spy & security

Ces dames préfèrent le mambo

212.jpg

Behavioural patterns of Londoners going about their daily business are being tracked and recorded an unprecedented scale, internet expert Ben Green warns. […]

Large-scale London data-collection projects include on-street free Wi-Fi beamed from special kiosks, smart bins, police facial recognition and soon 5G transmitters embedded in lamp posts.

Transport for London announced this week they would track, collect and analyse movements of commuters around 260 Tube stations starting from July by using mobile Wi-Fi data and device MAC addresses to help improve journeys. Customers can opt out by turning off their Wi-Fi. 

{ Standard | Continue reading }

previously { The Business of Selling Your Location }

art { Poster for Autechre by the Designers Republic, 2016 }

Facebook algorithm can recognise people in photographs even when it can’t see their faces

25.jpg

In Shenzhen, the local subway operator is testing various advanced technologies backed by the ultra-fast 5G network, including facial-recognition ticketing.

At the Futian station, instead of presenting a ticket or scanning a QR bar code on their smartphones, commuters can scan their faces on a tablet-sized screen mounted on the entrance gate and have the fare automatically deducted from their linked accounts. […]

Consumers can already pay for fried chicken at KFC in China with its “Smile to Pay” facial recognition system, first introduced at an outlet in Hangzhou in January 2017. […]

Chinese cities are among the most digitally savvy and cashless in the world, with about 583 million people using their smartphones to make payment in China last year, according to the China Internet Network Information Center. Nearly 68 per cent of China’s internet users used a mobile wallet for their offline payments.

{ South China Morning Post | Continue reading }

photo { The Collection of the Australian National Maritime Museum }

the moyles and moyles of it

21.jpg

Products developed by companies such as Activtrak allow employers to track which websites staff visit, how long they spend on sites deemed “unproductive” and set alarms triggered by content considered dangerous. […]

To quantify productivity, “profiles” of employee behaviour — which can be as granular as mapping an individual’s daily activity — are generated from “vast” amounts of data. […]

If combined with personal details, such as someone’s age and sex, the data could allow employers to develop a nuanced picture of ideal employees, choose whom they considered most useful and help with promotion and firing decisions. […]

Some technology, including Teramind’s and Activtrak’s, permits employers to take periodic computer screenshots or screen-videos — either with employees’ knowledge or in “stealth” mode — and use AI to assess what it captures.

Depending on the employer’s settings, screenshot analysis can alert them to things like violent content or time spent on LinkedIn job adverts. 

But screenshots could also include the details of private messages, social media activity or credit card details in ecommerce checkouts, which would then all be saved to the employer’s database. […]

Meanwhile, smart assistants, such as Amazon’s Alexa for Business, are being introduced into workplaces, but it is unclear how much of office life the devices might record, or what records employers might be able to access.

{ Financial Times | Continue reading }

Google uses Gmail to track a history of things you buy. […] Google says it doesn’t use this information to sell you ads.

{ CNBC | Continue reading }

unrelated { Navy Seal’s lawyers received emails embedded with tracking software }

photo { Philip-Lorca diCorcia, Paris, 1996 }

Not a soul but ourselves

41.jpg

[I]nside of a Google server or a Facebook server is a little voodoo doll, avatar-like version of you […] All I have to do is simulate what conversation the voodoo doll is having, and I know the conversation you just had without having to listen to the microphone.

{ Quartz | Continue reading }

…a phenomenon privacy advocates have long referred to as the “if you build it, they will come” principle — anytime a technology company creates a system that could be used in surveillance, law enforcement inevitably comes knocking. Sensorvault, according to Google employees, includes detailed location records involving at least hundreds of millions of devices worldwide and dating back nearly a decade.

The new orders, sometimes called “geofence” warrants, specify an area and a time period, and Google gathers information from Sensorvault about the devices that were there. It labels them with anonymous ID numbers, and detectives look at locations and movement patterns to see if any appear relevant to the crime. Once they narrow the field to a few devices they think belong to suspects or witnesses, Google reveals the users’ names and other information. […]

Google uses the data to power advertising tailored to a person’s location, part of a more than $20 billion market for location-based ads last year.

{ NY Times | Continue reading }

The “panopticon” refers to an experimental laboratory of power in which behaviour could be modified

5.jpg

We’ve all been making some big choices, consciously or not, as advancing technology has transformed the real and virtual worlds. That phone in your pocket, the surveillance camera on the corner: You’ve traded away a bit of anonymity, of autonomy, for the usefulness of one, the protection of the other.

Many of these trade-offs were clearly worthwhile. But now the stakes are rising and the choices are growing more fraught. Is it O.K., for example, for an insurance company to ask you to wear a tracker to monitor whether you’re getting enough exercise, and set your rates accordingly? Would it concern you if police detectives felt free to collect your DNA from a discarded coffee cup, and to share your genetic code? What if your employer demanded access to all your digital activity, so that it could run that data through an algorithm to judge whether you’re trustworthy?

These sorts of things are already happening in the United States.

{ NY Times | Continue reading }

‘Never talk when you can nod and never nod when you can wink and never write an e-mail, because it’s death.’ –Eliot Spitzer

23.jpg

“Connecting” online once referred to ways of communicating; now it is understood as a means of digital totalization, typically euphemized as objects becoming “smart.” Each data-collecting object requires a further smartening of more objects, so that the data collected can be made more useful and lucrative, can be properly contextualized within the operation of other objects. You can’t opt in or out of this kind of connectedness.

{ Rob Horning/Real Life | Continue reading }

Pikes clash on cuirasses. Thieves rob the slain.

23.jpg

The ATM-busting technique, known as jackpotting, has been around for almost a decade […] ATM jackpotting is both riskier and more complicated than card-skimming. For starters, scammers have to hack into the computer that governs the cash dispenser, which usually involves physically breaking into the machine itself; once they’re in, they install malware that tells the ATM to release all of its cash, just like a jackpot at a slot machine. These obstacles mean the process takes quite a bit longer than installing a card skimmer, which means more time in front of the ATM’s security cameras and jackpotters triggering an alarm in the bank’s control center at every step. But as chip-and-PIN becomes the standard in the U.S., would-be ATM thieves are running out of other options. […]

It was the Secret Service’s financial crimes division that spotted the series of attacks on multiple locations of the same bank in Florida in December and January, and put out a bulletin to financial institutions, law enforcement, and the public about the new style of ATM theft. The two major global ATM manufacturers, Diebold Nixdorfand NCR, also alerted the public and issued security patches within a few days. Banks started monitoring their ATMs around the clock. Less than 24 hours after the Secret Service’s public alert, Citizens Financial Group, a regional bank with branches all over the northeast, notified the local police that its security folks noticed one of its ATMs go off line. The police contacted the Secret Service, which made its first arrest on the scene.

{ Bloomberg | Continue reading }

photo { Jerome Liebling, Union Square, New York City, 1948 }

The sun never sets

22.jpg

Ross McNutt is an Air Force Academy graduate, physicist, and MIT-trained astronautical engineer who in 2004 founded the Air Force’s Center for Rapid Product Development. The Pentagon asked him if he could develop something to figure out who was planting the roadside bombs that were killing and maiming American soldiers in Iraq. In 2006 he gave the military Angel Fire, a wide-area, live-feed surveillance system that could cast an unblinking eye on an entire city.

The system was built around an assembly of four to six commercially available industrial imaging cameras, synchronized and positioned at different angles, then attached to the bottom of a plane. As the plane flew, computers stabilized the images from the cameras, stitched them together and transmitted them to the ground at a rate of one per second. This produced a searchable, constantly updating photographic map that was stored on hard drives. His elevator pitch was irresistible: “Imagine Google Earth with TiVo capability.” […]

If a roadside bomb exploded while the camera was in the air, analysts could zoom in to the exact location of the explosion and rewind to the moment of detonation. Keeping their eyes on that spot, they could further rewind the footage to see a vehicle, for example, that had stopped at that location to plant the bomb. Then they could backtrack to see where the vehicle had come from, marking all of the addresses it had visited. They also could fast-forward to see where the driver went after planting the bomb—perhaps a residence, or a rebel hideout, or a stash house of explosives. More than merely identifying an enemy, the technology could identify an enemy network. […]

McNutt retired from the military in 2007 and modified the technology for commercial development. […] His first customer was José Reyes Ferriz, the mayor of Ciudad Juárez, in northern Mexico. In 2009 a war between the Sinaloa and Juárez drug cartels had turned his border town into the most deadly city on earth. […]

Within the first hour of operations, his cameras witnessed two murders. “A 9-millimeter casing was all the evidence they’d had,” McNutt says. By tracking the assailants’ vehicles, McNutt’s small team of analysts helped police identify the headquarters of a cartel kill squad and pinpoint a separate cartel building where the murderers got paid for the hit.

The technology led to dozens of arrests and confessions, McNutt says, but within a few months the city ran out of money to continue paying for the service.

{ Bloomberg | Continue reading | Radiolab }

photo { William Eggleston, Untitled (Two Girls Walking), 1970-73 }

It was put in the newses what he did, nicies and priers, the King fierceas Humphrey, with illysus distilling, exploits and all

24.jpg

The Food and Drug Administration has approved the first digital pill for the US which tracks if patients have taken their medication. The pill called Abilify MyCite, is fitted with a tiny ingestible sensor that communicates with a patch worn by the patient — the patch then transmits medication data to a smartphone app which the patient can voluntarily upload to a database for their doctor and other authorized persons to see. Abilify is a drug that treats schizophrenia, bipolar disorder, and is an add-on treatment for depression.

{ The Verge | Continue reading }

photo { Bruce Davidson, Subway platform in Brooklyn, 1980 }

I lie about my zodiac sign and watch people break down the person I’m not

2.jpg

In what appears to be the first successful hack of a software program using DNA, researchers say malware they incorporated into a genetic molecule allowed them to take control of a computer used to analyze it. […]

To carry out the hack, researchers encoded malicious software in a short stretch of DNA they purchased online. They then used it to gain “full control” over a computer that tried to process the genetic data after it was read by a DNA sequencing machine.  

The researchers warn that hackers could one day use faked blood or spit samples to gain access to university computers, steal information from police forensics labs, or infect genome files shared by scientists.  

{ Technology Review | Continue reading }

‘There is an infinite amount of hope in the universe — but not for us.’ —Kafka

22.jpg

When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose.

Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue.

But for more than five years, the NSA kept using it — through a time period that has seen several serious security breaches — and now the officials’ worst fears have been realized. The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history.

{ Washington Post | Continue reading }

screenshot { Ben Thorp Brown, Drowned World, 2016 }

When that hark from the air said it was Captain Finsen

22.jpg

The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people’s reservations, cancel their flights and even use the refunds to book tickets for themselves.

{ Computer World | Continue reading }

related { By posting a picture of your boarding pass online, you may be giving away more information than you think }