News Blues VIII – Cyber edition

I am finally back with my “News Blues” Cyber edition section. I hope that in the future I will post this kind of stuff once a month. It is a collection of articles and news-stories in the realm of “cyber security” – some are hopeful though most are more on the negative side of things. Lets jump into it right away:

1. An important and strong opinion piece against the current development of Surveillance Humanitarianism: LINK

2. Going Dark: The Myth of Consumer Security – the state still wants backdoors to encrypted devices and builds up the myth of “terrorists going dark” – while any kind of backdoors would wrack havoc on a far greater scale: LINK

3. On the same topic an in-depth “debate paper” by the Carnegie Center called Moving the Encryption Policy Conversation Forward: LINK

The next articles are in German and focused on current debates in Germany.

4. Verhaltensbasierte Überwachung – diese Idee scheint mir schon im “Beta-Stadium” mehr als Bedenklich und mir würden zig Faktoren einfallen welche gegen solch eine Technik sprechen: LINK

5. Wer hätte das Gedacht: Ideen wie die “Chinesische große Firewall” oder die Tests in Russland um das eigene Internet nach Außen abzuschotten erhöhen auch den Druck in Europa solche (falschen) Ideen umzusetzen – diesmal wird es von einem Telekom-Sprecher propagiert: LINK

Ich selber bin noch immer der Meinung das Abschottung und “Notfallschalter” genau der falsche Weg sind; nur mit der Kombination von Transparenz, offenen Systemen, starker Verschlüsselung und Dezentralisierung lässt sich ein offenes und sicheres “Internet” weiterhin aufrecht erhalten – und verhindert so die dystopischen Varianten welche mit den Ideen wie oben genannt zwangsläufig entstehen.

6. Auch die Bahn springt auf den Hype der Dauer-Überwachung auf (besonders nach dem tragischen Fall in Frankfurt/Main und dem medialen/öffentlichen/politischen Drucker welcher dadurch aufgebaut wurde) – und plant eine massive Ausweitung der Überwachung an Bahnhöfen. Das mehr Überwachung noch nie Verbrechen verhindert haben und nur zu negativen Konsequenzen (mehr Hackerangriffe auf solche lohnenswerten Ziele, Datenmissbrauch, soziale Kontrolle, racial profiling usw.) mit sich bringt muss leider immer wieder erwähnt werden: LINK

 

New publication

After some silence here due to studies and exams I can finally tell you that I have a new publication in the 20th year anniversary special edition of the German ZENITH-Magazin:

https://shop.zenith.me/de/ausgabe/zenith-219-20-jahre-zenith

I also hope to publish more own articles again this year at the blog. So keep tuned in.

Quick & Dirty: Finding the domain behind a scam E-Mail and shut it down

spam-964521_960_720

Standalone tools used: TracerouteNG / FOCA / Maltego / Nmap
Online tools used: IP Tracker & Blockchain

We all know the annoying scam E-Mails which flood our mailboxes. In recent months a new scam mail popped up claiming to have filmed the victim masturbating while watching porn and that if no money is sent to a certain bitcoin wallet the video will be released.

Though the E-Mail has all the red flags in it to show that it is indeed a scam E-Mail (bad wording, no proof/facts of the video, not addressed by name of the victim) people have payed the money to various bitcoin wallets in the past.

After again receiving such an E-Mail I saw something different this time: It was not a “throw away” E-Mail address but an E-Mail address tied to an actual existing webpage/domain name called davidstephensusc.com (mail.davidstephensusc.com with an AX record also exists). So this caught my attention and I did a quick research to find out where the page is hosted and whether I can gather any additional information and check if there is a possibility to shut down the domain for good.

Continue reading

Cybersecurity, Metadata and Surveillance

2_IMG00030.jpg

Parkinglot entrance from the new BND (Federal Agency Service) building in Berlin/Germany. © Benjamin Hiller

One of the big “buzz-words” of the last years is Big Data (LINK). Every large corporation, especially in the tech sector, tries to implement Big Data, combined with sophisticated algorithms, into their products, in machine learning, social media channels or targeted advertisement. Of course nation states and their various agencies are also interested inthis topic and, as the NSA scandals have shown, use Big Data for their own goals.

But Big Data and algorithms are only as good as the humans creating them. And these humans have their own social background, bias towards certain people and behaviors and thus the code can skew its results in one direction or another. And I have not even begun to raise the issue of ethics.

But why should, for instance, metadata be as powerful as “normal, open” data from a person? Because even if you try to stay “under the radar” metadata is created – and that is often enough to identify a person, his/her habits and political leanings to near perfection. The following, older, New Yorker article gives insight into this topic: “Whats the matter with metadata”.

And thus here some current news in regard to Big Data, Metadata and Surveillance:

1. Even the best algorithm can go astray – and that happened big time during the Champions League final in Cardiff, where facial recognition falsely identified 2.000 people as possible criminals – not the best outcome for this kind of software: LINK

2. The new Transparency Report 2017 regarding the “Use of National Security Authorities” (source) shows that the NSA has increased its collection of metadata via US phone-/internet providers from 151 million sets in 2016 to a whooping 534 million in 2017. It is only a matter of time until some badly implemented algorithm (as no human can sift through this mass of data in a reasonable time) can lead to some serious trouble or false accusations.

3. Everybody knows the Facebook feature of suggesting “friends you know” – now, according to a Telegraph article (LINK), researchers assert that this feature enabled radical Islamists to connect with each other and thus strengthen their network. Every convenient feature can also have a dark side.

4. And last but not least the EU Member States, despite the CJEU ruling against such “mandatory metadata collection” on a large scale, try to implement a new regulation which would force Internet-/Phone providers in Europe to keep data of their users for up to six months (LINK) – and at the same time (as always only to “fight terrorism”) they try to impose also a mandatory biometric passport in all EU member states (LINK). Happy Big Data collection – until a leak/breach happens and millions of sensitive data sets are exposed to the internet – as happened more than once already.

The quintessence is that we need some proper new regulations in regard to the collection of Big Data, Metadata and who handles what – and far more important these collections of data need to be protected in new ways as the past has shown that to often companies and states fail to keep this kind of data safe.

And if you want to keep your metadata a bit more under wrap here is the book for you to start on this long and challenging task: LINK