An amendment to Rule 41 would allow the FBI to obtain a warrant from any court to hack multiple computers rather than from one with jurisdiction over the target’s location. All the FBI would have to do in order to get the warrant would be to prove the target is obscuring their location.
Therefore, the FBI would theoretically only need one warrant from anywhere in America to hack multiple computers all over the world. This is scary to think about. Tor users should be aware of this.
Some people seem to be not as worried stating that the FBI would still need probable cause. They also point out the logic in that it is hard to get a warrant to hack a computer if you cannot determine the computer’s location.
This will go into effect starting December 1st unless Congress blocks it.
Apple’s head of security engineering and architecture, Ivan Krstic, announced that apple is ready to open up its vulnerability reporting process to researchers. They are launching a bug bounty program that offers rewards for zero-day vulnerabilities that allow vicious code exploits.
This idea came about after an incident involving an activist in the United Arab Emirates, Ahmed Mansoor, where three zero-days were discovered with the ability to spy on his messaging and calls. This incident caused Apple to realize that hackers had shifted their focus from desktops/laptops to mobile phones.
The iOS exploit used to target Mansoor was a three pronged approach that started as a very believable phishing attack that when clicked downloaded two kernel exploits to the device. Now that the malware has been exposed, Citizen’s Labs has discovered that the exploit was the work of an Israel based surveillance software developer group, NSO. Lookout estimates that the exploit has been available for purchase for approximately two years.
Now that the NSO group has been made public and the zero-days have been patched there are now ways to scan if your devices have been compromised and Apple is pushing harder than ever before to find its vulnerabilities.
Apple zero-days mark a new era of mobile hacking
After the Paris attacks last month, many international counter-terrorism authorities were surprised at the ease of tracking the perpetrators movements after the fact through their use of technology. Over the past years, ISIS operatives have been notoriously hard to track because of their technological proficiency and because of the 34 page handout that all of the new recruits receive. Originally written by a professional security firm to aid journalists and whistleblowers, ISIS has adopted the guide for their own use. The handbook has handy links to tools like Tor, ProtonMail, and other encrypted communication platforms. Alongside this also lie some helpful tips to make tracking harder, like disabling GPS on your cell phone. But the question still remains: if the Paris attackers had access to all of this information, then why was it so easy to track them? Well, that’s simple. Even if someone has access to all of the tools they need, they are useless if not effectively utilized. The attackers communicated thought unencrypted channels and were generally sloppy, making things much easier for the authorities.
There is a new wireless technology being developed and currently tested in Estonia. It is called LiFi and was originally discussed by German physicist Harold Haas in 2011. It is similar to WiFi but instead uses Visible Light Communication. The data is transmitted by LED lights that flicker at an incredibly high rate to send data. This new technology can transmit data at speeds up to 1GBps. The future of this technology could mean having every light bulb made with a microchip that would allow it to transmit data.
Many people have some concerns about the practical use of this type of technology. Because this method relies on visible light, transmissions cannot pass through walls. This is a serious issue for home or office use, and could make the technology much less viable short term.
Another issue is the requirement to always be running lights in order to maintain the network. This would be a potential burden on any business or personal network that might want to use it. Falling asleep to tv in bed could get much more difficult soon.
News Week Li-Fi
In an effort to boost it’s defenses, South Korea has enlisted 120 of it’s most talented programmers, offering full scholarships for 7 years of military service. Korea University’s national cyber-defense department will produce it’s first batch of graduates next year.
This program is just a part of a broader build-up though. South Korea is increasing the size of it’s cyber command to 1,000 people and increased information security spending by almost %50 between 2009 and 2015.
Unfortunately though, the South is racing to catch up. North Korea started training it’s hackers in the early 90’s and, according to the chief of S.K.’s defense security command, has 1,700 highly skilled and specialized hackers. He also called North Korea a ‘global cyber power.’
The South has been playing catch up for awhile actually, it wasn’t until a ‘suspected’ North Korean attack in 2009, that paralyzed a large number of government websites, that the South set up a cyber-defense command. In 2013 North Korean hackers attacked South broadcasters and banks. An estimated 32,000 computer servers were paralyzed, and the country lost an estimated 750 million dollars in economic damage.
Luckily South Korea seems to be training some excellent talent in their national cyber-defense department. This is shown by their students winning the ‘Hackers World Cup’ this year in August at Defcon in Las Vegas.