Archive for the ‘CyberChaos’ Category

Privacy groups walk out of US talks on facial recognition guidelines

Monday, July 6th, 2015

– Yes, I have a problem with systems that require us to ‘opt out’ before we can avoid them.

– In New Zealand, recently, one of the airlines was selling its passengers insurance that they specifically had to opt out of if they didn’t want to buy it.

– This one, having to do with facial recognition, is outrageous. It is a simple case of what’s good for the average Joe vs. what’s good for the corporations. And IMHO, the balance should always come down to favoring the average Joe and not the corporations.

– Look at how blatant the corporations are: “Not a single industry representative would agree on the most basic premise: that targets of facial recognition should opt in before companies identify them.

– dennis

= = = = = = = = = = = = = = = = = =

A 16-month effort to set guidelines for use of facial recognition technology that satisfy consumers’ expectations of privacy and meet existing state laws went up in flames on Tuesday.

That’s when all nine civil liberties and consumer advocate groups participating in talks with trade associations on a voluntary code of conduct for US businesses to use facial recognition walked away from the table.

Their reason?

Not a single industry representative would agree on the most basic premise: that targets of facial recognition should opt in before companies identify them.

They’d been at it since February 2014, when the US Department of Commerce’s National Telecommunication and Information Administration (NTIA) brought together industry representatives and privacy advocates to come up with voluntary guidelines.

The nine pro-privacy advocates, including the Electronic Frontier Foundation, the American Civil Liberties Union, the Center for Digital Democracy and other consumer advocates, put up a joint statementexplaining their move.

From the statement:

At this point, we do not believe that the NTIA process is likely to yield a set of privacy rules that offer adequate protections for the use of facial recognition technology. We are convinced that in many contexts, facial recognition of consumers should only occur when an individual has affirmatively decided to allow it to occur. In recent NTIA meetings, however, industry stakeholders were unable to agree on any concrete scenario where companies should employ facial recognition only with a consumer's permission.

According to The Washington Post, the camel’s back broke last Thursday, at the NTIA’s 12th meeting on the issue.

Insiders told the newspaper that this is how it went down:

First, Alvaro Bedoya, the executive director of Georgetown University's Center on Privacy and Law, asked if companies could agree to making opt-in for facial recognition technology the default for when identifying people - meaning that if companies wanted to use someone's face to name them, the person would have to agree to it. No companies or trade associations would commit to that, according to multiple attendees at the meeting.

That’s right: not a single company would agree that consumers should have the say-so in facial recognition.

But while this industry/advocates collaboration on voluntary guidelines has fallen apart, the images companies are collecting without any federal direction haven’t gone anywhere.

Face-slurping companies include tech giants Facebook, Google and Apple.

For its part, Facebook is facing a class action lawsuit over facial recognition, started by an Illinois man who claims the social network violated state privacy laws by not providing him with written notification that his biometric data was being collected or stored.

Also in the mix are retailers, such as Wal-Mart, which love to spot who’s looking at what and for how long inside their stores.

In the UK, things are very similar: Tesco, the UK’s largest supermarket chain, in 2013 announced it was to install facial recognition technology in all 450 of its petrol station forecourts – all the better to target-market at you, my pretty.

The companies trying to hammer out guidelines in the US have turned away not only from the basic premise of opt-in, but also from a specific, concrete scenario of opt-in that was offered up by Justin Brookman, the director of the Center for Democracy & Technology’s consumer privacy project.

According to The Washington Post, Brookman sketched out the concrete scenario like so:

What if a company set up a camera on a public street and surreptitiously used it [to] identify people by name? Could companies agree to opt-in consent there?

The results were the same: not a single company went for opt-in, even under such specific circumstances.

Privacy advocates have said that their withdrawals from the multi-stakeholder process will be a fatal blow to the perceived legitimacy of the NTIA’s efforts, now that it’s just the foxes – as in, the companies implementing facial recognition – guarding the hen house (the hens being all us being surveilled).

But the NTIA says the talks will go on.

An agency spokesperson said this to The Washington Post:

NTIA is disappointed that some stakeholders have chosen to stop participating in our multi-stakeholder engagement process regarding privacy and commercial facial recognition technology. A substantial number of stakeholders want to continue the process and are establishing a working group that will tackle some of the thorniest privacy topics concerning facial recognition technology. The process is the strongest when all interested parties participate and are willing to engage on all issues.

The privacy advocates said in their letter that the barest minimum privacy expectation should be that we can simply walk down the street without our every movement being tracked and without then being identified by name, all thanks to the ever-more-sophisticated technology of facial recognition.

Unfortunately, we have been unable to obtain agreement even with that basic, specific premise. The position that companies never need to ask permission to use biometric identification is at odds with consumer expectations, current industry practices, as well as existing state law.

It might look good, at least on the surface, that the industry representatives are apparently playing ball by not walking away from the official guidelines-setting process.

But it’s hard to imagine anything privacy-positive coming out of that process now that the privacy advocates have walked away.

And without any guidelines, these companies will continue to use facial recognition in an unregulated environment.

– To the original:  

 

Hacking BIOS Chips isn’t just the NSA’s domain anymore

Monday, March 23rd, 2015

– I’m coming to believe that the only secrets left are the things in your head that you’ve never told another soul.  And I’m increasingly fearful that those who want to dominate our societies in the name of ‘security’ are developing the tools to disarm any who might try to organize against them.

– In the coming years, when the various dominator powers war against each other for global domination, those of us who understand little of these cyber wars will be like rats beneath the wheels of the passing chariots.

– As I see it, the only saving grace is that the type of intelligence it takes to participate in these wars is in no way exclusive to those with the urge to dominate.  But the Dominators do have the enviable advantage of money and organizational power.

– And note well, my friends, that nothing I’ve just said acknowledges in any way the other preeminent fact of our times – that our presence within, expansion into and carelessness with the natural environment around us is virtually certain to bring it down around our ears, unless we change our ways.

– Those going forward from here will increasingly live in ‘interesting times’.  We are truly at a pivot-point in human history and most of us are deeply asleep with regard to how fragile the world around us is becoming.

– dennis

= = = = = = = = = = = = = = = = = = = = = =

THE ABILITY TO hack the BIOS chip at the heart of every computer is no longer reserved for the NSA and other three-letter agencies.  Millions of machines contain basic BIOS vulnerabilities that let anyone with moderately sophisticated hacking skills compromise and control a system surreptitiously, according to two researchers.

The revelation comes two years after a catalogue of NSA spy tools leaked to journalists in Germany surprised everyone with its talk about the NSA’s efforts to infect BIOS firmware with malicious implants.

The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually scanned by them, spies can plant malware that remains live and undetected even if the computer’s operating system were wiped and re-installed.

BIOS-hacking until now has been largely the domain of advanced hackers like those of the NSA. But researchers Xeno Kovah and Corey Kallenberg presented a proof-of-concept attack today at the CanSecWest conference in Vancouver, showing how they could remotely infect the BIOS of multiple systems using a host of new vulnerabilities that took them just hours to uncover. They also found a way to gain high-level system privileges for their BIOS malware to undermine the security of specialized operating systems like Tails—used by journalists and activists for stealth communications and handling sensitive data.

Although most BIOS have protections to prevent unauthorized modifications, the researchers were able to bypass these to reflash the BIOS and implant their malicious code.

Kovah and Kallenberg recently left MITRE, a government contractor that conducts research for the Defense Department and other federal agencies, to launch LegbaCore, a firmware security consultancy. They note that the recent discovery of a firmware-hacking tool by Kaspersky Lab researchers makes it clear that firmware hacking like their BIOS demo is something the security community should be focusing on.

Because many BIOS share some of the same code, they were able to uncover vulnerabilities in 80 percent of the PCs they examined, including ones from Dell, Lenovo and HP. The vulnerabilities, which they’re calling incursion vulnerabilities, were so easy to find that they wrote a script to automate the process and eventually stopped counting the vulns it uncovered because there were too many.

“There’s one type of vulnerability, which there’s literally dozens of instances of it in every given BIOS,” says Kovah. They disclosed the vulnerabilities to the vendors and patches are in the works but have not yet been released. Kovah says, however, that even when vendors have produced BIOS patches in the past, few people have applied them.

“Because people haven’t been patching their BIOSes, all of the vulnerabilities that have been disclosed over the last couple of years are all open and available to an attacker,” he notes. “We spent the last couple of years at MITRE running around to companies trying to get them to do patches. They think BIOS is out of sight out of mind [because] they don’t hear a lot about it being attacked in the wild.”

An attacker could compromise the BIOS in two ways—through remote exploitation by delivering the attack code via a phishing email or some other method, or through physical interdiction of a system. In that case, the researchers found that if they had physical access to a system they could infect the BIOS on some machines in just two minutes. This highlights just how quickly and easy it would be, for example, for a government agent or law enforcement officer with a moment’s access to a system to compromise it.

Their malware, dubbed LightEater, uses the incursion vulnerabilities to break into and hijack the system management mode to gain escalated privileges on the system. System management mode, or SMM, is an operations mode in Intel processors that firmware uses to do certain functions with high-level system privileges that exceed even administrative and root-level privileges, Kovah notes. Using this mode, they can rewrite the contents of the BIOS chip to install an implant that gives them a persistent and stealth foothold. From there, they can install root kits and steal passwords and other data from the system.

But more significantly, SMM gives their malware the ability to read all data and code that appears in a machine’s memory. This would allow their malware, Kovah points out, to subvert any computer using the Tails operating system—the security and privacy-oriented operating system Edward Snowden and journalist Glenn Greenwald used to handle NSA documents Snowden leaked. By reading data in memory, they could steal the encryption key of a Tails user to unlock encrypted data or swipe files and other content as it appears in memory. Tails is meant to be run from a secure USB flash drive or other removable media—so that conceivably it won’t be affected by viruses or other malware that may have infected the computer. It operates in the computer’s memory and once the operating system is shut down, Tails scrubs the RAM to erase any traces of its activity. But because the LightEater malware uses the system management mode to read the contents of memory, it can grab the data while in memory before it gets scrubbed and store it in a safe place from which it can later be exfiltrated. And it can do this while all the while remaining stealth.

“Our SMM attacker lives in a place nobody checks today to see if there’s an attacker,” Kovah says. “System management mode can read everyone’s RAM, but nobody can read System Management Mode’s RAM.”

Such an attack shows, he says, that the operating system Snowden chose to protect himself can’t actually protect him from the NSA or anyone else who can design an attack like LightEater.

– To the original article:  

– research thanks to: K. M.

 

 

NSA hiding Equation spy program on hard drives

Wednesday, February 18th, 2015

– In 1999, Motorola, at my request, sent me to Silicon Valley for a week-long course in advanced Windows Win32 programming.  

– During this course, I remember talking with another participant; a young computer whiz who was from the NSA.  

– He talked about how they (the NSA computer guys) conducted red-team green-team battles to see who could infiltrate the other’s team’s computer systems.

– But the thing he talked about, that caught my interest the most, was when he said the hot new frontier was getting into firmware as a way of exerting control over computers remotely.  It was a new idea that immediately fascinated me but once he saw my interest, I think he realized that he might be talking too much and clammed up.  He avoided me for the rest of the week.

– The story, below, says that the technique of firmware infiltration may have been around since 2001.  I’m sure I heard the sound of the other shoe dropping when I read that.

– The article says:

It is not clear how the NSA may have obtained the hard drives’ source code. Western Digital spokesman Steve Shattuck said the company “has not provided its source code to government agencies.” The other hard drive makers would not say if they had shared their source code with the NSA.

– I don’t find it all that mysterous.  How hard would it be for the NSA to field computer-savvy agents directed to seek employment in these companies?  Or, as the article says, to require the companies to provide their source code to the NSA for security reviews before the U.S. Government will allow it to be used in U.S. facilities?

– Once the NSA has the firmware’s source code, they can modify it and then intercept the firm’s drives in shipment and refresh the firmware on the intercepted drives with the NSA’s new stuff …  that does everything the old firmware does … and a bit more.  

– The interception-during-shipment technique was outed over a year ago as being one of their favorite techniques though in that case it had to do with routers.

– dennis

= = = = = = = = = = = = = = = = = = = = = = = = =

The US National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world’s computers, according to cyber researchers and former operatives.

That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran’s uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.

A former NSA employee told Reuters that Kaspersky’s analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.

NSA spokeswoman Vanee Vines declined to comment.

Kaspersky published the technical details of its research on Monday, which should help infected institutions detect the spying programs, some of which trace back as far as 2001.

The disclosure could further hurt the NSA’s surveillance abilities, already damaged by massive leaks by former contractor Edward Snowden. Snowden’s revelations have hurt the United States’ relations with some allies and slowed the sales of US technology products abroad.

The exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China, which is already drafting regulations that would require most bank technology suppliers to proffer copies of their software code for inspection.

TECHNOLOGICAL BREAKTHROUGH

According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.

Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.

“The hardware will be able to infect the computer over and over,” lead Kaspersky researcher Costin Raiu said in an interview.

Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets, according to Raiu. He said Kaspersky found only a few especially high-value computers with the hard-drive infections.

Kaspersky’s reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital, Seagate, Toshiba, IBM, Micron Technology and Samsung.

Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment.

GETTING THE SOURCE CODE

Raiu said the authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.

“There is zero chance that someone could rewrite the [hard drive] operating system using public information,” Raiu said.

Concerns about access to source code flared after a series of high-profile cyberattacks on Google Inc and other US companies in 2009 that were blamed on China. Investigators have said they found evidence that the hackers gained access to source code from several big US tech and defense companies.

It is not clear how the NSA may have obtained the hard drives’ source code. Western Digital spokesman Steve Shattuck said the company “has not provided its source code to government agencies.” The other hard drive makers would not say if they had shared their source code with the NSA.

Seagate spokesman Clive Over said it has “secure measures to prevent tampering or reverse engineering of its firmware and other technologies.” Micron spokesman Daniel Francisco said the company took the security of its products seriously and “we are not aware of any instances of foreign code.”

According to former intelligence operatives, the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer. If a company wants to sell products to the Pentagon or another sensitive US agency, the government can request a security audit to make sure the source code is safe.

“They don’t admit it, but they do say, ‘We’re going to do an evaluation, we need the source code,'” said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. “It’s usually the NSA doing the evaluation, and it’s a pretty small leap to say they’re going to keep that source code.”

Kaspersky called the authors of the spying program “the Equation group,” named after their embrace of complex encryption formulas.

The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.

Fanny was like Stuxnet in that it exploited two of the same undisclosed software flaws, known as “zero days,” which strongly suggested collaboration by the authors, Raiu said. He added that it was “quite possible” that the Equation group used Fanny to scout out targets for Stuxnet in Iran and spread the virus.

– To the Original:  

As inequality soars, the nervous super rich are already planning their escapes

Monday, January 26th, 2015

Hedge fund managers are preparing getaways by buying airstrips and farms in remote areas, former hedge fund partner tells Davos during session on inequality

With growing inequality and the civil unrest from Ferguson and the Occupy protests fresh in people’s mind, the world’s super rich are already preparing for the consequences. At a packed session in Davos, former hedge fund director Robert Johnson revealed that worried hedge fund managers were already planning their escapes. “I know hedge fund managers all over the world who are buying airstrips and farms in places like New Zealand because they think they need a getaway,” he said.

Johnson, who heads the Institute of New Economic Thinking and was previously managing director at Soros, said societies can tolerate income inequality if the income floor is high enough. But with an existing system encouraging chief executives to take decisions solely on their profitability, even in the richest countries inequality is increasing.

Johnson added: “People need to know there are possibilities for their children – that they will have the same opportunity as anyone else. There is a wicked feedback loop. Politicians who get more money tend to use it to get more even money.”

Global warming and social media are among the trends the 600 super-smart World Economic Forum staffers told its members to watch out for long before they became ubiquitous. This year, income inequality is fast moving up the Davos agenda – a sure sign of it is poised to burst into the public consciousness.

Jim Wallis, founder of Sojourners and a Davos star attraction after giving the closing address in 2014, said he had spent a lot of time learning from the leaders behind recent social unrest in Ferguson. He believes that will prove “a catalytic event” which has already changed the conversation in the US, bringing a message from those who previously “didn’t matter”.

So what is the solution to having the new voices being sufficiently recognised to actually change the status quo into one where those with power realise they do matter?

Clarke said: “Solutions are there. What’s been lacking is political will. Politicians do not respond to those who don’t have a voice In the end this is all about redistributing income and power.”

She added: “Seventy five percent of people in developing countries live in places that are less equal than they were in 1990.”

The panellists were scathing about politicians, Wallis describing them as people who held up wet fingers “to see which way the money is blowing in from.”

Author, philosopher and former academic Rebecca Newberger-Goldstein saw the glass half full, drawing on history to prove society does eventually change for the better. She said Martin Luther King was correct in his view that the arch of history might be long, but it bends towards justice.

In ancient Greece, she noted, even the greatest moralists like Plato and Aristotle never criticised slavery. Newberger-Goldstein said: “We’ve come a long way as a species. The truth is now dawning that everybody matters because the concept of mattering is at the core of every human being.” Knowing you matter, she added, is often as simple as having others “acknowledge the pathos and reality of your stories. To listen.”

Mexican micro-lending entrepreneur Carlos Danel expanded on the theme. His business, Gentera, has thrived by working out that “those excluded are not the problem but realising there’s an opportunity to serve them.”

He added: “Technology provides advantages that can lower costs and enable us to provide products and services that matter to the people who don’t seem to matter to society. And that’s beyond financial services – into education and elsewhere.”

Which, Danel believes, is why business was created in the first place – to serve. A message that seemed to get lost somewhere in the worship of profit.

– To the original:

– Research thanks to Kierin M.

Powerful, highly stealthy Linux trojan may have infected victims for years

Wednesday, December 10th, 2014

Backdoor tied to espionage campaign that has targeted governments in 45 countries.

Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.

The previously undiscovered malware represents a missing puzzle piece tied to “Turla,” a so-called advanced persistent threat (APT) disclosed in August by Kaspersky Lab and Symantec. For at least four years, the campaign targeted government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. The unknown attackers—who are probably backed by a nation-state, according to Symantec—were known to have infected several hundred Windows-based computers by exploiting a variety of vulnerabilities, at least two of which were zero-day bugs. The malware was notable for its use of a rootkit that made it extremely hard to detect.

Now researchers from Moscow-based Kaspersky Lab have detected Linux-based malware used in the same campaign. Turla was already ranked as one of the top-tier APTs, in the same league as the recently disclosed Regin for instance. The discovery of the Linux component suggests it is bigger than previously thought and may presage the discovery of still more infected systems.

“The [Turla] operations are being carried out in broader environments than we previously knew,” Kaspersky Lab expert Kurt Baumgartner told Ars. “All the other stuff we’ve seen from Turla has been windows based. This piece of the puzzle shows us that they do not limit themselves.”

…More:  

 

Exposed: NSA program for hacking any cell phone network, no matter where it is

Monday, December 8th, 2014

– Worth noting how high the percentage is for New Zealand in the chart which you can find in the original article.

– dennis

= = = = = = = = = = = = = = = = = = = =

The National Security Agency has spied on hundreds of companies and groups around the world, including in countries allied with the US government, as part of an effort designed to allow agents to hack into any cellular network, no matter where it’s located, according to a report published Thursday.

Armed with technical details of a specific provider’s current or planned networks, agents secretly attempt to identify or introduce flaws that will make it possible for communications to be covertly tapped, according to an article published by The Intercept. Security experts warned that programs that introduce security flaws or suppress fixes for existing vulnerabilities could cause widespread harm, since the bugs can also be exploited by criminal hackers or governments of nations around the world.

“Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Karsten Nohl, a cryptographer and smartphone security expert, told The Intercept. “Because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”

t’s not the first time the US agency has been reported to introduce backdoors into widely used technologies. Last year documents provided by former NSA subcontractor Edward Snowden—the same source for documents supporting Thursday’s story by The Intercept—showed that the NSA worked with standards bodies to adopt encryption technologies with known vulnerabilities in them. Two weeks later, the RSA division of EMC warned customers to stop using the default configuration of its BSAFE BSAFE toolkit and Data Protection Manager because it contained code reported to contain an NSA-engineered vulnerability.

The program reported Thursday, codenamed AURORAGOLD, has monitored messages sent and received by more than 1,200 email accounts associated with large cell phone operators around the world. One surveillance target is the GSM Association (GSMA), a UK-based group that works with Microsoft, Facebook, AT&T, Cisco Systems, and many other companies to ensure their hardware and software related to cellular technology is compatible. At the same time the NSA has been monitoring the group, other arms of the US government has funded GSMA programs designed to boost privacy on mobile networks. According to The Intercept:

The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.”

Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.”

The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.”

The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.

Last year, The Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3.

The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption.

NSA documents show that AURORAGOLD focuses on collecting details about virtually all technical standards used by cell phone operators.

– to the original article:

 

 

US government planes collecting phone data

Tuesday, November 18th, 2014

– Remember the piece I posted not long ago entitled, “Crypto phones and dubious cell phone towers“, that was about unidentified cell towers scattered around the country soaking up data for unknown purposes?  

– Well, here’s another story along that line.

– dennis

= = = = = = = = = = = = = = = = = = = = =

Devices that gather data from millions of mobile phones are being flown over the US by the government, according to the Wall Street Journal.

The “dirtbox” devices mimic mobile phone tower transmissions, and handsets transmit back their location and unique identity data, the report claims.

While they are used to track specific suspects, all mobile devices in the area will respond to the signal.

The US Justice Department refused to confirm or deny the report.

The Wall Street Journal said it had spoken to “sources familiar with the programme” who said Cessna aircraft fitted with dirtboxes were flying from at least five US airports.

The department said that it operated within federal law.

– More…

 

Crypto phones and dubious cell phone towers

Thursday, September 4th, 2014

HackedPhoneMysterious Phony Cell Towers Could Be Intercepting Your Calls

Every smart phone has a secondary OS, which can be hijacked by high-tech hackers

Like many of the ultra-secure phones that have come to market in the wake of Edward Snowden’s leaks, the CryptoPhone 500, which is marketed in the U.S. by ESD America and built on top of an unassuming Samsung Galaxy SIII body, features high-powered encryption. Les Goldsmith, the CEO of ESD America, says the phone also runs a customized or “hardened” version of Android that removes 468 vulnerabilities that his engineering team team found in the stock installation of the OS.

His mobile security team also found that the version of the Android OS that comes standard on the Samsung Galaxy SIII leaks data to parts unknown 80-90 times every hour.  That doesn’t necessarily mean that the phone has been hacked, Goldmsith says, but the user can’t know whether the data is beaming out from a particular app, the OS, or an illicit piece of spyware.  His clients want real security and control over their device, and have the money to pay for it.

To show what the CryptoPhone can do that less expensive competitors cannot, he points me to a map that he and his customers have created, indicating 17 different phony cell towers known as “interceptors,” detected by the CryptoPhone 500 around the United States during the month of July alone. Once the phone connects with the interceptor, a variety of “over-the-air” attacks become possible, from eavesdropping on calls and texts to pushing spyware to the device.

“Interceptor use in the U.S. is much higher than people had anticipated,” Goldsmith says.  “One of our customers took a road trip from Florida to North Carolina and he found 8 different interceptors on that trip.  We even found one at South Point Casino in Las Vegas.”

– More…

– 16Sep14 – More on this story…

Why the Security of USB Is Fundamentally Broken

Monday, August 11th, 2014

– If you liked what I posted yesterday, you’l love today.

– dennis

= = = = = = = = = = = = = = = = = = =

Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it’s built into the core of how they work.

That’s the takeaway from findings security researchers Karsten Nohl and Jakob Lell plan to present next week, demonstrating a collection of proof-of-concept malicious software that highlights how the security of USB devices has long been fundamentally broken. The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.

“These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. “We’re exploiting the very way that USB is designed.”

‘IN THIS NEW WAY OF THINKING, YOU HAVE TO CONSIDER A USB INFECTED AND THROW IT AWAY AS SOON AS IT TOUCHES A NON-TRUSTED COMPUTER.’

Nohl and Lell, researchers for the security consultancy SR Labs, are hardly the first to point out that USB devices can store and spread malware. But the two hackers didn’t merely copy their own custom-coded infections into USB devices’ memory. They spent months reverse engineering the firmware that runs the basic communication functions of USB devices—the controller chips that allow the devices to communicate with a PC and let users move files on and off of them. Their central finding is that USB firmware, which exists in varying forms in all USB devices, can be reprogrammed to hide attack code. “You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s ‘clean,’” says Nohl. But unless the IT guy has the reverse engineering skills to find and analyze that firmware, “the cleaning process doesn’t even touch the files we’re talking about.”

The problem isn’t limited to thumb drives. All manner of USB devices from keyboards and mice to smartphones have firmware that can be reprogrammed—in addition to USB memory sticks, Nohl and Lell say they’ve also tested their attack on an Android handset plugged into a PC. And once a BadUSB-infected device is connected to a computer, Nohl and Lell describe a grab bag of evil tricks it can play. It can, for example, replace software being installed with with a corrupted or backdoored version. It can even impersonate a USB keyboard to suddenly start typing commands. “It can do whatever you can do with a keyboard, which is basically everything a computer does,” says Nohl.

The malware can silently hijack internet traffic too, changing a computer’s DNS settings to siphon traffic to any servers it pleases. Or if the code is planted on a phone or another device with an internet connection, it can act as a man-in-the-middle, secretly spying on communications as it relays them from the victim’s machine.

Most of us learned long ago not to run executable files from sketchy USB sticks. But old-fashioned USB hygiene can’t stop this newer flavor of infection: Even if users are aware of the potential for attacks, ensuring that their USB’s firmware hasn’t been tampered with is nearly impossible. The devices don’t have a restriction known as “code-signing,” a countermeasure that would make sure any new code added to the device has the unforgeable cryptographic signature of its manufacturer. There’s not even any trusted USB firmware to compare the code against.

The element of Nohl and Lell’s research that elevates it above the average theoretical threat is the notion that the infection can travel both from computer to USB and vice versa. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, with no easy way for the USB device’s owner to detect it. And likewise, any USB device could silently infect a user’s computer. “It goes both ways,” Nohl says. “Nobody can trust anybody.”

– More…

 

Leaked docs show spyware used to snoop on US computers

Sunday, August 10th, 2014

– Truly, I think we have less and less of a chance to keep our computers secure and our communications private.  If we haven’t been hacked, it is only because there are so many of us and so few hackers/criminals to go around.   Or it’s because we have not sufficiently irritated someone in the officialdom enclosing us.

– Personally, I am considering setting up from scratch (wipe the disk and install a virgin copy of the operating system) one specific computer for my essential banking and financial activities.   This machine would be only used for these activities and nothing else.  I’ll keep its anti-vius and malware defenses fully updated and, when I am not using it, it will be turned off and disconnected.   And, when I do use it, I will shut off and disconnect the other systems on my LAN in case they are infected.

– I’m also considering changing all my passwords as well.

– Paranoid or playing the odds?  I think it is hard to tell but the saying ‘better safe than sorry’ does come to mind.

– And should I not worry so much and simply assume that my government will look out for me?  

– I Don’t think so.  They are too busy doing the bidding the corporate world.  And I am irrelevant to the corporate world useless they can use me  somehow to increase their profits.

– Nope, other than me, nobody else has my back on this.  And those who think it isn’t so will eventually find out the truth the hard way.

– dennis

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

imagesSoftware created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica.

It’s not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.

The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma’s software to spy on dissidents, journalists, and activist groups.

The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. “I think it’s highly unlikely that it’s a fake,” said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group’s software and who authored an article about the leak on Thursday.

The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.

Gamma has not commented publicly on the authenticity of the documents. A phone number listed on a Gamma Group website was disconnected. Gamma Group did not respond to e-mail requests for comment.

The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how touse Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets’ computers and cell phones.

price list included in the trove lists a license of the software at almost $4 million.

The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer “exploits.”

Exploits include techniques called “zero days” for “popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more.” Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.

Vupen has said publicly that it only sells its exploits to governments, but Gamma may have no such scruples. “Gamma is an independent company that is not bound to any country, governmental organisation, etc.,” says one file in the Gamma Group’s material. At least one Gamma customer listed in the materials is a private security company.

Vupen didn’t respond to a request for comment.

Many of Gamma’s product brochures have previously been published by the Wall Street Journal andWikileaks, but the latest trove shows how the products are getting more sophisticated.

In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user’s machine, and found that it could not be blocked by most antivirus software.

Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft’s Bitlocker.

Mike Janke, the CEO of Silent Circle, said in an e-mail that “we have serious doubts about if they were going to be successful” in circumventing the phone software and that Silent Circle is working on bulletproofing its app.

Microsoft did not respond to a request for comment.

The documents also describe a “country-wide” surveillance product called FinFly ISP which promises customers the ability to intercept Internet traffic and masquerade as ordinary websites in order to install malware on a target’s computer.

The most recent date-stamp found in the documents is August 2, coincidung with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack and may be run by the hacker or hackers responsible for the leak.

On Reddit, a user called PhineasFisher claimed responsibility for the leak. “Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents,” the user wrote. The name on the @GammaGroupPR Twitter account is also “Phineas Fisher.”

GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company’s malware was used to target activists in Bahrain.

In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.

– To the original: