Current and Future Assessment of U.S U.K and German Cyber Intelligence and Cyber Surveillance Programs and Tradecraft - An Analysis

Spooked by evil aliens? Did the Klingons did it again? Worry about your latest and very greatest porn collection leaking online? Thinking about your IP (Intellectual Property) as if it were U.S National Security? Want to find a meaningful way to contribute to a bigger cause - The U.S Intelligence community. Keep reading.

In this rather long analysis I'll walk you though all the currently relevant U.S Intelligence Community Cyber Intelligence and Cyber Surveillance programs in non-alphabetical order with the idea to provoke a meaningful discussion on current tactics techniques and procedures courtesy of the U.S Intelligence community how you can protect yourself and most importantly how the U.S Intelligence community can "perform better" including practical software applications and services solution based recommendations for general users and organizations.

The data in this research has been obtained from Cryptome.org the Snowden archive and the Electrospaces.net research blog including the following archive.

For this purpose of this article I'll discuss the ABSOLINE EPILSON Top Secret and Classified program and use it as example into how modern cyber surveillance and eavesdropping courtesy of the U.S Intelligence Community and nation-state including rogue actors works for the purpose of establishing the foundations for a successful discussion on the basis of which I'll offer practical and relevant examples on the basics of how you can properly protect yourself from modern cyber surveillance and eavesdropping campaigns courtesy of nation-state actors including rogue actors.

Program name: ABSOLINE EPILSON - PDF - "This paper describes standard analysis techniques that have been used to both discover iPhone target end point machines and implant target iPhones directly using the QUANTUM system. It shows that the iPhone Unique Device Identifier (UDID) can be used for target tracking and can be used to correlate with end point machines and target phone. It highlights the exploits currently available and the CNE process to enable further targeting."

Current status: The current status of the program is active in terms of possible collerations between iPhone user ID's including an end user's end point Internet user activities in terms of traffic and Web site cookie acquisition for the purpose of interception profiling and active monitoring.

How it works: Every mobile has a unique ID? The problem? It tends to "phone back" to a manufacturers infrastructure and can be uniquely attributed to an end user including -- possibly -- to their end point potentially acting as the "weakest link" potentially exposing and end user's end point Internet activities to the U.S Intelligence community.

The digitally naughty part: Data colleration on a third-party device for the purpose of exposing the actual infrastructure behind the device including related end-points and related devices associated with the user in question - is nothing new. The digitally naughty part? It can be done - and the mobile device in question -- an iPhone -- in this particular case can be easily labeled as the "weakest link" in a possible corporate and end user private environment.

How you can make it work better: Shipping and delivery including supply chain infiltration tactics for the purpose of collerating unique mobile device IDs to a specific isn't new including possible "purchase-order-to-user-ID" colleration and data infiltration through basic social engineering and offensive CNO-based tactics. Potentially launching a targeted and geo-located phishing campaign on a per country city-basis could definitely lead to a positive results in terms of good old fashioned social engineering campaigns in terms of exfiltrating the necessary data including mobile device IDs including possible browser-based Web-based decoys for the purpose of further exposing an end user or an organization's private network and the necessary collerated end point devices.

• Target application-isolation software and service solution providers and owners - launching a variety of malicious and fraudulent potentially disruptive type of attack campaigns should be considered as as option for the purpose of ensuring that the project owner's time remains spend on fighting the malicious attacks including the eventual slowing down of the project development including the project's eventual shutdown. Possible portfolio of attacks might include online identity discrimination including spear phishing campaigns DDoS attack campaigns including possibly mail-flood attacks including possibly TDoS (Telephony Denial of Service attacks) against a variety of tailored and predefined project owner's contact points.
• Develop an internal bug-bounty program for sand-boxing and application isolation software and service providers - crowd-sourcing the bug bounty through public and official channels including the possible outsourcing of the bug hunting process through third-parties while offering the necessary financial incentives might be the best approach to undermine the credibility of the project including the actual owner's credibility and reputation to maintain and operate the project.
• Aim to wage disruptive warfare against private project owners - it should be clearly noted that modern Intelligence Agencies have the capacity to wage disruptive warfare against private project and software owners using a variety of means which include a variety of technical and human-oriented online disruption tactics which should be easily considered as a threat to the project and software owner's existence where the appropriate measures to protect their online assets should be taken into consideration
• Passively measuring and estimating product market-share for Targets of Opportunity - modern Intelligence Agencies have the potential to easily measure the product or project that also includes the software's market share in an attempt to better position a disruptive campaign targeting the project owner including the software owner in a variety of ways and positioning the project owner including the actual software owner as a Target of Opportunity to participate in related mass surveillance and eavesdropping campaigns

How you can take measures to protect yourself: Consider obtaining one of the following "stripped" mobile devices in terms of hardened mobile OS offering in-depth and multi-layered security and privacy protection features for the purpose of bypassing wide-spread surveillance techniques and techniques. Ensuring that you possess a "stripped" mobile device is crucial for ensuring the necessary degree of personal privacy to stay ahead of current and emerging Cyber Threats including wide-spread privacy violations courtesy of the U.S Intelligence Community and various other nation-state and rogue actors including cybercriminals.

On the majority of occasions modern cyber surveillance and eavesdropping campaigns on passive or active SIGINT which has to do with legal and passive lawful surveillance techniques which also includes offensive techniques such as for instance direct attempts to interact with someone's online infrastructure in place for the purpose of compromising and obtaining direct access to their digital assets including personal information.

Among the first things that a concerned user should take into place would be to ensure that a proper network security is taking place going beyond your ISP's supplied network router which "definitely" comes with a built-in antivirus and anti-malware solution in place in particular the use of pfSense which offers advanced and market relevant security and IDS/IPS (Intrusion Detection System and Intrusion Prevention System) including build-in sophisticated malicious Web site blocking features which also includes a modern and relevant geolocation-based security solution in place. The same goes for Cisco Firepower ASA which is a highly recommended and market relevant network-based protection including IDS/IPS solution in place. Both devices are easily adoptable and a cost-effective solution for basic network level protection mechanisms that can greatly assist against widespread nation-state surveillance and eavesdropping including active computer network exploitation (CNE) attempts.

Among the key benefits of using such type of device would be to ensure that no incoming traffic is allowed to enter the network using a basic network level access policy which has the potential to greatly mitigate a huge number of attack campaigns including active network reconnaissance campaigns. The second logical approach would be to utilize publicly accessible that also included proprietary sources of real-time threat intelligence information for the purpose of ensuring that current and emerging threats are properly taken care of such as for instance publicly accessible Web site blocking and URL reputation lists that also included proactive and reactive solutions as for instance Snort which offers a pretty good coverage of current and emerging cyber threats that also includes a variety of high-profile and relevant network-based including DoS (Denial of Service) and network reconnaissance type of threats. 

It should be clearly noted that both the public and free instance of Snort offers an in-depth network-based and sophisticated current and emerging threats type of protection and that the rule set gets properly updated on a daily basis with relevant signatures for a variety of threats which should be considered as a must use including Cisco's proprietary Snort rule set which also gets updated on a periodic basis which also includes that use of Cisco's Threat Grid in terms of offering real-time protection against current and emerging threats including the geolocation-based firewall which basically allows a user to only allow access to a specific country's online assets and to also deny access to the majority of countries internationally potentially mitigating a possible breach and intrusion scenario where an attacker would attempt to phone back and actually attempt to access the compromised network which is a where a geolocation based firewall comes into play properly protecting a network and its infrastructure from possible leaks and malicious software attempting to phone back including possible IP (Intellectual Property) leaks which could easily allow a nation-state or a sophisticated online to easily map and attempt to build a bigger picture in terms of a company or an end user's online activity for the purpose of establishing the foundation for successful and related type of malicious attack campaigns launched against a specific network or an end user.

Among the basic principles that should drive an individual or an organization that seeks to protect itself from modern nation-state or rogue actors type of threats should include the use of community driven and basically commercially free services and products which also include the use of Snort including the use of Cisco's global threat intelligence grid for the purpose of preventing and responding to modern cyber attack outbreaks including currently active and live threats.

Yet another highly recommended and extremely relevant in  terms of proactive and reactive protection feature courtesy of Cisco's Firepower ASA appliance is the Botnet Traffic Filter feature which offers an additional set of botnet traffic mitigation features which basically protects a compromised network from possible data leaks and possible attempts for the malicious software to actually phone back to a rogue and malicious infrastructure.

For users interested in protecting their mobile device from possible mass surveillance and eavesdropping campaigns there are several scenarios which should be considered such as for instance the use of VPN on a mobile device including actual real-time and email communication which should be properly encrypted using for instance PGP including modern real-time communication protections mechanisms such as for instance the use of XMPP/Jabber's OMEMO real-time encryption feature including the use of stripped and proprietary mobile devices which greatly mitigate the threat posed by modern mobile malware in the context of using a proprietary operating system which often offers an additional layer of security and privacy for the user.

Recommended "stripped" mobile devices to use potentially preventing widespread surveillance efforts including personal privacy violations:

• "Stripped" mobile device with hardened security and privacy-aware mobile OS
• "Stripped" mobile device with hardened security and privacy-aware mobile OS 01
• "Stripped" mobile device with hardened security and privacy-aware mobile OS 02
• "Stripped" mobile device with hardened security and privacy-aware mobile OS 03
• "Stripped" mobile device with hardened security and privacy-aware mobile OS 04
• "Stripped" mobile device with hardened security and privacy-aware mobile OS 05
• "Stripped" mobile device with hardened security and privacy-aware mobile OS 06
• "Stripped" mobile device with hardened security and privacy-aware mobile OS 07
• "Stripped" mobile device with hardened security and privacy-aware mobile OS 08
• "Stripped" mobile device with hardened security and privacy-aware mobile OS 09
• "Stripped" mobile device with hardened security and privacy-aware mobile OS 10

The next logical step would be to ensure that the metadata on the device in terms of Web browsing including possible public and proprietary service use is properly obfuscated. Among the primary concerns whenever you choose to obfuscate a particular set of data would be possible supply-chain infiltration on behalf of the U.S Intelligence community in particular purchase orders that would further allow me to collerate and potentially identify a particular end user based on the actual supply-chain infiltration. One of the primary concerns in today's modern Internet world largely dominated by wide-spread surveillance courtesy of the U.S Intelligence Community including rogue and potentially malicious actors including nation-state and cybercriminals is the direct exposing of an individual's private network including possible collerated-based events that could potentially identify and track down a particular individual. 

In terms of mobile device obfuscation the end user is largely advised to take advantage of personal firewall for the purpose of monitoring outgoing and incoming connections on the device in particularly blocking all-incoming connections and closely monitoring outgoing connections. Furthermore, what an end user can potentially do in terms of hardening their mobile device is to ensure that it does not leak back any internal IP addresses including possibly the device MAC address potentially exposing the device user's internal and private network potentially falling victim to "ABSOLINE EPILSON" type of end point and mobile device targeting type of attacks and campaigns courtesy of the U.S Intelligence Community including other rogue factors including nation-state actors and cybercriminals in general. How you should proceed in order to archive this process? Keep reading.

Next to the general use of "stripped" mobile devices end users should also consider the following highly recommended tactics techniques and procedures for the purpose of protecting their IP (Intellectual Property) including their mobile device and end point device's confidentiality availability and integrity:

• WebCRT - Among the most common privacy-exposing scenarios in terms of "ABSOLINE EPILSON" remains the active utilization of unsecure browsing habits namely a misconfigured browser in terms or browser extension including the newly introduced "local IP exposing" WebCRT feature found in a variety of browsers. What should end users better do to protect their local IP including adding additional privacy and security features to their browser? Keep reading. The first thing a user should ensure from a network-based perspective is that their browser fingerprint remains as private as possible including the inability of the U.S Intelligence Community.
• Personal Host Based Firewall - the first thing to look for in a personal firewall is a bi-directional firewall functionality allowing you to block all incoming traffic and successfully allowing you to allow all ongoing traffic based on a variety of rules including possible white-listing. The next logical step would be to implement basic ARP-spoofing prevention solution for the purpose of ensuring that your ISP including VPN provider cannot perform basic ARP-spoofing attack campaigns which could compromise the confidentiality of the targeted host and expose to it a multitude of network-based attack deception attack campaigns.

• HIPS-based firewall - a decent and highly recommended solution to protect end points from malicious software including web-based client-side exploits who might attempt to drop malicious software on the affected hosts include the use of host-based intrusion prevention system which has the potential to stop a wide variety of threats that have the potential to expose an end point to a multi-tude of malicious software such as for instance the use of Comodo Firewall which is a highly relevant and recommended solution for a huge number of end points in terms of offering advanced and sophisticated malware protection mechanisms.
• Basic Network Deception - it should be clearly noted that every network is a subject to possibly compromise including automated and targeted attacks which could be easily prevented and actually allow a network operator or a network user to gather the necessary cyber attack information which could easily offer an in-depth peek inside the activities of the cyber attacker in particular the type of information that they're interested in obtaining. Case in point would be the use of a proprietary network-based deception appliance such as for instance Thinkst Canary including the use of the Nova Network Deception Appliance which empowers a network operator with a sophisticated network deception techniques which allows them to trick a cyber attacker into falling victim into a rogue network-based assets with the actual network operator in a perfect position to gather intelligence on the real intentions of the cyber attacker while properly protecting their infrastructure from malicious attackers

• Custom-Based DNS-based DNSSEC-based servers with no logs policy - worry about the U.S Intelligence Community and your ISP eavesdropping on your traffic and Web browsing history potentially launching man-in-the-middle attacks? Consider utilizing basic free privacy-conscious DNS service provider with DNSSEC-enabled no-logs policy such as for instance - DNS Watch - which you can freely use without worry that your Web browsing history and DNS request history will be logged and potentially abused. A possible logical recommendation in the context of improving an end-point's in-depth security strategy might be the utilization of the so called protective DNS which offers an in-depth protection techniques and is often available online for free. Case in point is the use of Cisco's Umbrella solution which offers an in-depth protection mechanism and is available to end users and organizations online for free.

Windows-based users should definitely consider using and learning how to use the Advanced Tor Router application which basically offers a diverse set of unique privacy-enhancing and privacy-preserving featuring while utilizing the Tor Network further ensuring and offering a free solution for end users interested in preserving their Web browsing activities including possible network-wide Tor Network adoption on per OS and on per application-based basis. What does this application has to offer in terms of unique privacy-preserving features? Basically it offers a variety of unique and never presented or discussed before type of Tor-Network and end-point privacy-enhancing or preserving features further ensuring that the end user will remain properly protected from sophisticated network-based and client-based type of attack campaigns potentially aiming to identify and expose their identity. What's worth emphasizing on in terms of the application is the unique set of privacy-preserving and oriented client-side feature in terms of possibly privacy-oriented and secure browsing experience.

Sample Screenshot of the Privacy-Preserving Browser-Based Advanced Tor Router features:

• Anti-forensics - it used to be a moment in time when users were primarily concerned with their browsing habits and use of online resources which is where specific browsers that don't log anything on the hard drive come into play. A possible solution and recommendation here include the use of the Sphere anti-forensics browser which doesn't log anything on the hard drive and should be considered as a decent anti-forensics solution for anyone who's interested.
• VeraCrypt containers - a proper full-disk encryption solution should be taken into consideration in case the user wants to protect their information and intellectual property from physical type of attacks that also includes the use of Virtual Desktops with built-in security and privacy mechanisms in place such as for instance the use of Comodo Secure Desktop
• Application isolation - it should be clearly noted that a modern and in-depth defense strategy should include the use of application sandboxing solutions which has the potential to prevent a huge number of client-side based exploitation attempts including to actually protect an end user from a variety of Web based client-side exploits serving threats such as for instance the use of Sandboxie which is a free solution that actually works and has the potential to prevent a huge number of Web based threats that expose users to a variety of threats
• Hardware-Based Isolation - a proper network based strategy should consist of a basic hardware-isolation methodology where for instance malicious attackers would have hard time trying to penetrate and compromise due an additional level of hardware-isolation applied methodologies and techniques
• Whitelisting - although this approach has been widely discussed throughout the years it should be clearly noted that modern anti-malware solutions should be also providing a possible application whitelisting feature where users should only whitelist a basic application which would allow them to still perform their activities and basically block and prevent and execution of related applications

Sample tips for the purpose of ensuring a proper and secure installation of end-point security solutions include:

• always password-protect your end-point software including possibly ensuring that the end-point security software can self-protect from having it shut down
• always ensure that a manual update is properly taking place compared to automatic updates which leaves a window of opportunity for a possible network traffic colleration including possibly rogue and bogus update entering your network
• ensure that you're not utilizing the cloud-database feature for the purpose of looking up your Web browsing history including possible host-based application execution which could lead to a possible data and end-point inventory colleration which basically leaves you with a properly secured "stripped" security solution that you can use to properly secure your end-point without the risk of having your Web browsing history exposes including your end-point application inventory which could lead to possible fingerprinting and inventory-mapping which could lead to possible targeted attacks

What would be an appropriate choice for a VPN-provider basically offering the necessary peace of mind in terms of network-based connectivity with privacy-enabled solutions in mind in terms of possible no-logs policy including related value-added features further enhancing the necessary privacy-based no-logs policy in today's modern Internet World with widespread surveillance and privacy-violations courtesy of the U.S Intelligence Community and various other rogue actors including nation-state and cybercriminals in general? Keep reading.

The next logical step would be to stay away from mainstream mobile devices citing potential Security and Privacy in mind including the use of a properly selected VPN service provider for the purpose of applying basic traffic obfuscation techniques including end-point network isolation in this particual context the end user and the organization should definitely look forward to implement a possible VPN provider actually "mixing" public legitimate jurisdiction-aware infrastructure with privacy-aware public or proprietary network technology - in this particular case VPN2Tor type of technology.

Mainstream VPN provider as an entry point to a proprietary hardened and privacy-features tailored network - such as for instance the Tor network - NordVPN is a highly recommended solution against "ABSOLINE EPILSON" type of end-point colleration-based targeting type of attacks. What do I have in mind? Basically the off-the-shelf commercial vendor is also currently capable of offering VPN2Tor type of access which basically offers a variety of privacy-enhancing features which basically can offer stealth and commercially-relevant solution which basically combines VPN functionality with access to the Tor Network which basically offers a high-degree of security and anonymity which can be used to protect against "ABSOLINE EPILSON" type of attacks in terms of traffic and geographical location deniability including possibly offering limited data-colleration capabilities on behalf of U.S Intelligence Agencies.

A proprietary off-the-shelf VPN service provider basically taking you a step higher in preserving your online privacy by introducing and actually providing a unique set of no-logs jurisdiction-aware type of encryption-protocols and basic traffic-mixing tactics and strategies - Cryptohippie.

Want to find out more? Are you interested in a possible evaluation of your organization's Security Project or Security Product in terms of a Security Assessment or a possible OPSEC (Operational Security) based Privacy Features Evaluation? Interested in inviting me to speak at your event including possible sensitive and classified project involvement?

Feel free to reach me at dancho.danchev@hush.com

Stay tuned!

Continue reading →

Subscribe today!

Dear blog readers,

Surprise, surprise. After a decent period of time while I was busy working on several high-profile personal projects I can finally let everyone know that I've just joined forces with team Box.sk the original owner of the infamous astalavista.box.sk search engine for cracks and serials and that I've launched a high-profile blog on the Box.sk domain including several high profile upcoming Hacking Security and Privacy projects.

How you can help? Bookmark the blog today and consider giving me a hand with building a high-profile Newsletter of friends and colleagues and blog readers by subscribing here.

Stay tuned! Continue reading →

Join me on Medium!

Dear blog readers,

I wanted to let everyone know that I've recently joined Medium and that I intend to post a variety of editorial type of articles on a daily basis including the fact that I was recently featured as a Top Writer in Privacy.

Missing the editorial? Consider going through my old ZDNet Zero Day Blog content archive including the following recently published editorial type of articles on Medium:

• Assessing U.S Military Cyber Operational Capabilities to Counter Pro-ISIS Internet Infrastructure
• My Involvement in the Top Secret GCHQ “Lovely Horse” Program and the Existence of the Karma Police
• Kaspersky’s Antivirus Products the NSA and U.S National Security — An Analysis
• Assessment of U.S Intelligence Community Cyber Surveillance Programs and Tradecraft — Part One
• How the NSA utilized Iranian Cyber Proxies To Participate in the BOUNDLESS INFORMANT Program?
• Exposing GCHQ’s Top Secret “GORDIAN KNOT” Cyber Defense Sensor Program — An Analysis
• Exposing GCHQ’s URL-Shortening Service and Its Involvement in Iran’s 2009 Election Protests

Stay tuned! Continue reading →

Big Brother in the Restroom

Wikes! This is nasty, and while the porn industry has commercialized the idea a long time ago, I never imagined the levels of crime in public restrooms would "reach" levels requiring CCTVs to be installed -- if there's so much vandalism going on in public restrooms, these will definitely get stolen as well, picture the situation! Norway installs surveillance cameras in park restrooms.

Hint : once you get involved in the CCTV irony, I say irony mainly because the dude behind the 40 motion detection and face recognition wall is having another CCTV behind his back, you end up spending tax payers money to cover "blind spots", and end up with a negative ROI while trying to achieve self-regulation, if one matters!

Surveillance and Society's journal still remains the most resourceful publication on surveillance studies and its impact on society.

Further reading and previous cases:
The Hidden Camera
Iowa Judge Says Hidden Restroom Camera Case Can Proceed to Trial Continue reading →

World's Internet Censorship Map

While it seems rather quiet on the Internet's censorship front, the media coverage on the topic represents a cyclical buzz that reemerges with the time.

Thankfully, initiatives as the OpenNet one, and organizations such as Reporters Without Borders never stop being the society's true watchdogs when it comes to Internet censorship. ONI's neat visualization of the Internet filtering map is a great way of pin pointing key locations, and provide further details through their in-depth reports, take a look for yourself!

Censorship is capable of running entire governments, maintaining historical political power, and mostly ruling by "excluding the middle". Recently, two of China's leading Internet portals were shut down due to maintenance issues acting as the excuse for improving their filtering capabilities. Reporters Without Borders conducted an outstanding analysis of the situation, coming to the conclusion "that the search engines of China’s two leading Internet portals, Sina and Sohu, after they were shut down from 19 to 21 June for what they described as a “technical upgrade” but which in fact was designed to improve the filtering of their search results."

What is Google up to? Making business compromises in order to harness the power of the growing Chinese Internet population. And while the Wall is cracking from within, the world is also taking actions against the fact that there're currently 30 journalists behind bars in China. Continue reading →

All Your Confidentiality Are Belong To Us

The proof that commercial and open source encryption has surpassed the technologies to police it, or the idea that privacy and business growth as top priorities would ruin the whole initiative?

"The Government has launched a public consultation into a draft code of practice for a controversial UK law that critics have said could alienate big business and IT professionals. Part III of the Regulation of Investigatory Powers Act 2000 (RIPA) will, as it stands, give police the authority to force organisations and individuals to disclose encryption keys. The Government issued the public consultation on the code of practice for Part III, which will regulate how police and the courts use powers under the legislation, on Wednesday."

It would be interesting to see how they would initiate the response from individuals, without raising the the eyebrows on the majority of civil liberties watch dogs out there and, of course, businessess. That's of course, assuming they use encryption at the first place. Could be much more "wiser" to take advantage of covert practices to obtain the necessary information, instead of "forcing" this measure -- detecting encrypted/covert communication channels is another topic. Moreover, compared to the Australian police whose capabilities of obtaining information on criminals include the use of spyware is a bit contraversial, but adaptave approach.

If national infrastructure security matters, have individuals and enterprises personally take care of their security and encryption keys, promote data encryption, instead of dictating the vibrations by slowing down the basics through such laws. Continue reading →

Pocket Anonymity

While the threats posed by improper use of removable media will continue to make headlines, here's a company that's offering the complete all-in-one pocket anonymity solution -- at least that's how they position it. From the article :



"Last month, a company called Stealth Ideas Inc. of Woodland Hills, Calif., came out with its StealthSurfer II ID Protect. The miniature flash drive lets you surf anonymously from any computer using an integrated browser that runs in an encrypted mode. It comes loaded with several tools, including Anonymizer Anonymous Surfing 1.540 (which has IP masking), RoboForm Pass2Go 6.5.9 (a user ID/password management application) and Thunderbird 1.0.7 (for e-mail access). But before you buy, check to see if the company has upgraded its browser, which, according to company officials at the product’s launch, is Firefox 1.5.0.1. US-CERT and others have warned about significant vulnerabilities in certain versions of Firefox (and Thunderbird, for that matter). The version available as of press time, Version 1.5.0.2, addresses those flaws."



Is the Anonymizer behind the idea, or is it a middleman trying to add value to the Anonymizer's existing offer, and harness the brand powers of Firefox and Hushmail all in one? Wise, but the entire idea of anonymity is based on the Anonymizer's service, when anonymity still can be freely achieved to a certain extend. Very portable idea, the thing is there are already free alternatives when it comes to pocket anonymity and that's TorPark: Anonymous browsing on a USB drive, and I think I can live without the enhancements. Continue reading →

Snooping on Historical Click Streams

In a previous post "The Feds, Google, MSN's reaction, and how you got "bigbrothered"? I gave practical advices on how can easily do your homework on the popularity of certain search terms and sites, without the need of issuing a subpoena. The other day, AlltheWeb (Yahoo!) introduced their Livesearch feature, seems nice, still it basically clusters possible opportunities. Now the interesting part, on the next day Google launched Google Trends which is :



"builds on the idea behind the Google Zeitgeist, allowing you to sort through several years of Google search queries from around the world to get a general idea of everything from user preferences on ice-cream flavors to the relative popularity of politicians in their respective cities or countries."

This is what I've been waiting for quite some time, and you can easily make very good judgements on key topics based on regions, languages, even cities -- marketers get yourself down to business!



Antivirus, Malware, Spyware, NSA, Censorship, Privacy



What's next, the rise of MyWare and its integration on the Web? Give a try to Yahoo!'s Buzz, and PacketStormSecurity's instant StormWatch as well. Continue reading →

Wiretapping VoIP Order Questioned

There's been a lot of buzz recently on the FCC's order requiring all VoIP providers to begin compliance with CALEA in order to lawfully intercept VoIP communications by the middle of 2007 . Yesterday, a U.S judge seems to have challenged the order, from the article :



"The skepticism expressed so openly toward the administration's case encouraged civil liberties and education groups that argued that the U.S. is improperly applying telephone-era rules to a new generation of Internet services. "Your argument makes no sense,'' U.S. Circuit Judge Harry T. Edwards told the lawyer for the Federal Communications Commission, Jacob Lewis. ''When you go back to the office, have a big chuckle. I'm not missing this. This is ridiculous. Counsel!' The Justice Department, which has lobbied aggressively on the subject, warned in court papers that failure to expand the wiretap requirements to the fast-growing Internet phone industry ''could effectively provide a surveillance safe haven for criminals and terrorists who make use of new communications services.''



What's worth mentioning is that on a wide scale VoIP services are often banned in many countries, ISPs don't tend to tolerate the traffic which on the other hand directly bypasses their VoIP offers, and even China, one of the largest telecom market continues to have concerns about VoIP. Companies also seem to be revising their practices while trying to block Skype, among the most popular VoIP applications. Rather interesting, T-Mobile just announced that it would ban VoIP on its 3G network, but is it inability to achieve compliance or direct contradiction with their business practices?


Whatever the reason, VoIP communications aren't everyone's favorite, but represent a revolution in cheap, yet reliable communications. The more easily a network is made wiretap-ready, the easier for attackers in both, the short, and the long-term to abuse the backdoored idea itself, so don't. You can actually go through the 2005's Wiretap Report and figure out the cost of wiretapping, limiting it by promoting insecure networks isn't going to solve anything, given you actually know what you're looking for at the bottom line.



Image courtesy of EFF's "Monsters of Privacy" Animation.



Related resources :
VoIP, FCC, CALEA
Communications Assistance for Law Enforcement Act and Broadband Access and Services
Secure VoIP - Zfone
Sniffing VoIP Using Cain
Oreka VoIP Sniffer Continue reading →

The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking

I've once mentioned various privacy issues related to mobile devices, the growing trend of "assets tracking", and of course, cell phones tracking. Yesterday I came across to great summary of the current situation -- privacy groups make a point of it. From the article :



"Real-time tracking of cell phones is possible because mobile phones are constantly sending data to cell towers, which allows incoming calls to be routed correctly. The towers record the strength of the signal along with the side of the tower the signal is coming from. This allows the phone's position to be easily triangulated to within a few hundred yards. But the legal grounds for obtaining a tracking order is murky -- not surprising since technology often outpaces legislation. The panel agreed that Congress should write rules governing what level of suspicion cops need to have before tracking people through their cell phones."



While on the other hand, there's also an ongoing commercialization of the service by the industry itself, if the government were to start using practices like these with grey subpoenas, it would undermine the customers' trust in the industry and BigBrother is going to get even bigger. Enthusiasts are already experimenting with DIY cell phone tracking abilities, so if you worry about being tracked through your phone, you should also start worrying about having an extra one in your bag. Physical insecurities such as digital forensics on cell phones, even counter-offerings are today's reality, while flexible lawful wiretapping may still be taking one way or another -- I guess the NSA got all the attention recently, with their domestic spying program.



As the Mindmaker pointed out, we must assume that we are trackable wherever we go, but I think this dependence would get even more abused in the future by the time proposed laws match with the technology. Continue reading →

Biased Privacy Violation

This is a very interesting initiative, going beyond the usual MySpace's teen heaven privacy issues, but directly exposing the mature audience in a way I find as a totally biased one. Girls writing stories on men that supposedly chated on them. DontDateHimGirl.com aims to :



"DontDateHimGirl.com is an online resource for women who have shared the experience of dating a no-good man! Browse our search engine of alleged cheaters, liars and cads right now! This controversial site has been featured on MSNBC, the Today Show, ABC News, CNN and Entertainment Tonight! There is finally a way for women to check a guy out BEFORE dating, marrying or otherwise committing to him! Warn other women about the men who have cheated, lied or used you! Register and become a member today! You'll receive our free newsletter and other valuable goodies! It's fast, easy and best of all, it's free! You'll be doing your sisters around the world an invaluable service! Don't Date Him Girl!"



Basically stuff like, "post a cheating man", "search for a cheating man", or browse through the 3593 ones already "categorized" as cheaters with personal stories and photos whenever available. What I feel they shouldn't do, is aggregate that kind of community powered personal details for third-parties, and making it searchable. Some stories are pretty fun and average enough to make you think :



"Quite a charmer in the beginning, as all guys tend to be. Called me beautiful, gorgeous.. kissed my forehead.. He did all the right things. He could do no wrong. We "dated" for a good 6 months, and things seemed to be going good. He was the love of my life. Lots of firsts with him, then he did a total 180. He stopped calling and didn't respond to my phone calls and/or messages. I was so distraught. I thought I did something to fuck things up. "



Perhaps she did, didn't she?! Still, that's entirely between them given they actually respect each other.


Don't get me wrong, there are pathological polygamists, but what's next, Local Google Maps to pin point the cheating areas around town?



To balance the powers, and make it even worse there's even a DontDateHerMan.com coming along, but try not to bring your personal life stuff to such an end, or is it just me? :) Continue reading →

April's Security Streams

Hi folks, it's about time to quickly summarize April's Security Streams. As of today, my blog is officially six months old and the feeling of witnessing change and improvements has always been a pleasant one. Blogging "my way" takes a lot of time, that is, posts going beyond "preaching" but emphasizing on "teaching", a little bit of investigative research, full-disclosure, and constructive key points on emerging or possible future trends related to infosec. Thanks for everyone's feedback, and actually reading not just going my posts as far as the average visitors' time spent is concerned!



1. "Wanna get yourself a portable Enigma encryption machine?"Already sold, but auctioned on Ebay, it's remarkable how the seller managed to preserve an original Enigma in such a condition, and the bids were worth it!



2. "The "threat" by Google Earth has just vanished in the air" Coming across Microsoft's Windows Live Local Street-Side Drive-by provoked contradictive thoughts, so I've decided to sum up recent ideas on the issue. The use of public satellite imagery for conducting OSINT is inevitable, while on the other hand the providers are simply making the world a smaller place. It is also questionable whether potential terrorists are "abroad" or within the countries themselves, that is knowing each and every corner of a possible "attack location", but with the ability to syndicate and share maps it would be naive not to think that they way you chat, they also do, and the way you plan activities while "zooming-out", they also do. At the bottom line, snooping from above might actually deal more with self-confidence than anything else. Have an opinion? Feel free to comment on the topic



3. "Insider fined $870" Virtual worlds are emerging and so are security techniques to steal someone's sword, be it through insiders, phishing, or trojan horse attacks. What's important to keep in mind when it comes to insiders is that on the majority of occasions you're are never aware that there's an ongoing potential breach on its way, and moreover, that the quantitative losses due to insiders are totally based on a company's sales projections, rather than successfully (if one can) measuring the value of intellectual property



4. "Securing political investments through censorship" We constantly talk on how the Internet is changing our daily lifes, our attitudes, and giving us the opportunity to tap into the biggest think-tank in the world -- on the majority of occasions for free. Internet censorship is still a very active practice by well-known regimes, while this post was trying to emphasize on the current situation - securing political investments through censorship



5. "Heading in the opposite direction" Companies and financial institutions are the most often targets of phishing attacks, and it's getting hard for them to both, convince their users and society that they're working on fighting the problem, and most importantly where's the real problem and how to fight it. In this post, I try to emphasize that building communications over a broken channel Bank2Customer over email is the worst possible strategy you could start executing. The irony in here is how in the way both, phishers and any bank in question may sometimes be using images stored on the banks server -- altogether!



6. "IM me" a strike order" It's a common myth that the military have came up with a Über secret and secure communications network, going beyond the Internet. And while there're such, they all suffer the same weakness, lack of usability, and budget deficits compared to IP based communications, that is the Internet. The post goes through research surveys on IMs in the military, and tries to bring more awareness on how age-old IM threats can easily exploit military IM communications as well



7. "Catching up on how to lawfully intercept in the digital era" On as daily basis we discuss security breaches, threats, privacy violations, whereas constantly misses the fact that there's a practice called lawful interception, namely that even if the NSA's domestic spying program got so much attention and concerns, it doesn't mean they aren't going to continue keeping themselves up-to-date with what is going wherever OSINT, SIGINT and HUMINT are applicable. The bottom line is that a person behind a CCTV camera's network is also under surveillance, so I advise you go through a very good resource on the topic, the Surveillance and Society Journal



8. "On the Insecurities of the Internet" IP spoofing by default, DNS and BGP abuses, Distributed Reflection Denial of Service Attacks, are among the ones worth mentioning, while perhaps the biggest insecurity lies in the fact that the Internet we're all striving to adapt for E-commerce and E-business, was developed as a scientific network we got used to so fast



9. "Distributed cracking of a utopian mystery code" Continuing the "distributed concepts" series of posts, this one deals with virtual worlds, and a wise idea on how to keep the players coming back for more -- let them even bruteforce the next part of the puzzle



10. "Fighting Internet's email junk through licensing" China's Internet population is about to surpass the U.S one and it would continue to grow resulting in China becoming the "novice" king of insecure networks. Trying to centrally control spam, they you can control the flow of traffic going out and coming in the country is a typical, but weak approach that could have worked years ago as no one needs a mail server to generate spam of phishing attacks these days. In respect to their concerns of users learning more about infosec, in China a cyber dissident is a heroic potential hacker, one that can easily bypass the Great Firewall and spread the word on how it can be done. As a matter of fact, PBS has done an outstanding job in their Tank Man episode, and while many considered the Chinese students' inability to recognize the infamous photo, what they were actually afraid of is showing a face-gesture that they indeed recognized it -- as they did of course.



11. "Would somebody please buy this Titan 1 ICBM Missile Base?" I think the buyer of this base should have better though of what he's buying, or let's just say how on Earth was he expecting to break-even given he missed the post-cold war momentum itself? It's indeed once in a lifetime purchase that you would think twice before not purchasing, and so I hope the auction would continue to attract visitors the way it is -- high-profit margins whenever the momentum is lost is a "lost case" by itself



12. "Spotting valuable investments in the information security market" An in-depth post on current market and vendor trends, as well as more info on the, now fully realistic acquisition of SiteAdvisor my McAfee, something I've blogged about in January. It's great to know that both parties came across the posts themselves, and to witness how such a wide-scale community power, but still backed by technology, startup got so easily acquired. What the acquirer must now ensure, is that it doesn't cannibalize the culture at SiteAdvisor -- every day is a startup day for us type of attitude is a permanent generator of creativity and attitude



13. "Digital forensics - efficient data acquisition devices" A resourceful post mentioning on the release of the CellDEK, no, it's not a portable DJs one, but a acquisition device detecting over 160 cell phone models and having the capacity to simultaneously acquire it from numerous devices all at once. Virtual cyber crime is all about quality forensics, whereas different legislations and approaches for gathering and coordinating such data across various countries remains a problem



14. "The anti virus industry's panacea - a virus recovery button" Try to get this on the Super Bowl and watch a generating falling for the lack of complexity in this "solution". Gratefully, I got many comments from readers with cheers on mentioning this and how useless the button is at the bottom line



15. "Why's that radar screen not blinking over there?" Quite some sites picked up the story, yet we can always question, and than again, so what? In a crucial situation a scenario like this could prove invaluable for the final outcome, but right now it's just a PR activity from the other side of the camp. Symmetric warfare is a tangible defense/offensive concept, whereas asymmetric warfare is fully capable of balancing powers -- to a certain extend as no matter how much NCW you put on the ground, you would still need "tangible" forces on the finish line



16. "25 ways to distinguish yourself -- and be happy?" A little bit of self-esteem is never too much and that's what these series can help you with



17. "Wild Wild Underground" An in-depth summary of some findings I intended to post for quite some time, but didn't have the time to. If you just take yourself some time to rethink over, you would hopefully realize that a guy like this is capable of recruiting people who actually come up with their own algorithms -- beyond their will in one way or another. Moreover, responding to comments I received, of course I did report the links, which are now down, as well as some of the forum posts I managed to digg. Ryan1918 is rather active though



18. "In between the lines of personal and sensitive information" Government reclassification of documents isn't the most pragmatic way, as these have already been online once, therefore someone out there still keeps a copy, and is now more than ever motivated to disseminate it, given someone is trying to censor it. I feel a common structure of the different types of information, formal training for those dealing with that type of info etc. and putting in place risk management solutions, considering that humans are totally not to be trusted (are computers to be?) is a way to mitigate these risks. Trying to censor something you end up making it even more popular that it could have been without you censoring it, just a thought



19. "DIY Marketing Culture" Personalization and Customization are emerging by default, and so is virtual viral marketing. In this post I mention the possibility to get your own custom MMs, and FireFox's FireFlicks initiative



20. "A comparison of US and European Privacy Practices" You can rarely come across a infosec survey with well formulated questions, ones that are the basis of a quality one. I think this company did a very good job in formulating and summarizing the outcome of a very trendy topic



Updated to add the averages for each month since I've started tracking my readers, looks nice, and in case you're interested you can also go through the summaries of previous months. Continue reading →

A comparison of US and European Privacy Practices

A new study on "US and European Corporate Privacy Practices" was released two days ago, and as I constantly monitor the topic knowing EU's stricter information sharing and privacy violations laws comparing to the U.S, thought you might find this useful. To sum up the findings :



"European companies are much more likely to have privacy practices that restrict or limit the sharing of customer or employees' sensitive personal information and are also more likely to provide employees with choice or consent on how information is used or shared," said David Bender, head of White & Case's Global Privacy practice." still at the "sharing sensitive information is bad"


promotional stage, I feel the research reasonable points out the lack of a systematic technical approach, bureaucracy can also be an issue, but with so many CERTs in Europe there's potential for lots of developments I think. Established in 2004, ENISA is the current body overseeing and guiding the Community towards data protection practices -- slowly, but steadily gaining grounds.



"But the research also revealed that US companies are engaging in more security and control-oriented compliance activities than their European counterparts. As a result, US corporations scored higher in five of the eight areas of corporate privacy practice." - structured implementation on a technical level, that is people auditing networks and being accountable in case of not doing so, and privacy policies by default. A little something bringing more insight from the Safe Harbor framework :



"The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self regulation. The European Union, however, relies on comprehensive legislation that, for example, requires creation of government data protection agencies, registration of data bases with those agencies, and in some instances prior approval before personal data processing may begin."



Of course there are differences and there should always be as they provoke constructive discussions, but among the many well-developed survey questions, some made me a quick impression :



"Is there a process for communicating the privacy policy to all customers and consumers?" Europe - 33% United States - 69%



"Is privacy training mandatory for key employees (those who handle, manage or control personal information)?" Europe - 22% United States - 62%



"Do you use technologies to prevent unauthorized or illegal movement or transfer of data or documents?" Europe - 17% Unites States - 45%



"Will the company notify individuals when their personal information is lost or stolen?" Europe 33% United States - 62%



Perimer based defenses naturally dominate as a perception of being secure, still, I feel that the growing infosec market and IT infrastructures in both the U.S and Europe would continue to fuel the growth of new technologies and also result in more informed decision makers -- at the bottom line it's always about a common goal and better information sharing. Continue reading →

Catching up on how to lawfully intercept in the digital era

In one of my previous posts "A top level espionage case in Greece" I blogged about two cases of unlawful interception -- good old espionage practices in modern environment. What's also worth mentioning is the rush for lawful interception in the post 9/11 world, that is free spirits get detained for singing or being nerds, activities you can hardly datamine at the bottom line, and then again, so what?


Last month, Australia extended its phone-tap laws to e-mails and SMS, OMG, good morning Vietnam. An excerpt from the news item :



"Australia has passed new laws that would allow police to intercept phone calls, e-mails, and text messages of people who are just suspected of a crime. Attorney-General Philip Ruddock says the new laws account for challenges posed by technology; in December 2005, Middle Eastern and white supremacist youth used SMS messages to coordinate during race riots. However, civil liberties groups warn that the laws could allow police to target the privileged conversations of lawyers and journalists or to target innocent people for investigation. Australia has been tightening security laws since the September 11, 2001, terrorist attacks in the US."



Whether compliance, or new revenue sources from a telecom/network giant's point of view, lawful interception has always been happening. A single vendor's box can easily monitor over 30,000 DSL connections, and while the problem still remains processing power and decentralized/encrypted communications, steganography as a concept has always been the biggest downsize of any approach from my point of view.



At the bottom line it would eventually provide the ECHELON's community with more information to take hold of, whereas retaining or trying to data mine it still remains an abstract concept whose only justification has been the contradictive Able Danger scenario. It is my opinion that erasing terrabytes of intelligence information on a terrorist group is a pure science-fiction scenario, they way there's a desperate need for a clear ROI in respect to CCTV cameras.



Don't over-empower the watchers for the sake of your Security, or you'll end up with a false feeling of it.



More resources on surveillance and lawful interception worth going through are :

International Campaign Against Mass Surveillance
Development of surveillance technology and risk of abuse of economic information
Legal Analysis of the NSA Domestic Surveillance Program
Wiretapping, FISA, and the NSA
Can the government track your cell phone's location without probable cause?
Attack Detection Methods for All-Optical Networks
2006 = 1984?
Privacy issues related to mobile and wireless Internet access
Lawful Interception of the Internet
Using MAC Addresses in the Lawful Interception of IP Traffic
Open Source Intelligence (OSINT)
Making Intelligence Accountable: Legal Standards and Best Practice for Oversight of Intelligence Agencies
What is Project ECHELON?
Surveillance and Society Journal
Cybercrime in New Network Ecosystem: vulnerabilities and new forensic capabilities
Strategies for Lawful Intercept
Summary - Lawful Interception plugtest
Whistle-Blower Outs NSA Spy Room



Technorati tags:
Security, Intelligence, Surveillance, Wiretapping, Privacy, Lawful Interception Continue reading →

Securing political investments through censorship

I try to extensively blog on various privacy and Internet censorship related issues affecting different parts of the world, or provide comments on the big picture they way I see it.



Spending millions -- 6 million euro here, and I guess you also wouldn't let someone spread the word whether the cover is fancy enough for a vote or not -- on political campaigns to directly or indirectly influence the outcome of an election, is a common practice these days. Whereas, trying to build a wall around a government's practices is like having a tidal wave of comments smashing it. I recently came across the following article : "



"Singapore has reminded its citizens that web users who post commentary on upcoming elections could face prosecution. Election commentary is tightly controlled under Singaporean law; independent bloggers may comment on the election, but must register their site with the Media Development Authority (MDA)."



I'm so not into politics -- and try not to -- but threatening with prosecution on commentary, registering users, while not first "introducing yourself" as "During the November 2001 elections, Singapore's political parties limited their use of the Internet to posting schedules and candidate backgrounds." isn't the smartest long-term political strategy ever, don't you think?



More resources on the state of censorship in Singapore worth checking out are :

Internet Filtering in Singapore in 2004- 2005: A Country Study
EFF "Censorship - Singapore" Archive
Censorship in Singapore
To Net or Not to Net: Singapore’s Regulation of the Internet
Censorship Review Committee 2002/2003
The Internet and Political Control in Singapore



Technorati tags:
Censorship, Politics Continue reading →