News sent out via mailchimp.

UC Police say bosses eavesdropped on them

Take-away: if you have a video system that also records audio, then you’d better make sure all of your employees have agreed to be monitored, or else disable the audio.  Whether or not the UC police surveillance system was used nefariously, once people (especially the union) discover that they are being recorded, that opens the door to lawsuits. During regular TSCM sweeps we have often found audio devices that were installed with apparently good intentions yet they put the company at risk for legal action such as this.

Department secretly installed a surveillance system throughout its headquarters, according to a lawsuit filed by a police union

By Kale Williams, San Francisco Chronicle

IRVINE, Calif. — A University of California campus police department secretly installed a surveillance system throughout its headquarters, including in bathrooms, and recorded officers’ private conversations, according to a lawsuit filed by a police union.

Devices installed throughout UC Irvine’s police […]

2016-12-16T20:23:46-05:00November 22nd, 2014|
Read More

CIA has a new clue to it’s own personal puzzle.

from WIRED magazine, 11/20/2014

In 1989, the year the Berlin Wall began to fall, American artist Jim Sanborn was busy working on his Kryptos sculpture, a cryptographic puzzle wrapped in a riddle that he created for the CIA’s headquarters and that has been driving amateur and professional cryptographers mad ever since.

To honor the 25th anniversary of the Wall’s demise and the artist’s 69th birthday this year, Sanborn has decided to reveal a new clue to help solve his iconic and enigmatic artwork. It’s only the second hint he’s released since the sculpture was unveiled in 1990 and may finally help unlock the fourth and final section of the encrypted sculpture, which frustrated sleuths have been struggling to crack for more than two decades.

Kryptos, a sculpture by American artist Jim Sanborn located on the grounds of the Central Intelligence Agency (CIA) in Langley, […]

2016-12-16T20:23:46-05:00November 21st, 2014|
Read More

Australia: Obama strips down entire hotel floor to search for bugs and listening devices

Hotels can be fertile ground for eavesdropping. Security teams for executives as well as politicians should consider hotel TSCM sweeps to be part of their standard protocol especially when important meetings are planned. 

Brisbane, Australia, via DailyMail, Nov 9, 2014

U.S. security officials have stripped down an entire floor of a Brisbane hotel and removed furniture to prevent President Barack Obama being spied on during his stay for the G20 summit this weekend.

Mr Obama’s security agents ordered beds, mirrors and bedding be removed from rooms surrounding the suite where the President will stay at the five-star Marriott Hotel in Queensland’s capital city, the Courier-Mail reported.

The floor will be checked for bugs before Mr Obama arrives on Saturday, to ensure he can make secure phone calls and conduct meetings.

President Obama and his staff will occupy […]

2014-11-17T11:10:28-05:00November 17th, 2014|
Read More

X FACTOR judge Louis Walsh is convinced his dressing room is bugged.

DailyStar

Louis Walsh believes that recording gear has been hidden in his room at Wembley Stadium to sabotage his chances. And he is so obsessed about it he makes anyone who comes to see him go into the toilet when they want to talk to him.

X-Factor judge, Louis Walsh

Louis, who is mentoring the groups, has two acts left in the show, eight-strong boy band Stereo Kicks and the mixed-sex quartet Only The Young. Both have been struggling and have been involved in sing-offs. Now Louis is convinced their efforts have been sabotaged. A show source said: “He thinks people have been listening in to his briefings and advice to disadvantage them.”

[Read more]

2016-12-16T20:23:46-05:00November 17th, 2014|
Read More

Alabama man indicted for installing eavesdropping device.

Baby monitors are at it again

Times Daily, Florence, ALBy Tom Smith Senior Staff Writer

FLORENCE — Police said a Florence man has been indicted for breaking into his ex-girlfriend’s apartment, installing an eavesdropping device and stalking her.

Court officials said indictments have been issued against Charlie Mack Dean III, 52, 1825 Darby Drive, Florence, for second-degree domestic violence, second-degree stalking, criminal surveillance, installing eavesdropping device and second-degree theft of property.

The indictments were issued during the recently concluded October grand jury session. Reports indicate Dean was arrested May 27 on the charges.

Florence police Detective Justin Wright said according to reports the stalking began after Dean’s former girlfriend ended their relationship. “It had been an on-again, off-again relationship, and she finally ended it,” Wright said. “He never physically hurt her, just harassed her and […]

2016-12-16T20:23:46-05:00November 15th, 2014|
Read More

Business travel safety brochure, courtesy of the FBI

The FBI offers a printable two page travel safety brochure with helpful tips for keeping executives safe and secure during international trips.

It emphasizes the need to take corporate espionage seriously:

Corporate espionage is an increasingly serious threat for a business traveler. The perpetrator may be a competitor, opportunist, or foreign intelligence officer. In many countries, domestic corporations collect competitive intelligence with the help and support of their government. To mitigate this risk, your organization’s critical information and technologies should not reside on any hard copy or electronic device you take unless it is absolutely necessary, and if so, then you must safeguard the physical access to the information by using encryption and keeping the material on your person at all times. Hotel safes are not adequate protection.

There are sections for “Before You Go”, “During Your Stay”, and “Upon Your Return”. It includes advice ranging from not allowing foreign storage devices to connect […]

2016-12-16T20:23:46-05:00November 13th, 2014|
Read More

Darkhotel points to the need for TSCM sweeps to enhance cyber security

The Darkhotel cyber threat highlights the need for corporations to take regular TSCM sweeps seriously.

Darkhotel, so named by Kaspersky Labs, is a malware attack that has been operating at least since 2009, focusing on executives visiting hotels especially in Asia.

A key element in these reports, according to Kaspersky’s research, is that the Darkhotel group often knew a target’s room number, full name, and length of stay before they arrived. This indicates that the perpetrators would have done extensive intelligence gathering and surveillance of the intended targets prior to the travel. In this light, TSCM sweeps become much more significant in the fight against cyber attacks and protection of information assets.

Kaspersky explains how the Darkhotel malware works:

[The hackers] wait until, after check-in, the victim connects to the hotel Wi-Fi network, submitting his room number and surname at the log-in. The attackers see him in the compromised network and trick him into downloading and installing […]

2016-12-16T20:23:46-05:00November 11th, 2014|
Read More

“Here’s looking at you, kid…” Are your web enabled cameras safe? Many are not.

A fairly new website has caused a recent stir.  Insecam.com provides links to thousands of webcams around the world.  It has been mentioned in recent news reports ranging from Lifehacker and CNET, to the UK Daily MailPC World, and more. Vulnerable webcams are not something new, though, yet their popularity has certainly grown along with the threat of misuse.

The first well documented webcam was set up to watch a coffee pot at Cambridge University in 1991 [read more]. That camera (and coffee pot) was finally turned off in 2001, but by then, many more webcams had been turned on. (See more about the history of the coffee cam at the end of this article.)

First Webcam, Cambridge University

In early part of this century (2004) while I was searching online for information on webcams I came across […]

2016-12-16T20:23:46-05:00November 10th, 2014|
Read More

Taiwan political eavesdropping scandal- phone wiring tapped

Audio wiring was found attached to phone terminal block that serviced the Taipei mayoral candidate’s office. 
Some interesting security points are mentioned in the following article:

  • A routine privacy inspection uncovered the extra cable- regular sweeps are important!
  • Telecom technicians verified that conversations from Ko’s ninth-floor phone were audible through the third-floor line.
  • No CCTV: No staff members work on the third floor and therefore no security cameras were set up to monitor the area
  • No access control: No electronic security card is needed to access the third-floor elevators.
  • In the blame-game, information leaks were blamed on the director being a “blabbermouth” rather than eavesdropping

The China Post

TAIPEI, Taiwan — Taipei mayoral candidate Sean Lien (連勝文) said yesterday that his opponent Ko Wen-je (柯文哲) should drop out of the election if police are not able to confirm the existence of the alleged eavesdropping […]

2016-12-16T20:23:46-05:00November 5th, 2014|
Read More

Pest control tech arrested for eavesdropping- de-bugger needs to be de-bugged

Red Oak, Iowa, KMAland.com

Red Oak Police say 38-year-old Aaron Theodore Johnson was arrested Monday for electronic and/or mechanical eavesdropping, a serious misdemeanor, and felon in possession of a firearm, a class D felony. Johnson is charged in connection with an investigation that began at around 11:10 Monday morning, when police received a complaint from 29-year-old Jessica Hale of Red Oak regarding a recording device found in her residence in the 400 block of North 7th Street.

Upon further investigation, authorities later found a second device in the residence’s bedroom. The victim told police that the only person granted access to her residence was a pest control technician. Later in the day, a search warrant was obtained for Johnson’s residence in the 2700 block of State Highway 48–which is also the location of RMPKA Pest Control Services.

 

Officers with Red Oak Police and deputies with […]

2016-12-16T20:23:46-05:00November 5th, 2014|
Read More

Telephone fraud and PBX hacking revisited… “will you accept the charges?”

A recent article in the NY Times caught the attention of some of our clients. It documented an architectural firm in Norcross, Georgia, that had their phone system hacked, resulting in a phone bill for $166,000 over just one weekend.

In past ExecSecurity posts we have discussed a few methods used by hackers for compromising phone systems. One aspect of the threat is actual eavesdropping and theft of information. That type of threat can be considered targeted attacks, where someone is attempting to steal information specifically from you or your company. But as mentioned in the Times article, hackers with fraud and financial gain as their motivation are hitting random targets throughout the US and the world. In such cases, the hackers do not care whose system they attack, and they will try thousands of systems looking for one that is vulnerable.

silhouette on phone

The Times article […]

2016-12-16T20:23:47-05:00October 24th, 2014|
Read More

Citigroup security team in Mexico accused of dealing with eavesdropping and fraud

from The New York Times/ Dealbook

The accusations read like a pulp thriller:Citigroup employees in Mexico are suspected of pocketing millions of dollars in kickbacks from vendors. And bodyguards for bank executives bought audio recordings of personal phone calls and created shell companies to disguise their fraud.

A new scandal has erupted at Citigroup’s Mexican unit just months after a $400 million fraud involving a well-connected client. Now the sprawling global bank — which separately announced plans on Tuesday to withdraw from consumer banking in 11 other markets — is wrestling with how to get its house in order in one of its oldest foreign operations. A crucial part of that decision rests on how to nudge aside the most powerful executive overseeing Mexico, a country where Citigroup has been doing business since 1929.

What makes that decision particularly difficult is that the Mexican […]

2016-12-16T20:23:47-05:00October 16th, 2014|
Read More

State Department concerned about Chinese espionage at Waldorf Astoria

State Department concerned about Chinese spying at Waldorf Astoria after sale to insurance company with possible Communist Party ties.

The State Department said it is reviewing the sale of the hotel to Beijing-based Anbang Insurance Group, and that it may stop leasing space for the U.S. ambassador to the UN or the General Assembly. Anbang is reportedly linked to China’s Communist Party, which has overseen a massive effort to use cyberspying to steal U.S. trade and military secrets.

WASHINGTON — The sale of the Waldorf Astoria to a Chinese insurance giant is really bugging the State Department.

Grand plans by Beijing-based Anbang Insurance Group “to restore the property to its historic grandeur” has some Washington diplomatic and security insiders wondering if the Chinese will be adding more than a view to kill for.

Officials said Monday they are reviewing the sale — and implied the glittering renovation scheme for the iconic Park Ave. […]

2016-12-16T20:23:47-05:00October 14th, 2014|
Read More

Who’s in your conference call?

Electronic communications has made meeting up with others via conference calls and web conferencing quite convenient and very commonplace today.  It is important, though, to be aware of the security concerns and vulnerabilities for all types of conference services.

During an inspection we performed at a financial services company we found that their brand new boardroom conferencing system had been left with “auto-answer” enabled. This allowed anyone to call in and listen to everything taking place in the room, not only from any phone extension on the property, but also from any outside phone line. A caller just needed to know the “DID” or direct inward dial number (which happened to be the room’s extension number with the common prefix).

That incident involved the hardware based conference system built into the corporate boardroom. More common, though, and used by all levels of employees, is conference calling using either a corporate conference number (conference bridge […]

2016-12-16T20:23:47-05:00October 13th, 2014|
Read More

Court Hears Pocket-Dial Eavesdropping Case

Tip: Keep your cell phone secure, double check that it is not mistakenly on a call, especially when in conferences or important meetings.

CINCINNATI (CN) – A woman who allegedly pressed record on her co-worker’s “pocket-dialed” call will likely defeat privacy claims, 6th Circuit judges said Tuesday.
Jim Huff, chair of the Kenton County, Ky., Airport Board, said the Oct. 24, 2013, call occurred while he was attending a conference in Italy relating to operations at the Cincinnati/Northern Kentucky International Airport.

Huff sued Carol Spaw, the Erlanger, Ky., woman who answered that call in December 2013, for alleged eavesdropping.      The federal complaint alleges that Huff’s cellphone “accidentally” dialed the airport’s administrative offices, and that Spaw, administrative assistant to the airport’s CEO, answered.
During the alleged 91-minute call, Huff says he spoke with fellow board member and his wife, Bertha, at the conference and in his private hotel room.      Spaw meanwhile allegedly recorded […]

2016-12-16T20:23:47-05:00October 9th, 2014|
Read More

Surveillance drives South Koreans to encrypted messaging apps

from The Verge

Two weeks ago, Kakao Talk in South Korea users got an unpleasant surprise. After months of enduring public criticism, President Park Guen-Hye announced a crackdown on any messages deemed as insulting to her or generally rumor-mongering — including private messages sent through Kakao Talk, a Korean messaging app akin to WhatsApp or iMessage. Prosecutors began actively monitoring the service for violations, promising punishment for anyone spreading inappropriate content.

In response to the crackdown, South Koreans have voted with their feet, heading en masse to encrypted chat programs hosted outside the country, particularly an app called Telegram known for its encryption features. Based in Germany, Telegram reports roughly 1.5 million new South Korean users have signed up in the past seven days, giving the app more than 50 million users worldwide. Telegram’s Markus Ra says it’s not the only country where government controls have made Telegram an attractive […]

2016-12-16T20:23:47-05:00October 6th, 2014|
Read More

Ford to offer Police Interceptor surveillance tech to competitors

by Chris Bruce, www.Autoblog.com

Ford unveiled its surveillance mode technology last year as an option for 2014 Ford Police Interceptor Sedan and Utility models, and it has been a huge success. Now, the automaker and its partner InterMotive Inc. have decided to license the patent-pending system, including possibly to competitors and the military.

The surveillance mode technology is all about improving officers’ situational awareness when their vehicle is stationary, and they aren’t paying total attention to their surroundings; when filling out paperwork, for example. When an officer activates the system, the rear radar begins monitoring what’s happening behind the cruiser. If it detects someone coming up on the vehicle, then the rear camera turns on, the driver’s side window closes and the doors lock. Of course, in busy environments with people constantly walking around, the police can also just keep surveillance mode turned off.

The whole […]

2016-12-16T20:23:47-05:00October 6th, 2014|
Read More

“Burner phones” – George Clooney recognizes their value.

Pay-as-you-go phones (aka “burner phones”) can be purchased without the need to set up an account, so the phone will not be tied to your identity.  When someone has concerns that their smart phone may have been hacked or compromised, a good option is to pick up a burner phone to use for those phone calls that need to be kept private and confidential.  The less expensive models that are not “smart phones” will not support apps that may contain spyware. It is much cheaper and quicker than having a smart phone analyzed electronically for spyware.

George Clooney and his new wife recognized burner phones as a way to help control some of the privacy of their recent wedding.

TMZ reported the rules for wedding guests:

— Leave your cellphone in your hotel room
— If you think you may need your phone, then bring it … but leave it at […]

2016-12-16T20:23:47-05:00October 1st, 2014|
Read More
Go to Top