Researchers at the University of Pennsylvania say they’ve discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.
The flaws they’ve found “represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial,” the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.
Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don’t suffer from many of the bugs they’d found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack. (more)
The Zeus banking Trojan could be a useful tool in corporate espionage…
Zeus typically steals online banking credentials and then uses that information to move money out of internet accounts. In the past year, however, Gary Warner, director of research in computer forensics with the University of Alabama, who has been closely monitoring the various criminal groups that use Zeus, has seen some hackers also try to figure out what companies their victims work for…
“They want to know where you work,” he said. “Your computer may be worth exploring more deeply because it may provide a gateway to the organisation.”
That’s worrying because Zeus could be a very powerful tool for stealing corporate secrets. It lets the criminals remotely control their victims’ computers, scanning files and logging passwords and keystrokes. With Zeus, hackers can even tunnel through their victim’s computer to break into corporate systems. (more)
I am fortunate enough to have clients across the globe and to therefore meet like-minded colleagues and clients on my travels. As it happens, I spent today, my first in the USA for this trip, with a true professional of the TSCM business, based in California. We did a lot of talking about technical surveillance countermeasure techniques and processes employed by each of us, and can confidentially state, that the counter-surveillance services we offer in the Asia-Pacific, definitely matches those services offered in the USA.
Amusingly, when discussing peripheral security reviews, we realised that the vulnerabilities typically identified within corporations, is not limited to our respective geographical boundaries. Desks are not kept free of paperwork, doors are not locked, access control is not installed and CCTV is not fitted. These are a few common items, shared by all!
Please don’t hesitate to post some information on your counter-surevillance systems and processes. We can then start to review how each of you operate in the hope of assisting those who might be new to the business.
Luxury car manufacturer Porsche has banned employees from using Internet sites such as Facebook, Google Mail or Ebay during office hours, for fear of industrial spying, German media reported on Saturday. Corporate security chief Rainer Benne told business weekly Wirtschaftswoche that the company feared information could be leaked via social networking site Facebook in particular.
The magazine reported that foreign intelligence agencies systematically used Facebook to contact company insiders and win their trust in order to obtain information.
Roughly a quarter of Porsche’s 13,000 global employees use Facebook and other social networking sites, Wirtschaftswoche reported. (
more)
Attending and presenting at the annual ERI meeting means telling clients we will be unavailable for a few days. They understand once I tell them what goes on behind these closed doors. The information I gather directly benefits them. If you think any of this can help you, give me a call and I will brief you in greater detail.
This is what I heard today…
• Need to track down Cellular, Wi-Fi or Bluetooth signals?
Berkerley Varitronics RF Detection Products probably has just the little handheld instrument you need. Each instrument, with its own weird name (Yellowjacket, Swarm, Mantis, WatchHound, etc.) handles a very specific chore. You only buy what you need. That keeps the costs down. Need a special enclosure, like hiding their contraband cell phone detector in a water bottle, or secreting an antenna in a pocket pen? No problem. Very cool Jersey engineering dudes.
The rest of the day, ERI members taught what they know…
• Alternative Power Sources for the Eavesdropper –
Mark Clayton• Display of most of the TSCM instrumentation designed and built by Glenn Whidden (with commentary by Glenn). Instrumentation provided by J.D. LeaSure.
• Discussions about topics for next year’s meetings.
The discussions continue tomorrow.
Thank you to our client family for adjusting your schedules to allow us time to attend this important meeting in Washington, DC. Tomorrow we are back on the road again completing visits this month to Virginia, Maryland, Ohio, Philadelphia, Anchorage, Boston, New York City, New Jersey and Illinois. ~ Kevin D. Murray
Kevin’s Security Scrapbook is prepared fresh almost daily for the clients and friends of Murray Associates – Eavesdropping Detection and Counterespionage Consulting for Business and Government
