If we attempt to divorce ourselves from our human points-of-view and look on dispassionately, it can be seen that 99%+ of existence is simply working its way towards what is called the ‘heat-death’ of existence. Which can also be expressed as the end-game of the Second Law of Thermodynamics.
But there is a much, much smaller part of existence which is moving the other way. I.e. towards amassing greater complexity and concentration of energy and organization. I’m referring to life. Life can arises in goldilocks zones of excess energy through processes we don’t fully understand. But, arise it does. Life on Earth is the proof.
Indeed, I once expressed this in a cryptic bit of writing a few years ago:
“Energy evaporates down gradients and little creatures arise in the backwash.”
So, do we and the backwash arising of life have a purpose? If so, I cannot see it implied anywhere. But, in spite of that, it is a truly amazing thing that natural processes within existence should be able to create and evolve bits of itself (us) which are aware of itself.
Are we, the pinnacle creatures on this planet, likely to be the pinnacle creatures throughout existence? Given the size of existence, that seems an extremely dubious notion.
I like your idea about what a next intelligent species might be like:
“Maybe the next intelligent species won’t even care about tech. They’ll just float around, eat fish, sing songs, have sex, and raise their babies, happy to be alive on this planet.“
There’s nothing impossible about it. All it requires is the manifested intent of the new species be to live within the limits of the biosphere around it.
We humans could do that now and live on this planet for many hundreds of thousands of years more. Evolving our intelligence up and up and patiently enjoying our lives and seeing what awaits us.
But I strongly doubt we will change and follow that path. I think we are taking the current biosphere into a big reset. After that, life will slowly build again and maybe those who come after will outgrow this inherent self-destructiveness that we seem to have.
Archive for the ‘CyberChaos’ Category
Stuxnet – a history
Thursday, January 13th, 2022I haven’t kept this blog up much these last few years. But many of the topics I’ve covered in the past still deeply interest me. Cyber attacks are one such subject. Back in 2010, the Stuxnet Virus waged war on Iran’s nuclear centrifuges. I recall the stories that came out back then quite well. Indeed, I’d been following stories in that vein for sometime.
Today, a friend acquainted me with a Podcast that went over how researchers discovered and decoded the Stuxnet Virus and I found listening to it intensely interesting. If this sort of thing interests you, I think you will like this. It is here.
Listening to the Podcast made me recall a post I’d made here on on this blog. The post reported, in May of 2009, the U.S. was convinced that Iran was within three years of obtaining a nuclear weapon. That, in retrospect, may connect some of the dots. Dots that are always a bit vague at the time.
The 2009 post is here.
Has the Cyberwar begun quietly?
Saturday, August 17th, 2019There have been a number of stories over recent months that do not add up to much by themselves. But together, they may represent the emerging tip of a future iceberg of major import.
Nation states are well aware of the fact that crippling each other’s infrastructure through Internet-based attacks is a much cheaper way to inflict damage on an enemy at a distance that any sort of physical attack; with the probable exception of nuclear weapons.
Can you take down their electricity grid? Can you take down or destroy the turbines in their electricity generating stations? Can you cause the major router stations in their Internet to shut down? Can you cause the traffic lights in many of their major cities to malfunction? Can you mess with the systems that coordinate the comings and goings of trains that have to time-share their tracks? Can you cause the GPS signals over their country to become unreliable? Can you cause a melt-down the just-in-time inventory systems that control the resupply of their major market chains? Can you cause fires and destruction in their oil refineries and oil pipelines by interfering in their many interlinked control systems? Can you interfere and confuse their military control and communication systems? Can you shut down the ATMs and banking systems of their larger banks?
Think water pumping stations and sewage works. Think petrol stations.
The list goes on and on. And, whether you believe it or not, our vulnerabilities are high and the stakes are far higher still. And most high tech nation-states have had highly competent and professional teams quietly working on such things for years
This following link will take you to all the articles on my Samadhisoft Blog that are about Cyber Warfare. Follow it if you want to read earlier background material, i.e., about things that have preceded the more recent events that I’m going to talk about here today. Take a good browse – there is a lot there.
But, coming back into the present – consider the following things which have occurred recently.
Playing with GPS
A few months ago, I began noting articles about how the Norwegians were complaining that GPS in their area was not working correctly.
See: This and This and and This and This.
Then, some months after that, I saw very similar similar complaints being made by the Israelis:
See: This and This and This and This.
Interesting, eh?
Playing with Airline Systems
More recently, a major British Airline (BA) has had not one but two major IT meltdowns within a week. And both times, chaos ensued.
See: July 31st and August 7th.
And Stock Markets
Here are two stories about a stock market meltdown in Britain: Story1 – Aug 17th. and Story2 – Aug 17th.
So, do these events I’m citing make a pattern, do they indicate something?
Maybe and maybe not. Maybe they are just chance events. Or, maybe they represent ‘proof-of-concept’ exercises by various cyber players.
If Russia, or some other player, wanted to test out their ability to throw the global GPS system off by running a few tests like this, then what we’ve seen here makes sense.
And considering Iran’s current disagreements with Britain over the oil tanker that the UK seized in Gibraltar and over sanctions against Iran in general, then maybe Iran is just flexing its cyber-muscles a bit in the UK’s cyber space? Say an airline system hack here a stock market disabling crash there?
This has all been going on, quietly, for some time. Consider this article from 2013 in which U.S. power stations were found to be infected.
Consider as well this article from 2010 which discusses how the U.S. destroyed many of the Uranium-enriching centrifuges that Iran was using to prepare nuclear materials.
Do you think it is just a coincidence that Russia and Iran have taken active steps to be able to isolate their entire national Internet systems by throwing a few switches? See this.
Does all this seem far fetched to you? It doesn’t to me.
In fact, I am certain that most major technically capable nations-states have long since infiltrated the infrastructures of the other nation-states that it considers to be potential enemies.
So, if a war breaks out, we can fully expect that every embedded bit of malware in our nation’s infrastructure will trigger and most of them will cause a lot of essential things to break or shut down. The only consolation will be that if our cyber-warriors are good as well, the enemy will likely suffer similar consequences.
And, just as certainly, folks on each side are working intensely to detect and disable all the infiltrated malware that they can even while they are trying to work out how to hide our stuff ever more cleverly. It is truly a major clandestine cat-and-mouse game
So, will it be limited to big ticket items? No, I don’t think so. Remember the “Internet of things”? Abbreviated as IoT?
Here’s a story that will make you squirm. The IoT includes such innocuous things as Baby Monitors: Read this.
Our houses are becoming full of IoT things: refrigerators, smart TVs, garage door openers, heating systems, our fancy mobiles, heart pacemakers and multi-line phones. And the list goes on. And we assume, when we buy such things, that the manufacturer has done their research and given us devices that do not leave us vulnerable. Do you really think that’s true? As they tread the fine line between (1) giving us equipment that has been strongly researched to protect us and (2) maximizing their profits, where do you think they will walk?
Any guesses why the U.S. and several other countries are so adamantly opposed to allowing Chinese manufactured Huawei equipment to be allowed to underpin their next-generation 5G mobile systems?
Given that I’ve spent a lifetime working in IT, I am pretty certain that most folks have very little idea how the router that brings the Internet into their house even works. Much less knowing what to do to change its passwords and check that they are protected. And that’s just the household router. How do you know that your IoT devices are not hackable? How do you even know if the new widget you just bought “is” an IoT device?
The road signs are flashing, “Fun times ahead”!
My business card says on it that I am a “Futurist”. Of course, no one appoints anyone as a futurist so the appointments are self-done. And you, dear reader, have no way to know if I am wearing a tin-foil conspiracy hat here or pumping out gospel quality news of the future.
I get that. Ask around. Look around. And see what you see. The future is going to belong to all of us.
Prediction – 170930
Saturday, September 30th, 2017
Prediction time.
Here are some things I’ve been reading:
Read how cyber warfare, via social media over something like FB is ever so much cheaper than buying a top quality fighter plane.
Read that the Equifax hack is beginning to look like state-sponsored actors were behind it. maybe Chinese intelligence services.
Read that Russian Twitter trolls have jumped all over the controversy between Trump and the NFL players. Their aim being to increase the differences and tensions among Americans over such disputes.
This is all a form of asymmetric warfare.
In asymmetric warfare, the defenders have to defend against every possible point of attack while the attackers have only to find one attack point that they can use effectively.
As our cyber worlds get more and more complicated, the ability to defend ourselves against all possible attacks can only diminish.
One way for nation states and multinational corporations to increase their security would be to abandon use of the global Internet in favor of internets that are local to themselves and which only make external connections through rigorously guarded portals.
Thus, my prediction here is that the global Internet will be divided into smaller units in response to these increasing vulnerabilities. When? When the pain gets high enough.
Maybe Better If You Don’t Read This Story on Public WiFi
Thursday, January 7th, 2016– I knew things were bad – but I didn’t know they were this bad.
– Unless you want to be in complete denial about your computer security issues, you will want to read this.
– dennis
– – – – – – – – – – – – – – – –
We took a hacker to a café and, in 20 minutes, he knew where everyone else was born, what schools they attended, and the last five things they googled.
In his backpack, Wouter Slotboom, 34, carries around a small black device, slightly larger than a pack of cigarettes, with an antenna on it. I meet Wouter by chance at a random cafe in the center of Amsterdam. It is a sunny day and almost all the tables are occupied. Some people talk, others are working on their laptops or playing with their smartphones.
Wouter removes his laptop from his backpack, puts the black device on the table, and hides it under a menu. A waitress passes by and we ask for two coffees and the password for the WiFi network. Meanwhile, Wouter switches on his laptop and device, launches some programs, and soon the screen starts to fill with green text lines. It gradually becomes clear that Wouter’s device is connecting to the laptops, smartphones, and tablets of cafe visitors.
On his screen, phrases like “iPhone Joris” and “Simone’s MacBook” start to appear. The device’s antenna is intercepting the signals that are being sent from the laptops, smartphones, and tablets around us.
More text starts to appear on the screen. We are able to see which WiFi networks the devices were previously connected to. Sometimes the names of the networks are composed of mostly numbers and random letters, making it hard to trace them to a definite location, but more often than not, these WiFi networks give away the place they belong to.
We learn that Joris had previously visited McDonald’s, probably spent his vacation in Spain (lots of Spanish-language network names), and had been kart-racing (he had connected to a network belonging to a well-known local kart-racing center). Martin, another café visitor, had been logged on to the network of Heathrow airport and the American airline Southwest. In Amsterdam, he’s probably staying at the White Tulip Hostel. He had also paid a visit to a coffee shop called The Bulldog.
Session 1:
Let everyone connect to our fake network
The waitress serves us our coffee and hands us the WiFi password. After Slotboom is connected, he is able to provide all the visitors with an internet connection and to redirect all internet traffic through his little device.
Most smartphones, laptops, and tablets automatically search and connect to WiFi networks. They usually prefer a network with a previously established connection. If you have ever logged on to the T-Mobile network on the train, for example, your device will search for a T-Mobile network in the area.
Slotboom’s device is capable of registering these searches and appearing as that trusted WiFi network. I suddenly see the name of my home network appear on my iPhone’s list of available networks, as well as my workplace, and a list of cafes, hotel lobbies, trains, and other public places I’ve visited. My phone automatically connects itself to one of these networks, which all belong to the black device.
Slotboom can also broadcast a fictitious network name, making users believe they are actually connecting to the network of the place they’re visiting. For example, if a place has a WiFi network consisting of random letters and numbers (Fritzbox xyz123), Slotboom is able to provide the network name (Starbucks). People, he says, are much more willing to connect to these.
We see more and more visitors log on to our fictitious network. The siren song of the little black device appears to be irresistible. Already 20 smartphones and laptops are ours. If he wanted to, Slotboom could now completely ruin the lives of the people connected: He can retrieve their passwords, steal their identity, and plunder their bank accounts. Later today, he will show me how. I have given him permission to hack me in order to demonstrate what he is capable of, though it could be done to anyone with a smartphone in search of a network, or a laptop connecting to a WiFi network.
Everything, with very few exceptions, can be cracked.
The idea that public WiFi networks are not secure is not exactly news. It is, however, news that can’t be repeated often enough. There are currently more than 1.43 billion smartphone users worldwide and more than 150 million smartphone owners in the U.S. More than 92 million American adults own a tablet and more than 155 million own a laptop. Each year the worldwide demand for more laptops and tablets increases. In 2013, an estimated 206 million tablets and 180 million laptops were sold worldwide. Probably everyone with a portable device has once been connected to a public WiFi network: while having a coffee, on the train, or at a hotel.
The good news is that some networks are better protected than others; some email and social media services use encryption methods that are more secure than their competitors. But spend a day walking in the city with Wouter Slotboom, and you’ll find that almost everything and everyone connected to a WiFi network can be hacked. A study from threat intelligence consultancy Risk Based Security estimates that more than 822 million records were exposed worldwide in 2013, including credit card numbers, birth dates, medical information, phone numbers, social security numbers, addresses, user names, emails, names, and passwords. Sixty-five percent of those records came from the U.S. According to IT security firm Kaspersky Lab, in 2013 an estimated 37.3 million users worldwide and 4.5 million Americans were the victim of phishing—or pharming—attempts, meaning payment details were stolen from hacked computers, smartphones, or website users.
Report after report shows that digital identity fraud is an increasingly common problem. Hackers and cybercriminals currently have many different tricks at their disposal. But the prevalence of open, unprotected WiFi networks does make it extremely easy for them. The Netherlands National Cyber ??Security Center, a division of the Ministry of Security and Justice, did not issue the following advice in vain: “It is not advisable to use open WiFi networks in public places. If these networks are used, work or financial related activities should better be avoided.”
Slotboom calls himself an “ethical hacker,” or one of the good guys; a technology buff who wants to reveal the potential dangers of the internet and technology. He advises individuals and companies on how to better protect themselves and their information. He does this, as he did today, usually by demonstrating how easy it is to inflict damage. Because really, it’s child’s play: The device is cheap, and the software for intercepting traffic is very easy to use and is readily available for download. “All you need is 70 Euros, an average IQ, and a little patience,” he says. I will refrain from elaborating on some of the more technical aspects, such as equipment, software, and apps needed to go about hacking people.
Session 2:
Scanning for name, passwords, and sexual orientation
Armed with Slotboom’s backpack, we move to a coffeehouse that is known for the beautiful flowers drawn in the foam of the lattes, and as a popular spot for freelancers working on laptops. This place is now packed with people concentrating on their screens.
Slotboom switches on his equipment. He takes us through the same steps, and within a couple of minutes, 20 or so devices are connected to ours. Again we see their Mac-addresses and login history, and in some cases their owners’ names. At my request, we now go a step further.
Slotboom launches another program (also readily available for download), which allows him to extract even more information from the connected smartphones and laptops. We are able to see the specifications of the mobile phone models (Samsung Galaxy S4), the language settings for the different devices, and the version of the operating system used (iOS 7.0.5). If a device has an outdated operating system, for example, there are always known “bugs,” or holes in the security system that can be easily exploited. With this kind of information, you have what you need to break into the operating system and take over the device. A sampling of the coffeehouse customers reveals that none of the connected devices have the latest version of the operating system installed. For all these legacy systems, a known bug is listed online.
We can now see some of the actual internet traffic of those around us. We see that someone with a MacBook is browsing the site Nu.nl. We can see that many devices are sending documents using WeTransfer, some are connecting to Dropbox, and some show activity on Tumblr. We see that someone has just logged on to FourSquare. The name of this person is also shown, and, after googling his name, we recognize him as the person sitting just a few feet away from us.
Information comes flooding in, even from visitors who are not actively working or surfing. Many email programs and apps constantly make contact with their servers—a necessary step for a device to retrieve new emails. For some devices and programs, we are able to see what information is being sent, and to which server.
And now it’s getting really personal. We see that one visitor has the gay dating app Grindr installed on his smartphone. We also see the name and type of the smartphone he’s using (iPhone 5s). We stop here, but it would be a breeze to find out to who the phone belongs to. We also see that someone’s phone is attempting to connect to a server in Russia, sending the password along with it, which we are able to intercept.
Session 3:
Obtaining information on occupation, hobbies, and relational problems
Many apps, programs, websites, and types of software make use of encryption technologies. These are there to ensure that the information sent and received from a device is not accessible to unauthorized eyes. But once the user is connected to Slotboom’s WiFi network, these security measures can be circumvented relatively easily, with the help of decryption software.
To our shared surprise, we see an app sending personal information to a company that sells online advertising. Among other things, we see the location data, technical information of the phone, and information of the WiFi network. We can also see the name (first and last) of a woman using the social bookmarking website Delicious. Delicious allows users to share websites—bookmarks—they are interested in. In principle, the pages that users of Delicious share are available publicly, yet we can’t help feeling like voyeurs when we realize just how much we are able to learn about this woman on the basis of this information.
First we google her name, which immediately allows us to determine what she looks like and where in the coffeehouse she is sitting. We learn that she was born in a different European country and only recently moved to the Netherlands. Through Delicious we discover that she’s been visiting the website of a Dutch language course and she has bookmarked a website with information on the Dutch integration course.
In less than 20 minutes, here’s what we’ve learned about the woman sitting 10 feet from us: where she was born, where she studied, that she has an interest in yoga, that she’s bookmarked an online offer for a anti-snore mantras, recently visited Thailand and Laos, and shows a remarkable interest in sites that offer tips on how to save a relationship.
Slotboom shows me some more hacker tricks. Using an app on his phone, he is able to change specific words on any website. For example, whenever the word “Opstelten” (the name of a Dutch politician) is mentioned, people see the word “Dutroux” (the name of a convicted serial killer) rendered on the page instead. We tested it and it works. We try another trick: Anyone loading a website that includes pictures gets to see a picture selected by Slotboom. This all sounds funny if you’re looking for some mischief, but it also makes it possible to load images of child pornography on someone’s smartphone, the possession of which is a criminal offense.
Password intercepted
We visit yet another cafe. My last request to Slotboom is to show me what he would do if he wanted to really harm me. He asks me to go to Live.com (the Microsoft email site) and enter a random username and password. A few seconds later, the information I just typed appears on his screen. “Now I have the login details of your email account,” Slotboom says. “The first thing I would do is change the password of your account and indicate to other services you use that I have forgotten my password. Most people use the same email account for all services. And those new passwords will then be sent to your mailbox, which means I will have them at my disposal as well.” We do the same for Facebook: Slotboom is able to intercept the login name and password I entered with relative ease.
Another trick that Slotboom uses is to divert my internet traffic. For example, whenever I try to access the webpage of my bank, he has instructed his program to re-direct me to a page he owns: a cloned site that appears to be identical to the trusted site, but is in fact completely controlled by Slotboom. Hackers call this DNS spoofing. The information I entered on the site is stored on the server owned by Slotboom. Within 20 minutes he’s obtained the login details, including passwords for my Live.com, SNS Bank, Facebook, and DigiD accounts.
I will never again be connecting to an insecure public WiFi network without taking security measures.
– Follow this link to the original of this story… ➡
Spyware demo shows how spooks hack mobile phones
Wednesday, August 12th, 2015Intelligence agencies’ secretive techniques for spying on mobile phones are seldom made public.
But a UK security firm has shown the BBC how one tool, sold around the world to spooks, actually works.
It allows spies to take secret pictures with a phone’s camera and record conversations with the microphone, without the phone owner knowing.
Hacking Team’s software was recently stolen from the company by hackers and published on the web.
Almost any data on a phone, tablet or PC can be accessed by the tool and it is fascinating how much it can do.
When Joe Greenwood, of cybersecurity firm 4Armed, saw that source code for the program had been dumped online by hackers, he couldn’t resist experimenting with it.
Although he had to fiddle with the code to make it work, it only took a day before he had it up and running.
The software consists of the surveillance console, which displays data retrieved from a hacked device, and malware planted on the target device itself.
4Armed was careful to note that using it to spy on someone without their consent would be against the law.
Listening in
After testing the software on his own PC, Mr Greenwood soon realised the scope of its capabilities.
“You can download files, record microphones, webcam images, websites visited, see what programs are running, intercept Skype calls,” he told the BBC.
The software even has some in-built features to track Bitcoin payments, which can be difficult to associate with individuals without additional data about when and how transactions were performed.
In a live demonstration of the system, Mr Greenwood showed how an infected phone could be made to record audio from the microphone, even when the device was locked, and use the phone’s camera without its owner knowing.
“We can actually take photos without them realising.
“So the camera in the background is running, taking photos every number of seconds,” explained Mr Greenwood.
It was also possible to listen in on phone calls, access the list of contacts stored on the device and track what websites the phone user was visiting.
Both Mr Greenwood and 4Armed’s technical director, Marc Wickenden, said they were surprised by the sleekness of the interface.
Both point out, though, that customers could be paying upwards of £1m for the software and would expect it to be user-friendly, especially if it was intended for use by law enforcers on the beat.
For the tracked user, though, there are very few ways of finding out that they are being watched.
One red flag, according to Mr Greenwood, is a sudden spike in network data usage, indicating that information is being sent somewhere in the background. Experienced spies, however, would be careful to minimise this in order to remain incognito.
At present, spy software like this is only likely to be secretly deployed on the phones and computers of people who are key targets for an intelligence agency.
Spy catcher
The version of the spyware distributed online is now likely to be more easily detected by anti-virus programs because companies analysing the source code are in the process of updating their systems to recognise it.
Security expert Graham Cluley said it should be as easy to detect as malware.
“The danger will be that malicious hackers could take that code and augment it or change it so it no longer looks like Hacking Team’s versions, which might avoid detection,” he added.
The best course of action, said Mr Cluley, is to keep operating systems and software as up to date as possible.
In a statement, a spokesman for Hacking Team said it advised its customers not to use the software once the breach was discovered.
“As soon as the event was discovered, Hacking Team immediately advised all clients to discontinue the use of that version of the software, and the company provided a patch to assure that client surveillance data and other information stored on client systems was secure.
“From the beginning Hacking Team has assumed that the code that has been released is compromised,” he said.
The spokesman added that the software would be operated by clients of Hacking Team, not Hacking Team itself, and therefore no sensitive data relating to ongoing investigations had been compromised in the breach.
“Of course, there are many who would use for their own purposes the information released by the criminals who attacked Hacking Team.
“This was apparently not a concern of the attackers who recklessly published the material for all online.
“Compiling the software would take considerable technical skill, so not just anyone could do that, but that is not to say it is impossible,” he said.
– To the original: ➡
HOW COVERT AGENTS INFILTRATE THE INTERNET TO MANIPULATE, DECEIVE, AND DESTROY REPUTATIONS
Tuesday, August 11th, 2015– This piece was written by Glenn Greewald on 24 Feb 2014 but it is still relevent.
– dennis
= = = = = = = = = = = = = = = = = = = = = = = = = = =
One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents.
Over the last several weeks, I worked with NBC News to publish a series of articles about “dirty trick” tactics used by GCHQ’s previously secret unit, JTRIG (Joint Threat Research Intelligence Group). These were based on four classified GCHQ documents presented to the NSA and the other three partners in the English-speaking “Five Eyes” alliance. Today, we at the Intercept are publishing another new JTRIG document, in full, entitled “The Art of Deception: Training for Online Covert Operations.”
By publishing these stories one by one, our NBC reporting highlighted some of the key, discrete revelations: the monitoring of YouTube and Blogger, the targeting of Anonymous with the very same DDoS attacks they accuse “hacktivists” of using, the use of “honey traps” (luring people into compromising situations using sex) and destructive viruses. But, here, I want to focus and elaborate on the overarching point revealed by all of these documents: namely, that these agencies are attempting to control, infiltrate, manipulate, and warp online discourse, and in doing so, are compromising the integrity of the internet itself.
Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. Here is one illustrative list of tactics from the latest GCHQ document we’re publishing today:
– This article continues and you will do best to read it in its original form as it has many graphic elements.
– to see the original, click here: ➡
Websites can track us by the way we type
Friday, July 31st, 2015– Here’s an article explaining how websites can identify who is typing by watching patterns in how we touch the keys. I.e., how long you hold particular keys down and how much time elapses between different keystrokes.
– And the article describes a Google Chrome add-on that will mask this for you so you can become anonymous again.
– It is getting harder and harder to move about in the world anonymously. There are some who would say, “If you are not doing anything wrong, why would you care?” I don’t subscribe to that. We are, by common social agreement and oftentimes by the rule of law, innocent until proved guilty.
– The people that hold and use these tools may be benign towards us today but there’s no guarantee that they will remain so in the future. So, it seems obvious to me that if someone wants to exert greater control over us in the future, they will already have all the tools they need to win the battle to control us before a shot is fired.
– dennis
= = = = = = = = = = = = =
Meet KeyboardPrivacy: a proof-of-concept Google Chrome extension that masks how long your fingers linger on each key you depress as you type and how much of a time lag there is between each of your key presses.
And just why would you need to disguise these typing traits – also known as periodicity – which are as unique to individuals as fingerprints?
Because there’s technology out there that can measure our typing characteristics, on the scale of millisecond-long delays and key presses, and use the data to profile us with such a high degree of accuracy that – Tor or no Tor – you won’t stay anonymous when browsing online.
Examples include profiling technology from a Swedish company called BehavioSec that can identify site visitors, based on their typing habits, with a session score of 99% and a confidence rate of 80%.
That type of success comes after the technology has been trained on a mere 44 input characters.
The extension, designed to obfuscate our typing patterns, comes from security researchers Per Thorsheim and Paul Moore.
On Tuesday, Moore said on his blog that UK banks are rumored to be actively trialing such technology to try to detect and minimize the risk of fraud.
That rumor is backed up by news reports mentioning that, as of March 2013, BehavioSec counted Sweden’s top ten national banks – along with Samsung – among its clients.
Why would the researchers want to fight off banks’ efforts to detect fraudulent activity on our accounts?
And why would bank customers want to reduce security by throwing a monkey wrench – or, really, in this case, it’s more like introducing the technical equivalent of a highly accurate cat walking across our keyboards – into banks’ efforts?
Because as it is, we’re trading privacy for security, Moore said.
…More: ➡