Government snooping, backdoors and #necessaryhashtags - Page 53

ewmayer · 2015-08-01, 22:01

Researchers Hack Air-Gapped Computer With Simple Cell Phone | WIRED

Quote:

The most sensitive work environments, like nuclear power plants, demand the strictest security. Usually this is achieved by air-gapping computers from the Internet and preventing workers from inserting USB sticks into computers. When the work is classified or involves sensitive trade secrets, companies often also institute strict rules against bringing smartphones into the workspace, as these could easily be turned into unwitting listening devices.

But researchers in Israel have devised a new method for stealing data that bypasses all of these protections -- using the GSM network, electromagnetic waves and a basic low-end mobile phone. The researchers are calling the finding a "breakthrough" in extracting data from air-gapped systems and say it serves as a warning to defense companies and others that they need to immediately "change their security guidelines and prohibit employees and visitors from bringing devices capable of intercepting RF signals," says Yuval Elovici, director of the Cyber Security Research Center at Ben-Gurion University of the Negev, where the research was done.

The attack requires both the targeted computer and the mobile phone to have malware installed on them, but once this is done the attack exploits the natural capabilities of each device to exfiltrate data.

All it takes is standard NSA-style supply-chain interdiction to preinstall the needed malware, and then even a pre-smartphone stupidCellPhone (or backpack-style dedicated receiver up to 30m away, likely farther with added refinements) suffices to snarf data.

I wonder how expensive it would be to retrofit existing building in order to use the rebar inside the reinforced concrete to turn the entire building - or perhaps just key parts of it - into a Faraday cage. And even if feasible, what kinds of continuous-power requirements would apply for such operation?

kladner · 2015-08-03, 05:56

What would power be needed for with regard to a Faraday cage? Doesn't it just shunt power around its interior?

EDIT: I suspect that the gaps in rebar are too large. It does depend on what frequencies you want to interdict.

xilman · 2015-08-04, 18:06

There is an absolutely fascinating process going on in das vierte Reich which I've been following for the last week or so. The latest development is that Germany's justice minister has demanded the sacking of the chief prosecutor.

Nick · 2015-08-05, 15:33

Quote:

Originally Posted by xilman

There is an absolutely fascinating process going on in das vierte Reich which I've been following for the last week or so. The latest development is that Germany's justice minister has demanded the sacking of the chief prosecutor.

Some background (from the 1970s but still relevant):
http://digitalcommons.law.yale.edu/c...ext=fss_papers

ewmayer · 2015-08-06, 01:59

Re. the Paul-linked shit-flinging (although it requires a non-grammatical extra 'n' to create a rhyming, 'Scheißenschmeißen' kinda has a nice ring to it) money snip for me is 'Critics have accused Mr Range of double standards, with the prosecutor earlier this year dropping an investigation into alleged tapping of Chancellor Merkel's phone by the the US National Security Agency over lack of evidence.' Seems to me they didn't look very hard for said evidence. But what they really need to do is to emulate the US and set up a secret court system with strictly one-sided argumentation to decide such tricky constitutional issues. It's all about 'modernization' of the judiciary, Germany!

=================

Shooting Down Drones - Schneier on Security

Note especially the commenter-linked wikipage 'Air Rights'. Using birdshot to bring down a peeping hoverdrone seems eminently justified to me - and if it causes damage or injury when it crashes to earth afterward, hold the operator liable. But of course neither our federal nor local governments will do any such privacy-must-have-primacy thing - as another reader notes, "They don't want to allow people to protect themselves from drones because they plan on ramping up the use of them.". Oh, and the 'requiring identifying markings' suggestion by the lawyer (Froomkin) is useless blahblahblah with respect to the kinds of drones which need to be shot down, and whose operators are almost by definition going to flout any such regulations.

Of course within not very many years these things are going to be first hummingbird and then bee-sized, and that ongoing miniaturization is gonna open a whole new can of worms. And yes, governments *will* be rushing to mass-deploy the mini ones for targeted assassination and even on the battlefield, which will raise an interesting conflict, because the most effective countermeasure at that point will likely be EMP weapons, which will fry all microelectronics in the vicinity, including those of the EMP users. I honestly hope I don't live long enough to see that nightmarish future come about.

xilman · 2015-08-06, 07:26

Quote:

Originally Posted by ewmayer

But what they really need to do is to emulate the US and set up a secret court system with strictly one-sided argumentation to decide such tricky constitutional issues. It's all about 'modernization' of the judiciary, Germany!

Presumably that would need a secret state police as well. Otherwise, how are they going to investigate alleged crimes?

Nick · 2015-08-06, 11:35

Quote:

Originally Posted by ewmayer

Shooting Down Drones - Schneier on Security

Alternative suggestion: if a drone is invading your privacy, just start watching a Hollywood movie. If the drone doesn't go away, you can then unleash the studios on the operator for illegal copying.

Xyzzy · 2015-08-17, 14:31

http://arstechnica.com/tech-policy/2...-surveillance/

Quote:

The cooperation involved a variety of classified programs that span decades, in one case more than 15 years before the September 11 terrorist attacks.

chappy · 2015-08-17, 16:16

Quote:

Originally Posted by Nick

Alternative suggestion: if a drone is invading your privacy, just start watching a Hollywood movie. If the drone doesn't go away, you can then unleash the studios on the operator for illegal copying.

Love it.

only_human · 2015-08-19, 05:47

How The LAPD Has Been Hacking Our Phones For Years

Quote:

The LAPD has had access to a device called a "dirtbox" for the past several years. This equipment allows them to intercept calls and text messages from numerous cellphones at once.

A "dirtbox" gets its name from the acronym of the company that makes them: Digital Receiver Technology, Inc., which is owned by The Boeing Co. These devices, which used by the military and the Justice Department, are also being used by police. Police departments in both Chicago and L.A. bought the equipment in 2005, according to an investigation by Reveal News. Los Angeles spent $260,000 on the equipment, using money from a homeland security grant to pay for the actual devices and a two-week training program on how to use it. Their reasoning was the same as it always is: to fight terrorism. Chicago, on the other hand, used funds from the controversial practice of asset forfeiture.

A dirtbox is something called a cell site simulator, and it works by mimicking a cell phone tower. Cell phones within range start using the dirtbox, and any information—voice calls, who you've called, texts, data you've sent—is intercepted and decrypted as it passes through. A dirtbox is capable of drawing from 200 cellphones at a time, and it can also jam signals. The Justice Department uses these devices, typically putting them on planes that U.S. Marshals fly around. In theory, if you're not a suspect, your phone information would be ignored.

Dirtboxes are similar to the Harris Corporation's StingRays, which the LAPD also employs, but dirtboxes are more powerful. Activist Freddy Martinez said a dirtbox is like a StingRay "on steroids."

ewmayer · 2015-08-24, 01:10

Anti-privacy unkillable super-cookies spreading around the world – study | The Register

Makes me glad I use an aged mostly-dumb phone, though I agree with the ending of the piece that doing *anything* on one's phone/webdevice without being tracked is likely going to become increasingly difficult, not just because telcos have a neverending appetite for all our potentially monetizable data, but because governments do, as well. On the government side of things (insofar as it differs from the corporate side), one sees continual encroachments on privacy in forms like 'trackable money' - paired with a continual push to make untrackable cash transactions either more difficult or outright illegal, on the pretext of 'keeping us safe' and 'fighting drug trafficking'. Various Euro countries now ban cash purchases in amounts above a mere few hundred Euros (and the limits keep getting lower), and in the US, in addition to the longstanding 'banks must report all cash transactions of $10000 or more to the government' rule, we now have the fun and profitable-for-law-enforcement sport of civil forfeiture, in which guilt is presumed and victims are forced to go to Kafkaesque (and very time-consuming and expensive) lengths to 'prove their innocence' for carrying amounts which are often quite a bit smaller. Ain't Freedom™ grand?

2015-08-03, 05:56	#574
kladner "Kieren" Jul 2011 In My Own Galaxy! 10011110101110₂ Posts	What would power be needed for with regard to a Faraday cage? Doesn't it just shunt power around its interior? EDIT: I suspect that the gaps in rebar are too large. It does depend on what frequencies you want to interdict. Last fiddled with by kladner on 2015-08-03 at 05:58

2015-08-24, 01:10	#583
ewmayer ∂²ω=0 Sep 2002 República de California 19·613 Posts	Anti-privacy unkillable super-cookies spreading around the world – study \| The Register Makes me glad I use an aged mostly-dumb phone, though I agree with the ending of the piece that doing anything on one's phone/webdevice without being tracked is likely going to become increasingly difficult, not just because telcos have a neverending appetite for all our potentially monetizable data, but because governments do, as well. On the government side of things (insofar as it differs from the corporate side), one sees continual encroachments on privacy in forms like 'trackable money' - paired with a continual push to make untrackable cash transactions either more difficult or outright illegal, on the pretext of 'keeping us safe' and 'fighting drug trafficking'. Various Euro countries now ban cash purchases in amounts above a mere few hundred Euros (and the limits keep getting lower), and in the US, in addition to the longstanding 'banks must report all cash transactions of $10000 or more to the government' rule, we now have the fun and profitable-for-law-enforcement sport of civil forfeiture, in which guilt is presumed and victims are forced to go to Kafkaesque (and very time-consuming and expensive) lengths to 'prove their innocence' for carrying amounts which are often quite a bit smaller. Ain't Freedom™ grand? Last fiddled with by ewmayer on 2015-08-24 at 01:10

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
I'm rich AND on a government check.	jasong	jasong	18	2013-08-12 18:21
How does proper government manifest in regulation?	cheesehead	Soap Box	10	2011-04-17 02:29

2015-08-04, 18:06	#575
xilman Bamboozled! "𒉺𒌌𒇷𒆷𒀭" May 2003 Down not across 2×5,393 Posts	There is an absolutely fascinating process going on in das vierte Reich which I've been following for the last week or so. The latest development is that Germany's justice minister has demanded the sacking of the chief prosecutor.

2015-08-06, 01:59	#577
ewmayer ∂²ω=0 Sep 2002 República de California 26577₈ Posts	Re. the Paul-linked shit-flinging (although it requires a non-grammatical extra 'n' to create a rhyming, 'Scheißenschmeißen' kinda has a nice ring to it) money snip for me is 'Critics have accused Mr Range of double standards, with the prosecutor earlier this year dropping an investigation into alleged tapping of Chancellor Merkel's phone by the the US National Security Agency over lack of evidence.' Seems to me they didn't look very hard for said evidence. But what they really need to do is to emulate the US and set up a secret court system with strictly one-sided argumentation to decide such tricky constitutional issues. It's all about 'modernization' of the judiciary, Germany! ================= Shooting Down Drones - Schneier on Security Note especially the commenter-linked wikipage 'Air Rights'. Using birdshot to bring down a peeping hoverdrone seems eminently justified to me - and if it causes damage or injury when it crashes to earth afterward, hold the operator liable. But of course neither our federal nor local governments will do any such privacy-must-have-primacy thing - as another reader notes, "They don't want to allow people to protect themselves from drones because they plan on ramping up the use of them.". Oh, and the 'requiring identifying markings' suggestion by the lawyer (Froomkin) is useless blahblahblah with respect to the kinds of drones which need to be shot down, and whose operators are almost by definition going to flout any such regulations. Of course within not very many years these things are going to be first hummingbird and then bee-sized, and that ongoing miniaturization is gonna open a whole new can of worms. And yes, governments will be rushing to mass-deploy the mini ones for targeted assassination and even on the battlefield, which will raise an interesting conflict, because the most effective countermeasure at that point will likely be EMP weapons, which will fry all microelectronics in the vicinity, including those of the EMP users. I honestly hope I don't live long enough to see that nightmarish future come about.