Thursday, August 30, 2012

US Consulate Guard Fails at Spying for China

A former Marine who was working at a U.S. consulate office in China has pleaded guilty after trying -- and failing -- to spy for China, the Department of Justice said today.

Bryan Underwood, 32, pleaded guilty to one charge for attempting to pass photographs and access to the U.S. consulate in Guangzhou, China to China's Ministry of State Security.

After losing over $150,000 in the stock market in March 2011, Underwood, who was working at the time as a contract security guard, wrote a letter to China's Ministry of State Security in which he expressed his, "interest in initiating a business arrangement with your office," according to court documents.

"I know I have information and skills that would be beneficial to your offices," he wrote.

The Justice Department said that Underwood took over 30 pictures of sensitive areas of the consulate and made a document which listed recent security upgrades and the locations of surveillance cameras inside the consulate building.

More here:

Deadliest Mobile Malware Threats Of 2012

While the amount of malicious software focused on the growing number of mobile devices on the market remains a drop in the bucket next to the amount targeting PCs, attackers are steadily turning the devices in consumers' pockets into targets.
So far this year, several pieces of malware have popped onto the radar and underscored the growing sophistication of cybercriminals targeting mobile devices. After fielding feedback from security pros, here in no particular order is Dark Reading's list of the five most dangerous, sophisticated, and prolific pieces of mobile malware that have appeared thus far in 2012.
1. FakeInst SMS Trojan and its variants
"FakeInst disguises itself as popular apps like Instagram, Opera Browser, [and] Skype, and sends SMS messages to premium-rate numbers," says Jerry Yang, vice president engineering at mobile security firm TrustGo.
"It is selected because it has been widely infected. There are many variants in the FakeInst family, such as RuWapFraud, Depositmobi, Opfake, and JiFake," Yang says. "Sixty percent of total Android malware we found belong to the FakeInst family. Geographically, it mainly exists in Russia. There are also samples found from all over the world."
More here:

Wednesday, August 29, 2012

Sentencing set for software developer convicted of stealing Motorola secrets

Software developer Hanjuan Jin is scheduled to be sentenced for stealing trade secrets from Motorola Inc.
U.S. District Judge Ruben Castillo in February found Jin guilty of taking more than 1,000 confidential documents from the Motorola office where she worked before attempting to board a flight to China. She was stopped during a security search at Chicago's O'Hare International Airport in February 2007.
Prosecutors contend the secrets the Chinese-born American carried included descriptions of a walkie-talkie type feature on Motorola cellphones that could benefit China's military. The trial highlighted persistent fears about China pilfering vital information from U.S. companies.
More here:

Monday, August 27, 2012

Can snoopers hack your brain?

The human brain is not immune to hackers.
So says Ivan Martinovic, a computer scientist at the University of Oxford who is exploring whether brain wave-reading technology can covertly obtain the secret information we store in our heads.
His tool? A $300 video game controller.
For this study, Martinovic, along with researchers from California and Switzerland, developed a program that interfaces with an electroencephalograph (EEG) device identical to the ones that are marketed for gaming and entertainment. But instead of controlling a character on a screen, participants' brain wave activity was imaged and analyzed as they were shown pictures of numbers, names, logos and people.
Researchers looked for what's called a P300 response, a very distinct brain wave pattern that occurs when one relates to or recognizes something. It would occur, for instance, if you were to look at a picture of your mother, or see your Social Security number written out.
While this technology doesn't allow someone else to actively go in and search around in our brains, it's definitely a step in that direction. But for this method to yield any valuable information, many conditions need to be exactly right.
More here:

Tuesday, August 21, 2012

What You Should Know About the iPhone SMS Spoof Attack

SMS text messaging is certainly not exclusive to Apple or its iconic iPhone smartphone. But, apparently there is something unique about the way Apple delivers SMS messages that makes the iPhone particularly vulnerable to spoofing or smishing (SMS phishing) attacks.

iOS security researcher wrote a blog post detailing the discovery. When an SMS text message is sent, part of the header information contains the actual number the message originated from. However, there is also an optional header called the UDH (User Data Header) which allows for a different Reply To address to be entered.
Some mobile platforms display both the actual originating number and the information from the Reply To field, hopefully raising some red flags for the recipient if the two are different. Apple’s iOS only displays--and responds to--the address specified in the Reply To field.
Why is that a problem? Well, if an attacker knows the phone number of your financial institution, or your Mom, or your boss, he (or she) could send a text message to your iPhone that appears to originate from that number. On an iPhone, the SMS text message would seem to be from a legitimate source, and you’d be much more likely to respond, or comply with requests for sensitive information you normally wouldn’t share.
More here:

Thursday, August 16, 2012

How To Tell If The Boss Is Spying On You

It’s not unusual for employers to monitor employees’ computers and even their smartphones, but many employees don’t think about this in the course of their work day, spending breaks looking at potentially-sensitive personal email,  having sexy chats, scrolling through (hopefully not too scandalous) Facebook photo albums, or maybe even checking out job listings elsewhere. Before you do anything too outrageous on your work computer, you might want to think about whether it’s monitored. I talked to computer forensics expert Michael Robinson and security researcher Ashkan Soltani about some tells that would reveal you’re potentially being watched.
First off, you should check your employee handbook or computer usage agreement. If your employer says there that your computer activity could be monitored — which is pretty standard — then they’ve got the right to peek. But then there’s the question of whether they’re actually taking advantage of that right.
“Whether you’ll be able to tell depends on where the monitoring is being done,” says Robinson. “If it’s upstream, at the Firewall, it’s hard for the user to know. That’ll just tell the employers which websites employees are going to, so they could check, for example, how many employees went to that month. But if they want to actually see more granular activity, they have to put monitoring software on the computer itself.”
More here:

Wednesday, August 15, 2012

A Murder and Confession Leave Questions in China

(BEIJING) — The murder of a British businessman by the wife of an ousted Chinese politician was supposed to be an open-and-shut case, by the government’s account. The victim threatened the life of Gu Kailai’s son. Gu poisoned the Briton, was caught and confessed. End of story.
Not so fast. The trial proceedings, and official statements about them, have failed to clarify glaring omissions in the case.
Legal and political scholars say much of the case has been implausible, leaving major questions unanswered, not least of which is whether the victim posed any real threat to Gu’s son at all. Also, why would a high official’s wife carry out such a murder herself? Where is Bo Xilai, the alleged murderer’s husband and man at the center of the messiest scandal in two decades to rock the Chinese leadership?
The government account depicts Gu as a depressed woman on medication who turned willful murderer after Briton Neil Heywood threatened the safety of her son, Bo Guagua. Gu lured the victim to a hotel in Chongqing, got him drunk then poured cyanide into his mouth. It says Gu and her co-defendant “confessed to intentional homicide” and appeared repentant in court last Thursday during a speedy, seven-hour trial.
More here:

Tuesday, August 14, 2012

iPhone Security, DOJ Nightmare.

In the five years since Apple (AAPL) launched the iPhone, the popular device has gone from a malicious hacker’s dream to law enforcement’s worst nightmare. As recounted by the Massachusetts Institute of Technology’s Technology Review blog, a Justice Department official recently took the stage at the DFRWS computer forensics conference in Washington, D.C. and told attendees that the beefed up security in iOS is now so good that it has become a nightmare for law enforcement.
“I can tell you from the Department of Justice perspective, if that drive is encrypted, you’re done,” Ovie Carroll, director of the cyber-crime lab for the CCIPS division of the Department of Justice, said earlier this month during his presentation at DFRWS. “When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted you have lost any chance of recovering that data.”
While Apple’s use of sophisticated cryptography is the biggest obstacle law enforcement and hackers face,Technology Review points out that it’s not the only one. Apple’s requirement that apps are “sandboxed,” or isolated from protected parts of the OS, eliminated a wide range of exploits that were possible with earlier versions of iOS. Even the iPhone’s more secure PIN code protection poses a serious barrier for those looking to gain access to an iPhone.
More here:

Monday, August 13, 2012

Vatican whispers of corruption and spying after charges for Pope's butler

VATICAN CITY // A Vatican judge yesterday ordered the pope's butler and a fellow lay employee to stand trial for allegedly pilfering documents from Pope Benedict XVI's private apartment, a scandal that embarrassed the Vatican and exposed infighting and alleged corruption at the highest levels.

The indictment accused Paolo Gabriele, the butler arrested at the Vatican in May, of grand theft, a charge that carries one to six years in jail on conviction if the pope does not choose to pardon his once-trusted aide.
While the Vatican had insisted throughout the investigation that Mr Gabriele, a laymen who lives with his family in Vatican City, was the only person under investigation, the indictment also orders trial for Claudio Sciarpelletti. He is a layman and computer expert in the state secretariat office and is charged with aiding and abetting Mr Gabriele.
The Vatican has promised a public trial. The Rev Federico Lombardi, a spokesman, said that both defendants would be tried together before a three-judge panel late next mont at the earliest, since the Vatican tribunal is on summer recess.
More here:

Saturday, August 11, 2012

Bug Found in Regional Jail Office

CHARLESTON - A bugging device uncovered in an air duct in the office of the Regional Jail Authority's chief of operations has become the target of an FBI investigation, a key legislator disclosed Friday.
The first inkling of the bizarre episode came when Delegate Dave Perry, D-Fayette, as co-chairman of a legislative interims committee, quizzed acting Regional Jail Authority Director Joe DeLong if he was aware of any inquiry - internal or external - involving his agency. DeLong is a Hancock County native.
This was in the July interims session, about two weeks after the device allegedly turned up in John Lopez' office in Charleston, and DeLong told the Oversight Committee on Regional Jail and Correctional Facility Authority he had no knowledge of any such investigation.
At that time, Perry made no mention of a bugging device, or of Lopez in particular.
Perry said he learned that Lopez found the device July 12 after spying some residue from a ceiling tile in the chair of his office.
"It was up overhead, and it had both audio and visual, in an air duct," Perry said.
More here:

Monday, August 6, 2012

Russian opposition leader Navalny says his office bugged

MOSCOW — Russia’s opposition leader Alexei Navalny says he has discovered a listening device in his office in central Moscow.
Navalny, one of President Vladimir Putin’s fiercest critics and a driving force behind last winter’s mass protests, posted a photo of the listening device on his Twitter on Monday. 

Police officers were working at Navalny’s offices to investigate how the device got planted there.

More here:

Sunday, August 5, 2012

Madison man arrested for spying on roommate in bathroom

MADISON, Wis. (AP) -- A 24-year-old Madison man has been arrested on tentative charges of secretly filming a female roommate while she was in the bathroom.
The 22-year-old woman says she noticed a reflecting lens on the floor. She told investigators she then found a digital video camera duct-taped to the bathroom rug.
A WISC-TV report ( ) says she immediately left the home and reported the incident to police.
She and the man had been roommates for a year.
The man faces tentative charges of invasion of privacy and disorderly conduct. Police say he confessed and expressed remorse about the recordings.
More here: