Security Director Alert - Track Missing Laptops

...for FREE!
A security friend at [a very large] Corporation contacted me this week about laptop losses. His company experienced "a dramatic increase in the past year" - primarily when employees traveled on business.

He was studying the problem. Was this just street crime, or was his company being targeted for industrial espionage reasons?

I pointed him to pertinent Security Scrapbook articles. The trend is clear, but what about a simple solution?

Here it is (assuming you have already done encryption and employee awareness training)...
Researchers at the University of Washington and the University of California, San Diego, have launched a new laptop tracking service, called Adeona that is free and private.

Here's how it works: A user downloads the free client software onto a laptop. That software then starts anonymously sending encrypted notes about the computer's whereabouts to servers on the Internet. If the laptop ever goes missing, the user downloads another program, enters a username and password, and then picks up this information from the servers, specifically a free storage service that has been around for several years, called OpenDHT.

The Mac version of Adeona even uses a freeware program called isightcapture to take a snapshot of whomever is using the computer. (more)

Spying Spouses

Family law can sometimes involve “good people, behaving badly.”

That’s according to Laura W. Morgan, of Family Law Consulting in Charlottesville, Va., who offers the tale of a hypothetical client named Mary, who thinks her husband, John, is cheating on her and using marital funds to pay for his trysts. Among other tactics, Mary purchased surveillance software, popularly known as “spyware,” and installed it on a shared computer, so she could read John’s password-protected e-mails and see the Web sites he visits. She additionally took the computer to a forensic computer specialist, who made a copy of the hard drive and then found scads of evidence that could be damaging to John in a divorce.

Mary is what Morgan calls a “self-help” spouse, because she has forgone formal electronic discovery — and it was easy and fairly inexpensive for her to do that. The problem is she may have broken a few laws in the process. (more)

Corporate Eavesdropping & Espionage - Get Smart

Three 'Get Smart' news reports in one day!
Just coincidence?
No...
"Get Smart" the TV-show movie remake hits next week +
Corporations are getting hit with more eavesdropping
= Corporations are Getting Smart...


Targets of Spying Get Smart
by M.P. McQueen

Tiny electronic-surveillance gadgets that James Bond could only dream of are increasingly turning up in boardrooms, bedrooms and bathrooms.

Crooks are parking vans outside people's homes to steal bank-account passwords and credit-card numbers, using programs that tap into Wi-Fi connections. Paparazzi hide cameras and microphones in private jets, hoping to record embarrassing celebrity video. Corporate spies plant keystroke-recording software in executives' laptops and listen in on phone conversations as they travel.

Now, people are deploying counter-spy technology to fight back. Some celebrities and corporate executives get regular sweeps of their offices, limos and private jets in search of hidden devices. Others hire security experts to safeguard their phones and home computers...

Kevin D. Murray, an Oldwick, N.J., counter-surveillance expert, said he received several calls from worried executives asking for sweeps of their offices and homes as soon as the Porsche incident surfaced. (more)


We've gotten smart:
Movie's spy gadgets do exist

The shoe phone on TV's "Get Smart" wasn't just a sneaky spy gadget, it was a technological marvel: a wireless, portable telephone that could be used anywhere — though it did require a dime to make a call.

Today, almost everyone has a pocket-sized version that also takes photos, shoots video, sends e-mail and surfs the Internet. About the only thing it doesn't do is protect your feet.

"Get Smart" comes to the big screen next week, along with a spate of new spy gadgets to help Maxwell Smart, Agent 99 and the other spies at CONTROL. The gadgets are just as goofy as they were in the original TV series, but because technology has caught up with the writers' imaginations, there's a big difference: many of the movie's doo-dads actually exist. (more)


Bugging of offices
‘grows sharply’

Wales - Boardrooms and similar high-level working environments are increasingly being bugged as rival businesses and even staff look to gain an advantage through industrial espionage... (more)

Quote of the Day

"Anybody can be a spy now."
– Todd Myers, President, Computer Sights

As a private investigator, Jim Bender has tracked everything from straying spouses to strung-out trust-fund babies - sometimes following them for days at a time.

But thanks to an innovative GPS device the size of a matchbox, he can now stake out a cheating husband without leaving his Fort Lauderdale office. Or, as he has done the last few weeks, help a major company figure out who is draining the diesel fuel from its big rigs.

Technological advances have revolutionized the surveillance business, making devices smaller, cheaper and more effective than ever. And not just for professional snoops like Bender, but for everyday people. (more)

Who's Watching You at Work?

"Surveillance is now routine business practice among American employers, both large and small, as the cost and ease of introducing have dropped. You leave your rights at the office door every day you go to work. Most surveillance is conducted without any individualized suspicion, and personal as well as business-related information is routinely collected," explained Jeremy Gruber, legal director at the National Workrights Institute.

Two-thirds of the companies included in the "2007 Electronic Monitoring & Surveillance Survey" said they monitor Internet connections. (more)

PIs and Bug Creators Jailed for Industrial Espionage

An Israeli firm of private investigators has been rapped for using spyware to steal sensitive information.

According to reports, four members of the Israeli Modi'in Ezrahi private investigation company have been sentenced after being found guilty of using a Trojan horse to steal commercial information.

The Trojan, which was designed and marketed by London-based couple Michael and Ruth Haephrati, was said to have been used by a number of different private investigation firms to spy on companies including the HOT cable television group and Rani Rahav PR agency.

Another alleged victim was Champion Motors, which imports Audi and Volkswagen vehicles. (more)

A married couple accused of using computer worms to conduct industrial espionage has received jail terms of four and two years after pleading guilty in an Israeli court.

Ruth Brier-Haephrati, 28, and her husband Michael Haephrati, 44, were also ordered to pay damages of two million shekels (£245,000) to their victims. (more)

"But, IT said our data was secure."

Data Theft Carried Out On Network Thought Secure
Criminals involved in a massive data breach at the Hannaford Bros. and Sweetbay grocery chains stole the customer information from a part of a computer-network system that security experts had believed was secure.

As many as 4.2 million credit- and debit-card numbers were exposed in the breach.

The Hannaford data, which included customer account numbers and card expiration dates, was stolen between Dec. 7 and March 10. ...it has resulted in at least 1,800 cases of fraud.

A malicious software program, written by the thieves, intercepted the information as it went back and forth over a cable to a transaction processor in Denver. It was then transmitted to an Internet service provider somewhere outside the U.S. The software, known as malware, was planted on computer systems in every store in the two chains, the company says.

...it took a team of about 30 forensics experts and information technologists more than 10 days of round-the-clock troubleshooting to discover the malware. (more) (recent data theft list)

Money Talks - Cell Phones Squawk

Spying programs for mobile phones are likely to grow in sophistication and stealth as the business around selling the tools grows, according to a mobile analyst at the Black Hat conference on Friday.

Many of the spy programs on the market are powerful, but aren't very sophisticated code, said Jarno Niemela, a senior antivirus researchers for Finnish security vendor F-Secure, which makes security products for PCs and mobile phones...

One of the latest tools on the market is Mobile SpySuite, which Niemela believes is the first spy tool generator for mobiles. It sells for US$12,500 and would let a hacker custom-build a spy tool aimed at several models of Nokia phones, Niemela said. (more)

Cell Phone Spying Victim? Tell Your Story.

Have you ever been a victim of cell phone spying?

If your significant other or family member has ever plotted to listen in on your calls, even check your records or download spying software on your phone, we want to hear from you.

GMA is looking for guests who can talk about their experience with cell phone spying. Fill out the info below and you might just end up on GMA. (more)

Computer Bug Gets Upgrade

from the seller's website...
New for 2008! eBlaster 6.0
eBlaster has been the standard in remote monitoring software for parents and employers for almost a decade. It's time for a real innovative change, and we have some very exciting news.

Blaster 6.0 is now available, and we have added features we believe you're really going to like. Now, you have the ability to change options and settings remotely without having to return to the computer on which eBlaster is installed.

What Else is New in eBlaster 6.0?
NEW! Block Web Sites
-- Block inappropriate web sites by name immediately...
NEW! Block Chat/IM Contacts
-- Block all chat and instant messaging with specific people...
NEW! Online Searches
-- records searches made on Google, AOL, MSN, and Yahoo...
NEW! Screen Snapshots with Keyword Alerts
-- Now you can actually see EXACTLY what they saw...
NEW! MySpace Activity
-- All activity on the popular but potentially dangerous MySpace site...

When was the last time you checked your computer for spyware?
eBlaster detection.

Turn your iPhone sideways, and "Open Channel D"

The Incredible World of SPY-Fi: Wild and Crazy Spy Gadgets, Props, and Artifacts from TV and the Movies
by Danny Biederman

from Publishers weekly...
Even people who aren’t big spy movie fans know that James Bond gets to play with some great gadgets. The same goes for the casts of Mission: Impossible, The Man from U.N.C.L.E. and I Spy.

Biederman has been immersed in the spy world, at least as Hollywood depicts it, from the time of his youth in the 1960s, when he was introduced to a world of "spies, gadgets, adventure, and beautiful women—everything that a ten-year-old boy could possibly want."

Since then he has collected over 4,000 props from various sets, amassing such an impressive trove that in 2000 the CIA asked him to exhibit it at its headquarters.

This book tells the story of each TV series and movie through Biederman’s props, which range from the coat hook used in U.N.C.L.E. to open a secret passageway, to the gold sofa that adorned James West’s private railroad car in The Wild Wild West.

In December 2005, the Australian Institute of Criminology (AIC) was commissioned by the Australian High Tech Crime Centre (AHTCC) to conduct research into issues relating to key criminal justice issues concerning technology-enabled crime.

The report provides an instant eduction on technology enhanced crimes, and new crimes which have come into being because of advancements in technology.

Observations...
- It still takes the legal system about 10 years to catch up with technology changes.
- Technology has further cemented the need for international law enforcement cooperation.
- Technology is forcing some of the age-old crimes – that we rarely used to hear about – out of the darkness.
Very interesting document. Sign of the times.
(this report) (more reports)

...just in time to see the other one.

India successfully launched an Israeli spy satellite into orbit on Monday January 21, 2008. The launch of the TECSAR satellite by an Indian-made rocket was carried out in clear weather at 9:15 am local time (0345 GMT) from the Sriharikota space station in southern India. (more) (the other one)

DUCK!

A disabled American spy satellite is rapidly descending and is likely to plunge to Earth by late February or early March, posing a potential danger from its debris, officials said Saturday.

Officials said that they had no control over the nonfunctioning satellite and that it was unknown where the debris might land. (more)

How secure are your text messages?

"For most people, the answer is ...don't worry."
(That, according to Time Magazine, who didn't see this.)

"In the mayor's case (see last story), the reason his messages have been exposed is because of the specialized service the city has contracted with to handle wireless communications between city officials. Although the scandal is already being dubbed BlackBerrygate by wags, the gizmo the mayor and Beatty used to communicate wasn't a BlackBerry at all.

It was a SkyWriter, and although it looks a lot like a BlackBerry, it's a dedicated messaging device provided to the city by SkyTel, a Mississippi-based wireless company that specializes in providing paging and messaging services to large corporations and governmental bodies through its own wireless network and devices.

"Every message sent over the SkyTel network ... is recorded, including: Date and time the message was sent... 'From' address... 'To' address... Length of the message..Entire message content up to 2,000 characters ," notes the company on its Web site in an article about the "benefits of message archiving."

For major corporations and governments, the automatic archiving of such messages is important, where legal requirements mandate the storage of all business- or government-related communications. But tell the mayor that's a benefit today." (more)

Alert - SkyeSpy

Short Story - Add this inexpensive software to any S60 mobile phone (aka smart phone) and you have a bugging device with brains and the ability to snitch.

Why do I mention it?
So you know what you are up against.

Long Story - from the seller's website...
SkyeSpy is remote audio monitoring, detection and notification software for your S60v3 mobile device.

SkyeSpy can be used as:
(1) an intruder detection and alarm system for the home and office,
(2) a remote baby monitor,
(3) a remote car alarm monitor, or
(4) a spy device to listen-in on any environment without anyone knowing!

SkyeSpy is installed on a mobile device that is used as the audio monitoring hardware. The SkyeSpy device is placed in an area where the audio/sound is to be monitored e.g. near a baby, in the home/office etc. SkyeSpy is 'paired' to 'communicate' with another mobile device or landline. When SkyeSpy detects an audio instance, it alerts the paired device with an SMS, MMS or even a CALL!

There are 2 ways for the user to interact with the SkyeSpy device:
(1) SkyeSpy will contact the user.
(2) User can call the SkyeSpy and secretly listen in real-time.
1 day trial FREE!
Purchase price: $17.95

Threat Awareness - Keystroke Loggers

from Mike Mullins - TechRepublic...
Keystroke loggers are a particularly dangerous security threat because users typically don’t realize they’re even there...

Most antivirus and antispyware programs will miss software keystroke loggers, so how can you protect against these sneaky devices? Fortunately, there are some programs designed for this specific task. For example, SpyCop and SnoopFree Software are both software programs specifically designed to detect software keystroke loggers...

For a comprehensive list of keystroke loggers, Keyloggers.com maintains an updated list of both hardware and software versions sold by a multitude of companies. (more)

A Solution to USB Leaks and Injections of Malware

from the manufacturer's web site... The proliferation of data loss due to the inappropriate or sometimes criminal use of removable media devices has reached alarming levels.

Sanctuary Device Control allows you to regain control of the peripheral storage devices that your user community attempts to connect to your network assets. Through granular policy-based controls, Sanctuary Device Control reduces risk of data theft, data leakage and malware introduction via unauthorized removable media and assures compliance with the landslide of regulations governing privacy and accountability.

Positive Approach to USB Security
Hardware such as USB memory sticks, FireWire external hard-drives, scanners, music players, digital cameras, PDAs, and CD/DVD burner drives are scattered throughout offices around the world. Their proliferation amplifies the threats posed by outsiders or users who plug in devices that could compromise the security of sensitive data.

By employing a whitelist approach, Sanctuary enables only authorized devices to connect to a network, laptop or PC - facilitating security and systems management, while providing the necessary flexibility to the organization. (more) (our earlier warnings 1, 2, 3, 4)

Instant Education - VoIP: The Top 5 Vulnerabilities

Nothing is hacker-safe these days unfortunately, not even your VoIP service. But knowing that going in, and protecting yourself appropriately, can make a world of difference. The folks at the Sipera VIPER Lab have released what they feel are the Top 5 VoIP Vulnerabilities in 2007.

They are:
• Remote eavesdropping of VoIP phone calls...
• VoIP Hopping, one of the enablers of remote eavesdropping...
• Vishing, enables hackers to spoof caller ID... (q.v.)
• Toll fraud...
• The Skype worm...
(more)

Get up-to-speed on computer espionage. Read...

Secrets of Computer Espionage: Tactics and Countermeasures

"Is someone spying on you?

It could be your boss, your competition, or a private investigator, but it could just as easily be a foreign intelligence agent - or the whiz kid down the street. More and more people today want to know what's on your computer, your PDA, your cell phone, or your wireless network.

Joel McNamara takes you inside the mind of the computer espionage artist... This is the book that teaches you to think like a spy, because that's the only way to outwit one."

Contents at a Glance
Acknowledgments.
Introduction.
Chapter 1 Spies.
Chapter 2 Spying and the Law.
Chapter 3 Black Bag Jobs.
Chapter 4 Breaching the System.
Chapter 5 Searching for Evidence.
Chapter 6 Unprotecting Data.
Chapter 7 Copying Data.
Chapter 8 Snooping with Keyloggers.
Chapter 9 Spying with Trojan Horses.
Chapter 10 Network Eavesdropping.
Chapter 11 802.11b Wireless Network Eavesdropping.
Chapter 12 Spying on Electronic Devices.
Chapter 13 Advanced Computer Espionage.
Appendix A: What's on the Web Site.
Index.

Wireless Keyboard Interception - Encryption Cracked

Security researchers have cracked the rudimentary encryption used in a range of popular wireless keyboards.

Bluetooth is increasingly becoming the de-facto standard for wireless communication in peripheral devices and is reckoned to be secure. But some manufacturers such as Logitech and Microsoft rely on 27 MHz radio technology which, it transpires, is anything but secure.

Using nothing more than a simple radio receiver, a soundcard and suitable software, Swiss security firm Dreamlab Technologies managed to capture and decode the radio communications between a keyboard and a PC.

The attack opens the way up to all sorts of mischief including keystroke logging to capture login credentials to online banking sites or email accounts. (more)

Spybuster's Tip #107 - SpyWare - Instant Education

The Top Ten articles for getting up-to-speed on SpyWare issues
- as picked by the Editor's of TechRepublic

• The Anatomy of Spyware
• Spyware: Know Your Enemy
• Spyware: Securing gateway and endpoint against data theft
• Spyware: Determine Your Threat Level ... Enterprise Spy Audit
• Best of Breed vs. Suite Anti-Spyware: What's Best for You?
• 10 things to look for in an anti-spyware application
• Have we moved beyond anti-virus and spyware protection software?
• Protecting Organizations from Spyware
• Spyware Is Everywhere: A Multi-Layered Solution ... Best Defense
• Windows Defender in Vista offers built-in spyware protection
• Behavior-Based Spyware Detection
• Spyware - The Unseen Enemy

Spyware tops list of threats in CompTIA survey

Spyware has become the biggest security threat to organizations, a survey from the Computer Technology Industry Association (CompTIA) has discovered. That's a big change from a few years ago, when spyware was barely even considered a threat. (more)