The 188-page “Challenging Government Hacking In Criminal Cases” report, released by the American Civil Liberties Union on March 30, addresses new amendments to Rule 41 of the Federal Rules of Criminal Procedure, which took effect last December.
Under the changes to criminal procedure rules, feds can remotely search computers in multiple jurisdictions with a single warrant. The rules are touted by law enforcement agencies as a way to streamline 100-year-old rules of criminal procedure
PITA, the Portable Instrument for Trace Acquisitionattack, which uses electromagnetic wave detection equipment (available at any computer hardware store) that could “read” the electromagnetic pulses emanating from a standard laptop’s keyboard, including the keystrokes used to de-encrypt secure documents.
The new attack, called DiskFiltration, does something similar using the acoustic signals emitted from the movement of a computer’s hard disk drive (HDD).
One way to beat air-gap attacks, according to the researchers, is to switch to solid-state drives (SSDs), which have no moving parts and therefore emit no noise. However, according to the researchers, “despite the increased rate of adoption of SSDs, HDDs are still the most sold storage devices, mainly due to their low cost.
The FBI has released a public service announcement warning educators and parents that edtech can create cybersecurity risks for students.
In April 2017, security researchers found a flaw in Schoolzilla’s data configuration settings. And in May 2017, a hacker reportedly stole 77 million user accounts from Edmodo.
Amelia Vance, the director of the Education Privacy Project at the Future of Privacy Forum, writes in an email to EdSurge that the FBI likely wanted to make sure that as the new school year starts, parents and schools are aware of potential security risks. And while she thinks it’s “great” that the FBI is bringing more attention to this issue, she wishes the public service announcement had also addressed another crucial challenge.
“Schools across the country lack funding to provide and maintain adequate security,” she writes. “Now that the FBI has focused attention on these concerns, policymakers must step up and fund impactful security programs.”
According to Vance, a better approach might involve encouraging parents to have conversations with their children’s’ school about how it keeps student data safe.
Blockchains, which use advanced cryptography to store information across networks of computers, could eliminate the need for trusted third parties, like banks, in transactions, legal agreements, and other contracts. The most ardent blockchain-heads believe it has the power to reshape the global financial system, and possibly even the internet as we know it.
Now, as the technology expands from a fringe hacker toy to legitimate business applications, opportunists have flooded the field. Some of the seekers are mercenaries pitching shady or fraudulent tokens, others are businesses looking to cash in on a hot trend, and still others are true believers in the revolutionary and disruptive powers of distributed networks.
Mentions of blockchains and digital currencies on corporate earnings calls doubled in 2017 over the year prior, according to Fortune. Last week at Consensus, the country’s largest blockchain conference, 100 sponsors, including top corporate consulting firms and law firms, hawked their wares.
Here is a noncomprehensive list of the ways blockchain promoters say they will change the world. They run the spectrum from industry-specific (a blockchain project designed to increase blockchain adoption) to global ambitions (fixing the global supply chain’s apparent $9 trillion cash flow issue).
Things Blockchain Technology Will Fix
Bots with nefarious intent
People not taking their medicine
Device storage that could be used for bitcoin mining
Apps like WhatsApp, Facebook, Snapchat, Instagram, Twitter, LinkedIn, Viber
Felix Krause described in 2017 that when a user grants an app access to their camera and microphone, the app could do the following:
Access both the front and the back camera.
Record you at any time the app is in the foreground.
Take pictures and videos without telling you.
Upload the pictures and videos without telling you.
Upload the pictures/videos it takes immediately.
Run real-time face recognition to detect facial features or expressions.
Livestream the camera on to the internet.
Detect if the user is on their phone alone, or watching together with a second person.
Upload random frames of the video stream to your web service and run a proper face recognition software which can find existing photos of you on the internet and create a 3D model based on your face.
For instance, here’s a Find my Phone application which a documentary maker installed on a phone, then let someone steal it. After the person stole it, the original owner spied on every moment of the thief’s life through the phone’s camera and microphone.
Edward Snowden revealed an NSA program called Optic Nerves. The operation was a bulk surveillance program under which they captured webcam images every five minutes from Yahoo users’ video chats and then stored them for future use. It is estimated that between 3% and 11% of the images captured contained “undesirable nudity”.
Hackers can also gain access to your device with extraordinary ease via apps, PDF files, multimedia messages and even emojis.
An application called Metasploit on the ethical hacking platform Kali uses an Adobe Reader 9 (which over 60% of users still use) exploit to open a listener (rootkit) on the user’s computer. You alter the PDF with the program, send the user the malicious file, they open it, and hey presto – you have total control over their device remotely.
Once a user opens this PDF file, the hacker can then:
Install whatever software/app they like on the user’s device.
Use a keylogger to grab all of their passwords.
Steal all documents from the device.
Take pictures and stream videos from their camera.
Capture past or live audio from the microphone.
Upload incriminating images/documents to their PC, and notify the police.
And, if it’s not enough that your phone is tracking you – surveillance cameras in shops and streets are tracking you, too
You might even be on this website, InSeCam, which allows ordinary people online to watch surveillance cameras free of charge. It even allows you to search cameras by location, city, time zone, device manufacturer, and specify whether you want to see a kitchen, bar, restaurant or bedroom.