Posts Tagged ‘surveillance’

Are your phone camera and microphone spying on you

Are your phone camera and microphone spying on you?

https://www.theguardian.com/commentisfree/2018/apr/06/phone-camera-microphone-spying

Apps like WhatsApp, Facebook, Snapchat, Instagram, Twitter, LinkedIn, Viber

Felix Krause described in 2017 that when a user grants an app access to their camera and microphone, the app could do the following:

  • Access both the front and the back camera.
  • Record you at any time the app is in the foreground.
  • Take pictures and videos without telling you.
  • Upload the pictures and videos without telling you.
  • Upload the pictures/videos it takes immediately.
  • Run real-time face recognition to detect facial features or expressions.
  • Livestream the camera on to the internet.
  • Detect if the user is on their phone alone, or watching together with a second person.
  • Upload random frames of the video stream to your web service and run a proper face recognition software which can find existing photos of you on the internet and create a 3D model based on your face.

For instance, here’s a Find my Phone application which a documentary maker installed on a phone, then let someone steal it. After the person stole it, the original owner spied on every moment of the thief’s life through the phone’s camera and microphone.

The government

  • Edward Snowden revealed an NSA program called Optic Nerves. The operation was a bulk surveillance program under which they captured webcam images every five minutes from Yahoo users’ video chats and then stored them for future use. It is estimated that between 3% and 11% of the images captured contained “undesirable nudity”.
  • Government security agencies like the NSA can also have access to your devices through in-built backdoors. This means that these security agencies can tune in to your phone calls, read your messages, capture pictures of you, stream videos of you, read your emails, steal your files … at any moment they please.

Hackers

Hackers can also gain access to your device with extraordinary ease via apps, PDF files, multimedia messages and even emojis.

An application called Metasploit on the ethical hacking platform Kali uses an Adobe Reader 9 (which over 60% of users still use) exploit to open a listener (rootkit) on the user’s computer. You alter the PDF with the program, send the user the malicious file, they open it, and hey presto – you have total control over their device remotely.

Once a user opens this PDF file, the hacker can then:

  • Install whatever software/app they like on the user’s device.
  • Use a keylogger to grab all of their passwords.
  • Steal all documents from the device.
  • Take pictures and stream videos from their camera.
  • Capture past or live audio from the microphone.
  • Upload incriminating images/documents to their PC, and notify the police.

And, if it’s not enough that your phone is tracking you – surveillance cameras in shops and streets are tracking you, too

  • You might even be on this website, InSeCam, which allows ordinary people online to watch surveillance cameras free of charge. It even allows you to search cameras by location, city, time zone, device manufacturer, and specify whether you want to see a kitchen, bar, restaurant or bedroom.

++++++++++++++++++
more on privacy in this IMS blog
http://blog.stcloudstate.edu/ims?s=privacy

more on surveillance in this IMS blog
http://blog.stcloudstate.edu/ims?s=surveillance

 

not on your work computer

6 things you should never do on your work computer

Amy Elisa Jackson, Glassdoor Mar. 15, 2017, 10:45 AM

http://www.businessinsider.com/things-you-should-never-do-on-your-work-computer-2017-3

cyber security experts say that weaving your personal and professional lives together via a work laptop is risky business — for you and the company. Software technology company Check Point conducted a survey of over 700 IT professionals which revealed that nearly two-thirds of IT pros believed that recent high-profile breaches were caused by employee carelessness.

  1. DON’T: Save personal passwords in your work device keychain.
  2. DON’T: Make off-color jokes on messaging software.
  3. DON’T: Access free public wi-fi while working on sensitive material.
  4. DON’T: Allow friends or non-IT department colleagues to remotely access your work computer.
  5. DON’T: Store personal data.
  6. DON’T: Work on your side hustle while at the office.

++++++++++++++
more on privacy in this IMS blog
http://blog.stcloudstate.edu/ims?s=privacy

more on surveillance in this IMS blog:
http://blog.stcloudstate.edu/ims?s=surveillance

section 702

4 Big Intelligence Stories You Missed Amid The Comey Headlines This Week

++++++++++++++++++
more on surveillance and privacy in this IMS blog
http://blog.stcloudstate.edu/ims?s=surveillance

student privacy

Report: Tech Companies Are Spying on Children Through Devices and Software Used in Classroom

By Richard Chang 04/17/17

https://thejournal.com/articles/2017/04/17/report-tech-companies-are-spying-on-children-through-devices-and-software-used-in-classroom.aspx

according to a new report from the nonprofit Electronic Frontier Foundation (EFF), “Spying on Students: School-Issued Devices and Student Privacy

shows that state and federal laws, as well as industry self-regulation, have failed to keep up with a growing education technology industry.

One-third of all K–12 students in the United States use school-issued devices running software and apps that collect far more information on kids than is necessary.

Resource-poor school districts can receive these tools at deeply discounted prices or for free, as tech companies seek a slice of the $8 billion ed tech industry. But there’s a real, devastating cost — the tracking, cataloging and exploitation of data about children as young as 5 years old.

Our report shows that the surveillance culture begins in grade school, which threatens to normalize the next generation to a digital world in which users hand over data without question in return for free services

EFF surveyed more than 1,000 stakeholders across the country, including students, parents, teachers and school administrators, and reviewed 152 ed tech privacy policies.

“Spying on Students” provides comprehensive recommendations for parents, teachers, school administrators and tech companies to improve the protection of student privacy. Asking the right questions, negotiating for contracts that limit or ban data collection, offering families the right to opt out, and making digital literacy and privacy part of the school curriculum are just a few of the 70-plus recommendations for protecting student privacy contained in the report.

+++++++++++++++++++++++++
more on students and privacy
http://blog.stcloudstate.edu/ims?s=student+privacy
http://blog.stcloudstate.edu/ims?s=privacy+government

https://www.privateinternetaccess.com/blog/2017/03/us-senate-votes-50-48-away-broadband-privacy-rules-let-isps-telecoms-sell-internet-history/

https://www.washingtonpost.com/news/the-switch/wp/2017/03/28/the-house-just-voted-to-wipe-out-the-fccs-landmark-internet-privacy-protections/?utm_term=.34ed3dce7494

 

against government hackers

How to defend against government hackers

By Mark Rockwell Mar 31, 2017

https://fcw.com/articles/2017/03/31/rule41-aclu-defense-cyber.aspx

The 188-page “Challenging Government Hacking In Criminal Cases” report, released by the American Civil Liberties Union on March 30, addresses new amendments to Rule 41 of the Federal Rules of Criminal Procedure, which took effect last December.

Under the changes to criminal procedure rules, feds can remotely search computers in multiple jurisdictions with a single warrant. The rules are touted by law enforcement agencies as a way to streamline 100-year-old rules of criminal procedure

++++++++++++++++++++++++
more on surveillance in this IMS blog
http://blog.stcloudstate.edu/ims?s=surveillance

CIA hacks

WikiLeaks: Here’s how the CIA hacks your phones, TVs and PCs

The organization released thousands of documents it claims show how the US spy agency can crack open devices from Apple, Samsung, Google and Microsoft.

  https://www.cnet.com/news/wikileaks-cia-hacking-tools-phones-apple-samsung-microsoft-google/

This debate took off when the US Department of Justice sought to require Apple to help it open an encrypted iPhone belonging to one of the San Bernardino shooters. After Apple fought back in court, the FBI said it had obtained another way to access the phone.

Apple, Google and Motorola declined to comment on WikiLeaks’ claims. Samsung didn’t respond to a request for comment.

“The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption,” said Moxie Marlinspike, the founder of Signal. “This story isn’t about Signal or WhatsApp, but to the extent that it is, we see it as confirmation that what we’re doing is working.”

Telegram said on its website that the problem lies with operating systems and not encrypted messaging apps and that naming specific encrypted services is “misleading.” WhatsApp declined to comment.

+++++++++++++++++++++++++++++++
more on surveillance in this IMS blog
http://blog.stcloudstate.edu/ims?s=surveillance

cybersecurity grants

Grant program would support state, local cybersecurity

By Mark Rockwell Mar 02, 2017

https://fcw.com/articles/2017/03/02/state-cyber-bill-rockwell.aspx

The proposed legislation, said the lawmakers, would set up a cybersecurity grant program that would provide resources for states to develop and implement effective cyber resiliency plans, including efforts to identify, detect, protect, respond, and recover from cyber threats. It also would encourage development of a stronger cybersecurity workforce.

++++++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

cyberwarfare

How to define cyber-enabled economic warfare

By Sean D. Carberry Feb 23, 2017

https://fcw.com/articles/2017/02/23/critical-ceew-cyber-carbery.aspx

“Framework and Terminology for Understanding Cyber-Enabled Economic Warfare,” a new report by Samantha F. Ravich and Annie Fixler for the Foundation for Defense of Democracies.

Cyber-enabled economic warfare is a “hostile strategy involving attack(s) against a nation using cyber technology with the intent to weaken its economy and thereby reduce its political and military power.”

For example, China’s economic theft of intellectual property from the U.S. is considered CEEW, along with Russia’s cyberattack on Estonia and Iran’s Saudi Aramco attack. The authors also contend that the U.S. sanctions on Iran using cyber means to cut off Society for Worldwide Interbank Financial Telecommunication access also falls under CEEW.

http://www.defenddemocracy.org/content/uploads/documents/22217_Cyber_Definitions.pdf

+++++++++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

confide app

White House staffers are using this self-destructing messages app to gossip in private — here’s how it works

+++++++++++++++
more on social media in this IMS blog
http://blog.stcloudstate.edu/ims?s=social+media

1 2 3