Entries Tagged "eavesdropping"

Page 6 of 6

Electronic Surveillance Failures Leading up to the 2008 Mumbai Terrorist Attacks

Long New York Times article based on “former American and Indian officials and classified documents disclosed by Edward J. Snowden” outlining the intelligence failures leading up to the 2008 Mumbai terrorist attacks:

Although electronic eavesdropping often yields valuable data, even tantalizing clues can be missed if the technology is not closely monitored, the intelligence gleaned from it is not linked with other information, or analysis does not sift incriminating activity from the ocean of digital data.

This seems to be the moral:

Although the United States computer arsenal plays a vital role against targets ranging from North Korea’s suspected assault on Sony to Russian cyberthieves and Chinese military hacking units, counterterrorism requires a complex mix of human and technical resources. Some former counterterrorism officials warn against promoting billion-dollar surveillance programs with the narrow argument that they stop attacks.

That monitoring collects valuable information, but large amounts of it are “never meaningfully reviewed or analyzed,” said Charles (Sam) Faddis, a retired C.I.A. counterterrorism chief. “I cannot remember a single instance in my career when we ever stopped a plot based purely on signals intelligence.”

[…]

Intelligence officials say that terror plots are often discernible only in hindsight, when a pattern suddenly emerges from what had been just bits of information. Whatever the reason, no one fully grasped the developing Mumbai conspiracy.

“They either weren’t looking or didn’t understand what it all meant,” said one former American official who had access to the intelligence and would speak only on the condition of anonymity. “There was a lot more noise than signal. There usually is.”

Posted on February 12, 2015 at 6:57 AMView Comments

Canada Spies on Internet Downloads

Another story from the Snowden documents:

According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA. (The Canadian agency was formerly known as “CSEC” until a recent name change.)

[…]

CSE finds some 350 “interesting” downloads each month, the presentation notes, a number that amounts to less than 0.0001 per cent of the total collected data.

The agency stores details about downloads and uploads to and from 102 different popular file-sharing websites, according to the 2012 document, which describes the collected records as “free file upload,” or FFU, “events.”

EDITED TO ADD (1/30): News article.

EDITED TO ADD (2/1): More news articles.

Posted on January 29, 2015 at 6:26 AMView Comments

SS7 Vulnerabilities

There are security vulnerabilities in the phone-call routing protocol called SS7.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes—such as keeping calls connected as users speed down highways, switching from cell tower to cell tower—that hackers can repurpose for surveillance because of the lax security on the network.

Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.

Some details:

The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function—a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

We’ll learn more when the researchers present their results.

Posted on December 19, 2014 at 6:41 AMView Comments

StealthGenie CEO Indicted

StealthGenie is a Pakistani company that sells a smartphone app that allows a remote party to monitor the phone. The CEO was just indicted in the US:

“Selling spyware is not just reprehensible, it’s a crime,” Leslie Caldwell, assistant attorney general in the DOJ’s Criminal Division, said in a statement. “Apps like StealthGenie are expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim’s personal life—all without the victim’s knowledge.”

This is likely to be a big deal. The company should have sold the spyware only to governments. That would have been okay.

Posted on October 1, 2014 at 10:48 AMView Comments

Eavesdropping by Visual Vibrations

Researchers are able to recover sound through soundproof glass by recording the vibrations of a plastic bag.

Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.

In other experiments, they extracted useful audio signals from videos of aluminum foil, the surface of a glass of water, and even the leaves of a potted plant.

This isn’t a new idea. I remember military security policies requiring people to close the window blinds to prevent someone from shining a laser on the window and recovering the sound from the vibrations. But both the camera and processing technologies are getting better.

News story.

Posted on August 8, 2014 at 11:50 AMView Comments

1 4 5 6

Sidebar photo of Bruce Schneier by Joe MacInnis.