surveillance electronics cyber security and counter surveillance devices

Surveillance electronics can work in a variety of different ways?

Spycraft the business.
Welcome to our classic English spy shop based online since 1996 - if you are looking for security electronics and counter surveillance bug sweep services then you have come to the right place, we hire too, you can buy or hire GPS trackers from us.
We stock a board selection of spy equipment and products uniquely selected and designed for surveillance and counter bugging security within the investigation world of hidden spy electronics. We also provide diplomatic grade encrypted phones and computers for organisations, VIP’s and the general public.

Experienced mind set.
In business for more than 30 years we have worked with just about everyone and seen it all, maybe?
Currently we continue to push the industry with cutting edge products that address real situations when working in the field. We provide security consultations and products both general products and specialist professional systems. In some special cases we will develop for you depending on the requirement and volume.

Did you know some of the best spy products never reach the main stream industry because the experts who are highly creative, are so busy in development they don’t have time to market the items they create? 

Spy products the paradox of this scenario
It’s true that the internet is flooded with products that promise so much but deliver so little?
During the early years we manufactured many wonderful products similar to the items you might find in a James bond film. We no longer manufacture cheap electronics as it’s simply not cost effective to do this anymore.

With thousands of products coming onto the market from China and the Far East you really have a great choice, far more comprehensive then you would have had 30 years ago. Although only 40% of the products are actually worth buying due to pour design or functionality, some items arrive in pieces before you even open the box, other products work great for five minutes, strange but true.

Other products from China are excellent but might suffer from a difficult to understand menu or process of operation, this adds even more disappointment when you’re trying to decide what to use.
Sure you can just buy loads of products if you like the look of them and hopefully if the product arrives you can have a look and decide, if you have the time to possibly be disappointed. 
If you have been overwhelmed by the choice of just what to pick in the super market, then you might struggle picking the right spy electronic device for you. After all how can you know just from a picture and some information that sounds fantastic?

 

Here are some old basic bugging devices to look out for.

 

spy bugs

 

 

The question is what product do you buy? 
There is more bad news and importing products will cost you in import duty / taxes then if you need to return it there is a cost associated to that too. I am sure you have experienced most of this if you have purchases from China or similar country’s on the other side of the world.

The same could be said for counter surveillance electronics and bug detectors etc. first of all do you know how to test a bug detector, secondly do you know what you’re looking for with the bug detector that you have not tested?
As you can see this business is compounded with issues unless you’re a techy or armature radio boffin.

Working with us direct
Our selection of surveillance electronics and counter surveillance systems for sale are all tested and approved. We have many years of experience and advanced specialist personnel who have worked in the electronics Research and development business all their lives. Many of us have also worked from a selection of security organisations over the years so we are not only versed in electronics but also understand the spy electronics environment.  
Our web site represents a life time’s experience in electronics, security, retail, and counter TSCM services.
Purchasing and supplying spy products over the years has also given us a good idea of what’s out there in the public domain and the professional environment, this also gives us an edge when providing a comprehensive counter surveillance bug sweep service and consultation.
We have a good idea what’s actually possible and we know what’s highly unlikely, although experiment and test is king, there are some things that are simply sway about in myth.

Basic working specifications of typical spy devices:  

  • GSM & GPRS data based
  • Radio signal RF based
  • MP3 recording
  • Burst transmission & spread spectrum 
  • Vox voice activation based
  • Covert hidden microphones
  • Internet iP wifi based acquisition 
  • Computer malware & Trojan based
  • Smart phone spy ware based products

Electronic bug sweep services.
It’s useful to consider that all the devices above represent an old threat and although still used today they command inspection much lower down the essential sweep list. Unfortunately these devices can never be over looked as that would be a major flaw on a bug sweep or similar test.

Prioritising the task will save you time and money as you can target the area of interest focusing around the area of real interest expelling the work load.
Being able to understand the possibilities allows us to work much more efficiently.
This might allow you to commission us for a preliminary bug sweep rather than a full electronic counter surveillance test.

News:

Espionage deployment and ambition.
Have you heard of Cyber blackmail, remote encryption ransom ware, sextortion, if no then Google a few of these words to find out more, these scenarios represent just a few things used by cyber criminals accessing data, weather its secretive business data, financial data or personal data.
One of the most incredible things I have ever seen is a remote key-logger that works like an SS7 cell phone interception attack totally remote over the web.
No software needs to be installed on the PC, computer or smart phone, data is intercepted through the net "on the fly" as its sent from the PC over the GSM network and internal WiFi network.

Low tech rules sometimes?

Physically isolating a computer from the wider net – creating a so-called “air gap” – is another cheap and low-tech solution to evade billion-dollar surveillance systems that is practised by terrorists and state spies alike. 
However, an air gap can be difficult to maintain. Iran kept its uranium enrichment facilities air gapped, but the Stuxnet virus was able to cripple the all-important centrifuges after infected USB drives discarded by spies were plugged in by oblivious workers. Recent research from Berlin-based cyber-security experts Karsten Nohl and Jakob Lell suggests a new level of threat. 
A USB device that appears completely empty can still contain malware, even when formatted, say Nohl and Lell, and there is no practical way to defend against this.

Air gaps can also be crossed by sufficiently cunning programs, which could in principle be used by surveillance agencies to gain access to computer networks and collect information. Last year, security researcher Dragos Ruiu reported evidence that a virus had managed to jump the air gap in his laboratory. It was later confirmed the malware was spreading by high-frequency sounds passed between the speakers of an infected machine and the microphone of its next victim. Recommendations for keeping communications and databases secure now include gumming the microphone and USB sockets with glue.

"Extreme yes" But also true under laboratory conditions.
Understanding the environmental conditions of the area that is to be inspected is most important if you are to understand the possibilities presented, so you can consider the tactics that may be deployed, this also affects the process you may use to search for a specific bugging technique.

 

usb spy

 

Encryption News

For many years we tried to load and run our Mprime system, both the Pro and the stand alone application, on the HUAWEI smart phone range.
We could load and alter the HUAWEI firmware and load our software but the program simply would not run, we just could not work out why.
After 4 years and several failed attempts to run our system we finally discovered the issue.

It was not a compatibility problem like we first though but a conflict issue between our messenger’s security policies and the HUAWEI handset spy software built into the firmware by HUAWEI.

It seems the handset would not allow our system to function without having control or more appropriately access to the encrypted application.
Finding the solution to this unknown problem was very well received as the outcome reinforced the fact that the Mprime encrypted messenger is very secure indeed.
Not only would it repel the HUAWEI Trojan but it also refused to run and shut down the messenger to protect the user. 
The Mprime messenger is more than just a robust messenger it has built in anti-spyware as well as a self-generated anti key logger key pad.

Rise of the old machiene. (FinFisher or FinSpy)
FinSpy is a field-proven Remote Monitoring Solution that enables Governments to face the current challenges of monitoring Mobile and Security-Aware Targets that regularly change location, use encrypted and anonymous communication channels and reside in foreign countries. FinSpy provides access to information such as contacts, SMS/MMS messages, calendars, GPS location, pictures, and files in memory and phone call recordings. All the ex-filtrated data is transferred to the attacker via SMS messages or via the internet. Personal data including contacts, messages, audios and videos, can be ex-filtrated from most popular messengers.

According to information on its official website, Finfisher among other tools and services provides a “strategic wide-scale interception and monitoring solution”. 
This software (also known as FinSpy) is used to collect a variety of private user information on various platforms. Its implants for desktop devices were first described in 2011 by Wikileaks and mobile implants were discovered in 2012. Since then technologies has continuously monitored the development of this malware and the emergence of new versions in the wild. 
According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019. Late in 2018, experts at XCell Technologies looked at the functionally latest versions of FinSpy implants for iOS and Android, built in mid-2018. Mobile implants for iOS and Android have almost the same functionality. 
They are capable of collecting personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, and files in memory, phone call recordings and data from the most popular messengers.

Malware features
The Android implant it is capable of gaining root privileges on an un-rooted device by abusing the DirtyCow exploit, which is contained in the malware. FinSpy Android samples have been known for a few years now. Based on the certificate data of the last version found, the sample was deployed in June 2019. 
The Android implant’s functionality is unlikely to change much, based on the fact that most of the configuration parameters are the same in the old and new versions. The variety of available settings makes it possible to tailor the behaviour of the implant for every victim. For example, operators can choose the preferred communication channels or automatically disable data transfers while the victim is in roaming mode. All the configuration data for an infected Android device (including the location of the control server) is embedded in the implant and used afterwards, but some of the parameters can be changed remotely by the operator. The configuration data is stored in compressed format, split into a set of files in the assets directory of the implant APK. After extracting all pieces of data and building the configuration file, it’s possible to get all the configuration values. Each value in the configuration file is stored after the little-endian value of its size, and the setting type is stored as a hash.

For example, the following interesting settings found in the configuration file of the developer build of the implant can be marked: mobile target ID, proxy ip-address, proxy port, phone number for remote SMS control, unique identifier of the installed implant.

As in the case of the iOS implant, the Android version can be installed manually if the attacker has physical access to the device and by remote infection vectors: SMS messages, emails and WAP Push. After successful installation, the implant tries to gain root privileges by checking for the presence of known rooting modules Super-SU and Magisk and running them. 
If no utilities are present, the implant decrypts and executes the DirtyCow exploit, which is located inside the malware; and if it successfully manages to get root access, the implant registers a custom SELinux policy to get full access to the device and maintain root access. 
If it used SuperSU, the implant modifies SuperSU preferences in order to silence it, disables its expiry and configures it to autorun during boot. It also deletes all possible logs including SuperSU logs.

The implant provides access to information such as contacts, SMS/MMS messages, calendars, GPS location, pictures, and files in memory and phone call recordings. All the ex-filtrated data is transferred to the attacker via SMS messages or via the internet (the C2 server location is stored in the configuration file). Personal data, including contacts, messages, audios and videos, can be ex-filtrated from most popular messengers. Each of the targeted messengers has its own unified handling module, which makes it easy to add new handlers if needed.

The full hardcoded list of supported messengers avalible to Finspy is shown below:

Package name

Application name

com.bbm

BBM (BlackBerry Messenger)

com.facebook.orca

Facebook Messenger

com.futurebits
instamesssage.free

InstaMessage

jp.naver.line.android

Line Messenger

org.thoughtcrime.securesms

Signal

com.skype.raider

Skype

org.telegram.messenger

Telegram

ch.threema.app

Threema

com.viber.voip

Viber

com.whatsapp

WhatsApp


At first, the implant checks that the targeted messenger is installed on the device (using a hardcoded package name) and that root access is granted. After that, the messenger database is prepared for data exfiltration. If necessary, it can be decrypted with the private key stored in its private directory, and any required information can be simply queried. 

The security solution.
There are only a very few systems on the domestic market that will give you total security and anonymity whilst at the same time guarantee the strain of encryption cannot be opened by brute force over the air on the local handset. Please see the encrypted mobile phone applications and systems for security products that will safeguard your private information and data. Mprime encrypted messenger application.

WHatsApp Venerability.
Facebook recently revealed that an “advanced cyber actor” has been spying on some users of its ridiculously popular WhatsApp messaging app, thanks to a zero-day vulnerability that allowed hackers to install spyware,
silently, just by calling a victim’s phone. If you’re one of WhatsApp’s 1,500,000,000 users, then your communication security is seriously affected, WhatsApp isn’t exactly shouting about this.

The Facebook Security page, WhatsApp’s company website and WhatsApp’s Twitter feeds do not show any information about the problem?

The News section and download areas / install areas "Google Play and Apple App Store" listings would love you to know that with the latest version of the WhatsApp system allows you to see stickers in full size when you long press a notification. But what they do not say is they couldn’t find room for this is the only version of WhatsApp that doesn’t allow remote spying.
Instead, Facebook has done the digital equivalent of pinning a security advisory for CVE-2019-3568 so on the back of the toilet door they write some info where no one is going to find it?

Description: 
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.

Affected WhatsApp Versions: 
The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51,
WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

What is trying to tell you that some people who knew about this vulnerability used phone calls to vulnerable devices to install spyware that could listens in on calls, read messages and switch on the camera.
A “select number” of users were affected and have linked the WhatsApp-installed spyware to the NSO Group – the company behind the notorious spyware-sold-to-governments known as Pegasus.
That description makes the incident sound like an attack against specific individuals rather than an indiscriminate attempt to spy on as many WhatsApp users as possible.
But that doesn’t stop other people abusing the vulnerability in other ways, even if you think you’re unlikely to have been affected by this attack.

Contact: 
For more information regarding a consultation contact us direct, we can explore your electronic security requirements with an informal meeting.
If you feel you may be a priority please call us from a new pay as you go mobile phone purchased by yourself or drop us a line through the contact page on this web site.
Please use a computer not associated to your regular working or home computer network.