Tag Archives | Security

How The NSA hacks your devices

NSA-octopusFrom The Register:

“It’s not as bad as you thought – it’s much worse.”

A leaked NSA cyber-arms catalog has shed light on the technologies US and UK spies use to infiltrate and remotely control PCs, routers, firewalls, phones and software from some of the biggest names in IT.

The exploits, often delivered via the web, provide clandestine backdoor access across networks, allowing the intelligence services to carry out man-in-the-middle attacks that conventional security software has no chance of stopping.

And if that fails, agents can simply intercept your hardware deliveries from Amazon to install hidden gadgets that rat you out via radio communications.

Continue reading.

Read the rest

Continue Reading

From North America to Europe, the ‘National Security’ Apparatus Is Being Bought off by Big Oil t

Pic: Quevaal (CC)

Pic: Quevaal (CC)

And here I thought I was a centrist.  Nafeez Ahmed writes at the Guardian:

Over the last year, a mass of shocking evidence has emerged on the close ties between Western government spy agencies and giant energy companies, and their mutual interests in criminalising anti-fracking activists.

Activists tarred with the same brush

In late 2013, official documents obtained under freedom of information showed that Canada’s domestic spy agency, the Canadian Security Intelligence Service (CSIS), had ramped up its surveillance of activists opposed to the Northern Gateway pipeline project on ‘national security’ grounds. The CSIS also routinely passed information about such groups to the project’s corporate architect, Calgary-based energy company, Enbridge.

The Northern Gateway is an $8 billion project to transport oil from the Alberta tar sands to the British Columbia coast, where it can be shipped to global markets. According to the documents a Canadian federal agency, the National Energy Board, worked with CSIS and the Royal Canadian Mounted Police to coordinate with Enbridge, TransCanada, and other energy corporations in gathering intelligence on anti-fracking activists – despite senior police privately admitting they “could not detect a direct or specific criminal threat.”

Now it has emerged that former cabinet minister Chuck Strahl – the man appointed by Canadian prime minister Stephen Harper to head up the CSIS’ civilian oversight panel, the Security Intelligence Review Committee (SIRC) – has been lobbying for Enbridge since 2011.

Read the rest
Continue Reading

TSA: What Is it Good For?

The-Simpsons-vs-the-TSA(TSA) isn’t as effective at detecting suspicious characters as one might think. The Government Accounting Office (GAO) has reviewed the TSA’s Screening Passengers by Observation Techniques (SPOT) program was evaluated at being “the same or slightly better than chance.”

The SPOT program since 2007 cost $900 million. The TSA has failed to collect consistent data to prove the effectiveness of the behavioral detection program; worse yet, the SPOT program was initiated without any scientific validation. For reason, the GAO has recommended that Congress cut off funding to this program, something that the Department of Homeland Security disagrees with.

You think that’s bad? That’s only the tip of the damning iceberg.

Anti-TSA activist Johnathan Corbett, who filed a lawsuit against the agency on the faulty nature of their body scanners found a particularly revealing document that declares the probability of terrorists hijacking planes in the United States.

VIA TechDirt

Jonathan Corbett, a long-time vocal critic of TSA body scanners, has been engaged in a lawsuit against the government concerning the constitutionality of those scanners.

Read the rest
Continue Reading

How to Protect Ourselves on Social Networks and from Data Collection Systems of Governments and Corporations

via chycho
privacyaa042956_447980

I. What’s Going On

Online, we are both a product for corporations and a person of interest to governments (2, 3).

Corporations are taking advantage of these times by changing their privacy policies so that they can track us, use us, and sell us whatever their algorithms decide that we need or want based on data they have acquired about our movements, contacts, desires, fantasies, or kinks. Governments on the other hand are using our data to make sure that we will never acquire enough power to change any policies that we deem to be a threat to our happiness, livelihood, or survival. In essence, we are at war with these organizations and we should act as such:

“…this is truly unprecedented in history. And what we’re seeing is secrecy and surveillance are completely subverting security and liberty, not just in the United States, but for many, many citizens around the world.”

This corporate misconduct and government surveillance is threatening the internet (2, 3), the original purpose of which was to create an “open architecture networking” system where “a globally interconnected set of computers” would allow “everyone” to “quickly access data and programs from any site”.

Read the rest
Continue Reading

The Police And Fingerprint-Based Security

fingerprintThe Chaos Computer Club on why authorities are in love with biometrically unlockable devices:

“It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token”, said Frank Rieger, spokesperson of the CCC. “The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.” Fingerprint biometrics in passports has been introduced in many countries despite the fact that no security gain can be shown.

iPhone users should avoid protecting sensitive data with their precious biometric fingerprint not only because it can be easily faked, as demonstrated by the CCC team. You can easily be forced to unlock your phone against your will when being arrested. Forcing you to give up your passcode is much harder under most jurisdictions than just casually swiping your phone over your handcuffed hands.

Read the rest
Continue Reading

Bruce Schneier On The Solution To Surveillance

PRISMVia the MIT Technology Review, the security expert on staying free from the NSA:

My five tips suck. They are not things the average person can use. One of them is to use PGP [a data-encryption program]. But my mother can’t use PGP. Maybe some people who read your publication will use my tips, but most people won’t.

Basically, the average user is screwed. You can’t say “Don’t use Google”—that’s a useless piece of advice. Or “Don’t use Facebook,” because then you don’t talk to your friends, you don’t get invited to parties, you don’t get laid. It’s like libertarians saying “Don’t use credit cards”; it just doesn’t work in the real world.

The Internet has become essential to our lives, and it has been subverted into a gigantic surveillance platform. The solutions have to be political. The best advice for the average person is to agitate for political change.

Read the rest
Continue Reading

NYPD Hits The Streets Telling People They Need To Download iOS 7

In what smacks of surreal law-enforcement-corporate synergy, a number of media outlets and many on Twitter have reported being stopped on the streets of New York by cops urging them to update their Apple smartphones’ operating systems. Via Digital Trends:

Cops in the city have been distributing fliers outside subway stations and Apple stores urging owners of the iPhone and iPad to upgrade to the recently released iOS 7 operating system, which comes with a new security feature called Activation Lock designed to make life a little more difficult for thieves.

The release of iOS 7 coincides with the launch of two new phones from Apple – the 5S and 5C.

One of the fliers begins “Attention Apple Users!!!!!” – yes, the message was deemed serious enough to warrant five exclamation marks – “As of Wednesday the new iOS 7 feature brings added security to your Apple devices.”

nypd

Read the rest

Continue Reading

Glenn Greenwald’s Boyfriend Detained And Interrogated For 9 Hours Under Terrorism Act

Glenn Greenwald and his partner David Miranda

Via the Guardian, Greenwald writes that the UK authorities targeted his partner as punishment for Greenwald’s journalism:

At 6:30 am this morning my time, I received a telephone call from someone who identified himself as a “security official at Heathrow airport.” He told me that my partner, David Miranda, had been “detained” at the London airport “under Schedule 7 of the Terrorism Act of 2000.”

David had spent the last week in Berlin. A Brazilian citizen, he was returning to our home in Rio de Janeiro this morning on British Airways, flying first to London and then on to Rio.

According to a document published by the UK government about Schedule 7 of the Terrorism Act, “fewer than 3 people in every 10,000 are examined as they pass through UK borders”. Moreover, “most examinations, over 97%, last under an hour.” An appendix to that document states that only .06% of all people detained are kept for more than 6 hours.

Read the rest
Continue Reading

NSA To Fire 90% Of Its System Administrators To Prevent Future Snowdens

system administrators

Human beings deemed a security risk. Business Insider reports:

The National Security Agency, hit by disclosures of classified data by former contractor Edward Snowden, said Thursday it intends to eliminate about 90 percent of its system administrators to reduce the number of people with access to secret information.

Keith Alexander, the director of the NSA, the U.S. spy agency charged with monitoring foreign electronic communications, told a cybersecurity conference in New York City that automating much of the work would improve security.

Before the change, “what we’ve done is we’ve put people in the loop of transferring data, securing networks and doing things that machines are probably better at doing,” Alexander said.

Using technology to automate much of the work now done by employees and contractors would make the NSA’s networks “more defensible and more secure,” he said.

Read the rest

Continue Reading

USB Thumb Drives Are Greatest Security Threat

USB flash drivesYou’d think that IT professionals would know better, but no, if they find a thumb drive lying in a parking lot, they’ll plug it into their network reports Paul Hyman for CIO Insight:

Savvy CIOs have policies in place to protect their networks against infected USB flash drives. That’s because most IT professionals know the amount of damage that can be caused by plugging in such a device.

For instance, Stuxnet, one of the world’s most sophisticated cyberweapons, is said to have gained access to its target system through a USB drive that someone found.

Yet having policies—and making sure they are followed—can be two very different things.

In a recent study of 300 IT professionals—many of whom are security experts—conducted at the RSA Conference 2013, 78% admitted to having plugged in a USB flash drive that they’d found lying around. To make matters worse, much of the data discovered on those drives included viruses, rootkits and bot executables.

Read the rest
Continue Reading