Home » Posts tagged 'Kim Zetter'
Tag Archives: Kim Zetter
How Cops Can Secretly Track Your Phone
HOW COPS CAN SECRETLY TRACK YOUR PHONE
A guide to stingray surveillance technology, which may have been deployed at recent protests.
SINCE MAY, AS protesters around the country have marched against police brutality and in support of the Black Lives Matter movement, activists have spotted a recurring presence in the skies: mysterious planes and helicopters hovering overhead, apparently conducting surveillance on protesters. A press release from the Justice Department at the end of May revealed that the Drug Enforcement Agency and U.S. Marshals Service were asked by the Justice Department to provide unspecified support to law enforcement during protests. A few days later, a memo obtained by BuzzFeed News offered a little more insight on the matter; it revealed that shortly after protests began in various cities, the DEA had sought special authority from the Justice Department to covertly spy on Black Lives Matter protesters on behalf of law enforcement.
Although the press release and memo didn’t say what form the support and surveillance would take, it’s likely that the two agencies were being asked to assist police for a particular reason. Both the DEA and the Marshals possess airplanes outfitted with so-called stingrays or dirtboxes: powerful technologies capable of tracking mobile phones or, depending on how they’re configured, collecting data and communications from mobile phones in bulk.
Stingrays have been used on the ground and in the air by law enforcement for years but are highly controversial because they don’t just collect data from targeted phones; they collect data from any phone in the vicinity of a device. That data can be used to identify people — protesters, for example — and track their movements during and after demonstrations, as well as to identify others who associate with them. They also can inject spying software onto specific phones or direct the browser of a phone to a website where malware can be loaded onto it, though it’s not clear if any U.S. law enforcement agencies have used them for this purpose.
…click on the above link to read the rest of the article…
Leaked Files Show How NSA Tracks Other Countries’ Hackers
WHEN THE MYSTERIOUS entity known as “Shadow Brokers” released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material honed in on the most potent tools, so-called “zero-day” exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools the NSA uses to detect other nation-state hackers on the machines it infects.
It turns out those scripts and tools are just as interesting as the exploits. They show that in 2013 — the year the NSA tools were believed to have been stolen by Shadow Brokers — the agency was tracking at least 45 different nation-state operations, known in the security community as Advanced Persistent Threats, or APTs. Some of these appear to be operations known by the broader security community — but some may be threat actors and operations currently unknown to researchers.
The scripts and scanning tools dumped by Shadow Brokers and studied by the Hungarians were created by an NSA team known as Territorial Dispute, or TeDi. Intelligence sources told The Intercept the NSA established the team after hackers, believed to be from China, stole designs for the military’s Joint Strike Fighter plane, along with other sensitive data, from U.S. defense contractors in 2007; the team was supposed to detect and counter sophisticated nation-state attackers more quickly, when they first began to emerge online.
“As opposed to the U.S. only finding out in five years that everything was stolen, their goal was to try to figure out when it was being stolen in real time,” one intelligence source told The Intercept.
…click on the above link to read the rest of the article…
Malware Attacks Used By the US Government Retain Potency For Many Years, New Evidence Indicates
A NEW REPORT from Rand Corp. may help shed light on the government’s arsenal of malicious software, including the size of its stockpile of so-called “zero days” — hacks that hit undisclosed vulnerabilities in computers, smartphones, and other digital devices.
The report also provides evidence that such vulnerabilities are long lasting. The findings are of particular interest because not much is known about the U.S. government’s controversial use of zero days. Officials have long refused to say how many such attacks are in the government’s arsenal or how long it uses them before disclosing information about the vulnerabilities they exploit so software vendors can patch the holes.
Rand’s report is based on unprecedented access to a database of zero days from a company that sells them to governments and other customers on the “gray market.” The collection contains about 200 entries — about the same number of zero days some experts believe the government to have. Rand found that the exploits had an average lifespan of 6.9 years before the vulnerability each targeted was disclosed to the software maker to be fixed, or before the vendor made upgrades to the code that unwittingly eliminated the security hole.
Some of the exploits survived even longer than this. About 25 percent had a lifespan of a decade or longer. But another 25 percent survived less than 18 months before they were patched or rendered obsolete through software upgrades.
Chart: RAND
Rand’s researchers found that there was no pattern around which exploits lived a long or short life — severe vulnerabilities were not more likely to be fixed quickly than minor ones, nor were vulnerabilities in programs that were more widely available.
…click on the above link to read the rest of the article…
