Egypt Blocks Facebook’s Internet Service After Being Denied The Ability To Spy On Users

Facebook have been keen on allowing countries access to Free Basics, their low-cost internet system designed at giving people the ability to create a Facebook account and access a limited number of sites at no cost. Free internet sounds great doesn’t it? Some countries don’t believe so, with India already banning the platform and the system being suspended within Egypt, over what now seems to be because the government was denied the ability denied the ability to spy on users.

The Free Basics platform in Egypt was suspended officially on December 30th, 2015, with sources now stating the reason for the suspension was that Facebook wouldn’t allow the government to circumvent the systems security, thereby allowing surveillance to be conducted on users of the platform. Etisalat, the mobile carrier that provided the service when it started in October 2015, hasn’t responded to comment while Facebook has declined to comment while the Egyptian government has declined to say what kind of surveillance or changes they wanted to be made to the service.

Officially the line given is that the service was considered “harmful to companies and their competitors”, a tale that while believable may be as well be an April fools joke to cover what can only be considered a request to invade and monitor everyone’s internet access. With limited access already and concerns about net neutrality for the scheme, if it was found to provide monitoring and tracking the “free” basics program would almost certainly see counties drop the system.

SpotCam Announces HD Eva Wi-Fi Camera with Free Cloud Recording

Monitoring your home while you are away can be both tricky to setup and manage as well as get quite expensive depending on your needs, but there are simple solutions too. One of those simple solutions is the newly introduced SpotCam HD Eva which is a complete and user-friendly IP webcam solution with free online recording.

The HD Eva can both pan and tilt its wide-angle lens in order to monitor your pets and loved ones anywhere in the room. You can eliminate dead zones with his and get high-quality camera footage with full 3660-degree horizontal movement and 70-degree vertical movement – and this can be controlled from anywhere and any device that has a web-browser.

Most cameras like this offer you a live view for free, but recording will either cost you monthly plans or they are limited to motion-detected clips. The HD Eva offers free unlimited 24-hour cloud continuous video recording out of the box. SpotCam users can rewind and review a full 24-hour’s footage at any time without paying a subscription. That said, you can pay monthly or yearly plans in order to get access to 3-day, 7-day, or 30-day recording options too. All files are stored in Amazon’s cloud, which should keep them pretty safe and it is considered one of the world’s most secure cloud service.

The camera offers 720p HD recordings with sound and H.264 compression to save both bandwidth and storage. It features 18 IR LEDs that make it able to record when it’s practically dark too. Built-in motion and audio detection can also be configured to send out notifications to you.

With a built-in microphone and speaker, two-way communication is possible too. Say hi to your pets or yell at them when they go where they shouldn’t – it’s a small job for the HD Eva. Price-wise it isn’t the cheapest, but considering the features and included 24-recording service, £169.99 is a fair offering.

Sea Drone to Patrol World’s Largest Marine Reserve

There is no doubt that policing 834,000 square kilometers of sea is no easy task. It could be about to get a lot harder for illegal fishermen to slip through undetected thanks to a new two-part ocean-going drone that will patrol the around the Pitcairn Islands in the Pacific that are designated as no-fishing zones.

Created by Liquid Robotics, the drone known as the Wave Glider will be operated by staff at a satellite watch room which monitors the activities of fishing vessels. Wave Glider will be able to take images of vessels that are within the restricted zones as well as pinpoint their location via the use of satellites. This drone is, made of two parts, consisting of a small boat that carries the required monitoring instruments and a separate submersible craft that is attached by a tether. The two-part setup allows the craft to be propelled along by the differential motion between the sea’s surface and the depth of the submersible, which combined with its solar panels allows the craft to stay at sea for months at a time without needing to be recharged.

The zone that the Wave Glider will be patrolling was established as a protected region by the UK in 2015 and created a watchdog foundation to protect the 1,200 species of fish, marine mammals and birds present in the region, some of which are entirely unique. This new drone, which entered service late last month should make it easier to protect these countless species and show that drones can be used for good.

Image credit to Liquid Robotics

Russia Request Permission to Fly Spy Plane Over the US

Today Russia requested permission to allow an advanced surveillance plane with advanced electro-optical imaging sensors to fly over the US. The request is valid as both Russia and the US are signatories of the Open Skies Treaty, which permits unarmed observational flights over any of the 34 member nations, despite the arguments from US officials. These officials believe that the sensors equipped on the plane they wish to use are too advanced and exploit the spirit of the treaty, which is to increase military transparency amongst the nations.

With tension between the west and Russia at its highest since the Cold War, the move seems to be a clear move to see how far they can push their luck. “The treaty has become a critical component of Russia’s intelligence collection capability directed at the United States,” Adm. Cecil D. Haney, commander of the U.S. Strategic Command, wrote in a letter earlier this year according to the AP. “In addition to overflying military installations, Russian Open Skies flights can overfly and collect on Department of Defense and national security or national critical infrastructure,” Haney continued. “The vulnerability exposed by exploitation of this data and costs of mitigation are increasingly difficult to characterize.”

Russia’s chances of its request being approved may be hampered by their recent refusal to allow other nations to engage in surveillance over its own territory. A number of key locations including the capital, Moscow and potential conflict areas such as Chechnya and the areas around Abkhazia and South Ossetia are considered off-limits, despite the treaty.

Due to the nature of the treaty being that of transparency it will be hard for Russia to keep secrets of what it is observing, as the treaty rules that all images taken as part of flights under its regulations must be shared with all of the treaty’s member states. It remains to be seen whether the request will be accepted, but even if it is, Russia’s flight would only take place in summer at the earliest, with the treaty having a 120-day lead time on agreements.

Image credit to Kremlin.ru

Camera Attached To A Utility Poll Used To Spy On Suspects

While they work to enforce the law, recently they have come into conflicts with it when technology was used in new ways. From the use of mobile interception technologies, like the Stingray, to the watching people’s online activity. In a recent court appeal, a new tactic was revealed, a Webcam attached to a utility pole being used to spy on suspects.

Roane County Sheriff’s Office arrested Rocky Houston, a known felon, for possession of a firearm. ATF agents installed a remote-controlled camera to a utility pole around 200 yards away from Houstons farm, all without a warrant. Normally required to install surveillance technology such as cameras or phone taps, the 6th US Circuit Court of Appeals has stated that Houstons conviction will remain in place as “no reasonable expectation of privacy” was present in the video footage. The reason for this ruling is that as the camera was placed on a public utility pole and only captured what could have seen by a passerby, the images it took would not be considered an invasion of privacy and wouldn’t require a warrant to be legally admissible.

The camera was located on the pole for a grand total of 10 weeks. With such as a short time frame, the observations were not considered unconstitutional.

Judge Thomas Rose, while believing that even if the surveillance was in breach, said that the video evidence would have been permitted, although due to the probable cause they could have gotten a warrant.

Snoopers Charter Could Have Harmful Effect on Smaller Businesses

Previously we’ve reported on the Snooper Charter (the official name of which is the Investigatory Power Bill). The focus for the snooper charter has been on large companies, with groups like Facebook and Microsoft coming out with some observations over just how bad an impact the charter might have on companies working in the UK. Even  the NSA’s ex-director warned that it could “kill people”. Worst may be yet to come, with Theresa May clarifying not only the extent, but also that the Snooper Charter could cost a lot more than initially thought.

Theresa May stated the cost of the snooper charter may, in fact, exceed the original estimate of 240 million pounds. With companies like EE and Vodaphone saying that the cost to them may be that figure alone in order to meet the bill’s requirements.

One of the initial thoughts regarding the bill was that small-scale internet providers might be excluded from the requirement, but this isn’t the case. The defence and security industries, alongside the information commissioner, asked for a “sunset clause”. This clause would mean that after five to seven years the bill would be revisited because of the rapid pace of technological change, May rejected this thought saying that the bill was fit for a rapidly changing world and was “technology neutral”.

An issue brought up by groups like Facebook and Microsoft was the dealing of extra-territorial warrants. In the current bill, a notice could be provided to a company with employees in the UK for data stored abroad, a topic which has been at the forefront of data request issues for years now.

It was then asked if the government would have a limit on the finances available, the answer to which was that they were going to work on a “cost recovery basis”. This means that  companies could seek back the cost for installing the hefty systems needed and that they will “have reasonable cost recovery when we require these companies to provide these capabilities”. Not only could the bill mean worrying levels of powers and data stored about people, but it also seems like we will also be footing the bill for it.

‘Snooper Charter’ Causes Issues With Google, Microsoft, Twitter And Others

The Investigatory Powers Bill (IP Bill for short) goes by another name, the Snooper Charter. The bill is aimed to help extend and update the government’s legislation surrounding their surveillance powers, this extension though is gaining more than a little public notice with more than a few people expressing how worried they are about these new powers. Google, Microsoft, Facebook, Yahoo and Twitter can now be added to this list of people that have issues with the current bill.

Listing their concerns, they state they understand the responsibilities of Governments to protect people and privacy, they continue by saying that they believe a legal framework can protect people, companies and the Government. They cite their membership to the “Reform Government Surveillance” (RGS) coalition before continuing in saying that any surveillance must be lawful, necessary, transparent and proportionate.

Current proposals look to force ISP’s to retain at least a years worth of data about sites you visit, an action that has raised concerns by ex-NSA director Bill Binney. The primary areas that they wished to bring into notice are the conflicting laws between the proposal and international law. Continuing on to state that an international framework, as suggested by Sir Nigel Sheinwald, should be established to help with issues and prevent the use of warrants on people based within the UK to attempt to extract information from a branch of the company in a different country.

One of the main issues is encryption with digital data and the bill states that companies will have “obligations relating to the removal of electronic protection applied by a relevant operator to any communication or data”, basically saying that any protection you have on your devices companies will need to be able to remove. This didn’t go down well in America when the government ordered Apple to unencrypt a phone while China’s new law forces companies to provide them with encryption keys.

I recommend reading through their concerns if you are interested and keep listening out for more information as it develops on the “Snooper Charter”, as no matter how you use technology, this law will impact everyone.

Manhattan District Attorney Attacks Apple’s Encryption Policy

Cyrus R. Vance, the District Attorney of Manhattan, has launched a scathing attack on Apple after CEO Tim Cook said that the company would resist any attempts by the US government to circumvent its user’s privacy, CBS New York reports.

In an interview with Charlie Rose on CBS News show 60 Minutes, Cook – a vocal supporter of end-to-end encryption – reaffirmed his stance on providing the best security possible for Apple customers, which means not building backdoors into its systems.

“If the government lays a proper warrant on us today, then we will give the specific information that is requested, because we have to by law. In the case of encrypted information, we don’t have it to give,” Cook said, adding, “I don’t believe the trade-off here is privacy versus national security.”

“If there’s a way to get in, then somebody will find a way to get in,” he continued. “There have been people that suggest that we should have a back door. But the reality is, if you put a back door in, that back door’s for everybody.”

Following the interview, Vance released a statement trashing Apple’s plan to fully encrypt its disks, claiming the company did it “so that it could no longer comply with the judicial search warrants that make this work possible.”

“iPhones are now the first consumer products in American history that are beyond the reach of lawful warrants,” Vance continued. “The result is crimes go unsolved and victims are left beyond the protection of law.”

In response, Vance called on the US government to force the company to give intelligence services access to its data, saying, “Because Apple is unwilling to help solve this problem, the time for a national, legislative solution is now.”

FBI Admits Use of Zero-Day Exploits and Stingrays

In a profile of Amy Hess, the FBI’s executive assistant director for science and technology and overseer of the bureau’s Operational Technology Division, conducted by the Washington Post in the wake of the San Bernardino shootings, the FBI executive openly admitted to the use of a number of techniques the FBI use in order to track down criminals. Amongst the methods brought to light by reporter Ellen Nakashima are Zero-Day Exploits, Stingrays and the OTD’s Remote Operations Unit of hacking technicians.

For those unaware, a Stingray is a type of “cell-site simulator” that imitate cellular towers, in order to collect communications data from mobile telephones within range, both suspect and bystander alike. The tool has been a long-kept secret by the FBI, with them requiring local law enforcement members involved in their use to sign nondisclosure agreements. While Hess insisted that the FBI never enacted a gag on the police, they wanted to keep the details of the device’s functionality shielded.

A zero-day exploit is a flaw in a piece of software that can be manipulated in order to exploit it in some way, that are unknown to the software’s vendor and thus unpatched. Usage of these can allow for easier hacks into suspects PCs or mobile devices, however favoring such techniques is unreliable, and thus not a preferred method to use.

The real worry with these types of attacks are the privacy implications on the common person. A stingray’s data would have to be checked in order to identify the suspect’s data, meaning that the privacy of everyone within proximity of the device potentially has their privacy violated. Holding on to known exploits instead of reporting them to the software developers for patching opens any user of the software open to attack from a hacker were the exploit discovered by another unsavory party. As a result of these implications, both are seen as controversial by privacy advocates and as a result, governments have often tried to distance themselves from discussion of their use. Now, in an unusual moment of transparency, the FBI has potentially put itself a little closer to the disc

Carnegie Mellon University Responds to Allegations it Took $1m to Take Down Tor

Last week, The Onion Router team claimed that Carnegie Mellon University had taken $1 million from the FBI to compromise its Tor browser. The University has now spoken out about the allegations, with a statement denying that it receives any money for information it provides police and intelligence organisations.

In a world of increasing online surveillance, Tor aims to provide its users with anonymous internet browsing, and as such it has been the bane of law enforcement agencies across the globe. The FBI specifically has been lobbying for more powers to see through Tor’s layers for some time, and it is known to have a relationship with Carnegie Mellon University.

While Carnegie Mellon dismisses any notion that it has taken money from any agency, it does not deny that it works with law enforcement organisations, nor does it specifically address its dealings FBI or its involvement in compromising Tor.

The statement reads:

“There have been a number of inaccurate media reports in recent days regarding Carnegie Mellon University’s Software Engineering Institute work in cybersecurity.

Carnegie Mellon University includes the Software Engineering Institute, which is a federally funded research and development center (FFRDC) established specifically to focus on software-related security and engineering issues. One of the missions of the SEI’s CERT division is to research and identify vulnerabilities in software and computing networks so that they may be corrected.

In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed. The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.”

While it doesn’t say outright that the University gave the FBI information regarding Tor due to a subpoena it received, it is heavily implied. In denying taking money and affirming that any dealings were law enforcement were legally obliged, Carnegie Mellon appears to be indirectly absolving itself of blame by assigning all responsibility to the FBI.

Government Officials Blame Snowden Leaks for Paris Attacks

In the wake of the tragic and devastating attacks in Paris last week, many questioned why the authorities were unable to predict and stop the attacks. In fact, despite the wide-ranging and intrusive surveillance systems in place, the only whiff of intelligence was about a generalized threat against France. Now many officials are coming out across the spectrum and blaming Edward Snowden and his leaks for allowing the terrorists to go undetected.

Former director of the CIA James Woolsey has been among the most forceful, claiming Snowden “has blood on his hands” while current CIA director John Brennan blames the unauthorised disclosures as well. London Mayor Boris Johnson has also blamed Snowden for teaching the terrorists “how to avoid being caught”.

Encryption and methods of avoiding electronic detection, however, have not been new to the terrorist toolkit. Since before the 9/11 attacks and in the many that followed it, terrorists have used encryption and other methods of secure communication to co-ordinate. Those attacks all happened before Snowden even revealed the surveillance systems in place, revelations which only confirmed what many already believed the government was already doing. This is especially true of terrorists who knew they would be monitored and generally used methods to conceal themselves already, with Bin Laden famously using couriers only to communicate.

With the focus in recent days on backdoors, it would not be surprising to see pressure placed on Sony to allow monitoring of the PSN and PS4 given its use by the terrorists. Even if governments end up creating backdoors in many popular products, there will still be nothing to stop peer-to-peer encryption and other forms of encrypted communications from being used.

Paris Attackers Allegedly Used PS4s and PSN to Communicate

In a development that is likely to place more pressure on the technology sector, reports are coming out that the perpetrators of the recent Paris attacks used Sony PS4s to communicate and coordinate their attack. This comes after authorities have taken away the PS4s from the attackers homes and Belgian home affairs minister has said that the PS4 was chosen due to its difficulty to track.

Games and consoles have always been on the radar for authorities in monitoring suspects. After all, Edward Snowden revealed that the NSA and GCHQ had agents embedded into MMORPG World of Warcraft and Second Life in order to monitor suspects. XBox Live was monitored and part of the reason many were hesitant about the always on functions of the new consoles and the once mandatory Kinect.

At that time, PSN, the Sony’s Playstation Network was not mentioned as a target for monitoring. If it turns out the PS4 was used, authorities will likely start looking into PSN communications as well. Given the myriad number of ways players can communicate with each other in game, the large volume of communications and the importance of context, whether or not extra monitoring would help remains to be seen.

Full Scope of UK’s Worrying Surveillance Bill Revealed

The UK Home Secretary, Conservative MP Theresa May, has outlined the full scope of the proposed Investigatory Powers Bill. The bill, which has been teased by both May and UK Prime Minister David Cameron as a legal means by which police and intelligence services can bypass internet and telecommunication encryption and access the internet history of any UK citizen without judicial oversight, has confirmed the fears of many that the concept of privacy on the internet will become a thing of the past in the UK.

The new powers, as revealed by May in Parliament on Wednesday (4th November) and in draft form on the UK Government’s website [PDF], grant UK law enforcement agencies the ability to access and intercept a user’s internet data, which internet service providers will be required by law to store for up to 12 months, and place a legal obligation on companies to allow the UK Government backdoors by which to bypass encryption, but will be powerless to ban end-to-end encryption since such facilities being protected under European Union law.

The response to the bill outside the House of Commons has been almost uniformly negative, with many fearing that it marks an end to internet human rights in the UK, and that tech companies could pull out of the country over it:

https://twitter.com/jamesrbuk/status/661904968404873216

https://twitter.com/carlynyst/status/661895043490430976

A full summary of the Investigatory Powers Bill (via The Guardian):

  • Requires web and phone companies to store records of websites visited by every citizen for 12 months for access by police, security services and other public bodies.
  • Makes explicit in law for the first time security services’ powers for the “bulk collection” of large volumes of personal communications data.
  • Makes explicit in law for the first time the powers of the security services and police to hack into and bug computers and phones. Places new legal obligation on companies to assist in these operations to bypass encryption.
  • New “double-lock” on ministerial authorisation of intercept warrants with a panel of seven judicial commissioners given power of veto. But exemptions allowed in “urgent cases” of up to five days.
  • Existing system of three oversight commissioners replaced with single investigatory powers commissioner who will be a senior judge.
  • Prime minister to be consulted in all cases involving interception of MPs’ communications. Safeguards on requests for communications data in other “sensitive professions” such as journalists to be written into law.
  • New Home Office figures show there were 517,236 authorisations in 2014 of requests for communications data from the police and other public bodies as a result of 267,373 applications. There were 2,765 interception warrants authorised by ministers in 2014.
  • In the case of interception warrants involving confidential information relating to sensitive professions such as journalists, doctors and lawyers, the protections to be used for privileged information have to be spelled out when the minister approves the warrant.
  • Bill includes similar protections in the use of powers to hack or bug the computers and phones of those in sensitive professions as well.
  • Internet and phone companies will be required to maintain “permanent capabilities” to intercept and collect the personal data passing over their networks. They will also be under a wider power to assist the security services and the police in the interests of national security.
  • Enforcement of obligations on overseas web and phone companies, including the US internet giants, in the courts will be limited to interception and targeted communications data requests. Bulk communications data requests, including internet connection records, will not be enforceable.

Image courtesy of WikiMedia.

UK Police to be Granted Powers to View Your Internet History

UK Police will be granted the power to view the internet history of every person in the country under new plans proposed by Tory Home Secretary Theresa May. On Wednesday, May will announce the Conservative Government’s new surveillance bill in the House of Commons on Wednesday (4th November), and the new police powers will be granted under the bill, according to The Telegraph.

The bill would require internet service providers to retain the browsing history of every customer for 12 months, and to give police and intelligence agencies access to that data, which would include search engine terms and websites visited.

“I’ve said many times before that it is not possible to debate the balance between privacy and security, including the rights and wrongs of intrusive powers and the oversight arrangements that govern them without also considering the threats that we face as a country,” May told MPs. “Those threats remain considerable and they are evolving. They include not just terrorism from overseas and home-grown in the UK, but also industrial, military and state espionage.”

“They include not just organised criminality, but also the proliferation of once physical crimes online, such as child sexual exploitation. And the technological challenges that that brings,” she added. “In the face of such threats we have a duty to ensure that the agencies whose job it is to keep us safe have the powers they need to do the job.”

A YouGov poll on behalf of Big Brother Watch from 2012 shows that 71% of people do not trust that the Government will keep their data secure.

WD Purple 6TB Surveillance Hard Drive RAID Review

Introduction


We have already had the pleasure to see how WD’s 6TB Purple surveillance hard disk performed in our previous review, but WD was kind enough to provide us with two of these drives and thereby allowing us to test them in a RAID environment too. A surveillance setup will rarely consist of just one hard drive, making this review one to take a closer look at before investing in your future surveillance storage.

With two drives at our disposal, we can run them as in RAID 1 and RAID 0 setups, depending on whether we want speed and storage or redundancy. There isn’t one setup that is better than another, it comes down to what you need in your setup. Most people will probably get more drives and opt for a RAID 5, RAID 6, or RAID 10 setup, but those are out of our reach when working with just two drives.

Whether you want to protect your personal assets and loved ones or monitor the business you worked hard to build, you’ll want surveillance-class storage to rely on. Not only are these drives built for 24/7 usage in environments with up to 8 disks, they also come with enhanced firmware built just for this kind of operation. When it comes to surveillance, every frame counts, and every frame has to be perfect. This is especially noticeable when many cameras are using the drives simultaneously. WD’s Purple series has no trouble here and it is designed to work in setups with up to 32 HD cameras.

The WD Purple 6TB surveillance drive features 64MB cache and uses the well-known WD IntelliPower system for the spindle speed. It is rated for a sustained transfer speed of up to 175MB/s and comes with a power draw of 5.3W in operation, 4.9W when idle, and 0.4W in standby or sleep mode. The noise level is rated to 45 dBA idle and 26 dBA seeking, so they’re barely audible. With a weight of 750 grams, the WD Purple 6TB isn’t the lightest drive, but that’s no surprise considering the capacity.

Western Digital also designed the Purple series to work in high-temperature environments. The temperature rating of the drive, on the base casting, ranges from zero to 65 degrees Celcius when operating and -40 to 70 when non-operating. The Purple series has a mean time before failure of 1 million hours and can withstand 300,000 load/unload cycles. On top of that you also get a two-year limited warranty.

One of the things that make the WD Purple series so great is the exclusive AllFrame technology that works with ATA streaming to reduce error pixelation and video interruptions that easily occur when desktop drives are incorrectly used in security systems. Missed frames and lost footage is a serious problem when an event occurs and surveillance footage needs to be retrieved. WD Purple with AllFrame provides the confidence you should expect when it’s time to play back and review critical surveillance footage.

AllFrame Features:

  • Reduces video frame loss with surveillance-class storage.
  • Specifically tuned for surveillance security systems.
  • Caching algorithms are tuned for write-intensive, low bit rate, high stream count applications that are typical of surveillance applications.
  • Priority change for write allocations and preemptive caching policies.
  • TLER & ATA streaming support.
  • Supports up to eight drives.

Specifications

The specifications are taken directly from the manufacturers homepage at the time of the review and might as such be subject to possible future changes.

Controversial CISA Cybersecurity Bill Passed by US Senate

The CISA bill that allows the US Government to collect personal data without a warrant has been voted in by the Senate by 74 votes to 21, and without amendments that would protect the privacy rights of US citizens. CISA, according to the Electronic Frontier Foundation, a vocal opponent of the bill, “is fundamentally flawed due to its broad immunity clauses, vague definitions, and aggressive spying authorities” and that its approval “reflects the misunderstanding many lawmakers have about technology and security.”

The bill was negotiated in secret, championed outside of the Senate by corporate lobbyers The US Chamber of Commerce, with positive editorials popping up in the Wall Street Journal and the Washington Post, and gives US intelligence services to gather personal data – including names, addresses, credit card details, and even medical prescription records – from third-parties at will.

While Facebook has been accused of quietly supporting CISA, many major tech companies oppose the bill. Wikimedia, Reddit, Salesforce, DropBox, and Apple have all spoken out against CISA.  We don’t support the current CISA proposal,” a statement from Apple last week reads. “The trust of our customers means everything to us and we don’t believe security should come at the expense of their privacy.”

While the final wording of the bill is still to be determined by a conference of the House of Representatives and the Senate, semantics will not be able to protect against the violations of freedom and privacy of US citizens that CISA will make legal.

WD Purple 6TB Surveillance Hard Drive Review

Introduction


In today’s review, I am taking a look at a mechanical hard disk, but it isn’t one that is intended for your desktop system. Western Digital created their Purple line of hard disk drives to be the perfect choice for digital video recording, network video recording, and surveillance systems. On the test bench today is the 6TB version of this WD Purple surveillance hard disk.

All hard disk drives may look the same on the outside, but there is a big difference in what is inside and how it works. That is also the main reason that you should pick a drive suited for the task at hand and not just any random drive of the shelve. As WD puts it: “You wouldn’t use a bicycle to transport cargo across the country because it is not the right tool for the job.”

 

Whether you want to protect your personal assets and loved ones or monitor the business you worked hard to build, you’ll want surveillance-class storage to rely on. Not only are these drives built for 24/7 usage in environments up to 8 disks, they also come with enhanced firmware built just for this kind of operation. When it comes to surveillance, every frame counts, and every frame has to be perfect. This is especially noticeable when many cameras are using the drives simultaneously. WD’s Purple series has no trouble here and it is designed to work with up to 32 HD cameras.

The drives don’t just have to be perfect for the scenario that they are to be used in, they also need to be compatible with the systems themselves. WD made sure that this was the case by working closely with industry leading chassis and chipset manufacturers. If you got an NVR system, you’ll most likely find the WD Purple on the official list of supported drives.

The entire line of WD Purple drives, from 1TB up to 6TB, all feature 64MB cache and come in the same 3.5-inch form factor. WD also used their IntelliPower system that we know from such drives as the RED series, that uses variable speeds to bring the performance that is needed without excessive noise from the motors. But that is where the similarities of the drives end. The 6TB version that I’m taking a closer look at today is the best performing of them all with a sustained speed rating of 175MB/s where the 1TB model for example only is rated for 110MB/s. The drives naturally also differentiate in power consumption. The bigger the drive, the bigger the power draw, that is if the word big even applies here. The WD Purple 6TB draws 5.3W during read and write operations, 4.9W when idle, and 0.4W when in standby or sleep mode.

The noise level is almost identical on all the models, but there are differences. The largest drives are also the loudest with a dBA rating of 25 when idle and 26 when seeking. With a weight of 750grams, the 6TB model is also the heaviest of them all.

I’ve previously mentioned the firmware and that this was an important factor, and it is. One of the things that make the WD Purple series so great is the exclusive AllFrame technology that works with ATA streaming to reduce error pixelation and video interruptions that easily occur when desktop drives are incorrectly used in security systems. Missed frames and lost footage is a serious problem when an event occurs and surveillance footage needs to be retrieved. WD Purple with AllFrame provides the confidence you should expect when it’s time to play back and review critical surveillance footage.

AllFrame Features:

  • Reduces video frame loss with surveillance-class storage.
  • Specifically tuned for surveillance security systems.
  • Caching algorithms are tuned for write-intensive, low bit rate, high stream count applications that are typical of surveillance applications.
  • Priority change for write allocations and preemptive caching policies.
  • TLER & ATA streaming support.
  • Supports up to eight drives.

Next to being designed for 24/7 always-on scenarios, the WD Purple series is also designed for high-temperature environments. The temperature rating of the WD Purple, on the base casting, ranges from zero to 65 degrees Celcius when operating and -40 to 70 when non-operating.

Western Digital is backing the Purple series of surveillance drives with a three-year limited warranty worldwide. However, it is unlikely that you’ll ever need that warranty as the drives are rated for a mean time before failure of 1 million hours and can withstand 300,000 load/unload cycles.

Specifications

The specifications are taken directly from the manufacturers homepage at the time of the review and might as such be subject to possible future changes.

ASUSTOR Adds Compatibility for All PLANET’s IP Cameras

ASUSTOR partnered up with PLANET to Create an even better cloud surveillance solution. ASUSTOR added compatibility for all of PLANET’s IP camera models, giving users that utilize the Surveillance Station functionality to turn their NAS into an NVR even more choices when it comes to cameras that they can use. All ASUSTOR NAS devices are now compatible with world renowned PLANET IP cameras. Traditional surveillance systems are a thing of the past thanks to the increased network bandwidth that has become available, both wired and wireless, making IP cameras the optimal choice.

ASUSTOR NAS not only provides a highly stable network storage system but also allows users to easily setup and install a surveillance management system. This is the first time that PLANET teams up with ASUSTOR, so it is quite nice to see that all their high-quality IP camera products now are compatible with ASUSTOR’s network storage servers.

Users that require a complete network surveillance solutions can get their high-quality surveillance feeds transferred and stored on ASUSTOR NAS via PLANET’s smart energy-saving PoE switches and related equipment. Furthermore, smart system functions help administrators with remote management while maintaining high-quality surveillance and productivity in any usage environment.

ASUSTOR’s Surveillance Center is a free, but you may need to purchase additional camera licenses, and it can be installed on all ASUSTOR NAS devices, instantly turning the NAS into a Network Video Recorder. Surveillance Center features a simple 5 step quick installation wizard that can complete camera additions within 90 seconds and configure recording, viewing and management settings.

A full list of compatible cameras can be found here.

MI5 Boss Poses New Threat to UK Encryption

Andrew Parker, Director-General of MI5, the UK’s domestic counter-intelligence and security agency, has joined Prime Minister David Cameron in calling for a ban on end-to-end encryption to make its surveillance efforts easier. According to Parker, online companies such as Facebook and Twitter, plus popular instant messaging app WhatsApp, have a “responsibility” to share private user details with the UK government, rather than a responsibility to protect the rights, privacy and integrity of its users.

In an interview on BBC Radio 4, Parker claimed that “[Terrorists] are using secure apps and internet communication to try to broadcast their message and incite and direct terrorism amongst people who live here who are prepared to listen to their message.” He added that it was “in nobody’s interests that terrorists should be able to plot and communicate out of the reach of any authorities with proper legal power” and that encryption is “creating a situation where law enforcement agencies and security agencies can no longer obtain under proper legal warrant the contents of communications between people they have reason to believe are terrorists.”

“Because of that threat we face and the way the terrorists operate and the way we all live our lives today, it is necessary that if we are to find and stop the people who mean us harm, MI5 and others need to be able to navigate the internet to find terrorist communication,” Parker concluded, failing to throw in  “if you’ve nothing to hide, you’ve nothing to fear” in his Kafka-esque appeal to trashing civil liberties, built on the false assumption that only “terrorists” and “criminals” seek privacy and a failure to acknowledge that surveillance is ineffective in preventing terrorist attacks.

Thank you The Express for providing us with this information.

Retweeting ISIS Could Land You In Jail In The US

This story is compelling for a number of reasons which include the potential ramifications, the FBI considers retweets as endorsements with the emphases squarely pointed at those containing IS statements. This theory has been proven again by the arrest of an individual by the name of Ali Saleh who is a 22-year-old Queens resident. His detainment followed an FBI investigation into his attempts to join ISIS; the reported mentioned evidence included the tracking of Twitter related activity by Saleh.

According to information contained and submitted within the complaint to the Federal Court in Brooklyn. FBI special agent Bret Luhmann stated that Saleh had attempted on a number of occasions to travel to Syria with the aim of joining the terrorist group. Among the social media activity which has been collected for evidence purposes from this individual includes the sentence “I’m ready to die (for ISIS) Prison is nothing” Saleh proclaimed while retweeting a message which was posted by another user.

On the face of it Saleh has been arrested for more than numerous incendiary retweets after being placed under the microscope by law enforcement, this includes alleged active attempts to travel to Yemen and Istanbul by booking a seat for a flight which he later decided to miss. The problem lays with the FBI and its interpretation, many users tweet hashtags and statements which are connected to terrorist acts for a variety of legitimate reasons, these could include informing followers of brutal acts which have been covered by many news outlets or other user experiences, to protest against such behaviour or simply to parody the situation.

Take the aftermath of the arrest of convicted Boston Bomber Dzhokhar Tsarnaev, a substantial amount of people retweeted the social media account of said person in a kind of expose to highlight the individual behind such tragic actions. To further convey the ambiguity, a 17-year-old Virginia resident was arrested this summer of 2015, after frequently retweeting flattering statements about ISIS leader Abu Bakr al-Baghdadi.

Now, let’s take an extreme situation, how would the FBI or any other agency react to a user who felt seriously depressed and conveyed suicidal thoughts through tweets and phrase retweets, would they be considered ISIS sympathisers or in imminent danger or going on a shooting spree, if their intentions were considered to be terrorist related? This is the ambiguity, there needs to be more evidence which is garnered before a person is suspected of malicious intentions.

Logically, and I know governments struggle with this concept, you would only be arrested after a build up of various intelligence actions from a person who was under suspicion, otherwise, there is going to be a hell of a lot of people arrested if it is based on certain tweets, which no agency in the world has the resources to deal with on a continuous basis.

Thank you nydailynews and scribd or providing us with this information.

Image courtesy of atuffcartoons

Western Digital Announced MyCloud OS 3 and Adds Arcus Surveillance Software

Western Digital has a great line-up of NAS devices that already come with a lot of good features and plenty of functionality, we’ve seen that for ourselves recently in the review of the WD EX4100 NAS. WD recognized that one thing was missing from their NAS when comparing to the competition and caught up on that by partnering with Milestone Systems and adding their Arcus Surveillance software to the upcoming and newly announced My Cloud OS 3.

The Milestone Arcus Surveillance software will be available first on WD’s My Cloud Business Series NAS systems beginning this month and it is expected to be available on other My Cloud systems such as the My Cloud Expert Series in the future. Milestone Arcus is designed to be embedded in hardware devices and as such a perfect choice for WD. This enables WD My Cloud OS 3 users to turn their NAS into a full-fledged networked video recording systems for their offices or homes. After installing the Arcus app, users can install up to 16 cameras where the first two are free and more will require the purchase of additional licenses.

My Cloud OS 3 will also bring a lot of other features that mostly centre around photo and video capabilities, and Chromebooks and Chromecast are also supported with this new OS version. My Cloud OS 3 will be available as a free download at the end of September 2015 for the models My Cloud, My Cloud Mirror, My Cloud Expert Series EX2/EX4, My Cloud Expert Series EX2100/EX4100 and My Cloud Business Series DL2100/DL4100.

UN Expert Calls UK Surveillance “Worse Than 1984”

The new Special Rapporteur on Privacy for the United Nations, Joseph Cannataci, has branded the UK surveillance state “a rather bad joke at its citizen’s expense” that is “worse” than the dystopian vision of the future from George Orwell’s 1984. An obvious point of reference, to the point of cliché, but still sadly apposite.

“At least Winston [from Orwell’s 1984] was able to go out in the countryside and go under a tree and expect there wouldn’t be any screen, as it was called,” Cannataci lamented. “Whereas today there are many parts of the English countryside where there are more cameras than George Orwell could ever have imagined. So the situation in some cases is far worse already.”

Cannataci’s fear extends beyond an invasion of privacy, complaining that the commercialisation of user data is just as insidious as state surveillance. “They just went out and created a model where people’s data has become the new currency,” he said. “And unfortunately, the vast bulk of people sign their rights away without knowing or thinking too much about it,” Cannataci told The Guardian.

The UN’s new privacy chief believes the only way to tackle flagrant invasion of privacy is with a Geneva convention-style law to protect against unwarranted digital surveillance, and keep both governments and corporations in line.

“We have a number of corporations that have set up a business model that is bringing in hundreds of thousands of millions of euros and dollars every year and they didn’t ask anybody’s permission. They didn’t go out and say: ‘Oh, we’d like to have a licensing law.’ No, they just went out and created a model where people’s data has become the new currency. And unfortunately, the vast bulk of people sign their rights away without knowing or thinking too much about it,” he said.

Thank you The Guardian for providing us with this information.

Hacking team and Boeing Built a Surveillance Drone

The hack of Hacking team was hilarious but serious at the same time, to contemplate a freelance company hell-bent on hacking any target for a variety of employers seemed, well not surprising, but certainly a disappointing period for the ideological view of democracy. But at least the Italian surveillance team only hacked computers, I mean it’s not like they were developing any weaponry… oh my god they planned a Drone!

According to the released emails which became public thanks to Wikileaks, the firm have been planning for just over a year to develop a drone by the name of ‘Snoopy” which was capable of intercepting data from users smartphones through spoofed wireless networks. The emails also reveal that both Boeing and Hacking Team want unmanned aerial vehicles (UAVS) with the aim to carry out attacks which inject spyware into target computers or mobile phones via Wi-Fi.

The plans also reveal that public Wi-Fi networks would also be used to intercept targets internet traffic before injecting malicious code into said machine, with the aim of installing spyware which was developed by Hacking team. This news is also accompanied by techniques which makes use of “man in the middle attacks” and exploits to fish for information.

Well, I am not sure I particularly want surveillance drones which have the ability to spy on computers belonging to anyone. This news also highlights the line which blurs the view of good and evil, if governments were contemplating this concept, how does this make them any better than criminals? Yes, it’s technically for a noble cause by catching alleged targets, but who are the targets? This also goes back to the same question of transparently, governments quite happily inform us that money is tight for essential facilities for example hospitals, yet could well have been planning to purchase eyes in the sky which intercepts data at taxpayers expense.

Thank You The Hacker News and Wkileaks for providing us with this fascinating information

Hacking Team’s Rootkit Can Survive Hard Drive Scrubbing

Investigations by Trend Mirco have uncovered that the now-infamous spyware distributed by Italian surveillance outfit Hacking Team can survive the scrubbing or removal of a hard drive. Trend Mirco has revealed that the Remote Control System, Hacking Team’s backdoor malware, writes itself to the target computer’s BIOS.

The virulent malware was developed to hide itself within Insyde BIOS, popular amongst laptop vendors, via a Unified Extensible Firmware Interface (UEFI) BIOS rootkit, though AMI BIOS is also thought to vulnerable. This way, the program can survive a hard drive purge or swap, since it exists on the computer’s non-volatile BIOS ROM chip.

As Trend Micro explains it:

“Three modules are first copied from an external source [..] to a file volume (FV) in the modified UEFI BIOS. Ntfs.mod allows UEFI BIOS to read/write NTFS file. Rkloader.mod then hooks the UEFI event and calls the dropper function when the system boots. 

The filedropper.mod contains the actual agents, which have the file name scout.exe and soldier.exe. This means that when the BIOS rootkit is installed, the existence of the agents are checked each time the system is rebooted.”

If the agent is missing, the malware will reinstall the scout executable. Anyone with a password-protected BIOS, however, will be protected against such an attack.

Thank you ZDNet for providing us with this information.

Android News App Used to Distribute Hacking Team’s Spyware

The massive (and wonderful) data theft from Hacking Team has revealed that Italian spyware maker was using a fake Android app as a backdoor method of distribution for its Remote Control System. The app, BeNews, which stole the name of a now-defunct news website to feign legitimacy, was uncovered by Trend Micro’s Wish Wu yesterday.

“We believe that the Hacking Team provided the app to customers to be used as a lure to download RCSAndroid malware on a target’s Android device,” writes Wu.

Wu reveals further details on the malicious app and which Android devices it can affect:

“The backdoor, ANDROIDOS_HTBENEWS.A, can affect, but is not limited to, Android versions starting from 2.2 Froyo to 4.4.4 KitKat. It exploits CVE-2014-3153 local privilege escalation vulnerability in Android devices. This flaw was previously used by the root exploit tool TowelRoot to bypass device security, open it for malware download, and allow access to remote attackers.

Looking into the app’s routines, we believe the app can circumvent Google Play restrictions by using dynamic loading technology. Initially, it only asks for three permissions and can be deemed safe by Google’s security standards as there are no exploit codes to be found in the app. However, dynamic loading technology allows the app to download and execute a partial of code from the Internet. It will not load the code while Google is verifying the app but will later push the code once the victim starts using it.”

Wu found the source code for BeNews within the 400GB of stolen data from Hacking Team, a company that has been hammered for its flagrant disregard for civil liberties and human rights. Following the breach, Hacking Team has taken a defiant stance, revealing that it intends to develop a new version of its Remote Control System spyware in order to resume what it describes as its “criminal and intelligence investigations.”

Thank you CSO for providing us with this information.

US Army and Law Enforcement Found Purchasing Italian Spyware

Leaked documents have revealed that US law enforcement agencies, including the FBI and DEA, and the US Army have been using an Italian-made spyware package to remotely control people’s computers, while also using it to monitor and record calls, e-mails, keystrokes, and visual information obtained from any connected webcams. The illuminatory documents, 400GB-worth, were dumped online by an anonymous hacker.

The malicious programs utilised were created by an Italian company called Hacking Team – notorious for its invasive surveillance technologies and considered an “Enemy of the Internet” by Reporters Without Borders – which has been pushing its wares to law enforcement and intelligence agencies across the US through practical demonstrations to a number of District Attorneys.

The documents show that the FBI has been using Hacking Team’s spyware since 2011, through its shadowy Remote Operations Unit, but has only rarely been cited in criminal court cases, one of which involved phishing a victim into clicking on a fake Associated Press article link. The FBI has also been found to develop its own spyware packages.

The DEA, after declining Hacking Team’s offer of spyware in 2011 on the grounds that it was “too controversial”, did purchase the malicious software in 2012, which it used in conjunction with Colombian law enforcement, with plans to expand its use across Latin America.

Though the US Army also purchased spyware from Hacking Team in 2011, for use out of Fort Meade, an internal e-mail included in the leaked documents admitted that “they purchased a system right before they got their budget cut…They were never given permission to pull an internet line to their office to install the system. (ridiculous but true!)”

In response to the revelations, Hacking Team spokesperson Eric Rabe said, “we do not disclose the names or locations of our clients” and “we cannot comment on the validity of documents purportedly from our company.”

Though the use of such software to spy on suspects could be legal in the US with the approval of a Judge, the kind of spyware developed by Hacking Team is considered highly unethical, and is akin to the human rights-infringing methods employed by the NSA during its PRISM program.

Thank you The Intercept for providing us with this information.