Connect with us

Eavesdropping

Investigatory Powers Bill Makes Your Browsing History Available To UK Officials

Published

on

A new Investigatory Powers Bill is making waves in the UK and has critics from government officials to Edward Snowden. 

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Home Secretary Theresa May announced the new Investigatory Powers Bill around Christmas. The bill stipulates that the browsing history of everyone in the UK will have to be stored for a year. Police and security services will enjoy access without warrant. May said the information is “the modern equivalent of an itemised phone bill”.

On November 4, The Independent invoked the Freedom of Information Act and asked the Home Office to disclose “the web browser history of all web browsers on the Home Secretary Theresa May’s GSI network account for one week.” Officials refused, saying the request was “scattergun” and “without any idea of what might be revealed.”

That was not all they said: “We have considered your request and we believe it to be vexatious. Section 14(1) of the Act provides that the Home Office is not obliged to comply with a request for information of this nature,” officials told The Independent. Like much of UK’s online focus, May claims the bill will keep people’s minds free from poison and hatred. 

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

“There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar,” Ms May stated of the Investigatory Powers Bill in Parliament.

“But I am also clear that the exercise and scope of investigatory powers should be clearly set out and subject to stringent safeguards and robust oversight, including ‘double-lock’ authorisation for the most intrusive capabilities,” she went on. “This bill will establish world-leading oversight to govern an investigatory powers regime which is more open and transparent than anywhere else in the world.” Critics of the bill come from casual Internet users to individuals in high government offices. 

“In every other country in the world, post-Snowden, people are holding their government’s feet to the fire on these issues, but in Britain we idly let this happen […] Because for the past 200 years we haven’t had a Stasi or a Gestapo, we are intellectually lazy about it, so it’s an uphill battle,” Conservative MP David Davis told The Guardian. Edward Snowden, as you might anticipate, is no fan. He tweeted long before the bill was passed: 

Prime Minister David Cameron sped up the passing of the Investigatory Powers Bill in the wake of the Paris AttacksThe UK has been on the forefront of online regulation, having already looked to ban internet companies from providing total Encryption to its users. Policymakers in the US have looked to do the same.

Backdoors are a favorite option of governments in securing cyber networks. Last week, Jupiter Networks discovered unauthorized code in its firmware which created a backdoor for hackers to access its devices, something which the National Security Agency apparently knew about.

In fact, fundamental building blocks of the Internet are flawed, open for exploit by nefarious online characters.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Cybersecurity

Israeli Researchers Turn Speakers/Headphones Into Eavesdropping Microphones

Published

on

In the current age, even the most secure software and the best security practices might not be enough to prevent someone from being spied upon. Researchers continue to find novel and inventive ways to gather more data on everyday computer users, and the latest research from Israel’s Ben Gurion University is exceptional in this regard.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Using software alone, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici were able to convert a given pair of headphones or speakers into Orwellian microphones beyond the user’s control or ability to patch. Their method [PDF] exploits a flaw in RealTek hardware chips, which are one of the most widely used chips in motherboards around the world. Companies like Dell, HP, and Compaq regularly utilize RealTek’s industry standard audio chips in their products. Beyond that, motherboards sold to consumers wishing to build their own systems often also include the hardware.

A simple patch or firmware upgrade will not fix this flaw, making the exploit particularly delightful to intelligence agencies, profit-motivated hackers (think boardroom conference calls), and others. Basically, anywhere a computer has an audio output, which in the case of laptops is everywhere, audio can now be intercepted and then relayed with roughly the same quality as if a microphone itself had been compromised. The images of people like Mark Zuckerberg covering up their webcam and microphone with electrical tape now seem trivial.

Jack re-tasking – the process of converting an output jack to either an input or a two-way port – has long been a possibility, but few developers make use of it. Most laptops and desktops will have separate ports for each, while smartphones and the like often require hardware that can do both. But the innovation on the part of Ben Gurion’s researchers involves making any regular output hardware capable of doing as much with only software. They write:

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The fact that headphones and earphones are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically from output to input, creates a vulnerability which can be abused by hackers.

The researchers noticed that the design of most audio input and output hardware was basically identical at the metal, drawing the following illustration for clarification:

Source: Ben-Gurion University of the Negev Cyber Security Research Center

Source: Ben-Gurion University of the Negev Cyber Security Research Center

One saving grace is that the audio output device must be “passive,” or unpowered. This means that if your speakers require power to work, they are not currently able to use these to listen to you. However, the vast majority of laptop speakers and earbuds are, by nature and necessity, passive. The researchers note that while they focused on RealTek codec hardware because of their popularity, other manufacturers also have the ability to retask jacks, which is the heart of the exploit.

While this may seem scary at first, it should be noted that, like anything else on your computer, audio input and output are data. They can therefore be encrypted with keys that are local to the machine, and it would seem that this new exploit opens up a new avenue of research for cryptographic researchers to institute audio encryption in the same way that full-disk encryption has become normalized.

Here is a demonstration of the method in action:

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Cyberespionage

Apple Watches Banned from UK Cabinet Meetings for Hacking Fears

Published

on

Cabinet ministers have voiced concerns that Apple Watches could be hacked by Russian spies, prompting the devices to be barred from meetings, according to a report from The Telegraph.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Under the new leadership of Theresa May, U.K cabinet ministers have been barred from wearing the watch during meetings after concerns were raised that the gadgets could be employed as listening devices.

The Apple Watches join the list of banned items alongside mobile phones after these were barred for similar reasons.

According to a survey conducted by research firm IDC, Apple Watches account for seven percent of the market compared to FitBit, which is reported to account for 25.4 percent.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

A Threat from Russian Hackers

This latest news comes amid concerns of a possible threat from Russian hackers who have recently been in the news.

Russian hackers are alleged to have been able to obtain confidential emails from the Democratic National Congress during the U.S. elections despite Russian president, Vladimir Putin, denying this was the case. Surprisingly, congressional leaders are reported to have known about the hacking a year before it was officially announced.

Not only that, but at the recent Rio Olympics, which saw many Russian athletes banned from competing after it was revealed that there was a state-run doping program in the country, Russian hackers have retaliated.

A Russian cyberespionage group known as Fancy Bear recently accessed and leaked data from several high-profile Olympic athletes, by targeting a World Anti-Doping Agency (WADA) database. This is the same agency that placed a recommendation to ban all Russian athletes from the 2016 Rio Olympics.

Unsurprisingly, with the threat of Russian hackers high, and with devices such as mobile phones and watches now being considered as vulnerable gadgets that can be hacked into, it seems as though banning them from important meetings is the only way that will remove any possible threat to state security.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Cybersecurity

In Child Porn Bust, FBI May Have Used Malware on Innocent Users

Published

on

In 2013, the FBI confiscated Freedom Hosting, a service that hosted websites on the dark web, including several child pornography websites and private email service TorMail. When it happened, it was seen as a massive victory, but recently unsealed documents show the FBI may have used malware on innocent users.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Three years ago, the FBI was given a warrant that allowed them to hack 300 TorMail users who were allegedly linked to child pornography. They went with a piece of malware known as a Network Investigative Technique (NIT), with the goal of acquiring users’ real IP addresses.

The agency did manage to arrest a lot of people for child pornography, but documents unsealed by the American Civil Liberties Union (ACLU) show the NIT was actually used on innocent users.

According to the documents, the FBI was allowed to “investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password”. Yet, the NIT was used on users even before the TorMail login page appeared. WIRED’s coverage at the time claims users were given a “Down for Maintenance” page that carried the malware, on al websites hosted by Freedom Hosting.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Christopher Soghoian, principal technologist at the ACLU told told Motherboard:

While the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade

The malware was quickly discovered by the community, and that forced the Feds to end their operation sooner than expected. Be that as it may, the FBI still arrested a large number of child pornographers.

Christopher Soghoian also noted that it remains unclear whether the court knew the FBI hacked innocent users it shouldn’t have, and whether the agents who did it were punished.

How the Feds Caught the Pedophiles

Although the Feds allegedly hacked innocent users, they still got the job done, as their malware exploited a critical memory management vulnerability in Firefox, which later fixed the problem.

The NIT specifically targeted Tor’s Firefox version, through a hidden Windows executable named “Magneto”. All it did was look up the infected user’s MAC address – a unique hardware identifier – and the Windows hostname. Then it was all sent to a server in Virginia outside of Tor, exposing the user’s real IP address.

Magneto also sent a serial number that tied the victim to her visit to the hacked websites. Those who noticed the hidden iframe tag that loaded the JavaScript code, noticed a lot of work went into simply identifying users, so the Feds became a suspect.

Still, after identifying users’ real IP addresses, their anonymity was broken. Thus, child pornographers were taken down.

Image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Trending