About Exec Security

.

Hacked phone systems lead to credit card fraud

Phone system and voicemail hacking have been going on ever since they were invented it seems. Recent attacks, though, show a new level of complexity and severity.

THEN

In the 80’s hackers would get hold of DISA numbers (Direct Inward System Access- numbers that were often used to allow remote workers make long distance calls on a company’s phone account). These numbers allowed the hackers to route their dial-up modems through toll free numbers that passed the call through the company PBX phone system. The hacker could then access long distance electronic bulletin board numbers and not worry about the cost.   (Long distance calls were a bit more expensive back then, and no Internet as we know it today.)

In the 90’s, voicemail systems became much more affordable and the varieties of hacks grew. A hacker from the Philippines calling himself “the sniper” became well known in certain telecom circles hacking numerous US based PBXs, forcing the systems […]

2016-12-16T20:23:42-05:00February 6th, 2015|
Read More

Spy cam found in corporate restroom.

When inspecting or sweeping corporate offices, it is good to pay attention to restrooms that the executives may use. While trade secrets may not be discussed there, tremendous embarrassment could occur if improper images were distributed. It is also good for staff to be aware of such threats and take them seriously. In this instance the camera was reported by the building maintenance supervisor.

From nypost.com

A Chelsea building that hosts high-end brands and services, including fashion shoots, had a hidden pinhole camera in its unisex bathroom, sources said. A Johnson & Johnson employee discovered the creepy spy cam on the 16th floor of the Starrett-Lehigh building on West 26th Street Jan. 15, and the company immediately reported it to police, a spokeswoman said.

The device was hidden above a light switch in the bathroom next to offices that include Ralph Lauren and Haynes Roberts, whose interior-design projects focus on mansions […]

2016-12-16T20:23:42-05:00January 28th, 2015|
Read More

FBI busts alleged Russian spy ring in New York City

They “tried to recruit U.S. citizens as intelligence sources in New York… Their targets included people working for ‘major companies’ and ‘young women with ties to a major university located in New York,’ according to authorities.”
New York (CNN) The men would sometimes say they needed to meet to exchange tickets, but they never seemed to end up actually attending or discussing a sporting event or a concert. They once talked about going to a movie. But that was it.
The reason for the puzzling behavior, according to a federal complaint unsealed Monday, is that the men were Russian spies exchanging intelligence information in New York City. They used tickets and other everyday objects — like […]
2016-12-16T20:23:42-05:00January 28th, 2015|
Read More

Panama: ex-president at center of wiretap probe

From McClatchyDC by T. Johnson

PANAMA CITY — When the United States rejected former Panamanian President Ricardo Martinelli’s request for spying equipment to eavesdrop, U.S. diplomats feared, on his political enemies, the former supermarket baron turned to another source: Israel.

Now scores of Panama’s political and social elite are learning that the eavesdropping program that Martinelli’s security team set in place sprawled into the most private aspects of their lives – including their bedrooms. Rather than national security, what appears to have driven the wiretapping was a surfeit of the seven deadly sins, particularly greed, pride, lust and envy.

Nearly every day, targets of the wiretapping march to the prosecutors’ office to see what their dossiers contain, often emerging in distress. Martinelli, who left office in July, is facing a rising tide of outrage not only over the wiretapping, but also over reports of vast corruption. His personal secretary has left […]

2016-12-16T20:23:42-05:00January 28th, 2015|
Read More

Un-social engineering: David Cameron gets spoofed by drunk hoax caller.

Do you have good procedures in place for handling executives’ phone calls? How easy would it be for someone to get their messages or phone calls put through to your principals, or to be given private numbers? And if they did get through, is there a method for verification and follow up? In this report a hoaxer got through to Prime Minister David Cameron by claiming to be the head of GCHQ. This caller apparently was just having fun, but it doesn’t take much effort to think of malicious deeds that could result from such attempts, especially in the world of corporate espionage and executive protection.

Reuters 1/26/2015:

British Prime Minister David Cameron said on Monday security would be reviewed, but no harm had been done, after an apparently drunk hoaxer claiming to be the director of Britain’s eavesdropping agency was put though to his mobile phone.

Cameron had been walking near his home in central […]

2016-12-16T20:23:42-05:00January 27th, 2015|
Read More

UK: Mirror Group Newspapers payout more compensation for their phone hacking escapades.

If you haven’t learned yet, you need to make your password difficult to guess!  1234, 1111, and 0000 will not cut it. Hacking lawsuits against first The News of the World, and then the Daily Mirror and associated publications have made voicemail hacking a well known concept. Mirror Group Newspapers, MGN, is said to have over £8 million set aside to help pay the lawsuits against them. The hacking appears to have been possible because the victims used simple passwords. 

from BBC News, 22 Jan 2015

Singer Cilla Black is among celebrities to have settled phone-hacking claims for “substantial” damages, the High Court has been told. Her son Robert Willis, actor Darren Day, EastEnders star Jessie Wallace and singer Peter Andre also settled claims, all against Mirror Group Newspapers. Their barrister David Sherborne said their privacy was “grossly violated” by the newspapers, “solely for profit”.  MGN counsel Matthew Nicklin […]

2016-12-16T20:23:42-05:00January 23rd, 2015|
Read More

P.I.s accused of using GPS tracking get restraining order but keep their licenses.

GPS tracking devices are readily obtainable. The legality of their use on unauthorized vehicles is questionable at best. The story below highlights that such devices can pose a significant threat to privacy and security. 

Orange County Register: Two private investigators accused of illegally tracking and harassing a pair of Costa Mesa councilmen have been ordered to stay away from the politicians, but a judge on Thursday declined to immediately approve a state request to take away their work and weapons permits.

Orange County Superior Court Judge Elizabeth Macias issued a restraining order against Christopher Joseph Lanzillo on Thursday, several weeks after a similar order was issued against Scott Alan Impola.

As part of the order, Lanzillo and Impola must stay away from Costa Mesa Mayor Steven Mensinger and Mayor Pro Tem Jim Righeimer – whom the two men are accused of targeting prior to a recent election – and to […]

2016-12-16T20:23:42-05:00January 20th, 2015|
Read More

Stolen surveillance system exposes drug dealing thieves.

DOERUN, GA (WALB) – Images from a stolen surveillance system helped investigators arrest a suspected drug dealer. Colquitt County Sheriff’s Investigators made three arrests stemming from a burglary and drug deal connection.

A Colquitt County farmer went online to see if he could find his stolen video surveillance system. He not only found his system but he also helped the Sheriff’s office arrest a drug dealer they had been investigating.

Drug dealers caught on camera they stole.

Hundreds of images showing illegal drug activity inside a Doerun home were sent to the Google account of a chicken farmer in Colquitt County.

Investigators say the Wi-Fi camera motion detection system was one of several electronic items Mark Harrell stole from the farm Wednesday morning.

“A computer and surveillance camera was stolen,” said Lt. Shawn Bostick.

Investigators believe Harrell traded in or sold the electronic items to his drug dealer, Ricky […]

2017-02-12T21:28:49-05:00January 19th, 2015|
Read More

UK: Former deputy prime minister finds car was bugged.

John Prescott seems to be taking this find in stride, but it could be a sign of something more sinister going on. Vehicle TSCM sweeps are an important part of regular security precautions.

The former Deputy Prime Minister discovered the device hidden in his car when he took it to a garage because it had problems starting. John Prescott has turned detective after finding his Jaguar had been bugged.

John Prescott with tracker found in his car.

Mechanics found a tracker concealed under the driver’s seat that was hooked up to the car battery, draining its power.

The sophisticated device uses mobile phone technology and is capable of reporting the Jag’s movements at all times. It also has an inbuilt microphone enabling it to pick up conversations.

And the 6 inch-square black box is even capable of immobilizing the car if instructed to by mobile phone.

Lord […]

2015-01-18T19:03:53-05:00January 18th, 2015|
Read More

Waiting to be hacked… new consumer devices offer new eavesdropping potential.

Internet connected devices are attracting a lot of attention. Many, though, have potential security vulnerabilities just waiting to be hacked.  The following devices may not have been exploited yet… but considering the possibilities, it’s only a matter of time. Some of these just appeared at the CES show in Las Vegas and may not have hit the street yet but many are already at work in homes and offices.

Netatmo Welcome, uses facial recognition to detect and alert you to people in view. “Welcome” sends the names of the people it recognizes to your smartphone. The camera also notifies you when it sees an unknown face. Through the app you can check who is currently home, access live stream and past events.

Netatmo Welcome

Netatmo touts “stunning HD images, extensive 130 degree field of view, and superior night vision

 

Petcube brings video and audio monitoring into your living room. […]

2016-12-16T20:23:43-05:00January 12th, 2015|
Read More

Know your eavesdropping laws, even if you’re a former police chief…

Former Windham, NY police chief, now the town supervisor, has been arraigned on eavesdropping charges following a 10 month state police investigation. Stacey Post is accused of planting an audio and video recording device in the Windham town office building, recording employees without their knowledge.

The arrest goes back to March, 2014, when a Bureau of Criminal Investigation unit executed a search warrant at Post’s office and at her residence. A computer was seized from her office.

She faces three counts of felony eavesdropping and one misdemeanor count of possessing eavesdropping devices. Further charges are pending.

 

More from Albany, NY, News 13 WNYT:

Stacey Post, Windham, NY town supervisor accused of eavesdropping on town employees.

2016-12-16T20:23:43-05:00January 12th, 2015|
Read More

Hackers attack LA road signs

Science fiction stories often have tales of computerized devices taking over the world. Probably a more immediate worry, rather than the devices controlling us, would be hackers take over those devices, as that is already happening.  Cyber security researcher, Graham Cluley, clues us in on happenings in downtown LA where hackers changed the words on a traffic sign. Not the first time, of course. His article also mentions road signs warning of approaching Daleks and even a pending British invasion.

The threat of a mastermind Moriarty broadcasting a sinister message to the world through every road sign, advertising sign, and every TV channel, is still a bit distant, but as attacks appear daily on individual devices, the threat comes closer to home. Any devices that have remote programming access via the internet could be vulnerable, from road signs or laboratory equipment  to phone systems and alarm systems – any network connected device. On […]

2016-12-16T20:23:43-05:00January 12th, 2015|
Read More

Tech watch: Device uses lasers to map an entire room through a 1-inch gap

from DailyMail.co.uk Science and Tech

Looking through a keyhole could soon reveal far more than you imagine. Scientists have developed a device that could map an entire room simply by shining a laser through a 2cm gap. The system could be used in applications such as firefighting, battlefield surveillance and disaster recovery operations.

The technology is the work of Harbin Institute of Technology in China and is based on a laser that can see around corners, according to a report by Jacob Aron at the New Scientist. The system worked by firing ultrafast laser pulses at walls ‘behind’ an area that can’t be seen, to capture a ghostly 3D reflection. The technique is similar to using a mirror to see round a corner – but instead of a mirror, the ‘reflection’ is reconstructed from laser light that scatters back off a wall. The camera ‘times’ the beams […]

2016-12-16T20:23:43-05:00January 10th, 2015|
Read More

Walls have ears: Toronto’s new mayor wants better walls to prevent eavesdropping.

Audio leakage from an office or boardroom is a significant but often overlooked concern. Toronto’s new mayor is taking it seriously. Repairs on walls have been requested to help prevent inadvertent eavesdropping. “In this office you can hear straight through the wall.” …”the issue is that the drywall in the office does not extend above the tiles in the drop ceiling, so sound carries through the open space above the partitions.”  said Amanda Galbraith, director of communications in Mr. Tory’s office. A proper TSCM inspection will help reveal such vulnerabilities.

by Elizabeth Church, The Globe and Mail

Toronto’s new mayor, John Tory, came to power on a pledge to build bridges, but inside his city hall office, he’s putting up better walls.

Turns out the divider between Mr. Tory’s boardroom and the office next door – occupied by none other than former mayor Rob Ford – is in need of an […]

2016-12-16T20:23:43-05:00January 10th, 2015|
Read More

Morgan Stanley sacks employee who pilfered account data

...companies now no longer face just external threats. Employees may give in to threat or greed, and with their access to information, can cause a data breach without specialized knowledge or cyber security skills. Staff are often given far-reaching data access rights, but with this power, rouge employees can prove to be a serious risk to corporations. While the threat of insiders is unlikely to wane, companies can protect themselves more effectively by setting in place access restrictions to sensitive data and monitoring employee access to information caches.

2016-12-16T20:23:45-05:00January 7th, 2015|
Read More

Fake “The Interview” app is really an Android banking trojan

Graham Cluley’s computer security website provides information about a Korean Android app that claims to offer a download of the movie “The Interview” is actually infecting smart phone’s with malware that is stealing banking information, analyzed by researchers at McAfee. If you are looking for a free version of the film, think twice before downloading this app.  www.grahamcluley.com

Following the devastating hack upon its computer systems by a hacking group which might (or might not) have the blessing and backing of North Korea, Sony Pictures flip-flopped as to whether the Seth Rogan comedy about the assassination of Kim Jung-un would have a Christmas Day release.

Eventually, the movie had a limited Christmas Day release in the States, much wider online availability for US internet users via sites like YouTube, and an even wider still […]

2016-12-16T20:23:45-05:00December 29th, 2014|
Read More

The Sony hack should make cyber security a hot boardroom topic

From Fortune, by Tom Huddleston, Jr.

The massive scale of the cyber attack shows why top executives need to be more involved in shaping cyber strategy at companies.

Spooked by the Sony Pictures hack and the leak of sensitive documents, companies of all kinds are now scrambling to shore up their cyber defenses.

The movie studio’s breach is just the latest in a series of hacks in recent years, including attacks on Target, Home Depot, and JPMorgan Chase that collectively compromised the personal information of tens of millions of customers. But Sony’s hack stands out as a more frightful example because of hackers’ unfettered access, the huge damage they caused and the ultimate capitulation to their demands, seen by Sony’s controversial — albeit short-lived — decision to shelve the comedy film The Interview.

“I think the scale of this impact on Sony is what’s going to make a lot of […]

2016-12-16T20:23:45-05:00December 28th, 2014|
Read More

Skype for Android Bug Can Be Used for Eavesdropping

A vulnerability in Skype that could be used for eavesdropping has been discovered and described by Reddit user “Ponkers“. He explains it this way: “All you need is Skype on two [of your own] devices, call someone with one, then disconnect it from the net as it’s ringing. Their phone will now call you back on your other device, camera, mic and all.”

Detailed graphic of Skype Interruptus [Image:Ponkers/Reddit]  

 

Ponkers’ description may not be that clear, and the cute graphic may not help, so I’ll try to explain it again. Use Skype on your phone AND on your computer, logged in on both devices, then place a Skype call to a different party with Skype on their Android phone.  Before they answer, drop the Internet connection on the device you originated the call from (such as turning on airplane mode). The recipient device may try to automatically reconnect […]

2016-12-16T20:23:45-05:00December 23rd, 2014|
Read More
Go to Top