Posts Taged hidden-camera

Lebanese security agency turns smartphone into selfie spycam: researchers

FRANKFURT (Reuters) – Lebanon’s intelligence service may have turned the smartphones of thousands of targeted individuals into cyber-spying machines in one of the first known examples of large-scale state hacking of phones rather than computers, researchers say.

Lebanon’s General Directorate of General Security (GDGS) has run more than 10 campaigns since at least 2012 aimed mainly at Android phone users in at least 21 countries, according to a report by mobile security firm Lookout and digital rights group Electronic Frontier Foundation (EFF).

The cyber attacks, which seized control of Android smartphones, allowed the hackers to turn them into victim-monitoring devices and steal any data from them undetected, the researchers said on Thursday. No evidence was found that Apple (AAPL.O) phone users were targeted, something that may simply reflect the popularity of Android in the Middle East.

The state-backed hackers, dubbed “Dark Caracal” by the report’s authors – after a wild cat native to the Middle East – used phishing attacks and other tricks to lure victims into downloading fake versions of encrypted messaging apps, giving the attackers full control over the devices of unwitting users.

Michael Flossman, the group’s lead security researcher, told Reuters that EFF and Lookout took advantage of the Lebanon cyber spying group’s failure to secure their own command and control servers, creating an opening to connect them back to the GDGS.

“Looking at the servers, who had registered it when, in conjunction with being able to identify the stolen content of victims: That gave us a pretty good indication of how long they had been operating,” Flossman said in a phone interview.

Dark Caracal has focused their attacks on government officials, military targets, utilities, financial institutions, manufacturing companies, and defense contractors, according to the report.

The researchers found technical evidence linking servers used to control the attacks to a GDGS office in Beirut by locating wi-fi networks and internet protocol address in or near the building. They cannot say for sure whether the evidence proves GDGS is responsible or is the work of a rogue employee.

The malware, once installed, could do things like remotely take photos with front or back camera and silently activate the phone’s microphone to record conservations, researchers said.

Responding to a question from Reuters about the claims made in the report, Major General Abbas Ibrahim, director general of GDGS, said he wanted to see the report before commenting on its contents. He added: “General Security does not have these type of capabilities. We wish we had these capabilities.”

Ibrahim was speaking ahead of the report’s publication.

Source: Reuters

Missouri man used hidden camera to film teens getting out of the shower, feds say

Federal investigators say a man from Licking, Missouri used a hidden camera to film teenage girls getting out of the shower.

Nathaniel F. Mares, 35, was charged this month with producing child porn after investigators say they found several of his clandestine recordings.

According to a criminal complaint, a family member found 31 of Mares’ flash drives while she was cleaning in December.

The family member put one of the flash drives into her computer and discovered videos of two teenage girls getting in and out of the shower, according to the complaint.

In at least one of the videos, the complaint says, Mares could be seen placing the camera in the bathroom.

The complaint says law enforcement officers arrested Mares on Jan. 4 in Texas County and seized a computer, external hard drive, dozens of flash drives and a “spy pen” video recording device.

Mares is being held in the Greene County Jail.

In asking that he be held in jail before trial, federal prosecutors wrote that Mares — who is employed as a corrections officer at the South Central Missouri Correctional Facility in Licking — also had other “surreptitious” video recordings in his possession.

Prosecutors say they found videos Mares took of a woman and her child walking into Walmart and Mountain Grove Elementary School.

Another video, prosecutors say, was taken at a public pool and focused on girls in swimsuits.

An attorney listed for Mares in online court records did not immediately return a phone call seeking comment for this report.

A spokesperson confirmed Tuesday that Mares was still employed by the Missouri Department of Corrections.

Source: News-Leader

Android security: This newly discovered snooping tool has remarkable spying abilities

The mobile malware can steal WhatsApp messages, eavesdrop on targets based on GPS coordinates, and more.

A newly-uncovered form of Android spyware is one of the most advanced targeted surveillance tools ever seen on mobile devices, coming equipped with spying features never previously seen active in the wild.

Named Skygofree by researchers because the word was used in one of its domains, the multistage malware is designed for surveillance and puts the device in full remote control of the attackers, enabling them to perform advanced attacks including location-based sound recording, stealing communications including WhatsApp messages, and connecting to compromised networks controlled by the malware operators.

Researchers at Kaspersky Lab say those behind spyware have been active since 2014 and are targeting select individuals — all in Italy. Those behind the mobile surveillance tool are also thought to be based in Italy.

“Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions,” said Alexey Firsh, malware analyst in targeted attacks research at Kaspersky Lab.

The malware was uncovered during a review of suspicious file feeds, with its capabilities uncovered after analysing the code.

Still thought to be receiving updates from its authors, Skygofree offers attackers 48 different commands, allowing them flexibility to access almost all services and information on the infected device.

That includes the ability to secretly to use the device’s microphone eavesdrop on the user and their surroundings when they enter a specified location — a surveillance feature which has never previously been seen in the wild.

Other previously unseen features bundled with Skygofree are the ability to use Accessibility Services to steal WhatsApp messages of victims and an ability to connect an infected device to wi-fi networks controlled by the attackers.

The malware is also equipped with all the features and root access privileges usually associated with trojan spyware, including capturing photos and videos, seizing call records and text messages, as well as monitoring the user’s location via GPS, their calendar, and any information stored on the device.

If the user has chosen to run battery-saving measures, Skygofree is able to add itself to the list of ‘protected apps’ in order to ensure it can carry on its malicious activity, even when the screen is off or the phone isn’t active.

It remains unclear if those targeted by Skygofree have anything in common outside of being based in Italy, but research suggests that those infected with the Android malware have been compromised after visiting fake websites which mimic those of leading mobile operators.

While researchers still don’t know how the victims are lured onto these malicious sites, once there, they’re asked to update or configure their device configuration, allowing the malware to be dropped in the process.

Most attacks appear to have taken place in 2015, but there’s evidence that Skygofree is still active with evidence of attacks as recently as 31 October 2017. The attackers have gone out of their way to ensure that Skygofree remained under the radar without being detected.

“High-end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion,” said Firsh.

In addition to actively infecting Android devices, the attackers also appear to have an interest in Windows systems: researchers uncovered recently-developed modules to target the platform.

However, given the treasure trove of information a mobile device can provide to attackers, it’s no surprise that those behind Skygofree put their main focus on Android — especially given the chance it offers to track a user’s movement and therefore activate attacks based on location.

“Mobile spyware is becoming more effective than PC variants, because victims keep their mobile phone close by them at all times, and such implants can exfiltrate a large amount of sensitive information,” Vicente Diaz, deputy head of the global research and analysis team at Kaspersky Lab, told ZDNet. “Some of the never before seen-in-the-wild features of Skygofree are remarkable in their capability.”

In order to protect against falling for these sorts of targeted cyber-attacks, mobile users are encouraged to use a security tool to help protect their device and to exercise caution when they receive emails from people or organisations they don’t know, or with unexpected requests or attachments.

By Danny Palmer
Source: ZDNet

Police ID man who set up camera in bathroom

WHITE MARSH, Md. —Baltimore County police have identified a man who they said set up a spy camera in a White Marsh Mall restroom.

A day after releasing the video and photos, police said tips from the public helped to identify a suspect. Police said he will face charges once detectives have completed their investigation.

Police said they had a clear picture of the suspect because he caught himself on camera.

“This was a recording device that was attached to a very small camera that the suspect had secured on a partition separating two of the bathroom stalls,” said Officer Jennifer Peach, spokeswoman for the of Baltimore County Police Department.

Police said that around 6:30 p.m. on Dec. 23 a patron found a camera in the family restroom of the food court area in White Marsh Mall. Police said the camera was secured with electrical tape to a partition dividing two lavatory areas, pointing toward one of the facilities. The camera and recording equipment, including an SD card containing video, were turned over to police.

Investigators said someone spotted the device inside a the bathroom and alerted authorities on Dec. 23. Since that time, detectives said, they have enhanced the quality of the video in hopes that someone will recognize the man.

“We’re very concerned because this is someone who is attempting to record people when they have an expectation of privacy — when they are vulnerable,” Peach said.

Police said a few people, including children, were recorded.

“We don’t know who his target audience was. We don’t know if he was intending to target adults or our children,” Peach said.

For many shoppers, the news was disturbing.

“That’s disgusting. I don’t know why anyone would want to do that,” said shopper Jakeline Quintanilla.

Quintanilla said she’ll pay more attention when using public restrooms from now on.

“I’m going to be more careful now because I don’t want anyone recording me doing that stuff. I don’t think anyone else wants that either,” she said.

Police believe the camera was only set up for a very short period of time.

White Marsh Mall’s general manager released the following statement:

“The safety and well-being of our shoppers and merchants are of paramount importance to us. White Marsh Mall and our security team are cooperating fully with the Baltimore County Police Department as they continue their investigation into this incident. We ask that you refer all questions to the Baltimore County Police Department.”

Source: WBAL TV