Sigillu

Secure Communications

Gold Lock 3G

June 30, 2010 Posted by | BlackBerry, encryption, Iphone, mobile, Nokia, PBX, privacy, security, Windows, Windows Mobile | Leave a comment

Hombre vinculado al ‘chuponeo’ afirmó que la región Callao fue cliente de BTR

En declaraciones a “Cuarto poder”, Ojeda explicó que el disco le fue entregado por Elías Ponce Feijoo a mediados de ese año para que le copiase información. En él se habrían encontrado audios de la oficina de Rómulo León y correos electrónicos de diversos políticos, incluyendo al presidente Alan García antes de su segundo mandato.

LOS CLIENTES
Ojeda recordó que entró a trabajar a BTR en el 2003, convocado por Carlos Tomasio y que este le encargó instalar un software para grabar audios en las computadora de la empresa. Al ser consultado sobre los clientes de BTR, recordó a la región Callao, una empresa municipal encargada del Metropolitano, varios estudios de abogados y varias cementeras. Ojeda afirmó que Ponce le entregó discos para convertir audios en formatos más pequeños.

Link

June 24, 2010 Posted by | escuchas telefonicas, espionaje, ilegal, Peru, privacidad, Spanish | Leave a comment

Chuponeo británico: espías grabaron diálogos de jugadores de la selección inglesa

Londres (EFE).- La Federación inglesa de fútbol reforzará las medidas de seguridad de la selección nacional después de que unos supuestos espías obtuviesen la pasada semana más de seis horas de grabaciones de conversaciones de jugadores y el cuerpo técnico.

Las grabaciones secretas, cuyo contenido la prensa británica califica de “dinamita”, se efectuaron antes del partido amistoso que Inglaterra disputó el pasado miércoles en Wembley frente Egipto.

Al parecer, las cintas incluyen charlas tácticas del entrenador, el italiano Fabio Capello, así como discusiones sobre las primas que recibirían los jugadores en caso de proclamarse campeones del mundo el próximo verano.

Aunque el objetivo de los espías podría estar relacionado con los preparativos de los “Pross” para el Mundial de Sudáfrica, lo más probable, según los medios del país, es que aquellos quisieran obtener jugosos intercambios entre el técnico y su ex capitán, el central del Chelsea John Terry.

Link

June 24, 2010 Posted by | EMEA, escuchas telefonicas, espionaje, ilegal, Peru, privacidad, seguridad, Spanish | Leave a comment

On iPhone, beware of that AT&T Wi-Fi hot spot

cnet – A security researcher has discovered that any wireless network can pretend to be an AT&T Wi-Fi hot spot and thus lure unsuspecting iPhone users to an untrusted network connection.

Samy Kamkar, who created a worm that garnered him a million friends on MySpace overnight in 2005, said in an interview this week that he can hijack any iPhone within Wi-Fi range in what is often dubbed a “man-in-the-middle” attack because of the way the devices are configured to recognize AT&T Wi-Fi connections merely by the name “attwifi.”

Typically, an iPhone will look for a specific MAC address–the unique identifier for the router–to verify that the wireless network is a device a user agreed to join previously. However, if the iPhone has previously connected to any one of the numerous free AT&T Wi-Fi hot spots (offered at virtually every Starbucks in the U.S., for example) the device will ignore what the MAC address says and simply connect to the network if it has “AT&T Wifi” attached, Kamkar said.

“The iPhone joins the network by name with no other form of authentication,” he said.

Kamkar said he made this discovery recently when he was at a Starbucks and disconnected from the AT&T Wi-Fi network.

“I went into the settings to disconnect and the prompt was different from normal,” he said. “I went home and had my computer pretend to be an AT&T hot spot just by the name and my iPhone continued to connect to it. I saw one or two other iPhones hop onto the network, too, going through my laptop computer. I could redirect them, steal credentials as they go to Web sites,” among other stealth moves, if he had wanted to.

To prove that a hijack is possible, Kamkar wrote a program that displays messages and can make other modifications when someone is attempting to use the Google Maps program on an iPhone that has been intercepted. He will be releasing his hijacking program via his Twitter account: http://twitter.com/samykamkar.

Kamkar hasn’t attempted the hijack on an iPod Touch, but plans to determine whether it has the same vulnerability.

iPhone users can protect themselves by disabling their Wi-Fi, or they can turn off the automatic joining of the AT&T Wi-Fi network, but only if the device is within range of an existing AT&T hot spot, Kamkar said.

Asked for comment an Apple spokeswoman said: “iPhone performs properly as a Wi-Fi device to automatically join known networks. Customers can also choose to select to ‘Forget This Network’ after using a hot spot so the iPhone doesn’t join another network of the same name automatically.”

Kamkar, an independent researcher based in Los Angeles, first made a name for himself by launching what was called the “Samy” worm on MySpace in order to see how quickly he could get friends on the social-networking site. The cross-site scripting (XSS) worm displayed the words “Samy is my hero” on a victim’s profile and when others viewed the page they were infected.

He served three years of probation under a plea agreement reached in early 2007 for releasing the worm.

Source: cnet

June 22, 2010 Posted by | bugging devices, cellular phone, countersurveillance, eavesdrop, email, encryption, English, espionage, illegal, mobile, phone tap, privacy, security, spy, surveillance, tap, technology, text message, USA, wireless, wiretap | , , , , , , , , , , , , | Leave a comment

Hacker Unleashes BlackBerry Spyware

Proof-of-concept demonstrates ease at which mobile spyware can be created to pilfer text messages and email, eavesdrop, and track victim’s physical location via smartphone’s GPS.

Tyler Shields, senior researcher for Veracode’s Research Lab, also released proof-of-concept source code for a spyware app he created and demonstrated at the hacker confab in Washington, D.C., that forces the victim’s BlackBerry to hand over its contacts and messages. The app also can grab text messages, listen in on the victim, as well as track his physical location via the phone’s GPS. The spyware sits on the victim’s smartphone, and an attacker can remotely use the app to dump the user’s contact list, email inbox, and SMS message. It even keeps the attacker updated on new contacts the victim adds to his contact list. “This is a proof-of-concept to demonstrate how mobile spyware and applications for malicious behavior are trivial to write just by using the APIs of the mobile OS itself,” Shields says.{hwdvideoshare}id=23|width=|height={/hwdvideoshare}Smartphones are expected to become the next big target as they get more functionality and applications, yet remain notoriously unprotected, with only 23 percent of its users deploying security on these devices. And smartphone vendors for the most part have been lax in how they vet applications written for their products, security experts say.

“Personal information is traveling from the PC to the smartphone. The same data they are attacking on the PC is now on a lower-security form factor where security is less mature,” Shields says. “It makes sense that [attackers] will follow the money to that new device.”

His spyware app, TXSBBSpy, could be plugged into an innocuous-looking video game or other application that a user would download. Then the bad guys could harvest contacts they could sell for spamming purposes, for instance, he says. Although Shields’ spyware app is only a blueprint for writing a spyware app, writing one of these apps is simple, he says.

“If we try to tell ourselves that the bad guys don’t already know how to do this, we’re lying. This is trivial to create,” he says. Shields has posted a video demo of his BlackBerry spyware tool.

Indeed, smartphone apps were a hot topic last week: A researcher at Black Hat DC demonstrated his own spyware app for iPhones, SpyPhone, which can harvest email addresses as well as information from the user’s Safari searches and his or her keyboard cache. Nicolas Seriot, a software engineer and scientific collaborator at the Swiss University of Applied Sciences, says Apple iPhone’s review process for apps doesn’t stop these types of malicious apps from being downloaded to iPhone users.

Veracode’s Shields says app stores such as BlackBerry’s, where users download free or fee-based applications for their phones, can be misleading to users. “The app store makes the problem worse by giving customers a sense of security, so they don’t necessarily screen for this ‘trust’ button,” Shields says.

The problem is that mobile spyware is “trivial” to create, and the security model of most mobile platforms is inadequate because no one uses the security features and sandboxing methods that protect user data, he says.

Shields recommends that enterprises using BlackBerry Enterprise Server set policies that restrict users from downloading third-party applications or whitelist the ones that are vetted and acceptable.

Users can also configure their default app permissions so that when an app tries to access a user’s email or contact list, the OS prompts the user for permission. Shields says to avoid setting an app to “trusted application status.”

As for app store owners like BlackBerry AppWorld, Apple iTunes, and Google Android Marketplace, Shields recommends the vendors check the security of all applications in these stores. That way, apps would undergo a rigorous vetting process before they hit the stores. “Some are [doing this], but I’m not sure to what degree,” he says. “Regardless of what they are catching or not, they are not telling us what they are looking for.”

Shields’ TXSBBSpy spyware, meanwhile, isn’t the first such tool for the BlackBerry. There’s the controversial tool FlexiSPY, aimed at tracking employees, children, or cheating spouses, but considered by anti-malware companies as malicious code. And there has been at least one documented case of a major spyware infiltration on the BlackBerry: Users in the United Erab Emirates last year were sent a spyware-laden update to their BlackBerrys on the Etisalat network.

Written by :

June 22, 2010 Posted by | bugging devices, cellular phone, countersurveillance, eavesdrop, email, encryption, English, espionage, illegal, mobile, phone tap, privacy, security, spy, surveillance, tap, technology, text message, Uncategorized, USA, wireless, wiretap | , , , , , , , , , , | Leave a comment

Municipal officials detained for wiretapping

Officials from Ankara’s Yenimahalle Municipality, governed by the Republican People’s Party (CHP), are suspected of being members of a wiretapping gang, which wiretaps phone conversations to use as blackmail. The Ankara Police Department’s public order unit detained 20 people on Saturday as part of the operation. Police also seized jammer devices, bugging devices and programs, hand grenades and two guns as well as fake police identity cards in the raids they carried out at the houses and workplaces of the suspects. The guns were sent to the criminal laboratory of the Ankara Police Department.

Link

June 21, 2010 Posted by | EMEA, illegal, phone tap, privacy, security, tap, wiretap | Leave a comment

Wiretapping scandals prompt suspicions about gov’t pressure in Turkey

Wiretaps target judiciary

As wiretapping scandals have become almost routine in Turkey, the public perception of these incidents has created a growing climate of fear in substantial segments of the population, prompting thoughts that “everyone wiretaps each other, everyone plots against each other.”

Although most of the eavesdropping incidents are linked to the ongoing Ergenekon investigation, the frequency of leaks of private phone conservations, including secret tapings – generally to pro-government media sources – has created tension in Turkey’s already polarized political climate.

The victims of wiretapping and secret video taping include a broad range of prominent figures, from former CHP chief Deniz Baykal to Chief of General Staff Gen. İlker Başbuğ to Istanbul Chief Prosecutor Aykut Cengiz Engin, under whom the Ergenekon probe is being carried out.

The Supreme Court of Appeals and Council of State have recently claimed that their facilities had been tapped and demanded an examination of their switchboards, claims that came amid the conflict between the government and the judiciary over judicial independence and the controversial constitutional amendments.

For Emine Ülker Tarhan, the chairwoman of the Judges and Prosecutors Association, or YARSAV, such incidents are kinds of “dirty social engineering projects” carried out by dark powers trying to manipulate the public.

“Such illegal wiretaps against members of the judiciary aim to put pressure on the judiciary, which is deemed an obstacle to the government’s ambitions to change the regime,” Tarhan said. “These illegal wiretaps are constantly reported in certain pro-government media outlets with ruling government-affiliated statements.”

Link

June 21, 2010 Posted by | EMEA, illegal, phone tap, privacy, security, tap, wiretap | Leave a comment

Surveillance Self Defense (From EFF’s site)

Easy interception. Cell phone communications are sent through the air like communications from a walkie-talkie, and encryption is usually inadequate or absent. Although there are substantial legal protections for the privacy of cell phone calls, it’s technologically straightforward to intercept cell phone calls on many cell networks without the cooperation of the carrier, and the technology to do this is only getting cheaper. Such interception without legal process could be a serious violation of privacy laws, but would be immensely difficult to detect. U.S. and foreign intelligence agencies have the technical capacity to intercept unencrypted and weakly encrypted cell phone calls on a routine basis.

Link

June 21, 2010 Posted by | cellular phone, mobile, phone tap, privacy, security, spy, surveillance, tap, technology, USA, wiretap | Leave a comment

Berlusconi: 10 millones de italianos pueden estar bajo escuchas telefónicas

Para el jefe de gobierno italiano “a pesar de lo que afirma la Asociación Nacional de Magistrados, puede que haya en Italia 10 millones de personas espiadas, una cifra sin igual en el resto del mundo”.

“El problema es grave: nos espían a todos”, agregó Berlusconi afirmando que 150.000 teléfonos están bajo escucha y que si cada uno tiene 50 interlocutores llegamos a 7,5 millones de italianos bajo vigilancia y fácilmente a 10 millones.

En Estados Unidos “con una población seis veces mayor, las escuchas no llegan a las 20.000 personas” y en Francia, Alemania y Gran Bretaña “no llegamos ni a la mitad” de la cantidad de escuchas que hay en Italia, estimó.

Berlusconi se quejó de un “abuso sistemático de las escuchas telefónicas y de su publicación en los periódicos e incluso en la televisión”.

Link

June 20, 2010 Posted by | EMEA, escuchas telefonicas, privacidad, seguridad, Spanish, USA | Leave a comment

AT&T-iPad security breach may be worse than first thought

By Peter Bright | Last updated about 23 hours ago

Researchers looking into the security of GSM phone networks are suggesting that the recent breach, which saw tens of thousands of e-mail addresses and ICC-IDs inadvertently disclosed by AT&T, could have far more significant implications than a bit of extra spam: attackers can use the information to learn the names and phone numbers of the leaked users, and can even track their position.

The problem is that ICC-IDs—unique serial numbers that identify each SIM card—can often be converted into IMSIs. While the ICC-ID is nonsecret—it’s often found printed on the boxes of cellphone/SIM bundles—the IMSI is somewhat secret. In theory, knowing an ICC-ID shouldn’t be enough to determine an IMSI. The phone companies do need to know which IMSI corresponds to which ICC-ID, but this should be done by looking up the values in a big database.

In practice, however, many phone companies simply calculate the IMSI from the ICC-ID. This calculation is often very simple indeed, being little more complex than “combine this hard-coded value with the last nine digits of the ICC-ID.” So while the leakage of AT&T’s customers’ ICC-IDs should be harmless, in practice, it could reveal a secret ID.

What can be done with that secret ID? Quite a lot, it turns out. The IMSI is sent by the phone to the network when first signing on to the network; it’s used by the network to figure out which call should be routed where. With someone else’s IMSI, an attacker can determine the person’s name and phone number, and even track his or her position. It also opens the door to active attacks—creating fake cell towers that a victim’s phone will connect to, enabling every call and text message to be eavesdropped.

The iPad’s SIMs are going to be used for data, rather than voice, connectivity, which does reduce the impact of the problem a bit—attackers can’t eavesdrop on phone calls that don’t even exist, and encrypted Internet traffic will remain protected—but the breach does still leave iPad users trackable, and vulnerable to hijacking or eavesdropping of any unencrypted traffic.

This makes AT&T’s security problem much more serious than initially thought. The loss of e-mail addresses is annoying for its spam and social engineering opportunities, but given that most of us receive a lot of spam anyway, is unlikely to be disastrous. The loss of the ICC-IDs should have been harmless. But it now seems that that isn’t the case. AT&T should send every affected customer a new SIM (that is, one whose IMSI hasn’t been disclosed to the world at large). And all phone companies should stop generating IMSIs from ICC-IDs, and instead use database lookups like they’re supposed to.

We asked AT&T if the company had plans to replace the SIM cards of customers affected by the hack and were told by a spokesperson that the company has no comment at this time.

June 16, 2010 Posted by | Uncategorized | Leave a comment

« Previous Entries