Offshore Outsourcing & Scammer
Blog about offshore outsourcing and scammer in the outsourcing industry
Caught WhatsApp messages leaded to Belgian terrorist captures
by Rudolf Faix Friday, June 12, 2015 5:12 AM

WhatsAppEnd-to-end encryption holes in WhatsApp message metadata have uncovered jihad terrorists.

The FBI has been campaigning hard to get free access to the messages went by scrambled informing administrations. Yet, it clearly didn't require that level of access to WhatsApp messages sent between individuals from a charged Chechen jihadist gathering working in Belgium. As per a report by Bloomberg, a couple of men were captured and warrants were issued for three others for supposedly get ready for a terrorist as in Belgium. 

The captures took after attacks in which 16 individuals were confined, which Belgian law implementation authorities said was the consequence of "working with U.S. authorities to monitor suspects’ communications on WhatsApp Inc.’s messaging service," Bloomberg's Gaspard Sebag reported. 

The BBC reports that the men fixing to the al-Nusra Front in Syria and the Islamic Caucasus Emirate. One man confined had as of late come back to Belgium injured in battle in Syria while battling with al-Nusra. There were two gatherings attacked one in Ostend on Belgium's coast, and the other inland at Louvain. The Louvain gathering was said to be plotting a terrorist assault in Belgium. BBC likewise refered to Belgian authorities as saying WhatsApp messages blocked by the US government were utilized to follow the gathering. 

WhatsApp started giving end-to-end (E2E) encryption of its messages last November with the joining of security specialist Moxie Marlinspike's WhisperSystems encryption convention TextSecure. In principle, if TextSecure were being used by the affirmed terrorists, the substance of their messages would have been exceptionally hard to peruse; the TextSecure convention persistently changes sets of encryption keys with each new message. Yet, it’s dubious that the messages were scrambled especially since E2E encryption is not upheld by the Apple iOS rendition of WhatsApp, and gathering messages and pictures aren't bolstered by WhatsApp for Android yet. 

Regardless of the possibility that a percentage of the messages stayed secured by encryption, it’s conceivable that the FBI or NSA assembled metadata at the server for the messages. That metadata could have been utilized to build up the associations between the suspects and the injured jihadi, which would have permitted the US organizations or Belgian law requirement to accomplish more focused on observation. 

In an article in German magazine C'T, proofreader Fabian A. Scherschel dove into the encryption conspire in WhatsApp and battled that it didn't shift the key used to scramble data in travel rather, it utilized a key got from the client's watchword and encryption code in light of the RC4 calculation for both inbound and outbound correspondence. The hint was that captured and gathered messages could hypothetically be broken a great deal all the more effortlessly since the key seeds could be all the more effectively discovered on the grounds that it diminished the quantity of conceivable keys. Be that as it may, in a reaction to the article presented on Reddit, Moxie Marlinspike said, "This article should be retitled 'Breaking News: WhatsApp E2E Deployment Process Exactly As Advertised.'  We announced a partnership, not a finished deployment. In the blog post announcing that partnership, we publicly outlined the WhatsApp E2E deployment process, and it describes exactly what has been 'discovered' here. As I said in the blog post, deploying across this many users (hundreds of millions) and this many platforms (seven, of which they checked two) takes time, and is being done incrementally. I also point out that we will be surfacing information in the UI once that is complete."

 

Tags: , , , , , , ,

Security

Why Google denies us real end-to-end encryption?
by Rudolf Faix Monday, April 6, 2015 3:40 PM

Why did we still do not have easy-to-use end-to-end encryption? The standard answer is far too complicated! But this is nonsense; Apple shows how to make it simple.

AndroidThe technical challenges for true end-to-end encryption are solved for many years. In principle, one could make the simple. With it would be sure not just anybody can easily read along our private and business communications.

Nevertheless, emails, chats and phone calls are still almost always in plain text. They are secured for transport (SSL / TLS), but at least, the service provider can read everything and often does. This course also various other interested parties that attach to help him, the contents of confidential messages.

At this point I always hear, end-to-end encryption is still far too complicated. Alone to generate key, not to mention the checking and signing - end users don’t like do that. In fact, I'll never get anyone to use PGP. Nevertheless, the argument is simply wrong.

Because there is already end-to-end encryption, which is so simple that they use many millions of users and do not even know this: Apple's iMessage encrypts any message with a key that is only known by the recipient. Not Apple, not the network operator and not the NSA. And the highlight: Thanks to Apple's iMessage is a sophisticated design that not a bit more complicated than traditional SMS. Each iPhone owners use it easily and has not to worry about the encryption. The encryption is just there.

This one who wants to read along these messages has to attack this encryption. This also applies to Apple or someone standing there with a National Security Letter at the door. In practice this means: It is not enough that Apple or engage NSAs to the appropriate server to write there the plaintext with, as would be the case with Google, Skype and almost all other services. Instead, Apple would have to actively engage in communication and distribute counterfeit keys.

Of course, experts will argue that Apple does not satisfy the pure doctrine and the user himself has no control over his keys. Specifically, the system is not hedged against the fact that Apple itself eventually distributed as "Man in the Middle" wrong keys. But these are details that go past the actual heart of the matter. It can get improved without much effort. (The ignorance and arrogance of Apple is typical and with that the refuse demands for such extensions and perhaps the other side of the coin is that Apple like no other company can create easy-to-use products). Is crucial, however, Apple is the only major manufacturer and service provider offering such end-to-end encryption at all.

The real question is: Why does Google's Android has no a similar function and nourishes us with Hangouts without proper encryption? I seriously doubt that Google no one has come up with this idea or that technological pioneer in so many areas that could not be implemented just as elegant as Apple; Moxie Marlinspike shows with TextSecure how this might look like. There is only one plausible explanation for why Google has nothing to offer in this respect:

Easy to use end-to-end encryption is undesirable.

There is strong political interest to be able to read the communication of all Internet users at any time without much effort. We can only speculate as large as the pressure is exerted by politicians and authorities on the Group. But much harder probably weighs Google own economic interest: With functioning end-to-end encryption, Google would torpedo his own business model. This is in fact based on that the Group can read and analyze our data - and then to present, inter alia for suitable advertising. This of course applies equally to Facebook; so you can write off any hopes about WhatsApp.

Apple, however, earns his money is still with the sale of equipment and Commissions from business apps and content. And they deserve it obviously so good that they - unlike Google and Facebook - have the luxury to leave us our privacy.

What does that mean for us now? Not that we should buy now Apple products. There are too many things that you can refuse to Apple for good reason. But we must not be fobbed off with cloudy promise to respect our privacy and the protection of our business communications to us. Correct and above all simple end-to-end encryption for all could be done - we must demand only finite.

 

Tags: , , , , , , , , ,

Blog Rudolf Faix

NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware
by Rudolf Faix Wednesday, February 18, 2015 12:51 PM

The U.S. National Security Agency (NSA) may be hiding highly-sophisticated hacking payloads in the firmware of consumer hard drives over the last 15 to 20 years in a campaign, giving the agency the means to eavesdrop on thousands of targets’ computers, according to an analysis by Kaspersky labs and subsequent reports.

 

'EQUATION GROUP' BEHIND THE MALWARE

The team of malicious actors is dubbed the the "Equation Group" by researchers from Moscow-based Kaspersky Lab, and describes them as "probably one of the most sophisticated cyber attack groups in the world," and "the most advanced threat actor we have seen."

The security researchers have documented 500 infections by Equation Group and believes that the actual number of victims likely reaches into the tens of thousands because of a self-destruct mechanism built into the malware.

 

TOP MANUFACTURERS' HARD DRIVES ARE INFECTED

Russian security experts reportedly uncovered state-created spyware hidden in the hard drive firmware of more than dozen of the largest manufacturers brands in the industry, including Samsung, Western Digital, Seagate, Maxtor, Toshiba and Hitachi.

These infected hard drives would have given the cyber criminals persistence on victims' computers and allowed them to set up secret data stores on the machines, which is only accessible to the malicious hackers.

 

UNABLE TO REMOVE THE INFECTION

One of the most sophisticated features of these notorious piece of hacking tools is the ability to infect not just the files stored on a hard drive, but also the firmware controlling the hard drive itself. The malware is hidden deep within hard drives in such a way that it is difficult to detect or remove it.

If present, once the victim insert that infected storage (such as a CD or USB drive) into an internet-connected PC, the malicious code allows hackers to snoop victims' data and map their networks that would otherwise be inaccessible.

Because the malware isn't sitting in regular storage, so it is almost impossible for a victim to get rid of it or even detect it. Such an exploit could survive a complete hard drive wipe, or the re-installation of an operating system, and "exceeds anything we have ever seen before," the company's researchers wrote in a report.

 

MORE ADVANCED TECHNIQUES USED BY EQUATION GROUP

The firm recovered two modules belonging to Equation group, dubbed EquationDrug and GrayFish. Both were used to reprogram hard drives to give the malicious hackers ability to persistently control over a target machine.

GrayFish can install itself into computer's boot record — a software code that loads before the operating system itself — and stores all of its data inside a portion of the operating system known as the registry, where configuration data is normally stored.

 GrayFish architecture - Kaspersky Labs

EquationDrug, on the other hand, was designed to be used on older versions of Windows operating systems, and "some of the plugins were designed originally for use on Windows 95/98/ME" - very old versions of Windows OS that they offer a good indication of the Equation Group's age.

 

TARGETED COUNTRIES AND ORGANISATIONS

The campaign infected tens of thousands of personal computers with one or more of the spying programs in more than 30 countries, with most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.

The targets included government and military institutions, telecommunication providers, banks and financial institutions, energy companies, nuclear researchers, mass media organisations, and Islamic activists among others.

Equation Group Victims Map - Kaspersky Labs 

'ANCESTOR' OF STUXNET & FLAME

Security researchers are calling the malware as the "ancestor" of Stuxnet and Flame, the most sophisticated and powerful threats that were specially designed to spy and sabotage ICS and SCADA systems.

 

LINKS TO NSA

Kaspersky declined to publicly name the country or agency behind the spying campaign, but said it was closely linked to Stuxnet — the NSA-led cyberweapon that was used to sabotage the Iran's uranium enrichment facility.

Also, the similarities when combined with previously published NSA hard drive exploits have led many to speculate that the campaign may be part of the NSA program. NSA is the agency responsible for global surveillance program uncovered by Whistleblower Edward Snowden.

Another reason is that most of the infections discovered by the Moscow-based security firm have occurred in countries that are frequently US spying targets, such as China, Iran, Pakistan and Russia.

Meanwhile, Reuters reported sources formerly working with the NSA confirmed the agency was responsible for the attacks and developed espionage techniques on this level.

 

NSA INVOLVEMENT COULD BE RISKY

In case, if NSA found to be involved, the malicious program would have given the NSA unprecedented access to the world's computers, even when the computers are disconnected from the outer web. Computer viruses typically get activated as soon as a device is plugged in, with no further action required, and this because the viruses are stored on a hard drive's firmware.

Back in July, independent security researchers discovered a similar exploit targeting USB firmware — dubbed BadUSB — however there was no indication of the bugs being developed and deployed by Equation Group at this scale.

The issue once again raises the questions about the device manufacturers' complicity in the program. They should take extensive and sustained reverse engineering in order to successfully rewrite a hard drive's firmware.

For its part, the NSA declined to comment on the report.

 

Tags: , , , , , , , , , , ,

Security

Filter by APML

AboutMe

I'm since more then 35 years in the computer business (programming and technical support) and using the Internet since it has started. Since 2002 I'm programming solutions for Asterisk and since 2004 I'm in the call center industry.

Disclaimer

All data and information provided on this site is for informational purposes only. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis and is only representing my own opinion. By browsing or using content from this site you accept the full legal disclaimer of this website.