Posts Tagged ‘tech’

Business is booming for the surveillance state

Posted: May 7, 2017 by gamegetterII in Police state USSA, Uncategorized
Tags: , , , , ,
0
Surveillance companies like Axon hope to turn every law enforcement officer into a data-gathering drone for a bodycam surveillance database they privately control. Now ShotSpotter, a listening technology that triangulates gunfire in “urban, high-crime areas,” announced a planned IPO.

Above: ShotSpotter mobile app integrated with Google data, showing Oakland California.
They are also expanding from “urban” neighborhoods to a college campus near you. From the submission:
Our solutions consist of our highly-specialized, cloud-based software integrated with our proprietary, internet-enabled sensors and communication networks. When a potential gunfire incident is detected by our sensors, our software analyzes and validates the data and precisely locates where the incident occurred. An alert containing a location on a map and critical information about the incident is transmitted directly to law enforcement or security personnel through any internet-connected computer and to iPhone® or Android mobile devices.

Some Alleged CIA Hacking Tools—Like Apps That Turn Smart TVs into Spies—Do Exist

Posted: May 7, 2017 by gamegetterII in .gov bullshit, NSA, Police state USSA, Uncategorized
Tags: , , , , , ,
0

There is still a lot we don’t know regarding the WikiLeaks exposure of CIA cybersecurity documents this week. Many have suggested the documents may not be true or may have been tampered with before posting. And of course, everyone is wondering what the ramifications of such a revelation will be in terms of the CIA’s ability conduct its spycraft in the future. Some of the spying methods described in the documents may seem impossible, but I can attest that at least on that point, many of the tools described by the 8,000 documents do in fact exist.

According to what has been released so far, the CIA, through its Remote Devices Branch called UMBRAGE, maintains a library of hacking tools it has “stolen” from other groups. It goes on to explain the CIA can use the tools to compromise iOS and Android phones, and smart TVs, turning them into listening devices. It’s interesting to note the documents claim the CIA acquires these tools from others, instead of making them in-house.

That said, in my work as a reviewer of high-end security products, I have run across many of the hacking tools described in the leaked documents. In a few cases, companies have even provided them to me so I could challenge their defenses. I keep them in an air-gapped computer network along with my virus zoo, pulling them out whenever needed for a controlled test.

Full disclosure: I have no idea if I have the same tools the CIA is allegedly using, only that they seem to do many of the same things described by the WikiLeaks documents.

Hacking smart TVs seems to be getting the most attention, though it should come as the least surprising aspect of this. Smart TVs are basically all-in-one computers, only without any of the protections found on actual dedicated computers. That is why so many smart TVs ended up being part of the Mirai botnet.

In some cases, smart TVs seem to have been designed for spying. Vizio, which is one of the most popular manufacturers, recently agreed to pay $2.2 million in fines for secretly recording what people were watching and selling that data to advertisers.

The Vizio hacking tool, which was installed on new systems and allegedly also retrofitted to older TVs connected to the internet, was fairly ingenious. It would take snapshots of several pixels on the screen and then compare that to a database of what was playing. So, blue and blue and red might mean the user was watching the “Fresh off the Boat” sitcom, while black and white and green might line up with a feature movie. It required very little data to be sent from the TV back to the company, with all the high-end big data processing occurring after the data was captured.

Back to the alleged CIA tools. The CIA is supposed to be able to turn certain smart TVs into listening devices, while making it appear like the unit is turned off. I have recently tested a tool like that with a Samsung smart TV. I am not sure if it works with other types of TVs, but the tool I have uses a variant of the Samsung Screen Mirroring, modified to both record sound and keep its presence hidden from users.

As most TVs have no security, paring the hacking tool—which I was running off a Samsung tablet—with a TV is extremely easy. Simply select the TV in range you want to target. From there, I could share my screen with the TV, but the tool reverses this so users can instead see what is on the TV.

But then it gets interesting. By entering silent operation mode, the TV screen goes dark, as if whatever input is selected has no data. It also activates the internal microphone if the TV is equipped for videoconferencing, or uses the device’s speaker system if it’s not—though the sound quality is not nearly as good in the latter case.

From another room, I could clearly hear everything going on in the one with the TV. I even deployed this against a conference room setting, and the people talking in that room had no idea someone was listening in from a nearby office.

Read the rest here

Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence – sources

Posted: October 5, 2016 by gamegetterII in .gov bullshit, police state, Uncategorized
Tags: , , , , , , , , ,
0

REUTERS

Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.

“Yahoo is a law abiding company, and complies with the laws of the United States,” the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.

Through a Facebook spokesman, Stamos declined a request for an interview.

The NSA referred questions to the Office of the Director of National Intelligence, which declined to comment.

The request to search Yahoo Mail accounts came in the form of a classified edict sent to the company’s legal team, according to the three people familiar with the matter.

U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad demand for real-time Web collection or one that required the creation of a new computer program.

“I’ve never seen that, a wiretap in real time on a ‘selector,'” said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.

“It would be really difficult for a provider to do that,” he added.

Experts said it was likely that the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target. The NSA usually makes requests for domestic surveillance through the FBI, so it is hard to know which agency is seeking the information.

Alphabet Inc’s Google and Microsoft Corp, two major U.S. email service providers, separately said on Tuesday that they had not conducted such email searches.

“We’ve never received such a request, but if we did, our response would be simple: ‘No way’,” a spokesman for Google said in a statement.

A Microsoft spokesperson said in a statement, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.” The company declined to comment on whether it had received such a request.

CHALLENGING THE NSA

Under laws including the 2008 amendments to the Foreign Intelligence Surveillance Act, intelligence agencies can ask U.S. phone and Internet companies to provide customer data to aid foreign intelligence-gathering efforts for a variety of reasons, including prevention of terrorist attacks.

Disclosures by former NSA contractor Edward Snowden and others have exposed the extent of electronic surveillance and led U.S. authorities to modestly scale back some of the programs, in part to protect privacy rights.

Companies including Yahoo have challenged some classified surveillance before the Foreign Intelligence Surveillance Court, a secret tribunal.

Some FISA experts said Yahoo could have tried to fight last year’s demand on at least two grounds: the breadth of the directive and the necessity of writing a special program to search all customers’ emails in transit.

Apple Inc made a similar argument earlier this year when it refused to create a special program to break into an encrypted iPhone used in the 2015 San Bernardino massacre. The FBI dropped the case after it unlocked the phone with the help of a third party, so no precedent was set.

“It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court,” Patrick Toomey, an attorney with the American Civil Liberties Union, said in a statement.

Some FISA experts defended Yahoo’s decision to comply, saying nothing prohibited the surveillance court from ordering a search for a specific term instead of a specific account. So-called “upstream” bulk collection from phone carriers based on content was found to be legal, they said, and the same logic could apply to Web companies’ mail.

As tech companies become better at encrypting data, they are likely to face more such requests from spy agencies.

Former NSA General Counsel Stewart Baker said email providers “have the power to encrypt it all, and with that comes added responsibility to do some of the work that had been done by the intelligence agencies.”

SECRET SIPHONING PROGRAM

Mayer and other executives ultimately decided to comply with the directive last year rather than fight it, in part because they thought they would lose, said the people familiar with the matter.

Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo’s challenge was unsuccessful.

Some Yahoo employees were upset about the decision not to contest the more recent edict and thought the company could have prevailed, the sources said.

They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company’s security team in the process, instead asking Yahoo’s email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.

The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

Stamos’s announcement in June 2015 that he had joined Facebook did not mention any problems with Yahoo. (bit.ly/2dL003k)

In a separate incident, Yahoo last month said “state-sponsored” hackers had gained access to 500 million customer accounts in 2014. The revelations have brought new scrutiny to Yahoo’s security practices as the company tries to complete a deal to sell its core business to Verizon Communications Inc for $4.8 billion.

(Reporting by Joseph Menn; Editing by Jonathan Weber and Tiffany Wu)

source

 

Meet Boeing’s laser weapon designed to make drones go boom

Posted: August 29, 2015 by gamegetterII in tech
Tags: , , , ,
0

Via Wired Here

IMG_6496 copy

Welcome to the World, Drone-Killing Laser Cannon

Hang on to your drone. Boeing’s developed a laser cannon specifically designed to turn unmanned aircraft into flaming wreckage.

The aerospace company’s new weapon system, which it publicly tested this week in a New Mexico industrial park, isn’t quite as cool as what you see in Star Wars—there’s no flying beams of light, no “pew! pew!” sound effects. But it is nonetheless a working laser cannon, and it will take your drone down.

People keep flying their drones where they shouldn’t. In airport flight paths. Above wildfires. Onto the White House lawn. Luckily, there haven’t been any really bad incidents—that is, no one has been killed by a civilian quadcopter or plane, yet.

Tracking_Video_Media_Day_For_Release

But governments and militaries around the world are terrified by the prospect of drones carrying explosives or chemical weapons (and now, pornography) into places where they shouldn’t.

There are lots of theories on the best way to deal with the drone threat. An Idaho company has developed special anti-drone shotgun shells. Some agencies are working on jamming technology to block communication from the operator to the aircraft. Firefighters in New York kept it simple, aiming their hose at a pesky drone hovering near a house fire.

Forget all that. Boeing thinks the best way to kill a drone is to zap it with a precision laser, burn a hole in it, and bring it down. So it created a weapon system to do just that—and the result could someday be installed everywhere from LaGuardia to the Pentagon.

Wednesday morning, the company showed off its Compact Laser Weapon System for media in Albuquerque, New Mexico. It’s a much smaller, significantly more portable version of the High Energy Laser Mobile Demonstrator (HEL MD) Boeing demonstrated last year. This setup looks like an overgrown camera, swiveling around on a tripod.

In the demo, Boeing used the laser to burn holes in a stationary, composite UAV shell, to show how quickly it can compromise an aircraft. Two seconds at full power and the target was aflame. Other than numerous safety warnings to ensure no one was blinded by the two-kilowatt infrared laser, there was no fanfare. No explosions, no visible beam. It’s more like burning ants with a really, really expensive magnifying glass than obliterating Alderaan.

Instead of a massive laser mounted on a dedicated truck, the compact system is small enough to fit in four suitcase-sized boxes and can be set up by a pair of soldiers or technicians in just a few minutes. At the moment, it’s aimed primarily at driving drones away from sensitive areas.

Front_View_2kW_Session_1
BOEING

The new system is more scalpel than sledgehammer. Its laser, and, especially, the off-the-shelf gimbal (a fancy motor that can aim the laser and camera in any direction) it’s mounted on, make it precise enough to target different parts of a UAV. Want to zap the tail so it crashes and then you can go retrieve the mostly intact drone and see who is trying to spy on you? Can do. Think it’s carrying explosives and you want to completely destroy it? No problem. Boeing wouldn’t get specific on its range, but company reps suggested that if you can see a target, even with binoculars, you can kill it.

Depending on the target’s speed and distance, Boeing’s weapon can fire its laser within an inch or two of what it wants to hit. Because the laser moves at the speed of light, it’s easier to be precise—there’s no need to lead the target. The speed of the gimbal is the primary limitation on the targeting front.

The laser is controlled with a standard Xbox 360 controller (“If it breaks, just head to the barracks to get a replacement!”) and a laptop with custom targeting software. Once in range, the system can take over from the human operator and control targeting and tracking automatically. Though current prototypes are meant to be used from static positions, the new weapon could be used on a moving vehicle or ship with minimal upgrades.

“This represents a low-cost way to deal with the threat,” said David DeYoung, director of Boeing Laser & Electro-Optical Systems. Boeing wouldn’t reveal a total price of the system, but says it’s a one-time purchase. Once you’ve got the system, the only cost is electricity. The company expects the system to run for “years” with basic maintenance (the gimbal is the only moving part) and near-zero ongoing costs since there’s no traditional ammunition.

The necessary electricity can come from standard 220 volt outlet, a generator on a military vehicle, or a battery pack for ultimate portability. Boeing has several battery solutions depending on situational need, but all should give enough juice for at least a few shots.

The company hopes to have the Star Wars-inspired weapon ready for market in a year or two, with many refinements and developments to come over the next few years. But don’t expect lasers to replace traditional armaments like Raytheon’s Patriot missile defense system and Israel’s Iron Dome. “There will be times where it makes sense to use a missile and there will be times where it makes sense to use a laser,” says DeYoung.

As with any military weapon, Boeing would need to work through export control regulations before selling to foreign governments. It’s also not clear whether civilian agencies running prisons and airports could deploy the system under current regulations, or even what regulations might apply to something like this.

Watch this self-healing material handle a bullet

Posted: August 29, 2015 by gamegetterII in Uncategorized
Tags: , ,
0

NASA-funded research has created a material that could self-heal in seconds. Two layers of solid polymer sandwich a gel that with an ingredient that solidifies on contact with air (i.e. when one or both of the outer layers is damaged). This differs from other approaches that rely on a mostly-liquid compound, or similar, slower techniques. The protective applications in space craft (like the ISS) are obvious, and could add a vital line of defense against dangerous debris. The ISS already has shields to protect it, but reactive armour in the event of damage would be even more reassuring. Back down here on earth, the same material could be used in cars, pips, containers and even phones (beyond scratches). Watch the material get shot and self-heal in the video below.