CSI Stick - The Cell Phone Mosquito

If someone asks to borrow your cell phone, or you leave it unattended, beware!

Unless you actually watch them use it, they may be secretly grabbing every piece of your information on the device, even deleted messages. If you leave your phone sitting on your desk, or in the center console of your car while the valet parks it, then you and everyone in your contacts list may be at risk, to say nothing of confidential e-mails, spread sheets, or other information. And of course, if you do not want your spouse to see who you are chatting with on your phone, you might want to use extra caution.

Paraben's CSI Stick can be used to make a copy of all data on a cell phone.

...a new electronic capture device that has been developed primarily for law enforcement, surveillance, and intelligence operations that is also available to the public. It is called the Cellular Seizure Investigation Stick, or CSI Stick as a clever acronym. It is manufactured by a company called Paraben, and is a self-contained module about the size of a BIC lighter. It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly. (more)

...thus, giving the word "secret" a new definition.

UK - RAF top brass have secretly bought two spy-in-the-sky planes to snoop on terrorists worldwide — from three miles up. Security officials said the Twin Star aircraft will be a global asset as they can fly for 18 hours a time.

An RAF source said: “With the right sensor array, they can see if a suspected terrorist is at home, listen in to and record his mobile calls and tell you if his car engine is hot, warm or cold. “They can also help others put a surprise package through his window.” (more)

The Geek Chorus Wails Again...

Hackers at the DefCon conference were demonstrating these and other novel techniques for infiltrating facilities...
Want to break into the computer network in an ultra-secure building? Ship a hacked iPhone there to a nonexistent employee and hope the device sits in the mailroom, scanning for nearby wireless connections. (which makes our 24/7 rogue cellphone and wifi location service all the more valuable to you)
How about stealing someone's computer passwords? Forget trying to fool the person into downloading a malicious program that logs keystrokes. A tiny microphone hidden near the keyboard could do the same thing, since each keystroke emits slightly different sounds that can be used to reconstruct the words the target is typing.

As technology gets cheaper and more powerful, from cellphones that act as personal computers to minuscule digital bugging devices, it's enabling a new wave of clever attacks that, if pulled off properly, can be as effective and less risky for thieves than traditional computer-intrusion tactics. (more)

We think the Hamburglar is behind this one...

For the three weeks between July 25 and Aug. 14, 2008, kids can collect official Spy Gear gadgets with the purchase of a Happy Meal or Mighty Kids Meal at participating McDonald's restaurants.

Kids can embark on imaginative spy missions using six new Spy Gear toys offered exclusively at McDonald's: Secret Wrist Beam, Spy Guard Motion Alarm, Spy Disc Defender, Invisible Message Pen, Rear View Spy Scope and Mobile Message Bot.

The Spy Gear Happy Meal is timed with Wild Planet's 10th anniversary of making spy toys, and precedes the release of the company's first Spy Gear board games, Spy Trackdown and Spy Wire. (more)

"In becoming accustomed to such toys and the pleasures they bring, the seeds of an amoral and suspicious adulthood are unwittingly being cultivated." (more)

Cell Phone Warning from India

Any smart phone - including Blackberry, Windows Mobile, iPhone and Symbian phones - can be hacked by a nerd with a little bit of code and some cunning.

And they don't stop at data and identity theft alone. Nor are they content with unleashing viruses on the operating system of your mobile. (Even Bluetooth makes your phone a potential target here.)

New Age mischief makers have learnt how to bug your phone and remote-control it. They can steal your bank information, send out a mischievous SMS to your girlfriend (who might just dump you!), copy your top-secret files or simply spy on every call/SMS you make from your phone. In fact, they can even 'modify' your SMSes before these are sent out to your contacts - and you wouldn't even know it.

That's not all. Hackers can also use your phone to spy on you by switching it on. They can activate the camera and eavesdrop on your discussions during a business meeting, or while you are secretly negotiating a lucrative job offer with a rival company. What's more, they can even do an audio/video recording by sending an SMS command...

So what should a user do? A few simple steps could go a long way. Adopt a multi-layered security approach. Protect mobile devices with antivirus, firewall, anti-SMS spam, and data encryption technologies and install regular security updates to protect phones from viruses and other malware. And yes, don't click blindly on any SMS, for someone may just be spying on you on the sly. (more)

Spy-Sized Flash Drives - "SWALLOW IF CAUGHT"

Available in sizes up to 8 GB.















imation • Brando • Sony • Super Talent

Smart Spy Cameras

UK - Intelligent CCTV cameras are being developed in Britain that not only see trouble but are able to hear it, scientists said.

The technology allows the sounds of breaking glass, someone shouting, or the noise of a crowd gathering to be 'learned' by artificial intelligence software in the cameras.

The technology could slash the speed with which crimes are caught on camera and responded to by police but will again raise a debate about the extent of "surveillance Britain" and the use of such technology.

The three-year project by the University of Portsmouth aims to adapt artificial intelligence software already being developed to identify visual patterns. (more)

Botnet Vet Beset by FBI Dragnet - followed by... Cold Sweat, Upset & Regret

In the first prosecution of its kind in the nation, a man who is well known to members of the “botnet underground” pleaded guilty today to federal charges related to his use of “botnets” – armies of compromised computers – to steal the identities of victims throughout the country by extracting information from their personal computers and wiretapping their communications.

John Schiefer, 26, of Los Angeles (90011), appeared today before United States District Judge A. Howard Matz and pleaded guilty to accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud...

Schiefer’s “spybot” malware allowed him to intercept communications sent between victims’ computers and financial institutions, such as PayPal. Schiefer sifted through those intercepted communications and mined usernames and passwords to accounts. Using the stolen usernames and passwords, Schiefer made purchases and transferred funds without the consent of the victims. Schiefer also gave the stolen usernames and passwords, as well as the wiretapped communications, to others. (more)

Corporate Eavesdropping & Espionage - Get Smart

Three 'Get Smart' news reports in one day!
Just coincidence?
No...
"Get Smart" the TV-show movie remake hits next week +
Corporations are getting hit with more eavesdropping
= Corporations are Getting Smart...


Targets of Spying Get Smart
by M.P. McQueen

Tiny electronic-surveillance gadgets that James Bond could only dream of are increasingly turning up in boardrooms, bedrooms and bathrooms.

Crooks are parking vans outside people's homes to steal bank-account passwords and credit-card numbers, using programs that tap into Wi-Fi connections. Paparazzi hide cameras and microphones in private jets, hoping to record embarrassing celebrity video. Corporate spies plant keystroke-recording software in executives' laptops and listen in on phone conversations as they travel.

Now, people are deploying counter-spy technology to fight back. Some celebrities and corporate executives get regular sweeps of their offices, limos and private jets in search of hidden devices. Others hire security experts to safeguard their phones and home computers...

Kevin D. Murray, an Oldwick, N.J., counter-surveillance expert, said he received several calls from worried executives asking for sweeps of their offices and homes as soon as the Porsche incident surfaced. (more)


We've gotten smart:
Movie's spy gadgets do exist

The shoe phone on TV's "Get Smart" wasn't just a sneaky spy gadget, it was a technological marvel: a wireless, portable telephone that could be used anywhere — though it did require a dime to make a call.

Today, almost everyone has a pocket-sized version that also takes photos, shoots video, sends e-mail and surfs the Internet. About the only thing it doesn't do is protect your feet.

"Get Smart" comes to the big screen next week, along with a spate of new spy gadgets to help Maxwell Smart, Agent 99 and the other spies at CONTROL. The gadgets are just as goofy as they were in the original TV series, but because technology has caught up with the writers' imaginations, there's a big difference: many of the movie's doo-dads actually exist. (more)


Bugging of offices
‘grows sharply’

Wales - Boardrooms and similar high-level working environments are increasingly being bugged as rival businesses and even staff look to gain an advantage through industrial espionage... (more)

"Are You Being...

Surveilled Served?"

UK - Customers in shopping centres are having their every move tracked by a new type of surveillance (Path Intelligence) that listens in on the whisperings of their mobile phones.

The technology can tell when people enter a shopping centre, what stores they visit, how long they remain there, and what route they take as they walked around.

The device cannot access personal details about a person’s identity or contacts, but privacy campaigners expressed concern about potential intrusion should the data fall into the wrong hands.

The surveillance mechanism works by monitoring the signals produced by mobile handsets and then locating the phone by triangulation – measuring the phone’s distance from three receivers. (more)

"All right, who said, 'Turkey'?"

When we last left Turkey...
• A possible Turkish Watergate scandal.
• “AK Party is eavesdropping” claims the opposition.
• Turkish opposition claims security forces bugged its headquarters.

Now, the rest of the story...
• CHP’s bugging allegations turn into bitter comedy.
When the Vakit daily published details of a private conversation between Sav and a former governor last week, Sav claimed his party's headquarters had been bugged. The CHP backed the allegations, reasoning that there was no other way the daily could have obtained such detailed information about the conversation. The CHP argued that a group close to the government within the police force was gathering intelligence for the ruling party.

In response to the accusations, Vakit said its reporter had called Sav on his cell phone for a statement on the day of the meeting and that Sav simply forgot to end the call on his cell when he received his guest, leaving the phone connected for nearly an hour. Records of the call from Turk Telekom and Sav’s cell phone company, Turkcell, seemed to verify this story, as they both showed a 44-minute connection between a phone at Vakit and Sav’s cell phone...

The secularist media, which had initially supported Sav, started calling for his resignation after it turned out that the Vakit scandal was caused by what they described as “his inability to use a cell phone properly.” (more)

Alert - Throw These Bums Out!

Bum One...
The FM analog wireless presenter's microphone – one of the Top 5 corporate eavesdropping threats. Why? No secret. Radio waves travel. A quarter mile is the advertised standard. Interception of an FM analog signal is easy. Safer solutions exist. Throw these bums out. (Murray Associates - Case History)

Bum Two..
Any meeting planner who still uses FM analog wireless microphones for your sensitive presentations or meetings. Educate them. Give them a chance to change. If they don't, your sensitive meetings become Town Hall Meetings. Throw these bums out.

Bum Three...
Any security director or security consultant who does not point out the dangers of FM analog wireless microphones. They have an obligation to stand up to meeting planners and AV crews. They have an obligation to recommend one of the several, more secure, options available. If they don't. Throw these bums out.

Bum Four...
These days, any AV production company that doesn't invest in digital, encrypted wireless microphones for their clients is stupidly cheap. For years, they hid behind excuses like "digital technology is not reliable enough," and "it lacks fidelity." Those days are over.

You pay these guys hundreds of thousands each year to produce your corporate events. The least they can do is update their equipment (a one-time investment).

They KNOW they are leaking your sensitive/secret information when they continue to use FM analog wireless microphones. Not upgrading to secure communications is negligence on their part. Demand secure wireless microphones, or... throw these bums out.

Bum Five...
YOU. If you are not part of the solution, as of this moment you are now part of the problem.

The New Wireless Mics Can Make Your Meetings More Secure.
Some even have encryption capabilities!
The Newest Solution...
SpectraPulse™ Ultra Wideband (UWB) Wireless Microphone System (White Paper)

Additional Digital Choices...
• Lectrosonics (...and an Encryption White Paper)
• Zaxcom
• Mipro ACT-82
• Telex SAFE-1000

Infrared Choices...
• Glonetic Audio
• PA-System
• Azden

Q&A Time - GPS Trackers

This question comes from a novelist working on a plot.
We also receive similar inquiries from other folks
– corporate security directors to scared spouses!

Q. If a bad guy places a real-time GPS tracker on my hero's car, and knows my hero is a skilled investigator...
• Where might they put the tracker?
• Where might investigator not look for it, or find it?
• And, is there a detector that would allow him to find it? The car is parked either outside or in a parking garage, and the bad guys have lots of access to it.

A. The best answer could come from Lo-Jack mechanics. They do this type of covert installation daily.

Real-time GPS trackers are very cool devices. They are small and may be secreted anywhere in/on a vehicle (in hollow body panels, atop gas tanks, inside bumpers, under seats, within dash panels, etc.). The real trick hiding the power connection and the two antennas properly.

For long-term tracking, a connection has to be made to the car's 12 volt power bus, preferably where the connection can not be seen and the new power wire to the GPS device can not be seen. This part is fairly easy.

Next, get two radio-frequency signals to/from the tracking device...
• The satellite signal (to the device).
• The cellular signal (to/from the device).

A GPS antenna is required to receive the weak satellite signal...

(Either a standard size GPS remote antenna, or a much smaller GPS antenna)
Ideally, this antenna needs to "see" the sky. However, this doesn't mean the antenna will be visible to you.

A GPS antenna can "see" it's signal through non-metallic materials, like: back seat windows and decks, rubber material on bumpers, plastic tail-lights, etc. Make the antenna connecting cable look like the factory installed wiring and you're in!

The cellular GSM antenna is not as hard to position since it will work wherever a regular cell phone will work.

Again, hiding the cable is important. Imagine, embalming the antenna and cable in a car's undercoating; making it 100% invisible!

Caution: Do not position the GSM antenna cable near any of the car's audio wiring or you may hear the GSM transmission noise through the car sound system... a definite tip-off that something ain't Kosher.
(small GSM antennas)
How to detect a real-time GPS/GSM tracking device?
• Physical search.
• Take car to an isolated area and use a real-time spectrum analyzer and look for the cell site registration burst transmissions.
• Keep a cell phone detector in the car. If it alerts on a regular basis, and there are no other cell phone users in the area, the problem might be a tracking and/or listening device in the car.

And, then there is the 'ol sharp stick-in-the-eye approach...
Blockers!
• GPS Blocker
• GSM Blocker
• GPS/GSM/GPRS Blocker
(all are illegal, but available, in the U.S.)
~Kevin

Track My Treads - The TPMS Privacy Blowout

via hexview.com
New technologies always come with privacy issues.
Tire Pressure Monitoring Systems (TPMS) is one of those technologies.

What is TPMS?
TPMS lets on-board vehicle computers measure air pressure in the tires.

How does TPMS work?
In a typical TPMS, each wheel of the vehicle contains a device (TPMS sensor) - usually attached to the inflation valve - that measures air pressure and, optionally, temperature, vehicle state (moving or not), and the health of the sensor's battery. Each sensor transmits this information (either periodically or upon request) to the on-board computer in the vehicle. To differentiate between its own wheels and wheels of the vehicle in the next lane, each TPMS sensor contains a unique id.

TPMS transmits data that uniquely identifies your car!
Here is where privacy problems become obvious: Each wheel of the vehicle transmits a unique ID, easily readable using off-the-shelf receiver. Although the transmitter’s power is very low, the signal is still readable from a fair distance using a good directional antenna.

Why is this a problem?
If you live in the United States, chances are, you have heard about the “traffic-improving” ideas where transportation authorities looked for the possibility to track all vehicles in nearly real time in order to issue speeding tickets or impose mileage-adjusted taxes... Guess what? With minor limitations, TPMS can be used for the very purpose of tracking your vehicle in real time with no substantial investments! TPMS can also be used to measure the speed of your vehicle... (remember) car manufacturers know serial numbers of every part in your vehicle, including unique IDs of TPMS sensors.
("Your ticket is in the mail.")

Now, no article is complete unless it mentions terrorists...
It is now super easy to blow up someone's car. There's no need to fix the explosive to the vehicle. No more wires and buttons. No human factor. A high-school kid with passion for electronics can assemble a device that will trigger the detonator when the right vehicle passes by. (more)

Bugs - The Ultimate Bugs

The agency that the Pentagon set up to turn outlandish sci-fi concepts into reality has come closer to creating an army -- or air force -- of cybugs: cyber-moths and beetles that can spy on the enemy.

Inspired by Thomas Easton's 1990 novel, Sparrowhawk, in which animals enlarged by genetic engineering were fitted with implanted control systems, the Defence Advanced Research Projects Agency (DARPA) set out to insert microsystems into living insects as they undergo metamorphosis.

The plan is that their organs will grow around the chips and wires that make up the remote-control devices. (more)

In-house NSA

A rapid way to spot insider threats from individuals within an organization such as a multinational company or military installation is reported in the current issue of the International Journal of Security and Networks. The technology uses data mining techniques to scour email and build up a picture of social network interactions. The technology could prevent serious security breaches, sabotage, and even terrorist activity.

Gilbert Peterson and colleagues at the Air Force Institute of Technology at Wright Patterson AFB, in Ohio are developing technology that could help any organization sniff out insider threats by analyzing email activity or find individuals among potentially tens of thousands of employees with latent interests in sensitive topics. The same technology might also be used to spot individuals who feel alienated within the organization as well as unraveling any worrying changes in their social network interactions. (more)

New Gadget Can Spy On Text Messages

Suspicious spouses can check out their husband or wife's deleted texts with a new gadget. The £76 ($149.00) device can get all the data off a mobile telephone's sim card - including messages and numbers that have been deleted. The information can then be transferred to a PC or laptop through a USB port. BrickHouse Security say it is ideal to "spy on your wife, husband, teens or colleague". (more)

UPDATE (5/28/08)
(source)
Comments from secret sources who KNOW...
"Could not read any more information than I could with SIMCon or SIM Seizure. Save your money." - S.H.

"Interesting marketing strategy, but the statement on their website that "This is the only SIM Card reader in the world that can actually see the *deleted messages*" is completely false. It is certainly not the _only_ product. You can do the same thing with any SIM/smartcard reader and a copy of Smartcard Commander (manually) or many other SIM analysis packages do it automagically (such as SIM Analyzer Pro), and it will cost you less than half of what Brickhouse is charging for this product. Deleted SMS's are very very simple to recover, as only one byte of the SMS entry changes to mark it as "deleted." Recovery of SMS from the SIM will depend on whether the phone stores SMS (and the other data this product claims to recover) on the SIM card or on the phone itself. Not all GSM phones store SMS/phonebook/etc to the SIM, and it can be a user-defined option where to store the data. Also, a typical SIM card may only hold a maximum of 30 SMS messages." - P.K.

Eavesdropping on private chats is... art!

Conversations from thousands of internet chatrooms, message boards and other public forums have been transformed into an electronic art piece.

Described as a unique portrait of the internet, the electronic art - called the Listening Post – forms a free exhibition at the Science Museum in London.

The piece samples text fragments of uncensored and unedited internet conversations over 231 small electronic screens standing approximately 4m high and 5m wide. The text is accompanied by computer-synthesized voices reading or singing the words that surge, flicker and disappear over the screens.

Listening Post is a collaboration by sound artist Ben Rubin and statistician and artist Mark Hansen, who wanted to address the question: "What would 100,000 people chatting online sound like?" (more)

Smackdown - US 193 - RIP

The U.S. Navy has successfully intercepted a defunct spy satellite using a surface-to-air missile — a first-ever such demonstration by an American warship. Debris from the shattered satellite was expected to burn up during re-entry.

"The mission was a success … the missile … intercepted the decaying satellite," Pentagon spokesman Geoff Morrell said.

The interceptor missile was launched from the Navy cruiser USS Lake Erie off Hawaii at 10:30 p.m. EST. The USS Lake Erie is an Aegis guided-missile cruiser. Two other ships, USS Decatur and USS Russell, were also part of the task force. (more) (audio) (Smackdown animation)

Countdown to Smackdown - US 193 (update 3)

Attempt to shoot down spy satellite to cost up to $60 million

(more)

Who is happy about this?
1. Amateur radio operators who are looking forward to communicating by bouncing radio waves off the debris. DX more rare than moon-bounce or meteor scatter communications.
2. The Navy, who will get the rarest of chances to actually test their goodies ...without fear that someone will shoot back.
3. All the MIC types who build these goodies. They will make money replacing the missiles, not to mention the satellite and placement rocket. They will make more money modifying and enhancing existing weapons systems based on what is learned from this escapade.
4. And, of course, the bookies in Vegas!

Hey, taxpayer.
Are you unhappy? Stop. Think about it. Be reasonable.
Don't you want to be prepared when the comets come?
Don't you want to be protected when the aliens try to land?
Grab a beer. Relax. Watch GoldenEye.

Countdown to Smackdown - US 193 (update 2)

The U.S. Navy is specially modifying three advanced SM3 anti-ballistic missile interceptors to shoot down an electronically dead, intelligence-gathering satellite that was launched into space for the National Reconnaissance Organization (NRO).

Communications with the satellite were lost almost immediately, which means there’s no way of guiding the spacecraft to a predictable crash site as it returns from orbit, says Marine Corps Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff.

The extraordinary decision to shoot it down was the result of analyses that show the satellite’s 40-in.-dia. hydrazine tank—now holding a 1,000-lb. frozen sphere of maneuvering propellant—will survive the descent. It will pose a lethal danger when it strikes the Earth, cracks open, and the frozen slush turns into a toxic gas, says James Jeffrey, White House deputy national security adviser. The effect on human lungs would be similar to ammonia or chlorine gas.

The three Aegis ships involved in the intercept, from a launch site in the northern Pacific, will be “reconfigured on a one-time, reversible basis,” says Jeffrey. Even if the space defense missiles miss or misfire, the threat will be no greater, says NASA Administrator Michael Griffin. However, even if the missile only grazes the errant satellite, it will fall out of orbit faster, analysts contend. If they make a direct hit, the spacecraft is expected to fall into an unpopulated area, Cartwright says.

If the SM3 missile hits the satellite as it nears the atmosphere, more than 50% of the debris will reenter within two orbits, about 10-15 hr. Most of the remaining pieces would fall within a month, Cartwright says. It will be critical to hit the satellite before it enters the atmosphere, where its nonaerodynamic shape will cause it to tumble and be almost impossible to engage, he says. If the first SM3 misses, operators will reassess and try again with the backup missiles.

It is officially denied that debris from the payload could reveal secret new U.S. national security capabilities if satellite wreckage were recovered by another nation. (more) (follow the whole story)

Countdown to Smackdown - US 193 (update)

A dead US spy satellite in a deteriorating orbit is expected to hit the Earth during the first week of March, said officials.

The destination of the hit is unknown. Officials familiar with the situation say about half of the 2,270 kilogram spacecraft will survive its blazing descent through the atmosphere and scatter debris. Some of them will be potentially hazardous, over several hundred miles.

The officials (Micky, Mike, Davy and Peter) spoke on condition of anonymity because of the sensitivity of the matter. (more) (sing-a-long)