spy & security

Not a soul but ourselves

41.jpg

[I]nside of a Google server or a Facebook server is a little voodoo doll, avatar-like version of you […] All I have to do is simulate what conversation the voodoo doll is having, and I know the conversation you just had without having to listen to the microphone.

{ Quartz | Continue reading }

…a phenomenon privacy advocates have long referred to as the “if you build it, they will come” principle — anytime a technology company creates a system that could be used in surveillance, law enforcement inevitably comes knocking. Sensorvault, according to Google employees, includes detailed location records involving at least hundreds of millions of devices worldwide and dating back nearly a decade.

The new orders, sometimes called “geofence” warrants, specify an area and a time period, and Google gathers information from Sensorvault about the devices that were there. It labels them with anonymous ID numbers, and detectives look at locations and movement patterns to see if any appear relevant to the crime. Once they narrow the field to a few devices they think belong to suspects or witnesses, Google reveals the users’ names and other information. […]

Google uses the data to power advertising tailored to a person’s location, part of a more than $20 billion market for location-based ads last year.

{ NY Times | Continue reading }

The “panopticon” refers to an experimental laboratory of power in which behaviour could be modified

5.jpg

We’ve all been making some big choices, consciously or not, as advancing technology has transformed the real and virtual worlds. That phone in your pocket, the surveillance camera on the corner: You’ve traded away a bit of anonymity, of autonomy, for the usefulness of one, the protection of the other.

Many of these trade-offs were clearly worthwhile. But now the stakes are rising and the choices are growing more fraught. Is it O.K., for example, for an insurance company to ask you to wear a tracker to monitor whether you’re getting enough exercise, and set your rates accordingly? Would it concern you if police detectives felt free to collect your DNA from a discarded coffee cup, and to share your genetic code? What if your employer demanded access to all your digital activity, so that it could run that data through an algorithm to judge whether you’re trustworthy?

These sorts of things are already happening in the United States.

{ NY Times | Continue reading }

‘Never talk when you can nod and never nod when you can wink and never write an e-mail, because it’s death.’ –Eliot Spitzer

23.jpg

“Connecting” online once referred to ways of communicating; now it is understood as a means of digital totalization, typically euphemized as objects becoming “smart.” Each data-collecting object requires a further smartening of more objects, so that the data collected can be made more useful and lucrative, can be properly contextualized within the operation of other objects. You can’t opt in or out of this kind of connectedness.

{ Rob Horning/Real Life | Continue reading }

Pikes clash on cuirasses. Thieves rob the slain.

23.jpg

The ATM-busting technique, known as jackpotting, has been around for almost a decade […] ATM jackpotting is both riskier and more complicated than card-skimming. For starters, scammers have to hack into the computer that governs the cash dispenser, which usually involves physically breaking into the machine itself; once they’re in, they install malware that tells the ATM to release all of its cash, just like a jackpot at a slot machine. These obstacles mean the process takes quite a bit longer than installing a card skimmer, which means more time in front of the ATM’s security cameras and jackpotters triggering an alarm in the bank’s control center at every step. But as chip-and-PIN becomes the standard in the U.S., would-be ATM thieves are running out of other options. […]

It was the Secret Service’s financial crimes division that spotted the series of attacks on multiple locations of the same bank in Florida in December and January, and put out a bulletin to financial institutions, law enforcement, and the public about the new style of ATM theft. The two major global ATM manufacturers, Diebold Nixdorfand NCR, also alerted the public and issued security patches within a few days. Banks started monitoring their ATMs around the clock. Less than 24 hours after the Secret Service’s public alert, Citizens Financial Group, a regional bank with branches all over the northeast, notified the local police that its security folks noticed one of its ATMs go off line. The police contacted the Secret Service, which made its first arrest on the scene.

{ Bloomberg | Continue reading }

photo { Jerome Liebling, Union Square, New York City, 1948 }

The sun never sets

22.jpg

Ross McNutt is an Air Force Academy graduate, physicist, and MIT-trained astronautical engineer who in 2004 founded the Air Force’s Center for Rapid Product Development. The Pentagon asked him if he could develop something to figure out who was planting the roadside bombs that were killing and maiming American soldiers in Iraq. In 2006 he gave the military Angel Fire, a wide-area, live-feed surveillance system that could cast an unblinking eye on an entire city.

The system was built around an assembly of four to six commercially available industrial imaging cameras, synchronized and positioned at different angles, then attached to the bottom of a plane. As the plane flew, computers stabilized the images from the cameras, stitched them together and transmitted them to the ground at a rate of one per second. This produced a searchable, constantly updating photographic map that was stored on hard drives. His elevator pitch was irresistible: “Imagine Google Earth with TiVo capability.” […]

If a roadside bomb exploded while the camera was in the air, analysts could zoom in to the exact location of the explosion and rewind to the moment of detonation. Keeping their eyes on that spot, they could further rewind the footage to see a vehicle, for example, that had stopped at that location to plant the bomb. Then they could backtrack to see where the vehicle had come from, marking all of the addresses it had visited. They also could fast-forward to see where the driver went after planting the bomb—perhaps a residence, or a rebel hideout, or a stash house of explosives. More than merely identifying an enemy, the technology could identify an enemy network. […]

McNutt retired from the military in 2007 and modified the technology for commercial development. […] His first customer was José Reyes Ferriz, the mayor of Ciudad Juárez, in northern Mexico. In 2009 a war between the Sinaloa and Juárez drug cartels had turned his border town into the most deadly city on earth. […]

Within the first hour of operations, his cameras witnessed two murders. “A 9-millimeter casing was all the evidence they’d had,” McNutt says. By tracking the assailants’ vehicles, McNutt’s small team of analysts helped police identify the headquarters of a cartel kill squad and pinpoint a separate cartel building where the murderers got paid for the hit.

The technology led to dozens of arrests and confessions, McNutt says, but within a few months the city ran out of money to continue paying for the service.

{ Bloomberg | Continue reading | Radiolab }

photo { William Eggleston, Untitled (Two Girls Walking), 1970-73 }

It was put in the newses what he did, nicies and priers, the King fierceas Humphrey, with illysus distilling, exploits and all

24.jpg

The Food and Drug Administration has approved the first digital pill for the US which tracks if patients have taken their medication. The pill called Abilify MyCite, is fitted with a tiny ingestible sensor that communicates with a patch worn by the patient — the patch then transmits medication data to a smartphone app which the patient can voluntarily upload to a database for their doctor and other authorized persons to see. Abilify is a drug that treats schizophrenia, bipolar disorder, and is an add-on treatment for depression.

{ The Verge | Continue reading }

photo { Bruce Davidson, Subway platform in Brooklyn, 1980 }

I lie about my zodiac sign and watch people break down the person I’m not

2.jpg

In what appears to be the first successful hack of a software program using DNA, researchers say malware they incorporated into a genetic molecule allowed them to take control of a computer used to analyze it. […]

To carry out the hack, researchers encoded malicious software in a short stretch of DNA they purchased online. They then used it to gain “full control” over a computer that tried to process the genetic data after it was read by a DNA sequencing machine.  

The researchers warn that hackers could one day use faked blood or spit samples to gain access to university computers, steal information from police forensics labs, or infect genome files shared by scientists.  

{ Technology Review | Continue reading }

‘There is an infinite amount of hope in the universe — but not for us.’ —Kafka

22.jpg

When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose.

Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue.

But for more than five years, the NSA kept using it — through a time period that has seen several serious security breaches — and now the officials’ worst fears have been realized. The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history.

{ Washington Post | Continue reading }

screenshot { Ben Thorp Brown, Drowned World, 2016 }

When that hark from the air said it was Captain Finsen

22.jpg

The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people’s reservations, cancel their flights and even use the refunds to book tickets for themselves.

{ Computer World | Continue reading }

related { By posting a picture of your boarding pass online, you may be giving away more information than you think }

‘Genius presupposes some disorder.’—Diderot

657.jpg

Someone Is Learning How to Take Down the Internet

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure. […]

We don’t know where the attacks come from. The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, it’s possible to disguise the country of origin for these sorts of attacks. The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the US decides to make an international incident over this, we won’t see any attribution.

{ Bruce Schneier | Continue reading }

polaroid photograph { Andy Warhol, Grapes, 1981 }

Is this a dagger which I see before me, the handle toward my hand?

32.jpg

The June 5 escape from Clinton was planned and executed by two particularly cunning and resourceful inmates, abetted by the willful, criminal conduct of a civilian employee of the prison’s tailor shops and assisted by the reckless actions of a veteran correction officer. The escape could not have occurred, however, except for longstanding breakdowns in basic security functions at Clinton and DOCCS executive management’s failure to identify and correct these deficiencies.

[…]

Using pipes as hand- and foot-holds, Sweat and Matt descended three tiers through a narrow space behind their cells to the prison’s subterranean level. There they navigated a labyrinth of dimly lit tunnels and squeezed through a series of openings in walls and a steam pipe along a route they had prepared over the previous three months. When, at midnight, they emerged from a manhole onto a Village of Dannemora street a block outside the prison wall, Sweat and Matt had accomplished a remarkable feat: the first escape from the high-security section of Clinton in more than 100 years.

[…]

In early 2015, the relationships deepened and Mitchell became an even more active participant in the escape plot, ultimately agreeing to join Sweat and Matt after their breakout and drive away with them. In addition to smuggling escape tools and maps, Mitchell agreed to be a conduit to obtain cash for Matt and gathered items to assist their flight, including guns and ammunition, camping gear, clothing, and a compass. Even as she professed her love for Sweat in notes she secretly sent him, Mitchell engaged in numerous sexual encounters with Matt in the tailor shop. These included kissing, genital fondling, and oral sex.

[…]

The Inspector General is compelled to note that this investigation was made more difficult by a lack of full cooperation on the part of a number of Clinton staff, including executive management, civilian employees, and uniformed officers. Notwithstanding the unprecedented granting of immunity from criminal prosecution for most uniformed officers, employees provided testimony under oath that was incomplete and at times not credible. Among other claims, they testified they could not recall such information as the names of colleagues with whom they regularly worked, supervisors, or staff who had trained them. Several officers, testifying under oath within several weeks of the event, claimed not to remember their activities or observations on the night of the escape. Other employees claimed ignorance of security lapses that were longstanding and widely known.

{ State of New York, Office of the Inspector General | Continue reading }

photo { Chisels, punch, hacksaw blade pieces, and unused drill bits left by Sweat in tunnel }

I’m tryna live my life and you’re just tryna drag me down

21.jpg

Facebook could be listening in on people’s conversations all of the time, an expert has claimed. The app might be using people’s phones to gather data on what they are talking about.

Professor Burns has said that the tool appears to be using the audio it gathers not simply to help out users, but might be doing so to listen in to discussions and serve them with relevant advertising. She says that to test the feature, she discussed certain topics around the phone and then found that the site appeared to show relevant ads.

Facebook says that its app does listen to what’s happening around it, but only as a way of seeing what people are listening to or watching and suggesting that they post about it.

{ Independent | Continue reading }

unrelated { How Facebook is Stealing Billions of Views }

photo { Marcus Ohlsson }