Archive for the ‘CyberChaos’ Category

Maybe Better If You Don’t Read This Story on Public WiFi

Thursday, January 7th, 2016

– I knew things were bad – but I didn’t know they were this bad.

– Unless you want to be in complete denial about your computer security issues, you will want to read this.

– dennis

– – – – – – – – – – – – – – – –

We took a hacker to a café and, in 20 minutes, he knew where everyone else was born, what schools they attended, and the last five things they googled.

In his backpack, Wouter Slotboom, 34, carries around a small black device, slightly larger than a pack of cigarettes, with an antenna on it. I meet Wouter by chance at a random cafe in the center of Amsterdam. It is a sunny day and almost all the tables are occupied. Some people talk, others are working on their laptops or playing with their smartphones.

Wouter removes his laptop from his backpack, puts the black device on the table, and hides it under a menu. A waitress passes by and we ask for two coffees and the password for the WiFi network. Meanwhile, Wouter switches on his laptop and device, launches some programs, and soon the screen starts to fill with green text lines. It gradually becomes clear that Wouter’s device is connecting to the laptops, smartphones, and tablets of cafe visitors.

On his screen, phrases like “iPhone Joris” and “Simone’s MacBook” start to appear. The device’s antenna is intercepting the signals that are being sent from the laptops, smartphones, and tablets around us.

More text starts to appear on the screen. We are able to see which WiFi networks the devices were previously connected to. Sometimes the names of the networks are composed of mostly numbers and random letters, making it hard to trace them to a definite location, but more often than not, these WiFi networks give away the place they belong to.

We learn that Joris had previously visited McDonald’s, probably spent his vacation in Spain (lots of Spanish-language network names), and had been kart-racing (he had connected to a network belonging to a well-known local kart-racing center). Martin, another café visitor, had been logged on to the network of Heathrow airport and the American airline Southwest. In Amsterdam, he’s probably staying at the White Tulip Hostel. He had also paid a visit to a coffee shop called The Bulldog.

Session 1:

Let everyone connect to our fake network

The waitress serves us our coffee and hands us the WiFi password. After Slotboom is connected, he is able to provide all the visitors with an internet connection and to redirect all internet traffic through his little device.

Most smartphones, laptops, and tablets automatically search and connect to WiFi networks. They usually prefer a network with a previously established connection. If you have ever logged on to the T-Mobile network on the train, for example, your device will search for a T-Mobile network in the area.

Slotboom’s device is capable of registering these searches and appearing as that trusted WiFi network. I suddenly see the name of my home network appear on my iPhone’s list of available networks, as well as my workplace, and a list of cafes, hotel lobbies, trains, and other public places I’ve visited. My phone automatically connects itself to one of these networks, which all belong to the black device.

Slotboom can also broadcast a fictitious network name, making users believe they are actually connecting to the network of the place they’re visiting. For example, if a place has a WiFi network consisting of random letters and numbers (Fritzbox xyz123), Slotboom is able to provide the network name (Starbucks). People, he says, are much more willing to connect to these.

We see more and more visitors log on to our fictitious network. The siren song of the little black device appears to be irresistible. Already 20 smartphones and laptops are ours. If he wanted to, Slotboom could now completely ruin the lives of the people connected: He can retrieve their passwords, steal their identity, and plunder their bank accounts. Later today, he will show me how. I have given him permission to hack me in order to demonstrate what he is capable of, though it could be done to anyone with a smartphone in search of a network, or a laptop connecting to a WiFi network.

Everything, with very few exceptions, can be cracked.

The idea that public WiFi networks are not secure is not exactly news. It is, however, news that can’t be repeated often enough. There are currently more than 1.43 billion smartphone users worldwide and more than 150 million smartphone owners in the U.S. More than 92 million American adults own a tablet and more than 155 million own a laptop. Each year the worldwide demand for more laptops and tablets increases. In 2013, an estimated 206 million tablets and 180 million laptops were sold worldwide. Probably everyone with a portable device has once been connected to a public WiFi network: while having a coffee, on the train, or at a hotel.

The good news is that some networks are better protected than others; some email and social media services use encryption methods that are more secure than their competitors. But spend a day walking in the city with Wouter Slotboom, and you’ll find that almost everything and everyone connected to a WiFi network can be hacked. A study from threat intelligence consultancy Risk Based Security estimates that more than 822 million records were exposed worldwide in 2013, including credit card numbers, birth dates, medical information, phone numbers, social security numbers, addresses, user names, emails, names, and passwords. Sixty-five percent of those records came from the U.S. According to IT security firm Kaspersky Lab, in 2013 an estimated 37.3 million users worldwide and 4.5 million Americans were the victim of phishing—or pharming—attempts, meaning payment details were stolen from hacked computers, smartphones, or website users.

Report after report shows that digital identity fraud is an increasingly common problem. Hackers and cybercriminals currently have many different tricks at their disposal. But the prevalence of open, unprotected WiFi networks does make it extremely easy for them. The Netherlands National Cyber ??Security Center, a division of the Ministry of Security and Justice, did not issue the following advice in vain: “It is not advisable to use open WiFi networks in public places. If these networks are used, work or financial related activities should better be avoided.”

Slotboom calls himself an “ethical hacker,” or one of the good guys; a technology buff who wants to reveal the potential dangers of the internet and technology. He advises individuals and companies on how to better protect themselves and their information. He does this, as he did today, usually by demonstrating how easy it is to inflict damage. Because really, it’s child’s play: The device is cheap, and the software for intercepting traffic is very easy to use and is readily available for download. “All you need is 70 Euros, an average IQ, and a little patience,” he says. I will refrain from elaborating on some of the more technical aspects, such as equipment, software, and apps needed to go about hacking people.

Session 2:

Scanning for name, passwords, and sexual orientation

Armed with Slotboom’s backpack, we move to a coffeehouse that is known for the beautiful flowers drawn in the foam of the lattes, and as a popular spot for freelancers working on laptops. This place is now packed with people concentrating on their screens.

Slotboom switches on his equipment. He takes us through the same steps, and within a couple of minutes, 20 or so devices are connected to ours. Again we see their Mac-addresses and login history, and in some cases their owners’ names. At my request, we now go a step further.

Slotboom launches another program (also readily available for download), which allows him to extract even more information from the connected smartphones and laptops. We are able to see the specifications of the mobile phone models (Samsung Galaxy S4), the language settings for the different devices, and the version of the operating system used (iOS 7.0.5). If a device has an outdated operating system, for example, there are always known “bugs,” or holes in the security system that can be easily exploited. With this kind of information, you have what you need to break into the operating system and take over the device. A sampling of the coffeehouse customers reveals that none of the connected devices have the latest version of the operating system installed. For all these legacy systems, a known bug is listed online.

We can now see some of the actual internet traffic of those around us. We see that someone with a MacBook is browsing the site Nu.nl. We can see that many devices are sending documents using WeTransfer, some are connecting to Dropbox, and some show activity on Tumblr. We see that someone has just logged on to FourSquare. The name of this person is also shown, and, after googling his name, we recognize him as the person sitting just a few feet away from us.

Information comes flooding in, even from visitors who are not actively working or surfing. Many email programs and apps constantly make contact with their servers—a necessary step for a device to retrieve new emails. For some devices and programs, we are able to see what information is being sent, and to which server.

And now it’s getting really personal. We see that one visitor has the gay dating app Grindr installed on his smartphone. We also see the name and type of the smartphone he’s using (iPhone 5s). We stop here, but it would be a breeze to find out to who the phone belongs to. We also see that someone’s phone is attempting to connect to a server in Russia, sending the password along with it, which we are able to intercept.

Session 3:

Obtaining information on occupation, hobbies, and relational problems

Many apps, programs, websites, and types of software make use of encryption technologies. These are there to ensure that the information sent and received from a device is not accessible to unauthorized eyes. But once the user is connected to Slotboom’s WiFi network, these security measures can be circumvented relatively easily, with the help of decryption software.

To our shared surprise, we see an app sending personal information to a company that sells online advertising. Among other things, we see the location data, technical information of the phone, and information of the WiFi network. We can also see the name (first and last) of a woman using the social bookmarking website Delicious. Delicious allows users to share websites—bookmarks—they are interested in. In principle, the pages that users of Delicious share are available publicly, yet we can’t help feeling like voyeurs when we realize just how much we are able to learn about this woman on the basis of this information.

First we google her name, which immediately allows us to determine what she looks like and where in the coffeehouse she is sitting. We learn that she was born in a different European country and only recently moved to the Netherlands. Through Delicious we discover that she’s been visiting the website of a Dutch language course and she has bookmarked a website with information on the Dutch integration course.

In less than 20 minutes, here’s what we’ve learned about the woman sitting 10 feet from us: where she was born, where she studied, that she has an interest in yoga, that she’s bookmarked an online offer for a anti-snore mantras, recently visited Thailand and Laos, and shows a remarkable interest in sites that offer tips on how to save a relationship.

Slotboom shows me some more hacker tricks. Using an app on his phone, he is able to change specific words on any website. For example, whenever the word “Opstelten” (the name of a Dutch politician) is mentioned, people see the word “Dutroux” (the name of a convicted serial killer) rendered on the page instead. We tested it and it works. We try another trick: Anyone loading a website that includes pictures gets to see a picture selected by Slotboom. This all sounds funny if you’re looking for some mischief, but it also makes it possible to load images of child pornography on someone’s smartphone, the possession of which is a criminal offense.

Password intercepted

We visit yet another cafe. My last request to Slotboom is to show me what he would do if he wanted to really harm me. He asks me to go to Live.com (the Microsoft email site) and enter a random username and password. A few seconds later, the information I just typed appears on his screen. “Now I have the login details of your email account,” Slotboom says. “The first thing I would do is change the password of your account and indicate to other services you use that I have forgotten my password. Most people use the same email account for all services. And those new passwords will then be sent to your mailbox, which means I will have them at my disposal as well.” We do the same for Facebook: Slotboom is able to intercept the login name and password I entered with relative ease.

Another trick that Slotboom uses is to divert my internet traffic. For example, whenever I try to access the webpage of my bank, he has instructed his program to re-direct me to a page he owns: a cloned site that appears to be identical to the trusted site, but is in fact completely controlled by Slotboom. Hackers call this DNS spoofing. The information I entered on the site is stored on the server owned by Slotboom. Within 20 minutes he’s obtained the login details, including passwords for my Live.com, SNS Bank, Facebook, and DigiD accounts.

I will never again be connecting to an insecure public WiFi network without taking security measures.

– Follow this link to the original of this story…

Iranian hackers infiltrated U.S. power grid, dam computers, reports say

Thursday, December 24th, 2015
  • This is a scary article.  And reading it, you might be forgiven if you think this is something new and that our government’s security folks will be all over soon to quash it.
  • But,in fact, it is not new.  Not hardly.  The United State’s power structures have been under attack by foreign hackers and very likely compromised for sometime now.
  • Compromised how?  And how badly, you say?
  • Well, first they are compromised primarily because the Internet and the power grid networks involved are just simply too much and too complicated. The number of people who really understand technical stuff at this level are few. And the need to have our power infrastructure all up and running all the time is intense. We have thousands of facilities, thousands of people working in the industry and God only knows how many software vendors have written packages to help make it all run and sold the packages to the industry. Just think of how little you, your friends and your neighbors (and virtually all the people you know) really know about computers and networks and you’ll begin to see how few are protecting so many from so much.
  • And how badly are we compromised?
  • Well, you’ll have to read the article to get some idea of how badly we’re compromised – but know this:  this is not new.  Here’s a link to an article I posted back in April of 2009 – on this same subject.  You might read it first and then read the new article and see if you think ‘the government’s security folks will be all over [this situation] soon to quash it’.
  • Here’s a few quotes from the new article to get your juices flowing:
  •  
    • “The hackers have gained access to an aging, outdated power system. Many of the substations and equipment that move power across the U.S. are decrepit and were never built with network security in mind; hooking the plants up to the Internet over the last decade has given hackers new backdoors in.”
    • “Last year, Homeland Security released several maps that showed a virtual hit list of critical infrastructure, including two substations in the San Francisco Bay area, water and gas pipelines and a refinery. And according to a previously reported study by the Federal Energy Regulatory Commission, a coordinated attack on just nine critical power stations could cause a coast-to-coast blackout that could last months, far longer than the one that plunged the Northeast into darkness in 2003.”
  • dennis

= = = = = = = = = = = = = = = = = = = = = = =

Iranian hackers breached the control system of a dam near New York City in 2013, and are also implicated in some of a dozen attacks that have infiltrated the U.S. power grid system in the last decade, say two separate reports.

The reports by the Wall Street Journal and the Associated Press both raise concerns about the security of the country’s aging infrastructure.

Two people familiar with the dam breach told the Wall Street Journal it occurred at the Bowman Avenue Dam in Rye, New York. The small structure about 20 miles from New York City is used for flood control.

The hackers gained access to the dam through a cellular modem, the Journal said, citing an unclassified Department of Homeland Security summary of the incident that did not specify the type of infrastructure.

The breach came as hackers linked to the Iranian government were attacking U.S. bank websites after American spies damaged an Iranian nuclear facility with the Stuxnet computer worm.

Homeland Security spokesman S.Y. Lee would not confirm the breach to Reuters. He said the department’s 24-hour cybersecurity information-sharing hub and an emergency response team coordinate responses to threats to and vulnerabilities in critical infrastructure.

Meanwhile, about a dozen times in the last decade, sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on, according to top experts who spoke only on condition of anonymity due to the sensitive nature of the subject matter, the Associated Press found.

Security researcher Brian Wallace was on the trail of hackers who had snatched a California university’s housing files when he stumbled into one example: Cyberattackers had opened a pathway into the networks running the United States power grid.

Digital clues pointed to Iranian hackers. And Wallace found that they had already taken passwords, as well as engineering drawings of dozens of power plants, at least one with the title “Mission Critical.”

The drawings were so detailed that experts say skilled attackers could have used them, along with other tools and malicious code, to knock out electricity flowing to millions of homes.

The attack targeted Calpine Corp., a power producer with 82 plants operating in 18 states and Canada — it has one plant in Courtright, Ont. The hacking software appeared to originate in Iran, but the hacking group included members in the Netherlands, Canada, and the United Kingdom.

Wallace was astonished. But this breach, The Associated Press has found, was not unique.

Capability to strike at will

These intrusions have not caused the kind of cascading blackouts that are feared by the intelligence community. But so many attackers have stowed away in the systems that run the U.S. electric grid that experts say they likely have the capability to strike at will.

The hackers have gained access to an aging, outdated power system. Many of the substations and equipment that move power across the U.S. are decrepit and were never built with network security in mind; hooking the plants up to the Internet over the last decade has given hackers new backdoors in.

Distant wind farms, home solar panels, smart meters and other networked devices must be remotely monitored and controlled, which opens up the broader system to fresh points of attack. Hundreds of contractors sell software and equipment to energy companies, and attackers have successfully used those outside companies as a way to get inside networks tied to the grid.

Small town mayor relinquishes electronics and passwords to agents at SFO

Monday, October 5th, 2015
  • An interesting story. Prescient of our future?  
  • Just last month, I read in an American publication about a news conference held by the senior leaders of the NSA, the CIA, the FBI and several other security-related agencies.  The reason they held the conference was to say to the press and the American public that this ‘tension’ between them and the public needs to be toned down.  That they are only trying to protect our security interests and that they need to be free to get on with it.
  • Interesting that they failed to note that a lot of this started when Edward Snowdon pulled the covers back from their secret programs and the public found much of what was revealed deeply unpalatable.  No comment on that and little has been done about it save for imposing a few small limitations here and there.
  • But, if those limitations are reimplemented, we’ll never know about it because it will all be done behind those same secret curtains again (and for our own good, I’m sure).
  • So, here they are in this story forcing their way into a private citizen’s private affairs/data with no warrant, no probable cause and no comment when asked about it by the press.  Basically, “Nothing to see here.  Just move along now, move along.”
  • Is this how they are going to win the public’s trust again?
  • And, isn’t the deepest irony here that if the fellow searched had wanted to hide something, he simply could have dropped an encrypted copy of it onto any of a hundred places out in the Internet cloud and erased it from his phone before entering the country.  Once home, he grabs it again from the web, decrypts it and he’s done.
  • The only criminals and terrorists the Feds are going to capture these Bully-Boy methods are the dumbest of the dumb.  
  • So what is the point then?  Simple harassment of the public? A flexing of their muscles so we can all see how very powerful they really are?  Or just a profound example of bureaucratic ineptitude wherein the left hand has no idea what the right hand’s doing?
  • dennis

= = = = = = = = = = = = = = = = = = = = = = =

As feds battle over privacy, mayor compares the situation to North Korea.

Stockton, California Mayor Anthony R. Silva attended a recent mayor’s conference in China, but his return trip took a bit longer than usual. At the San Francisco International Airport (SFO) this week, agents with the Department of Homeland Security detained Silva and confiscated his personal cell phone among other electronics. According to comments from the mayor, that may not even be the most alarming part.

“Unfortunately, they were not willing or able to produce a search warrant or any court documents suggesting they had a legal right to take my property,” Silva told SFGate. “In addition, they were persistent about requiring my passwords for all devices.”

The mayor’s attorney, Mark Reichel, told SFGate that Silva was not allowed to leave the airport without forfeiting his passwords. Reichel was not present for Silva’s interaction with the DHS agents, either. The mayor was told he had “no right for a lawyer to be present” and that being a US citizen did not “entitle me to rights that I probably thought,” according to the paper.

As of Friday, Silva had not yet received his property from the SFO detention. SFGate reports Reichel contacted the US Attorney’s Office in Sacramento, but they would not comment on whether they still had the mayor’s possessions. The paper also reached out to a spokesperson at US Immigration and Customs Enforcement, but that office also refused comment. (Ars has reached out to the mayor’s office for any new information, and we’ll update this story accordingly if we hear back.)

Authorities demanding access to password-protected devices has become a hot-button issue across the country, highlighted in particular by the federal government’s ongoing battle with Silicon Valley over the lack of crypto backdoors in modern smartphones. At the end of last month, one US District Judge in Pennsylvania ruled that forcing suspects to surrender their passwords was unconstitutional on Fifth Amendment grounds.

Evidently, Silva was well aware of the situation and only had his concerns heightened by first-hand experience. Talking to SFGate, he briefly compared the government battle on privacy to notorious dictatorships worldwide.

“I think the American people should be extremely concerned about their personal rights and privacy,” Silva told the paper. “As I was being searched at the airport, there was a Latino couple to my left, and an Asian couple to my right also being aggressively searched. I briefly had to remind myself that this was not North Korea or Nazi Germany. This is the land of the Free.”

  • To the original in Ars Technica:  

Spyware demo shows how spooks hack mobile phones

Wednesday, August 12th, 2015

Intelligence agencies’ secretive techniques for spying on mobile phones are seldom made public.

But a UK security firm has shown the BBC how one tool, sold around the world to spooks, actually works.

It allows spies to take secret pictures with a phone’s camera and record conversations with the microphone, without the phone owner knowing.

Hacking Team’s software was recently stolen from the company by hackers and published on the web.

Almost any data on a phone, tablet or PC can be accessed by the tool and it is fascinating how much it can do.

When Joe Greenwood, of cybersecurity firm 4Armed, saw that source code for the program had been dumped online by hackers, he couldn’t resist experimenting with it.

Although he had to fiddle with the code to make it work, it only took a day before he had it up and running.

The software consists of the surveillance console, which displays data retrieved from a hacked device, and malware planted on the target device itself.

4Armed was careful to note that using it to spy on someone without their consent would be against the law.

Listening in

After testing the software on his own PC, Mr Greenwood soon realised the scope of its capabilities.

“You can download files, record microphones, webcam images, websites visited, see what programs are running, intercept Skype calls,” he told the BBC.

The software even has some in-built features to track Bitcoin payments, which can be difficult to associate with individuals without additional data about when and how transactions were performed.

In a live demonstration of the system, Mr Greenwood showed how an infected phone could be made to record audio from the microphone, even when the device was locked, and use the phone’s camera without its owner knowing.

“We can actually take photos without them realising.

“So the camera in the background is running, taking photos every number of seconds,” explained Mr Greenwood.

It was also possible to listen in on phone calls, access the list of contacts stored on the device and track what websites the phone user was visiting.

 

Both Mr Greenwood and 4Armed’s technical director, Marc Wickenden, said they were surprised by the sleekness of the interface.

Both point out, though, that customers could be paying upwards of £1m for the software and would expect it to be user-friendly, especially if it was intended for use by law enforcers on the beat.

For the tracked user, though, there are very few ways of finding out that they are being watched.

One red flag, according to Mr Greenwood, is a sudden spike in network data usage, indicating that information is being sent somewhere in the background. Experienced spies, however, would be careful to minimise this in order to remain incognito.

At present, spy software like this is only likely to be secretly deployed on the phones and computers of people who are key targets for an intelligence agency.

Spy catcher

The version of the spyware distributed online is now likely to be more easily detected by anti-virus programs because companies analysing the source code are in the process of updating their systems to recognise it.

Security expert Graham Cluley said it should be as easy to detect as malware.

“The danger will be that malicious hackers could take that code and augment it or change it so it no longer looks like Hacking Team’s versions, which might avoid detection,” he added.

The best course of action, said Mr Cluley, is to keep operating systems and software as up to date as possible.

In a statement, a spokesman for Hacking Team said it advised its customers not to use the software once the breach was discovered.

“As soon as the event was discovered, Hacking Team immediately advised all clients to discontinue the use of that version of the software, and the company provided a patch to assure that client surveillance data and other information stored on client systems was secure.

“From the beginning Hacking Team has assumed that the code that has been released is compromised,” he said.

The spokesman added that the software would be operated by clients of Hacking Team, not Hacking Team itself, and therefore no sensitive data relating to ongoing investigations had been compromised in the breach.

“Of course, there are many who would use for their own purposes the information released by the criminals who attacked Hacking Team.

“This was apparently not a concern of the attackers who recklessly published the material for all online.

“Compiling the software would take considerable technical skill, so not just anyone could do that, but that is not to say it is impossible,” he said.

– To the original:  

 

HOW COVERT AGENTS INFILTRATE THE INTERNET TO MANIPULATE, DECEIVE, AND DESTROY REPUTATIONS

Tuesday, August 11th, 2015

– This piece was written by Glenn Greewald on 24 Feb 2014 but it is still relevent.

– dennis

= = = = = = = = = = = = = = = = = = = = = = = = = = =

One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents.

Over the last several weeks, I worked with NBC News to publish a series of articles about “dirty trick” tactics used by GCHQ’s previously secret unit, JTRIG (Joint Threat Research Intelligence Group). These were based on four classified GCHQ documents presented to the NSA and the other three partners in the English-speaking “Five Eyes” alliance. Today, we at the Intercept are publishing another new JTRIG document, in full, entitled “The Art of Deception: Training for Online Covert Operations.”

By publishing these stories one by one, our NBC reporting highlighted some of the key, discrete revelations: the monitoring of YouTube and Blogger, the targeting of Anonymous with the very same DDoS attacks they accuse “hacktivists” of using, the use of “honey traps” (luring people into compromising situations using sex) and destructive viruses. But, here, I want to focus and elaborate on the overarching point revealed by all of these documents: namely, that these agencies are attempting to control, infiltrate, manipulate, and warp online discourse, and in doing so, are compromising the integrity of the internet itself.

Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. Here is one illustrative list of tactics from the latest GCHQ document we’re publishing today:

– This article continues and you will do best to read it in its original form as it has many graphic elements.

– to see the original, click here:

 

Websites can track us by the way we type

Friday, July 31st, 2015

– Here’s an article explaining how websites can identify who is typing by watching patterns in how we touch the keys.  I.e., how long you hold particular keys down and how much time elapses between different keystrokes.

– And the article describes a Google Chrome add-on that will mask this for you so you can become anonymous again.

– It is getting harder and harder to move about in the world anonymously.  There are some who would say, “If you are not doing anything wrong, why would you care?”  I don’t subscribe to that.  We are, by common social agreement and oftentimes by the rule of law, innocent until proved guilty.

– The people that hold and use these tools may be benign towards us today but there’s no guarantee that they will remain so in the future.  So, it seems obvious to me that if someone wants to exert greater control over us in the future, they will already have all the tools they need to win the battle to control us before a shot is fired.

– dennis

= = = = = = = = = = = = =

Meet KeyboardPrivacy: a proof-of-concept Google Chrome extension that masks how long your fingers linger on each key you depress as you type and how much of a time lag there is between each of your key presses.

And just why would you need to disguise these typing traits – also known as periodicity – which are as unique to individuals as fingerprints?

Because there’s technology out there that can measure our typing characteristics, on the scale of millisecond-long delays and key presses, and use the data to profile us with such a high degree of accuracy that – Tor or no Tor – you won’t stay anonymous when browsing online.

Examples include profiling technology from a Swedish company called BehavioSec that can identify site visitors, based on their typing habits, with a session score of 99% and a confidence rate of 80%.

That type of success comes after the technology has been trained on a mere 44 input characters.

The extension, designed to obfuscate our typing patterns, comes from security researchers Per Thorsheim and Paul Moore.

On Tuesday, Moore said on his blog that UK banks are rumored to be actively trialing such technology to try to detect and minimize the risk of fraud.

That rumor is backed up by news reports mentioning that, as of March 2013, BehavioSec counted Sweden’s top ten national banks – along with Samsung – among its clients.

Why would the researchers want to fight off banks’ efforts to detect fraudulent activity on our accounts?

And why would bank customers want to reduce security by throwing a monkey wrench – or, really, in this case, it’s more like introducing the technical equivalent of a highly accurate cat walking across our keyboards – into banks’ efforts?

Because as it is, we’re trading privacy for security, Moore said.

…More:

 

Privacy groups walk out of US talks on facial recognition guidelines

Monday, July 6th, 2015

– Yes, I have a problem with systems that require us to ‘opt out’ before we can avoid them.

– In New Zealand, recently, one of the airlines was selling its passengers insurance that they specifically had to opt out of if they didn’t want to buy it.

– This one, having to do with facial recognition, is outrageous. It is a simple case of what’s good for the average Joe vs. what’s good for the corporations. And IMHO, the balance should always come down to favoring the average Joe and not the corporations.

– Look at how blatant the corporations are: “Not a single industry representative would agree on the most basic premise: that targets of facial recognition should opt in before companies identify them.

– dennis

= = = = = = = = = = = = = = = = = =

A 16-month effort to set guidelines for use of facial recognition technology that satisfy consumers’ expectations of privacy and meet existing state laws went up in flames on Tuesday.

That’s when all nine civil liberties and consumer advocate groups participating in talks with trade associations on a voluntary code of conduct for US businesses to use facial recognition walked away from the table.

Their reason?

Not a single industry representative would agree on the most basic premise: that targets of facial recognition should opt in before companies identify them.

They’d been at it since February 2014, when the US Department of Commerce’s National Telecommunication and Information Administration (NTIA) brought together industry representatives and privacy advocates to come up with voluntary guidelines.

The nine pro-privacy advocates, including the Electronic Frontier Foundation, the American Civil Liberties Union, the Center for Digital Democracy and other consumer advocates, put up a joint statementexplaining their move.

From the statement:

At this point, we do not believe that the NTIA process is likely to yield a set of privacy rules that offer adequate protections for the use of facial recognition technology. We are convinced that in many contexts, facial recognition of consumers should only occur when an individual has affirmatively decided to allow it to occur. In recent NTIA meetings, however, industry stakeholders were unable to agree on any concrete scenario where companies should employ facial recognition only with a consumer's permission.

According to The Washington Post, the camel’s back broke last Thursday, at the NTIA’s 12th meeting on the issue.

Insiders told the newspaper that this is how it went down:

First, Alvaro Bedoya, the executive director of Georgetown University's Center on Privacy and Law, asked if companies could agree to making opt-in for facial recognition technology the default for when identifying people - meaning that if companies wanted to use someone's face to name them, the person would have to agree to it. No companies or trade associations would commit to that, according to multiple attendees at the meeting.

That’s right: not a single company would agree that consumers should have the say-so in facial recognition.

But while this industry/advocates collaboration on voluntary guidelines has fallen apart, the images companies are collecting without any federal direction haven’t gone anywhere.

Face-slurping companies include tech giants Facebook, Google and Apple.

For its part, Facebook is facing a class action lawsuit over facial recognition, started by an Illinois man who claims the social network violated state privacy laws by not providing him with written notification that his biometric data was being collected or stored.

Also in the mix are retailers, such as Wal-Mart, which love to spot who’s looking at what and for how long inside their stores.

In the UK, things are very similar: Tesco, the UK’s largest supermarket chain, in 2013 announced it was to install facial recognition technology in all 450 of its petrol station forecourts – all the better to target-market at you, my pretty.

The companies trying to hammer out guidelines in the US have turned away not only from the basic premise of opt-in, but also from a specific, concrete scenario of opt-in that was offered up by Justin Brookman, the director of the Center for Democracy & Technology’s consumer privacy project.

According to The Washington Post, Brookman sketched out the concrete scenario like so:

What if a company set up a camera on a public street and surreptitiously used it [to] identify people by name? Could companies agree to opt-in consent there?

The results were the same: not a single company went for opt-in, even under such specific circumstances.

Privacy advocates have said that their withdrawals from the multi-stakeholder process will be a fatal blow to the perceived legitimacy of the NTIA’s efforts, now that it’s just the foxes – as in, the companies implementing facial recognition – guarding the hen house (the hens being all us being surveilled).

But the NTIA says the talks will go on.

An agency spokesperson said this to The Washington Post:

NTIA is disappointed that some stakeholders have chosen to stop participating in our multi-stakeholder engagement process regarding privacy and commercial facial recognition technology. A substantial number of stakeholders want to continue the process and are establishing a working group that will tackle some of the thorniest privacy topics concerning facial recognition technology. The process is the strongest when all interested parties participate and are willing to engage on all issues.

The privacy advocates said in their letter that the barest minimum privacy expectation should be that we can simply walk down the street without our every movement being tracked and without then being identified by name, all thanks to the ever-more-sophisticated technology of facial recognition.

Unfortunately, we have been unable to obtain agreement even with that basic, specific premise. The position that companies never need to ask permission to use biometric identification is at odds with consumer expectations, current industry practices, as well as existing state law.

It might look good, at least on the surface, that the industry representatives are apparently playing ball by not walking away from the official guidelines-setting process.

But it’s hard to imagine anything privacy-positive coming out of that process now that the privacy advocates have walked away.

And without any guidelines, these companies will continue to use facial recognition in an unregulated environment.

– To the original:  

 

Hacking BIOS Chips isn’t just the NSA’s domain anymore

Monday, March 23rd, 2015

– I’m coming to believe that the only secrets left are the things in your head that you’ve never told another soul.  And I’m increasingly fearful that those who want to dominate our societies in the name of ‘security’ are developing the tools to disarm any who might try to organize against them.

– In the coming years, when the various dominator powers war against each other for global domination, those of us who understand little of these cyber wars will be like rats beneath the wheels of the passing chariots.

– As I see it, the only saving grace is that the type of intelligence it takes to participate in these wars is in no way exclusive to those with the urge to dominate.  But the Dominators do have the enviable advantage of money and organizational power.

– And note well, my friends, that nothing I’ve just said acknowledges in any way the other preeminent fact of our times – that our presence within, expansion into and carelessness with the natural environment around us is virtually certain to bring it down around our ears, unless we change our ways.

– Those going forward from here will increasingly live in ‘interesting times’.  We are truly at a pivot-point in human history and most of us are deeply asleep with regard to how fragile the world around us is becoming.

– dennis

= = = = = = = = = = = = = = = = = = = = = =

THE ABILITY TO hack the BIOS chip at the heart of every computer is no longer reserved for the NSA and other three-letter agencies.  Millions of machines contain basic BIOS vulnerabilities that let anyone with moderately sophisticated hacking skills compromise and control a system surreptitiously, according to two researchers.

The revelation comes two years after a catalogue of NSA spy tools leaked to journalists in Germany surprised everyone with its talk about the NSA’s efforts to infect BIOS firmware with malicious implants.

The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually scanned by them, spies can plant malware that remains live and undetected even if the computer’s operating system were wiped and re-installed.

BIOS-hacking until now has been largely the domain of advanced hackers like those of the NSA. But researchers Xeno Kovah and Corey Kallenberg presented a proof-of-concept attack today at the CanSecWest conference in Vancouver, showing how they could remotely infect the BIOS of multiple systems using a host of new vulnerabilities that took them just hours to uncover. They also found a way to gain high-level system privileges for their BIOS malware to undermine the security of specialized operating systems like Tails—used by journalists and activists for stealth communications and handling sensitive data.

Although most BIOS have protections to prevent unauthorized modifications, the researchers were able to bypass these to reflash the BIOS and implant their malicious code.

Kovah and Kallenberg recently left MITRE, a government contractor that conducts research for the Defense Department and other federal agencies, to launch LegbaCore, a firmware security consultancy. They note that the recent discovery of a firmware-hacking tool by Kaspersky Lab researchers makes it clear that firmware hacking like their BIOS demo is something the security community should be focusing on.

Because many BIOS share some of the same code, they were able to uncover vulnerabilities in 80 percent of the PCs they examined, including ones from Dell, Lenovo and HP. The vulnerabilities, which they’re calling incursion vulnerabilities, were so easy to find that they wrote a script to automate the process and eventually stopped counting the vulns it uncovered because there were too many.

“There’s one type of vulnerability, which there’s literally dozens of instances of it in every given BIOS,” says Kovah. They disclosed the vulnerabilities to the vendors and patches are in the works but have not yet been released. Kovah says, however, that even when vendors have produced BIOS patches in the past, few people have applied them.

“Because people haven’t been patching their BIOSes, all of the vulnerabilities that have been disclosed over the last couple of years are all open and available to an attacker,” he notes. “We spent the last couple of years at MITRE running around to companies trying to get them to do patches. They think BIOS is out of sight out of mind [because] they don’t hear a lot about it being attacked in the wild.”

An attacker could compromise the BIOS in two ways—through remote exploitation by delivering the attack code via a phishing email or some other method, or through physical interdiction of a system. In that case, the researchers found that if they had physical access to a system they could infect the BIOS on some machines in just two minutes. This highlights just how quickly and easy it would be, for example, for a government agent or law enforcement officer with a moment’s access to a system to compromise it.

Their malware, dubbed LightEater, uses the incursion vulnerabilities to break into and hijack the system management mode to gain escalated privileges on the system. System management mode, or SMM, is an operations mode in Intel processors that firmware uses to do certain functions with high-level system privileges that exceed even administrative and root-level privileges, Kovah notes. Using this mode, they can rewrite the contents of the BIOS chip to install an implant that gives them a persistent and stealth foothold. From there, they can install root kits and steal passwords and other data from the system.

But more significantly, SMM gives their malware the ability to read all data and code that appears in a machine’s memory. This would allow their malware, Kovah points out, to subvert any computer using the Tails operating system—the security and privacy-oriented operating system Edward Snowden and journalist Glenn Greenwald used to handle NSA documents Snowden leaked. By reading data in memory, they could steal the encryption key of a Tails user to unlock encrypted data or swipe files and other content as it appears in memory. Tails is meant to be run from a secure USB flash drive or other removable media—so that conceivably it won’t be affected by viruses or other malware that may have infected the computer. It operates in the computer’s memory and once the operating system is shut down, Tails scrubs the RAM to erase any traces of its activity. But because the LightEater malware uses the system management mode to read the contents of memory, it can grab the data while in memory before it gets scrubbed and store it in a safe place from which it can later be exfiltrated. And it can do this while all the while remaining stealth.

“Our SMM attacker lives in a place nobody checks today to see if there’s an attacker,” Kovah says. “System management mode can read everyone’s RAM, but nobody can read System Management Mode’s RAM.”

Such an attack shows, he says, that the operating system Snowden chose to protect himself can’t actually protect him from the NSA or anyone else who can design an attack like LightEater.

– To the original article:  

– research thanks to: K. M.

 

 

NSA hiding Equation spy program on hard drives

Wednesday, February 18th, 2015

– In 1999, Motorola, at my request, sent me to Silicon Valley for a week-long course in advanced Windows Win32 programming.  

– During this course, I remember talking with another participant; a young computer whiz who was from the NSA.  

– He talked about how they (the NSA computer guys) conducted red-team green-team battles to see who could infiltrate the other’s team’s computer systems.

– But the thing he talked about, that caught my interest the most, was when he said the hot new frontier was getting into firmware as a way of exerting control over computers remotely.  It was a new idea that immediately fascinated me but once he saw my interest, I think he realized that he might be talking too much and clammed up.  He avoided me for the rest of the week.

– The story, below, says that the technique of firmware infiltration may have been around since 2001.  I’m sure I heard the sound of the other shoe dropping when I read that.

– The article says:

It is not clear how the NSA may have obtained the hard drives’ source code. Western Digital spokesman Steve Shattuck said the company “has not provided its source code to government agencies.” The other hard drive makers would not say if they had shared their source code with the NSA.

– I don’t find it all that mysterous.  How hard would it be for the NSA to field computer-savvy agents directed to seek employment in these companies?  Or, as the article says, to require the companies to provide their source code to the NSA for security reviews before the U.S. Government will allow it to be used in U.S. facilities?

– Once the NSA has the firmware’s source code, they can modify it and then intercept the firm’s drives in shipment and refresh the firmware on the intercepted drives with the NSA’s new stuff …  that does everything the old firmware does … and a bit more.  

– The interception-during-shipment technique was outed over a year ago as being one of their favorite techniques though in that case it had to do with routers.

– dennis

= = = = = = = = = = = = = = = = = = = = = = = = =

The US National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world’s computers, according to cyber researchers and former operatives.

That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran’s uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.

A former NSA employee told Reuters that Kaspersky’s analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.

NSA spokeswoman Vanee Vines declined to comment.

Kaspersky published the technical details of its research on Monday, which should help infected institutions detect the spying programs, some of which trace back as far as 2001.

The disclosure could further hurt the NSA’s surveillance abilities, already damaged by massive leaks by former contractor Edward Snowden. Snowden’s revelations have hurt the United States’ relations with some allies and slowed the sales of US technology products abroad.

The exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China, which is already drafting regulations that would require most bank technology suppliers to proffer copies of their software code for inspection.

TECHNOLOGICAL BREAKTHROUGH

According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.

Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.

“The hardware will be able to infect the computer over and over,” lead Kaspersky researcher Costin Raiu said in an interview.

Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets, according to Raiu. He said Kaspersky found only a few especially high-value computers with the hard-drive infections.

Kaspersky’s reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital, Seagate, Toshiba, IBM, Micron Technology and Samsung.

Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment.

GETTING THE SOURCE CODE

Raiu said the authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.

“There is zero chance that someone could rewrite the [hard drive] operating system using public information,” Raiu said.

Concerns about access to source code flared after a series of high-profile cyberattacks on Google Inc and other US companies in 2009 that were blamed on China. Investigators have said they found evidence that the hackers gained access to source code from several big US tech and defense companies.

It is not clear how the NSA may have obtained the hard drives’ source code. Western Digital spokesman Steve Shattuck said the company “has not provided its source code to government agencies.” The other hard drive makers would not say if they had shared their source code with the NSA.

Seagate spokesman Clive Over said it has “secure measures to prevent tampering or reverse engineering of its firmware and other technologies.” Micron spokesman Daniel Francisco said the company took the security of its products seriously and “we are not aware of any instances of foreign code.”

According to former intelligence operatives, the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer. If a company wants to sell products to the Pentagon or another sensitive US agency, the government can request a security audit to make sure the source code is safe.

“They don’t admit it, but they do say, ‘We’re going to do an evaluation, we need the source code,'” said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. “It’s usually the NSA doing the evaluation, and it’s a pretty small leap to say they’re going to keep that source code.”

Kaspersky called the authors of the spying program “the Equation group,” named after their embrace of complex encryption formulas.

The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.

Fanny was like Stuxnet in that it exploited two of the same undisclosed software flaws, known as “zero days,” which strongly suggested collaboration by the authors, Raiu said. He added that it was “quite possible” that the Equation group used Fanny to scout out targets for Stuxnet in Iran and spread the virus.

– To the Original:  

As inequality soars, the nervous super rich are already planning their escapes

Monday, January 26th, 2015

Hedge fund managers are preparing getaways by buying airstrips and farms in remote areas, former hedge fund partner tells Davos during session on inequality

With growing inequality and the civil unrest from Ferguson and the Occupy protests fresh in people’s mind, the world’s super rich are already preparing for the consequences. At a packed session in Davos, former hedge fund director Robert Johnson revealed that worried hedge fund managers were already planning their escapes. “I know hedge fund managers all over the world who are buying airstrips and farms in places like New Zealand because they think they need a getaway,” he said.

Johnson, who heads the Institute of New Economic Thinking and was previously managing director at Soros, said societies can tolerate income inequality if the income floor is high enough. But with an existing system encouraging chief executives to take decisions solely on their profitability, even in the richest countries inequality is increasing.

Johnson added: “People need to know there are possibilities for their children – that they will have the same opportunity as anyone else. There is a wicked feedback loop. Politicians who get more money tend to use it to get more even money.”

Global warming and social media are among the trends the 600 super-smart World Economic Forum staffers told its members to watch out for long before they became ubiquitous. This year, income inequality is fast moving up the Davos agenda – a sure sign of it is poised to burst into the public consciousness.

Jim Wallis, founder of Sojourners and a Davos star attraction after giving the closing address in 2014, said he had spent a lot of time learning from the leaders behind recent social unrest in Ferguson. He believes that will prove “a catalytic event” which has already changed the conversation in the US, bringing a message from those who previously “didn’t matter”.

So what is the solution to having the new voices being sufficiently recognised to actually change the status quo into one where those with power realise they do matter?

Clarke said: “Solutions are there. What’s been lacking is political will. Politicians do not respond to those who don’t have a voice In the end this is all about redistributing income and power.”

She added: “Seventy five percent of people in developing countries live in places that are less equal than they were in 1990.”

The panellists were scathing about politicians, Wallis describing them as people who held up wet fingers “to see which way the money is blowing in from.”

Author, philosopher and former academic Rebecca Newberger-Goldstein saw the glass half full, drawing on history to prove society does eventually change for the better. She said Martin Luther King was correct in his view that the arch of history might be long, but it bends towards justice.

In ancient Greece, she noted, even the greatest moralists like Plato and Aristotle never criticised slavery. Newberger-Goldstein said: “We’ve come a long way as a species. The truth is now dawning that everybody matters because the concept of mattering is at the core of every human being.” Knowing you matter, she added, is often as simple as having others “acknowledge the pathos and reality of your stories. To listen.”

Mexican micro-lending entrepreneur Carlos Danel expanded on the theme. His business, Gentera, has thrived by working out that “those excluded are not the problem but realising there’s an opportunity to serve them.”

He added: “Technology provides advantages that can lower costs and enable us to provide products and services that matter to the people who don’t seem to matter to society. And that’s beyond financial services – into education and elsewhere.”

Which, Danel believes, is why business was created in the first place – to serve. A message that seemed to get lost somewhere in the worship of profit.

– To the original:

– Research thanks to Kierin M.