Big Momma Knows Best

Wish it was the Chinese equivalent of Big Brother I'm refering to, in this case it's a mother of six tracking down teenagers who toilet-papered her house, and mind you, she didn't even bother to use MySpace, instead :

"Base persuaded supermarket managers to tally daily toilet-paper buys for the week and a Stater Bros. manager said there was a run on bathroom tissue two days before her home was vandalized. At 7:30 p.m. Feb. 17, someone bought 144 rolls of toilet paper, cheese, dog food, flour and plastic forks, the same items found on her lawn and house. It was a cash transaction, making it difficult to trace the purchaser, but the store had video surveillance. The video showed four teenagers making the purchase, one of them wearing a Norco High School letterman's jacket with a name stitched across the back. The store's parking lot surveillance camera showed the truck they were using. Base then borrowed a Norco High yearbook and used online databases to get the name, phone numbers and addresses of the teens on the store tape."

One question remains though. If she managed to socially engineer the supermarket's staff to pass her transactions info, even a surveillance camera footage, I wonder where they were shopping from, and would her detective work findings hold in court given how they were obtained. What if they used a distributed shopping practice?

You may also find a previous post on Big Brother in the Restroom, a relevant one.

UPDATE: Great post at Angela Gunn's Tech_Space. Keep your friends close, your neighbors closer!

JitterBugs - Covert Keyboard Communication Channels

WarTyping, keyboard acoustic emanations, and here comes a full-scale covert espionage tool recently discussed in an in-depth research at the 15th USENIX Security Symposium. Researchers at the CS department of University of Pennsylvania developed a working prototype of a JitterBug Covert Channel :

"This paper introduces JitterBugs, a class of inline interception mechanisms that covertly transmit data by perturbing the timing of input events likely to affect externally observable network traffic. JitterBugs positioned at input devices deep within the trusted environment (e.g., hidden in cables or connectors) can leak sensitive data without compromising the host or its software. In particular, we show a practical Keyboard JitterBug that solves the data exfiltration problem for keystroke loggers by leaking captured passwords through small variations in the precise times at which keyboard events are delivered to the host. Whenever an interactive communication application (such as SSH, Telnet, instant messaging, etc) is running, a receiver monitoring the host's network traffic can recover the leaked data, even when the session or link is encrypted. Our experiments suggest that simple Keyboard JitterBugs can be a practical technique for capturing and exfiltrating typed secrets under conventional OSes and interactive network applications, even when the receiver is many hops away on the Internet."

The trade-off remains on whether physically restoring the device would remain undetected, compared to directly streaming the output outside the network. I'll go for the covert network timing whereas insecurities and flexibility are always a matter of viewpoint.

UPDATE: The future defined - Projection Keyboards

Related resources:
Espionage Ghosts Busters
Covert Channel
Gray-World Team
IP Covert Timing Channels: An Initial Exploration
Information Theory of Covert Timing Channels
Detection of Covert Channel Encoding in Network Packet Delays