7 sexy high-tech enterprise ‘surveillance engineering’ techniques that criminal hackers use

Watch out, enterprise, for bad guy spies and their high-tech trickery!

surveillance
Credit: Thinkstock
Picture that key in the palm of the wrong hand

Using a telephoto lens from up to 200-feet or a smartphone up close, attackers can turn a clear pic of a master key or high-security key into easy enterprise access, using a 3D printer to create the duplicate. With special software code like what two MIT students created for DefCon 21, criminal hackers can ensure that the necessary key measurements make it from the photo to the new key.

2 inconspicuous wifi camera
Credit: Thinkstock
Inconspicuous Wi-Fi camera claims alarm codes

Where an alarm system safeguards building access, cyber criminals can place tiny Wi-Fi cameras—some are about a half inch square—in front of the code entry interface to collect the series of keys that authorized persons press to disable the alarm. Due to the high-resolution capabilities and range of some of these cameras, this method can work from up to 300-feet away.

 

3 phone costs
Credit: Thinkstock
This phone costs the enterprise plenty

Cyber crooks can leave burner smartphones with remote control spy apps to record audio from meetings or private exchanges anywhere your people share confidential information. There are many such apps available on the market, especially for Android devices. Attackers can retrieve the audio files across the phone’s network connection using FTP.

4 man in middle
Credit: Thinkstock
More cellular coverage or more man-in-the-middle attacks?

Savvy cellular hackers rig bogus GSM hotspots from readily available off-the-shelf hardware. They place these near corporate offices to capture then forward phone calls to genuine cell towers, with no noticeable delay. So long as the fake hotspot uses a strong enough signal, compatible phones will connect to it. Attackers can crack even encrypted calls using the technology.

surveillance
Credit: jackmac34
The gift that keeps on taking

Eavesdroppers can send corporate gifts or trophies to C-levels at the office with hidden microphones embedded inside. The attacker’s assumption is that if the gift is nice, the target will display it openly. The information thieves can collect the devices and recordings later or receive confidential conversations via wireless transmissions.

 

spymail
Credit: Marsel Minga
You’ve got tracking mail

Attackers use spymail such as ReadNotify to send emails with stealthy tracking code, enabling them to learn when you open it, your location, your system information, and who receives the same email when you forward it. Cyber hoods use spymail in conjunction with spear phishing. When they know your location, for example, they can reference it in phishing emails to convince you they are who they say. When they know who you forward the email to, they can spoof that party to convince you they are legitimate.

 

7 networked security door
Credit: Thinkstock
Networked security doors open easy as a candy wrapper

Attackers can listen to wireless networked door security systems to record door unlock commands. This approach works well with Z-wave (and ZigBee) technologies. IoT technologies such as these can have insecurities such as weak encryption that permits attackers to sniff keys and decrypt communications. Weak encryption can enable attackers, for instance, to wait nearby, sniff Z-wave packets when an authorized person unlocks and enters the business, and later inject those unlock packets to get inside.