Tuesday, December 23, 2014

Top 5 Ways You Are Spied On Every Day And Don’t Know It

By Ryan Dube
You walk into the supermarket, and the camera on the ceiling sends your face to the corporate mainframe for facial recognition analysis. You log into Facebook, and a key logger on your computer emails your password to a covert security building inside of Beijing. Do these sound like scenes from a movie? Believe it or not, they could be happening to you every day.
Many people are oblivious to the ways in which they are monitored nearly every day, in some aspect of their lives. It might be while conducting business at a store, getting money out of an ATM, or even just talking on their cellphone while walking down a city street.
The first step to protecting yourself is understanding the biggest surveillance threats that actually exist. The next step is taking precautions to protect yourself against them. In this article, you’ll learn about those surveillance threats, and some ways to safeguard against them.

Facial Recognition

The first inklings that something was amiss in the world of consumer surveillance came in November of 2013, when the Guardian reported that the UK retailer Tesco was installing advanced face-scanning technology called OptimEyes, for marketing purposes.
The intent of the system went far beyond the typical security cameras you may find in stores. Instead, it was to scan the eyes of petrol customers to determine age and gender for the purpose of delivering targeted ads to the screens installed in the petrol stations.

The use of such technology has only expanded. Companies like Face First offer surveillance technologies to retailers that use advanced facial recognition technology to identify known shoplifters and alert store managers to their presence. The technology is also used to recognized known repeat “good” customers, so that they can receive VIP treatment – making sure they return to the store in the future.
For retailers this technology is promising, but it’s a disturbing privacy concern to consumer and privacy rights advocates. As far back as 2012, when this was initially coming to maturity, the Consumers Union issued an open letter to the Federal Trade Commission (FTC), advising the agency that the technology – while immensely useful for the retail and advertising industries – could pose very serious privacy issues for consumers.
“The ubiquitous installation of facial recognition devices in malls, supermarkets, schools, doctor’s offices and city sidewalks could seriously undermine individual’s desire and expectation for anonymity.”
The Consumers Union pointed out that such technology targeting children could make the current youth obesity epidemic worse, and targeting teens with weight-loss products could make adolescent self-esteem issues worse. The most serious issue is the fact that there are no guidelines preventing companies from collecting and storing such surveillance information about you and your purchasing behaviors.
“Facial detection and recognition software could offer consumers a number of tangible benefits. At the same time, we cannot ignore the fact that these technologies pose significant privacy risks and seriously threaten consumers’ right to anonymity.”
The next time you’re going shopping, keep an eye out for those overhead cameras tracking your every move!

Webcam Hacking

In May of 2014, U.S. officials arrested 90 people who were part of an organization known as “Blackshades”. Blackshades produced and sold software that let hackers connect into any computer running Microsoft Windows and take control of the webcam. One college student was even arrested for using the software to capture nude photos of Miss Teen USA.
If  you’re wondering whether you should be concerned, consider the fact that the organization sold thousands of copies totaling $350,000 of sales, with an estimated 700,000 victims across 100 countries since 2010. Yes, it really is possible for someone to hack your webcam, as James recently explained.
webcam
The scary part of the software is that it isn’t just the webcam that’s susceptible. Hackers get access to keystrokes and passwords, they can take screenshots, and they can access your computer files. The only safety that might set your mind at ease is the fact that victims need to be tricked into actually clicking on a malicious link that installs the offending software. If you’re clever enough at identifying phishing emails, and you avoid clicking on suspicious web links, you may be able to keep yourself safe from this particular threat.
Sounds simple to keep yourself safe right? Well, think again.
In December of 2014, Telegraph writer Sophie Curtis asked her “ethical hacker” friend John Yeo, an employee of Trustwave, to try and hack into her computer. The hackers worked tirelessly to learn as much as they could about Sophie online, and eventually crafted phony emails that fooled Sophie into clicking – immediately infecting her laptop and giving hackers access to everything, including her webcam.  Even people who believe they are immune to such tactics can be fooled.

Fake Cell Towers

In September of 2014, rumors started surfacing about so-called “fake cell towers” suspected of intercepting cellphone communications around the country. These towers were confirmed by investigator Aaron Turner, also the owner of mobile security firm Integricell.
Aaron Turner told The Blaze that the odd towers were set up to literally trick cellphones into thinking that the fake tower was the only available tower in the local area.
“These towers are tricking your phone into saying ‘I need to talk 9-1-1 information to you,’ but then it doesn’t.”
According to Turner, the towers – concentrated heavily in Pennsylvania and downtown Washington D.C. – could literally “break open your communications” and see what’s going on with the phone.
celltower
Multiple other investigators confirmed “encounters” with fake cell towers – yet no actual photos surfaced of any real cell towers in any specific location. There were questions as to whether the odd “interceptor” towers were yet another arm of a wide-reaching federal surveillance program already under steady public criticism. Others suspected that the towers could be part of an international espionage program.
It wasn’t until two months later, in November that the Wall Street Journal broke the news that the Department of Justice – essentially police authorities across the nation – were actually placing fake mobile phone “towers” on airplanes through the use of a device called a DRTBOX, nicknamed a “dirtbox”. Made by Digital Receiver Technology (a subsidiary of Boeing), the device looks like a cell tower to mobile phones, and performs a “middle man attack” to extract registration information from those phones.
Authorities were flying those planes around metropolitan areas in order to scoop up as much cell phone information as possible.
“Planes are equipped with devices—some known as ‘dirtboxes’ to law-enforcement officials because of the initials of the Boeing Co. unit that produces them—which mimic cell towers of large telecommunications firms and trick cellphones into reporting their unique registration information.”
Identifying a person’s cellphone “identity” and location information would allow law-enforcement to locate and track pretty much any citizen with a cellphone.  The American Civil Liberties Union (ACLU) sifted through publicly available documents on the use of these “Stingray” devices by state and local police, and published a map showing where the devices are currently in use.
celltower-location

As technology advances faster than the laws can keep up, authorities are taking full advantage of loopholes to collect as much data as possible. You can learn more about these efforts and the efforts to keep them concealed at the ACLU investigation page.  If you live in any of the colored areas on the map, the chances are your cellphone data and location has been collected by local or state law enforcement.

China Cyberwar Hacking

If you think that only your own government is spying on you, think again. In late October of 2014, the Washington Post announced that a security research team had identified a sophisticated Chinese cyberespionage group called “Axiom” that was targeting western government agencies in a bid to gather any intelligence surrounding Chinese domestic and international policies.
In mid-October, before the publication of the Washington Post, the FBI had actually issued a warning to U.S. industry, to be alert of an advanced Chinese hacker group running a campaign to collect sensitive and proprietary information from U.S. companies and government agencies.
chinese-hacker
According to the FBI, the new group is a second state-sponsored unit, following the earlier disclosure by security experts of another government hacking unit called People’s Liberation Army Unit 61398. The Axiom group has been operating for at least four years, specifically targeting industrial and economic interests in Western countries.
The important thing to understand here is that if you work for a major corporation that has well-protected proprietary secrets, you may very well be targeted by the Axiom group. It deploys what are known as “zero-day exploits” of Microsoft’s Windows operating system – one of the more difficult and advanced hacking techniques. By infiltrating a company or government agency through the computer of any single employee, the group can attempt to gain access to network or system access, and potentially gain access to sensitive and valuable industrial secrets.
Don’t think that your computer is a valuable target for these hackers? It is. So work with your corporate security group and make sure to take security rules and policies seriously.

Industrial Espionage at Business Conferences

Your company decides to send you to this year’s industry conference. Maybe it’s CES or some other really cool tech conference. Packing up your things for the trip, you remember to bring your work laptop, company supplied cellphone, and of course a memory stick containing some of your most important files from work. Most people, in their excitement about taking a business trip and seeing so many cool technologies, never for a moment consider that they may be putting their own company’s competitive advantage in the marketplace at risk.
How so? By not properly security company laptops, mobile phones and data while traveling. International espionage groups know that travel is when company employees are most vulnerable, and so conferences are a major target for industrial intelligence collection.
conference
There are so many security weak points when you’re traveling and attending a conference, so it’s important to keep all of these in mind, and take appropriate action to protect yourself before you end up a victim of industrial espionage.
  • Holding videoconferencing meetings over an insecure hotel network opens up the transmission of confidential information to clever hackers.
  • Theft of laptops or cellphones from hotel rooms may provide agents with proprietary company information stored on those devices.
  • Use our list of tips for safeguarding against government surveillance of your cellphone.
  • Using your company laptop in an open public area allows spies to observe your activities from behind.
  • Having phone conversations about sensitive company matters in a public area allows anyone to overhear the conversation just by standing nearby.
  • Giving a presentation at an industry conference could potentially leak confidential company information if you don’t properly “scrub” those presentations beforehand.
In 2014, Carl Roper wrote a book titled “Trade Secret Theft, Industrial Espionage, and the China Threat”, where he explained that some Chinese industrial espionage efforts actually focus on gathering technical information from openly available presentations at conferences.
“Conferences with such subject areas as composite materials, missiles, engineers, lasers, computers, marine technology, space, microelectronics, chemical engineering, radars, armaments, and optical communications are just some of the more interesting ones that the Chinese will try to attend. Data from these types of conferences will be among the most significant contributions to their projects.”
It’s debatable whether information provided in a public conference presentation may provide espionage agents with trade secrets, however poorly scrubbed (or completely uncensored) presentations are very likely to accidentally reveal very big clues about a corporation’s trade secrets.
Thankfully, there are ways to protect yourself. If you are giving a presentation for your company, always pass the presentation to your company’s Communications Department or the Legal Department. Some companies may even require that all external communications get approved by either or both departments. Don’t forget to do this, or it could very well cost you your job.
  • Make use of laptop theft alarm devices or software that will alert anyone nearby if your laptop is ever removed from where you left it.
  • Make sure you lock your laptop, and that your information on it is properly encrypted. Doing this will dramatically reduce the espionage dangers from laptop theft.
  • If you have to bring a memory stick with you, make sure to password protect it, or encrypt it with software like Truecrypt.
  • Boost your mobile lock screen security. Christian offered some great screen lock tips for accomplishing this.
  • Use your laptop in an area where no one can stand or sit behind you and see your screen. This seems like common sense, but far too many people don’t pay attention.
Kihara recently provided  an extensive list of additional tips and safeguards you can use to protect yourself from illegal spying. Well worth a read.

Be Aware, But Don’t Obsess

Being aware of all of the ways you are being spied on every day doesn’t mean that you have to constantly worry about who is listening to you, reading your emails or tracking your location. What it does mean is that you should always be aware of your surroundings, and how you are using technology when transmitting information that you actually consider to be either sensitive or very personal.
There are plenty of ways to evade surveillance attempts – even attempts by your own government – by using encrypted resources when you’re dealing with sensitive information, or simply beefing up your computer’s security environmentin a big way.
But once you’ve put all of your safeguards in place, stop worrying. Life your life, comfortable in the knowledge that you’ve taken the appropriate steps to protect yourself.
Duc Dao via Shutterstock, Matej Kastelic via Shutterstock

No comments:

How to Recover Data From a Corrupt Memory Card or USB Drive

By  Dan Price   We keep a lot of data on memory cards and USB drives. Often, you might even use a high-capacity USB drive as your prima...