Entries Tagged "privacy"

Page 55 of 145

More on Hacking Team's Government Spying Software

Hacking Team is an Italian malware company that sells exploit tools to governments. Both Kaspersky Lab and Citizen Lab have published detailed reports on its capabilities against Android, iOS, Windows Mobile, and BlackBerry smart phones.

They allow, for example, for covert collection of emails, text messages, call history and address books, and they can be used to log keystrokes and obtain search history data. They can take screenshots, record audio from the phones to monitor calls or ambient conversations, hijack the phone’s camera to snap pictures or piggyback on the phone’s GPS system to monitor the user’s location. The Android version can also enable the phone’s Wi-Fi function to siphon data from the phone wirelessly instead of using the cell network to transmit it. The latter would incur data charges and raise the phone owner’s suspicion.

[…]

Once on a system, the iPhone module uses advance techniques to avoid draining the phone’s battery, turning on the phone’s microphone, for example, only under certain conditions.

“They can just turn on the mic and record everything going on around the victim, but the battery life is limited, and the victim can notice something is wrong with the iPhone, so they use special triggers,” says Costin Raiu, head of Kaspersky’s Global Research and Analysis team.

One of those triggers might be when the victim’s phone connects to a specific WiFi network, such as a work network, signaling the owner is in an important environment. “I can’t remember having seen such advanced techniques in other mobile malware,” he says.

Hacking Team’s mobile tools also have a “crisis” module that kicks in when they sense the presence of certain detection activities occurring on a device, such as packet sniffing, and then pause the spyware’s activity to avoid detection. There is also a “wipe” function to erase the tool from infected systems.

Hacking Team claims to sell its tools only to ethical governments, but Citizen Lab has found evidence of their use in Saudi Arabia. It can’t be certain the Saudi government is a customer, but there’s good circumstantial evidence. In general, circumstantial evidence is all we have. Citizen Lab has found Hacking Team servers in many countries, but it’s a perfectly reasonable strategy for Country A to locate its servers in Country B.

And remember, this is just one example of government spyware. Assume that the NSA—as well as the governments of China, Russia, and a handful of other countries—have their own systems that are at least as powerful.

Posted on June 26, 2014 at 6:37 AMView Comments

Defending Against Algorithm Substitution Attacks

Interesting paper: M. Bellare, K. Paterson, and P. Rogaway, “Security of Symmetric Encryption against Mass Surveillance.”

Abstract: Motivated by revelations concerning population-wide surveillance of encrypted communications, we formalize and investigate the resistance of symmetric encryption schemes to mass surveillance. The focus is on algorithm-substitution attacks (ASAs), where a subverted encryption algorithm replaces the real one. We assume that the goal of “big-brother” is undetectable subversion, meaning that ciphertexts produced by the subverted encryption algorithm should reveal plaintexts to big-brother yet be indistinguishable to users from those produced by the real encryption scheme. We formalize security notions to capture this goal and then offer both attacks and defenses. In the first category we show that successful (from the point of view of big brother) ASAs may be mounted on a large class of common symmetric encryption schemes. In the second category we show how to design symmetric encryption schemes that avoid such attacks and meet our notion of security. The lesson that emerges is the danger of choice: randomized, stateless schemes are subject to attack while deterministic, stateful ones are not.

Posted on June 24, 2014 at 7:21 AMView Comments

Building Retro Reflectors

A group of researchers have reverse-engineered the NSA’s retro reflectors, and has recreated them using software-defined radio (SDR):

An SDR Ossmann designed and built, called HackRF, was a key part of his work in reconstructing the NSA’s retro-reflector systems. Such systems come in two parts – a plantable “reflector” bug and a remote SDR-based receiver.

One reflector, which the NSA called Ragemaster, can be fixed to a computer’s monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the keyboard cable and harvests keystrokes. After a lot of trial and error, Ossmann found these bugs can be remarkably simple devices – little more than a tiny transistor and a 2-centimetre-long wire acting as an antenna.

Getting the information from the bugs is where SDRs come in. Ossmann found that using the radio to emit a high-power radar signal causes a reflector to wirelessly transmit the data from keystrokes, say, to an attacker. The set-up is akin to a large-scale RFID- chip system. Since the signals returned from the reflectors are noisy and often scattered across different bands, SDR’s versatility is handy, says Robin Heydon at Cambridge Silicon Radio in the UK. “Software-defined radio is flexibly programmable and can tune in to anything,” he says.

The NSA devices are LOUDAUTO, SURLYSPAWN, TAWDRYYARD, and RAGEMASTER. Here are videos that talk about how TAWDRYYARD and LOUDAUTO work.

This is important research. While the information we have about these sorts of tools is largely from the NSA, it is fanciful to assume that they are the only intelligence agency using this technology. And it’s equally fanciful to assume that criminals won’t be using this technology soon, even without Snowden’s documents. Understanding and building these tools is the first step to protecting ourselves from them.

Posted on June 23, 2014 at 6:51 AMView Comments

More Details on NSA Tapping the Internet Backbone

Two new stories: one from Der Spiegel in Germany (also reported in the Intercept) and the other from Dagbladet Information in Denmark (again, also reported in the Intercept). Lots of good information in both stories.

EDITED TO ADD (6/20): Der Spiegel has two other stories, as well as a large trove of source documents. The Dagbladet Information source documents are here.

And in related news, the US House of Representatives voted to ban NSA backdoor searches, as well as it weakening commercial products and protocols. There’s no chance it’ll become a law, but the 293-123 vote is a big deal nonetheless.

The current authority for the NSA’s bulk collection of telephone metadata expires today. A bunch of organizations have tried to urge the president not to renew it. I don’t think that’ll happen, either.

It’s a measure of the popular interest in this issue that the German/Danish story isn’t being reported by the US press, and I had to search to find the Congressional vote on the New York Times and Washington Post sites. Only the Guardian had it as a home page headline. No one is reporting today’s renewal of the telephone metadata program.

EDITED TO ADD (6/21): The bulk surveillance of Americans’ phone call records program has been renewed. And Der Spiegel published an editorial explaining why it broke the story and released the secret NSA documents.

EDITED TO ADD (6/23): Marcy Wheeler noticed at the FISC order renewing the bulk surveillance order came with some sort of memorandum opinion.

EDITED TO ADD (7/14): Good commentary from the comments.

Posted on June 20, 2014 at 9:43 AMView Comments

GCHQ Intercept Sites in Oman

Last June, the Guardian published a story about GCHQ tapping fiber-optic Internet cables around the globe, part of a program codenamed TEMPORA. One of the facts not reported in that story—and supposedly the fact that the Guardian agreed to withhold in exchange for not being prosecuted by the UK authorities—was the location of the access points in the Middle East.

On Tuesday, the Register disclosed that they are in Oman:

The secret British spy base is part of a programme codenamed “CIRCUIT” and also referred to as Overseas Processing Centre 1 (OPC-1). It is located at Seeb, on the northern coast of Oman, where it taps in to various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf. Seeb is one of a three site GCHQ network in Oman, at locations codenamed “TIMPANI”, “GUITAR” and “CLARINET”. TIMPANI, near the Strait of Hormuz, can monitor Iraqi communications. CLARINET, in the south of Oman, is strategically close to Yemen.

Access is provided through secret agreements with BT and Vodaphone:

British national telco BT, referred to within GCHQ and the American NSA under the ultra-classified codename “REMEDY”, and Vodafone Cable (which owns the former Cable & Wireless company, aka “GERONTIC”) are the two top earners of secret GCHQ payments running into tens of millions of pounds annually.

There’s no source document associated with the story, but it does seem to be accurate. Glenn Greenwald comments:

“Snowden has no source relationship with Duncan (who is a great journalist), and never provided documents to him directly or indirectly, as Snowden has made clear,” Greenwald said in an email. “I can engage in informed speculation about how Duncan got this document -­ it’s certainly a document that several people in the Guardian UK possessed ­—but how he got it is something only he can answer.”

The reporter is staying mum on his source:

When Wired.co.uk asked Duncan Campbell—the investigative journalist behind the Register article revealing the Oman location—if he too had copies proving the allegations, he responded: “I won’t answer that question—given the conduct of the authorities.”

“I was able to look at some of the material provided in Britain to the Guardian by Edward Snowden last year,” Campbell, who is a forensic expert witness on communications data, tells us.

Campbell also published this on the NSA today.

EDITED TO ADD (6/16): Cyprus is another interception point for Middle East surveillance.

Posted on June 5, 2014 at 3:58 PMView Comments

1 53 54 55 56 57 145

Sidebar photo of Bruce Schneier by Joe MacInnis.