« | Home | Recent Comments | Categories | »

German researchers discover a flaw that could let anyone listen to your cell calls.

Posted on December 19th, 2014 at 15:46 by John Sinteur in category: Do you feel safer yet?, Privacy, Security

[Quote]:

German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.

The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.


Write a comment

Comments:

  1. SS7 is a published protocol – it’s not really complicated although there’s a lot of it. There is a protocol conversion once mobile calls get into the “real” network, so it’s not a cause for mass panic. The data they’re concerned with is “just” signalling data.

    Presumably if you can make a device spoof a mobile phones’ data interchange to a tower you can find out roughly where any mobile phone is without setting up a call (part of the signalling protocol). And presumably listening in on mobile calls or getting/sending text messages is simple as long as you are in range of the phone or a tower.

    It’s probably of limited surveillance use unless you are able to spoof the law enforcement inter-office intercept protocol, when you can have masses of calls automatically recorded or forwarded wherever; but that’s under local central office control and unlikely.

    As for hacking call forwarding for a double hop, you can’t forward a call to a number that is already forwarded to you, and you couldn’t pick up outbound calls without being in range, so something is not quite right about that explanation.

Congress Just Passed Legislation Ramping Up Mass Surveillance to Super-Steroid Levels

Posted on December 15th, 2014 at 11:44 by John Sinteur in category: Do you feel safer yet?, Privacy

[Quote]:

When I learned that the Intelligence Authorization Act for FY 2015 was being rushed to the floor for a vote—with little debate and only a voice vote expected (i.e., simply declared “passed” with almost nobody in the room)—I asked my legislative staff to quickly review the bill for unusual language. What they discovered is one of the most egregious sections of law I’ve encountered during my time as a representative: It grants the executive branch virtually unlimited access to the communications of every American.


Write a comment

ISPs Removing Their Customers’ Email Encryption

Posted on November 14th, 2014 at 11:13 by John Sinteur in category: Privacy, Security

[Quote]:

Recently, Verizon was caught tampering with its customer’s web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers’ data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco’s PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.


Write a comment

A creepy website is streaming from 73,000 cameras; some in the bedroom

Posted on November 7th, 2014 at 15:46 by John Sinteur in category: Privacy, Security

[Quote]:

A strange looking website is letting anyone in the world stream from more than 73,000 IP cameras whose respective owners have not yet changed their default passwords. Whether or not this website is highlighting an important security problem as they are claiming to do, this appears to be a serious breach of privacy.

Insecam has access to more than 73,000 cameras all around the globe which includes more than 11,000 cameras in the United States, 6500 in Republic of Korea and almost 5000 in China. Even though the website states that it is trying to emphasize on an important security issue, it is clearly profiting from advertisements as well.


Write a comment

Glenn Greenwald and Snowden: ‘Nobody Should Use Facebook’

Posted on November 4th, 2014 at 18:02 by John Sinteur in category: Privacy

[Quote]:

During a Q&A in Canada, Glenn Greenwald was asked why his colleague and NSA whistleblower, Edward Snowden, wasn’t on any of the social media platforms — i.e., Facebook — and Greenwald didn’t mince words.

“He doesn’t use Facebook because he hates Facebook,” he said. “They’re one of the worst violators of privacy in history. Nobody should use Facebook.”


Write a comment

Simple test page for Cellular ISP tracking beacons

Posted on October 28th, 2014 at 9:43 by John Sinteur in category: Privacy

[Quote]:

If there is a value in the Broadcast UID field at the top of this page, your carrier is sending active tracking beacons to every web site you visit.

Note: Viewing this page with Mobile Chrome or Flipboard can mask tracking beacons.

For technical details, see Jonathan Mayer’s post or recent coverage at Wired.

Update: My original motivation for this test page arose after reading several ad industry write-ups on Verizon’s PrecisionID technology and practices, in particular the fact that in most cases, even after opting out of marketing options via Privacy settings, Verizon continues to inject trackers to every HTTP connection made from your device, whether it’s an Access Point, mobile hotspot, tablet or mobile phone.


Write a comment

Comments:

  1. Vodacom in South Africa was adding customers’ IMEI and mobile phone number to the headers of every http request. Yowch.

  2. tested t-mobile here in NL, no headers. Will test telfort in a few days..

  3. Yeah nothing with T-Mo in the US either as far as I saw.

Grooming Students for A Lifetime of Surveillance

Posted on October 14th, 2014 at 19:25 by John Sinteur in category: Privacy

[Quote]:

Since 2011, billions of dollars of venture capital investment have poured into public education through private, for-profit technologies that promise to revolutionize education. Designed for the “21st century” classroom, these tools promise to remedy the many, many societal ills facing public education with artificial intelligence, machine learning, data mining, and other technological advancements.

They are also being used to track and record every move students make in the classroom, grooming students for a lifetime of surveillance and turning education into one of the most data-intensive industries on the face of the earth.


Write a comment

Comments:

  1. Sure, if grading student work had not been invented yet and proposed today then someone would describe it as a nefarious plot to groom students to accept being reduced to a number and aimed to reduce students’ self-confidence.

  2. On the other hand, a MOOC approach to teaching is a great idea, and people could do that from home. Why build schools at all?

  3. Of course all of this would not have happened if they’d stuck with the cardboard computer: https://www.cs.drexel.edu/~bls96/museum/cardiac.html

  4. @pete: That’s wonderful! Thanks.

Spies can access my metadata, so why can’t I? My 15-month legal battle with Telstra

Posted on October 14th, 2014 at 0:13 by John Sinteur in category: Privacy

[Quote]:

After former US National Security Agency contractor Edward Snowden leaked thousands of top-secret documents revealing the extent of spying by the US and other “Five Eyes” agencies, including ones in Australia, I decided it was time to see if I could access what they could on me from my telco.

So I asked Telstra to provide me with all of the metadata it had stored about my mobile phone account, informing them that they had a duty to do this under the Privacy Act’s National Privacy Principles, which gives Australian citizens a right of access to their “personal information” from a company, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.

After about a month of back and forth phone calls chasing up a response, Telstra refused me access, saying I needed a subpoena to access the data. A subpoena is a writ usually issued by a court with authority to compel production of evidence under a penalty for failure.

As I didn’t have the cash to sue Telstra and get a court to issue a writ, I complained to the federal privacy commissioner, claiming Telstra was in breach of the Privacy Act.


Write a comment

Adobe is Spying on Users, Collecting Data on Their eBook Libraries

Posted on October 7th, 2014 at 14:04 by John Sinteur in category: Privacy

[Quote]:

Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.

I am not joking; Adobe is not only logging what users are doing, they’re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything,

But wait, there’s more.

Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.

In. Plain. Text.

And just to be clear, this includes not just ebooks I opened in DE4, but also ebooks I store in calibre and every Epub ebook I happen to have sitting on my hard disk.


Write a comment

Comments:

  1. Adobe stupid? I’ve said that before (their products drove me from the field in tears).

    I can’t really understand why they’d bother unless it is some kind of feature:
    “Here’s a list of all those ebooks you forgot you had…”

  2. I was at first not at all excited about app sandboxing on OS X, but I’m starting to warm up to the idea.

FBI Director Angry At Homebuilders For Putting Up Walls That Hide Any Crimes Therein

Posted on September 27th, 2014 at 9:36 by John Sinteur in category: Boo hoo poor you, Privacy, Security

[Quote]:

On Thursday, FBI boss James Comey displayed not only a weak understanding of privacy and encryption, but also what the phrase “above the law” means, in slamming Apple and Google for making encryption a default:


“I am a huge believer in the rule of law, but I am also a believer that no one in this country is above the law,” Comey told reporters at FBI headquarters in Washington. “What concerns me about this is companies marketing something expressly to allow people to place themselves above the law.”

[….]

“There will come a day — well it comes every day in this business — when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper’s or a terrorist or a criminal’s device. I just want to make sure we have a good conversation in this country before that day comes. I’d hate to have people look at me and say, ‘Well how come you can’t save this kid,’ ‘how come you can’t do this thing.'”

First of all, nothing in what either Apple or Google is doing puts anyone “above the law.” It just says that those companies are better protecting the privacy of their users. There are lots of things that make law enforcement’s job harder that also better protect everyone’s privacy. That includes walls. If only there were no walls, it would be much easier to spot crimes being committed. And I’m sure some crimes happen behind walls that make it difficult for the FBI to track down what happened. But we don’t see James Comey claiming that homebuilders are allowing people to be “above the law” by building houses with walls.


Write a comment

The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud

Posted on September 3rd, 2014 at 10:18 by John Sinteur in category: Apple, Do you feel safer yet?, Privacy, Security

[Quote]:

As nude celebrity photos spilled onto the web over the weekend, blame for the scandal has rotated from the scumbag hackers who stole the images to a researcher who released a tool used to crack victims’ iCloud passwords to Apple, whose security flaws may have made that cracking exploit possible in the first place. But one step in the hackers’ sext-stealing playbook has been ignored—a piece of software designed to let cops and spies siphon data from iPhones, but is instead being used by pervy criminals themselves.

On the web forum Anon-IB, one of the most popular anonymous image boards for posting stolen nude selfies, hackers openly discuss using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims’ data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com. And as of Tuesday, it was still being used to steal revealing photos and post them on Anon-IB’s forum.

[..]

The fact that Apple isn’t complicit in law enforcement’s use of Elcomsoft’s for surveillance doesn’t make the tool any less dangerous, argues Matt Blaze, a computer science professor at the University of Pennsylvania and frequent critic of government spying methods. “What this demonstrates is that even without explicit backdoors, law enforcement has powerful tools that might not always stay inside law enforcement,” he says. “You have to ask if you trust law enforcement. But even if you do trust law enforcement, you have to ask whether other people will get access to these tools, and how they’ll use them.”


Write a comment

Apple Issues Media Advisory Related to Celebrity Photo Theft

Posted on September 3rd, 2014 at 0:11 by John Sinteur in category: Apple, Privacy, Security

[Quote]:

Apple issued a media advisory related to recent celebrity photo theft, saying the accounts were compromised by a very targeted attack on users names, password and security questions and was not related to any breach of Apple’s systems, including iCloud.

Over the weekend a number of nude celebrity photos appeared online. Jennifer Lawrence, Kate Upton, Lea Michele, Victoria Justice and Kirsten Dunst all had their photos comprised, among others.

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website athttp://support.apple.com/kb/ht4232.

If you are a celebrity, it’s more likely that people know the name of your first pet, or your mothers maiden name…


Write a comment

Comments:

  1. Right John, it is why I advise people to make up random letters and numbers for those all too frequently used security questions. Also, never use the same answer twice.

Entirety Of Man’s Personal Data Protected By Reference To Third Season Of ‘The West Wing’

Posted on August 26th, 2014 at 17:21 by John Sinteur in category: Privacy, Security

[Quote]:

Online sources confirmed Wednesday that every piece of 34-year-old Mark O’Connell’s personal data is currently protected by a reference to the third season of long-running NBC political drama The West Wing. Reports indicate that the reference, derived from the name of a guest character in an early-season episode of the Aaron Sorkin drama that went off the air in 2006, is, at present, all that stands in the way of strangers gaining total access to intimate details of the automotive insurance agent’s personal, professional, and financial life. In particular, sources noted that the security of everything from O’Connell’s banking and credit card accounts, to proprietary documents from his work, to his social media profiles, to all of his email correspondence, rests solely on the wry nod to a scene during the Emmy-nominated episode “On The Day Before,” in which the White House staff hosts a dinner for several Nobel laureates while President Bartlet works to veto an estate tax bill. Those close to the situation, however, noted that some of O’Connell’s most sensitive information is safeguarded by a secondary layer of protection in the form of a security question about his favorite character from Sports Night.


Write a comment

Comments:

  1. I know that episode. Wonder if I could get all of his goodies.

Why surveillance companies hate the iPhone

Posted on August 12th, 2014 at 10:59 by John Sinteur in category: Privacy, Security

[Quote]:

The secrets of one of the world’s most prominent surveillance companies, Gamma Group, spilled onto the Internet last week, courtesy of an anonymous leaker who appears to have gained access to sensitive corporate documents. And while they provide illuminating details about the capabilities of Gamma’s many spy tools, perhaps the most surprising revelation is about something the company is unable to do: It can’t hack into your typical iPhone.

Android phones, some Blackberries and phones running older Microsoft operating systems all are vulnerable to Gamma’s spyware, called FinSpy, which can turn your smart phone into a potent surveillance device. Users of the spyware are capable of listening to calls on targeted devices, stealing contacts, activating the microphone, tracking your location and more. But for FinSpy to hack into an iPhone, its owner must have already stripped away much of its built-in security through a process called “jailbreaking.” No jailbreak, no FinSpy on your iPhone, at least according to a leaked Gamma document dated April 2014.


Write a comment

Google to Tie Mobile Web, App Trackers for Ad Targeting

Posted on August 8th, 2014 at 22:37 by John Sinteur in category: If you're in marketing, kill yourself, Privacy

[Quote]:

Google has come up with a way to overcome the ad-targeting gap between mobile web visitors and mobile app users, according to people familiar with the matter.

The online ad giant is set to begin testing a new method of targeting tablet and smartphone users that connects the separate tracking mechanisms that follow what people do on the mobile web and in mobile apps respectively, the people said. Until now, advertisers have usually been forced to treat individual mobile users as two unconnected people, depending on whether they are using a mobile browser or apps.

A Google spokesman confirmed the effort. “As an alternative to less transparent methods, we’re doing some tests to help businesses run consistent ad campaigns across a device’s mobile browser and mobile apps, using existing anonymous identifiers, while enabling people to use the established privacy controls on Android and iOS,” the spokesman said in an email.

The targeting method relies on Google’s two-million-plus network of third-party sites and its mobile app ad network AdMob, which is able to track and serve ads to users of hundreds of thousands of mobile apps across Apple’s iOS and Google’s Android mobile operating systems.


Write a comment

The Social Laboratory

Posted on August 8th, 2014 at 8:06 by John Sinteur in category: Privacy, Security

[Quote]:

When Peter Ho, the senior defense official, met with John Poindexter back in 2002 about the Total Information Awareness program, Poindexter suggested that Singapore would face a much easier time installing a big-data analysis system than he had in the United States, because Singapore’s privacy laws were so much more permissive. But Ho replied that the law wasn’t the only consideration. The public’s acceptance of government programs and policies was not absolute, particularly when it came to those that impinged on people’s rights and privileges.

It sounds like an accurate forecast. In this tiny laboratory of big-data mining, the experiment is yielding an unexpected result: The more time Singaporeans spend online, the more they read, the more they share their thoughts with each other and their government, the more they’ve come to realize that Singapore’s light-touch repression is not entirely normal among developed, democratic countries — and that their government is not infallible. To the extent that Singapore is a model for other countries to follow, it may tell them more about the limits of big data and that not every problem can be predicted.


Write a comment

Comments:

  1. Interesting. Not much mention that they are yet trying to manipulate public opinion.

    Another thought: The idea that perpetual growth in an economy is necessary and desirable seems to be unquestioningly accepted, by everyone. At some point humans will have to manage population growth so that a fertility rate of 1.2 is good.

How your innocent smartphone passes on almost your entire life to the secret service

Posted on August 5th, 2014 at 18:52 by John Sinteur in category: Privacy

[Quote]:

Intelligence services collect metadata on the communication of all citizens. Politicians would have us believe that this data doesn’t say all that much. A reader of De Correspondent put this to the test and demonstrated otherwise: metadata reveals a lot more about your life than you think.


Write a comment

Comments:

  1. Will it be a crime to leave the phone at home or to forget to charge it?

  2. @Sue – Yes. Grounds for immediate detention and reprogramming at Facebook re-education camp.

Meet Executive Order 12333: The Reagan rule that lets the NSA spy on Americans

Posted on July 19th, 2014 at 13:11 by John Sinteur in category: Privacy

[Quote]:

U.S. communications increasingly travel across U.S. borders — or are stored beyond them. For example, the Google and Yahoo e-mail systems rely on networks of “mirror” servers located throughout the world. An e-mail from New York to New Jersey is likely to wind up on servers in Brazil, Japan and Britain. The same is true for most purely domestic communications.

Executive Order 12333 contains nothing to prevent the NSA from collecting and storing all such communications — content as well as metadata — provided that such collection occurs outside the United States in the course of a lawful foreign intelligence investigation. No warrant or court approval is required, and such collection never need be reported to Congress. None of the reforms that Obama announced earlier this year will affect such collection.


Write a comment

Comments:

  1. They’ve been spying on us since Raygun? It didn’t seem to do any good. Why are we still wasting money on it?

  2. @chas: You can’t stop now. Can’t stop ever. This ratchet only goes one way…If they stopped, and then there was the inevitable “incident” there would be political hell to pay.

UN: Nations hide rise in private digital snooping

Posted on July 16th, 2014 at 22:06 by John Sinteur in category: Privacy

[Quote]:

Governments on every continent are hiding an increasing reliance on private companies to snoop on citizens’ digital lives, the U.N. human rights office said Wednesday.

Stepping into a fierce debate over digital privacy rights, the U.N. office says it has strong evidence of a growing complicity among private companies in government spying. It says governments around the world are using both the law and covert methods to access private content and metadata.

U.N. High Commissioner for Human Rights Navi Pillay said the lack of transparency and tactics extend to governments’ ”de facto coercion of companies to gain broad access to information and data on citizens without them knowing.”

Her office’s report to the U.N. General Assembly says concerns about the erosion in privacy have increased since last year’s revelations of U.S. and British mass surveillance. The report said stricter laws are needed to prevent violations and ensure accountability when digital technology and surveillance is misused. It warned that mass surveillance is becoming “a dangerous habit rather than an exceptional measure.”


Write a comment

The ultimate goal of the NSA is total population control

Posted on July 11th, 2014 at 17:03 by John Sinteur in category: Do you feel safer yet?, Privacy, Security

[Quote]:

William Binney is one of the highest-level whistleblowers to ever emerge from the NSA. He was a leading code-breaker against the Soviet Union during the Cold War but resigned soon after September 11, disgusted by Washington’s move towards mass surveillance.

On 5 July he spoke at a conference in London organised by the Centre for Investigative Journalism and revealed the extent of the surveillance programs unleashed by the Bush and Obama administrations.

“At least 80% of fibre-optic cables globally go via the US”, Binney said. “This is no accident and allows the US to view all communication coming in. At least 80% of all audio calls, not just metadata, are recorded and stored in the US. The NSA lies about what it stores.”


Write a comment

Comments:

  1. Population control? That would be a good thing, imo.

Jamming XKeyScore

Posted on July 6th, 2014 at 14:08 by John Sinteur in category: Privacy, Security

[Quote]:

Back in the day there was talk about “jamming echelon” by adding keywords to email that the echelon system was supposedly looking for. We can do the same thing for XKeyScore: jam the system with more information than it can handle.


Write a comment

Comments:

  1. And given what we learned recently, if you even read that article, you’ll be added to the list of people to be monitored.

  2. Got added to their monitoring list, I dont give a sh…. on it.

Von der NSA als Extremist gebrandmarkt

Posted on July 3rd, 2014 at 13:53 by John Sinteur in category: Privacy, Security

[Quote]:

Ironischerweise sind es nach den speziellen Regeln, die NDR und WDR vorliegen, also ausgerechnet Personen mit dem Wunsch nach Anonymisierung, die zum Ziel der NSA werden. In den Augen des Geheimdienstes: Extremisten. Das ist keine Rhetorik, keine journalistische Zuspitzung. Der Begriff befindet sich sogar in der Kommentarspalte des Quelltexts, notiert von Programmierern der NSA.

Extremisten? Das Gegenteil ist der Fall, wie die Recherchen zeigen. Die deutschen Opfer sind politisch keinesfalls am äußeren Rand zu finden. Extrem sind sie allein in einem Punkt: Sie sind besorgt um die Sicherheit ihrer Daten. Und genau das macht sie in den Augen des US-Geheimdienstes verdächtig.

[..]

Darko Medic, 18, kurze braune Haare, sitzt vor seinem Laptop. Er gibt “Tails” und “USB” in die Maske seiner Suchmaschine ein. Was Darko nicht weiß: Er ist damit gerade ebenfalls in einer Datenbank der NSA gelandet. Markiert als einer der Extremisten, nach denen die Geheimdienstler so fleißig suchen.

Denn was die Regeln des Quellcodes ebenfalls verraten: Die NSA beobachtet im großen Stil die Suchanfragen weltweit – auch in Deutschland. Allein schon die einfache Suche nach Verschlüsselungssoftware wie “Tails” reicht aus, um ins Raster der NSA zu geraten. Die Verbindung der Anfrage mit Suchmaschinen macht verdächtig. Seine Suche nach “Tails” öffnet eine Tür, einen Zugang zu Darko und seiner Welt. Einmal in der Datenbank, kann jede Anfrage von Darko gezielt abgerufen werden. Darko ist unter Beobachtung.


Write a comment

Privacy board backs NSA’s foreign spying

Posted on July 2nd, 2014 at 7:49 by John Sinteur in category: Privacy, Security

[Quote]:

A federal privacy watchdog is largely putting its support behind a major pillar of the National Security Agency’s foreign snooping.

A draft version of a new Privacy and Civil Liberties Oversight Board (PCLOB) report released late Tuesday said that NSA programs targeting foreigners are effective, legal and show “no trace” of “illegitimate activity,” though some changes should be made to better protect Americans’ privacy.

The conclusion stands in stark contrast to a previous blistering report from the PCLOB, which ruled the NSA’s bulk collection of Americans’ phone records illegal earlier this year.

Makes you wonder what kind of dirt does the NSA has on the board members…


Write a comment

Comments:

  1. Ever since Obama reversed his opposition to FISA as Senator, and his behavior as POTUS, I have wondering what the NSA has on him?

  2. Surely it’s simpler to assume evil than conspiracy :-)

  3. Even a “vast right-wing” one…

NSA soll auch Merkels neues Handy abgehört haben

Posted on June 30th, 2014 at 9:51 by John Sinteur in category: Privacy, Security

[Quote]:

In Sachen Ausspähen scheint die NSA wieder einen Schritt voraus zu sein: Medienberichten zufolge belauscht der amerikanische Geheimdienst auch das neue Krypto-Handy der Kanzlerin.

Nach Bekanntwerden des NSA-Lauschangriffs auf die Bundesregierung sollten neue Verschlüsselungs-Smartphones des Typs BlackBerry 10 die Gespräche der Kanzlerin und ihres Kabinetts vor unbefugtem Mithören schützen. Doch der amerikanische Geheimdienst hat auch die neuen Krypto-Telefone bereits entschlüsselt, berichtet die “Bild am Sonntag”. Ein ranghoher Mitarbeiter des US-Geheimdienstes in Deutschland habe das bestätigt. “Die technischen Veränderungen beeinträchtigen unsere Arbeit nicht” sagte der Abhör-Spezialist der Bild.

The million dollar question is now how the nsa got access to the new blackberry+secusmart…

And to go above the million dollar prize… I find it hard to believe the german government is stupid enough to buy an enhanced version of an insecure and subverted platform. If I were Merkel I would wonder who gave me this advice. Why not follow the same path as the French did – have a local defense contractor do a limited edition modification of the german cryptophone.

And for us peons, it’s safe to assume our smartphone usage is unsecurable and act accordingly.


Write a comment

Poorly anonymized logs reveal NYC cab drivers’ detailed whereabouts

Posted on June 27th, 2014 at 0:03 by John Sinteur in category: Privacy, Security

[Quote]:

In the latest gaffe to demonstrate the privacy perils of anonymized data, New York City officials have inadvertently revealed the detailed comings and goings of individual taxi drivers over more than 173 million trips.

City officials released the data in response to a public records request and specifically obscured the drivers’ hack license numbers and medallion numbers. Rather than including those numbers in plaintext, the 20 gigabyte file contained one-way cryptographic hashes using the MD5 algorithm. Instead of a record showing medallion number 9Y99 or hack number 5296319, for example, those numbers were converted to 71b9c3f3ee5efb81ca05e9b90c91c88f and 98c2b1aeb8d40ff826c6f1580a600853, respectively. Because they’re one-way hashes, they can’t be mathematically converted back into their original values. Presumably, officials used the hashes to preserve the privacy of individual drivers since the records provide a detailed view of their locations and work performance over an extended period of time.

It turns out there’s a significant flaw in the approach. Because both the medallion and hack numbers are structured in predictable patterns, it was trivial to run all possible iterations through the same MD5 algorithm and then compare the output to the data contained in the 20GB file. Software developer Vijay Pandurangan did just that, and in less than two hours he had completely de-anonymized all 173 million entries.


Write a comment

US to extend privacy protection rights to EU citizens

Posted on June 26th, 2014 at 7:59 by John Sinteur in category: Privacy, Security

[Quote]:

The Obama administration has caved in to pressure from the European Union in the wake of Edward Snowden’s revelations on surveillance by promising to pass legislation granting European citizens many of the privacy protection rights enjoyed by US citizens.

The proposed law would apply to data on European citizens being transferred to the US for what Washington says is law enforcement purposes.

So they are going to lie to us in the exact same way they lie to their own citizens. Not much of an improvement.

Holder said: “The Obama administration is committed to seeking legislation that would ensure that … EU citizens would have the same right to seek judicial redress for intentional or wilful disclosures of protected information and for refusal to grant access or to rectify any errors in that information, as would a US citizen under the Privacy Act.

So, in practice, none at all.


Write a comment

Comments:

  1. On this matter the Obama administration is totally untrustworthy. The software companies are aware that this is damaging to them – at least they say so publicly.
    This is one good reason to avoid the products of major American software giants, the knowledge that personal communications on mobile phones or on Facebook and other social media sites are routinely monitored by GCHQ, NSA and presumably others – they can’t be alone surely – is profoundly disquieting.

    On the plus side this business is a great money spinner for the encryption industry.

  2. The real problem here is the unending surveillance is a huge waste of money, my tax money.

  3. @chas: Absolutely! However, I don’t see that any of today’s political leaders could bring themselves to slacken off the surveillance. There is no major political cost to keeping the police state but it could be difficult for the person that decides to cancel the program if there was another major atrocity (which will happens eventually, anyway).

    There are a lot of jobs in the police state too. Think of it as a government make-work program. Instead of shovels, they get to wear flak jackets and carry guns

Supreme Court Says Phones Can’t Be Searched Without a Warrant

Posted on June 25th, 2014 at 22:52 by John Sinteur in category: Privacy

[Quote]:

In a major statement on privacy rights in the digital age, the Supreme Court on Wednesday unanimously ruled that the police need warrants to search the cellphones of people they arrest.


Write a comment

Comments:

  1. …and there’s a vending machine selling those just around the corner…

  2. …and a lower federal court ruled that the secret No-Fly list is unconstitutional.

  3. Well, even a broken clock is correct twice a day…

New leaks show Germany’s collusion with NSA

Posted on June 22nd, 2014 at 15:24 by John Sinteur in category: Privacy, Security

[Quote]:

This week German news magazine Der Spiegel published the largest single set of files leaked by whistleblower and former US National Security Agency contractor Edward Snowden. The roughly 50 documents show the depth of the German intelligence agencies’ collusion with the NSA.

They suggest that the German Intelligence Agency (BND), the country’s foreign spy agency, and the Office for the Protection of the Constitution (BfV), the German domestic spy agency, worked more closely with the NSA than they have admitted – and more than many observers thought.

[..]

Among its “success stories,” the documents praise how the German government was able to weaken the public’s protection from surveillance. “The German government has changed its interpretation of the G10 law, which protects German citizens’ communications, to allow the BND to be more flexible with the sharing of protected information with foreign partners.” Germany’s G10 law regulates in what circumstances its intelligence agencies are allowed to break Article 10 of the German constitution, which guarantees the privacy of letters and telecommunications.


Write a comment

Comments:

  1. They have a law guaranteeing privacy? Why don’t we (USA) have a law like that?

  2. In light of those documents, chas, what’s the difference between US privacy and German “guaranteed” privacy?

  3. The problem is not that there are no laws against this kind of thing, but that the Authorities think that flouting such laws is A-OK and that subjecting us all to arbitrary measures is fine.

  4. Building on what Sue said, the big problem is that True Believers will always believe that their goal justifies breaking the rules, or that the current situation is an exception that the rule makers couldn’t have predicted, so clearly the rules shouldn’t apply.

    A (pardon the pun) canonical example is Lying for Jesus, http://rationalwiki.org/wiki/Lying_for_Jesus

    The background philosophical issue is whether rules are specific (imperfect) expressions of underlying ideals, and more importantly, if some of those ideals are more important than others. Clearly there are some Authorities who believe that Freedom requires Security, so those who threaten Security forfeit their Freedom.

    So the big question is: does lack of Privacy undermine our Freedom, or does the presence of Privacy undermine our Security?

Emails Show Feds Asking Florida Cops to Deceive Judges

Posted on June 21st, 2014 at 11:34 by John Sinteur in category: Do you feel safer yet?, Privacy, Security

[Quote]:

Police in Florida have, at the request of the U.S. Marshals Service, been deliberately deceiving judges and defendants about their use of a controversial surveillance tool to track suspects, according to newly obtained emails.

At the request of the Marshals Service, the officers using so-called stingrays have been routinely telling judges, in applications for warrants, that they obtained knowledge of a suspect’s location from a “confidential source” rather than disclosing that the information was gleaned using a stingray.

A series of five emails (.pdf) written in April, 2009, were obtained today by the American Civil Liberties Union showing police officials discussing the deception. The organization has filed Freedom of Information Act requests with police departments throughout Florida seeking information about their use of stingrays.

“Concealing the use of stingrays deprives defendants of their right to challenge unconstitutional surveillance and keeps the public in the dark about invasive monitoring by local police,” the ACLU writes in a blog post about the emails. “And local and federal law enforcement should certainly not be colluding to hide basic and accurate information about their practices from the public and the courts.”

The U.S. Marshals Service did not respond to a call for comment.


Write a comment

UK intelligence forced to reveal secret policy for mass surveillance of residents’ Facebook and Google use

Posted on June 17th, 2014 at 19:20 by John Sinteur in category: Privacy

[Quote]:

Britain’s top counter-terrorism official has been forced to reveal a secret government policy justifying the mass surveillance of every Facebook, Twitter, Youtube and Google user in the UK, a group of rights organizations announced today.

The organizations published the policy, described in a written statement by Charles Farr, Director General of the Office for Security and Counter Terrorism, after they brought a legal challenge against the UK government.

The document reveals that UK intelligence agency GCHQ (Government Communications Headquarters) believes it is entitled to indiscriminately intercept web searches by British residents or communications between British residents.

“British citizens will be alarmed to see their government justifying industrial-scale intrusion into their communications,” said Michael Bochenek, Amnesty International’s Senior Director for Law and Policy.

“The public should demand an end to this wholesale violation of their right to privacy.”

The government’s approach, which had to date not been made explicitly clear, defines almost all communications via Facebook and other social networking sites, as well as all web searches via Google, to be “external communications” because they use web-based “platforms” based in the USA.

The distinction between “internal” and “external” communications is crucial. Under the Regulation of Investigatory Powers Act (RIPA), which regulates the surveillance powers of public bodies, “internal” communications may only be intercepted under a specific warrant.


Write a comment

Comments:

  1. I am sorry to say that most British people will not be alarmed.

  2. So what galls you guys more … that they’re doing it or that the vast majority of the population doesn’t give a rat’s ass?

  3. @Rob: By any chance do you assume that I could donate the posterior end of a member of the order Rodentia, either?

  4. I saw “sorry to say”. I you really wouldn’t “donate the posterior end of a member of the order Rodentia”, what are you sorry for? :)

  5. If you really … not I you really … Damn typos

  6. A sorry state of affairs.

  7. We Blitish apologize for everything, but we are, to quote Gen. A. Haig, duplicitous bastards, and don’t mean it :-)


« Older Entries