The 188-page “Challenging Government Hacking In Criminal Cases” report, released by the American Civil Liberties Union on March 30, addresses new amendments to Rule 41 of the Federal Rules of Criminal Procedure, which took effect last December.
Under the changes to criminal procedure rules, feds can remotely search computers in multiple jurisdictions with a single warrant. The rules are touted by law enforcement agencies as a way to streamline 100-year-old rules of criminal procedure
PITA, the Portable Instrument for Trace Acquisitionattack, which uses electromagnetic wave detection equipment (available at any computer hardware store) that could “read” the electromagnetic pulses emanating from a standard laptop’s keyboard, including the keystrokes used to de-encrypt secure documents.
The new attack, called DiskFiltration, does something similar using the acoustic signals emitted from the movement of a computer’s hard disk drive (HDD).
One way to beat air-gap attacks, according to the researchers, is to switch to solid-state drives (SSDs), which have no moving parts and therefore emit no noise. However, according to the researchers, “despite the increased rate of adoption of SSDs, HDDs are still the most sold storage devices, mainly due to their low cost.
The Times’ lawsuit follows reporting by Gizmodo that exposed multiple attempts by the FCC to manufacture stories about hackers attacking its comment system. In reality, the Electronic Comment Filing System (ECFS) crashed, both in 2015 and 2017, after Last Week Tonight host John Oliver instructed millions of his viewers to flood the agency with pro-net neutrality comments.
For over a year, the FCC claimed to have proof that distributed denial-of-service (DDoS) attacks were behind the comment system issues. In August 2018, however, FCC Chairman Ajit Pai finally admitted that wasn’t true. After an inspector general report found no evidence of an attack, Pai sought to pin the blame on his staff—and, for some reason, former President Barack Obama.
Pai stated in an agency memo in 2018 that it was a “fact” that Russian accounts were behind the half-million comments. His attorneys, meanwhile, were arguing the exact opposite in court.
School administrators and IT staff can be super-vigilant, but the hackers are getting better and better at sneaking through security.
the most common cybersecurity threats, and how can school staff avoid them?
Eavesdropping / Man-in-the-Middle (MiTM) Attacks
What they are:It’s likely that you sometimes use a school laptop or mobile device to gain internet access via Wi-Fi networks in public places like coffee shops or airports. If so, be aware that there may be hackers eavesdropping to try and gain entry to any two-party exchange you make so they can filter and steal data.
How to avoid them:Always use a school-verified SIM card, dongle or VPN(virtual private network) to access the internet in public places.
Social Engineering Attacks
According to Verizon’s 2018 Breach Investigations report, 92 percent of malware is delivered via email, often referred to as social engineering attacks. The aim is to interact with the user and influence and manipulate their actions to gain access to systems and install harmful software. Malware uses various guises. Here are some of the most common:
Apps like WhatsApp, Facebook, Snapchat, Instagram, Twitter, LinkedIn, Viber
Felix Krause described in 2017 that when a user grants an app access to their camera and microphone, the app could do the following:
Access both the front and the back camera.
Record you at any time the app is in the foreground.
Take pictures and videos without telling you.
Upload the pictures and videos without telling you.
Upload the pictures/videos it takes immediately.
Run real-time face recognition to detect facial features or expressions.
Livestream the camera on to the internet.
Detect if the user is on their phone alone, or watching together with a second person.
Upload random frames of the video stream to your web service and run a proper face recognition software which can find existing photos of you on the internet and create a 3D model based on your face.
For instance, here’s a Find my Phone application which a documentary maker installed on a phone, then let someone steal it. After the person stole it, the original owner spied on every moment of the thief’s life through the phone’s camera and microphone.
Edward Snowden revealed an NSA program called Optic Nerves. The operation was a bulk surveillance program under which they captured webcam images every five minutes from Yahoo users’ video chats and then stored them for future use. It is estimated that between 3% and 11% of the images captured contained “undesirable nudity”.
Hackers can also gain access to your device with extraordinary ease via apps, PDF files, multimedia messages and even emojis.
An application called Metasploit on the ethical hacking platform Kali uses an Adobe Reader 9 (which over 60% of users still use) exploit to open a listener (rootkit) on the user’s computer. You alter the PDF with the program, send the user the malicious file, they open it, and hey presto – you have total control over their device remotely.
Once a user opens this PDF file, the hacker can then:
Install whatever software/app they like on the user’s device.
Use a keylogger to grab all of their passwords.
Steal all documents from the device.
Take pictures and stream videos from their camera.
Capture past or live audio from the microphone.
Upload incriminating images/documents to their PC, and notify the police.
And, if it’s not enough that your phone is tracking you – surveillance cameras in shops and streets are tracking you, too
You might even be on this website, InSeCam, which allows ordinary people online to watch surveillance cameras free of charge. It even allows you to search cameras by location, city, time zone, device manufacturer, and specify whether you want to see a kitchen, bar, restaurant or bedroom.