Michael (majeSTYX) majestyx@identi.ca

cybertreehouse

Anarchist „In diesem Universum liefert die Technologie auch die große Rationalisierung der Unfreiheit des Menschen.“ Herbert Marcuse

  • unwatched at 2015-05-22T12:32:11Z via AndStatus To: Public

    #Grundrechte-Report 2015: "Die Gefährdung der Verfassung geht vom Staat aus" http://unurl.org/4obf #Datenschutz #Überwachung #VDS

    Michael (majeSTYX) shared this.

  • Internet.org

    Krugor at 2015-05-22T12:18:31Z via AndStatus To: Public

    Internet.org Is Not Neutral, Not Secure, and Not the Internet https://www.eff.org/deeplinks/2015/05/internetorg-not-neutral-not-secure-and-not-internet

    Michael (majeSTYX) shared this.

  • NSA Planned to Hijack Google App Store to Hack Smartphones

    Krugor at 2015-05-22T12:18:20Z via AndStatus To: Public

    NSA Planned to Hijack Google App Store to Hack Smartphones

    New Article about unpublished Snowden documents
    https://firstlook.org/theintercept/2015/05/21/nsa-five-eyes-google-samsung-app-stores-spyware/

    Michael (majeSTYX) shared this.

  • Luis at 2015-05-22T12:17:46Z via AndStatus To: Public

    NSA Planned to Hijack Google App Store to Hack Smartphones

    Ryan Gallagher

    From Firstlook.org

    The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals.

    The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.

    The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012.

    The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. (Google declined to comment for this story. Samsung said it would not be commenting “at this time.”)

    As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.

    Previous disclosures from the Snowden files have shown agencies in the Five Eyes alliance designed spyware for iPhones and Android smartphones, enabling them to infect targeted phones and grab emails, texts, web history, call records, videos, photos and other files stored on them. But methods used by the agencies to get the spyware onto phones in the first place have remained unclear.

    The newly published document shows how the agencies wanted to “exploit” app store servers – using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones.




    But the agencies wanted to do more than just use app stores as a launching pad to infect phones with spyware. They were also keen to find ways to hijack them as a way of sending “selective misinformation to the targets’ handsets” as part of so-called “effects” operations that are used to spread propaganda or confuse adversaries. Moreover, the agencies wanted to gain access to companies’ app store servers so they could secretly use them for “harvesting” information about phone users.

    The project was motivated in part by concerns about the possibility of “another Arab Spring,” which was sparked in Tunisia in December 2010 and later spread to countries across the Middle East and North Africa. Western governments and intelligence agencies were largely blindsided by those events, and the document detailing IRRITANT HORN suggests the spies wanted to be prepared to launch surveillance operations in the event of more unrest.

    The agencies were particularly interested in the African region, focusing on Senegal, Sudan and the Congo. But the app stores targeted were located in a range of countries, including a Google app store server located in France and other companies’ app download servers in Cuba, Morocco, Switzerland, Bahamas, the Netherlands and Russia. (At the time, the Google app store was called the “Android Market”; it is now named Google Play.)

    Another major outcome of the secret workshops was the agencies’ discovery of privacy vulnerabilities in UC Browser, a popular app used to browse the Internet across Asia, particularly in China and India. Though UC Browser is not well-known in Western countries, its massive Asian user base, a reported half billion people, means it is one of the most popular mobile Internet browsers in the world.

    According to the top-secret document, the agencies discovered that the UC Browser app was leaking a gold mine of identifying information about its users’ phones. Some of the leaking information apparently helped the agencies uncover a communication channel linked to a foreign military unit believed to be plotting “covert activities” in Western countries. The discovery was celebrated by the spies as an “opportunity where potentially none may have existed before.”

    Citizen Lab, a human rights and technology research group based at the University of Toronto, analyzed the Android version of the UC Browser app for CBC News and said it identified “major security and privacy issues” in its English and Chinese editions. The Citizen Lab researchers have authored their own detailed technical report outlining the many ways the app has been leaking data, including some users’ search queries, SIM card numbers and unique device IDs that can be used to track people.

    Citizen Lab alerted UC Browser to the security gaps in mid-April; the company says it has now fixed them by rolling out an update for the app. A spokesperson for UC Browser’s parent company, Chinese e-commerce giant the Alibaba Group, told CBC News in a statement that it took security “very seriously and we do everything possible to protect our users.” The spokesperson added that the company had found “no evidence that any user information has been taken” — though it is not likely that surveillance of the leaking data would have been detectable.

    The case strikes at the heart of a debate about whether spy agencies are putting ordinary people at risk by secretly exploiting security flaws in popular software instead of reporting them so that they can be fixed.

    According to Citizen Lab Director Ron Deibert, the UC Browser vulnerability not only exposed millions of the app’s users to surveillance carried out by any number of governments — but it could also have been exploited by criminal hackers to harvest personal data.

    “Of course, the security agencies don’t [disclose the information],” Deibert said. “Instead, they harbor the vulnerability. They essentially weaponize it.” Taking advantage of weaknesses in apps like UC Browser “may make sense from a very narrow national security mindset,” Deibert added, “but it’s at the expense of the privacy and security of hundreds of millions of users worldwide.”

    The revelations are the latest to highlight tactics adopted by the Five Eyes agencies in their efforts to hack computers and exploit software vulnerabilities for surveillance. Last year, The Intercept reported that the NSA has worked with its partners to dramatically increase the scope of its hacking attacks and use of “implants” to infect computers. In some cases, the agency was shown to have masqueraded as a Facebook server in order to hack into computers.

    The Intercept and CBC News contacted each of the Five Eyes agencies for comment on this story, but none would answer questions on record about any of the specific details.

    A spokesperson for Canada’s Communications Security Establishment said that the agency was “mandated to collect foreign signals intelligence to protect Canada and Canadians from a variety of threats to our national security, including terrorism,” adding that it “does not direct its foreign signals intelligence activities at Canadians or anywhere in Canada.”

    British agency Government Communications Headquarters said that its work was “carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate.”

    Australia’s Signals Directorate said it was “long-standing practice” not to discuss intelligence matters and would not comment further.

    New Zealand’s Government Communications Security Bureau said that it has “a foreign intelligence mandate” and that everything it does is “explicitly authorised and subject to independent oversight.”

    The NSA had not responded to repeated requests for comment at time of publication.

    The post NSA Planned to Hijack Google App Store to Hack Smartphones appeared first on The Intercept.

    Link to article

    #security #espionage #nsa #google

    Michael (majeSTYX) , jrobertson , jrobertson , Olivier Mehani and 6 others shared this.

  • Luis at 2015-05-22T12:17:32Z via AndStatus To: Public

    Domain Registrar eNom Informs of DNS Hijacking Attack

    Softpedia News (Ionut Ilascu)


    eNom domain registrar informed its customers on Thursday that it was the victim of a group of attackers, who altered the domain name system (DNS) settings of four domains, redirecting traffic to different web resources than those intended by the owners.

    DNS configuration includes defining the IP addresses for the name servers, which are used to translate a domain name into the IP address corresponding to the web server that hosts it.

    (read more at softpedia)
    link

    #cyberattack #security

    Michael (majeSTYX) , Olivier Mehani , Olivier Mehani , Olivier Mehani and 2 others shared this.

  • 2015-05-21T18:26:56Z via AndStatus To: Public

    Giaco lo Squartafacebook wrote the following post 4 minutes ago
    An orgasm a day could keep prostate cancer at bay https://gnusocial.no/url/7457
    http://i.telegraph.co.uk/multimedia/archive/03101/Prostate_cancer_E5_3101491k.jpg
    Men in their forties who orgasm every day are much less likely to develop the   disease, according to researchers at Harvard Medical School
    --
    giaco@gnusocial.no
    URL: https://gnusocial.no/notice/173267
  • 2015-05-21T18:13:38Z via AndStatus To: Public

    #Canada The 2015 #Anarchist Film Festival https://www.submedia.tv
  • 2015-05-21T18:09:56Z via AndStatus To: Public

    #BND #NSA ..... "Mutti-dämmerung" ... wer weiss welchen Siegfried Sie noch in der versenkung haben....... o.O.
  • 2015-05-21T17:06:39Z via AndStatus To: Public

    Say *No* !! to #swpat #EPO - Techrights http://techrights.org/wiki/index.php/EPO
  • 2015-05-21T17:02:04Z via AndStatus To: Public

    #Logjam is a new #attack against the #Diffie-Hellman key-exchange protocol used in #TLS
    https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html
    Check your servers here: https://weakdh.org/sysadmin.html
    #schneier #security #ssl #https #vpn #vulnerability #weakdh
    --
    guy@gnusocial.no
    URL: https://gnusocial.no/notice/173000
  • 2015-05-21T17:01:31Z via AndStatus To: Public

    #Bildung - is' das schon lang nedd mehr..... „Münkler-Watch“ und der Vorwurf der Anonymität – ein Ablenkungsmanöver - World Socialist Web Site http://www.wsws.org/de/articles/2015/05/21/anon-m21.html
  • 2015-05-21T16:40:04Z via AndStatus To: Public

    #Logjam is a new #attack against the #Diffie-Hellman key-exchange protocol used in #TLS
    https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html
    Check your servers here: https://weakdh.org/sysadmin.html
    #schneier #security #ssl #https #vpn #vulnerability #weakdh
    --
    guy@gnusocial.no
    URL: https://gnusocial.no/notice/173000
  • 2015-05-21T15:08:16Z via AndStatus To: Public

    #antifa !antifa #Polizisten mit Verbindungen zur rechten Szene?! - YouTube http://m.youtube.com/watch?v=PxecI5QgaxQ
  • 2015-05-21T11:46:44Z via AndStatus To: Public

    #internet #energie #telepolis Voll und verfressen http://www.heise.de/tp/news/Voll-und-verfressen-2651915.html
  • 2015-05-21T11:42:19Z via AndStatus To: Public

    Graffiti in #vienna says: "The State Is The Only Criminal Organization" https://indy.im/url/5765944
    --
    reiserin@indy.im
    URL: https://gnusocial.no/notice/172291
  • 2015-05-21T11:41:59Z via AndStatus To: Public

    Webdoku zum Thema Tracking
    https://donottrack-doc.com
    #Tracking #Spionage #Datenschutz #Überwachung !Ueberwachung
    --
    steve@gnusocial.de
    URL: https://gnusocial.no/notice/172277
  • 2015-05-21T11:41:37Z via AndStatus To: Public

    Der Tag an dem wir Deffie-Hellman verloren haben. http://blog.fefe.de/?ts=aba27747 #digitalAikido #OTR #TLS #cryptocalypse
    --
    realramnit@quitter.se
    URL: https://gnusocial.no/notice/172348
  • 2015-05-20T17:39:56Z via AndStatus To: Public

    #spiegel #spon "qualitätsjournalismus" seriöse quellen .... jaja..... Gespiegelter BND http://www.heise.de/tp/news/Gespiegelter-BND-2659058.html
  • 2015-05-20T17:31:00Z via AndStatus To: Public

    #antifa !antifa ..... zivilcourage.... chapeau...... [s] ssb hilft nazis https://linksunten.indymedia.org/de/node/143880
  • 2015-05-20T17:17:25Z via AndStatus To: Public

    #netzpolitik ? #digiges ?! #schlafgut ! Report: EU member states seek to dump net neutrality completely http://feeds.arstechnica.com/~r/arstechnica/index/~3/xZ_hI9BI2Xo/