Thursday, September 30, 2010

The 7 worst cyberattacks in history (that we know about)
We get a little taste of cyber attacks all the time — look no further than this week's Twitter virus — but what about full-on cyber warfare? Recently the true destructive potential of a cyber attack became frighteningly clear: whole government, banking and military networks overloaded and shut down, vital data and money stolen, and even physical damage if the right components are targeted. The worst part? We usually only find out after the fact.


Wednesday, September 29, 2010

iPhone GPS app helps find man suspected of stealing smart phone

ROCKLIN, CA - When Josh Paul's fiancee, Michelle Langford, realized her cell phone was missing Saturday afternoon, Paul wondered about the magazine solicitor who had shown up just a short time before.

"We're looking for the phone and where did the cell phone go?" Paul said. "At that point we put it together."

But Paul did more than just call the police. He thought immediately of the "Mobile Me" GPS application Langford has her phone that allows the phone to be tracked by computer.

"So we grabbed a computer," Paul said, "And saw that her phone was walking approximately 3/4 of a mile from here."

"At first, I thought it was wrong," said Langford. "I was convinced it was a software malfunction, but it wasn't."

It was then the two called police as they traced the phone to a Rocklin residence. When they arrived, however, the thief had already left.

"But the couple at that address said, 'We'd be more than willing to let you log onto our computer and get an update on his status,'" Paul said.

The trail eventually led to a Home Depot store on Fairway Drive in Roseville where Paul identified the alleged thief and police made an arrest.


Monday, September 27, 2010

Smoke, mirrors, cloaks and daggers

Journalists Nissim Mishal and Michael Bar-Zohar delve into the shadowy world of Israel’s secret espionage wars in new book on Mossad, which turns out to be a uniquely Zionist organization.

"As night fell, an unidentified yacht approached in the dark. Two frogmen, carrying sniper rifles, swam underwater and took up position in front of Suleiman’s house. A wireless signal alerted them. They stood up in the shallow water and fired one bullet each. The bullets hit Suleiman in the forehead and he fell forward, his head coming to rest in the plate in front of him. Nobody heard the shots. Nobody saw the sharpshooters, who quietly slipped away under the cover of darkness".

That, according to Mossad – The Great Operations, a book by Michael Bar-Zohar and Nissim Mishal which was published in Hebrew last month, is how Suleiman met his end.


Obama wants unfettered access to your Internet activity
Despite outrage over George Bush's limited ability to wiretap into American phone calls, Obama wants to take it a step further and be able to monitor every single form of communication any American citizen uses. The same kind of authority the government has to wiretap into phone calls could be coming to Facebook, instant messaging, and every American's browser history, thanks to a push from the Obama administration.

The White House plans to introduce a bill into Congress next year that would give Obama the ability to tap into literally every communication any citizen makes online.

The move causes a whole new level of privacy concerns. After the outrageous uproar of the Bush administration's tapping into American phone records, privacy advocates should be all over this.


Wednesday, September 22, 2010

Technical Surveillance Threat: Hack IP voice and video in real-time

I can't tell you how many times I've been called into a corporation to perform a Technical Surveillance Countermeasures Sweep, only to be informed upon arriving that "It won't be necessary to audit any of our VoIP or network protocols, our IT dept has that under control".

Really?....Take a moment to read this article, and let me know how you
really feel about it...JDL
BOSTON -- Corporate video conferences can still be easily hacked by insiders using a freeware tool that allows attackers to monitor calls in real-time and record them in files suitable for posting on YouTube.

While the exploit was demonstrated a year ago at security conferences, most corporate networks are still vulnerable to it, says Jason Ostrom, director of VIPER Lab at VoIP vendor Sipera, where he performs penetration tests on clients' business VoIP networks.

He says he sees only 5% of these networks are properly configured to block this attack, which can yield audio and video files of entire conversations. "I almost never see encryption turned on," he says.

To eavesdrop on the calls, someone with access to a VoIP phone jack -- including the one in the lobby of the business -- plugs a laptop with the hacking tool on it into the jack. Using address-resolution protocol (ARP) spoofing, the device gathers the corporate VoIP directory, giving the hacker the ability to keep an eye on any phone and to intercept its calls. There's a tool within UCSniff called ACE that simplifies capturing the directory.


Monday, September 20, 2010

Looxcie Wearable Bluetooth Camcorder
Looxcie, Inc. announced today the launch of Looxcie™ (look-see), the first small, light, easy-to-wear camcorder that records everything the user sees. A Bluetooth-enabled headset, Looxcie fits comfortably on the ear and points where the user looks. Because it is always on, always recording video, users never have to worry about pressing a record button or missing a key event. When an unexpected moment occurs, a press of the instant clip button captures the last 30 seconds of video and stores it as a permanent clip on the device. Users can immediately share their clips by email while they're fresh and relevant. The accompanying Looxcie smartphone application also turns the phone into a viewfinder, remote control and editing tool for creating clips up to 30 minutes in length.


Sunday, September 12, 2010

iPod Shuffle Spy Camera

Believe it or not this is a spy cam. Yup, it looks just like the recently released iPod Shuffle, so it should have no problems fitting it. To the right of the controls is a pinhole that contains a small camera that can capture 640×480 video. Unlike the actual Apple device this one contains an SD card slot and can play your favorite MP3s while you record all sorts of nefarious activities. The only downside is that the battery will last for just one hour when in full operation.

The Secrets of Countersurveillance | STRATFOR

The Secrets of Countersurveillance | STRATFOR

Wednesday, September 8, 2010

Court allows warrantless cell location tracking

The FBI and other police agencies don't need a search warrant to track the locations of Americans' cell phones, a federal appeals court ruled on Tuesday in a precedent-setting decision.

In the first decision of its kind, a Philadelphia appeals court agreed with the Obama administration that no search warrant--signed by a judge based on a belief that there was probable cause to suspect criminal activity--was necessary for police to obtain logs showing where a cell phone user had traveled.

A three-judge panel of the Third Circuit said (PDF) tracking cell phones "does not require the traditional probable-cause determination" enshrined in the Fourth Amendment, which prohibits government agencies from conducting "unreasonable" searches. The court's decision, however, was focused on which federal privacy statutes apply.


Sunday, September 5, 2010

Updated: statement from Chief Paul Cielselski concerning device found in Deputy Chief Bill Benjamin's office.

Fox59 News has learned someone may have bugged the office of IMPD Deputy Chief William Benjamin, who is at the center of an investigation.

Update: Fox 59 News received a statement from Chief Paul Cielselski concerning this case.

"Last evening, investigators in the Professional Standards Unit uncovered information that the device found in Deputy Chief Benjamin's desk had inadvertently been left there by an officer who had previously occupied that desk.

The device was very unsophisticated technology, in pieces, requiring a 9 volt battery to operate and was in fact not operable in its current condition.

Everyone familiar with the device knew it was inoperable and of very poor quality when it was reported to me."

Fox59 News has learned someone may have bugged the office of IMPD Deputy Chief William Benjamin, who is at the center of an investigation.


Saturday, September 4, 2010

'Bug' found in deputy chief's office, but who planted it?
The angst and turmoil within the Indianapolis Metropolitan Police Department reached a new level Friday when it was revealed that someone -- and it's not clear who -- has been spying on a deputy police chief.An audio and video recording device -- a bug -- was found in the third-floor office of IMPD Deputy Chief William Benjamin after he ordered a sweep that was conducted Thursday night or Friday morning.

It was unclear what prompted Benjamin to request the sweep; Benjamin did not return a phone call from The Indianapolis Star. And it also remained a mystery who planted the bug -- though some were quick to insist they had nothing to do with it.Amid the disquiet already swirling in the department because of several internal investigations, Chief Paul Ciesielski immediately denied he was spying on one of his own -- before announcing yet another internal probe to get to the bottom of who had placed the device in Benjamin's office.


Dubai Police Chief Calls BlackBerry a Spy Tool

DUBAI, United Arab Emirates (AP) — Worries about spying by the U.S. and Israel spurred plans to sharply limit BlackBerry services in the United Arab Emirates, Dubai's police chief said in comments that suggest a tough line in talks with the smartphone maker.

The UAE says it will block BlackBerry e-mail, messaging and Web services Oct. 11 unless authorities can gain access to the encrypted data traffic — a demand by other countries warning of possible bans including India.

The proposed UAE action threatens BlackBerry service for an estimated 500,000 local subscribers and could tarnish the country's reputation as the Gulf's business and tourism hub with potentially millions of visitors left without key BlackBerry services.

Dubai's police chief, Lt. Gen. Dahi Khalfan Tamim, said that fears of espionage and information sharing by foe Israel — as well as UAE allies United States and Britain — helped prompt the possible limits on the popular BlackBerry.


Friday, September 3, 2010

Cell phone spying: James Bond cool or cyberstalking tool?
Security researchers masked as hackers have begun to show the world the many vulnerabilities in smart phones. MWR InfoSecurity recently cooked up a Palm Pre bug which allowed them to turn the Pre into a James Bond-like device. According to Belfast Telegraph, MWR also discovered a flaw in Google's Android phone that would allow attackers to collect all the information stored in the phone's browser, such as browser history, passwords and usernames.

In the coming years, more vulnerabilities will be discovered by security researchers and hackers. Phones may be used to conduct espionage or personal blackmail. Yet it does not take a hacker to turn your smartphone against you or to spy on you. These spy gadget "tools" have been around for years. They could be used by bosses or by a suspicious significant other.


Wednesday, September 1, 2010

Cyber Thieves Steal Nearly $1,000,000 from University of Virginia College
Cyber crooks stole just shy of $1 million from a satellite campus of The University of Virginia last week, has learned.

The attackers stole the money from The University of Virginia’s College at Wise, a 4-year public and liberal arts college located in the town of Wise in southwestern Virginia.

Kathy Still, director of news and media relations at UVA Wise, declined to offer specifics on the theft, saying only that the school was investigating a hacking incident.

“All I can say now is we have a possible computer hacking situation under investigation,” Still said. “I can also tell you that as far as we can tell, no student data has been compromised.”

According to several sources familiar with the case, thieves stole the funds after compromising a computer belonging to the university’s comptroller. The attackers used a computer virus to steal the online banking credentials for the University’s accounts at BB&T Bank, and initiated a single fraudulent wire transfer in the amount of $996,000 to the Agricultural Bank of China. BB&T declined to comment for this story.


Not All Technical Threats are Bugs: Sonic Nausea device


We’re not too sure what something like the Sonic Nausea device is doing in the open market – shouldn’t stuff like this be banned? After all, the rather deadly combination of high frequency soundwaves that will result in the majority of people who hear it to feel queasy or suffer from headaches, intense irritation, sweating, imbalance, nausea and vomiting sounds (pun intended) as though it belongs to the military or riot police and not in the hands of pranksters. To make matters worse, the nature of its sound makes it all the harder to track down if the device is hidden. Perhaps the 9V battery which it is connected to will be able to provide enough juice to run for hours on end – making it the ideal tool to have everyone in the immediate office feel sick to call it quits for the day.

Note: Contact ComSec LLc, we use State of the Art TSCM equipment to detect, isolate & nullify this type of Technical Harassment Threat. JDL

Mass. seminarian accused of secretly taping woman
A student at Gordon-Conwell Theological Seminary has been charged with secretly videotaping a female student in her dorm room.
Daniel G. Richards was granted $1,000 bail after pleading not guilty at his arraignment Monday to breaking and entering with intent to commit a felony and unlawful wiretapping. He was also ordered to have no contact with the alleged victim.

Prosecutors say police responded to the woman's dorm room in late July after she found a recording device. A subsequent investigation led to a search of the 24-year-old Richard's room in a different dorm and his car.

A spokesman for the seminary tells The Salem News that Richards had been suspended and is no longer living on campus.


Turkey launches wiretap investigation
A top military commander in Turkey has requested the army to investigate widespread allegations of illegal wiretapping against thousands of people.
The scandal-scarred Deputy Chief of General Staff Gen. Aslan Guner said in a written statement on Monday that an administrative investigation had been launched upon his request to probe the allegations, Turkey's daily the Today's Zaman reported.
“The Turkish Armed Forces does not wiretap inside the country,” Guner told reporters at a reception late Monday.

The general is accused of illegally wiretapping 2,000 people in 2007 via an Israeli device he obtained as the head of Turkey's military intelligence in a supposed effort to listen to members of the outlawed Kurdistan Workers' Party, also known as the PKK.

Guner further pointed out that the device had been purchased by the defense industry's undersecretary with the knowledge of the chief of general staff and the prime minister, and that he was not aware that it was used to wiretap ordinary Turkish citizens.


Corporate espionage for dummies: HP scanners
Web servers have become commonplace on just about every hardware device from printers to switches. Such an addition makes sense as all devices require a management interface and making that interface web accessible is certainly more user friendly than requiring the installation of a new application.

Despite typically being completely insecure, such web servers on printers/scanners are generally of little interest from a security perspective, even though they may be accessible over the web, due to network misconfigurations. Yes, you can see that someone neglected to replace the cyan ink cartridge but that's not of much value to an attacker. However, that's not always the case...