Big Momma Knows Best

Wish it was the Chinese equivalent of Big Brother I'm refering to, in this case it's a mother of six tracking down teenagers who toilet-papered her house, and mind you, she didn't even bother to use MySpace, instead :

"Base persuaded supermarket managers to tally daily toilet-paper buys for the week and a Stater Bros. manager said there was a run on bathroom tissue two days before her home was vandalized. At 7:30 p.m. Feb. 17, someone bought 144 rolls of toilet paper, cheese, dog food, flour and plastic forks, the same items found on her lawn and house. It was a cash transaction, making it difficult to trace the purchaser, but the store had video surveillance. The video showed four teenagers making the purchase, one of them wearing a Norco High School letterman's jacket with a name stitched across the back. The store's parking lot surveillance camera showed the truck they were using. Base then borrowed a Norco High yearbook and used online databases to get the name, phone numbers and addresses of the teens on the store tape."

One question remains though. If she managed to socially engineer the supermarket's staff to pass her transactions info, even a surveillance camera footage, I wonder where they were shopping from, and would her detective work findings hold in court given how they were obtained. What if they used a distributed shopping practice?

You may also find a previous post on Big Brother in the Restroom, a relevant one.

UPDATE: Great post at Angela Gunn's Tech_Space. Keep your friends close, your neighbors closer!

JitterBugs - Covert Keyboard Communication Channels

WarTyping, keyboard acoustic emanations, and here comes a full-scale covert espionage tool recently discussed in an in-depth research at the 15th USENIX Security Symposium. Researchers at the CS department of University of Pennsylvania developed a working prototype of a JitterBug Covert Channel :

"This paper introduces JitterBugs, a class of inline interception mechanisms that covertly transmit data by perturbing the timing of input events likely to affect externally observable network traffic. JitterBugs positioned at input devices deep within the trusted environment (e.g., hidden in cables or connectors) can leak sensitive data without compromising the host or its software. In particular, we show a practical Keyboard JitterBug that solves the data exfiltration problem for keystroke loggers by leaking captured passwords through small variations in the precise times at which keyboard events are delivered to the host. Whenever an interactive communication application (such as SSH, Telnet, instant messaging, etc) is running, a receiver monitoring the host's network traffic can recover the leaked data, even when the session or link is encrypted. Our experiments suggest that simple Keyboard JitterBugs can be a practical technique for capturing and exfiltrating typed secrets under conventional OSes and interactive network applications, even when the receiver is many hops away on the Internet."

The trade-off remains on whether physically restoring the device would remain undetected, compared to directly streaming the output outside the network. I'll go for the covert network timing whereas insecurities and flexibility are always a matter of viewpoint.

UPDATE: The future defined - Projection Keyboards

Related resources:
Espionage Ghosts Busters
Covert Channel
Gray-World Team
IP Covert Timing Channels: An Initial Exploration
Information Theory of Covert Timing Channels
Detection of Covert Channel Encoding in Network Packet Delays

Malware Bot Families, Technology and Trends

In case you want to know more about the evolution of bots, and ease of assembling a botnet, why families take the largest zombie share compared to single bachelors only, or which technologies dominate the threatscape - go through the slides of this study on identifying "interesting" bot technologies within a large malware collection. Bot Feature & Technology Trends by Robert Lyda also highlights distribution of bot variants from the following families :

GaoBot
SpyBot
MyTob
PolyBot
PoeBot
gBot
BrepiBot
DanishBot
NetBot
KvdBot
TriBot
TongBot
SdBot
KwBot
BugBot

As well as :

- Emergence of Bots as of eggdrop's 1993 appearance
- 2005 Bot Family Percentage per Month
- Bot Feature Percentage of All Variants
- Bot Feature Percentage Over All Variants
- Bot Technology Trends for 2005
- Bot Packing Analysis
- Prelevance of the Top 12 Packing Tools

To bottom line - bot families result in anti virus software detecting over 200,000 pieces of malware already, trouble is the majority of them have long converted into family members rather than staying bachelors only as it used to be. Malware on demand and Open Source Malware, combined with the ease of packing, are definitely making their impact.

Related resources and posts:
Malware
Splitting a Botnet's Bandwidth Capacity
An Intergalactic Security Statement
Malware Search Engine

DVD of the Weekend - The Final Cut

This weekend's featured DVD is a marvelous representation of a full-scale 1984 type of mass surveillance society, but compared to an utopian party acting as the caring BigBrother, here it's the inavitable advances of technology, and availability of services leading to the ultimate digital preservation of our entire living -- through our own eye-embedded implants. Worth taking your time to watch this "remixing" of reality leading to the ultimate saint, but I have to agree with SFAM's comments on the "usefulness" of the technology for compiling a 30 min funeral clip only. The rest is the plot itself.

A brief summary of The Final Cut :

"In a near undefined future, people may have a Zoe microchip implanted in their nervous system to permit their families retrieve the best moments of their memories and watch on video after their deaths. This process is called "Rememory" and Alan H. Hakman (Robin Williams), a man traumatized by an incident in his childhood, is the best cutter of the Eye Tech Corporation. The company is facing groups that oppose to the "Rememory" and the ex-cutter Fletcher (Jim Caviezel) is leading these opponents. When Alan is assigned to prepare the final cut of the memories of the Eye Tech lawyer Charles Bannister, his Zoe chip is disputed by Fletcher. Meanwhile, Alan finds that he has also an implanted microchip, which is against the rules of a cutter."

You can also go through CyberPunkReview's comments and snapshots of The Final Cut.

Related resources:
Surveillance
Privacy

UPDATE: Seems like Blogspot is only searching through 7 out of my 209 posts, and ignoring the conspiracy theory you can still do it the old fashioned way - Surveillance, Privacy, Malware, Censorship, Cyber terrorism, Intelligence, etc.