That’s right….weak. Virtually every single cryptography expert on the planet knows that a force-mandated “backdoor” in software or devices will not work and will make the systems vulnerable to attack by black-hat hackers or state-run military cyberattacks.
Today’s Wall Street Journal had this front-page article, “Paris Attacks Fuel Debate Over Spying – Growing belief that terrorists behind assaults used encrypted communications prompts re-examination of U.S. policy on surveillance.” A few things from the article leapt out at me:
“A growing belief among intelligence officials that the terrorists behind Friday’s Paris attacks used encrypted communications is prompting a far-ranging re-examination of U.S. policy on data collection and surveillance.”
No kidding. Anyone on this planet with intermediate technical skills can encrypt their communications.
Sen. Richard Burr (R., N.C.), chairman of the Senate Intelligence Committee, said Tuesday his panel will launch a review of encryption use. “It is likely that end-to-end encryption was used to communicate in Belgium and France and Syria,” Mr. Burr said. He said encryption was likely because no direct communication among the terrorists was detected.”
Really Senator? Maybe they met in person?
The increasing sophistication of spammers constantly amazes me. This one, however, was the best yet. Not that I’d get sucked in to this phishing attempt, but the text was good enough that it got through to my ‘real’ email…and not just in to my spam folder.
My name is Olga. I am a 22 year old college student living by Moscow. I go to Bauman University (Moscow State University of Technology) and will be cumming to Minesota for a visit next month.
I have seen you on the internet and would very much like to meet you in person. Please email me or click this link: http://link-redacted.ru
Of course I didn’t click the link (and you NEVER should either*), but even as I write this I’m sort of stunned it arrived intact. Just goes to show you how careful we have to be when this crap is sent our way.
*What should you do? Hover over the link and look in the bottom of your browser window. You will see the REAL address they’re sending you to. The text for a hyperlink can be anything (e.g., Bank of America) but go to any URL. Don’t click on it…just delete the email.
Reading the German publication Der Spiegel’s article called Prying Eyes: Inside the NSA’s War on Internet Security this weekend, like them I was struck by something that has been on my mind for over ten years. Why does the U.S. intelligence services, and specifically the National Security Agency (NSA), do more to protect the nation?
What came out in the Edward Snowden revelations was that the NSA is, without question or doubt, working feverishly to crack all encryption and are also working hard to build a quantum computer that will crack the little unbreakable encryption we still enjoy today.
Any of us in information technology, web or mobile app creation, and any sort of data security at all, know that if something has been cracked—regardless if it’s some kid in Norway or a state-based intelligence service—it is only a matter of time before the blackhat hackers discover it and exploit the crack.
George Takei’s YouTube show, Takei’s Take, tours YouTube Space LA (there are also London, Tokyo and New York locations currently). If you haven’t yet heard about this space, and what they’re trying to accomplish, this is a perfect overview in 4 minutes (and always enjoyable due to George’s take on things and his delightfully positive attitude and outlook)!
If you ever connect to a public Wifi hotspot, you owe it to yourself to spend 4-5 minutes and read this article by Maurits Martijn called, “Maybe It’s Better If You Don’t Read This Story on Public WiFi: We took a hacker to a café and, in 20 minutes, he knew where everyone else was born, what schools they attended, and the last five things they googled.”
I want to make thousands of copies of that article and give them to every single person I see in every public Wifi location everywhere!
Let me say it as emphatically as I can if you’ve read this far: You are an idiot if you connect to any public Wifi without running a virtual private network (VPN) connection (like the one I use, Private Internet Access for $39.99/year for 5 devices). If you don’t it’s not “if” you will get hacked, but rather “when” it will happen to you.
To show you how pervasive and simple it is to hack your laptop, smartphone or tablet when you connect willy-nilly to some public Wifi hotspot, let me give you a glimpse at what I can only describes as a…
HACKER’S DREAM MACHINE
Because I’ve technically known the risks for nearly ten years, I’ve been paranoid about public Wifi locations since 2005 and wrote about being “naked in a coffee shop” here, here and here. But to show you how brain-dead-simple it has become to BE a hacker, wait until you read about a black box called the Wifi Pineapple you can buy, for $99.99, which lets anyone who has one:
- Run a man-in-the-middle attack, essentially spoofing a public Wifi connection and even impersonating the actual, real network connection (whether open or secured). How many times have you connected to Wifi that said “Coffee Shop Guest” or “Free Public Wifi”? Sometimes they’re real, mostly they are not. You can almost never be certain.
- The attacker can monitor all network traffic flowing between an Internet gateway and the connected clients (like your laptop, smartphone or tablet!) as well as manipulate this data in transit such as through captive portals, DNS spoofing, IP redirection and even the substitution of executables in transit (so that file you’re downloading might be coming off of the attacker’s laptop!).
There’s alot more you can do with this device and Hak5, the group that makes it, is certainly gleeful about all the rogue crap it can do:
“…the WiFi Pineapple is more than a platform – it’s a community for creativity. Rickrolling clients, powering off WiFi drones mid-flight, tracking commercial airliners and logging WiFi connections are only some of the creative things being done within the WiFi Pineapple community.”
On the Hak5 forums they even have a section entitled, “WiFi Pineapple University” to help users teach users about this ‘fun’ little box.
The good news? If you run a VPN and inadvertently connect to “Coffee Shop Guest” and it’s actually a spoofed connection through one of these black boxes, the hacker would only see encrypted traffic! Everyone else’s internet traffic—Facebook login, bank password, credit card data—would mostly be going in the clear. (Note: I know that an actual SSL connection would encrypt traffic in the browser, and so do most smartphone and tablet apps, but more sophisticated hackers can even spoof SSL connections so that your browser thinks it is securely connecting…but it is not).
I must admit that, even though I’m more appalled by the activities of our government and mass surveillance of U.S. citizens in what I believe is a direct violation of our Constitution, boxes like this one target individuals with a lot to lose. It’s not right and not fair and I hope I never catch someone using one in a public place or…
Glenn Greenwald was one of the first reporters to see — and write about — the Edward Snowden files, with their revelations about the United States’ extensive surveillance of private citizens. In this searing talk, Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide.”
The Edward Snowden revelations about the U.S. National Security Agency (NSA) and its vacuum surveillance, sadly seems to be fading from the public consciousness. Undoubtedly this is viewed as a positive by the intelligence community since they are continuing to accelerate their programs now seemingly unabated.
Awareness is one reason I was pleased to see this article that The Guardian wins an Emmy for coverage of NSA revelations. Their multimedia piece NSA Files Decoded is one of the best, most comprehensive and informative (dare I say “entertaining?”) pieces I’ve seen yet. Congratulations to The Guardian team!
If you care at all about the world our children and grandchildren will inherit, then you owe it to yourself to watch the videos or read articles at NSA Files Decoded. You might also consider paying attention to a relatively new website, The Intercept, so that you can stay aware, stay informed, and not be one of those who are naive about the unprecedented and growing power of the intelligence community and its surveillance of all U.S. citizens.
Last night was part two of the PBS Frontline program called United States of Secrets. It was one of the best, most thorough overviews of what is going on with the NSA’s vacuum surveillance that I’ve ever seen.
You owe it to yourself, and the future of our children, to be aware of what’s going on.
NSA Finally In The Light
I’ve been deeply concerned about the massive, sweeping surveillance going on for over TEN YEARS! Whenever I bring up this topic (and online security in general) too many of my family and friends just shrug and say, “Oh well.” Frankly, I just don’t understand why most people don’t seem all that concerned about our fundamental erosion of liberty caused by the NSA’s mass surveillance.
Thankfully the Edward Snowden whistleblowing finally shined a light on what I intrinsically knew was going on shortly after 9/11 (see Snowden’s revelations and the overall controversy at The Guardian’s NSA Files website section). Yes, I feel vindicated for my paranoia but that attestation is not something I longed for…instead I hoped the government’s drive to classify their constitutional violations and illegal activities as “keeping America safe from terrorism” would stop.
Unfortunately that whistleblowing has made it increasingly hard for companies who sell their technology outside of the United States. For example, the NSA was inserting hardware in Cisco routers which caused CEO John Chambers to write a letter to President Obama asking for it to cease…now.
This year the World Wide Web turns 25 years old. Sir Tim Berners-Lee, the man who invented the Web, is imploring the world to keep the Web free, open, neutral and robust.
There is no question that Berners-Lee has deep and profound concerns about the direction the Web has taken. From global mass surveillance to net neutrality, he clearly sees his baby, the World Wide Web, as one of the most powerful inventions in human history but one in jeopardy of being subsumed by governments, corporations, or others in power positions.
He’s created a website, Webat25.org, highlighting what he discusses in this video below and it is one you should visit.
Unless my family and I are living in an alternate Bizarro universe, it’s pretty clear that we all will soon be paying a lot more for our internet broadband connections and our internet choices will be throttled.
I say that because of the net neutrality battle going on right now, one the internet service providers (ISPs), and especially the cable providers who also provide television, think this is one they cannot afford to lose.
None of the ISPs want Netflix, Apple’s AppleTV, Google’s $35 Chromecast, or a service like Aereo to either continue to succeed or be in a good or better position to do so. Unless, of course, the ISPs are allowed to make the internet a toll road where only those who pay can get through or go fast.
If the cable companies and other ISPs “win” the net neutrality battle, our TV streaming options will collapse, we will all pay more for our internet connections, all while having to continue to pay “bundled” prices for cable TV channels we never watch.