Who is watching you?

Who is watching you?

More and more, government is spying on its citizens. Not just our government, but all governments. If you remember a couple of weeks ago intrusions into former CBS News correspondent Sharyl Attkisson’s computers constituted the narrative spine of the new book she has authored.

Governments all around the world use malware and spyware to keep tabs on people, from visitors to residents. But now there is hope. A security researcher’s has come up with a tool that can now determine if your computer is infected with spyware.

The Detekt tool was developed by Berlin-based security researcher Claudio Guarnieri and supported by several human-rights groups. Detekt checks for malware that is often used against journalists, activists and other people frequently targeted by governments.

The app is available as a free download. Detekt is primarily a scanner; its primary purpose is to warn users if they’re being spied on, not to remove that spyware. If Detekt does detect spyware, the researchers recommend users disconnect that computer from the Internet and stop using it immediately. Then, users should contact an expert via a computer they don’t normally use.

Detekt is currently compatible with Windows XP, Vista, 7, 8, NOT  8.1. It’s available in English, German, Italian, Spanish, Arabic and Amharic, the national language of Ethiopia.

According to Amnesty International, one of Detekt’s co-sponsors, an early version of the tool was used to investigate surveillance practices in several countries. Detekt discovered that several human-rights lawyers and activists in Bahrain were being spied on with a commercial piece of spyware called FinSpy.

Amnesty International warns that Detekt can’t magically detect all spyware; rather, it is designed to recognize some of the most commonly used and encountered commercial spyware. The developers will continue to update Detekt as the spyware it targets evolves and changes.

“The growing trend in indiscriminate mass surveillance on a global scale was laid bare by the Edward Snowden disclosures,” writes Amnesty International. “Following the lead of the USA and other industrialized countries, governments everywhere now justify the use of such surveillance. This has a chilling effect on the rights to freedom of expression and peaceful assembly in countries across the world.”

Creep factor on high. An open window to your home,WITHOUT you knowing…..

Yesterday I stumbled onto a site indexing 73,011 locations with unsecured security cameras in 256 countries …unsecured as in “secured” with default usernames and passwords. The site, with an IP address from Russia, is further broken down into insecure security cameras by the manufacturers Foscam, Linksys, Panasonic, some listed only as “IP cameras,” as well as AvTech and Hikvision DVRs. 11,046 of the links were to U.S. locations, more than any other country; one link could have up to 8 or 16 channels, meaning that’s how many different security camera views were displayed on one page.

1

Truthfully, I was torn about linking to the site, which claims to be “designed in order to show the importance of security settings;” the purpose of the site is supposedly to show how not changing the default password means that the security surveillance system is “available for all Internet users” to view. Change the defaults to secure the camera to make it private and it disappears from the index. According to FAQs, people who choose not to secure their cameras can write the site administrator and ask for the URL to be removed. But that requires knowing the site exists.5

There are 40,746 pages of unsecured cameras just in the first 10 country listings: 11,046 in the U.S.; 6,536 in South Korea; 4,770 in China; 3,359 in Mexico; 3,285 in France; 2,870 in Italy; 2,422 in the U.K.; 2,268 in the Netherlands; 2,220 in Columbia; and 1,970 in India. Like the site said, you can see into “bedrooms of all countries of the world.” There are 256 countries listed plus one directory not sorted into country categories.4

The last big peeping Tom paradise listing had about 400 links to vulnerable cameras on Pastebin and a Google map of vulnerable TRENDnet cameras; this newest collection of 73,011 total links makes that seem puny in comparison. A year ago, in the first action of its kind, the FTC brought down the hammer on TRENDnet for the company’s “lax security practices that exposed the private lives of hundreds of consumers to public viewing on the Internet.”3

Security cameras are supposed to offer security, not provide surveillance footage for anyone to view. Businesses may be fine with that, but cameras that are not truly locked down in homes invite privacy invasions. In this case, it’s not just one manufacturer. Sure, a geek could Google Dork or use Shodan to end up with the same results, but that doesn’t mean the unsecured surveillance footage would be aggregated into one place that’s bound to be popular among voyeurs.2

There were lots of businesses, stores, malls, warehouses and parking lots, but I was horrified by the sheer number of baby cribs, bedrooms, living rooms and kitchens; all of those were within homes where people should be safest, but were awaiting some creeper to turn the “security surveillance footage” meant for protection into an invasion of privacy.

Randomly clicking around revealed an elderly woman sitting but a few feet away from a camera in Scotland. In Virginia, a woman sat on the floor playing with a baby; the camera manufacturer was Linksys. There was a baby sleeping in a crib in Canada, courtesy of an unsecured Foscam camera, the brand of camera most commonly listed when pointing down at cribs. So many cameras are setup to look down into cribs that it was sickening; it became like a mission to help people secure them before a baby cam “hacker” yelled at the babies.6

I wanted to warn and help people who unwittingly opened a digital window to view into their homes, so I tried to track down some security camera owners with the hopes of helping them change the default username and password. It is their lives and their cameras to do with as they think best, but “best” surely doesn’t include using a default username and password on those cameras so that families provide peep shows to any creep who wants to watch.

The site lists the camera manufacturer, default login and password, time zone, city and state. The results for each camera are also theoretically pinpointed with longitude and latitude on Google Maps. That can be opened in another browser window, zoomed into, converted to Google Earth, then Street View in hopes of seeing an address to take into a reverse phone look-up. It’s slightly easier if it’s a business and you see a name on a building. There may be an easier way, as it was slow and frustrating.

I’m unwilling to say how many calls I made, or else you might think I enjoy banging my head against the wall. It was basically how I spent my day yesterday. Too many times the location couldn’t be determined, led to apartments, or the address wasn’t listed in a reverse phone search. After too many times in a row like that, I’d switch to a business as it is much easier to pinpoint and contact.

One call was to a military installation. Since the view was of beautiful fall foliage, it seemed like a “safe” thing to find out if that camera was left with the default password on purpose. Searching for a contact number led to a site that was potentially under attack and resulted in a “privacy error.” Peachy. Then I had two things to relay, but no one answered the phone. After finding another contact number and discussing both issues at length, I was told to call the Pentagon! Holy cow and yikes!

ALWAYS, ALWAYS, ALWAYS change the default passwords on your equipment, routers, cameras, etc. If you are unsure on how to do this please contact us to regain that peace of mind.

The largest-scale attack of its kind on Apple devices

A pernicious piece of Apple focused malware reared its ugly head this week. It may have infected as many as 356,000 users.

The malware first infects Mac OS X machines, from standard desktop Macs to MacBooks, and then infiltrates all other iDevices, from iPhones to iPads, by installing rogue apps on them when they’re connected by USB. And unlike previous strains of iOS malware, it doesn’t need the device to be jailbroken. Palo Alto Networks, the company that has investigated and given a name to WireLurker, calls it a “new breed of threat to all iOS devices”.A developer at Tencent, initially observed WireLurker at the start of June.

It’s little surprise so many downloaded WireLurker, given it was packaged inside seemingly legitimate apps, including some big name games – Sims 3, Pro Evolution Soccer 2014 and Angry Birds to name a few. They were unofficial, pirated versions of the games, however. And those who did get infected, who were only trying to get knock off copies of those titles, likely had various pieces of data stolen from their Apple devices, including the machine’s ID number and Wi-Fi addresses it used.

Herein lies the intriguing element to this nasty piece of kit. The malware seems to be more concerned about identifying the device owners rather than stealing much data. “In other words, WireLurker seems to be targeting the identities of software pirates,” noted Jonathan Zdziarski, an iOS security expert. On jailbroken iPhones, the malware does seek to acquire more information, including SMS messages.

Could WireLurker be a law enforcement tool? If it is, then it’s another sign that the NSA isn’t phased by Apple’s attempts to keep its users secure and private. Just last month, it was accused of trying to intercept iCloud users passwords, which it subsequently denied.

WireLurker was able to get malicious apps onto iOS devices by abusing “enterprise provisioning”. This allows apps not in Apple’s official stores to be downloaded as long as they are signed by an enterprise certificate, which Apple could revoke (though Zdziarski notes additional certificates could be issued and fresh copies of the malware installed). Users should always fear Apple’s requests for confirmation to open a third-party application, unless certain of its authenticity.

Zdziarski thinks that WireLurker looks primitive, yet shows up a major security hole in Apple’s pairing mechanism between its PCs and mobile devices. “The real issue is that the design of iOS’ pairing mechanism allows for more sophisticated variants of this approach to easily be weaponized,” he added. “While WireLurker appears fairly amateur, an NSA or a GCHQ, or any other sophisticated attacker could easily incorporate a much more effective (and dangerous) attack like this.”