Part 3 of an occasional series of videos about the Darkweb, hidden services, anonymity… all the good stuff that we need, and need to know about!
Excellent Defcon presentation by Adrian Crenshaw detailing how some Tor users got caught. TL;DR: it’s all down to faulty OpSec. Be careful all the time, use your common sense, and all well be well. So long as there aren’t 0days in Tor Browser that the Man knows about and the devs don’t…
But this isn’t too long to watch. So watch it! Even if you don’t use the darknet it is hugely informative and entertaining. And if you do use Tor or otherwise have an interest in anonymity (which means you!), it is doubly informative and entertaining… in fact it is essential for everyone to watch. So watch it!
Today Apple is closing a security loophole in iPhones and other iOS devices that enabled law enforcement to hack into criminals’ devices, inculding one of the San Bernadino killers.
They have introduced “Restricted USB Mode”, which will stop hackers from extracting data through an iPhone’s lightning port an hour after being locked. It is believed that this is how the FBI were able to read data from the iPhone belonging to a gunman involved in the shootings in San Bernadino.
Apple says this is part of their usual security reviews, and is not aimed at thwarting law enforcement but is to protect users from criminals.
The GreyKey device that hacks into locked iPhones via its Lightning port
This will protect iPhones from the iPhone hacking tool GreyKey.
The new default settings will have a feature Apple call a “USB restricted mode” which has been present in developer betas for both iOS 12 and iOS 11.4.1. With this feature, all communication through a Lightning port to USB connection will be blocked on unlocked and dormant devices.
US law enforcement uses a tool called a GrayKey, which is a small box with two Lightning cables that can unlock password encryptions on iPhones and extract data from iPhones. The Restricted USB Mode will cut off the GreyKey’s access.
The GreyKey device reveals a locked iPhone’s passcode in as little as 30 seconds
Of course the cops believe this is aimed firmly at law enforcement, and will result in criminals and terrorists getting away with serious crimes.
“I think that privacy protections are on a collision course with responsible law enforcement actions to conduct legitimate investigations,” said Ronald Hosko, a former assistant director of the FBI who is now president of the Law Enforcement Legal Defense Fund, which raises money to defend officers accused of misconduct. “Terrorists or other criminal organizations will do something that’s heinous, in a way that is blocked from lawful law enforcement view. They will to some extent get away with it. We will lose lives, we will lose infrastructure in a big way, and then we will be having a different conversation.”
ibVPN – a high-rated VPN service with more than 180 servers world-wide
A VPN (Virtual Private Network) is a technology that creates a safe and encrypted connection over a less secure network, such as the internet. VPN technology was developed as a way to allow remote users and branch offices to securely access corporate applications and other resources. Nowadays VPNs are widely used to encrypt and secure an otherwise insecure connection (such as a public wifi access point – an eavesdropper can see everything you do over McDonalds’s wifi if it isn’t encrypted!); some people use VPN service to access restricted online service – eg if you live in the UK you won’t be able to use the US Netflix service as that is geographically restricted to users in the USA. But if you use a VPN server based in the USA, Netflix won’t be able to tell that you’re not in the USA yourself – all Netflix can see is that your traffic is coming and going from that US-based server. This feature also lends some anonymity to the internet connection, which is another reason some people use a VPN.
And it’s not just geographical restrictions that VPN use can help you circumvent: some work and school networks stop users accessing some sites like Youtube for instance (your employer may want you to work rather than look at cat videos) or hacker sites (schools tend to block sites with crime-related content, and as so many people associate hacking with crime, anything containing the word “hacker” gets banned). So, the local network won’t let you view what you want? Use a VPN, and all the local net can see is data going to/coming from the VPN server. It knows nothing about goddamn cat memes or how to crack Facebook accounts!
For the past few years I have been using ibVPN (“Invisible Browsing”), run by Romanian-based service provider Amplusnet. It’s not the fastest service out there, but it is competitively-priced and has global availability. ibVPN boasts of more than 180 servers in 47 countries across the globe. And there are 4 different service plans:
Ultimate, at $4.83 per month – “Great for strong privacy and security, heavy streaming, unblocking restricted websites, torrents & p2p activity. The most complete package”
Standard, at $3.08 per month – “Great for regular usage, streaming, unblocking restricted websites, privacy protection. Includes access to VPN and Extensions. No SmartDNS.”
Torrent, also $3.08 per month – “Special package for those looking to protect their identity while downloading torrents. Privacy protection. No SmartDNS or Proxy.”
IBDNS/SmartDNS, also $3.08 per month – “Special package designed for unblocking restricted websitesand heavy streaming. Includes SmartDNS and access to browser extensions. No VPN.”
Their All-In-One client software/apps is available for Windows, Apple MacOS and iOS, and Android devices, and the services are also compatible with Linux, most routers, smart TVs and gaming consoles. The interface is clean and efficient (see below).
ibVPN All-In-One client interface controls your VPN sessions
If you’re thinking of going with ibVPN but want to try before you buy, they offer a 6 hour free trial period. And they have a 15 day money back guarantee if you’re not satisfied by the service. This shows they have confidence in the quality of their product.
The speed of some servers/connections is not always great, but it is rarely appalling and the price is excellent. All in all, a good service – I’ve been using it for some years now, which is the greatest praise any product could get – if I keep paying for something it’s because it’s the best!! 😉
“You’ll prise my iphone from my cold dead fingers!” Trump will never stop tweeting – luckily for hackers.
The intel is out: we’re on to hack the Don. The White House staff tried to tell him that bringing a cell phone into the secure area was to bring in his own gaping goatse security hole. But he insisted: he needed, not one, but two iphones. One for calls, one for Twitter. Cos yeah, we all need a special Twitter phone.
But even though that’s a bit against procedure in the White House, it’s not un-doable. His predecessor Barack Obama was hooked on crack, I mean Blackberries. He simply could not exist with his poor-excuse-for-a-smartphone. So allowances were made and he kept his Blackberry. But he was aware of the security risks; he had a specially-modified one made up, without microphone, camera or GPS, and even this “military-grade” Blackberry had to be handed over every 30 days to check for tampering, further modification, any chance that it posed any extra danger.
And Trump’s calls-only iphone is issued by White House staff and swapped out “through routine support operations” to check for hacking and other security concerns (well, any extra security concerns over and above the security concern that he is carrying around a bloody listening device!!). But he refuses to let them have his Twitter iphone, because it would be a nuisance!
I’m sure it would be difficult to hack Trump’s phone(s). I’m sure his equipment is especially hardened against threats. But when a target is as juicy as Trump, and you have potentially nation-state actors moving against him, nothing is hack-proof.
The White House banned its employees from using personal phones while in the West Wing in January. A statement at the time said that the “security and integrity of the technology systems at the White House is a top priority for the Trump administration”. But Trump’s wandering the West Wing (and the rest of the White House), Twitter-phone ready to tweet.
The personal smartphone of Trump’s chief of staff John Kelly was reportedly hacked during the Trump transition. And he didn’t replace it until October. And Trump’s Twitter-phone hasn’t even been checked!!
This is the man who criticised Hilary Clinton for her use of a personal email server. He is so dependant on Twitter that he needs a phone especially to tweet. Note that he needs this phone (not device, oh no, it has to be a phone) to tweet (not to use for other electronic communication, oh no, he hasn’t used email since he came into office, he needs it only to tweet).
The guy is an idiot. Don’t know if you’ve noticed that yet.
I try to blog as often as I can. But I’m really depressed that only my poems get Likes. My political, cultural and other entries get next to no interest. I’m not going to stop posting stuph about politics, culture, privacy, security and the other subjects that get me riled. And the poetry of course (bread and circuses FFS). I’d just be happier if my “serious” posts got more attention.
Also, even the poems get next-to-no Comments. I need Comments so I can hopefully improve. Please please, poetry Likers, could you also Comment? I’d really appreciate it. Thanks for reading.
UPDATE: as of 18 April (day after posting) I’ve received two Likes: from anthonymize and Juansen Dizon. Just general, click-the-Like-button likes, and no comments. Likes please me, as I have an ego that enjoys beeing stroked; but the whole point of this post is that I want Comments too. If you’re too shy to make Comments readable by everyone who visits the blog post, there’s a Contact Form button at the top of the page. You can put your Comments there, abd if you want anonymity that’s what I’ll give you – your name etc will not be kept on record if that’s what you want.
Leave Comments, damn your eyes!
This blog isn’t an anthology of what I consider my best work. I put works-in-progress here, meh stuph that I’d love to be reviewed and love to get Comments on. So pleeeze! – if you have the time, write something in the Comments or Contact Form. Comment on my blog, I’ll come look at your blog, if you have a blog of course, and if I can create a window in my already bursting bag of commitments. That last bit is a joke of course. But in all serious, Comment on me and I’ll Comment on yours. Quid Pro Quo I think it’s called: washing each others’ backs.
The unexpectedly critical intervention by the intelligence and security committee comes just days before a key scrutiny committee of MPs and peers is to deliver its verdict on the draft legislation aimed at regulating the surveillance powers of the security agencies.
Central to the committee’s complaint is the fact that privacy is an add-on to the bill, rather than being an integral backbone of the proposed legislation.
The ISC said in its report that it supported the government’s intention to provide greater transparency around the security services’ intrusive powers in the aftermath of the Edward Snowden mass surveillance disclosures.
“It is nevertheless disappointing that the draft bill does not cover all the agencies’ intrusive capabilities – as the committee recommended last year,” said Dominic Grieve, former Conservative attorney general and chair of the committee.
The committee had expected to find that privacy would form an integral part of the bill, around which the legislation would be built. But instead it seems that privacy concerns are an afterthought, and the legislation is not at all transparent in this regard.
“Given the background to the draft bill and the public concern over the allegations made by Edward Snowden in 2013, it is surprising that the protection of people’s privacy – which is enshrined in other legislation – does not feature more prominently,” said the committee, which also proposed three amendments to the bill:
On “equipment interference” or computer hacking powers, the ISC said the bill only covered the use of these powers to gather intelligence and did not regulate their use for attack purposes.
On “bulk personal datasets” – data bought or obtained from other bodies – it said these included personal information about a large number of individuals that was sufficiently intrusive to require a specific warrant. The bill’s provision for “class bulk dataset warrants” should therefore be deleted.
On “communications data”, it said the government’s approach was inconsistent and confusing and clear safeguards needed to be set out on the face of the bill.
“We consider these changes necessary if the government is to bring forward legislation which provides the security and intelligence agencies with the investigatory powers they require, while protecting our privacy through robust safeguards and controls,” Dominic Grieve said.
I believe that any future legislation should ensure that proper warrants from judges are required before investigators can begin retrieving personal data. There may be occasions when urgency demands authorization from the home secretary; but in general permission should be sought from a judge, not a politician; and there should be real evidence to prove that intrusion into privacy is needed. This seems to me a no-brainer: just as the police need a warrant before they can search private premises, so investigators should need a warrant before rooting through an individual’s private data and communications.
It seems that the government wants enshrined in law the illegal powers the intelligence and security services were found to use thanks to NSA whistle-blower Edward Snowden’s revelations. For instance, GCHQ, with its TEMPORA program, has been sifting through the private communications that pass through the underwater cables between Britain and the USA. Such bulk collection of data should not be allowed. If the security services believe that an individual is communicating data about unlawful plots, they should present a judge with their evidence and the judge can then decide if data collection is called for. The idea of allowing Theresa May to micro-manage cases is ludicrous: she is not in a position to make judgement calls of this nature while also carrying out her other duties. The result of the proposed bill would be the home secretary signing off on cases she knows nothing about: basically giving the police and intelligence and security agencies a blank cheque.
Invasion of privacy is a serious matter, and a citizen’s right to privacy should be breached only if there is a good reason. A judge would be better placed to make this call than a politician in London who has neither the time nor resources to check each case on its merits. When agencies are given carte blanche to do whatever they want, history indicates that they go too far. They need to be reigned in.
Nowadays, there’s a lot going around about online secrecy, security, anonymity, theft of bank details and personal info… and a whole lot more. For instance, did you know that you could decide to take advantage of McDonald’s free wifi while supping on a coffee… and someone else, with a gizmo like the Hak5 Pineapple, could snaffle all your data right out of the air. And if you’d engaged in online shopping or banking, or even just putting in a password, your economic and personal freedom could possibly be stolen!
Of course, these “man-in-the-middle” attacks are nothing new. But as tech like the pineapple gets more sophisticated, and cheaper, there are more and more evil computer-aided villains out there willing to sit near free hotspots waiting for a non-security-minded person to get tangled in their web of deceit. In fact, these crooks don’t necessarily need a laptop to carry out these attacks – a smart phone will do much of the time. And think about it, how many bods with smart phones do you see in McDonald’s, Burger King’s, Subway, etc etc? That’s a lot of potential crime… and as anyone who’s suffered this before will tell you, re-securing your bank and other details is no laughing matter!
One way round these criminals is with the use of a Virtual Private Network (or VPN). When you’re connected to the wev via a VPN, all your outgoing and incoming data is encrypted, meaning that a potential eacesdropper can’t make heads or tails out of anything you send or receive. An excellent VPN service provider is ibVPN (invisible browser VPN). You can get a free trial, it increases your online privacy and securely unblocks geo-restricted websites (eg you can watch BBC iPlayer even when you’re not in Britain, if you use a Brit-based server). You can choose from +95 VPN servers in 39 countries, 63 locations, including servers set up for p2p (bittorrent etc) traffic. You can surf the internet completely anonymously – hence the name “invisible browser”. And their online support is extremely good – they have helped me out in the past, figuring our the most baffling problems.
Despite what you may hear on the news, enccryption and secrecy is not just for perverts, crooks or the paranoid. In fact, that kind of thinking actually helps the crooks, putting you off using this technology to save you from criminals.
Believe me, sending an unencrypted email is like sening a letter on a postcard – easily read by anyone who can get his or her paws on it. And with the scanning tech available, just about anyone can get a look. Yes, you might not mind sending a “wish you were here” postcard to your mates when on holiday… but would you send sensitive info on the back of a postcard? I know I wouldn’t.
Don’t fall prey to the crooks. Use a service like a VPN. And if you choose to use a VPN, ibVPN is a very good option. They provide a very good service.
Go on, get a free trial from ibVPN. No commitment necessary, and it could save you from the robbers and scammers!
PS: Are you sick of crap mobile phone service? Join GiffGaff, the mobile network run by YOU! Get a free SIM card here.
Govts everywhere are talking up their need for back-doors in encryption etc by saying how the Paris killers got away with so much because of their encryption opsec skillz… but it turns out their opsec is flaky as shit and backdoors wouldn’t be nearly as useful to the cops as listening to the repeated warnings they’d got from Turkey.
Wired.com reported that “news reports of the Paris attacks have revealed that at least some of the time, the terrorists behind the attacks didn’t bother to use encryption while communicating, allowing authorities to intercept and read their messages…
“Reports in France say that investigators were able to locate some of the suspects’ hideout this week using data from a cellphone apparently abandoned by one of the attackers in a trashcan outside the Bataclan concert hall where Friday’s attack occurred, according to Le Monde. Authorities tracked the phone’s movements prior to the attack, which led them to a safehouse in a Paris suburb where they engaged in an hours-long shootout with the other suspects early Wednesday. These would-be attackers, most of whom were killed in the apartment, had been planning to pull off a second round of attacks this week in Paris’s La Defense business district, according to authorities.”
Other reports indicate that a previous ISIS terrorist plot targeting police in Belgium was disrupted in that country last January because Abdelhamid Abaaoud—suspected mastermind of both that plot and the Paris attacks—had failed to use encryption. He also carelessly left behind a cellphone in Syria, which contained unencrypted pictures and videos, including one now-infamous video showing him smiling from a truck as he dragged bodies of victims through a street.
The killers were guilty of serious OPSEC failures… sometimes they didn’t use encryption at all, sometimes they left plaintext evidence lying round where anyone could find it. But as crappy as the terrorists were, the French cops were worse: Turkish authorities have said they tried to warn French authorities twice about one of the suspects but never got a response.
But Western authorities, notably the US and the Brits, have been complaining that they need their secret back-doors to beat the killers, even suggesting that “US companies like Apple and Google have blood on their hands for refusing to give intelligence and law enforcement agencies backdoors to unlock customer phones and decrypt protected communications”.
My question for the authorities is this: if encryption products have back doors built into them for law enforcement to use, isn’t it likely that crooks will also be able to use these back doors to steal our personal info, IDs, banking details, our entire fucking lives? The govt are constantly losing top secret laptops on trains and in taxis, and computer intruders regularly bust into official data centres and make off with piles of sensitive data. Do the authorities think their new back doors will somehow be magically better than all the fucked up attempts at secrecy and security they’ve tried before?
Also, if the authorities get their way, they will be able to find out anything they want to about us. Maybe (ha ha) that’s not a big problem right now. But who knows what changes in governments will happen? Far-right parties are getting more popular all the time. And look at US presidential hopeful cock Trump: one press of a button and he’ll know exactly where to go to round up the Muslims he hates and send them to be tortured and killed by his friend Assad in Syria.
Don’t listen to the authorities when they say why they “need” the ability to access every bit of data on us. They don’t need it. They want it. Just as they’ve always wanted new ways to eliminate those they don’t like.
Hopefully, most/all people know that simply clicking “delete” on your computer is not going to delete the files. Erasing a file simply erases the file system entry, leaving the actual file intact and accessible to others if they have the correct tools and know-how.
To combat this, various “secure” deletion programs have been created: eg shred and secure-delete (srm) etc in the Linux/UNIX world, and programs such as Eraser, Freeraser, Blank and Secure and DP Shredder (and others) for Windows operating systems.
Unfortunately these tools are not a cure-all. If someone has physical access to your laptop, a skilled technician can fool these programs and make the computer to spew its guts. Just look what the NSA and GCGQ did to a Guardian computer believed to be carrying details of what NSA whistleblower Ed Snowden had told them. Just check out what staff members of the Guardian newspaper had to do under the watchful eyes of NSA/GCHQ operatives to ensure no nasty ones and zeroes got out there to knock Western Civilisation down onto its knees.
Many folk in the computer security community think this was “security theatre”… the NSA/GCHQ experts did stuph that was in no way necessary, it just helped stop educated security guys from figuring out what bit of laptop needed to be trashed and what was trashed for no reason except for the daft notion of “obscurity = security”. Secirity experts will have talked with their expert buddies to find out what they thought as they watched the computer dismantled and buggered-up beyond recognition.
Anyway, have the NSA/GCHQ forgotten that mantra that is beaten into them at school “back-up, back-up, back-up”. Who says that the files on that laptop were unique? I seem to remember that a number of newspapers around the world were publishing details of this story… do NSA/GCHQ held the only copy of the intel? That is a stupid idea. If I was given a story whose details and proofs were on a disk, I would send copies to everyone, to be published if I slipped and fell horribly in the shadow or I disappeared one night never to return.
Bloody stupid intelligence service. Their #1 secret = there is no intelligence regarding their intelligence. Because they have none. Now let’s go drive off a cliff somewhere. Orders is orders, innit?
First, a truly incomprehensible attack on innocent Jewish men, women and children, using the excuse there are a lot of Israelis “in danger” from “Palestine officials”.
Let’s examine the charges by Israeri concerning the “oh-so-dangerous Militants”:
Here’s the low-down on why Netenyahu is overseeing these brutality. The Israelis have state-of-the-art firearms, whereas the Palestinian community have virtually nothing left.
Sling vs helicopter gunships, automatic rifles, grenades, the rape of Palestinian women and children… how can any sane person see the Israeli response as proportional???
An example (thanks to the Guardian: after Palestinians allegedly killed in a terrorist attack on a Jerusalem synagogue, 2 PFLP suspects (note that word: suspects) killed “in retaliation by Israeli “security” forces. Netenyahu ordered the destruction of the homes of alleged suspects (no judicial oversight, no rule of law, Netenyahu decides these men did the attack, and not only killed the “suspects” but also ordered the demolishment of these so-called “suspects” homes. Was that proportionate action? Making families homeless, even though the people living there would have had no idea of what, if anything, the “suspects” may have been up to. This is not justice: it’s a bare-faced landgrab, designed to make Palestinian families homeless and leave the way clear for more Kibbutzin and other illegal “settlers”.
US leader Obama criticized the attack on the Synagogue, which killed four innocent people, including US citizens Aryeh Kupinsky, Cary William Levine, and Moshe Twersky, and injured several more. He said:
There is and can be no justification for such attacks against innocent civilians.
“The thoughts and prayers of the American people are with the victims and families of all those who were killed and injured in this horrific attack and in other recent violence. At sensitive moment, it is all the more important for Israeli and Palestinian leaders and ordinary citizens to work cooperatively together to lower tensions, reject violence and seek a path forward towards peace.”
So you can see, Obama deplores the attacks on the Jews in Synagogue, but didn’t make any mention of the fact that the families of the alleged killers have had their homes demolished. Isn’t there something in American society about the right for private, family life? Oops, I nearly forgot: Any provisions in the US constitution only apply to US citizens. Palestinians being forcibly removed from their homes is okay as far as Uncle Sam is concerned. Plus Israel is an important ally of the USA’s. Whereas the USA, like Israel, consider Palestinians to be the enemy. Even the children are viewed as terrorists-in-waiting. It’d be funny, if you didn’t realize it was about actual living human beings. Fucking Netanyahu, fucking Obama.
This is a public service announcement… with wrecking balls!!!
Why oh why doesn’t someone put an end to the Israeli’s war on innocents and its seizure of Palestinian property? Can someone explain to me: let’s assume one of the “suspects” did something wrong. Surely the suspect should be arrested and face a fair trial. But no, the “suspects” are killed, or tortured, or similarly disappeared. And an entire family is made homeless. Is this right? I’d love to hear a rational argument from pro-Israeli figures on this subject.
The Israeli government is despicable. Collective punishment, ghettoization, arrest and murder of innocent people. That’s the kind of crap the Nazis got up to. And now the Israelis are up to it. Makes me feel disgustingly sick. I hate the authorities in Israel, and I hate the Western powers (eg USA, UK, France) who support them. Leave the Palestinians alone FFS! Even the Nazis didn’t keep up their war of terror for this long!
Posted by Martin X 
I HATE HATE!!! 