Connect with us

Eavesdropping

Senate Compiling Database of US Spy Programs

Published

on

Democratic Senator Dianne Feinstein, who has served 25 years for the state of California and is best known for her crusade against guns and violence, particularly violence in video games, has given a rather candid interview to the Associated Press. She explained that the Senate Intelligence Committee has been so overwhelmed by the information leaked by Edward Snowden that they have had difficulty making sense of it all.

// -- Discuss and ask questions in our community on Workplace.

We’re trying right now to look at every intelligence program. There are hundreds of programs we have found … sprinkled all over. Many people in the departments don’t even know (they) are going on.

The sheer number of programs created under Executive Order 12333, which can (allegedly) legally authorize overseas surveillance programs, has led to the necessity of a compilation of sorts. The committee is characteristically secretive about how it conducts business, but intelligence officials have said that no single document will ever exist which outlines the whole of American surveillance activities.

Feinstein No Longer Committee Chair

spyNorth Carolina Senator Richard Burr took over as the chair of the Senate Intelligence Committee, which oversees intelligence activities of the government and often holds secret meetings, in January when his party took control of the Senate. Feinstein told the Associated Press that she hadn’t been sure at that time if the review of the leaks by Edward Snowden and more would continue under his watch.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Feinstein initially called for a full review of the errant NSA and CIA when a widely covered story circulated about the government spying on ally German Chancellor Angela Merkel’s cell phone. To the untrained eye, spying on allies is an oxymoron, but Snowden’s leaks along with other revelations of the past decade have proven that it is a regular occurrence.

Intelligence Committee members are prohibited from discussing the depths of their knowledge even with their staffers, which they might otherwise have aide them in researching the issues at hand. Legislation can sometimes run into the thousands of pages, and it wouldn’t be humanly possible for a single person to review it all, after all.

Also read: UK Government Authorized GHCQ to Hack Any Device

Burr Refuses to Comment

When the Associated Press attempted to get comment from present Intelligence Committee chairman Richard Burr, they hit a brick wall. A representative of his office said:

[The Senate Intelligence Committee] is constantly and continuously engaged in oversight of intelligence community activities. It is the very core of what the committee does, day in and day out, and it is a key component of the work done by the committee’s professional staff.

More than likely, Burr does not want to appear weak or to compromise on matters that can be construed as directly related to national security. Republican voters have overwhelmingly supported initiatives such as the War on Terror, historically. On that note, so has Feinstein, who also told the AP that she had known about the PRISM program and many of its components prior to the Snowden leaks. Her concern and the concern of her committee were the many programs, across the government, authorized directly by the White House under E. O. 12333. That order, first signed by George W. Bush in 2003, reads, in part:

Timely, accurate, and insightful information about the activities, capabilities, plans, and intentions of foreign powers, organizations, and persons, and their agents, is essential to the national security of the United States. All reasonable and lawful means must be used to ensure that the United States will receive the best intelligence possible. […]

Special emphasis shall be given to the production of timely, accurate, and insightful reports, responsive to decision makers in the executive branch, that draw on all appropriate sources of information, including open source information, meet rigorous analytic standards, consider diverse analytic viewpoints, and accurately represent appropriate alternative views. […]

[The Director of National Intelligence] shall ensure that appropriate departments and agencies have access to intelligence and receive the support needed to perform independent analysis […]

Feinstein said the committee expected to have its new atlas of American intelligence programs compiled and completed by September. September 11th, 2015 will mark the 14th year since the the World Trade Center attacks kicked into motion the spying programs that Edward Snowden revealed in a controversial gambit to shed light on domestic surveillance programs by Western powers not previously famous for them.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Cybersecurity

Israeli Researchers Turn Speakers/Headphones Into Eavesdropping Microphones

Published

on

In the current age, even the most secure software and the best security practices might not be enough to prevent someone from being spied upon. Researchers continue to find novel and inventive ways to gather more data on everyday computer users, and the latest research from Israel’s Ben Gurion University is exceptional in this regard.

// -- Discuss and ask questions in our community on Workplace.

Using software alone, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici were able to convert a given pair of headphones or speakers into Orwellian microphones beyond the user’s control or ability to patch. Their method [PDF] exploits a flaw in RealTek hardware chips, which are one of the most widely used chips in motherboards around the world. Companies like Dell, HP, and Compaq regularly utilize RealTek’s industry standard audio chips in their products. Beyond that, motherboards sold to consumers wishing to build their own systems often also include the hardware.

A simple patch or firmware upgrade will not fix this flaw, making the exploit particularly delightful to intelligence agencies, profit-motivated hackers (think boardroom conference calls), and others. Basically, anywhere a computer has an audio output, which in the case of laptops is everywhere, audio can now be intercepted and then relayed with roughly the same quality as if a microphone itself had been compromised. The images of people like Mark Zuckerberg covering up their webcam and microphone with electrical tape now seem trivial.

Jack re-tasking – the process of converting an output jack to either an input or a two-way port – has long been a possibility, but few developers make use of it. Most laptops and desktops will have separate ports for each, while smartphones and the like often require hardware that can do both. But the innovation on the part of Ben Gurion’s researchers involves making any regular output hardware capable of doing as much with only software. They write:

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The fact that headphones and earphones are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically from output to input, creates a vulnerability which can be abused by hackers.

The researchers noticed that the design of most audio input and output hardware was basically identical at the metal, drawing the following illustration for clarification:

Source: Ben-Gurion University of the Negev Cyber Security Research Center

Source: Ben-Gurion University of the Negev Cyber Security Research Center

One saving grace is that the audio output device must be “passive,” or unpowered. This means that if your speakers require power to work, they are not currently able to use these to listen to you. However, the vast majority of laptop speakers and earbuds are, by nature and necessity, passive. The researchers note that while they focused on RealTek codec hardware because of their popularity, other manufacturers also have the ability to retask jacks, which is the heart of the exploit.

While this may seem scary at first, it should be noted that, like anything else on your computer, audio input and output are data. They can therefore be encrypted with keys that are local to the machine, and it would seem that this new exploit opens up a new avenue of research for cryptographic researchers to institute audio encryption in the same way that full-disk encryption has become normalized.

Here is a demonstration of the method in action:

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Cyberespionage

Apple Watches Banned from UK Cabinet Meetings for Hacking Fears

Published

on

Cabinet ministers have voiced concerns that Apple Watches could be hacked by Russian spies, prompting the devices to be barred from meetings, according to a report from The Telegraph.

// -- Discuss and ask questions in our community on Workplace.

Under the new leadership of Theresa May, U.K cabinet ministers have been barred from wearing the watch during meetings after concerns were raised that the gadgets could be employed as listening devices.

The Apple Watches join the list of banned items alongside mobile phones after these were barred for similar reasons.

According to a survey conducted by research firm IDC, Apple Watches account for seven percent of the market compared to FitBit, which is reported to account for 25.4 percent.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

A Threat from Russian Hackers

This latest news comes amid concerns of a possible threat from Russian hackers who have recently been in the news.

Russian hackers are alleged to have been able to obtain confidential emails from the Democratic National Congress during the U.S. elections despite Russian president, Vladimir Putin, denying this was the case. Surprisingly, congressional leaders are reported to have known about the hacking a year before it was officially announced.

Not only that, but at the recent Rio Olympics, which saw many Russian athletes banned from competing after it was revealed that there was a state-run doping program in the country, Russian hackers have retaliated.

A Russian cyberespionage group known as Fancy Bear recently accessed and leaked data from several high-profile Olympic athletes, by targeting a World Anti-Doping Agency (WADA) database. This is the same agency that placed a recommendation to ban all Russian athletes from the 2016 Rio Olympics.

Unsurprisingly, with the threat of Russian hackers high, and with devices such as mobile phones and watches now being considered as vulnerable gadgets that can be hacked into, it seems as though banning them from important meetings is the only way that will remove any possible threat to state security.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Cybersecurity

In Child Porn Bust, FBI May Have Used Malware on Innocent Users

Published

on

In 2013, the FBI confiscated Freedom Hosting, a service that hosted websites on the dark web, including several child pornography websites and private email service TorMail. When it happened, it was seen as a massive victory, but recently unsealed documents show the FBI may have used malware on innocent users.

// -- Discuss and ask questions in our community on Workplace.

Three years ago, the FBI was given a warrant that allowed them to hack 300 TorMail users who were allegedly linked to child pornography. They went with a piece of malware known as a Network Investigative Technique (NIT), with the goal of acquiring users’ real IP addresses.

The agency did manage to arrest a lot of people for child pornography, but documents unsealed by the American Civil Liberties Union (ACLU) show the NIT was actually used on innocent users.

According to the documents, the FBI was allowed to “investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password”. Yet, the NIT was used on users even before the TorMail login page appeared. WIRED’s coverage at the time claims users were given a “Down for Maintenance” page that carried the malware, on al websites hosted by Freedom Hosting.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Christopher Soghoian, principal technologist at the ACLU told told Motherboard:

While the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade

The malware was quickly discovered by the community, and that forced the Feds to end their operation sooner than expected. Be that as it may, the FBI still arrested a large number of child pornographers.

Christopher Soghoian also noted that it remains unclear whether the court knew the FBI hacked innocent users it shouldn’t have, and whether the agents who did it were punished.

How the Feds Caught the Pedophiles

Although the Feds allegedly hacked innocent users, they still got the job done, as their malware exploited a critical memory management vulnerability in Firefox, which later fixed the problem.

The NIT specifically targeted Tor’s Firefox version, through a hidden Windows executable named “Magneto”. All it did was look up the infected user’s MAC address – a unique hardware identifier – and the Windows hostname. Then it was all sent to a server in Virginia outside of Tor, exposing the user’s real IP address.

Magneto also sent a serial number that tied the victim to her visit to the hacked websites. Those who noticed the hidden iframe tag that loaded the JavaScript code, noticed a lot of work went into simply identifying users, so the Feds became a suspect.

Still, after identifying users’ real IP addresses, their anonymity was broken. Thus, child pornographers were taken down.

Image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Trending