Archive for the ‘Eavesdropping’ Category
The mayor of Stockton, California was arrested Thursday and charged with felony eavesdropping, among other misdemeanor charges, related to a strip poker game that he allegedly played with teenage counselors at a camp for economically disadvantaged kids last year, according to prosecutors in neighboring Amador County.
Mayor Anthony Ray Silva was taken into custody Thursday morning at the annual mayor’s Youth Camp in Silver Lake, just outside of Stockton, an inland port city approximately 80 miles east of San Francisco.
N. Allen Sawyer, Silva's attorney, told Ars that his client remains mayor, has posted bail, and has returned Thursday afternoon to the camp to help final clean up. The City of Stockton said in a statement that law enforcement are on site at the camp, presumably to keep the peace.
A US congressman has learned first-hand just how vulnerable cellphones are to eavesdropping and geographic tracking after hackers were able to record his calls and monitor his movements using nothing more than the public ten-digit phone number associated with the handset he used.
The stalking of US Representative Ted Lieu's smartphone was carried out with his permission for a piece broadcast Sunday night by 60 Minutes. Karsten Nohl of Germany-based Security Research Labs was able to record any call made to or from the phone and to track its precise location in real-time as the California congressman traveled to various points in the southern part of the state. At one point, 60 minutes played for Lieu a crystal-clear recording Nohl made of one call that discussed data collection practices by the US National Security Agency. While SR Labs had permission to carry out the surveillance, there's nothing stopping malicious hackers from doing the same thing.
The representative said he had two reactions: "First it's really creepy," he said. "And second it makes me angry. They could hear any call. Pretty much anyone has a cell phone. It could be stock trades you want someone to execute. It could be a call with a bank."
Congressional oversight leaders are requiring most federal agencies to audit their networks to see if they use Juniper-manufactured firewalls that for four years contained an unauthorized backdoor for eavesdropping on encrypted communications.
Members of the House of Representatives Committee on Oversight and Government Reform gave the agencies until February 4 to produce documents showing whether they use Juniper's NetScreen line of firewall appliances. The committee is also requiring agency heads who used the vulnerable devices to show how they learned of the eavesdropping threat and whether they fixed it prior to the release of last month's patch. That update removed the unauthorized code from ScreenOS, the operating system that manages NetScreen firewalls.
The Committee on Oversight and Government Reform is the chief oversight body for the US House of Representatives, with broad authority to investigate most matters pertaining to federal agencies. Committee members informed agency heads of the eavesdropping-related investigation involving Juniper hardware in letters dated late last week.
Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company's NetScreen line of firewalls, researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet.
The suspicious code contains a challenge-and-response authentication routine for logging into servers with the secure shell (SSH) protocol. Researchers were able to unearth a hard-coded password of "FGTAbc11*xy+Qqz27" (not including the quotation marks) after reviewing this exploit code posted online on Saturday. On Tuesday, a researcher posted this screenshot purporting to show someone using the exploit to gain remote access to a server running Fortinet's FortiOS software.
Ralf-Philipp Weinmann, a security researcher who helped uncover the innerworkings of the Juniper backdoor, took to Twitter on Tuesday and repeatedly referred to the custom SSH authentication as a "backdoor." In one specific post, he confirmed he was able to make it work as reported on older versions of Fortinet's FortiOS.
Defense attorneys have asked a federal judge to throw out more than 200 hours of conversations FBI agents recorded using hidden microphones planted near the steps of a county courthouse in Silicon Valley.
The lawyers are representing defendants accused of engaging in an illicit real estate bid-rigging and fraud conspiracy. The steps to the San Mateo County courthouse are frequently the scene of public auctions for foreclosed homes. Federal prosecutors have admitted that on at least 31 occasions in 2009 and 2010, FBI agents used concealed microphones to record auction participants as they spoke, often in hushed voices with partners, attorneys, and others. Because the federal agents didn't obtain a court order, the defense attorneys argue the bugging violated Constitutional protections against unreasonable searches and seizures.
In a court brief filed Friday in the case, attorneys wrote: