Blog Archives

Private Investigator Steven Santarpia On Lifehacker’s-Spy Week 11/12/12

Every Monday, Lifehacker brings in an expert for an hour to answer questions via chat. Next Monday, November 12, 2012 at 3pm, Lifehacker will be kicking off “Spy Week,” dedicated to all things James Bond and mystery.  ICORP Investigations Vice President, Steven Santarpia, will be joining Lifehacker to answer your questions pertaining to private investigations. Licensed Private Investigator Steven Santarpia has been a private detective for over 10 years and has worked many different types of investigations including infidelity/cheating spouse,  industrial espionage, skip tracing and insurance claims.

More information to come including the link to join the chat session on Monday. To view past chats, visit Lifehacker.com.

For more information regarding ICORP Investigations, please visit their website.

ICORP Investigations
245 Park Ave, 24th Floor
New York, NY 10167
(212) 572-4823

DoS vulnerability affects older iPhones, Droids, even a Ford car

Publicly available code allows hackers to disable Wi-Fi in a range of products.

by  – Oct 26 2012, 1:50pm EDT

 

The iPhone 4 and a slew of older devices from Apple, Samsung, HTC, and other manufacturers are vulnerable to attacks that can make it impossible to send or receive data over Wi-Fi networks, a security researcher said.

Proof-of-concept code published online makes it trivial for a moderately skilled hacker to disable older iPhones, HTC Droid Incredible 2s, Motorola Droid X2s, and at least two-dozen other devices, including Edge model cars manufactured by Ford. The Denial-of-Service vulnerability stems from an input-validation error in the firmware of two wireless chips sold by Broadcom: the BCM4325 and theBCM4329. The US Computer Emergency Readiness Team has also issued an advisory warning of the vulnerability.

“The only requirement to exploit the vulnerability is to have a wireless card that supports [the] raw inject of 802.11 frames,” Andrés Blanco one of the researchers from Core Security who discovered the vulnerability, told Ars. “The Backtrack Linux distribution has almost everything you need to execute the POC provided in the advisory.”

The Core Security advisory said that Broadcom has released a firmware update that patches the “out-of-bounds read error condition” in the chips’ firmware. Device manufacturers are making it available to end users on a case-by-case basis since many of the affected products are older and already out of service.

Blanco said the exploit makes it impossible for an affected device to send or receive data over Wi-Fi for as long as the DoS attack lasts. Once the malicious packets subside, the device will work normally. Other device functions are unaffected by the Wi-Fi service interruption. He said it’s possible the bug could be exploited to do more serious things.

“We are not sure that we could retrieve private user data but we are going to look into this,” he said.

 http://arstechnica.com/security/2012/10/dos-vulnerability-affects-older-iphones-androids-even-a-ford-car/

How Are Celebrity Cellphones Hacked?

By Michael Gregg

Celebrities are a perfect target for hackers — they’re highly visible, spend lots of time on their smartphones and they know next to nothing about security. It’s no wonder they’re often victimized by hackers — from lone hackerazzis like the alleged Christopher Chaney to hacker groups like the Anonymous offshoot ‘Hollywood Leaks.’

But how do these hackers actually hack a cell phone?

Many people seem to think it requires a great deal of computer skill to hack a phone; that you have to be some type of hacker mastermind. But the reality is, it’s not that hard.

Here are a few ways:

# 1 — Physical Access to the Phone — Obviously, if a person can get physical access to a cell phone, even for a few seconds, it’s game over. The person can clone it, place a remote spying tool on the phone or download the pictures and information directly to their own account.

TIPS — Make sure your phone has a strong password lock to prevent unauthorized access. Sign up for a mobile phone recovery service — like Where’s My Droid, Find My iPhone, McAfee’s WaveSecure, etc. — that offers GPS tracking, remote freeze and remote wiping in case the phone is ever lost or stolen.

#2 — Hacking Email, Twitter and Apps — Most celebrities are hacked through email, Twitter and other accounts that they use on their phones. This is what happened to Scarlett Johanson, Kreayshawn, Mila Kunis and Christina Aguillera, among others — and it may also be the reason for the more recent hacks on Heather Morris and Christina Hendricks.

Hackers get in by guessing a weak password or bypassing the password altogether by answering a series of cognitive security questions such as mother’s maiden name or what high school they attended. This technique is what is alleged to have been used by Chris Chaney and Hollywood Leaks.

To beat a password, hackers can use special password cracking programs that attempt to “dictionary attack” or “brute force” the account, or they can simply do their homework on the celebrity and use that to guess the passphrase or security questions. Once the hacker gets in to one account, especially email, he can use it to get into other accounts (for example, request the Twitter password reminder be sent to Gmail or other web-based email account).

TIPS — Use a unique password for each online account. Make sure it’s at least 10 characters long and doesn’t make up a real word — use letters, numbers and symbols. Give fake answers to the security questions to make it hard for others to guess. To be extra safe, consider using “two-factor authentication” and PGP encryption with the email account as well.

#3 — Social Engineer the Phone Company — In 2005, hackers stole nude pictures of Paris Hilton by getting access to her T-Mobile Sidekick II, a precursor to today’s smartphones. How did they do it? Theyimpersonated a T-Mobile support tech over the phone and tricked T-Mobile employees into giving them access to the carrier’s intranet site that contained a list of user accounts, which allowed them to reset the password to her account and steal photos and contacts. Today, there’s still a risk hackers could reset accounts or permissions by conning the phone company, but it’s more likely they’ll simply target a person’s accounts directly online.

TIPS — Check your online phone accounts periodically to make sure there haven’t been any unauthorized changes.

#4 — Wi-Fi Spies — Movie stars do a lot of traveling, and while they’re roaming about they’re often connecting their phones to open Wi-Fi networks — whether it’s at the airport, hotel or Starbucks. This puts them at greater risk of being hacked. Using public Wi-Fi puts all of your online accounts, Internet searches, emails and usernames/passwords out in the open where they can be read, copied and hacked by any person with moderate computer skills. In fact, there are special tools available online that do this.

TIPS — Don’t use public Wi-Fi. Stick with 3G or 4G service, as it’s harder to hack. If you must use a public wireless network, only use websites or apps from your phone that offer encryption (‘https’ in the address bar) and don’t save your passwords in a cache. Even better, setup a virtual private network (VPN) that will encrypt your online activity no matter where you are.

#5 — Spyware — Stars who spend a lot of time using open Wi-Fi and chatting with friends or followers on social networks and clicking on shared links are also at risk of spyware. Spyware is malicious software that can infect your phone in order to record the things you type — like usernames and passwords — and it can also be used to steal items from your phone, like photos, contacts and banking data. “FakeToken” is one example of spyware that is currently being found on some Android phones. There’s a good chance some celebrity phones have been infected by spyware.

TIPS — Don’t use public Wi-Fi. Don’t click on suspicious links, whether they’re in email, text messages or tweets.

The bottom line is that most celebrities fall victim to hacks because they use weak passwords and share too much information — and images — through easily hacked accounts. A few basic precautions would fix the problem for many of them; hopefully they’ll learn their lesson.

Huffington Post

Expose Hidden Camera, Bug & GPS

Do you feel like your phone or house is bugged? Are there hidden camera’s at your workplace of residence? Are you wondering if there is a GPS on your vehicle? Icorp Investigations private investigators can help! Our physical inspection will give you peace of mind you deserve. We can detect digital signals of Bluetooth, WLAN, Wi-Fi, Cellular phone, GPS and Digital Spread Spectrum wireless products. Call Toll Free 866.984.2677 or visit Icorp Investigations New York private investigators website.

U.S. Shuts Down Massive Cyber theft Ring

Reuters

By Diane Bartz and Jim Finkle

WASHINGTON/BOSTON | Wed Apr 13, 2011 6:55pm EDT

(Reuters) – U.S. authorities claimed one of their biggest victories against cyber crime as they shut down a ring they said used malicious software to take control of more than 2 million PCs around the world, and may have led to theft of more than $100 million.

A computer virus, dubbed Coreflood, infected more than 2 million PCs, enslaving them into a “botnet” that grabbed banking credentials and other sensitive data its masters used to steal funds via fraudulent banking and wire transactions, the U.S. Department of Justice said on Wednesday.

The government shuttered that botnet, which had operated for a decade, by seizing hard drives used to run it after a federal court in Connecticut gave the go-ahead.

“This was big money stolen on a large scale by foreign criminals. The FBI wanted to stop it and they did an incredibly good job at it,” said Alan Paller, director of research at the SAN Institute, a nonprofit group that helps fight cyber crime.

The vast majority of the infected machines were in the United States, but the criminal gang was likely overseas.

“We’re pretty sure a Russian crime group was behind it,” said Paller.

Paller and other security experts said it was hard to know how much money the gang stole. It could easily be tens of millions of dollars and could go above $100 million, said Dave Marcus, McAfee Labs research and communications director.

A civil complaint against 13 unnamed foreign nationals was also filed by the U.S. district attorney in Connecticut. It accused them of wire and bank fraud. The Justice Department said it had an ongoing criminal investigation.

The malicious Coreflood software was used to infect computers with keylogging software that stole user names, passwords, financial data and other information, the Justice Department said.

“The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes,” U.S. Attorney David Fein said in a statement.

In March, law enforcement raids on servers used by a Rustock botnet were shut down after legal action against them by Microsoft Corp. Authorities severed the Rustock IP addresses, effectively disabling the botnet.

Rustock had been one of the biggest producers of spam e-mail, with some tech security experts estimating they produced half the spam that fills people’s junk mail bins.

A botnet is essentially one or more servers that spread malicious software and use the software to send spam or to steal personal information or data that can be used to empty a victim’s bank account.

U.S. government programmers shut down the Coreflood botnet on Tuesday. They also instructed the computers enslaved in the botnet to stop sending stolen data and to shut down. A similar tactic was used in a Dutch case, but it was the first time U.S. authorities had used this method to shut down a botnet, according to court documents.

Victims of the botnet included a real estate company in Michigan that lost $115,771, a South Carolina law firm that lost $78,421 and a Tennessee defense contractor that lost $241,866, according to the complaint filed in the U.S. District Court for the District of Connecticut.

The government plans to work with Internet service providers around the country to identify other victims.

(Reporting by Diane Bartz and Jim Finkle; editing by Gary Hill and Andre Grenon)

5 Easy Ways To Detect BlackBerry Spyware

5 Easy Ways To Detect BlackBerry Spyware.

Private Investigator New York and New Jersey. Let ICORP Investigations help you with your Infidelity Investigation. We’ve helped many, many individuals find out the truth about their spouses. We’ll be happy to answer any questions you might have and assist you with the most cost efficient way to proceed with your case. Call ICORP Investigations for a Free Consultation. 866.984.2677. You’ll be glad you did.

Licensed in New York #11000133551 and New Jersey #8387 – Specializing in Family Law, Infidelity and Insurance Surveillance Investigations.

ICORP NYC Website

Some Software Can Turn Mobile Devices Into Tools Of Espionage, Harassment

By Sonya Colberg
Published: October 12, 2009

Sneaky people and technology can turn your cell phone against you.

Cell phone spyware makes it easy for someone to eavesdrop on your conversations, intercept text messages and identify your location. And you may never know it’s happening, experts say.

“You are so dead,” an electronically altered voice taunted Courtney Kuykendall from her cell phone. Courtney’s mother, Heather, told a television station that someone used spyware to terrify her daughter with harassing calls that revealed the caller knew the teenager’s location, what she was wearing and saying.

“This type of issue is almost out of an outlandish sci-fi film. The reality is that there is no question about it, it is happening,” said Robert Siciliano, chief executive officer of Web site IDTheftSecurity.com.

Oklahoma private investigators say they’re getting many requests for listening in on private conversations. But Colin Pressley of Barrington Investigations LLC in Oklahoma City and Larry Mulinix of MPI Agency in Norman said they won’t touch it.

The private investigators said most requests revolve around trying to catch cheating spouses. Other popular requests are from clients who want to ensure their phones contain no spyware.

In most instances, cell phone spyware is illegal, said FBI spokesman Gary Johnson.

The Internet contains numerous ads for cell phone spyware, with software ranging from several hundred dollars to $69.95. Ads contain claims and testimonials such as: “Catch that cheating spouse,” “I learned all I needed to know the very first night,” and “I could not believe what that boy was saying to my 13-year-old.”

Mulinix said some software creates GPS logs of where the target phone has gone. Someone can sit at home and map the phone’s location.

“If I get hold of your phone I can install this, like a SIM chip, open the door up and put this in there, and I can monitor you,” he said. “You won’t even know it.”

The investigators say they stick with legal surveillance techniques.

“You get a lot of people that call up and just want to monitor their wife or spouse. A lot of times I spend hours watching a guy late at night while I’m out there (in the car) drinking Dr Peppers and eating Twinkies,” Mulinix said. “There’s a lot of boredom interrupted by terror.”

Average people can face nearly as much terror from Internet ads that harangue viewers to buy instant downloads. Some boast that, in just minutes, downloaded spyware can begin intercepting text messages and sending text messages notifying the spy every time the target phone makes or receives calls so the spy can listen in on the phone calls.

“Until now, the most bad guys could get are phone lists and the like,” said Sujeet Shenoi, computer science professor at the University of Tulsa, “which would be fine for the National Enquirer getting Paris Hilton’s phone number.”

The celebrity became a victim of cell phone trickery in 2005. T-Mobile and the FBI reportedly launched an investigation after the contents of Hilton’s cell phone appeared online. Numbers and e-mail addresses of celebrity buddies such as Lindsay Lohan and Ashlee Simpson were apparently hacked from her cell phone.

“You’re going to see more people reveal themselves in ugly ways. Right now they’re doing it for fun. They’re doing it for stalking and harassment. And as time goes on, you’re going to see it being used more for financial gain,” Shenoi said.

Courtney Kuykendall, the Tacoma, Wash., resident whose daughter was harassed by someone using spyware, said the calls stopped last summer without police finding a suspect. She said she would like to raise people’s awareness that spyware can be used to terrify.

images

SpywareA recent study indicated that one out of every 63 smart phones powered by a common operating system, Symbian, were infected with spyware or malware, a disruptive program or software. However, experts say you can take measures to help keep your cell phone safe.
Staying safe

Some examples of anti-spyware that work on most cell phones include Spybot Search and Destroy, and SMobile Anti-Theft and Identity Protection. Other suggestions include:→ Inconspicuously mark your SIM card with a scrape or initial.

→ Before meetings, remove batteries from cell phones.

→ Avoid reading texts or accepting pictures from someone you don’t know and trust.

Most secure

“Nothing can really be safe,” said University of Tulsa computer science professor Sujeet Shenoi. He said the most secure way of making a phone call is to use a landline.

%d bloggers like this: