tech in changing society

L.A. police using drones to spy on citizens

From Zachary Slobig’s “Police launch eye-in-the-sky technology above Los Angeles” (AFP: 17 June 2006):

Police launched the future of law enforcement into the smoggy Los Angeles sky in the form of a drone aircraft, bringing technology most commonly associated with combat zones to urban policing.

The unmanned aerial vehicle, which looks like a child’s remote control toy and weighs about five pounds (2.3 kilograms), is a prototype being tested by the Los Angeles County Sheriff’s Department. …

“This technology could be used to find missing children, search for lost hikers, or survey a fire zone,” said Commander Sid Heal, head of the Technology Exploration Project of the Los Angeles County Sheriff’s Department. “The ideal outcome for us is when this technology becomes instrumental in saving lives.”

The SkySeer would also be a helpful tool to nab burglary suspects on rooftops and to chase down suspects fleeing on foot. The drone comes equipped with low-light and infrared capabilities and can fly at speeds up to 30 miles (48 kilometers) per hour for 70 minutes. …

A small camera capable of tilt and pan operations is fixed to the underside of the drone which sends the video directly to a laptop command station. Once launched, the craft is set to fly autonomously with global positioning system (GPS) coordinates and a fixed flight pattern.

As technology improves, the drone will be outfitted with zoom capabilities. For now, the craft simply flies lower to hone in on its target. …

“The plane is virtually silent and invisible,” said Heal. “It will give us a vertical perspective that we have never had.”

The Los Angeles Sheriff’s Department operates a fleet of 18 helicopters, priced between three and five million dollars each. The SkySeer will cost between 25,000 and 30,000 dollars.

L.A. police using drones to spy on citizens Read More »

4 ways to eavesdrop on telephone calls

From Bruce Schneier’s “VOIP Encryption” (Crypto-Gram Newsletter: 15 April 2006):

There are basically four ways to eavesdrop on a telephone call.

One, you can listen in on another phone extension. This is the method preferred by siblings everywhere. If you have the right access, it’s the easiest. While it doesn’t work for cell phones, cordless phones are vulnerable to a variant of this attack: A radio receiver set to the right frequency can act as another extension.

Two, you can attach some eavesdropping equipment to the wire with a pair of alligator clips. It takes some expertise, but you can do it anywhere along the phone line’s path — even outside the home. This used to be the way the police eavesdropped on your phone line. These days it’s probably most often used by criminals. This method doesn’t work for cell phones, either.

Three, you can eavesdrop at the telephone switch. Modern phone equipment includes the ability for someone to listen in this way. Currently, this is the preferred police method. It works for both land lines and cell phones. You need the right access, but if you can get it, this is probably the most comfortable way to eavesdrop on a particular person.

Four, you can tap the main trunk lines, eavesdrop on the microwave or satellite phone links, etc. It’s hard to eavesdrop on one particular person this way, but it’s easy to listen in on a large chunk of telephone calls. This is the sort of big-budget surveillance that organizations like the National Security Agency do best. They’ve even been known to use submarines to tap undersea phone cables.

4 ways to eavesdrop on telephone calls Read More »

Employees willingly installed CDs handed to them by strangers

From Will Sturgeon’s “Proof: Employees don’t care about security” (silicon.com: 16 February 2006):

CDs were handed out to commuters as they entered the City by employees of IT skills specialist The Training Camp and recipients were told the disks contained a special Valentine’s Day promotion.

However, the CDs contained nothing more than code which informed The Training Camp how many of the recipients had tried to open the CD. Among those who were duped were employees of a major retail bank and two global insurers.

The CD packaging even contained a clear warning about installing third-party software and acting in breach of company acceptable-use policies — but that didn’t deter many individuals who showed little regard for the security of their PC and their company.

Employees willingly installed CDs handed to them by strangers Read More »

A new way to steal from ATMs: blow ’em up

From Bruce Schneier’s “News” (Crypto-Gram Newsletter: 15 March 2006):

In the Netherlands, criminals are stealing money from ATM machines by blowing them up. First, they drill a hole in an ATM and fill it with some sort of gas. Then, they ignite the gas — from a safe distance — and clean up the money that flies all over the place after the ATM explodes. Sounds crazy, but apparently there has been an increase in this type of attack recently. The banks’ countermeasure is to install air vents so that gas can’t build up inside the ATMs.

A new way to steal from ATMs: blow ’em up Read More »

Microsoft’s BitLocker could be used for DRM

From Bruce Schneier’s “Microsoft’s BitLocker” (Crypto-Gram Newsletter: 15 May 2006):

BitLocker is not a DRM system. However, it is straightforward to turn it into a DRM system. Simply give programs the ability to require that files be stored only on BitLocker-enabled drives, and then only be transferable to other BitLocker-enabled drives. How easy this would be to implement, and how hard it would be to subvert, depends on the details of the system.

Microsoft’s BitLocker could be used for DRM Read More »

THE answer to “if you’re not doing anything wrong, why resist surveillance?”

From Bruce Schneier’s “The Eternal Value of Privacy” (Wired News: 18 May 2006):

The most common retort against privacy advocates — by those in favor of ID checks, cameras, databases, data mining and other wholesale surveillance measures — is this line: “If you aren’t doing anything wrong, what do you have to hide?”

Some clever answers: “If I’m not doing anything wrong, then you have no cause to watch me.” “Because the government gets to define what’s wrong, and they keep changing the definition.” “Because you might do something wrong with my information.” My problem with quips like these — as right as they are — is that they accept the premise that privacy is about hiding a wrong. It’s not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.

Two proverbs say it best: Quis custodiet custodes ipsos? (“Who watches the watchers?”) and “Absolute power corrupts absolutely.”

Cardinal Richelieu understood the value of surveillance when he famously said, “If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” Watch someone long enough, and you’ll find something to arrest — or just blackmail — with. Privacy is important because without it, surveillance information will be abused: to peep, to sell to marketers and to spy on political enemies — whoever they happen to be at the time.

THE answer to “if you’re not doing anything wrong, why resist surveillance?” Read More »

Exploits used for corporate espionage

From Ryan Naraine’s “Microsoft Confirms Excel Zero-Day Attack Under Way” (eWeek: 16 June 2006):

Microsoft June 15 confirmed that a new, undocumented flaw in its widely used Excel spreadsheet program was being used in an attack against an unnamed target.

The company’s warning comes less than a month after a code-execution hole in Microsoft Word was exploited in what is described as a “super, super targeted attack” against business interests overseas.

The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers.

Exploits used for corporate espionage Read More »

Ways different cultures view technology

From Spare me the details (The Economist: 28 October 2004):

Genevieve Bell, an anthropologist who works for Intel, the world’s biggest semiconductor-maker, has been travelling around Asia for three years to observe how Asians use, or choose not to use, technology. She was especially struck by the differences in how westerners and Asians view their homes. Americans tended to say things like “my home is my castle” and furnish it as a self-contained playground, says Ms Bell. Asians were more likely to tell her that “my home is a place of harmony”, “grace”, “simplicity” or “humility”. These Asians recoiled from gadgets that made noises or looked showy or intrusive.

Even within western cultures, Ms Bell, who is Australian, has found startling differences in the way people view technology. When she recently opened her laptop in a café in Sydney to check her e-mail on the local wireless network, using a fast-spreading technology called Wi-Fi, she immediately got a mocking “Oi, what do you think you are, famous?” from the next table. “For Americans, adopting technology is an expression of American-ness, part of the story of modernity and progress,” says Ms Bell. For many other people, it may be just a hassle, or downright pretentious.

Ways different cultures view technology Read More »

Change the AMD K8 CPU without authentication checks

From Bruce Schneier’s Crypto-Gram Newsletter (15 August 2004):

Here’s an interesting hardware security vulnerability. Turns out that it’s possible to update the AMD K8 processor (Athlon64 or Opteron) microcode. And, get this, there’s no authentication check. So it’s possible that an attacker who has access to a machine can backdoor the CPU.

[See http://www.realworldtech.com/forums/index.cfm?action=detail&id=35446&threadid=35446&roomid=11]

Change the AMD K8 CPU without authentication checks Read More »

1st 2 questions AOL tech support asks

From Spare me the details (The Economist: 28 October 2004):

LISA HOOK, an executive at AOL, one of the biggest providers of traditional (“dial-up”) internet access, has learned amazing things by listening in on the calls to AOL’s help desk. Usually, the problem is that users cannot get online. The help desk’s first question is: “Do you have a computer?” Surprisingly often the answer is no, and the customer was trying to shove the installation CD into the stereo or TV set. The help desk’s next question is: “Do you have a second telephone line?” Again, surprisingly often the answer is no, which means that the customer cannot get on to the internet because he is on the line to the help desk. And so it goes on. …

1st 2 questions AOL tech support asks Read More »

Quick ‘n dirty explanation of onion routing

From Ann Harrison’s Onion Routing Averts Prying Eyes (Wired News: 5 August 2004):

Computer programmers are modifying a communications system, originally developed by the U.S. Naval Research Lab, to help Internet users surf the Web anonymously and shield their online activities from corporate or government eyes.

The system is based on a concept called onion routing. It works like this: Messages, or packets of information, are sent through a distributed network of randomly selected servers, or nodes, each of which knows only its predecessor and successor. Messages flowing through this network are unwrapped by a symmetric encryption key at each server that peels off one layer and reveals instructions for the next downstream node. …

The Navy is financing the development of a second-generation onion-routing system called Tor, which addresses many of the flaws in the original design and makes it easier to use. The Tor client behaves like a SOCKS proxy (a common protocol for developing secure communication services), allowing applications like Mozilla, SSH and FTP clients to talk directly to Tor and route data streams through a network of onion routers, without long delays.

Quick ‘n dirty explanation of onion routing Read More »

DIY worm kits

From Jose Nazario’s Anatomy of a worm (Computerworld: 15 September 2004):

Now imagine a world where worm attacks frequently occur because hackers and rogue developers have access to “worm kits” or development tools that provide the basic building blocks for rapid worm development.

Historically, worms were basic clones of one another that didn’t change after their original development. Simple mechanisms were used to propagate them, such as mass-mailing worms using a single subject line.

Today’s worms are more sophisticated. They have the ability to mutate after development based on knowledge of how to thwart new security processes. For instance, an early worm, Code Red, attacked only Internet Information Server servers. The Nimda worm, which came later, expanded to include at least three additional attack methodologies: mail-based attacks, file-sharing-based attacks, and attacks against the Internet Explorer Web browser.

The potential for this worm-a-day nightmare comes from several factors: the dozens of vulnerabilities that are ready to be exploited, the availability of worm source code, recycled exploits and the ease of editing existing worms.

DIY worm kits Read More »

Why Microsoft is threatened by open source

From How Microsoft played the patent card, and failed (The Register: 23 December 2004):

… the joint lead on the Samba project, Jeremy Allison …: “Microsoft has bought off and paid off every competitor it has, except open source. Every single player they could buy out, they did. That leaves Real, and FOSS. And they can’t buy us out, because you can’t buy off a social movement.”

Why Microsoft is threatened by open source Read More »

Search for Microsoft Money data files on P2P networks

From Greg Brooks’s more on DIY phishing kits hit the Net (Interesting People: 21 August 2004):

Turn on Kazaa or your p2p app of choice and search for .mny files — the data stores for Microsoft Money.

Most of these files won’t be password protected — just download, open and you’ve got a trove of personal financial data to work with. Stumble across a protected file? There are inexpensive utilities for recovering the password.

Search for Microsoft Money data files on P2P networks Read More »

Remote fingerprinting of devices connected to the Net

Anonymous Internet access is now a thing of the past. A doctoral student at the University of California has conclusively fingerprinted computer hardware remotely, allowing it to be tracked wherever it is on the Internet.

In a paper on his research, primary author and Ph.D. student Tadayoshi Kohno said: “There are now a number of powerful techniques for remote operating system fingerprinting, that is, remotely determining the operating systems of devices on the Internet. We push this idea further and introduce the notion of remote physical device fingerprinting … without the fingerprinted device’s known cooperation.”

The potential applications for Kohno’s technique are impressive. For example, “tracking, with some probability, a physical device as it connects to the Internet from different access points, counting the number of devices behind a NAT even when the devices use constant or random IP identifications, remotely probing a block of addresses to determine if the addresses correspond to virtual hosts (for example, as part of a virtual honeynet), and unanonymising anonymised network traces.” …

Another application for Kohno’s technique is to “obtain information about whether two devices on the Internet, possibly shifted in time or IP addresses, are actually the same physical device.”

The technique works by “exploiting small, microscopic deviations in device hardware: clock skews.” In practice, Kohno’s paper says, his techniques “exploit the fact that most modern TCP stacks implement the TCP timestamps option from RFC 1323 whereby, for performance purposes, each party in a TCP flow includes information about its perception of time in each outgoing packet. A fingerprinter can use the information contained within the TCP headers to estimate a device’s clock skew and thereby fingerprint a physical device.”

Kohno goes on to say: ” Our techniques report consistent measurements when the measurer is thousands of miles, multiple hops, and tens of milliseconds away from the fingerprinted device, and when the fingerprinted device is connected to the Internet from different locations and via different access technologies. Further, one can apply our passive and semi-passive techniques when the fingerprinted device is behind a NAT or firewall.”

And the paper stresses that “For all our methods, we stress that the fingerprinter does not require any modification to or cooperation from the fingerprintee.” Kohno and his team tested their techniques on many operating systems, including Windows XP and 2000, Mac OS X Panther, Red Hat and Debian Linux, FreeBSD, OpenBSD and even Windows for Pocket PCs 2002.

Remote fingerprinting of devices connected to the Net Read More »

A profile of phishers & their jobs

From Lee Gomes’s Phisher Tales: How Webs of Scammers Pull Off Internet Fraud (The Wall Street Journal: 20 June 2005):

The typical phisher, he discovered, isn’t a movie-style villain but a Romanian teenager, albeit one who belongs to a social and economic infrastructure that is both remarkably sophisticated and utterly ragtag.

If, in the early days, phishing scams were one-person operations, they have since become so complicated that, just as with medicine or law, the labor has become specialized.

Phishers with different skills will trade with each other in IRC chat rooms, says Mr. Abad. Some might have access to computers around the world that have been hijacked, and can thus be used in connection with a phishing attack. Others might design realistic “scam pages,” which are the actual emails that phishers send. …

But even if a phisher has a “full,” the real work has yet to begin. The goal of most phishers is to use the information they glean to withdraw money from your bank account. Western Union is one way. Another is making a fake ATM card using a blank credit card and a special magnetic stripe reader/writer, which is easy to purchase online.

A phisher, though, may not have the wherewithal to do either of those. He might, for instance, be stuck in a small town where the Internet is his only connection to the outside world. In that case, he’ll go into an IRC chat room and look for a “casher,” someone who can do the dirty work of actually walking up to an ATM. Cashers, says Mr. Abad, usually take a cut of the proceeds and then wire the rest back to the phisher.

Certain chat rooms are thus full of cashers looking for work. “I cash out,” advertised “CCPower” last week on an IRC channel that had 80 other people logged onto it. “Msg me for deal. 65% your share.”

The average nonphisher might wonder what would prevent a casher from simply taking the money and running. It turns out, says Mr. Abad, that phishers have a reputation-monitoring system much like eBay’s. If you rip someone off, your rating goes down. Not only that, phishers post nasty notices about you on IRC. “Sox and Bagzy are rippers,” warned a message posted last week.

Phishers, not surprisingly, are savvy about their targets. For instance, it wasn’t just a coincidence that Washington Mutual was a phisher favorite. Mr. Abad says it was widely known in the phishing underground that a flaw in the communications between the bank’s ATM machines and its mainframe computers made it especially easy to manufacture fake Washington Mutual ATM cards. The bank fixed the problem a few months ago, Mr. Abad says, and the incidence of Washington Mutual-related phishing quickly plummeted. …

Mr. Abad himself is just 23 years old, but he has spent much of the past 10 years hanging out in IRC chat rooms, encountering all manner of hackers and other colorful characters. One thing that’s different about phishers, he says, is how little they like to gab.

“Real hackers will engage in conversation,” he says. “With phishers, it’s a job.”

A profile of phishers & their jobs Read More »

Spammers causing problems to DNS

From Dennis Fisher’s Spammers’ New Tactic Upends DNS (eWeek: 10 January 2005):

One troublesome technique finding favor with spammers involves sending mass mailings in the middle of the night from a domain that has not yet been registered. After the mailings go out, the spammer registers the domain early the next morning.

By doing this, spammers hope to avoid stiff CAN-SPAM fines through minimal exposure and visibility with a given domain. The ruse, they hope, makes them more difficult to find and prosecute.

The scheme, however, has unintended consequences of its own. During the interval between mailing and registration, the SMTP servers on the recipients’ networks attempt Domain Name System look-ups on the nonexistent domain, causing delays and timeouts on the DNS servers and backups in SMTP message queues.

“Anti-spam systems have become heavily dependent on DNS for looking at all kinds of blacklists, looking at headers, all of that,” said Paul Judge, a well-known anti-spam expert and chief technology officer at CipherTrust Inc., a mail security vendor based in Atlanta. “I’ve seen systems that have to do as many as 30 DNS calls on each message. Even in large enterprises, it’s becoming very common to see a large spam load cripple the DNS infrastructure.”

Spammers causing problems to DNS Read More »

Do it yourself phishing kits

From John Leyden’s DIY phishing kits hit the Net (The Register: 19 August 2004):

Do-it-yourself phishing kits are being made available for download free of charge from the Internet, according to anti-virus firm Sophos.

Anyone surfing the Web can now get their hands on these kits, launch their own phishing attack and potentially defraud computer users of the contents of their bank accounts. These DIY kits contain all the graphics, web code and text required to construct bogus websites designed to have the same look-and-feel as legitimate ecommerce sites. They also come with spamming software.

Do it yourself phishing kits Read More »

Al Qaeda hijacks web server to distribute video

From Matt Tanase’s Don’t let this happen to you:

Smaller companies often assume they have nothing of interest to hackers. Often times that is the case, but they are still after resources, as in this case. Unfortunately, the hackers in this case are tied to Al Qaeda. They placed the recent hostage video on a California companies server. Imagine all of the lovely publicity this brought in.

From New24’s US firm spread hostage video (17 June 2004):

Video images of a US engineer taken hostage in Saudi Arabia, possibly by the al-Qaeda network, could have been put on the internet via a US firm based in California, Der Spiegel magazine reported on Thursday.

The video was released on Tuesday and shows relatively high-quality film of hostage Paul Johnson, who kidnappers from a group called “al-Qaeda in the Arabian Peninsula” have threatened to kill by Friday.

The origin of the video was traced to Silicon Valley Land Surveying Incorporated, a California land surveying and mapping company, said Spiegel online, the internet service for the respected German weekly.

The magazine said that according to its research the move was the first time al-Qaeda had “hijacked” a website to broadcast its propaganda.

Al Qaeda hijacks web server to distribute video Read More »

Providing an opening for criminals without realizing it

From Bush, Kerry cross paths in Iowa (BBC News: 4 August 2004):

US President George W Bush and his Democratic rival John Kerry have spent the day hunting votes within blocks of each other in the state of Iowa.

Mr Bush met supporters at a rally in the town of Davenport, while Mr Kerry held an economic roundtable discussion with business leaders nearby. …

Political pundits were not the only ones taking advantage of the day’s events.

Three local banks were robbed as the campaigns hit Davenport.

The first robbery occurred just as Mr Bush stepped off his plane, local police say.

The second and third robberies – at different banks – took place while the two candidates were addressing their respective Iowa crowds.

Providing an opening for criminals without realizing it Read More »