Covert Communications: Using Gaming Networks to Plot Terror

With all of the monitoring software that has been turned from legend into fact in the recent years, it can be perplexing that terroist organizations are still able to remotly plan and, as we have seen in recent days, execute attacks on high profile targets. However, officials in Belgum have come up with a way they were able to plan attackes such as Paris: using gaming networks such as Sony’s Playstation Network used on their Playstation 4

This is just the most recent in commercial networks and applications being used to plan terrorist activities. Before the use of the Playstation Network, terrorist organizations have been seen using a mobile application called WhatsApp, which uses the internet to send messages from person to person, and has been shown to be difficult to monitor due to its high traffic and method of sending messages.

The Playstation Network, however, has proven more difficult than WhatsApp when it comes to intercepting terrorist communications, due to their lack of ability to intercept peer-to-peer IP based voice chat. This would mean that a terrorist meet up could happen in something as simple as an online game, and authorities would never know about it.

This doesn’t mean that they haven’t tried to gain legal access to VoIP communications. In 2010, the FBI pushed to have all lanes of communication monitoried, though the FCC had declined to give them access to the network then.

The main issue, however, is beyond the legal scope. While we are able to profile potential terror affiliates based on their internet usage, it is very hard to do so based on their console usage (uless we already know a terror affiliate uses a certain account). This, along with the Playstation Network having over 110 million users (for scope, that would make it the 11th largest country in the world), makes it a really hard field to narrow down.

And that is just for voice communication. If you start thinking about it, there are even ways to conduct non-verbal communication over a gaming network, from in-game destructables to placing items to form words or symbols that could mean something, that would not be traceable later, as they would be reset according to the loading of the game.

With these in mind, communicating over gaming networks may be the next large step in clandestine communications between persons or bodies that do not want anyone listening in to their conversations, as there are currently no real steps to trace anything that might happen there. This could lead to governments and groups not being able to trace the traditonal methods of communication, and increases the likelyhood of an unexpected attack on a high profile target.

-Will G. Eatherly

Sources:

Daily Mail article on topic: http://tinyurl.com/pxxekka

List of Countries according to population: http://tinyurl.com/qb8f8mv

Forbes article on topic: http://tinyurl.com/omftmlk

 

Advertisements

The Implications of the Paris Attacks in Respect to Consumer Encrypted Communication Services

It is highly probable that the effects of the recent Paris attacks will be seen throughout all aspects of cyber-security and privacy. In particular it is rather interesting to consider the effects in regards to consumer encrypted messaging services. It is often the case that there is change in security policy and measures that commensurate with a terror attack. Therefore it is reasonable and practical to envisage western governments to express interest and attention in encrypted messaging services.

On the market today there is a significant amount services that offer the consumer end to end encryption. Examples of such services are: What’s App, Silent Circle, and Wickr. What end to end encryption is, in respect to communications, is the ability for users to communicate to both end completely encrypted. The result of this technology is that the only users able to read and interpret data are either the sender or the receiver. The implications of this is that there is no method of which any organization has the ability to read and interpret the communications being sent, even the company hosting the service.

In the wake of these attacks, there will be a greater desire of law enforcement agencies of the western civilizations to have access to intercept these messages. Senator Dianne Feinstein from California is calling for a “back door” into these services, stating that it is a problem that these services can “create a product that allows evil monsters to communicate in this way.” It his highly reasonable to extrapolate that this is only the start of a conversation on consumer encrypted communication services.

These government agencies are calling for these “back doors” in the wake of these attacks because it allows terrorists to communicate and coordinate with the messages being completely encrypted. An organization named Middle East Media Research Institute has released a report stating that a significant number of radical groups are using these services to communicate. However it is important to review these reports with caution, because the institute who released these reports are a not for profit political organization located in Washington.  In addition it is dubious how the information was found, because according to the mechanics of end to end encryption this information is impossible to recover. However regardless of the verisimilitude of these reports, it is important to acknowledge the potential implications of these technologies.

In final it is significantly important to consider the technical implications of creating this “back door”. Creating this back door also creating an additional set of probable problems in regards to this topic. Nickolas Weaver, a senior researcher at the International Computer Science Institute, stated “You cannot hack a back door that lets only the good guys in… If you add one, it becomes usable by Chinese intelligence, Russian intelligence, and criminals.” Therefore if following these calls for an intercept-able encrypted messaging, would also ruin the purpose of using these services for communications.

In conclusion the future of consumer encrypted messaging services is uncertain in the wake of these attacks. The conversation in regards to public safety, in respect to these service is just beginning. It is also important to consider the technical consequences of creating a “back door.” The Paris attacks will a have a wide-reaching effect in the realm of information security, consumer encrypted messaging is only one of the many aspects that may be altered in the wake of these attacks.

Michael Henry Boc

 

http://www.nbcnews.com/storyline/paris-terror-attacks/paris-attack-could-renew-debate-over-encrypted-messaging-apps-n464276

http://www.wired.com/2014/11/hacker-lexicon-end-to-end-encryption/

http://www.memri.org/

 

Windows 10 Scans for Counterfeit Software

 

 

 

2000px-The_Pirate_Bay_logo.svgPirate Bay, an online index of digital content, has been up since 2003, with irregular down times and  many legal allegations facing it. But, after such a long time, it may be facing something that may potentially bring it to its demise. Some users of Windows 10 reported that they have encountered security measures on the OS that don’t allow them access to torrenting services. These measures include not being allowed access to torrenting or file sharing sites, windows scanning systems’ hard drives for counterfeit software, sending contents of HDDs to local servers, and torrent files simply disappearing. Measures such as these would makes sense if they were implemented on Microsoft’s newest OS, primarily because Windows 8 was one of the most torrented operating systems in the world. Many private torrent tracker groups, in response to these reports, are banning the use of Windows 10 among members. A lot of the hype about Windows scanning hard drives for counterfeit software comes from the services agreement that says:

“We may automatically check your version of the software and download software updates or configuration changes, including those that prevent you from accessing the Services, playing counterfeit games, or using unauthorized hardware peripheral devices.”

This could be applied to random copies of bootlegged software, but it most likely is covering Xbox services that look for counterfeit games. At this point in time, there is no hard evidence that Microsoft is taking up arms against illegal software through its new OS.

 

Links:

http://gizmodo.com/hardcore-pirates-are-reportedly-banning-windows-10-1726044389

http://www.realtytoday.com/articles/51986/20151114/the-pirate-bay-tpb-cant-get-through-microsoft-windows-10.htm

 

-Tory Leo

Is your phone really locked?

business_users_lock

Recently, new information has been discovered regarding lock screen vulnerability on certain Android products. “Google recently issued a patch for Nexus mobile devices to fix an Android Lollipop vulnerability that lets hackers bypass the lock screen and gain control of mobile devices. However, it could take weeks to months for manufacturers and service providers to roll out the patch for other Android devices.” University of Texas security researcher John Gordon was the person to discover this exposure of information.

Locking methods of the pattern or PIN lock do not provide a text field. The hack needs text pasted into that field to crash the lock screen so the safest thing to do is to use one of those two methods of securing your cell. “Lock screen security in general is iffy, lock screen vulnerabilities happen on all mobile operating platforms,” Lysa Myers, a researcher for Eset told LinuxInsider.

Many owners of these types of phones may ignore this recent news as they fell they have set a tricky password to crack but that is no deterrent to these hackers. “This is a major threat. Even when users feel confident about locking their phone with a strong password, if their device is exposed to this exploit, it does not really matter how strong the password is,” said Armando Leon, director of mobile at LaunchKey.

Overall, it could take many months for most users to receive the patches. As these patches are slowly getting out to the users at such a slow speed there is not any measures in place to stop these hackers from bypassing a persons lock screen and going straight to their home screen. This results in loss of personal data as well as huge inconvenience to the owner.

Source: http://www.technewsworld.com/story/82513.html

Lisa Ann Hornak

Smart Watch Security Threats

As with any piece of new technology, the introduction of smart watches come with new threats to security. A recent study was conducted on these watches and to no ones surprise, many vulnerabilities were found. A few of the vulnerabilities listed include, a lack of transport encryption, lack of user authentication, privacy problems, and firmware problems. It was also found that communications were easy to interfere with and intercept. This means that as of right now, if sensitive data is being transmitted over the watches, anyone could get a hold of it.

Experts recommend to protect sensitive information with strong passwords and to make sure you are controlling your communications to avoid middle man attacks. Another suggestion they make is to manage your transport layer security settings and make sure they are in good shape for protecting you. The biggest concern however seems to be the vulnerabilities of the apps rather than the watch itself. Previously there have been attacks on apps for the iPhone and such so the experts say it wouldn’t be surprising to see attacks on the smart watch apps.

The bottom line is to approach these new smart watch products with care and to focus more on the security of the apps than the watch itself. Additionally, as time goes on, more apps for increased security will be released. Apple has already released several since the release of their Apple Watch.

-Thomas Coburn