News Blues IX – Cyber edition

After a long break finally a new “Cyber-Blues” blog post. Check out these articles if you want to stay up to date on what is going on in the “shady world” of “Cyber-Security/Hacking” – though I even added some fun stuff at the end this time to brighten up the mood:

1. The New York Times reports on the start-up company Clearview AI – and how they “help” law enforcement agencies match photos of unknown people to their online images – often with illegal means of obtaining the images in the first place:


2. Wired on “Breaking down the hacking case against Julian Assange” to give also the non-techies and non-lawyers a current update:


3. A blog post on the Glenn Greenwald charges by the Brazilian state, compared to the Julian Assange charges:


And the New York times on the whole “case” against Glenn Greenwald:


4. Apple, still seen by many people as “defending the privacy and security” of their users, seems to have dropped the plan to encrypt backups after the FBI complained; this reiterates that we urgently need full open source built, from the hardware to the OS, mobile phones with proper encryption:


5. The full report on the Jeff Bezos Phone hack can now be downloaded here:


6. Wired on a “new mysterious ransomware” targeting Industrial Control Systems – though “insiders” and Cyber Security experts say this has been long known and not that new and that the company reporting on it does this more for PR reasons than shedding light on a new danger:


7. The Washington Post reports on how the CIA (interestingly with the help of the German BND) used a Swiss company, which delivered encryption tools for governments all around the world, to actually spy on them:


8. Motherboard reports on how companies buy data (for instance for targeted advertisements) by scraping the contents of your email inbox:


But at the end, after all these not very amusing articles and news – here is something which gives, on the one hand a deep look into the mindset of the NSA agency and, on the other, will bring a certain smile to you: A FOIA request managed to get 136 posters released that the NSA used internally in various “campaigns” for internal propaganda:

1. The full document for download:


2. Best off by the BBC:


3. Best off by Motherboard:


As always, stay safe out there, keep a positive vibe and fight for human rights and digital rights for all humans!

Your Benjamin Hiller

News Blues VIII – Cyber edition

I am finally back with my “News Blues” Cyber edition section. I hope that in the future I will post this kind of stuff once a month. It is a collection of articles and news-stories in the realm of “cyber security” – some are hopeful though most are more on the negative side of things. Lets jump into it right away:

1. An important and strong opinion piece against the current development of Surveillance Humanitarianism: LINK

2. Going Dark: The Myth of Consumer Security – the state still wants backdoors to encrypted devices and builds up the myth of “terrorists going dark” – while any kind of backdoors would wrack havoc on a far greater scale: LINK

3. On the same topic an in-depth “debate paper” by the Carnegie Center called Moving the Encryption Policy Conversation Forward: LINK

The next articles are in German and focused on current debates in Germany.

4. Verhaltensbasierte Überwachung – diese Idee scheint mir schon im “Beta-Stadium” mehr als Bedenklich und mir würden zig Faktoren einfallen welche gegen solch eine Technik sprechen: LINK

5. Wer hätte das Gedacht: Ideen wie die “Chinesische große Firewall” oder die Tests in Russland um das eigene Internet nach Außen abzuschotten erhöhen auch den Druck in Europa solche (falschen) Ideen umzusetzen – diesmal wird es von einem Telekom-Sprecher propagiert: LINK

Ich selber bin noch immer der Meinung das Abschottung und “Notfallschalter” genau der falsche Weg sind; nur mit der Kombination von Transparenz, offenen Systemen, starker Verschlüsselung und Dezentralisierung lässt sich ein offenes und sicheres “Internet” weiterhin aufrecht erhalten – und verhindert so die dystopischen Varianten welche mit den Ideen wie oben genannt zwangsläufig entstehen.

6. Auch die Bahn springt auf den Hype der Dauer-Überwachung auf (besonders nach dem tragischen Fall in Frankfurt/Main und dem medialen/öffentlichen/politischen Drucker welcher dadurch aufgebaut wurde) – und plant eine massive Ausweitung der Überwachung an Bahnhöfen. Das mehr Überwachung noch nie Verbrechen verhindert haben und nur zu negativen Konsequenzen (mehr Hackerangriffe auf solche lohnenswerten Ziele, Datenmissbrauch, soziale Kontrolle, racial profiling usw.) mit sich bringt muss leider immer wieder erwähnt werden: LINK


Quick & Dirty: Finding the domain behind a scam E-Mail and shut it down


Standalone tools used: TracerouteNG / FOCA / Maltego / Nmap
Online tools used: IP Tracker & Blockchain

We all know the annoying scam E-Mails which flood our mailboxes. In recent months a new scam mail popped up claiming to have filmed the victim masturbating while watching porn and that if no money is sent to a certain bitcoin wallet the video will be released.

Though the E-Mail has all the red flags in it to show that it is indeed a scam E-Mail (bad wording, no proof/facts of the video, not addressed by name of the victim) people have payed the money to various bitcoin wallets in the past.

After again receiving such an E-Mail I saw something different this time: It was not a “throw away” E-Mail address but an E-Mail address tied to an actual existing webpage/domain name called ( with an AX record also exists). So this caught my attention and I did a quick research to find out where the page is hosted and whether I can gather any additional information and check if there is a possibility to shut down the domain for good.

Continue reading

Cybersecurity, Metadata and Surveillance


Parkinglot entrance from the new BND (Federal Agency Service) building in Berlin/Germany. © Benjamin Hiller

One of the big “buzz-words” of the last years is Big Data (LINK). Every large corporation, especially in the tech sector, tries to implement Big Data, combined with sophisticated algorithms, into their products, in machine learning, social media channels or targeted advertisement. Of course nation states and their various agencies are also interested inthis topic and, as the NSA scandals have shown, use Big Data for their own goals.

But Big Data and algorithms are only as good as the humans creating them. And these humans have their own social background, bias towards certain people and behaviors and thus the code can skew its results in one direction or another. And I have not even begun to raise the issue of ethics.

But why should, for instance, metadata be as powerful as “normal, open” data from a person? Because even if you try to stay “under the radar” metadata is created – and that is often enough to identify a person, his/her habits and political leanings to near perfection. The following, older, New Yorker article gives insight into this topic: “Whats the matter with metadata”.

And thus here some current news in regard to Big Data, Metadata and Surveillance:

1. Even the best algorithm can go astray – and that happened big time during the Champions League final in Cardiff, where facial recognition falsely identified 2.000 people as possible criminals – not the best outcome for this kind of software: LINK

2. The new Transparency Report 2017 regarding the “Use of National Security Authorities” (source) shows that the NSA has increased its collection of metadata via US phone-/internet providers from 151 million sets in 2016 to a whooping 534 million in 2017. It is only a matter of time until some badly implemented algorithm (as no human can sift through this mass of data in a reasonable time) can lead to some serious trouble or false accusations.

3. Everybody knows the Facebook feature of suggesting “friends you know” – now, according to a Telegraph article (LINK), researchers assert that this feature enabled radical Islamists to connect with each other and thus strengthen their network. Every convenient feature can also have a dark side.

4. And last but not least the EU Member States, despite the CJEU ruling against such “mandatory metadata collection” on a large scale, try to implement a new regulation which would force Internet-/Phone providers in Europe to keep data of their users for up to six months (LINK) – and at the same time (as always only to “fight terrorism”) they try to impose also a mandatory biometric passport in all EU member states (LINK). Happy Big Data collection – until a leak/breach happens and millions of sensitive data sets are exposed to the internet – as happened more than once already.

The quintessence is that we need some proper new regulations in regard to the collection of Big Data, Metadata and who handles what – and far more important these collections of data need to be protected in new ways as the past has shown that to often companies and states fail to keep this kind of data safe.

And if you want to keep your metadata a bit more under wrap here is the book for you to start on this long and challenging task: LINK