Apple Designing Servers In-House to Prevent Snooping

With the amount of sensitive information stored on their servers, cloud providers take security very seriously. However, many cloud services actually use third-party servers like Amazon Web Services or Microsoft Azure to run their platform. Even for those with their own servers, the hardware is made by and supplied by third-parties. In light of security concerns, Apple is taking it to the next level and designing their own servers.

Right now, Apple uses Amazon, Microsoft and Google servers to help run iCloud in addition to their own hardware. While it might seem prudent to do everything in-house to keep things secure, Apple wants their servers to be designed themselves. As we know from Edward Snowden’s revelations, the NSA, and probably other spy agencies are prone to intercepting hardware mid-shipment and tampering with the hardware.  Cisco for instance, has been one own past target and with Apple’s legal fight against the FBI, they may have been moved up the list.

By designing their own hardware, Apple will be able to make sure that everything is where it is supposed to be and no hardware has been added to it. With the massive scale of iCloud, Apple will be able to easily have whole manufacturing runs dedicated to them. Still, with their massive user base, running that many servers will be will a challenge for Apple. Nonetheless, Apple may soon get the total hardware control truly needed for true security.

SilverPush is Actually Legal?!

Earlier this week we reported that the FTC was warning people about apps that used the SilverPush framework. The reason was that the FTC believed users should be aware that SilverPush automatically collected and sent the data on to third parties, without any notification. SilverPush has now responded and is looking to put this warning behind them.

The feature that was causing issues with the FTC was the “unique audio beacons” (UAB) system, which could identify sounds, both audible and those you can’t even hear, to detect what shows you were watching on your TV and even if you were on a laptop in the same room.

In their statement, SilverPush has responded by stating the UAB system is no longer used in their framework and that they don’t have any active partnerships with US-based developers. While this may be true, there is no way to prove it as the product still features as one of their core products and is even advertised under the cross device platform.

Even amongst all of this news, it would seem that the SilverPush framework and everything it does is actually legal, something that may surprise people, and not in a good way. Do you feel comfortable knowing that the only reason the FTC had an issue was that you weren’t being told the app could use your microphone or is the entire premise of spying on everything you do through your microphone a little too creepy to handle?

FTC Warns Apps Could Be Invading Your Privacy

We all love downloading that new app. Be it a game or something more practical for everyday use, we love exploring it and finding out what it does. Seems like some Apps may be returning the favour and not even telling us about it as several apps could be invading your privacy.

The Federal Trade Commission (FTC) have warned several developers for mobile software that their apps may, in fact, be invading their customers privacy without even their notice. The Silverpush framework and several overs don’t request permission to use your microphone but still do. It only gets worse as it appears that the apps are capable of “producing a detailed log of the television content viewed while a user’s mobile device was turned on for the purpose of targeted advertising software and analytics”. So by having your phone near you when you watch TV means you could be advertising your favourite shows to third parties without even knowing it!

Silverpush is already known to listen for ultrasonic sounds to check for multiple devices within the vicinity such as your laptop or tablet. By knowing what devices you have around you the company is able to pick up and generate more detailed advertising profiles, some of which you are never even aware was being generated.

Silverpush, an India-based company, states that the techniques aren’t used domestically but the FTC want apps having to specifically request access to your device’s microphone.

US concerned Over Russian Activity Near Undersea Data Cables

Tensions between nations over Cyber warfare have increased dramatically over the last 5 years, from the US accusing China and Russia of systematically hacking into highly sensitive government systems through industrial means, to groups affiliated with IS and similar terrorist organisations who have cyber attacked various departments. Now, Washington is reportedly becoming concerned that Russia and its fleet of military submarines could in theory cut vital undersea cables that carry almost all global communications.

As yet there is no evidence to suggest Russia or any other country has attempted this, but, according to US intelligence, or lack of sometimes, who are monitoring a significant and increased “Russian activity along the known routes of the cables, which carry the lifeblood of global electronic communications and commerce”.

It was reported last month (Sep 2015) that a Russian spy ship “equipped with two self-propelled deep-sea submersible craft, cruised slowly off the East Coast of the United States on its way to Cuba — where one major cable lands near the American naval station at Guantanamo Bay”. US officials state this spy ship has the ability to launch submersible vehicles that in turn could cut data cables situated miles down in the sea.

The Pentagon is also concerned that Russia is attempting to hunt for cables at much greater depths than originally thought where such data lines are harder to both monitor and repair. The significance of these data cables is vast considering it has been estimated that they carry “global business worth more than $10 trillion dollars a day, including from financial institutions that settle transactions on them every second”

Is this all smoke and mirrors? Possibly, it’s difficult to know how much of this information is genuine and if so how much is actually being planned. If Russia succeeded in cutting vital cables then this would lead to a dramatic set of circumstances. One thing to bare in mind is that Putin quite likes the idea of censorship and could be looking at cutting Russia off from outside influences. What we do know is countries, for example Russia and China, have a vested interest in disrupting countries such as the US, but having said that, the US and others also have well-documented interests in intercepting gigantic amounts of data from other countries. It’s the same practice in a different pair of shoes, from both World Wars, the Cold War to modern-day cyber spying, countries want others data and will plot while both sides remain unsure of the final outcome.

Image source

Snowden Leak Reveals How Microsoft Helped the NSA Bypass Encryption

Privacy, spying, hacking, monitoring, tracking, just some of the words that people around the world have become frighteningly familiar with over the last few years. Edward Snowden uncovered many details of how our governments treat our data and he’s showing no sign of slowing down. His latest revelation reveals how Microsoft worked closely with the US Government, namely the NSA, to bypass encryption mechanisms that are intended to protect the privacy and data of the millions of users of Microsoft software such as Windows.

According to his article in The Guardian, NSA memos show that Microsoft helped the find a way to decrypt messages sent over various platforms, including Outlook, Hotmail and Skype, effectively handing them a backdoor into the data we entrusted them with.

While it’s no secret (anymore) that big tech companies were under pressure from various agencies to provide them with data on users, both with and without a warrant or similar legal document to back up their demands. However, the new leaks suggest Microsoft actively went out of their way to assist federal investigators, such as helping to circumvent encrypted chat messages via Outlook.com, prior to the product being launched to the public!

How Microsoft will react from this, especially given the privacy concerns of many in regards to Windows 10, remains to be seen.

Thank you RT for providing us with this information.

Edward Snowden Joins Twitter – Only Follows NSA

“Can you hear me now?” The stark words of Edward Snowdens first tweet as he joins social media platform Twitter. The account went live recently, gaining 160,000 followers in less than an hour, a number that has skyrocketed to almost 900,000 in less than a day and continues to grow exponentially.

The simple message was retweeted 93,928 times, so it’s obviously something that resonates with his followers. He’s since been a little more vocal too, and given his nature of challenging the order of things, you can bet he’s not going to be a passive user of the platform.

As a slight tongue-in-cheek jab, Snowden only follows one Twitter page, @NSAGov; I’m sure they heard his message and any others loud and clear.

Even better, Neil deGrasse Tyson, Anonymous, WikiLeaks and more have started tweeting at him, sparking a few conversations that have sent Twitter into overload, making Edward Snowden one of the most interesting people to follow on the social media platform right now.

I’m looking forward to more updates from Snowden, if you want to stay tuned to the latest, you can follow him here @Snowden.

How to Stop Windows 7 and 8 From Spying on You

By now, the internet is saturated with articles advising Windows 10 users how to stop the new operating system from tracking and collecting their data, with many existing Windows 7 and 8.1 users breathing a sigh of relief that they rejected their free Windows 10 update. What many are unaware of, though, is that Microsoft has updated its user agreement to introduced exactly the same spying tools into the previous two Windows iterations.

The following four Windows Updates for Windows 7 and Windows 8.1 are responsible for turning your operating system into a user data collection conduit:

KB3068708 This update introduces the Diagnostics and Telemetry tracking service to existing devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights.

KB3022345 (replaced by KB3068708) This update introduces the Diagnostics and Telemetry tracking service to in-market devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet been upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights.

KB3075249 This update adds telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels.

KB3080149 This package updates the Diagnostics and Telemetry tracking service to existing devices. This service provides benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights.

If you are a Windows 7 or 8.1 user that handles their Windows Updates manually, simply right-click on the offending updates in the list (Control Panel > Windows Update > Select updates to install) and click ‘Hide’. Don’t panic if the updates have already been installed, though, as you can still uninstall them. Navigate to Control Panel > Programs and Features > Installed Updates, find the relevant items under the Microsoft Windows sublist, right-click, and select Uninstall.

Alternatively, you can use an elevated command prompt to execute the following commands:

  • wusa /uninstall /kb:3068708 /quiet /norestart
  • wusa /uninstall /kb:3022345 /quiet /norestart
  • wusa /uninstall /kb:3075249 /quiet /norestart
  • wusa /uninstall /kb:3080149 /quiet /norestart

Thank you BGR for providing us with this information.

Windows 10 is Spying on Kids and Not Everyone is Happy About it

Windows 10 spies on its users. This is no secret. But did you know that it specifically spies on kids and sends weekly reports of children’s computer history and internet browsing details to parents in a weekly report? It’s one of the best-kept secrets contained within Microsoft’s new operating system, and that lack of disclosure alone is potentially damaging to vulnerable adolescents. In an ideal world, these weekly reports could be seen as a healthy precaution to monitor kids’ visits to potentially inappropriate sites. But we don’t live in an ideal world. We inhabit a planet in which bigots, bullies, and abusers punish children for being themselves.

Revealing the internet habits of a child to the wrong kind of parent could put that child at risk. That’s the argument put forward by members of the LGBTQ community, who are worried that confused kids looking for answers regarding their sexuality could have their support systems stripped away from them, and could be victimised if their search histories are revealed to unsympathetic parents.

The feature that sends reports on children’s computer history to parents was revealed anecdotally following reports from adult users surprised to see an itemised list of their kids’ browsing and activity.

Kirk sent the following e-mail to BoingBoing, expressing his surprise and concern over the Windows 10 spying feature:

“This weekend we upgraded my 14-year-old son’s laptop from Windows 8 to Windows 10. Today I got a creepy-ass email from Microsoft titled ‘Weekly activity report for [my kid]’, including which websites he’s visited, how many hours per day he’s used it, and how many minutes he used each of his favorite apps.

I don’t want this. I have no desire to spy on my boy. I fixed it by going into my Microsoft account’s website, hitting the “Family” section, then turning off “Email weekly reports to me” and “Activity reporting”.

OK, I admit that the timing might be coincidental but that would be one hell of a coincidence. I’ve never seen anything like this until we upgraded to Windows 10, and then I got the spy report the following business day.

A message to young readers: if you have Windows 10 now, your parents might be getting the same kind of report I did. Don’t assume your own computer has your back.”

Though Windows 8.1 has a similar feature, it is opt-in. It would be interesting to hear from Microsoft regarding its reasoning for changing permissions for Windows 10’s child monitoring feature to opt-out.

Thank you WCCF Tech for providing us with this information.

Secret Apology Letter Reveals CIA Spied on US Senate

The CIA didn’t spy on the US Senate. It said as much, in a rather aggressive manner, while accusing the Senate of impropriety by even suggesting such a thing, throwing out the Inspector General’s report on a potential breach in the process. The CIA even staged an in-house investigation of itself, clearing itself of any wrongdoing. However, an unsent letter written by the CIA, apologising to the Senate for spying on them, has come to light thanks to a Freedom of Information request. The request, issued by serial FIOA abuser Jason Leopold, has made the embarrassing letter – which was never signed or sent, but was addressed from CIA Director John Brennan – was made available by accident, according to VICE News:

After VICE News received the documents, the CIA contacted us and said Brennan’s draft letter had been released by mistake. The agency asked that we refrain from posting it. 

We declined the CIA’s request.

Leopold is the scourge of US intelligence and law enforcement agencies, stoking their ire with his serial FIOA applications. The Office of Net Assessment, a Pentagon think-tank, even tried to bribe Leopold to get him to stop making FOIA requests. He, of course, refused.

And they would have gotten away with it, too, if it wasn’t for that pesky Leopold.

Thank you TechDirt and VICE for providing us with this information.

Image courtesy of Wikimedia.

NSA Surveillance Program Operating For a Very Long Time

NSA operations have been going on a long, long, long, long time, that is according to the latest revelations by both Edward Snowdon and also by a report from The Intercept, NSA/GCHQ’s top secret surveillance program “Project Echelon” has been spying on the US allies, enemies, and its citizens for last 50 years. It’s being called the first-ever automated global mass surveillance system.

A British investigative journalist by the name of Duncan Campbell wrote a magazine article in 1988 about the existence a surveillance program by the name of Echelon, which is essentially a giant and automated surveillance dragnet that indiscriminately intercepted phone and Internet data from communications satellites. This technique was a precursor to today’s tapping of undersea fibre optic cables by survey non-military targets; these include governments, organizations and businesses in virtually every corner of the world.

In 2000, the European Parliament appointed a committee to investigate the program which lead to the outcome of the same old “The NSA played by the rules” mantra. How do you sum these latest revelations up? A foreign affairs directorate special adviser managed it perfectly by concluding the following,

In the final analysis, the “pig rule” applied when dealing with this tacky matter: “Don’t wrestle in the mud with the pigs. They like it, and you both get dirty.”

If anyone attempts to challenge these practises then both parties will be slandered into oblivion, the only difference is, the good guy always looks worst. I am not surprised by these revelations because frankly, who the hell can be after so much has been leaked out. I also think there is now more than surveillance at stake, but the underpinning of democracy which is looking weaker by the day.

This is also where GCHQ and the NSA look stupid, if they are able to track everyone all of the time, how come the likes of Osama Bin Laden managed to hide for so long? How come there are many criminals, illegal activities and an escalation in gun violence in the US within a world which is perceived to be more under surveillance? After all, the perpetrator of the Charleston church shootings wrote a manifesto which was easily accessible online, if the words “It was obvious that George Zimmerman was in the right” does not look slightly psychopathic, then nothing will.

Thank You fossbytes and The Intercept for providing us with this information.

Amazon Accused of Spying on Users’ Social Media Profiles

If you purchased from Amazon before, you know that reviews are important to get the right customer feedback from others who had bought the same product in the past. This is a great way of knowing that your money is going towards something that deserves the price tag it comes with. However, Amazon needs to sweep through all these reviews and take down illegitimate reviews. But how do they do it? One writer appears to know the hard truth.

Imy Santiago bought a book from Amazon a while back. She apparently loved it so much that she wanted to post a good review about it on Amazon to congratulating the author and let others know a consumer’s opinion about the book. However, she was greeted with an unexpected email rather than having her review posted on the website. The email was as follows:

Dear Amazon Customer,

Thanks for submitting a customer review on Amazon. Your review could not be posted to the website in its current form. While we appreciate your time and comments, reviews must adhere to the following guidelines:
http://www.amazon.com/review-guidelines

She went back and read her review and also took a close look at the retailer’s guidelines, to which she saw nothing wrong in what she wrote. So she went on and emailed their customer service team to get a better answer. Their reply was as follows:

Hello,

We cannot post your Customer Review for (book title deleted) by (author name deleted) to the Amazon website because your account activity indicates that you know the author. 

Customer Reviews are meant to give customers unbiased product feedback from fellow shoppers. Because our goal is to provide Customer Reviews that help customers make informed purchase decisions, any reviews that could be viewed as advertising, promotional, or misleading will not be posted. To learn more about this policy, please review our Customer Review Guidelines (http://amazon.com/help/customer-reviews-guidelines) and FAQs (http://www.amazon.com/gp/help/customer/display.html/?nodeId=201077870).  

We encourage family and friends to share their enthusiasm for the book through our Customer Discussions feature or Editorial Reviews feature. To start a Customer Discussion visit the Meet Our Authors forum and enter your discussion title in the Start a new discussion box. You’ll find the forum here: 
http://www.amazon.com/forum/meet%20our%20authors/&cdForum=Fx2UYC1FC06SU8S

To have your Editorial Review posted to the detail page, e-mail it directly to the author so they can add it for you. 

If you believe you’re eligible to write a Customer Review for this book, send additional details to review-appeals@amazon.com

We hope to see you again soon.

Best regards,

Harm J,

At this point, Santiago wrote an email explaining that knowing an author online is not the same thing as knowing an author personally. We all have fan pages we like, authors or other public figures we add as friends, but having a website as Amazon snooping around users’ social media websites and judging by profiles is surely not a way to make sure reviewers are ‘legitimate’. Amazon also did not reveal how they ‘determine’ how accounts are related and are not able to share ‘further information’ about what made them deny a good review.

Santiago may have crossed paths with the author, may it be online or even in person at an expo for example, but Amazon’s decision to deny sharing information on how they determine this is quite unsettling. I mean, if not even the customer knows how companies find out two people are related and are not provided with an explanation, then there’s clearly a privacy violation in the middle of it. What do you think?

Thank you BGR for providing us with this information

Hacking Team Release Ludicrous Statement

This story is so preposterous that I am going to play a little game called; “who are the hypocrites here.” Hacking Team, who recently fell to a cyber attack have released a statement claiming to be victims and have bluntly claimed that they have “always operated with the law and regulation in an ethical manner.”

You heard it right, when government officials start inventing ludicrous laws which state that hacking citizen’s phones and computers for data is actually legal, you arrive at the juncture where the Italian spyware firm claim that “there was only one Violation of Law in this entire event, and this was “the massive cyber attack on the Hacking Team”

Now I don’t condone hacking, well I do in this case where rival decent hackers exposed nearly 50GB of data, this included internal documents such as internal emails, hacking tools zero day exploits, surveillance tools, source code for Spyware and a spreadsheet listing and every government client with date of purchase and amount paid.

Out of balance and to be fair to Hacking Team, I have viewed their statement and what really stands out is the following few lines.

“The company has always sold strictly within the law and regulation as it applied at the time any sale was made. That is true of reported sales to Ethiopia, Sudan, Russia, South Korea and all other countries”

Well, those are true democracies which really do underpin Hacking Teams morals. The scary thing is, if you give a despot surveillance tools, this could have well led to deaths and suffering of citizens.

There are no winners in these revelations with perceived democratic countries also using these tools along with many dodgy dictators. Hacking Team also state that “there had not been “access to the data collected by company’s clients using purchased spying software, as such information is only stored on the customer’s systems and can’t be accessed by the company itself.”

This is the tip of a seedy and unethical Iceberg, which in the long run, will not protect against every terrorist eventuality, but to only virtually incarcerate the whole world. Anyone who sells spying software to countries which have a habit of executing dissenters is either desperate for cash or completely void of conscious. A sale is possibly within the law, but so is selling a pint of beer to a 16-year-old if bought by an adult with a meal. The only difference is, a pint normally does not result in potential war crimes and more… usually.

Thank you to Hacker News for providing us with this information

Image courtesy of ilquotidianoitaliano

Hacking team and Boeing Built a Surveillance Drone

The hack of Hacking team was hilarious but serious at the same time, to contemplate a freelance company hell-bent on hacking any target for a variety of employers seemed, well not surprising, but certainly a disappointing period for the ideological view of democracy. But at least the Italian surveillance team only hacked computers, I mean it’s not like they were developing any weaponry… oh my god they planned a Drone!

According to the released emails which became public thanks to Wikileaks, the firm have been planning for just over a year to develop a drone by the name of ‘Snoopy” which was capable of intercepting data from users smartphones through spoofed wireless networks. The emails also reveal that both Boeing and Hacking Team want unmanned aerial vehicles (UAVS) with the aim to carry out attacks which inject spyware into target computers or mobile phones via Wi-Fi.

The plans also reveal that public Wi-Fi networks would also be used to intercept targets internet traffic before injecting malicious code into said machine, with the aim of installing spyware which was developed by Hacking team. This news is also accompanied by techniques which makes use of “man in the middle attacks” and exploits to fish for information.

Well, I am not sure I particularly want surveillance drones which have the ability to spy on computers belonging to anyone. This news also highlights the line which blurs the view of good and evil, if governments were contemplating this concept, how does this make them any better than criminals? Yes, it’s technically for a noble cause by catching alleged targets, but who are the targets? This also goes back to the same question of transparently, governments quite happily inform us that money is tight for essential facilities for example hospitals, yet could well have been planning to purchase eyes in the sky which intercepts data at taxpayers expense.

Thank You The Hacker News and Wkileaks for providing us with this fascinating information

UK Privacy and Apps Under Threat

Let me just jump on my soapbox for a minute with regards to this subject, according to reports, the newly elected Conservative Government wants to again reintroduce the Snoopers Charter, sorry, I mean the new fangled “Investigatory Powers Bill” which if enacted would allow the government and security services for example M15 access to everyone’s communications.

To add insult to injury the plans would also make end to end encrypted apps for example Snapchat and WhatsApp technically illegal, unless a backdoor is installed or communications are handed over. All in the name of terrorism and extremists, now I am not being flippant and I am aware that groups such as IS exist, but I do not believe everyone’s communications should be spied upon.

This bill if passed would also require all ISP (Internet Service Providers) to retain all information on every citizens browsing habits, sites which are looked at and information which is sent, with the aim of making this information available to the security services.

So what do the tech experts believe? They have stated that these laws are draconian, anti free speech and would put the whole Internet at risk from hackers. Who would be able to crack any backdoor laid before them by the powers that be. Opposition includes Tim Cook who is the boss of Apple who said citizens should be entitled to a private life; academics from MIT and the UK have both dismissed these proposals as a disaster.

So what can we do about it? The only thing as citizens we can do, make our voices heard, I believe there should be a limit to what governments can collect, innocent people should not be spied upon in their own homes, I do think we need to track for example suspected terrorists movements, but I think in order to be under surveillance, you need evidence and a court of law to approve this, not simply cart blanch can we have your data and monitor everyone.

The mantra for governments is quite clear, “let us spy on you or you can only use certain communication tools approved by the state”. I think it would be impossible to ravage the internet of encryption, but I do think this bill is designed and will be able to collect more information on everyone.

I have started a petition on this over at change.org if you are interested in checking It out, link is below, will it work?  Hell I will be damned if I am going to lie down quietly and let the state turn into a whole new animal which polices everyone, which notion is brought to you by the good folks in China, North Korea and Russia among many.

Petition at Change.org

Thanks to BBC News, Huffington post  (who plan to encrypt their website further) and Facebook trends

Image Courtesy of automation

 

 

US, UK, New Zealand and France – Who’s Spying On Who?

Over the past few years, people have been told more and more about countries which have been part of or are actively spying on one another. The biggest revelation coming when it was revealed by Edward Snowden the extent at which the American government was spying not only on foreign entities but also on their own citizens. If the latest reports are correct it would seem France has joined the list of countries spying on foreign entities.

In a report from the L’Observateur, it claims that the french agency DGSE tapped several undersea fiber cables in an attempt to gain access to the information transmitted via them. This action was conducted and completed with cooperation from both the telecom supplier Alcatel-lucent and the operator Orange.

The received information was then shared with GCHQ, the British security agency responsible for digital and online security. If these reports are confirmed it could be a little trouble with GCHQ, given that they also received information from the American’s PRISM program. The PRISM program is reported to have recorded the conversations and communications of several high-ranking French officials including the President himself but also tried to access and gather all information relating to French companies which were valued over $200 million. PRISM then shared the information with the UK, Canada, New Zealand and Australia.

It seems that everyone is shocked when they find out  that someone spied on them, but then it all changes when it turns out they were spying on that country at the same time. I’ve lost track of who’s spying on who and sharing that information with what country.

Thank you Engadget for providing us with this information.

Image courtesy of Reuters.

Who Has Your Digital Back: 24 Major Tech Companies Analysed

Ever since the NSA clothed assassin Edward Snowden released a cache of documents, (I am not an all government sympathizer and I admire the steps which Mr Snowden took to place this information into the public domain) there has been a greater emphasis on how companies handle your private data. Tech companies are brilliant at telling you how your data is “important to them” and how they safeguard a user’s digital life, but how do we know this? After all, you won’t be receiving a phone call from Tim Cook to offer any assurances anytime soon.

Here’s where a non-profit organisation by the name of the Electronic Frontier Foundation swings into the picture, as you may know, every year this organization publishes an annual report which details how tech companies handle your data or who they may hand it to. The 2015 report has been submitted and is split into the following five categories

  • Follows Industry accepted best practice
  • Tells users about government data demands
  • Discloses policies on data retention
  • Discloses government content removal requests
  • Pro-user public policy opposes backdoors

As you can see, each category is defined with the aim of requesting transparency from each of the 24 individual tech companies who were analysed. The aim of this study is to detail how each company deals with requests from government sources for your data.

So who has kept their word? Well, Tim Cook, you have seemingly kept yours as Apple earned itself a score of 5/5, there were other companies who also earned top marks, I know! These were as follows;

  • Adobe
  • Apple,
  • Yahoo
  • Dropbox
  • WordPress,
  • Wickr,
  • Credo Mobile,
  • Sonic
  • Wikimedia.

A question mark may arise over Dropbox with the controversial appointment of Condoleezza Rice to the board in April 2014. There is no evidence of a policy shift between Dropbox and the US government after Mrs Rice’s appointment, but never the less, its noteworthy.

Now for the worst, open golden envelope, drum roll please, ok metaphorical drum roll, the three worst companies are… I mean I really should win an award for suspense, Get on with it! ok, goes to;

  • AT&T
  • WhatsApp
  • Verizon

AT&T and Verizon failed in every category except “Follows Industry accepted best practice” Although which industry of what universe is anyone’s guess, with WhatsApp failing in every category except “opposes backdoors” But then again, who needs a backdoor when you place all your users details into a post stamped addressed envelope to any government who asks for it. Maybe an exaggeration, but if WhatsApp won’t tell you who demands a section of data, then it’s anyone’s guess..

These reports are well worth reading as it gives you a snapshot of how transparent tech companies are willing to be, after all, we as a society should demand information into what exactly is happening with our data.

Thank You to Electronic Frontier Foundation for providing us with this information

Image Courtesy of Electronic Frontier Foundation

Agent Pitta Bread Is Listening

Yes this is still eTeknix and no you haven’t tuned in for the latest Jamie Oliver recipe, oh and before you ask, no I am not wearing a tin foil hat while preaching that the world is going to end. This is the slightly bizarre story of how a Pitta Bread has been used by researchers from Tel Aviv University to conceal a radio transmitter capable of stealing encrypted keys.

As this image below demonstrates, the PITA Device uses an unshielded loop antenna made of plain copper wire which is wound into 3 turns of diameter 13 cm. A tuning capacitor is chosen to maximize sensitivity at 1.7 MHz; this technique captures the key-dependent leakage signal with an SDR receiver being used and which is controlled by a small embedded computer.

How this device connects and steals an encrypted key is by monitoring the differing signals a CPU makes while undertaking various activities, by analysing these radio signals it became possible to discover the key being implemented to secure an encrypted email.

Well this certainly adds a new meaning to the phrase “I think there’s something wrong with that loaf” On a slightly serious Bagel, I mean note, the research demonstrates albeit in a controlled test environment that it is possible, in theory for an attacker to conceal a small device within an object which in turn could possibly decrypt a key which is potentially guarding sensitive documents.

Currently the researchers have developed a range at which this transmitter would be able to steal encryption keys at around (1ft 8in) from said target device. Which is compelling considering this project has been developed at a university with the potential for an unknown source to harness and develop this technique with the aim of executing this device in the real world.

Image courtesy of something awful & tau.ac.il

Thank You tau.ac.il for providing us with this information

UK Government Wants to Monitor Social Networking

UK government ministers announced over the weekend that it has awarded contracts to five companies to monitor citizen’s online content and provide that information to Whitehall in real-time. The companies will be on the look-out for a government-approved list of keywords, collating information regarding people’s opinion of the government and related political issues.

“We monitor digital, social and traditional media so we understand what people are saying, identify their concerns and shape policies accordingly,” a government spokesperson told The Independent. “Departments have always monitored social media but this agreement means they can find the most appropriate way of doing this at the best price, ensuring good value for money for the taxpayer.”

One of the five providers, Precise Media Monitoring, calls its task “automated sentiment” analysis, saying, “We use advanced text analytics to generate automated analysis for all mainstream and social content. This includes analysis of the key topics being discussed, and hashtags being mentioned and the sentiment of conversations. The results can quickly enable a Contracting Body [such as a Government department] to get an idea of sentiment towards a subject and can act as an alert to potential issues at an early stage.”

Which is all just a fancy way of saying that UK citizens are now party to mass surveillance in real-time and are paying for the privilege of being spied on with their own taxes. How do you feel about  having your online movements watched, recorded, and scrutinised?

Thank you The Independent for providing us with this information.

Astoria: The New NSA-Beating Tor Client

International intelligence agencies, such as the US National Security Agency (NSA), may have developed the ability to peel back the layers of The Onion Router network some time ago, but hackers and activists are determined to preserve their anonymity, developing a new Tor client that even the NSA can’t crack. The Astoria client should pose government spies their biggest challenge yet.

Astoria allows users to mask their identities by passing traffic between an encrypted middle relay and exit relay circuit, routed through 6,000 network nodes. With other Tor clients, anonymity can be compromised though “timing attacks”; gaining control over the entry and exit relays, with 58% of Tor circuits vulnerable to such attacks. Astoria reduces that number of vulnerabilities from 58% to 5.8%.

Included within the Astoria client is an algorithm designed to predict and counter relay attacks, patching vulnerabilities before they can be exploited. The client is thus able to always create the most secure circuit while balancing performance. Though “timing attacks” – commonly used by the NSA and GCHQ to crack Tor anonymity – can never be protected against entirely due the way Tor is constructed, Astoria makes it as difficult as possible for them to succeed.

“In addition to providing high-levels of security against such attacks, Astoria also has performance that is within a reasonable distance from the current Tor client,” Astoria’s developers write. “Unlike other AS-aware Tor clients, Astoria also considers how circuits should be built in the worst case—i.e., when there are no safe relays that are available. Further, Astoria is a good network citizen and works to ensure that the all circuits created by it are load-balanced across the volunteer driven Tor network.”

Astoria is not yet available for download, only being revealed in a research paper by its developers, but it is expected to be released soon.

Thank you The Daily Dot for providing us with this information.

Parental Spyware Firm Hacked by Blackmailers

Spy software firm MSpy has just found out what it feels like to have its privacy violated. Creator of various mobile spying software, the firm has been approached with predatory demands by blackmailers over customer information. However, MSpy is claiming that any such allegations that they had been hacked and customer data stolen is on the web is false. Separate desktop monitoring software created by MSpy has not been found to be impacted by this alleged hack.

Word of the hack first came out via noted security expert Brain Krebs. Krebs received word from an anonymous source who notified him of a data dump. Hosted on a Tor Hidden Service site, the data weighed in at over several hundred gigabytes. The information spanned emails, conversations and photos taken from devices purportedly running MSpy’s mobile products as well as customer support emails to MSpy.  As the data has now been removed from the Hidden Service, it is hard for anyone to verify the legitimacy of the data to determine if it did indeed come from a breach of MSpy, as it is possible the data could be fake or come from a non-MSpy source.

MSpy markets its spying applications as a way to monitor children or employees activity on mobile devices. It captures movements, messages and calls of any mobile device it is installed onto. Unlike malware, MSpy products do require permission to install and spy. While limiting abuse, it does mean anyone with physical access and the passkey can install, someone like a jealous partner or spouse. While the company has denied itself has been hacked, it is possible the mobile applications themselves contain vulnerabilities that could be exploited to obtain said customer information. Hopefully, researchers will be able to get to the bottom of this to prevent more abuse if it is occurring.

Thank you BBC for providing us with the information.

Who’s Listening to Your Communications?

Since the Snowden leaks in mid-2013, governments have been mixed about reviewing and releasing information about their digital monitoring methods. From newspapers accessing answer phones to random people accessing images stored in the cloud, mobile security and communications have been in the news for good and bad reasons.

One of the devices used by the Department of Justice in America is called a “Stingray”. These devices look and act like mobile phone towers, except they can be used to intercept mobile communications like text messages and phone calls. The devices can be used to specifically target a certain device, but due to their nature they will also capture information from other devices in their area.

With organisations like the Electronic Frontier Foundation getting involved, more and more people are becoming aware of the monitoring of their online information and the access other people may have to it, with or without their permission or knowledge. The main problem some people see with these information gathering methods is the fact that the methods themselves are hidden behind layers of non-disclosure agreements and implied “do not speak of such things”, resulting in the public having no idea about any of the things that affect almost every communication they use.

So when you next see a mobile tower just think, are you and the recipient the only ones getting your text?

What do you think about this kind of technology? Should agencies be allowed to monitor and read our communications and if so what rules should there be in place to help protect the public and their secrets? Or should they not have the right to access our information without a solid reason and proof of why?

Image Courtesy of Prevas

Information Courtesy of Arstechnica.

CIA Couldn’t Use NSA’s Surveillance Program as Analysts Didn’t Know it Existed

A 2009 CIA document – released courtesy of a victorious Freedom of Information lawsuit filed against the US Department of Justice and published by The New York Times – has revealed the US external intelligence service did not use the NSA’s controversial STELLAR WIND surveillance program, which allowed the government warrantless access to private data that it collected en masse, as CIA analysts were not even aware that it existed.

Dated June 2009, the document from the CIA Inspector General (IG), the intelligence service’s internal watchdog, though heavily redacted, claims that the President’s Surveillance Program (PSP, aka “The Program”) was so secretive that only top-level officials had access to it, leaving “CIA analysts and targeting officers” in the dark.

According to the CIA IG report, three “sets of data” were collected under PSP:

The first set included the content of individually targeted telephone and e-mail communications. The second set consisted of telephone dialing information—the date, time, and duration of calls; the telephone number of the caller; and the number receiving the call—collected in bulk [REDACTED]. The third data set consisted of e-mail transactional data [REDACTED] collected in bulk [REDACTED].

The reports goes on to outline exactly why the CIA did not use data from PSP – because most were unaware it was there, and the few who did had no training as to how to access and use it:

Several factors hindered the CIA in making full use of the capabilities of the PSP. Many CIA officers told us that too few CIA personnel at the working level were read into the PSP. [REDACTED] officials told us that CIA and targeting officers who were read in had too many competing priorities and too many other available information sources and analytic tools—many of which were more easily accessed and timely—to fully utilize the PSP. CIA officers also told us that the PSP would have been more fully utilized if and targeting officers had obtained a better understanding of the program’s capabilities. Many CIA officers noted that there was insufficient training and legal guidance concerning the program’s capabilities and the use of PSP-derived information. The factors that hindered the CIA in making full use of the PSP might have been mitigated if the CIA had designated an individual at an appropriate level of managerial authority, who possessed knowledge of both the PSP and CIA counterterrorism activities, to be responsible and accountable for overseeing CIA participation in the program.

The CIA did not implement procedures to assess the usefulness of the product of the PSP and did not routinely document whether particular PSP reporting had contributed to successful counterterrorism operations.

So, the CIA was reprieved from being sullied by reprehensibly unethical breaches of others privacy through sheer ignorance. That’s something, I suppose.

Thank you Ars Technica for providing us with this information.

Android Malware Fakes Power-off to Spy on You

The security company AVG has discovered a particular devious little piece of malware in the Android ecosystem, one that seemingly can spy on you while your phone is turned off.

The malware digs into your phone and actually just fakes a power down. You’ll get the animation and the screen as well as LEDs will turn off – exactly the same as if you’d turn your phone off.

Now that you’re completely unaware that the phone is running, the malware can make phone calls, send messages, transfer your files as well as record you through the built-in cameras and microphone. That’s kinda creepy.

The good news is, this malware can only attack rooted phones, so the general public is safe. But even people with rooted phones can be safe from this attack, at least if they use AVG’s security solution. It can both detect and deal with this new threat dubbed the ‘Android/PowerOffHijack.A’ that can attack Android 5.0 and below.

The company spokesperson told that at least 10,000 devices were infected so far, but mostly in China where the malware was first introduced and offered through the local, official app stores.

Thanks to AVG for providing us with this information

Privacy International Will Find Out if GCHQ Spied On You

Privacy International, one of the human rights groups that brought a case against UK intelligence agency GCHQ for unlawful surveillance, has launched a new campaign to enquire on your behalf as to whether you were illegally spied on by the intelligence outfit.

To submit to Privacy International’s enquiry, all you need to do is enter your details here. The organisation will collate all details it receives and forward them to the Investigatory Powers Tribunal – the body that ruled GCHQ’s actions unlawful – for comparison against its records. The request is permitted through the European Convention for Human rights, specifically Article 8 (‘right to respect for personal and family life’) and Article 10 (‘right to freedom of expression and information’).

Deputy Director of Privacy International, Eric King, said:

“The public have a right to know if they were illegally spied on, and GCHQ must come clean on whose records they hold that they should never have had in the first place. There are few chances that people have to directly challenge the seemingly unrestrained surveillance state, but individuals now have a historic opportunity finally hold GCHQ accountable for their unlawful actions.”

Source: The Next Web

GCHQ Breached Human Rights with Mass Internet Surveillance, Rules Court

The Investigatory Powers Tribunal (IPT), Britain’s most secretive court, has ruled that British intelligence operations regarding internet mass surveillance were unlawful. GCHQ, the UK’s intelligence and security agency, has been found in breach of human rights laws. The unlawful information that GCHQ was in possession of came from the NSA, via its Prism information intercept programme.

The IPT posted an order to its website on Friday, reading, “The regime governing the soliciting, receiving, storing and transmitting by UK authorities of private communications of individuals located in the UK, which have been obtained by US authorities … contravened Articles 8 or 10” of the European convention on human rights (ECHR). Article 8 is the right to private and family life, while article 10 protects freedom of expression.

The initial challenge against GCHQ and the NSA came from a coalition of civil liberty groups, including Liberty and Privacy International.

“For far too long, intelligence agencies like GCHQ and NSA have acted like they are above the law,” said Eric King, deputy director of Privacy International. “Today’s decision confirms to the public what many have said all along – over the past decade, GCHQ and the NSA have been engaged in an illegal mass surveillance sharing programme that has affected millions of people around the world.”

“We must not allow agencies to continue justifying mass surveillance programmes using secret interpretations of secret laws. The world owes Edward Snowden a great debt for blowing the whistle, and today’s decision is a vindication of his actions.”

“But more work needs to be done. The only reason why the NSA-GCHQ sharing relationship is still legal today is because of a last-minute clean-up effort by the government to release previously secret ‘arrangements’. That is plainly not enough to fix what remains a massive loophole in the law, and we hope that the European court decides to rule in favour of privacy rather than unchecked state power.”

“We now know that, by keeping the public in the dark about their secret dealings with the NSA, GCHQ acted unlawfully and violated our rights,” added James Welsh, legal director for Liberty. “That their activities are now deemed lawful is thanks only to the degree of disclosure Liberty and the other claimants were able to force from our secrecy-obsessed government.”

“But the intelligence services retain a largely unfettered power to rifle through millions of people’s private communications – and the tribunal believes the limited safeguards revealed during last year’s legal proceedings are an adequate protection of our privacy. We disagree, and will be taking our fight to the European court of human rights.”

A spokesperson for GCHQ responded to the ruling, saying, “We are pleased that the court has once again ruled that the UK’s bulk interception regime is fully lawful. It follows the court’s clear rejection of accusations of ‘mass surveillance’ in their December judgement.”

Source: The Guardian