Friday, August 30, 2013

St. John sheriff admits rooms bugged

St. John the Baptist Parish Sheriff Mike Tregre acknowledged Thursday his interrogation rooms were rigged with hidden cameras until recently, as a federal whistleblower lawsuit filed by Tregre’s former chief deputy this week alleged.
Tregre, who took office in July 2012, said the equipment was installed by his predecessor, and he was unaware it was there until three months ago.
He downplayed the notion the cameras were used to illegally record discussions between criminal suspects and their attorneys, the most explosive allegation in the lawsuit filed by Tregg Wilson, a lawyer and until recently Tregre’s chief deputy.
“The second set of cameras was set on a continuous loop and recorded the conversations of individuals in the interview rooms, including conversations between persons charged or suspected of a crime and their attorneys,” Wilson’s suit said.
Tregre said Thursday the systems have been removed.
The equipment “recorded 24 hours a day,” he said, a backup in case the room’s main, visible cameras failed.
The system was installed in the department’s four interrogation rooms by Tregre’s predecessor, Wayne Jones, who served four terms as sheriff before losing to Tregre in 2011, the sheriff said.
“I didn’t even know about it myself until somebody pointed it out to me,” said Tregre, who denied wrongdoing.
Jones could not be reached for comment Thursday.

Monday, August 26, 2013

Kate Gosselin Sues Ex-Husband For Spying-Wiretapping Her..

PHILADELPHIA — Reality TV star Kate Gosselin has filed a lawsuit accusing her ex-husband, Jon, of stealing her hard drive and hacking into her phone and computer to get material for a tell-all book.

The federal lawsuit says he took the material for a book called "Kate Gosselin: How She Fooled the World."

The suit, filed Monday in Philadelphia, says the book was written by her ex-husband's friend, tabloid writer Robert Hoffman, but has since been pulled from Amazon because the material was obtained illegally.

The couple starred in the TV show "Jon & Kate Plus 8," detailing life with their twins and sextuplets, before they separated in 2009 and later divorced.

NSA bugged the United Nations

WASHINGTON, Aug. 25 (UPI) -- The U.S. National Security Agency secretly hacked into the United Nations videoconferencing system, the German magazine Der Spiegel reported Sunday.
Der Spiegel said its own analysis of leaked NSA documents showed the agency broke into the system in 2012. The documents also showed NSA experts discovered evidence the Chinese were also trying to crack the U.N. system.
The NSA's actions violated agreements protecting the United Nations from covert surveillance by its members, Der Spiegel said.
Documents leaked by former NSA contract analyst Edward Snowden showed the agency conducted surveillance on the European Union Embassy to the United Nations with maps showing the building's physical layout and the architecture of its information technology systems.
Der Spiegel also said the NSA has a monitoring system called the "Special Collection Service" with listening posts in 80 U.S. embassies and consulates worldwide. In most cases, the host countries are not aware of the posts.

Read more:

Thursday, August 22, 2013

Cybercrooks use DDoS attacks to mask theft of banks' millions..

Analyst says three unidentified US banks have been hit with "low powered" DDoS attacks to cover fraudulent wire transfers.

Distributed denial of service attacks have been used to divert security personnel attention while millions of dollars were stolen from banks, according to a security researcher.
At least three US banks in recent months have been plundered by fraudulent wire transfers while hackers deployed "low powered" DDoS attacks to mask their theft, Avivah Litan, an analyst at research firm Gartner, told She declined to name the institutions affected but said the attacks appeared unrelated to the wave of DDoS attacks last winter and spring that took down Web sites belonging to JP Morgan Wells FargoBank of America, Chase, Citigroup, HSBC, and others.
"It wasn't the politically motivated groups," she said. "It was a stealth, low-powered DDoS attack, meaning it wasn't something that knocked their website down for hours."
Litan described the attack method in a blog post last week that warned banks' losses could have been much greater.
"Once the DDoS is underway, this attack involves takeover of the payment switch (eg, wire application) itself via a privileged user account that has access to it," she wrote. "Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed."

Wednesday, August 21, 2013

Failure to scrub patient data from digital copiers results in $1.2 million HIPAA settlement

We’ve sounded warnings about the lowly copy machine before. The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops. Seemingly old fashioned equipment, such as copiers, can hide sensitive legally-protected data.

Affinity Health Plan, a New York-based managed care company, learned that hard lesson when it became entangled in a 2010 CBS News investigation into the risks associated with image data stored in the hard drives of digital copiers. As the report indicates, digital copiers contain hard drives that retain electronic images of all documents that have been copied or scanned.
Users of digital copiers often fail to scrub their hard drives before selling the copiers or returning them at the end of a lease. In order to demonstrate how this could result in disclosure of sensitive data, CBS News purchased four used copiers from a leasing company and then accessed the hard drives to see whether any images had been retained. Two machines contained sensitive police information from the Buffalo, NY police department.

A third machine contained design plans, payroll records and copied checks for a construction company in New York. The last machine, which had been leased by Affinity, contained over 300 pages of individual medical records. These finding were then reported on the April 20, 2010 broadcast of The CBS Evening News.

Monday, August 19, 2013

Ex-SEAL’s Firm Caught Between Security and Privacy

Another Pentagon covert operative has left his post at the Defense Department to join the fight for civil liberties. But you probably won’t find him buddying up with ex-National Security Agency contractor Edward Snowden any time soon.

Former Navy SEAL commando Mike Janke is a spy-turned-privacy advocate. Unlike Snowden, he still has friendly relations with U.S. special operations teams, as the co-founder of a company that encrypts communications for feds and activists alike.

Still, his allegiances are split right now.

The federal government uses his firm, Silent Circle, to hide sensitive information from the public. The public uses its secure email, texts, videos and calls to hide personal information. And the private sector uses its technology to hide trade secrets from foreign governments and the public. As a citizen, father and intellectual property owner, Janke has had all those needs himself.

"The FBI is a customer of ours," he says. At the same time, "they wanted legislation to put a back door into all kinds of technologies like Silent Circle” for intercepting transmissions, “so, we're torn."

License plate readers used to record attendees at political rallies

Heeding the demands of the Secret Service, state police in Virginia recorded and collected the whereabouts of potentially millions of people in an effort to monitor attendees at political rallies in 2008 and 2009.
Documents obtained through a Freedom of Information Act request filed by the Richmond Times-Dispatch in the Virginia state capital show that police agencies utilized license plate readers in order to record information about people traveling to at least three politically-charged events during the 2008 presidential election season.
According to the documents obtained by the paper, Virginia State Police logged license plate data for every vehicle leaving the state en route to neighboring Washington, DC during President Barack Obama’s first inauguration ceremony in January 2009. Three months earlier, the police ran a similar operation to coincide with campaign rallies in Leesburg, Virginia being held by then-candidate Obama and Sarah Palin, the Republican Party’s nominee for vice president.
Mark Bowes, a reporter with The Dispatch, wrote that the United States Secret Service directed state police to use a license plate reader positioned at the Pentagon in Arlington, VA to “to capture and store the plate images as an extra level of security for the inauguration.” Similar requests were made for the preceding rallies outside of DC, he reported.
The Dispatch has not published information about how many vehicles had their location recorded and logged, but Bowes noted that an estimated 1.8 million people attended Pres. Obama’s inauguration in Jan. 2009.

Wednesday, August 14, 2013


Baby monitors — many now equipped with video cameras — are considered a handy parenting tool, but what a Texas couple heard coming from their monitor was nothing short of terrifying.
Marc Gilbert of Houston told KTRK-TV the baby monitor for their 2-year-old daughter was hacked. As if that wasn’t disturbing enough, what the voice said as their daughter slept is enough to chill the blood of any parent.
“He said, ‘Wake up Allyson, you little s**t,’” Gilbert told KTRK, explaining that it “felt like somebody broke into our house.” KTRK reported that the hacker said sexual things to the toddler as well.
“As a father, I’m supposed to protect her against people like this. So it’s a little embarrassing to say the least but it’s not going to happen again,” Gilbert said. Fortunately, the little girl was not able to hear the hacker because she is deaf. Her father said they thankfully had her cochlear implants turned off so she “slept right through it.”
After witnessing what was going on through the camera-enabled monitor, which runs through the family’s Internet, Gilbert said he pulled the plug. Researching what might have happened, he told KTRK he believes the router and camera were both hacked.

Friday, August 2, 2013

Researchers reveal how to hack an iPhone in 60 seconds

Three Georgia Tech hackers have revealed how to hack iPhones and iPads with malware imitating ordinary apps in under sixty seconds using a "malicious charger."

Today at a Black Hat USA 2013 press conference, the researchers revealed for the first time exactly how the USB charger they built can compromise iOS devices in less than a minute.
Billy Lau, Yeongjin Jang and Chengyu Song showed how they made an ordinary looking charger into a malicious vector for transmitting malware using an open source BeagleBoard, available for $125 (similar to a Raspberry Pi).

For the demonstration, the researchers used an iPhone. They plugged in the phone, and when the passcode was entered, the sign-code attack began.

For the demo, the Facebook app was used as an example.

Within seconds of plugging in the charger, the Facebook app was invisibly removed from the device and seamlessly replaced with a Facebook app imitation with a malicious payload.

The app's icon was in the exact same spot as it was before the attack - there is no way of knowing the application is not malware.

The researchers said that all the user needs to do to start the attack is enter their passcode - they pointed out that this is a pattern of ordinary use, such as to check a message while the phone is charging.

Once the app was launched, the malware was launched and the phone was compromised - and could do things such as take screenshots when other passwords are entered, send a spoofed screen, and more.