ProSecurityNews » New Products

PSN009 – Drive by passport cloning, ATM thefts, NFC Enabled Locks and more.

admin — Sat, 07 Feb 2009 22:05:50 +0000

In this episode we discuss drive-by passport cloning, huge ATM thefts, NFC enabled electronic locks, a new biometric idea to replace fingerprint readers, 1500 Megapixel images for security surveillance, and yet another cool miniature spy cam. We also make note that Lockmasters Security Institute is now fully approved by the General Services Administration (GSA) as a Certified Training Facility for the GSA CERTIFIED Safe & Vault Technician Courses. With over 400,000 GSA containers in use, can you afford not to become certified?

Show Links

Driveby passport cloning
Shmoocon DC – passport hack revealed
RFID pressure switch patent
ID Stronghold – to protect your passport
Global ATM theft nets 9 million in one day
Airbase installs electronic locks.
NFC enabled locks.
Sony finger vein biometric authentication
Gigapan 1500 mega pixel image of inauguration
Gigapan robotic mount information
Key holder
ID Badge spy cam.

Click the link to read the text of the entire podcast.

Drive by Passport Cloning

We have reported several times that RFID tags can be read from a distance. Reading the RFID tag on an access card or passport is the first step to cloning it. In show number one we talked about methods of RFID skimming and cloning. One such cloning attack was the California highway toll road passes. Refer to show #1 if you want to review that information. In show number two we mentioned Identity Stroghold, a company that makes secure sleeves for protecting RFID devices from long range snooping.

So what follows is a story about a security researcher who recently used components purchased on eBay for less than $250 to do some drive by discovery of RFID enabled devices. In a manner similar to Wardriving where a mobile laptop discovers unsecure wifi network resources, the researcher equipped his vehicle to discover nearby RFID devices and capture the unique identifier code. During a 20 minute drive in downtown San Fancisco he was able to copy the RFID tags of two passports without the knowledge of the passport holder.

The cards make use of the RFID equivalent of optical barcodes known as electronic product code tags, which are widely used to track cattle and merchandise as it’s shipped and then stored in warehouses. Because the technology employs no encryption and can be read from distances of more than a mile, the tags are highly susceptible to cloning and tracking.

The snooping system consists of a Symbol brand RFID reader, an antenna mounted to the side of his car, and a laptop connected to the RFID reader. The laptop runs a Windows application that continuously prompts the RFID reader to look for tags and logs the serial number each time one is detected. While this proof of concept setup has a range of about 30 feet, modifications could increase the range to at least one mile.

Government officials say that they have no plans to change the technology used in passport cards because they have increased the processing throughput at border crossings. Given the fact that the passports are provided with protective sleeves, and that the number captured does not reveal personal information about the user, they feel that the system is still relativley safe.

Researcher Chris Paget plans to release the software’s source code during a demonstration at the Shmoocon hacker convention being held this week in Washington DC.

So what is our take-away from this story? The point has been made over and over that RFID systems can be read at great distances, and the tags can be cloned. Reading at a distance is useful if you are a truck hijacker who is looking for that load of big screen TV’s. Cloning is also useful to the bad guys given that Sam’s Club and others are actively developing RFID enabled cash registers. Even though tag cloning required some equipment, some could argue that it would be easier than counterfeiting a UPC bar code. If your facility is contemplating the use of RFID for any purpose, learn from these stories and take a long hard look at the risks it may pose for your facility.

In the future, according to some recently released patent applications, end users of ID cards, access control cards, or these new RFID passports will need to squeeze a target area activating a switch to allow the card or passport to be read. In the meantime concerned users should make use of the shielding devices that are currently available.

A Global ATM theft nets 9 million in one day

Wired Threat Level has a story about a carefully coordinated global ATM heist last November resulted in a one-day haul of $9 million in cash, after a hacker penetrated a server at payment processor RBS WorldPay.

The story is written by Kevin Poulsen, a well known hacker turned journalist, who once served 4 years for mail, wire & computer fraud.

Wired cites a Fox 5 New York news report that explains that the hacker releived RBS WorldPay of personal information on approximately 1.5 million payroll-card and gift-card customers. Payroll cards are debit cards provided by employers instead of paychecks or direct-deposit. Account numbers and other data needed to clone the debit cards was also taken during the hacking breach.

Originally the company said it had fraudulent activity on only 100 cards, however the hacker managed to modify the withdrawal limits on those 100 cards, and used a global network of accomplices to drain the cards with repeated rapid-fire withdrawals. More than 130 ATMs in 49 cities from Moscow to Atlanta were hit simultaneously just after midnight Eastern Time on November 8.

The story goes on to mention that this is not the first time these payroll card systems have been targeted. In late 2007 a company called iWire lost 5 million dollars in a similar attack that lasted just 2 days, and Citibank lost 2 million from ATM machines in 7-11 stores in New York City.

It is interesting and sometimes amusing to sit back and watch the debate over the good and evil done by hackers. What is currently happening to the computer systems we have all come to rely on is very similar to what has been happening to the physical lock industry for hundreds of years. One man builds a lock or security chest and it sets the standard for a few years until another man defeats it. And then a better one is made, and so on and so on. The same is happening in the computer industry. Knowledgeable security practitioners recognize that hackers and lock sport enthusiasts cannot be outlawed and instead, learn from them, which leads to improvements in security. Think of them as your own free R&D department.

Some reasons to consider electronic locks.

A recent story in the news describes how Eielson Air Force base in Alaska has installed card operated electronic locks on the dormitory doors. The locks, provided by Best Access systems, a division of Stanly, read the residents existing Common Area Access card.

Previously the dormitories used traditional mechanical locks and metal keys. The following comments made in the article offer insight as to why these systems are so popular with large facilities.

The system offers better key control because the key card cannot be duplicated at the local hardware store.
The system also offers more security with regard to methods of entry,.
The system is more cost effective to manage both in time and money.

One major area of cost management is the replacement of lost keys. With the new system, when a card is lost, the airman is issued a replacement card which invalidates the code on the lost card. This process can be handled in a few minutes by the dorm management department. Previously, lost keys required a call to a locksmith to change the lock, a process which took a few hours to complete.

Facilities contemplating such a purchase should add up the cost of ownership and ongoing maintenance of both high security mechanical systems and stand alone card access systems and use the resulting data as part of your decision factors. Locksmiths who are not currently installing such systems should seriously consider adding them to their areas of expertise or risk losing valuable customers who decide to install electronic access control.

NFC Enabled Electronic Locks.

Near Field Communications, NFC for short, is a next generation technology touted as a replacement for contactless cards or potentially even the entire contents of your wallet. NFC will enable a phone to carry all your credit cards, loyalty cards, maybe eventually even your driver license.

NFC can support a wide range of applications such as opening a door, logging into your computer, signing on to the Internet, or download maps or directions from a kiosk or display.

Co-developed in 2004 by NXP Semiconductors and Sony, it is a short-range wireless technology that evolved from existing contactless technologies. NFC is supposed to simplify the way consumer devices interact with one another, helping people speed connections, receive and share information and even make fast and secure payments.

To encourage development of “cool” NFC applications, the NFC Forum organization conducted an annual contest to encourage out-of-the-box developments.

The first place winner in this year’s competition was VingCard, an ASSA Abloy company. VingCard developed an NFC-enabled lock for hotel rooms. The system enables guests to bypass the check-in process and unlock their hotel room doors using their phones.

The VingCard system was designed to streamline the checkin and check out process by eliminating the need for a guest to stand in line at the front desk. In fact, the hotel chain can sell the room to the guest over their web site, and then encode the room data via an encrypted text message exchange when the guest indicates he has arrived, either at the airport, in the taxi, or the lobby of the hotel.

It doesn’t take much imagination to see how such a system could be deployed for a commercial facility using NFC for access control. Global text messages to all authorized devices could be used to update the system and change access privileges on the fly, for an access system that had buildings located anywhere in the world (where there is cell phone reception of course).

Sony Develops Biometric Finger Vein Authentication.

Sony Corporation today announced the development of a finger vein authentication technology. This technology offers quick response and high accuracy and comes in a compact size designed for mounting on personal computers or mobile phones.

Sony claims that compared to the other biometric authentication techniques, vein authentication technology achieves higher accuracy for personal identification and higher forgery resistance because it uses the veins inside the finger. Finger vein patterns differ from person to person and finger to finger, and it is said that they do not change over the years.

The design uses a unique method where a CMOS sensor diagonally captures scattered light inside the finger veins, resulting in a design that occupies a single planar surface resulting in a design small enough for mobile devices.

The vein pattern is extracted from the captured finger vein image, and data is compressed and corrected to compensate for slightly differing finger positions.

Sony claims a less than 0.1% for the False Rejection Rate and less than 0.0001% for the False Acceptance Rate. They expect to commercialize the technology within the 2009 fiscal year.

So what can we take away from this story? Continuing advancements in user friendly, simple to use, and cost effective biometric authentication devices are certainly welcome in the security industry. It is even more useful when they are deployed, and consequently debugged in such heavily used consumer devices as laptops and cell phones. Further, the application in such popular devices lowers many of the barriers to implementation confronted by security practitioners.

Panning camera has security applications

You may have already seen the spectacular image of President Obama’s inauguration that was taken by NY photographer David Bergman. If not, head over to the website linked in our show notes and take a look. It is incredible in size, scope, and resolution. He made the special panoramic image from the north press platform during the inaugural address. It’s made up of 220 images stitched together into a final image size of 1,500 megapixels.

The image was created using a Canon PowerShot G10, a 15 megapixel compact digicam with a 5x zoom that retails for about $260, and the GigaPan Epic robotic mount.

The GigaPan is a robotic camera mount that works with most point and shoot cameras to create huge panoramas. It works in conjunction with included stiching software that joins all the smaller images into one large image, and the GigaPan.org website for sharing the images with others.

You simply attach your camera and set the upper left and lower right corner of the scene you want to capture. The robot works out how many pictures it needs to take, and robotically positions the camera and snaps the shutter. And it does all that for the incredibly low price of $379.00, available directly from GigaPan Systems.

GigaPan Systems was established in 2008 as a commercial spin-off of a collaboration between NASA and Carnegie Mellon University. The GigaPan Imager uses the same technology that was used by the two Mars Exploration Rovers, Spirit and Opportunity, to collect amazing panoramic images of Mars.

Of course the security applications for this device are enormous. If you go to the web page in the show notes and look at the image you can see that you can use the web page controls to zoom in on any part of the crowd. Just for fun, count the number security people on the roof tops, or zoom in and read the sheet music in the orchestra pit. Obviously this could be a powerful tool for capturing images of large events for later analysis, and at a price that won’t break even the most modest security budget.

Yet another way to not lose your keys.

In the just for fun department, the folks at Yanko Design give us a new design for a common problem, misplacing your keys. Gone are the days of hanging your keys on a hook, tossing them on the counter, or dropping them in a drawer, attaching them to an electronic finder, or worse doing none of this and forgetting where you put them. The #8 KeyThing circumvents that fact of life by giving you one place to keep all your keys. The lady bug looking contraption is a simple piece of rubber with grip port holes. As long as you remember where you mounted it, losing your keys should be a thing of the past. Check out the link to the web site on our show notes page.

Our Weekly Spy Cam Product

And finally, continuing what seems to be a weekly discovery in small spy camera type devices, we found a new one on the web site Engadget. It is a spy camera disguised as a personal ID badge with a forward looking 1.3 megapixel camera that records a 352×288 image at 15 frames per second. It has 4GM of memory and a USB port and reportedly sells for about $155 US. Put your picture and the phone company logo on the front, break out your hard hat and clipboard, and you could probably roam anywhere you want recording lots of video and audio.

GSA Approved!

And in our final story today we are happy to report that Lockmasters Security Institute is now fully approved by the General Services Administration as a Certified Training Facility for the GSA CERTIFIED Safe & vault Technician Course. With over 400,000 GSA security containers in use today, this is an ideal course for any U.S. military, government and commercial locksmith. You will learn all the skills required to service, maintain and inspect GSA approved security containers. In our GSA Inspector Certification course you will Learn how to confirm if a GSA container or vault door is up to standards, and if it can be labeled as GSA approved. You will be certified to inspect and re-certify any GSA approved container if it meets specifications.

PSN009E – Drive by passport cloning, ATM thefts, NFC Enabled Locks and more.

admin — Sat, 07 Feb 2009 22:01:49 +0000

(Enhanced Podcast) In this episode we discuss drive-by passport cloning, huge ATM thefts, NFC enabled electronic locks, a new biometric idea to replace fingerprint readers, 1500 Megapixel images for security surveillance, and yet another cool miniature spy cam. We also make note that Lockmasters Security Institute is now fully approved by the General Services Administration (GSA) as a Certified Training Facility for the GSA CERTIFIED Safe & Vault Technician Courses. With over 400,000 GSA containers in use, can you afford not to become certified?

This is the enhanced version of the podcast with embedded images and chapter markers much like a DVD. See PSN009 for the show links and the full text of the podcast.

PSN008 – Dangerous USB, Covert Cameras and Monster Shredders

admin — Sat, 31 Jan 2009 16:00:07 +0000

In this episode we look at 10 items in the news including why the Dod has temporarily banned the use of USB thumb drives, how mobile phones can be the ‘smoking gun’, how Ford trucks can go on-line, about how the Kwikset Smartkey is pickproof, bump proof, and has record sales, a high tech ATM debit card skimmer, home made drug smuggling submarines, some sneaky covert cameras, and a shredder that eats engine blocks for breakfast.

Show Links

Tougher DoD security standards coming for removable storage devices
Pentagon Hit by Unprecedented Cyber Attack FOXNews.com
IronKey: Anti-Malware Initiative
Cyber Attack Spurs Thumb Drive Ban » Blog Archive » DoD Buzz
Defense Tech: November 2008 Archives
Best Buy Digital Photo Frames Shipped With Virus – Security Fix
Assa Abloy To Close 15 Units, Cut 1,800 Jobs
Stanley acquires Florida Sonitrol franchise – Security Systems News
Stanley Convergent Security Solutions News
Mobile Handsets Becoming A ‘Smoking Gun’ – DarkReading
Paraben Corporation – Computer Forensic Software
Paraben Forensics
Ford trucks getting LogMeIn remote PC access
LogMeIn – Solutions for Small Business
Kwikset.com – SmartKey
Kwikset Smartkey Patent
Video: Sneaky New ATM Skimmer Found in Pennsylvania
Feds Harpoon Alleged ‘Narco Submarine’ Crews
Ultimate SAS Spy Pen
Cigarette Lighter Camera
Watch It Shred

Pro Security News – PSN008 Script

DoD bans thumb drives.

Our lead story today is sound advice for anyone who has a computer, be it personal, company, or government. This past November the Defense department issued a temporary ban on the use of thumb drives and other removable storage devices on its networks because of concerns that some of the devices were infected with viruses.

The apparent reason for this action was the recent cyber attack suffered by the Pentagon which was reported by Fox News on November 20. The attack came in the form of a global virus or worm that began spreading rapidly throughout a number of military networks. Cyber investigators had not pinpointed the entry point for the worm/virus, but sources point to removable storage devices as the most likely point of infection.

Locksmiths, security practitioners, law enforcement and government agents should all be aware that storage devices that connect to any computer via the USB port can infect a computer with a virus, worm, malware or trojan very quickly. Plug an iPod ,USB drive, or a Smartphone into a PC running Windows and the device can literally take over the machine and search for confidential documents, credit card numbers and passwords stored in Internet Explorer, and then copy them back to the internal storage on the device. Alternatively, the device can simply plant spyware, or even compromise the operating system

This is accomplished by exploiting the AutoRun capabilities of Windows which allows a connected device to run a program or install a driver when it is connected to the computer. We have all seen this behavior when we connect a USB device, usually in the form of the pop up window that asks if you want to run a program or browse the device files.

Anti-virus company Trend Micro shows that over 70 million computers were infected with AutoRun malware in 2008. Once this malware gets onto a network, it can steal passwords and documents, infect other computers on the network, and allow criminals to install other malicious software and crimeware onto the computer. In fact, it was widely reported in the mainstream media news, that this years holiday season resulted in a record number of computer virus infections spread by gifts of digital picture frames and other USB connected devices. These devices connect to your PC via USB so you can upload all your photographs. The Insignia brand photo frame sold by Best Buy is just one example.

When you connect an unknown USB device to your computer the device can automatically download software drivers to your PC to make the device work properly. In fact, it can install a complete software package. I experienced such a software installation myself quite recently when I purchased a small pocket size Kodak HD video camera. Many of these USB devices are made in China and it is a documented fact that they are overtly attacking our computer infrastructure, so what better way than to have a collaborator working inside a device factory who is willing to plant the malicious software into the devices being manufactured.

Anyway, the net result of this is that the DoD is about to release a list of approved removable storage products that meet minimum security standards. If you can’t wait for the list, head on over to www.ironkey.com and check out what they have to offer. Ironkey worked closely with the Department of Homeland Security to develop high security removable storage devices. They offer a range of devices with malware detection, data encryption, and at the highest level, you can even remotely disable or destroy the device contents. Users who require less than Dod level protection can google “secure usb drive” for a long list of vendors.

In addition to the threat of an injected virus or malware, there is the threat of lost data due to a careless employee. I am reminded of a rental car I was in recently during a business trip. During cleaning, the rental car company evidently missed the lost thumb drive left behind by the previous renter. I took a peek into the contents of the device with my laptop which dual boots to Linux. Linux is an OS that is immune to the viruses and malware that attack Windows PC’s, so I had no problem examining the contents of the USB drive. Using the information on the drive I was able to call the rental car company and inform them that Mr Jones (not his real name) had left his USB drive loaded with personal information in the vehicle. The drive and the owner were happily reunited.

So the lessons for us to take away are;

At a minimum, choose a device that has a built in password to encrypt your data in case you lose it or misplace it.
NEVER connect a USB device to your computer unless you trust the source.
Always keep your virus definitions up to date.
I/T managers should consider an outright ban on such devices in the workplace. Besides the threat of virus injection into your network, there is also the threat of data theft. The Policy Editor can be used to turn off the USB AutoRun feature so it cannot be restored by the user.
Finally, don’t limit restrictions to USB drives. This threat originally surfaced in 2006 and was dubbed the attack of the iPods. The perpetrator would ask if he could charge his ipod by connecting to your laptop, and it would set about harvesting data from the hard drive.

ASSA Abloy cutting jobs

The economic downturn is global in nature and has recently affected Assa Abloy, the worlds largest lock manufacturer as measured by sales volume. Assa, who’s corporate offices are located in Sweden, recently announced a 141 million dollar restructuring program that calls for the closure of 15 production units and the layoff of 1,800 employees. The report did not indicate which facilities or product lines would be affected.

Stanley acquires a Sonitrol Franchise.

Stanley Convergent Security Solutions, is part of the Stanley Group originally well known for their line of tools. Stanley now owns a number of security product companies including Precision Hardware, Sargent & Greenleaf, & Best Lock. In the summer of 2008 they also acquired Sonitrol Corp., an burglar alarm company that uses audio listening capability as part of their detection technology. Sonitrol has a long history in the security industry. In 1969 I worked for one of the original franchises called Security Associates located in the Washington DC area. Back in those days we could actually listen in to crimes in progress over a direct wire connection from the protected premise to the monitoring station. It was common the hear glass breaking, and holes being chopped through roofs and walls.

Sonitrol has over 90 independent franchise dealers around the country, and most recently Stanley acquired one of them, namely Sonitrol of Palm Beach Florida. That franchise has been in operation since 1974. The news report gave every indication that Stanley would seek to acquire more Sonitrol franchises as the opportunities present themselves.

What is interesting here is that Stanley has recognized that it is not just enough to manufacture the security products, you need to be able to sell, install & service them, and owning your own service is the best way to ensure quality.

Mobile Phones can be a smoking gun.

The Dark Reading website has an original article about handheld devices, which can store data and access corporate networks. These devices can contain volatile data that can be the smoking gun to forensics investigators.

Investigators need to know that the evidence on these hand held phones and devices can be easily lost or tainted. The article quotes Amber Schroader, president of the Paraben corporation, who says the trick to preserving the data is to maintain power on the device and to block any incoming signals to the device. This can be accomplished by wrapping it in foil or placing it inside a metal container.

In our first episode we talked about Paraben and their device called a CSI stick. It is a device that can be used by investigators to extract data from cell phone. They now offer investigators a field kit that includes everything needed to perform a comprehensive digital forensic analysis of over 1,900 cell phones, PDAs, and GPS devices anywhere, anytime.

Quickly shielding the seized device is critical because some devices may be equipped with software that allows the memory to be destroyed by a simple text message. mSafe is one such program that we mentioned on show #4. I use this program on my own Smart phone because it contains so much important data. If my phone were ever lost or stolen, I can send it a simple text message that will destroy the memory contents.

Security practitioners should recognize the threat that smartphones present to an organization. Many have mega pixel cameras, gigabytes worth of memory storage, internet and email access, and even VNP access into your network. They can be used to remove vital data either in the form of files from the network, or photographs of documents or product prototypes.

Ford Trucks getting Computer Access

Locksmiths and security technicians who need computer access, but who don’t want to carry a laptop on their truck, now have a new option available from Ford.

New F-150 trucks (and a few other models) can be equipped with the optional Ford Works Solutions suite, a collection of options that includes Internet access, a dashboard monitor, and a wireless keyboard and pointing device. This package will now include the remote PC access product called Log Me In. ( LogMeIn ).

LogMeIn, a Boston based company, has been providing secure remote computer access solutions since 2003. The provide software that allows browser based access to your work computer from home, or in this case, from your F150 truck.

Ford is really on a roll here lately. You may recall our story in show #1 about the available RFID tagging for your tools so they wont get left behind on the job, and the cable lock system to secure your gear.

Kwikset says Smartkey very successful.

Kwikset has stated that its SmartKey technology has been one of the most successful product innovation launches in company history. They made this announcement at the International Builders’ Show (IBS) in Las Vegas. SmartKey resulted in a 20 percent growth in U.S. retail sales of the Kwikset Signature Series line of products in 2008.

The unique feature of the SmartKey technology is that it provides consumers with the ability to re-key locks quickly and easily, without removing the lock from the door, or calling a locksmith. The cylinder is also highly resistant to picking, impressioning, and the design cannot be bumped.

We all know how key bumping has been made famous lately by the mainstream media and youtube, who at last count had about 2,000 ‘how to’ videos on lock or key bumping. The Memphis TV channel 5 video on lock bumping has received 7,759,310 views on you tube. Kwikset is arguably the most popular residential lockset sold in the USA.

The upgrade of their products to ANSI grade one, and the addition of the picking and bumping protection, in a $30 deadbolt, has already proven to be a big hit in the marketplace.

Watch this program for a detailed review of this product in the near future.

ATM skimmer used to steal 300k in Pennsylvania.

An alert bank customer in Pennsylvania thought the speaker mounted over his bank’s ATM looked suspicious, so he called the cops. It turned out to be a skimming device blamed for $300,000 in losses.

Skimming is a method used for stealing your identity during an ATM transaction, or anytime your card is out of your possession. There are many documented incidents of retailers and waiters who have used skimmers to steal your credit card information. The then use this information to re-encode blank mag stripe cards. They use depleted gift cards or used hotel keycards as the raw material. These cards can then be used in any machine that accepts cards.

In this particular case, the skimming device placed on the ATM machine was virtually undetectable. It looked like a normal part of the ATM. And just when law enforcement agencies have gotten a handle on the technology being used by ATM skimmers, along comes a break through technology that is leaving even veteran investigators astounded.

The method used included two devices. A type of skimmer placed over the card slot on the ATM accompanied by what appeared to be a speaker mounted on the ATM above the keypad. When the card was inserted, a device placed over the slot scanned the magnetic stripe and the account information was sent wirelessly to a modified cell phone hidden behind the fake speaker placed on the ATM above the keypad. A small camera concealed in the fake speaker recorded the pin number entered and stored it on a flash memory card.

Lockmasters Security Institute offers high tech training.

As you can tell from the previous stories, new technologies and new threats are coming on very strong in our industry. Mechanical designs are evolving rapidly to meet current threats, and electronic technologies seem to change every day. and the bad guys keep getting more creative too. To stay successful you have to stay current.

Staying current is how Lockmasters Security Institute can help. It is still early in 2009 and not too late to schedule some training at LSI. We offer dozens of courses including Access Control Systems, Professional Industrial Locksmithing, GSA Container Inspection and Comprehensive Security Specialist Training just to name a few. Many of our courses are college accredited and all of them are taught by instructors who have had actual hands on experience. Our instructors come from senior positions of responsibility with Fortune 500 companies, the DoD, the FBI, and the Secret Service, just to name a few.

Give LSI a call or visit the website and check the list of course offerings. While you are there, check out the new video of the LSI campus, and the worlds largest lock museum, hosted by Clay Miller.

Home made submarines for drug smuggling – wired.com

Federal prosecutors in Florida are invoking the newly passed Drug Trafficking Vessel Interdiction Act of 2008 for the first time allowing them to prosecute smugglers sailing so-called “narco submarines” on the high seas.

Measuring up to 80 feet long, a narco sub is a class of boat called a “semi-submersible,” a vessel that travels at the ocean’s surface, with most of its mass hidden underwater. According to the U.S. Southern Command, the boats have emerged as a favorite ship of commerce for international drug smugglers, in large part because they’re barely visible from the surface, making them hard to find on radar or by sight. What’s more, a crew can easily sink the boat if confronted at sea.

Narco subs were first detected in 1993, but have recently swelled in number as technological advances in design and materials have made them safer to travel. They can carry tons of cocaine or any other cargo in an underwater hull. Today, they’re typically made from fiberglass, wood or steel and manufactured in the jungles of Columbia and other cocaine-producing nations near the United States. They travel about 6 knots on diesel engines and have a range of about 2,000 miles.

Some U.S. officials consider semi-submersibles a serious threat to U.S. national security and are concerned that they could carry weapons of mass destruction.

Covert cameras.

These next two items are both tools and potential threats for security practitioners and our friends in the intelligence community.

A website called boys stuff in the UK, is offering a pen that contains a small camera and voice recorder. This device offers full color video and sound recording. Its 2gb of internal memory allows for 15 hours of recording. a little web surfing reveals a number of other websites that offer similar products.

This pen can obviously be worn in your shirt pocket to record everything in front of you, or just left carelessly somewhere on a desk to record everything around it.  The Spy Pen unscrews to reveal a concealed USB connector for connection to a computer for video file transfer. It also functions as a conventional USB stick.

Not to be outdone, the folks at Ajoka.com have a cigarette lighter camera and audio recorder with built in USB adaptor for charging the Lithium-ion battery. The camera can record up to 6 hours to a 8gb micro SD card. And yes, it also works as a lighter.

It seems that miniature cameras can be stuffed into just about anything these days only limited by your imagination.

Just for fun

I’m sure many of you have seen the “will it blend” videos either on late night TV or on You Tube. The owner of Blendtec, a company that makes blenders gets publicity by blending all sorts of things like cell phones, glow sticks, marbles, and golf balls. The company’s sales grew 700 percent after the series of videos went viral on the internet, and the entire concept has been studied by business & marketing students. If you haven’t seen them you should.

Anyway, another company has copied the “will it blend” idea but on a much bigger scale, and it is of some interest to those of us in the security community that sometimes need to destroy things like discarded computers and hard drives. The folks at Watch it Shred destroy everything from bowling balls, to 50 gallon oil drums, monster truck tires, pianos, engine blocks, entire cars, and of course computer hard drives by the handful. Check it out, it is fun to watch.

Closing

And so ends this 8th episode of Pro Security News. We covered a lot of topics in this show. The links to all the original stories and research articles are included in the show notes.

If you have any questions about any of the topics discussed today, or if you have a technical question you need an answer for, send me an email at info at prosecurity news dot com. I will answer both via email, and on the show so others can learn.

If you wish to praise or condemn the show, please drop us a note at info at pro security news dot com. We can’t improve if we don’t know what’s bugging you. If you enjoy the show please consider giving us a rating on iTunes and Zune.

This is Jon Payne at LSI, saying “Thanks for listening, and we’ll be back next week.”

PSN008E – Dangerous USB, Covert Cameras and Monster Shredders

admin — Fri, 30 Jan 2009 17:16:25 +0000

(Enhanced Podcast) In this episode we look at 10 items in the news including why the Dod has temporarily banned the use of USB thumb drives, how mobile phones can be the ‘smoking gun’, how Ford trucks can go on-line, about how the Kwikset Smartkey is pickproof, bump proof, and has record sales, a high tech ATM debit card skimmer, home made drug smuggling submarines, some sneaky covert cameras, and a shredder that eats engine blocks for breakfast.

This is the enhanced version of the podcast with embedded images and chapter markers much like a DVD. See PSN008 for the show links and the full text of the podcast.