Archive for the ‘NSA’ Category

There is still a lot we don’t know regarding the WikiLeaks exposure of CIA cybersecurity documents this week. Many have suggested the documents may not be true or may have been tampered with before posting. And of course, everyone is wondering what the ramifications of such a revelation will be in terms of the CIA’s ability conduct its spycraft in the future. Some of the spying methods described in the documents may seem impossible, but I can attest that at least on that point, many of the tools described by the 8,000 documents do in fact exist.

According to what has been released so far, the CIA, through its Remote Devices Branch called UMBRAGE, maintains a library of hacking tools it has “stolen” from other groups. It goes on to explain the CIA can use the tools to compromise iOS and Android phones, and smart TVs, turning them into listening devices. It’s interesting to note the documents claim the CIA acquires these tools from others, instead of making them in-house.

That said, in my work as a reviewer of high-end security products, I have run across many of the hacking tools described in the leaked documents. In a few cases, companies have even provided them to me so I could challenge their defenses. I keep them in an air-gapped computer network along with my virus zoo, pulling them out whenever needed for a controlled test.

Full disclosure: I have no idea if I have the same tools the CIA is allegedly using, only that they seem to do many of the same things described by the WikiLeaks documents.

Hacking smart TVs seems to be getting the most attention, though it should come as the least surprising aspect of this. Smart TVs are basically all-in-one computers, only without any of the protections found on actual dedicated computers. That is why so many smart TVs ended up being part of the Mirai botnet.

In some cases, smart TVs seem to have been designed for spying. Vizio, which is one of the most popular manufacturers, recently agreed to pay $2.2 million in fines for secretly recording what people were watching and selling that data to advertisers.

The Vizio hacking tool, which was installed on new systems and allegedly also retrofitted to older TVs connected to the internet, was fairly ingenious. It would take snapshots of several pixels on the screen and then compare that to a database of what was playing. So, blue and blue and red might mean the user was watching the “Fresh off the Boat” sitcom, while black and white and green might line up with a feature movie. It required very little data to be sent from the TV back to the company, with all the high-end big data processing occurring after the data was captured.

Back to the alleged CIA tools. The CIA is supposed to be able to turn certain smart TVs into listening devices, while making it appear like the unit is turned off. I have recently tested a tool like that with a Samsung smart TV. I am not sure if it works with other types of TVs, but the tool I have uses a variant of the Samsung Screen Mirroring, modified to both record sound and keep its presence hidden from users.

As most TVs have no security, paring the hacking tool—which I was running off a Samsung tablet—with a TV is extremely easy. Simply select the TV in range you want to target. From there, I could share my screen with the TV, but the tool reverses this so users can instead see what is on the TV.

But then it gets interesting. By entering silent operation mode, the TV screen goes dark, as if whatever input is selected has no data. It also activates the internal microphone if the TV is equipped for videoconferencing, or uses the device’s speaker system if it’s not—though the sound quality is not nearly as good in the latter case.

From another room, I could clearly hear everything going on in the one with the TV. I even deployed this against a conference room setting, and the people talking in that room had no idea someone was listening in from a nearby office.

Read the rest here

Private License Plate Scanners

Posted: September 23, 2014 by gamegetterII in NSA, police state
Tags: ,

Most of the license plate scanners are operated by private companies who have access to DMV ,police,courts,child support,bank,finance company,and NCIC databases.

These companies have no right to the personal information contained in these databases. Citizens do not have the right to access all of this information in these databases,it is a huge invasion of privacy.

The companies and their employees having access to these databases is wide open to corruption,they could use the data for many things that are in no way legal,and are in fact criminal,such as blackmail,accepting bribes from jealous ex wives and husbands,car loan companies could bribe employees for location data on cars they are looking for,-as described in the article-it’s a long,drawn out process to repo a car. Bribe an employee who has access to the data,and the guy finds the car without going through the courts,takes the car back,then sorts it out in court.

So it could allow the repo companies to skirt the law,private investigators could bribe employees of these companies to track the travels of people they are investigating,stalkers and jealous ex’s could use the data they get from the person they bribe to harrass their ex husband or wife,and on and on and on.

This is way beyond 1984,between “traffic cameras”,the NSA hoovering up every e-mail,tweet,text,and phone call you make,along with all your banking activity,internet browsing history,and tracking your location 24/7 from your “smart phone”-you have zero privacy unless you disconnect yourself from the matrix,don’t use anything but burner phones,and stay off the ‘net entirely-I’m sure the NSA can even track Tor users by now.