a regular basis, and there are no other cell phone users in the area, the problem might be a tracking and/or listening device in the car.

And, then there is the 'ol sharp stick-in-the-eye approach...
Blockers!
• GPS Blocker
• GSM Blocker
• GPS/GSM/GPRS Blocker
(all are illegal, but available, in the U.S.)
~Kevin

The Headline Evil Word You Can Prevent

April 22, 2008 - "Sanford Hospital tightens security after baby taken"

The good news...
The child was rescued a short time later by a police officer who stopped a Chevy Blazer on Interstate 4 (more)

The bad news...
Most corporations are hedging their bets that the word "after" will not appear in a headline about their security efforts.

In the corporate world, stealing intellectual property is the real-life equivalent of a baby – the corporation's baby. The baby who is to be nurtured into the company's future.

Now is the time to tighten security;
• while it is inexpensive to do,
• while your stockholder good-will is high,
• while you still have a job.

1. Work with your Legal Department to upgrade and keep current: non-disclosure agreements, non-compete contracts, and pro-active programs to detect and deter eavesdropping and espionage.

2. Work with your IT department on: password protection, encryption, wireless LAN security audit and compliance surveys, and employee education.

3. Keep current with intellectual property threats.
Read the news.
Offer the boss proof!
You need funding to prevent eavesdropping and espionage problems.

P.S. Problems do happen...
• Recent Problem #1
• Recent Problem #2
• Recent Problem #3
• Recent Problem #4
• Recent Problem #5
• Recent Problem #6
• Recent Problem #7
• Recent Problem #8
• Recent Problem #9
• Recent Problem #10
And all this was just April's news!

Is it any wonder that this Hot Boardroom Topic was also in April's news?
~Kevin

Idea for new sitcom... Plain Stupid! - "Should you be caught, we will disavow any..."

A spy who infiltrated a direct action anti-aviation group has been exposed after making a series of elementary errors that aroused the suspicions of genuine activists.

Toby Kendall joined Plane Stupid, the group that occupied the roof of the Houses of Parliament last month, after graduating from Oxford last year. He told the activists that his name was “Ken Tobias” and said that he was deeply concerned by the impact of the aviation industry on climate change and that he wanted to help to organise protests.

But his habit of wearing a Palestinian scarf with his Armani jeans and designer shirt made some members question his identity. He was also the only member to turn up early to every meeting but had no friends in the activist community...

Plane Stupid began a mole hunt and, after feeding him false information that found its way within two days to the aviation industry, discovered his real name and employer.

Mr. Kendall, 24, works for C2i International, a counter-intelligence company run by former special forces officers. It claims that its agents are “hand-picked from Special Operations at New Scotland Yard”...

Justin King, C2i’s managing director, claimed to have been unaware of Mr. Kendall’s infiltration of Plane Stupid. He said Mr. Kendall was employed to carry out counter-surveillance such as “debugging company offices”. (D'oh!) (more)

This is a cautionary tale for corporations and protest groups alike.
1. Espionage is multifaceted - eavesdropping, wiretapping, dumpster diving, moles, etc.
2. Failed attempts end up in the newspapers. Successes go unnoticed.
3. Attacks fail when people start looking.
4. Start looking.
In this case, "...a contact at Oxford University recognised a photo we'd taken. Our spy wasn't called 'Ken Tobias', but Toby Kendall - an Oriental Studies student from Wadham College. A quick google search revealed a Bebo page with a photo. Snap! It also took us to Linked In, a high-flying corporate networking site, where 'Ken' claimed to be an analyst at C2i International, working in "Security and Investigations".
Note: Even Austin Powers had a better cover story. Don't expect your mole to be as obvious.

Track My Treads - The TPMS Privacy Blowout

via hexview.com
New technologies always come with privacy issues.
Tire Pressure Monitoring Systems (TPMS) is one of those technologies.

What is TPMS?
TPMS lets on-board vehicle computers measure air pressure in the tires.

How does TPMS work?
In a typical TPMS, each wheel of the vehicle contains a device (TPMS sensor) - usually attached to the inflation valve - that measures air pressure and, optionally, temperature, vehicle state (moving or not), and the health of the sensor's battery. Each sensor transmits this information (either periodically or upon request) to the on-board computer in the vehicle. To differentiate between its own wheels and wheels of the vehicle in the next lane, each TPMS sensor contains a unique id.

TPMS transmits data that uniquely identifies your car!
Here is where privacy problems become obvious: Each wheel of the vehicle transmits a unique ID, easily readable using off-the-shelf receiver. Although the transmitter’s power is very low, the signal is still readable from a fair distance using a good directional antenna.

Why is this a problem?
If you live in the United States, chances are, you have heard about the “traffic-improving” ideas where transportation authorities looked for the possibility to track all vehicles in nearly real time in order to issue speeding tickets or impose mileage-adjusted taxes... Guess what? With minor limitations, TPMS can be used for the very purpose of tracking your vehicle in real time with no substantial investments! TPMS can also be used to measure the speed of your vehicle... (remember) car manufacturers know serial numbers of every part in your vehicle, including unique IDs of TPMS sensors.
("Your ticket is in the mail.")

Now, no article is complete unless it mentions terrorists...
It is now super easy to blow up someone's car. There's no need to fix the explosive to the vehicle. No more wires and buttons. No human factor. A high-school kid with passion for electronics can assemble a device that will trigger the detonator when the right vehicle passes by. (more)

17 Signs That You Are Being Wiretapped

compiled by voip-news.com
Do you hear strange noises on your phone line?
Do you feel like your secrets aren't safe?
You're not as paranoid as you might think.

Mobsters and cheating spouses aren't the only ones that get wiretapped. In fact, just about anyone who possesses confidential information is a prime target for a wiretap, so it's important that you know the warning signs. Keep an eye out for these subtle clues to avoid becoming a victim of information theft.

1. Your secrets are out.
2. You hear strange noises, like clicking, static and humming.
3. Your phone makes noise on its own.
4. Your radio has strange interference.
5. Your environment just seems different.
6. Your outside phone box has extra hardware
7. You find a recording machine.
8. You're being blackmailed.
9. Your receiver has extra hardware.
10. You notice a lot of utility trucks near the premise
11. Your TV has interference.
12. You are the victim of a burglary, but nothing was stolen.
13. Your wall plates are moved.
14. You've had a mysterious repair.
15. There are no signs.
16. Your phone company doesn't help.
17. You use a cordless phone.
(more)
(The Private Citizen's Guide to Detecting Amateur Wiretaps)

Security and Spying With Nanotechnology as Tiny Spy Dust Chips Track Your Movements

Nox Defense has released an invisible perimeter defense technology, which combines high-resolution video pictures and radio frequency identification (RFID) tags, sometimes referred to as "spy chips", to track assets and people in real time. The system allows security officers to see a theft or intrusion as it happens, and track a stolen object even if concealed inside a briefcase, under a jacket, or stuffed inside a sock. The FBI is among early adopters of the Nox Intelligent Perimeter Defense system, though has not released details how it will use the system. (more)

PartnerSpy vs. PartnerSpy

In Scotland, where punches are not pulled, a daily newspaper instructs its readers, "How To Spy On Your Partner." For us, of course, it is a cautionary tale. These tactics may be employed by anyone, against anyone.

Partner vs. Partner is only one of many snoop scenarios. Here are some others:
- Employees vs. Management
- Ambitious Executive vs. Unsuspecting Executive
- Competitor vs. You
- Defendant vs. Plaintiff
- News Media / Protest Groups vs. Your Company

Being aware of 'everyman' spy technology is the first step toward protection. The second step is actively looking. Which, by the way, is what we do best for businesses and governments worldwide.

How To Spy On Your Partner
Feb 27 2008 By Craig McQueen

Lipstick on collars or smelling of a strange perfume used to be how cheating husbands got caught out. But in these days of big divorce settlements, spurned partners are gathering evidence the hi-tech way.

One US firm has produced a SIM card reader that opens text messages AFTER they've been deleted - and that's just the tip of the iceberg. Other surveillance gadgets used today would look at home in spy films. They're legal and freely available from websites spystoreuk.com, spycatcheronline.co.uk and brickhousesecurity.com

Here are a few of the best: (described in detail here)
- HIDDEN CAMERAS
- MOBILE PHONE TRACKING
- WIRELESS BUGS
- PHONE RECORDERS
- GPS TRACKING
- COMPUTER KEY LOGGING
- THE TEDDY CAM
- INTERCEPTOR SOFTWARE
- VEHICLE TRACKING

FutureWatch - Pimping your ride with RFID

First Singapore, then Bermuda, then...?

Here what happened in Bermuda...
"The Bermuda Government is issuing vehicle owners with credit card sized stickers containing a RFID chip and it is expected that every vehicle in Bermuda will carry one within a year or two. The scheme is mandatory and a $10,000 penalty applies if owners remove the chips. RFID readers are being placed in telephone poles and buildings throughout Bermuda, which enable authorities to monitor the past and present location of vehicles and record the speed at which they are traveling. The information is being sent to high speed computers that calculate everything you could possibly imagine about a travellers journey, even the route taken." (more)

The handwriting is on your windshield.
Look for government to pimp your ride, next.
Hey, they even call it something benign and acceptable.
...like EZ-Pass, Ipass or UneedaPass.

Ultra-wideband (UWB). Now a TSCM reality.

UWB materializes on an RSA6114A Tektronix spectrum analyzer.

New Eavesdropping Threat. Bug transmissions via Ultra-wideband. Standard eavesdropping detection techniques don't 'see' it.

Research Electronics explains it nicely...
"Ultra-Wide Band (UWB) transmitters represent a new method of RF modulation, typically consisting of extremely narrow pulses (in the range of 250 picoseconds). The modulation scheme is a time division multiplexed system based on the timing of the pulses across a large frequency range. It is suspected that this new method of modulation will likely be used for short-range communications (approximately 10 meters), but other applications will certainly be developed. With a potential frequency band of 2GHz to 10GHz, the new UWB modulation represents some interesting characteristics from the technical security perspective, specifically with regard to the detection of UWB transmissions potentially used in eavesdropping devices."

Murray Associates recognized the threat early.
(from Kevin's Security Scrapbook - February, 2002)
FutureWatch
Ultra-wideband (UWB) makes it debut... (this will be big)
Applications...
- Ground Penetrating Radar Systems
- Wall Imaging Systems
- Through-wall Imaging Systems
- Medical Systems
- Surveillance Systems
- Vehicular Radar Systems
- Communications and Measurement Systems
Not to mention, low-probability-of-intercept bugging devices.
(Shhhhhh! We told you not to mention that.) (more)

Because of this foresight, Murray Associates can counter UWB eavesdropping threats today. Knowledge and military-level TSCM instrumentation (from REI and Tektronix) are being used now to protect their client family.

Consider the advanced TSCM services of Murray Associates if your current TSCM team can't show you what UWB looks like.

Short Wave Radio to the Rescue

Plot by terrorists to blow up the Eiffel Tower uncovered.
A scrambled short-wave radio conversation exposing the planned attack on the world's most visited monument was picked up by Portuguese air traffic controllers and passed on to French spy chiefs. The threat was uncovered in a "vague and muffled" radio conversation picked up by air traffic controllers in Lisbon on Thursday. (more)

Surveillance Society: High-Tech Cameras Watch You

In the era of computer-controlled surveillance, your every move could be captured by cameras, whether you're shopping in the grocery store or driving on the freeway. Proponents say it will keep us safe, but at what cost? (more)

Get up-to-speed on computer espionage. Read...

Secrets of Computer Espionage: Tactics and Countermeasures

"Is someone spying on you?

It could be your boss, your competition, or a private investigator, but it could just as easily be a foreign intelligence agent - or the whiz kid down the street. More and more people today want to know what's on your computer, your PDA, your cell phone, or your wireless network.

Joel McNamara takes you inside the mind of the computer espionage artist... This is the book that teaches you to think like a spy, because that's the only way to outwit one."

Contents at a Glance
Acknowledgments.
Introduction.
Chapter 1 Spies.
Chapter 2 Spying and the Law.
Chapter 3 Black Bag Jobs.
Chapter 4 Breaching the System.
Chapter 5 Searching for Evidence.
Chapter 6 Unprotecting Data.
Chapter 7 Copying Data.
Chapter 8 Snooping with Keyloggers.
Chapter 9 Spying with Trojan Horses.
Chapter 10 Network Eavesdropping.
Chapter 11 802.11b Wireless Network Eavesdropping.
Chapter 12 Spying on Electronic Devices.
Chapter 13 Advanced Computer Espionage.
Appendix A: What's on the Web Site.
Index.

"Listen through walls, up to 1/2 mile away!"

• Pull conversations out of walls or floors.
• Amplify them 50,000 times.
• Broadcast them up to 1/2 mile away.

This odd-ball little eavesdropping bug is creative mix of technologies. No need to enter someone's office or home. Just attach this thing to the floor above, ceiling below or the outside wall. Then, head to comfortable spot within a 1/2 mile range. No nearby comfortable spot? Put the receiver and a recorder in a car, and park it nearby. Return daily to pick-up your recordings. (more)

Grab a map. Draw a 1/2 mile circle around your own home or office. How many good listening posts do you see? Maybe hundreds in a suburban environment. Definitely hundreds-of-thousands in a city.

When was the last time you had a professional debugging inspection?

Need a quick example... Go to Google Maps; search for Dearing, KS. The distance between 2200 Road and 2000 Road is exactly one mile. The listening post could be anywhere in this town!

Could we find this bug?
Of course.

Spybuster's Tip #107 - SpyWare - Instant Education

The Top Ten articles for getting up-to-speed on SpyWare issues
- as picked by the Editor's of TechRepublic

• The Anatomy of Spyware
• Spyware: Know Your Enemy
• Spyware: Securing gateway and endpoint against data theft
• Spyware: Determine Your Threat Level ... Enterprise Spy Audit
• Best of Breed vs. Suite Anti-Spyware: What's Best for You?
• 10 things to look for in an anti-spyware application
• Have we moved beyond anti-virus and spyware protection software?
• Protecting Organizations from Spyware
• Spyware Is Everywhere: A Multi-Layered Solution ... Best Defense
• Windows Defender in Vista offers built-in spyware protection
• Behavior-Based Spyware Detection
• Spyware - The Unseen Enemy

Spybuster's Tip #106 - Spot Cisco Eavesdroppers

Someone eavesdropping on your Cisco VoIP phone using the previous attack?

Look for these warning signs...
• Speakerphone light is on.
• Display shows off-hook icon.
• Phone makes static noises.

Best practices for securely setting up your Cisco Unified IP Phones may be found here. ~Kevin

Myth - "Eavesdropping Detection is expensive."

Today's article in Forbes Magazine If Security Is Expensive, Try Getting Hacked, by Andy Greenberg, is a great cautionary tale. Andy clearly shows why your IT department's security budget is a good investment in your company's bottom line.

A sister article entitled If Security Is Expensive, Try Getting Bugged is just as easy to document. Periodic sweeps for bugs and wiretaps (TSCM inspections) can be an even better investment in your company's bottom line. Fund both.

In a nutshell...
Intelligence collection is a leisurely process. Enemies quietly collect long before they use. Until they use what they have gathered no harm is done. Knowing this gives you the edge.

• Eavesdropping is not the goal. It is a means to an end.
• Eavesdropping is a key component of intelligence gathering.
• Eavesdropping is the one spy trick which is easily detectable.

Protection Requires Detection
Eavesdropping detection audits exploit weaknesses inherent in electronic surveillance. Knowing someone is interested in you provides time to counter - before harm is done.

From the 'esoteric but important' files...

New Details Support Tor Spying Theory

"You'll recall the story about the Swedish security researcher who stumbled upon unencrypted embassy e-mail traffic that was passing through five Tor exit nodes he set up. ...

TeamFurry researchers decided to examine the configuration of a few Tor exit nodes to see what they might be up to and found some interesting results...

Of course there's no telling who the exit node owners are (bored hackers, industrial spies or intelligence agencies) or what they're doing for sure, but as TeamFurry notes, the configurations sure look suspicious." (more)

Tor is digital 'Hide and Seek'.
Carter would have loved it.