Archive

Posts Tagged ‘Surveillance’

Auswirkungen des NDG auf lix.cc

September 26th, 2016 No comments

Direkte Auswirkungen des NDG auf schweizer Provider:

Betrifft hosting der Dienste auf lix.cc

Sehr geehrte Hosting Kunden von lix.cc

Auf Grund der Annahme des Nachrichtrendienst-Gesetzes vom vergangenen Wochenende, welches per 2017 in Kraft treten wird, ist zunächst unklar ob und in welchem Ausmass die Dienstleistungen von lix.cc am Standort Schweiz weitergeführt werden können.

Dieser massive Einschnitt in die Privatsphäre jedes Internauten bricht das Paradigma der Netz-Neutralität und verwirft fundamentale Strukturen digitaler Kommunikation.

Derzeit bleibt noch Zeit und Raum Lösungen für 2017 zu erörtern. – Was sicherlich nicht passieren wird ist dass Kunden von lix.cc der pervasiven Überwachung ausgeliefert werden.

Herzlich, Alex Antener

Terrorism & Mass Surveillance

April 24th, 2016 No comments

CCC proudly announces honorary members Chelsea Manning and Edward Snowden

August 24th, 2014 No comments

Congratulations, CCC!

Chaos Computer Club supports Chelsea Manning and Edward Snowden
2014-08-24 00:52:00, 46halbe

Since its founding more than thirty years ago, the Chaos Computer Club (CCC) holds strong beliefs in the freedom of information. Consequentially, freedom fighters and whistleblowers deserve our utmost respect and support. For this reason we will help the European legal team of Edward Snowden financially.

Asylum, legal counsel and protection are costly. This is why we decided to support Snowden’s six European lawyers with 36.000 Euro to cover their expenses. Earlier this year, the CCC general assembly also decided to offer Edward Snowden the honorary membership, which he accepted gladly.

“The long lasting dedication of the CCC and others for citizen’s rights and against mass surveillance paved the road for a broad public debate after Edward Snowden’s revelations”, said Snowden’s German lawyer, Wolfgang Kaleck. “Both the commitment as well as the support for Snowden require perseverance. The financial support provided will help sustain these efforts.”

Edward Snowden is the source of many leaks about the so-called Intelligence Community and their hacking and surveillance operations, which made news headlines all over the world. He ignited the necessary global discussion by informing journalists about how much and how deeply we are being spied on by the NSA and their partners, how they infiltrate telecommunication and Internet service providers. One of our central claims and part of our hacker ethics is: “Public data should be utilized, private data should be protected.” Edward Snowden had the guts to live by our principles.

Undoubtedly, Chelsea Manning’s courageous actions also stand in line with these values of ours. To express our support and respect, the CCC bi-annual general assembly unanimously voted for offering her the honorary membership. She agreed to accept our offer. Needless to say, it is an outstanding honor for us to count Chelsea Manning as one of us!

The former US private Chelsea Manning, stationed in Iraq in 2009 and 2010, was sentenced for violations of the Espionage Act and other offences in August 2013. Allegedly, she transferred hundreds of thousands of military and U.S. State Department documents and the infamous “collateral murder” video to Wikileaks. Detained as a political prisoner in 2010 under unduly harsh conditions without minimal standards of humane treatment and stripped of her clothing in custody every night, Manning is now serving a 35-year sentence for her courageous acts. [1]

Links:
[1] Alexa O’Brien at the 30th Chaos Communication Congress (30c3) reporting on the secret trial of Chelsea Manning
[2] Edward Snowden Interview Transcript

Brave! – Become a CCC member yourself today!

Swiss Aero space under military surveillance

August 21st, 2014 2 comments

Since monday night (18th August 2014) ADS95 Ranger Drones are flying within TMA (traffic manoevering area) LSZH (ICAO code for ZRH, Zurich), using callsigns such as FOCUS1 and FOCUS2, seemingly equipped with ADS-B, as they are now visible on Flightradar24 and other platforms.


(Note that the stupid military operator does not know that the transition level for TMA LSZH is FL70 and therefore asks for clearance for FL60 instead of 6000ft!)

The virtual pilot navigating the drone applied for respective flightplans (LSME ZUE ROMIR KLO LSME) with Skyguide, – according to my call with them, – from LSME (Emmen) to LSME, without further explanation, intention nor defined route.

As there is no comprehensible reason, such as WEF Davos or Swiss political revolution for such an operation, I hereby propose to install a selfshot system equipped with ADS-B receiver to take these surveillance systems down smash into ground!

RuagDroneADS94Ranger-20AUG2014-2257Z-D126

D113-drone-LSME-19AUG2014-2350Z

RuagDroneADS95Ranger-20AUG2014-2256Z-D8

Further I should say that the Swiss Military in Emmen was very surprised by my call (01:30 a.m. CEST) to learn hat the drones are visible for anyone, as they seemingly are equipped with ADS-B. – Grotesque!

The responsible person for the operation told me on the phone that the Ranger Drones by Ruag have been in a mission to secure the Swiss-Germano border for the whole week already.

RangerDroneADS95-20AUG2014-2321Z-D8

[Update 0130 UTC]
Mr. Röthlisberger, military police sergeant from VBS, was not only surprised to learn that the drones are visible for anyone through secondary radar, but, – surprisingly, – was not aware that drones from the swiss military were in operation at all, though his office is in charge for military operations within swiss aerospace!

RuagDroneADS95-21AUG2014-0117Z-D8

NOTAM:
RUAG AD95 drones by Swiss Military use callsigns FOCUS1, FOCUS2 etc., whereas the registration numbers vary from D-113, D-138, D-8 etc. (*not* HB-XXX, as usual for registered a/c for Switzerland).

Application of Human Rights to Communications Surveillance

June 5th, 2014 No comments

EFF Logo

34 International Experts Weigh in On Mass Surveillance on Snowden Anniversary

Today, a group of over 400 organizations and experts, along with 350,000 individuals, continue to rally in support of the 13 International Principles on the Application of Human Rights to Communications Surveillance (the Necessary and Proportionate Principles) a year to the day after Edward Snowden first revealed how governments are monitoring individuals on a massive scale. The international experts who supported the Necessary and Proportionate Principles has issued a press release containing quotes from professionals weighing in on the need to end the mass surveillance.

Source

[Update]
“Es ist Zeit, die Netze zurückzuerobern”

Swiss Lawful Intercept Report 2014

March 16th, 2014 No comments

Die Digitale Gesellschaft veröffentlicht heute einen Report zu den Überwachungsaktivitäten der Kantone und des Dienstes Überwachung Post-
und Fernmeldeverkehr (Dienst ÜPF). Der Swiss Lawful Intercept Report
2014 besteht aus mehreren Teilen:

  • Der Rückblick über die letzten Jahre zeigt den steten Anstieg der Überwachungsmassnahmen.
  • Die Statistik 2013 beleuchtet die Überwachungsmassnahmen nach Delikten und zeigt signifikante kantonale Unterschiede auf.
  • Ein Kapitel widmet sich der Gewichtung schwerer Straftaten, mit welchen immer wieder für Überwachung argumentiert wird, und zeigt auf,dass diese Straftaten nur einen geringen Teil an der Gesamtmenge an Überwachungen ausmachen.

Eine politische Einschätzung beleuchtet die Totalrevision des BÜPF (Bundesgesetzes betreffend der Überwachung des Post- und Fernmeldeverkehrs).

Der Swiss Lawful Intercept Report 2014 (PDF) steht online zur Verfügung.

Source

Hacker schedule 2014

January 6th, 2014 No comments

7. – 9. March 2014 eth-0
17. – 21. March 2014 Troopers
18. – 21. April 2014 Easterhegg
29. – 30 May 2014 HITBSecConf
13. – 15. June 2014 Chaos Singularity in Bienne
19. – 22. June 2014 Gulasch Programmier Nacht
July 2014 SIGINT
August 2014 ICMP7
September 2014 Datenspuren
24. – 26. October 2014 Hackover
27. – 30. December 2014 31C3

“ZEIT Online” Interview with Starbug

September 26th, 2013 No comments

Starbug-TouchID“The matter for Apple was comfort, not Security”

For Jan Krissler (aka Starbug) it wasn’t a struggle to bypass the fingerprint scanner of the iPhone 5s. In an interview he explains why passwords mostly are more secure than biometry.

ZEIT ONLINE: You did hack the fingerprint scanner of the iPhone 5s, why?

Jan Krissler: Since 10 years I deal with security of biometric systems, especially how to override them. From time to time, when a new product emerges, I look at it and check if the old techniques of bypassing still work, or if there are new challenges. With the TouchID sensor I assumed challenges but unfortunately was disappointed.

ZEIT ONLINE: Are fingerprints qualified at all to secure a telephone, a door or other things?

Jan Krissler: As with all biometric systems one must ask, what data or things you want to protect with it. If their value exceeds the effort to crack a system, the choice of an easily bypassable biometric system might not be the best choice.

ZEIT ONLINE: Which means that biometry is easier to overcome than a password for example?

Krissler: That depends on the password and how the user deals with it and, of course, also the biometric system. At least I assume my passwords to be more secure than my fingerprint. The problem is that one leaves fingerprints everywhere, that faces can be photographed unnoticed. My password is in my head and if I’m careful typing, I will remain the only one who knows it.

ZEIT ONLINE: Which biometric data would be appropriate to establish access control?

Krissler: There are certain characteristics that are better and characteristics which are less suitable. The better ones include those which you do not leave anywhere, or the ones that cannot be taken off easily and unnoticed. Which means, characteristics that you can actually only be read with an appropriate sensor. The vein pattern is a good example. I had assumed that Apple would apply something of the kind. After all at the launch of the iPhone it was announced that the scanner will have a sub-epidermal finger recognition, i.e. one that not only relies on finger ridges on the surface. Frankly spoken, I was shocked by how easy it was to bypass it.

But also in other processes such as vein patterns it must be clear: if someone gets access to such a characteristic, he will find a way to replicate it and thereafter to overcome the system.

ZEIT ONLINE: So why is biometry presently so highly touted as a security mechanism?

Krissler: As there is a big industry behind it and because biometry also is capable of identifying people.

ZEIT ONLINE: But isn’t it that biometry works fine to clearly identify someone, but not as good to have something secured?

Krissler: One can customize systems quite well, as long as they only need to distinguish people from each other. In this case the error rate is quite low. But once you have the whole of humanity, or in this case all iPhone users as a target group, things get quite impossible. Simply because its characteristics vary greatly. Biometry just also has its weaknesses. Unlike passwords that are either right or wrong, there is always a certain probability of match. Therefore the TouchID scanner isn’t really a security method, but a comfortable method. Had Apple made the mechanism more secure, too many people would have struggled turning on their iPhone and too many people would have been rejected too often.

Many don’t use any passcode on their smartphone at all, whereas using a fingerprint is still better than nothing – as Apple said at the launch. But it’s obviously about convenience and ease of use, not about security. Therefore I would not even want to rate TouchID associated with security practices.

ZEIT ONLINE: The iPhone has a fairly high status, many find it great. Is it a problem if such a popular device relies on biometry, and thus spread a, shall we say, problematic security method to be used?

Krissler: This has already begun with the fingerprints in the German identification card and the passport. Thus, methods that were actually intended to identify criminals, carried out to the general public. This of course is problematic. On one hand, because data is gathered that would not have to be captured and could be abused for other things. On the other hand because this way everyone is getting used to biometry and then use it for all sorts of applications. The best example for this is Hamburg, where at one school all students had to submit their fingerprints to get their lunch.

The interview was conducted in written via Jabber.

Original Interview (in German) by Kai Biermann (with kind permission for publication of my english translation).

Links:
ZEIT Online Article
Chaos Computer Club
Raumfahrtagentur
Neusprech

[Update 1st of October 2013]
Dustin Kirkland, a GNU/Linux Ubuntu Developer writes:

But biometrics cannot, and absolutely must not, be used to authenticate an identity. For authentication, you need a password or passphrase. Something that can be independently chosen, changed, and rotated. I will continue to advocate this within the Ubuntu development community, as I have since 2009.

read Fingerprints are Usernames, not Passwords

FaaS – Fuckup as a Service

August 19th, 2013 No comments

whistle.im-logo-bigAllegedly “save” and “secure” e-mail services nowadays start popping up all over the net. – Here’s the latest Fuckup called whistle.im which was revealed by CCC Hannover:

Seit uns die Snowden-Enthüllungen gezeigt haben, dass die NSA und das UK nicht nur in der Lage sind, alle Verbindungen, die die Grenze passieren mitzulesen, sondern dies auch tun, ist eine deutliche Steigerung des Interesses an Verfahren für die Verschlüsselung von Kommunikation im Internet zu erkennen. Dieses begrüßenswerte Phänomen entwickelt jedoch zunehmend einen bitteren Beigeschmack durch neu entstehende Projekte, die aus Marketingzwecken grade jetzt aus dem Boden gestampft werden. Diese Projekte spielen mit dem gesteigerten Problembewusstsein der Bevölkerung, ohne dass sie einen wirklichen Schutz liefern.

Neben der “E-Mail Made in Germany” brüstet sich ein Projekt von zwei Studenten namens whistle.im damit, sichere Ende-zu-Ende-Verschlüsselung anzubieten. Auch sie legen Wert auf den lächerlichen “Made in Germany”-Slogan. […]

Source

Categories: Technology Tags: , , , ,

“le dernier cri”: PRISM implementation

July 18th, 2013 No comments

orlyAre you thinking of buying the newest slick smartphone? Well then, get the latest “Blackberry Q10” with implemented sneaking high-end “suppa duppa” username & password delivery feature which sends your credentials directly to the NSA and all these “nice guyz” protecting us from “za thheRR0Riz”. – ’cause as you’ve nothing to hide anyways and ain’t give a shit about your goddam privvvazy! – Y0!1!!

When you enter your POP / IMAP e-mail credentials into a Blackberry 10 phone they will be sent to Blackberry without your consent or knowledge. A server with the IP 68.171.232.33 which is in the Research In Motion (RIM) netblock in Canada will instantly connect to your mailserver and log in with your credentials. If you do not have forced SSL/TLS configured on your mail server, your credentials will be sent in the clear by Blackberrys server for the connection. Blackberry thus has not only your e-mail credentials stored in its database, it makes them available to anyone sniffing inbetween – namely the NSA and GCHQ as documented by the recent Edward Snowden leaks. Canada is a member of the “Five Eyes”, the tigh-knitted cooperation between the interception agencies of USA, UK, Canada, Australia and New Zealand, so you need to assume that they have access to RIMs databases. You should delete your e-mail accounts from any Blackberry 10 device immediately, change the e-mail password and resort to use an alternative mail program like K9Mail.

Clarification: this issue is not about PIN-messaging, BBM, push-messaging or any other Blackberry service where you expect that your credentials are sent to RIM. This happens if you only enter your own private IMAP / POP credentials into the standard Blackberry 10 email client without having any kind BER, special configuration or any explicit service relationship or contract with Blackberry. The client should only connect directly to your mail server and nowhere else. A phone hardware vendor has no right to for whatever reason harvest account credentials back to his server without explicit user consent and then on top of that connect back to the mail server with them.

Recipe for own experiment:
1. set up your own mail server with full logging
2. create throw-away IMAP account
3. enter IMAP account credentials into Blackberry 10 device, note time
4. check mail with Blackberry
5. look in logfiles for IP 68.171.232.33 (or others from RIM netblock)

Source: Frank at geekheim & Fefe

SRSLY: think about digital disobediance. – NOW!