Infosec links July 11, 2014

Kaspersky Lab uncovers new Android and iOS spying tools - Ian Barker - betanews

A company called Hacking Team has developed a trojan that can spy on both Android and iOS devices. It’s delivered via spear phishing and malware that gets the trojan installed when the phone is synced with an infected computer. Most of the functions appear to be for surveillance purposes. I wonder who would want to purchase such a thing.

More on Hacking Team's Government Spying Software - Bruce Schneier - Schneier on Securit

Well ethical governments of course. At least that’s who Hacking Team claims they sell the trojan to. What’s the criteria for an ethical government?

  • Must be nice to citizens

  • Must feed the hungry

  • Must provide hugs

  • Must not surv$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

The Ex-Google Hacker Taking on the World's Spy Agencies - Andy Greenberg - WIRED

Really interesting profile on Marquis-Boire who used to work for Google as a security researcher, but now works for First Look Media. His job, to keep journalists who handle sensitive information, e.g. Gleen Greenwald, safe.

This post first appeared on Exploring Information Security.

Infosec links June 16, 2014

GCHQ Intercept sites in Oman - Bruce Schneier - Schneier on Security

The Brits have a spy base in the Middle East that taps into undersea cables, according to a Guardian story. What's more interesting than the story itself is that this information did not come from Edward Snowden or his plethora of files. Are we seeing more leakers and whistleblowers within the government? It's very possible.

To defeat encryption, feds deploy the Subpeona - David Kravets - ars technica

Project on Government Oversight's (POGO) mission is:

nonpartisan independent watchdog that champions good government reforms. POGO’s investigations into corruption, misconduct, and conflicts of interest achieve a more effective, accountable, open, and ethical federal government.

According to the story, POGO suggests that whistleblowers use Tor to report abuses to their encrypted submission portal. As a result, and after the most recent potential US Veterans Administration scandal, the government is trying to use super subpoena power to get at the information being submitted to POGO. The response from POGO, "You no has our data:"

If the VA doesn't drop its subpoena, POGO said it would never turn the data over, even if ordered to by a judge.

"We are certainly prepared to go to court," Newman said. "We are certainly prepared to go to jail to prevent any of that information from being released."

Bravo

Trickle down surveillance - Nathan Freed Wessler - Aljazeera America

More and more local police forces are use a device called stingrays. These devices are technology that have trickled down from the NSA and allow the user to track cellphones and identifying information. I can see where this becomes handy, but it's not a pinpoint type of device. It grabs everyone's cell phone information within an area, because it essentially acts like a cellphone tower. There's supposed to be some transparency with these devices, but it appears that some entities are trying to hide the usage of the device.

 

 This post first appeared on Exploring Information Security.

InfoSec Links April 17, 2014

Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say - David E. Sanger - New York Times

Disclosure of vulnerabilities by the government can be a bit more complex than it would seem. Still, I believe the governments primary goal should be defense, not offense.

At Feds' request, GoGo in-flight Wi-fi service added more spying capabilities - Joe Silver - ars technica

If you plan on using airplane WiFi, then be prepared to hand over anything you do on that WiFi to the government.

A telephone box near GCHQ gets a visit from Banksy - Graham Cluley

This is a pretty good indication of how street artist Banksy feels about the GCHQ.

 

 This post first appeared on Exploring Information Security.