Remember that battle over SOPA, in which the world's largest websites beat back a congressional threat that would have changed the Internet forever? It was pretty obvious within a day after this Pyrrhic victory that the existing laws in place were enough to give the government the power to wreck the digital world. But how would it happen? How would government end digital freedom?
Well, the excuse is obvious. It is "intellectual property." This phrase serves the same purpose for would-be censors that "terrorism" does for warmongers. It is a way to ramp up government control while kicking sand in the faces of those who would oppose such control. Are you for terrorism? Are you for theft?
It's rather easy to detect normal theft. One day, I have a planter on my porch. The next day, the planter is on your porch, and it got there without my permission. Or one day, I'm driving my car. The next day, you are driving my car because you took it from me in the night. This is the way normal theft occurs. You can tell when it has happened. And the means of redress are obvious.
Now imagine a different scenario. One day, the paragraph above appears on the website for Laissez Faire Books. The next day, it appears on your Facebook page or blog. But it is not thereby removed from lfb.org. Instead, it is copied. A second instance of the paragraph has been created, taking nothing from me. My paragraph still exists. And let's say this happens 10 billion times in the course of a few minutes, as can happen in the digital world.
Is this a case of mass looting, or is it a mass compliment to me?
Copyright law sees this as theft. But how can that be? The whole merit of the digital world rests on the remarkable scalability of everything digitized. That's the basis of the economy of the Internet. Its capacity for inspiring and achieving infinite emulation and sharing is unparalleled in history. It's what makes the Internet different from parchment, vinyl or television. Remove that, and you gut the unique energy of the medium.
Intellectual property law became universal only about 120 years ago. It was gradually expanded over the course of the century, invading the digital realm in the 1980s and expanding its coverage ever since. How do you make copies illegal in a medium that specializes in its capacity for sharing, multiplying, linking and community formation? You need totalitarian control.
But how is the government going to do it? Well, consider how the government went about ramping up the tax state during the 1940s. Instead of just taxing people directly, it leaned on private businesses to do it, via the "withholding tax." Business was forced to become the tax collector for the state. And it was the same with health care. Instead of just mandating universal coverage, it leaned on private business to do the government's bidding. Business became the health care provider through mandate.
The same is now happening with the enforcement of intellectual property on the Web. All the latest reports say that ISPs (Internet service providers) have struck at deal with old-line media companies to start policing the way users of the Internet surf, upload, download and link.
There will be several warnings, and then, presumably, after some point, access will be cut off. They will do this based on the IP address of the user. In other words, ISPs will be doing the dirty work for the state. Probably, they struck the deal just because 1) the laws are already in place, and 2) they are probably trying to avoid a worse fate.
To be sure, some of this is already going on. If you use WordPress or Blogger for blogging, you probably already know this. Open and aggressive violators are presented with notices, whether the violation took place knowingly or not. For several years, YouTube has been blanking out the audio on home videos if the music is under copyright. And innumerable upload sites blast away anything that is under question, presuming guilt before it is proven.
Even an open Creative Commons announcement that grants permission to copy is not always enough. The presumption is that every duplication is a crime. Every upload is suspect, and every download is, too.
And contrary to what people claim, it is not always easy to tell the difference between protected property and common property. Copyright law is notoriously difficult to figure out. Sometimes the answer is obvious, as with material published before 1922. But there is this huge land of publication between that time and 1963 in which renewals are sometimes fuzzy, especially when multiple authors are involved.
Patent is an even worse case. Right now, everyone is suing everyone else for whatever. It has become a wicked game in which the competition takes place not in the arena of consumer service, but in the courts via various forms of trolling and legal blackmail.
In the end, all these disputes are won by the companies with the deepest pockets. I've seen copyright disputes that are settled on this basis alone, regardless of the merits of the case. In the end, it is too expensive for the little guys to defend themselves against large corporate interests, so the little guys invariably relent to avoid super-costly litigation.
This is the way it will be in the future. The big boys will run the show, doing for the state what the state is unable to do for itself, and they will do it on behalf of big corporate interests. This does terrible things to the competitive culture. It does even worse things to the culture of community sharing that has created a vast world of miracles and marvels available to the whole of humanity. It is a case of man's cruelty to man, serving no purpose except the material interests of large corporations that are determined to slow the path of progress for humanity.
However, it is not all dark. Every legal imposition creates incentives for the geeks of the world to find the workaround. There will always be a way. Just as the speak-easies remained open in the 1920s, there will always be zones of freedom in the digital world. And I have no doubt that, in the end, the freedom of information will win this. The tragedy is that there will be many speed bumps along the way to victory.
Jeffrey Tucker Executive editor, Laissez Faire Books
Physical search is by far the most effective method of locating surveillance devices if properly executed. You'll need to be careful and methodical if you want to try and find surveillance devices, and have a workable plan of attack. Begin by finding a place to prepare yourself outside the area you're going to inspect
Once you're satisfied that there are no tiny holes in the wall that could be housing a microphone or small camera and that there is nothing lurking under the wall coverings, get on your hands and knees and direct your light at the junction between the walls and the floor looking for fine wires. Rake at the carpet edges with a dental pick.
At this point, you'll want to start looking for both wires and batteries, the other tell-tale sign of a surveillance device. Get an inspection mirror and start looking under any semi-permanent fixtures in the room. Any light fixtures in the area will need to be checked for light modulators and carrier current devices. Take them apart and look for circuit boards (lights don't need any). Face plates should come off all light switches and power outlets. The covers should be taken off all phone and data jacks. Anything that doesn't look like it belongs probably doesn't.
Have you looked everywhere? You're sure? Have you lifted the ceiling tiles and made sure there was nothing lurking on the other side? Taken the cover off the smoke detector and compared it to a detector of the same make and model that you just bought? Did you check the upholstery for signs of tampering, including underneath? Did you stand on a chair and check the top of every air core door looking for holes? You remembered to look at the bottom of the door with an inspection mirror, didn't you? Hot air registers were removed and the ducts inspected? The list could go on for pages (and does in A Beginning Sweepers Handbook); but the point is that you'll need to exercise both your paranoia and your imagination in order to root out surveillance devices.
[ ] Floorboards examined with pick and high-intensity light
[ ] Walls examined for fine wires
[ ] Hollow doors examined top, bottom and under hinges
[ ] Covers removed from electrical outlets
[ ] Covers removed from light switches
[ ] Walls examined for small holes
[ ] Ceiling tiles lifted
[ ] Jacks disassembled
[ ] Raceways examined
[ ] Wires traced back visually
[ ] Walls examined for small holes
[ ] All lights examined for signs of tampering
Searching residential lines:
By far the most productive portion of any phone sweep is the physical search. Get a mag-lite, spudger (or dental pick) and a dentist's mirror. Start at your phone and trace the wire back as far as you can. Take the cover off every phone jack and tug at the wire regularly (look for fine wires connected to the line). If you see a 66 block , look behind it with the mirror. There should be no wiring or paint on the back.
If you can trace your wiring back to the demark point, open the thing up and have a look around. You should see no splices attached to you pair. If the line terminates in an NID, open the side labeled "Telco Access Only" (you'll need a 3/8th nut driver). Probe around looking for splits, things that don't appear to belong, etc. The majority of a demark's parts are modular, so remove them and look inside and behind them.
Searching commercial lines:
Searching in an office environment presents a whole new universe of problems (not the least of which being "What are you doing here?"). Commercial buildings have complex phone systems and cabling; making the physical search several magnitudes more difficult, but not impossible. Trace the line back from your phone to it's jack, looking for fine wires or other things that look out of place. If your phone uses a 25 pair cable, like the ones below, look for bits of glue or tape that might be covering up slits in the sheath or other signs of tampering. If the wiring ends in a jack, take the cover off and have a look around. Talk to a networking guy before removing the jack so you don't break it, or find out to late that fiber and telephone cabling were sharing a raceway. Next stop on the debugging will be the wiring cabinet.
Wiring cabinets are part of what make office networks unique. Wiring cabinets are the walk-in closets found on every floor of a building housing that particular floor's phone and LAN equipment. Each cabinet should be locked up tight. If it isn't, complain loudly to the networking staff. Unlocked wiring closets make transmitter placement WAY too easy. Unlock the cabinet and have a look around; there should be no signs of recent spray painting (could be used to cover fine wire leads or metallic paint leads), no wires on the back of the wiring blocks, and everything with a tag labeled "Do Not Remove" with a telco logo on it should be checked. Check again for cables with tape or paint on them that could be covering tamper marks. Pull apart Amphenol connectors and single line taps to confirm that there is nothing hidden inside. Don't get overwhelmed if there are LOTS of cables, the hellish tangle of wires in the cabinet can be sorted through by color code. Because you're looking for devices connected to phone lines, pay particular attention to blue (horizontal voice), orange (telco trunks) and red (key system cabling) cross connect cables.
After confirming all wiring closets are clear, check the main closet (usually in the basement). This is where telco trunks appear, and a good amount of heavy-duty networking gear is stored. Check just like you did the wiring cabinet.
* Note: This is likely not a step that should be taken by the average person.
Now the real nightmare begins, checking inter floor cabling. Ceiling risers, elevator shafts and floor ducts are often used to run network and telephone cable, and because of their inaccessibility, make perfect places to hide wiretaps.
Before you start disassembling your phone, it would be wise to put a frequency counter next to the phone and take it off hook. Call a number that probably won't be answered anytime soon (like your ISP or the phone company). If the counter doesn't pick anything up after a few minutes there probably nothing in your phone. Its time to start checking your phone.
Searching in the outside plant:
Disclaimer: Messing around in the OSP is illegal difficult and dangerous, but so are many telephone intercepts. Visually trace your telephone's wiring from the demark to as far back as you can. Remember that wiretappers need access to your line, so look for places where it can be gotten at easily (those cables are insulated with sheets of lead by the way, and any splicer will tell you it isn't easy to cut into them subtlety). Is there anyplace where you can reach a boot or splice cabinet? How about if you had a ladder or if you were leaning out a window? If not, keep moving. If you can reach out and touch a splice enclosure or a cabinet, try and open it. Cabinets (like the one at left) are usually held closed with a 3/8th" screw. The cover on a splice enclosure is held on by a series of metal clips attached to the bottom. Look for signs of recent activity... recently stripped screw heads, new looking cable ties, etc. At some point you'll see a cable routed down a pole and into the ground. This cable is on its way to the central office through a maze of pressurized, underground ducts. There's very little need to worry about wires in the Earth.
I Found a Tap!!
Think you found something? Don't panic yet, as there are plenty of good explanations for what you found. Does it have a row of tiny little switches on it? Its probably an RF filter to prevent noise on the line, not a transmitter. Did you find extra wiring attached to your phone line (especially in an OSP setting)? More than likely its a bridged tap, extra cable left over from a previous installation or provided for redundant cabling. Is your line split? It could just be a botched installation. If you're absolutely sure you've found an illegal surveillance device take several pictures of it, and arrange a meeting with a competent TSCM firm. Not a private investigator. Not someone connected to a spy shop. A reputable, professional sweep team. If you're in doubt ask what kind of equipment they use, what sorts of training they've completed, and how many years they've spent in the business. If they try and feed you some line about classified government equipment (Note: many firms use proprietary instrumentation. Just be sure that everything they'll be using on a sweep isn't proprietary) or super secret training politely tell them to go to hell. Any competent sweep technician will be able to tell you about the majority of the gear they typically use, where they were trained, and how long they've been in business.
Specific Device Searches
Take a flashlight and shine it at an angle across the walls. Any small holes should be immediately noticeable. If you do see any small holes in the wall, jam a darning needle into it. HARD. Look for odd discolorations (caused by poorly matched paint that could be covering fine wires or metallic paint) or bumps (from devices covered by well matched paint or under wallpaper). Lift ceiling tiles and peek into air vents, looking for telltale black boxes, wires, or anything else that seems out of place.
Get on your hands and knees and direct your light at the junction between the walls and the floor looking for fine wires. Pull up the carpet edges, too. Check all microphones in the area for additional wires. Speakers should be examined for signs of tampering.
Carrier Current Devices
All electrical appliances, light switches and power outlets should be checked for signs of tampering. Most simple appliances (such as lamps) don't need circuit boards. Check devices against schematics if possible.
Check all lighting for signs of tampering. Circuit boards aren't a normal component of lights. Check against device schematics or known clean sample. The circuitry needed for a light modulator can be hidden ANYWHERE inside of the power system.
Take the cover off your phone and compare it to a schematic or known clean sample. Even this isn't foolproof, as PK Electronik makes a transmitter the size and shape of a ceramic capacitor. Start at your phone and trace the wiring back to the phone jack. Remove the cover of the phone jack and have a look around. Continue to follow the wiring back as far as you can. At no point should you see anything but wires. If the line terminates in an NID, open the side labeled "Telco Access Only" (you'll need a 3/8th nut driver). The majority of a demark's parts are modular, so remove them and look inside and behind them. Look for obvious transmitters and coils.
Go over every inch of wiring looking for overt splices, (be especially wary of splices not made with Scotchlock connectors) and fine wires attached to phone wiring (a small hooked dental pick is a godsend for this). Examine 66 blocks in wring cabinets very closely, its possible to run fine wires behind the block, or use paint traces.
Take the cover off the phone in question and examine the hookswitch. There should be NOTHING connecting the two sides of the hookswitch, or contacts that are connected to them. Check the phones housing for signs of tampering.
* Signs of tampering include stripped screws, fresh looking paint, recently chipped plastic, chipped paint, scrape marks.
The Think Tank Cafe in the Smart Villages hi-tech park in Cairo. (Image: Smart Villages) WASHINGTON -- Egypt has been aggressively attracting tech companies to its wired office parks to help create jobs for its young, educated and often English-speaking workforce.
But by cutting off Internet access last week in the wake of civil unrest, Egypt's government demonstrated just how quickly it can unwind its hi-tech goals.Microsoft is among the 120 companies located in Cairo's Smart Villages , an office park created in 2003 to be Egypt's "prime" information technology park.
It includes a health club, swimming pool, video conferencing services, a conference center and a pyramid-shaped restaurant called the "Think Tank Caf."
Egypt's move to block Internet access prompted Microsoft to respond. Asked about the situation in Egypt, Microsoft said in a written response to a query that it "is constantly assessing the impact of the unrest and Internet connection issues on our properties and services.
What limited service the company as a whole provides to and through the region, mainly call-center service, has been largely distributed to other locations."Another tech firm with a presence in Smart Villages is Hewlett-Packard, which has asked it employees to stay at home .
President Barack Obama and other administration officials are urging the Egyptian government to restoreInternet services and see access as a human right. "It is our strong belief that inside of the framework of basic individual rights are the rights of those to have access to the Internet and to sites for open communication and social networking," White House Press Secretary Robert Gibbs said at a briefing Friday.
Egypt's decision to cut Internet access was apparently intended to disrupt the ability of protestors to use social networks to organize . But hi-tech companies have similar flip-the-switch abilities and can shift services in response to a natural or manmade disaster. It is almost certain that tech companies in Egypt will respond to the current uncertainty much the same way Microsoft did -- if they haven't already.
Phil Fersht, the CEO and head of research at Horses for Sources, an outsourcing research and advisory firm, said top-tier providers rely on Egyptian resources largely for call center work and software support and development. For these firms "it's a massive, massive concern when the government shuts off the internet and all hell is breaking loose," he said in an e-mailed response to questions."
Egypt has proven capable as a good quality resource location for the Middle East, Africa and European regions in areas such as IT, BPO and call center services and has invested significantly in promoting its capabilities worldwide," said Fersht. "The country has invested millions to promote its capabilities -- and now that investment is looking under threat."Not surprisingly, the government agency responsible for hi-tech development in Egypt, the Information Technology Industry Development Agency, (ITIDA), has been offline.
Efforts to reach officials by telephone, e-mail or through a Facebook account have been unsuccessful.Fersht suggested that the current problems in Egypt could prompt hi-tech firms to re-think the risks they face in other regions."If situations, such as what is currently happening in Egypt, proliferate to other countries with sourcing support services, the first reaction of governments now seems to be to 'shut off the Internet,'" said Fersht, "You have to question how this impacts ITO/BPO services that are hugely reliant on the Internet to succeed."
The Egypt situation is a serious blow to many of the developing nations seeking to take their share of global services [that] have potentially questionable political stability," said Fersht.Smart Villages said that by the end of 2009 there were 28,000 professionals working at various companies in the office, and that by 2014 it expected that more than 100,000 would be working at some 500 companies.Microsoft is one of numerous tech firms with a presence in Egypt's Smart Villages hi-tech park.
Working Around the Internet Kill Switch - Egypt workarounds Mood:
lyrical Now Playing: Explaining the tech work-arounds for keeping the "net connected" Topic: TECHNOLOGY
Without Internet, Egyptians find new ways to get online
Nancy Gohring and Robert McMillan
"When countries block, we evolve," an activist with the group We Rebuild wrote in a Twitter message Friday.
That's just what many Egyptians have been doing this week, as groups like We Rebuild scramble to keep the country connected to the outside world, turning to landline telephones, fax machines and even ham radio to keep information flowing in and out of the country.
Although one Internet service provider -- Noor Group -- remains in operation, Egypt's government abruptly ordered the rest of the country's ISPs to shut down their services just after midnight local time Thursday. Mobile networks have also been turned off in some areas. The blackout appears designed to disrupt organization of the country's growing protest movement, which is calling for the ouster of Egyptian President Hosni Mubarak.
"[B]asically, there are three ways of getting information out right now -- get access to the Noor ISP (which has about 8 percent of the market), use a land line to call someone, or use dial-up," Jillian York, a researcher with the Berkman Center for Internet & Society, said via e-mail.
Egyptians with dial-up modems get no Internet connection when they call into their local ISP, but calling an international number to reach a modem in another country gives them a connection to the outside world.
One of the dial-up numbers is run by a small ISP called the French Data Network, which said it was the first time it had set up such a service. Its modem has been providing a connection "every few minutes," said Benjamin Bayart, FDN's president, speaking in an online chat.
The international dial-up numbers only work for people with access to a telephone modem and an international calling service, however. So although mobile networks have been suspended in some areas, people have posted instructions about how others can use their mobile phones as dial-up modems.
The few Egyptians able to access the Internet through Noor, the one functioning ISP, are taking steps to ensure their online activities are not being logged. Shortly before Internet access was cut off, the Tor Project said it saw a big spike in Egyptian visitors looking to download its Web browsing software, which is designed to let people surf the Web anonymously.
"We thought we were under denial-of-service attack," said Andrew Lewman, the project's executive director. The site was getting up to 3,000 requests per second, the vast majority of them from Egypt, he said. "Since then we've seen a quadrupling of Tor clients connecting from Noor over the past 24 hours," he said.
Even with no Internet, people have found ways to get messages out on Twitter. On Friday someone had set up a Twitter account where they posted messages that they had received via telephone calls from Egypt. A typical message reads: "Live Phonecall: streets mostly quiet in Dokki, no police in sight. Lots of police trucks seen at Sheraton."
Others are using fax machines to get information into Egypt about possible ways to communicate. They are distributing fax machine numbers for universities and embassies and asking people to send faxes to those numbers with instructions about how to use a mobile phone as a dial-up modem.
We Rebuild describes itself as "a decentralized cluster of net activists who have joined forces to collaborate on issues concerning access to a free Internet without intrusive surveillance." It has set up an IRC for people who can help with ham radio transmissions from Egypt. They are trying to spread the word about the radio band they are monitoring so that people in Egypt know where to transmit. Some ham enthusiasts are setting up an FTP site where people can record what they hear and post the recordings. So far, they say they've picked up Morse code messages.
Allen Pitts, a spokesman for the National Association for Amateur Radio, said no one has picked up any voice transmissions from Egypt for the past couple of days. But it's possible that people in Egypt are transmitting over shorter-range frequencies that carry only 30 or 50 miles, he said.
One problem with ham radio is that most people who know how to use it in Egypt were probably trained by the military and may be opposed to the protests. Others may be wary of transmitting because they are worried about who might be listening.
During earlier protests in Iran and Tunisia, the governments clamped down on specific websites, but access to the Internet was not severed in such a wholescale fashion.
It is not unprecedented though. In a blog post Friday written with a colleague, York from the Berkman Center for Internet & Society noted that in 2005 the government of Nepal cut off the Internet connection there, and in 2007 the Burmese government did the same in that country.
Nancy Gohring covers mobile phones and cloud computing for The IDG News Service. Follow Nancy on Twitter at @idgnancy. Nancy's e-mail address is Nancy_Gohring@idg.com
CHARLOTTE, NC (WBTV) - Anyone who knows Laura Neff knows she's never more than a couple clicks away. "I email a lot, back and forth all day," she laughed.
The same thing that brings her smiles has also brought frustration the last 2 months. "I thought, that's not going to happen to me, that happens to other people," Neff shrugged.
But it did happen.
Someone hacked into her email account. Eight years of contacts and messages were in someone else's hands. "All of a sudden, people who were on my distribution list who I hadn't heard from in 5 years were emailing me saying, 'Did you email me this link to a pharmacy site?'"
That same week, Neff discovered someone got ahold of her bank card number. Not knowing if the two events were related, she tried closing that email account.
Instead of shutting it down completely, though, the company put the account on a 90 day wait in case Neff changed her mind about canceling the account. "Thinking, at least the account is inactive, so hopefully that will stop this problem and within the space of two to 3 weeks, it was hacked 6 or 7 more times."
Computer security experts call it e-mail hijacking. It's where organizations harvest clean email accounts to send out spam or hackers use to grab personal information.
The easiest way to beat it, experts recommend, and Neff later found, is changing your password and making it stronger. "That's what I did and when I changed it to something very difficult to discern, it stopped."
It's brought back the smiles and with them, peace of mind.
TIPS TO AVOID E-MAIL HIJACKING
Create Strong Passwords
Creating a strong password includes both letters and numbers, upper and lower case, making it difficult for hackers to crack. The easier a password is for you to remember, the easier it is for hackers to solve.
Do not use the same password for multiple accounts.
Delete vs. Dormant
Check with your email account service and find out if they immediately delete the account or leave it dormant for a period of time first. In either case, create a strong password.
Be careful about where you log onto your account. Only use computers you trust.
Read User Agreement
Before signing up for a new account, look at the fine print to find out how the email service handles canceling accounts.
Ed.: For more memory card performance data, including SDHC and Compact Flash cards, please check out our most updated charts. You can find the SDHC charts here and the Compact Flash charts right here.)
The prices of portable memory cards have decreased to almost ridiculous levels: 8 GB SDHC cards now start at only $12. However, enthusiasts don’t want just any memory card—they want one that delivers high write throughput for their devices such as digital cameras, and fast reads, so they can copy contents to their systems quickly. These elite products are much more expensive, so we invited eight popular brands to a shootout.
The Secure Digital (SD) card was invented by SanDisk in 2001 and was based on the multi-media card (MMC) standard. Technically, SD is similar to MMC, but adds digital rights management based on CPRM. SD cards also feature a write protection switch, but it is not a hardware feature: the client device has to handle both settings appropriately.
The 2 GB capacity defined by the SD 1.1 standard wasn’t enough as card sizes grew, so the SD 2.0 or SDHC standard was added. It allows for capacities of up to 32 GB today; the standard is potentially ready for capacities of up to 2 TB. SDXC will follow next year, as 32 GB may remain the limit for the SDHC standard. Note that SDHC and SD cards are identical from the outside, so be sure your device supports SDHC before purchasing such a card (4 GB and up).
Classes 2, 4, 6
The first SD cards could be read at 3.6 MB/s and written at 0.8 MB/s. Faster cards were required by the increasing resolutions of digital cameras, as well as more demanding consumers. As a result, SDHC was divided into three classes: 2, 4 and 6; the numbers represent the minimum sustainable write throughput in MB/s.
It’s not only high resolution digital SLR cameras that require fast memory cards, allowing them to write several photos per second onto the storage device. Another key application is multi-purpose, high-speed mobile storage, or using these cards as system drives via USB or eSATA card readers.
We asked Kingston, Lexar, OCZ, Patriot, PNY, Sandisk, Silicon Power and Transcend to send us their fastest and highest capacity SD cards for review. Let’s look at the 13 cards between 4 GB and 32 GB that we received.
Turns out you don't even need a GPS to track a mobile phone user's whereabouts and glean her movements and interactions: Researchers have discovered a way to use information from the GSM mobile infrastructure to track down someone and even listen in on her voicemail messages and calls.
Don Bailey, security consultant with iSec Partners, and independent researcher Nick DePetrillo today at the SOURCE Boston conference demonstrated how they were able to use a combination of available GSM data plus their own handmade tools to glean someone's cell phone number, pinpoint where she was located physically, and determine what she was doing, as well as gather intelligence about her relationships -- business or otherwise.
"We create a dossier about someone's life over a period of time," Bailey says. "We're able to infer things about an individual's behavior and interactions with the company they work for [as well]," he says.
The researchers gathered information from the GSM network infrastructure itself: "We're using information we can gather from the GSM network to infer your location. And we've taken GSM geolocation a few steps forward, combined with some tools we developed," DePetrillo says. "This is new and novel and really, really scary."
The research has chilling implications for businesses, as well as the individuals themselves. Bailey and DePetrillo say they were able to glean the identity of a government contractor by sifting through caller IDs and phone numbers they traced to the U.S. Department of Homeland Security, for example.
Bottom line is it demonstrates inherent weaknesses in the way mobile providers interoperate over the GSM infrastructure. "There is a soft underbelly in the cell phone network...it's an interoperability thing," Bailey says. "We are taking advantage of the way these companies are exposing interfaces to each other. That's where it becomes a serious problem."
"That's akin to attacking the Internet at the router level," Shields says. "This attacks at the infrastructure level versus the application level. If you can compromise the infrastructure's underlying building blocks, the rest of it will tumble. That's what makes their [research] so interesting."
The researchers used the GSM provider caller ID database, the Home Location Registry (HLR), and some voicemail-hacking techniques, along with their own tools. They reverse-engineered the mobile phone caller ID database by scanning blocks of cell phone numbers, creating a white pages of sorts of these numbers. "It comes back with the name of the organization that owns it," DePetrillo says. They also were able to determine the cell number's cell provider, even if that number had been ported to a new provider, he says.
They then leveraged the HLR, a central repository of information mobile phone subscribers, to locate cell phone towers and regional locations, among other information. "We [used] the mobile switching center number, which corresponds with all cell phone towers in a region and calls back to the switching center where data is routed," Bailey says.
The researchers were able to combine this data, as well as from social networks, to glean a victim's comings and goings. "We can make connections between the movements and 50 or so candidates and whittle it down to one or two," for example, he says.
They then sifted through voicemail or grabbed phone records of who the victim had been speaking with. "We can take those numbers and get you and the other phone to call each other" and conference in to listen in on the conversation to grab more intelligence, he says.
With a little caller ID spoofing, they can extract other information about the victim by hacking into voicemail, for instance. "We can call someone's phone with a spoofed caller ID. Then we can enter the voicemail box without a PIN," DePetrillo says. "That's not new, but combined with other techniques, it lets us get directly into their voicemail without ringing the phone."
The researchers -- who did not release the tools they created -- have alerted major GSM carriers in the U.S. about their findings. "They are very concerned," Bailey says. Some are looking at how to better mitigate these types of attacks, but it won't be easy.
How can a mobile phone user protect herself from this in the meantime? Short of shutting off her phone, not much, according to the researchers.
There are a few possible red flags that could indicate an attack, but it's mainly a silent one. "If you have a particular missed call, or something strange happens, like you got a phone call from yourself, or your [phone] is suddenly calling someone [itself], those could be telltale signs of an attack."
But most of these attacks would be transparent to the victim. There's only about a 10 to 15 percent chance he would see something awry, Bailey says, because the phone won't ring, for instance.
The researchers say some of their work actually scared them. "The Washington, D.C., area is pretty insecure," DePetrillo says. "I came up with a scenario where you can track very important individuals wherever they are...you don't have to track a government official under high security, just the people who travel with him [via their phones], a lot of whom are not under high security, such as congressional aides."
"So if want to find out where Steve Jobs, Brad Pitt, or Tiger Woods is hiding out, you could [potentially] do that with our techniques," he says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly,
A llaw requiring police to obtain a search warrant before tracking Americans' cell phones may imperil criminal investigations and endanger children's lives, a law enforcement representative told Congress this week.
Obtaining a search warrant when monitoring the whereabouts of someone "who may be attempting to victimize a child over the Internet will have a significant slowing effect on the processing of child exploitation leads," said Richard Littlehale of the Tennessee Bureau of Investigation. "If that is acceptable, so be it, but it is a downstream effect that must be considered."
Littlehale's remarks to a House of Representatives subcommittee come as an industry group called the Digital Due Process coalition is prodding politicians to update a mid-1980s federal law by inserting more privacy protections. The group includes Google, Microsoft, eBay, AT&T, the ACLU, and Americans for Tax Reform.
Legislation has not yet been introduced, and coalition members have braced themselves for an extended period of negotiations among police, civil libertarians, and members of Congress that could take as long as a year or two. Meanwhile, no federal appeals court has ruled on the topic--a case is pending before one in Philadelphia--and lower courts have split over whether the U.S. Constitution requires a warrant or not.
But if law enforcement defends the idea of warrantless tracking, the coalition's task will become more complicated. It took the better part of a decade for an alliance of privacy advocates and industry representatives to surmount stiff opposition from the FBI and intelligence agencies that loathed the idea of readily available strong encryption software.
The Obama administration has argued that no search warrants are needed to track cell phone locations; it has told judges that a 2703(d) order, which requires law enforcement to show that the records are "relevant and material to an ongoing criminal investigation," is sufficient. Because it's easier to obtain than a search warrant, a 2703(d) order is also less privacy-protective.
A U.S. Department of Justice representative told CNET on Friday afternoon that the legislative office would not be able to answer questions until next week.
Littlehale, an agent in the bureau's Technical Services Unit, told the House Judiciary subcommittee on civil liberties that a recent Tennessee case involving a kidnapped four-day-old infant would have turned out differently if police were required to request a warrant from a judge. "When you are talking about that volume of process," he said, "any change in the type of process required will have an impact on how rapidly law enforcement can process leads and resolve the case, and in a case of this type, every minute counts."
"The time required to generate a search warrant and have it signed, even in cases where probable cause exists, may in and of itself hamper law enforcement's efforts to move quickly in an investigation," Littlehale said.
Rep. Rick Boucher, a Democrat from rural Virginia, circulated draft legislation (PDF) last month that takes a small step toward preserving location privacy. It says that call location information can be shared with police under a limited set of circumstances--but does not explicitly require a search warrant signed by a judge.
CNET was the first to report on the controversy over location tracking in a 2005 news article. In a subsequent Arizona case, agents from the Drug Enforcement Administration tracked a tractor trailer with a drug shipment through a GPS-equipped Nextel phone owned by the suspect. Texas DEA agents have used cell site information in real time to locate a car driving from Rio Grande City to a ranch about 50 miles away. Verizon Wireless and T-Mobile logs showing the location of mobile phones at the time calls were made became evidence in a Los Angeles murder trial.
And a case currently being argued before a Connecticut federal judge shows that the FBI monitored the whereabouts of about 180 cell phones--without a warrant--while conducting surveillance of two men suspected of robbing local banks.
To locate customers, Sprint and other mobile providers that have built their networks on CDMA technology use a handset-based technique relying on GPS or assisted GPS. AT&T and other companies that have adopted GSM, on the other hand, use a network-based technique known as Uplink-Time-Difference of Arrival that estimates the device's location based on the exact moment that radio transmissions from cell towers arrive.
Such pinpoint accuracy requires special hardware called a Location Measurement Unit, or LMU. Michael Amarosa, vice president of wireless location firm TruePosition, told the House panel that his company has installed more than 100,000 of them.
A handset can communicate with dozens of LMUs, Amarosa said. "A minimum of three LMUs must receive the handset's signal to uniquely determine the location of it. Reception of the handset by more than three LMUs also enhances the accuracy of the location estimated," he said.
Probably the most interesting testimony, though, came from U.S. Magistrate Judge Stephen Smith from Texas, who ruled in 2005 that the Fourth Amendment requires that cell tracking orders be signed by a judge who has probable cause to believe that a crime is being committed.
It's unusual for a currently serving judge to show up before Congress, just as it was unusual, and perhaps even unprecedented, for five magistrate judges in Pennsylvania to jointly sign an opinion stressing a warrant was necessary for location tracking.
Some ways Congress could rewrite and improve the 1986 Electronic Communications Privacy Act include clearer standards, and notification to anyone whose location was tracked, Smith said, adding that he was not taking a position on the broader concept of ECPA reform.
Hidden spy-like gadgets - Cameras and listening devices Mood:
caffeinated Now Playing: spy cameras and the hidden camera equipment Topic: TECHNOLOGY
The Spies Have It: Sneaky Gadgets You Should Know About
February 18, 2010 5:54 PM (Thursday) Author: andrew
Did you know there are hundreds of spy-like gadgets that can record you at any given moment, without your knowledge? You don’t have to be in a James Bond film to get spied on. Spy gadgets could be hiding in your workplace, your car, or even your front yard.
Although it’s illegal in most places to record someone without their consent, that probably wouldn’t stop some people from using one of these readily available devices to make a video or audio recording of someone without their knowledge, and we thought it was high time someone talked about it.
We looked around and found some spy gadgets that illustrate this point. Some of these are pretty creepy while others are mildly amusing in an off-beat sort of way. In any case, if you weren’t feeling paranoid before, these devices may give you reason to be more suspicious in the future.
You’ll Never Look at a Power Strip the Same Way Again Here's a power strip from DPL Surveillance Equipment that has a hidden compartment for plugging in a SIM card that can turn the power strip into a listening device. It can be called like a phone allowing someone to eavesdrop on a conversation or it can initiate a call when it detects audio. It costs $1,209 to buy or it can be rented for $175 per week. A surge protector version also "taps" land lines plugged into the strip. It also looks like there are many other SIM-based surveillance products that come in all kinds of packages. You can watch a video of it here.
Bird House Cam
If you see a bird house like this in your neighbor’s yard, chances are, you’re being watched. It looks like a bird house but it's really a video camera disguised as a bird house. The camera is activated by heat and motion. It records video to an SD card and costs $699 from Spygadgets.com.
Key FobCam Here's a video camera disguised as a key fob. We suppose it could just as easily be used for making legitimate recreational videos but in this creepy video someone lays down his key fob on a counter and starts recording video of the woman behind the counter. Chinavision.com sells it for $47.
SunglassesCam We think it wouldn’t be too hard to spot these obvious looking, spycam sunglasses but for $120 someone can buy a pair for recording whatever they happen to be looking at.
ID CardCam The next time you see a stranger wandering around your company with a badge hanging from their neck you might want to pull out your hidden camera detector (below) and give their badge a quick scan.
Hidden Camera Detector
Starting to feel a little paranoid? For about $90 you can buy this device from BrickHouseSecurity.com that uses light reflected off a camera lens to detect hidden cameras. It might give you some peace of mind next time you find yourself at some discount motel.
Cell Phone Eavesdropping Conspiracy
We don't know how real this is but we've heard it from enough sources to make it sound credible. The idea is that many cell phones can be manipulated through firmware modifications to transmit whatever the microphone hears when the phone is in use, not in use or even if it's turned off. We've read that big executives routinely remove the batteries from their phones before they go into important meetings. As they say here in the valley, "only the paranoid survive."
Here's a video describing how it works and how you can detect it in your phone.
Video from the U-Spy Store We have to say if this stuff wasn’t so strange it might be funny. Actually, the U-Spy store has some novel and even useful products for hiding your valuables.
There You Have It… Okay, now that you know how easy it can be for someone to record you without your knowledge it’s time to get back to the wholesome side of gadgets and gizmos. We don't think we'll be returning to this topic anytime soon, but you have to admit, it makes you wonder about this stuff and how it’s being used.
Making Water - Science Research and Saline Solutions Mood:
incredulous Now Playing: Drinking Water Harvested From Thin Air Topic: TECHNOLOGY Drinking Water Harvested From Thin Air
Not a plant to be seen, the desert ground is too dry. But the air contains water, and research scientists have found a way of obtaining drinking water from air humidity. The system is based completely on renewable energy and is therefore autonomous.
Cracks permeate the dried-out desert ground, the landscape bears testimony to the lack of water. But even here, where there are no lakes, rivers or groundwater, considerable quantities of water are stored in the air. In the Negev desert in Israel, for example, annual average relative air humidity is 64 percent – in every cubic meter of air there are 11.5 milliliters of water.
Research scientists at the Fraunhofer Institute for Interfacial Engineering and Biotechnology IGB in Stuttgart working in conjunction with their colleagues from the company Logos Innovationen have found a way of converting this air humidity autonomously and decentrally into drinkable water. "The process we have developed is based exclusively on renewable energy sources such as thermal solar collectors and photovoltaic cells, which makes this method completely energy-autonomous. It will therefore function in regions where there is no electrical infrastructure," says Siegfried Egner, head of department at the IGB. The principle of the process is as follows: hygroscopic brine – saline solution which absorbs moisture – runs down a tower-shaped unit and absorbs water from the air. It is then sucked into a tank a few meters off the ground in which a vacuum prevails. Energy from solar collectors heats up the brine, which is diluted by the water it has absorbed.
Because of the vacuum, the boiling point of the liquid is lower than it would be under normal atmospheric pressure. This effect is known from the mountains: as the atmospheric pressure there is lower than in the valley, water boils at temperatures distinctly below 100 degrees Celsius. The evaporated, non-saline water is condensed and runs down through a completely filled tube in a controlled manner. The gravity of this water column continuously produces the vacuum and so a vacuum pump is not needed. The reconcentrated brine runs down the tower surface again to absorb moisture from the air.
"The concept is suitable for various sizes of installation. Single-person units and plants supplying water to entire hotels are conceivable," says Egner. Prototypes have been built for both system components – air moisture absorption and vacuum evaporation – and the research scientists have already tested their interplay on a laboratory scale. In a further step the researchers intend to develop a demonstration facility.
Adapted from materials provided by Fraunhofer-Gesellschaft