Month: February 2015

Week 8 News Digest

Posted on by ATANYA_GROSS

NSA chief seeks compromise on encrypted phone snooping

February 23, 2015
http://phys.org/news/2015-02-nsa-chief-compromise-encrypted-snooping.html
In Washington, Monday February 23, the National Security Agency chief proposed that a compromise can be made when it comes to access encrypted devices. National Security Agency Director Admiral Mike Rogers, stated that he does not believe Americans should be divided on the issue of encryption. Rogers said that in the fight against terrorism, the concerns are the same as in law enforcement, and endorsed the view expressed by FBI director James Comey on gaining access to encrypted mobile devices. Rogers’ stated that “We fully comply with the law…we do that foreign intelligence mission operating within (a legal) framework.” The point of the conference was to bring awareness to the NSA’s belief that there should be a common ground with the tech sector on the issue, instead of a nothing or everything.

Alleged Hacker belonging to the hacking crew Lizard Squad run a DNS hajacking attack against the Google Vietnam domain.

February 24,2015
http://securityaffairs.co/wordpress/34058/cyber-crime/lizard-squad-dns-hijacking-google-vietnam.html
Users who accessed the Google Vietnam website were presented with a picture of a man taking a selfie, along with a message that claimed the site was hacked by Lizard Squad. The hackers also took the opportunity to advertise their Lizard Stresser DDoS service. Although Google Vietnam wasn’t actually hacked, the attackers directed the visitors to a defacement page through DNS hacking. The attackers managed to redirect users by changing the Google name-servers to CloudFlare. Experts believe this was either done to confuse network analysts and legacy tools, or the attackers simply didn’t care what type of IP address they were using as long as they achieved their goals. The name-server records were restored roughly two hours after the attackers had changed them.

Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys by Britain’s Government Communications Headquarters  and the U.S. National Security Agency

February 25,2015
http://www.gemalto.com/press/Pages/Gemalto-presents-the-findings-of-its-investigations-into-the-alleged-hacking-of-SIM-card-encryption-keys.aspx
On February 25,2015 the European SIM maker of Gemalto said they have investigated the past records of attempts of attacks. The website made the allegations on the theft of the keys — which encrypt and decrypt data — based on a document leaked by former NSA contractor Edward Snowden. But the company denied that these attacks resulted in a large-scale theft of encryption keys. The company said the aim of the operation was to intercept the encryption keys as they were exchanged between mobile operators and suppliers.

Most popular apps vulnerable to hacking: McAfee

February 24,2015
http://timesofindia.indiatimes.com/tech/tech-news/Most-popular-apps-vulnerable-to-hacking-McAfee/articleshow/46357311.cms

Intel Security’s McAfee Labs is reporting that the vast majority of the most popular mobile apps found to be vulnerable to man-in-the-middle attacks in research performed last year remain exposed to attacks. According to McAfee Labs, nearly three-quarters of the 25 most downloaded apps on CERT’s list are still unpatched. Although the researchers did not find evidence that these apps had been exploited, the number of downloads for the apps ranges into the hundreds of millions. The latest findings were included in the McAfee Labs Threat Report of February 2015, which also revealed that mobile malware samples jumped 14 percent during the final quarter of 2014. At least eight percent of all McAfee-monitored mobile systems reported an infection in the fourth quarter of last year.

Old Vulnerabilities Still Popular Targets for Hackers: HP

February 23,2015
http://www.securityweek.com/hp-cyber-security-report-reveals-old-vulnerabilities-still-popular-targets

Vulnerabilities in older code is continuously becoming a big risk for hacking, according to the HP report. Hackers have used older methods and codes from years ago, even decades ago. The most targeted 2014 CVE was CVE-2014-0322, a vulnerability in Microsoft Internet Explorer, leaving corporations exposed.

Our Surveillance State and Resisting

Posted on by Leo "The Milanese Mongoose" Antinozzi

In a society with ever-increasing amounts of surveillance, it is not a big leap to argue that there will be a range of opinions regarding surveillance. The reasoning behind surveillance is something that is often questioned. Modus operandi, or methodology, is something that is also brought into the spotlight. Arguments could be made for why ever-increasing levels of surveillance are necessary. There are just as many arguments for why it is not. Regardless of the arguments surrounding the levels of surveillance seen in society, the surveillance is there. As a result, there are groups and individuals who have taken it upon themselves to resist the surveillance state in which we now live. The methods and effectiveness of these resistances are open to interpretation, yet the fact still remains: Resisting is necessary, however effective or ineffective it may be.

In his article, “A Tack in the Shoe: Neutralizing and Resisting the New Surveillance” Gary Marx, an Emeritus professor at MIT, stated that there are a primary set of eleven concepts to aid in the avoidance of surveillance. These include masking behaviors, Distorting, avoidance, piggy backing, and simple refusal behaviors. Professor Marx outlines types of behaviors that allow one to resist the surveillance on a general level, with what he describes as “resistance or non-compliance.” He goes into how each type of behavior may be implemented to aid in the everyday resistance of surveillance. For Example, he describes how piggy backing actions can hide when one might enter or exit a building. Assuming you have legitimate purposes and clearance to enter an area, instead of swiping your card upon entering to open a door, merely walk in as someone else swipes. The technique of discovering what surveillance may be active is a form of surveillance all its own. Marx outlines another example of a radar detector in a vehicle. It can detect if a police officer is using radar. The counters surveillance, or “discovery surveillance” works as long as it is assumed there is actual surveillance in place.

There are ways to resist the surveillance we now face. One example is the Detekt softwares. It is designed to be used on windows PCs in order to detect spyware used on a commercial scale to monitor a staggering number of individuals. It is recommended that if you suspect that your computer is tagged to disconnect it from the Internet and all networks. This is in the hopes to limit further observation. There are a large number of tools to fight against malware and spyware. These tools have become necessities for maintaining one’s privacy.

In a recent article in Al Jazeera America, Resisting the Surveillance State of Mind,” authored by Norman Solomon, Solomon quoted a German named Wolfgang Schmidt. Schmidt was a Lieutenant Colonel in the german Stasi, the former East German Special Police. Schmidt compared the surveillance he oversaw in the 1980’s. He states it was tiny in comparison to the NSA’s programs. He also stated that for an operative, this level of surveillance would have been “a dream come true”. This is coming from someone who worked in what is historically viewed as one of the most repressive intelligence groups ever formed. Part of the reason for this is because its role was not defined in any legislation in East Germany, meaning that its de facto purpose was to spy and survey all information both domestically and externally. Granted, this comparison is a little unfair for a number of reasons, one example being the NSA has a tendency not to physically destroy dissidents. The point remains that the Stasi relied on 2,000,000 collaborators and 100,000 employees. According to the Encyclopedia Brittanica, the information they gathered allowed them to infiltrate every institution and aspect of daily life. The invasive network of technology that is constantly gathering information on behalf of the NSA, it could be argued, is rather similar. The similarities stretch into the choice to operate and enhance incredibly invasive programs. The Stasi through their network of citizens turned informants, and the NSA through their amassing of astronomical amounts of mobile phone metadata.

Norman Solomon also brings up an important point in the same article. He writes, “Technology is a convenient scapegoat for escalating invasions of privacy. But there is nothing inherent in technological progress that requires such violations of human rights and civil liberties.” This is an important distinction. There is no reason that new developments in technology must spell out new methods of increasingly invasive surveillance. That means that the network that the United States government has in place becomes exponentially more disturbing with each revelation. All this outlines why resistance to this system is important. Perhaps if not resistance, certainly making it more difficult for those who would seek to gather all information to gain “Total Information Awareness.”

In an editorial for Reason.com, Steve Chapman stated that privacy showed definite signs of life. Citing the the architect of the Patriot Act, Rep. James Sensenbrenner, he outlined how the Patriot act initially was structured to prevent this sort of data mining. The picture painted by this information is that often Law makers twist a program, meaning it begins to suit the desires of the politicians, as opposed to the purpose for which it was originally conceived.

That beings said, there are some methods of surveillance for which there are not many tools to resist. There are not large numbers of tools for public camera surveillance beyond the run of the mill hat or hood. Cell phones, simply by being on your person, can lead to you being tracked. This can occur without GPS, simply by studying the battery level of phone. The battery level in Android devices produces battery statistics, which can be used to build a tracking model of the individual in question. The algorithm designed by researchers at Stanford allows for battery level to outline a rough path of the phone, allowing for basic tracking through nothing but the battery level. Granted, the program must first know what battery is communed across various paths, but once that information is obtained, tracking can occur. The theory behind this is that phones use different levels of power at different differences from different towers. There is a 2/3 success rate, with an accuracy of 150m for this program, but it goes to show how easy technology can be used to survey people in their daily lives.

Ultimately, surveillance comes down to information gathering of those who are deemed to have the interest of those doing the watching. Those being surveyed often (almost completely) have no choice in the matter. That being said, there are services and behaviors that can be avoided. Paying cash, leaving phones at home, using a PO box, and other such behaviors that can limit that information can be gathered. But if someone is determined to find information, it will be there. However seemingly insignificant something may seem, like the battery level on your phone, with the right mind behind it, can determine where you have been. Lieutenant Colonel Schmidt also said, “It is the height of naivety to think that once collected, this information won’t be used. The only way to protect the people’s privacy is not to allow the government to collect their information in the first place.” Resisting the surveillance and gathering of information is crucial because it allows individuals to retain their personal liberties and keeps the government in its place. It has also been voiced by many that bulk collection is often inherently ineffective. If this was the case, it would mean that the argument could be made that large often ineffective surveillance provides data which is used in secondary ways other than the originally intended purpose. Resistance to this model is necessary, because it is not an acceptable model for a nation to adopt. This model is not acceptable because though legality is often a matter of who you ask, it is undeniable that it is not in the spirit of the Constitution and its amendments. For example, though Phone metadata to some may not constitute unreasonable search and seizure, it is seriously at odds with the spirit of the 4th amendment.

Week 7 News Digest

Posted on by MOEVANU_JAMESON

What we know about the bank hacking ring—and who’s behind it

February 16, 2015

http://money.cnn.com/2015/02/16/technology/bank-hack-kaspersky/index.html?iid=SF_T_River

Hackers managed to steal up to one billion dollars from banks in Russia, Germany, China, and the Ukraine. They were able to hack ATMs in a way that allowed them to control them from a distance. Hackers were able to get deep enough into banks’ computer systems that they were able to get client’s email address. They sent emails pretending to be the bank, that when opened, installed malware on the computers. They were then able to transfer money from client accounts to their own private accounts. The hackers are said to be from Russia, China, and some parts of Eastern Europe.

 

Breach index: Mega breaches, rise in identity theft mark 2014

February 13, 2015

http://www.scmagazine.com/breach-index-mega-breaches-rise-in-identity-theft-mark-2014/article/398236/

2014 was the year for data breaches with reports showing that more than one million records were compromised. 54% of those breaches were identity theft breaches. The amount of identity theft breaches have increased by 20% since 2013. Tsion Gonen, vice president of strategy for identity and data protection at Gelmato’s Breach Level Index, believes that the reason identity theft has increased and credit card has decreased is because attackers are looking for the most valuable information that they can piece together to use later on. Gonen also says that financial organizations have helped to decrease the amount of credit card theft because they have cut down opportunity by watching closer for fraud alert.

 

UK admits unlawfully monitoring legally privileged communications

February 18, 2015

http://www.theguardian.com/uk-news/2015/feb/18/uk-admits-unlawfully-monitoring-legally-privileged-communications

On Wednesday, February 18, 2015, it was uncovered that UK intelligence agencies have been monitoring emails and other communications between lawyers and their clients. Communications between lawyers and their clients had a special protected status under UK law, but was clearly violated by agencies such as MI6. This revelation is evidence that the policies that were in place as of January 2010 have not been met. Intelligence agencies involved have admitted to acting unlawfully and are now to work with the interception of communications commissioner in order to make sure that the policies protect human rights and are observed.

 

The Greatest SIM Heist: How spies stole the keys to the encryption castle

February 19, 2015

https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

Members of the NSA and Britain’s GCHQ (Government Communications Headquarters) hacked into Gemalto, the largest manufacturer of SIM cards in the world. They stole encryption keys that would allow them to monitor communication without the approval of the companies or foreign governments. The GCHQ also says that they are able to manipulate the billing services of cellular companies. This ability would allow them to suppress charges, allowing them to keep their actions secret. The GCHQ is also able to decrypt data and voice communications between cell companies and their clients. There is an outcry from many, claiming that this is not something that secret services should be doing.

 

AT&T is putting a price on privacy. That is outrageous

February 20, 2015

http://www.theguardian.com/commentisfree/2015/feb/20/att-price-on-privacy

AT&T has plans to track and sell users’ Internet activity. This would include the websites that customers are visiting, the duration of their visit, search history, and ads that you see and follow. They would sell this activity to businesses to aid them in providing targeted advertising. This cannot be avoided through using the privacy setting. If a customer wished to opt-out of this system, they would have to pay a $29 fee each month. This extra charge is controversial because it is pushing privacy to something that is selective. Putting a cost on privacy takes a way the rights of people that cannot afford it but that should be allowed it.

 

Week 5 News Digest

Posted on by Brad

AT&T texts can be faked to hack you

http://money.cnn.com/2015/01/23/technology/security/att-text-hack/index.html

In case of an emergency or any case that requires it, AT&T sends out mass text to all of their subscribers. This can range anywhere from an Amber Alert, or a Data Usage Alert. The problem here is that the way that AT&T send messages is that they do it very simply and very easy to mimic. On the link above there is a picture that depicts an authentic AT&T message from AT&T, and a fake one that someone made up. They almost look identical. The reason that this can be dangerous is that people can hack into your phone and get various different information that they can use against you. This in the end can be very destructive to many people.

 

The 3 places where Facebook censors you the most

http://money.cnn.com/2015/02/06/technology/facebook-censorship/index.html

Facebook is notoriously known as the social media site where everybody visits. Almost every country who has access to the internet have Facebook accounts. One of Facebooks big policies is they are supporters of freedom of speech, which is why they have a problem in countries such as India, Pakistan, and Turkey. All of these countries require Facebook to monitor its country’s people’s post, and take down anti-government post, or anything offensive towards government officials. The problem here is that people generally don’t want to be monitored and these countries take away their freedom of speech by requiring Facebook to monitor every single post that is posted.

 

Insurance giant Anthem hit by massive data breach

http://money.cnn.com/2015/02/04/technology/anthem-insurance-hack-data-security/index.html

With the recent hack of Target, Home Depot, an Ebay, another company can be added to the list of people who have been hacked and people’s personal information stolen. Anthem Insurance, the second largest medical insurance company in the world, was recently hacked and the result of the hack was the compromising of 80 million of people’s information. Among this information: birthdays, social security numbers, income information, and email and street addresses of many of Anthem’s customers. With the specific information stolen, it is very dangerous for the people who had information about them stolen because the harm that can come out of the information stolen is great.

 

Why should we trust the Sony PlayStation Network ever again?

http://money.cnn.com/2015/02/02/technology/security/sony-playstation-hack/index.html?iid=EL

Sony in recent years just are unlucky in the department of hacking. There have been many instances where people, or agencies have hacked into the network and shut it down for a period of time. The worst one was back in 2011 when the network was shut down for a month and millions of subscriber’s information and credit card information was stolen. Then there was the Sony Pictures hack by North Korea over the movie “The Interview” a couple months ago. The most recent hack was Super Bowl Sunday, February 1st, the network was hacked and was shut down for about six hours. Many loyal customers of the Play Station have considered, if not already, leaving the network and going to Microsoft because their network is more secure and not nearly as often as Sony’s.

The cost of doing business in China: Spying

http://money.cnn.com/2015/01/29/technology/security/china-business-spying/index.html?iid=SF_T_River

Relations between the US and China have been stained for a very long time, especially since Snowden released the information that the US were spying on Chinese government officials. Recent events have led China to make regulations on any foreign company’s technology that is used inside the country. They require now that companies make their technology less secure and easier to hack into, I find this very funny because why can they get better hackers?  Some US companies tried to get the Chinese government to reconsider the restrictions but nothing has come of it yet. So ultimately, China just wants it easier to spy on American technology and have power and control over what they do in their own country.

Lateral Surveillance

Posted on by CAMERON_REDMOND

What is lateral surveillance and is it helpful or hurtful? Lateral surveillance is any type of surveillance that comes from another person or thing watching another. There are people who think that lateral surveillance is helpful and helps keep peace in everyday life and then their are people who think that lateral surveillance is hurtful because it bring more surveillance that is intruding on their privacy. The Department of Homeland Security is one of the big reasons why there is lateral surveillance because they make campaigns like the “If You See Something, Say Something.” They use sports stadiums, hotels, local transportation, airports and even Wal-Mart to help with terrorism and crime prevention practices. Why lateral surveillance is hurtful to people is because the Department of Homeland Security is using peer to peer monitoring which means they are using the people around you like neighbors, family members, shoppers when you’re at the supermarket, sports fans when you’re at a game as their eyes and ears to listen and watch everything you do.

Technology has also played a big role in lateral surveillance because it’s made new way in which our friends, foes, employers and even police officers could watch, listen and record us. Social media has also helped in lateral surveillance because it’s basically letting your peers or your co-workers survey you which is an easy way to for them to profile to see what type of person you are. Social media sites were made as an easier way of interacting with people that don’t live near us like family members or to catch up with old friends and to make new friends. If you are using a social media site like Facebook or Twitter you are being laterally surveyed every time you post, like or comment on one of these sites and the thing is, the information you post can be seen by everyone, this is like a snoops dream to get information about you. This is why some people don’t get social media accounts because they already know that the Department of Homeland Security is watching them but that’s not always the people watching them so why give them another way in which they can watch you. There has been some good that comes from lateral surveillance on social media site like when people post about crimes that they have done or are going to do and law enforcement agencies are able to arrest them. http://mic.com/articles/54961/8-social-media-users-arrested-for-what-they-said-online Technology has also brought many tools that people use that can be used to lateral surveillance you in your everyday life like body cams, drones, smart phones, etc. Now with the FBI using facial biometrics to identify people they could basically put anyone of their server just by using a picture from your Facebook or Twitter and they would be able to identify you out in public. The thing is that you wouldn’t even have to have a Facebook or Twitter because if someone posted a picture of you on their account they could use that picture to identify you.

Surveillance was a big concern to a lot of people in the past and now it seems like people just consider it a day to day thing that is going on and that there is no way to avoid it. Your peer or even your co-workers are surveilling your every action or and even people you walk by are surveilling you so there is no way to get around a lot of lateral surveillance. Most people I feel, don’t know that there are ways of getting around lateral surveillance and if they do know how to get around it they won’t usually take the time to do something about it. A good lateral surveillance is a neighborhood watch because it is put in place to help protect the neighborhood and is a physical lateral surveillance that impacts the environment of the neighborhood. The only problem with neighborhood watches is that some of the citizens over think their power and they take actions into their own hand by thinking that they are the law. This is when the neighborhood gets affected negatively because the watches are then invasive to peoples privacy.

I feel like privacy concerns over the years have really dropped off because people really do just consider it a everyday thing and it will happen anyway or they just don’t care anymore. I think that if people were to learn about all the privacy and security invasions that they would want to know more on how they could stop it or learn more on how they can prevent privacy of security invasion from happening to them. If there was a way to teach people about lateral surveillance and the way to avoid it, then we would have less privacy issues and we would be able to be in more control of the surveillance about us.