Just when you thought the attacks on privacy couldn't get worse... If you still need a reason to switch to Linux then read the following extracts from a Sunday Times article:
THE Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant.
The hacking is known as “remote searching”. It allows police or MI5 officers who may be hundreds of miles away to examine covertly the hard drive of someone’s PC at his home, office or hotel room.
Material gathered in this way includes the content of all e-mails, web-browsing habits and instant messaging.
Under the Brussels edict, police across the EU have been given the green light to expand the implementation of a rarely used power involving warrantless intrusive surveillance of private property. The strategy will allow French, German and other EU forces to ask British officers to hack into someone’s UK computer and pass over any material gleaned.
A remote search can be granted if a senior officer says he “believes” that it is “proportionate” and necessary to prevent or detect serious crime — defined as any offence attracting a jail sentence of more than three years.
Richard Clayton, a researcher at Cambridge University’s computer laboratory, said that remote searches had been possible since 1994, although they were very rare. An amendment to the Computer Misuse Act 1990 made hacking legal if it was authorised and carried out by the state.
He said the authorities could break into a suspect’s home or office and insert a “key-logging” device into an individual’s computer. This would collect and, if necessary, transmit details of all the suspect’s keystrokes. “It’s just like putting a secret camera in someone’s living room,” he said.
Police might also send an e-mail to a suspect’s computer. The message would include an attachment that contained a virus or “malware”. If the attachment was opened, the remote search facility would be covertly activated. Alternatively, police could park outside a suspect’s home and hack into his or her hard drive using the wireless network.
Police say that such methods are necessary to investigate suspects who use cyberspace to carry out crimes. These include paedophiles, internet fraudsters, identity thieves and terrorists.
The hacking is known as “remote searching”. It allows police or MI5 officers who may be hundreds of miles away to examine covertly the hard drive of someone’s PC at his home, office or hotel room.
Material gathered in this way includes the content of all e-mails, web-browsing habits and instant messaging.
Under the Brussels edict, police across the EU have been given the green light to expand the implementation of a rarely used power involving warrantless intrusive surveillance of private property. The strategy will allow French, German and other EU forces to ask British officers to hack into someone’s UK computer and pass over any material gleaned.
A remote search can be granted if a senior officer says he “believes” that it is “proportionate” and necessary to prevent or detect serious crime — defined as any offence attracting a jail sentence of more than three years.
Richard Clayton, a researcher at Cambridge University’s computer laboratory, said that remote searches had been possible since 1994, although they were very rare. An amendment to the Computer Misuse Act 1990 made hacking legal if it was authorised and carried out by the state.
He said the authorities could break into a suspect’s home or office and insert a “key-logging” device into an individual’s computer. This would collect and, if necessary, transmit details of all the suspect’s keystrokes. “It’s just like putting a secret camera in someone’s living room,” he said.
Police might also send an e-mail to a suspect’s computer. The message would include an attachment that contained a virus or “malware”. If the attachment was opened, the remote search facility would be covertly activated. Alternatively, police could park outside a suspect’s home and hack into his or her hard drive using the wireless network.
Police say that such methods are necessary to investigate suspects who use cyberspace to carry out crimes. These include paedophiles, internet fraudsters, identity thieves and terrorists.
Homepage:
Comments
Hide the following 27 comments
Fuck the state
05.01.2009 16:12
I don't use wireless connections so they're aren't going to be able to sit outside my house and tap it, and all of my secure data is stored on a computer not connected to the internet or a network. They'd literally have to break into my house to access it, and even then they'd be there for years trying to brute force it... hardly covert.
I'd like to see them try
I'd like to see them try
05.01.2009 16:56
The most secure you'll ever get with computers is sticking half a pound of TNT in it and hitting a plunger: assume all computers are compromised and you may be a bit safer.
They wouldn't have to try very hard
Encryption
05.01.2009 17:07
secure:
none secure:
fta: Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.
Technitium MAC Address Changer:
hms brittian number
Future proof?
05.01.2009 17:22
The best thing is to do things face to face with those you know and trust. Simple as.
The old ways will always be the best ways!
Netcu Watch
Homepage:
http://netcu.wordpress.com
dumb people
05.01.2009 17:57
stalebread
article
05.01.2009 20:35
sue denim
The security industry.
05.01.2009 20:52
What could be the purpose of this story? Well, most who read this, whether they have something to hide or not, might well be thinking after reading this "hmmmm, I need to go out and buy some up to date anti-virus software, and I need to do this now". If you purchase things online then you will simply be guided to update your computer software with up-to-date coded software that has the effect of "pushing" onto the nations computers software that is firstly "up-to-date" and secondly "inline" with government requirements. How many of us can say that software we have installed on our computers is out-of-date and, therefore, problematic for the police, government and the "anti-terrorist loons" in the security industry?
There was a story recently about Microshaft forcably updating people's PC's with code snippets that would detect if your copy of Windoze was legit or not. The story was put out by newspapers in this country and elsewhere and now doubt many journalcysts were slapped on the back for their efforts. Realistically, all you needed to do to avoid it was turn off automatic updates.
Most people in the UK using PC's (not mac or OP's with Linux installed) use anti-virus software that should come bundled with the ability to lock down your computer halting access to the internet. Or you are simply operating your computer intelligently and are not likely to open dodgy emails anyway. Most do not operate wireless systems.
The methods described in this story simply imply that the police are using the criminal techniques that spammers, phishers and internet fraudsters use to gain access to your computer. The implication being that you have no defence against it or, if you are brought to court, the judge can successfully encouraged to read that you have fallen foul of something that, by its very automatic nature, was designed to entrap those who are up to no good...irrespective of any supplementary evidence.
Its just another example of government gone wrong and frankly says more about the methods used by try-hards within the police "service" than it says about anything else.
Operate your computer sensibly and make yourself aware that you have nothing to fear from those who will have you fear everything.
Solidarity.
Not a fool.
You'd like to see them try
05.01.2009 20:57
You must be into some Really Important Shit to have a separate PC for secure data, and to use PGP and all that shizzle.
Anne Archivist
tips?????
05.01.2009 20:58
one of many
Peek-a-boo watching you
05.01.2009 22:03
None of my PC usage is illegal, however, I extremely strongly resent such invasion of privacy that this I-spy goverment is embarking on! Not that it's a problem, for all I need to do is cancel my ISP's subscription fee, that ISP losing £16 per month, courtesy of this Big Brother bully! And cancel I shall! Simple as that!
It's a matter of principle, eh?
Francis H. Giles
e-mail:
francis@fgiles.orangehome.co.uk
To avoid keyloggers
05.01.2009 22:22
Use OpenBSD
Use deniable encryption if possible such as steganography. Straight strong encryption is of limited use because of RIP.
Use a biometric scanner for authentication instead of passwords. Alternatively cover your keyboard when entering your passwords to avoid surveillance cameras or snooping. Consider that even the sounds of your keyboard keys could be used to reconstruct your keystrokes.
Take measures against TEMPEST interception of EM radiation from your machine (suggestions? Maybe build a PC into an old microwave oven!?)
It's trivial to crack WEP wi fi AP's and of course use open ones. Also, use public AP's. Use a script (cron job) to change your MAC address regularly or every time you access a new network.
Use Tor.
Use web proxies.
inb4 tinfoil hat
anon
Gmail et al
05.01.2009 22:29
anon
To they wouldn't have to try very hard
06.01.2009 00:35
I have a post doctorate in digital forensics and encryption, I am fully aware of the states methods and limitations. Much of what they rely on is fear and stupidity, they attempt to scare you into compliance into revealing your keys they like to boast that they can break your 256 in minutes but in reality they can't (for the next few years anyway). They rely on human stupidity, little slip ups, and fear in order to access your data.
If you're totally paranoid and really have something to hide you might as well dismantled the hard drive, smash it to pieces, and melt it. That however is a little over the top.
I'd like to see them try
Poor old Bill
06.01.2009 01:10
This story should be a non-story for activists. I've a secure PC but it isn't very functional, and the last time the police came visiting I had popped to the downstairs toilet and had fogotten to lock the PC. Luckily they weren't interested in it.
PS when you melt a hard-drive, and you should, just melt the platters unless you are what I would call paranoid. The fumes can be nasty otherwise.
xMCSE
my pc
06.01.2009 11:15
e-best option
responce to i'd like to see them try 2
06.01.2009 15:54
legal cases can be kept open for years and years.
people who committed crimes 30 years ago are getting arrested now due to advancements in DNA technology.
its feasible for them to wait for advancements in computers
sue denim
I'd like to see them try
06.01.2009 18:16
They don't have to "scare" anyone, they'll just throw your arse in jail for NOT divulging the keys, and for many people just the thought of years in jail is an incentive to comply. Withholding keys has been a criminal offence in the UK for some time now... as has warning people that the police have been given encryption keys.
You would have to be up to some seriously heavy stuff not to cough up the keys and cop a 2 possibly 5 year custodial.
Why have your box rigged like Dr Evil's cave if you haven't anything to hide???
Anyone who trusts technology alone to protect them is a fool (who knows if someone should stumble on a breakthrough and knock Moore's Law into a cocked hat and make those brute force hacks look like a knife through hot butter (as someone pointed out, it's all a matter of time vs instructions per second)... I wouldn't bank on it; but anyone who does not use encryption is asking for trouble.
Just how do you stop them sticking sand-filled boxes/baffles around your base unit before they disable your alarm, pick the lock, open the box up and just syphon the drives without power ever going through your CMOS?
They wouldn't have to try very hard
To they wouldn't have to try very hard
06.01.2009 19:33
As to why I should rig my computer like dr evils cave there's plenty of reasons I could give to the police, fear of cyber criminals and identity fraud for example or I could even play the crackpot paranoid card and portray myself as an insecure loony. The possibilities are endless. Just because i've encrypted my computer doesn't mean I necessarily have anything to hide, people add passwords to things for a whole variety of mundane reasons.
However I said in my previous post I shan't divulge why my safe box is more secure than normal, I'd consider complete hard drive encryption to be a basic step to take if you don't use at least this then you are foolish in my eyes. There are further steps I've taken as stated I've a post graduate degree in digital forensics and encryption however i'm certainly not going to discuss them on line, best to leave a few surprises to confront any would be attackers with.
I'm not familiar with Indymedia having never heard of it before however this article caught my attention through a search engine, just thought i'd add my two cents or so to speak.
I'd like to see them try
Least bad UK ISP ?
06.01.2009 20:22
I know this is off-topic but since all the techies are here anyway I thought I'd ask since I couldn't think of a single brave UK ISP / hosting company. A decade ago I would have said Demon but today I could only recommend foreign organisations. Any tips would be for a good cause.
xMCSE
I'd like to see them try
06.01.2009 21:18
They wouldn't have to try very hard
@I'd like to see them try
06.01.2009 21:40
The only way I've ever heard of to create a completely plausibly deniable encrypted volume was with StegFS (an experimental and unfinished Linux filesystem). I personally would just hide my truly secret information in a large collection of images with steganography. A typical activist really hasn't got that much truly incriminating material after all, unlike say, a paedophile - unless they're keeping, say high resolution surveillance or maybe blackmail imagery / videos.
anon
lets face it its more than a chance you gambler you!
06.01.2009 22:54
as for isp's i've got no idea, their mostly shit.
talk talk is beyond shit.
and virgin media are founders of the "internet 2" censored internet project, so they'd be a big no no for me.
going back onto the track, with the stuff people get raided and nicked for now. you don't have to be doing something dodgy, Sean Kirkly got 4 years for running a legal website for a legit group.
can any give me any suggestions for some good user friendly (prefebly ubuntu freindly) linux encryption programs, my current setup is somewhat complex and i have on several occasions lost my data :-(
and my bank is getting sick of me asking for new login details.
sue denim
oh and
06.01.2009 22:58
sue denim
Deja Vuntu
07.01.2009 02:48
Who has an MSc ? I couldn't afford Uni for sure, I got an apprenticeship instead. Most computer users who can learn a wordprocessor can learn to how to encypt their data securely.
@anon
-How do you encrypt a volume within a volume such that if the exterior volume is decrypted, there's no evidence of the interior volume existing?
On technical forums it is considered impolite to ask questions you are obviously smart enough to research yourself.
-I personally would just hide my truly secret information in a large collection of images with steganography. A typical activist really hasn't got that much truly incriminating material after all, unlike say, a paedophile
Smarter than stegging all your activist data into your child-porn collection for sure but that isn't plausibly deniable. Although that does double-encypt if you are forced to open the StegFS volume then it is a simple matter to identify the stegged images or any other encrypted files for that matter. So whatever forced you to open the volume will force you to open the files.
It is also simple matter to identify if a drive has been encrpyted using Truecrypt but Truecrypt can nest one encrypted volume within another and fills up extra storage capacity such that it is indistinguishable and unidentifiable. Plus if you choose, you can encrypt it using a different algorythm and strength. Remember to setup your os so that all the system files are also on the hidden volume, but that is a simple dual-boot. RTFM -
-comments like that are gonna damage your fence in court when you "pretend to be a paranoid loonie".
Don't worry, I have testimony to that defence from other posters here!
@Sue Denim
-can any give me any suggestions for some good user friendly (prefebly ubuntu freindly) linux encryption programs, my current setup is somewhat complex and i have on several occasions lost my data
I can't recommend any user friendly Linux programs for anything I'm afraid! This will encrypt your email safe and will install on Ubuntu.
(Or for Microsofties -
xMCSE
xMCSE
07.01.2009 09:14
Now, I'm no sooperdooper expert in cryptography, but I suspect like you said finding stegged images will usually be routine (known algorithms, and cheksum versus visual content, noise patterns... would be my amateur guessing. Apparently GCHQ has had little bot apps scouring UseNet and known haunts for years now... but apparently there is a massive global organisation called al Qaeda with a big beardy man running it all from a cave...)
I guess such an approach would also apply to finding nested encrypted volumes too... but, from the close-by second-hand experience I have had, law enforcement tends to like applying initial brute force on hacking the 'suspect' more than the data: 'we can put you away in a federal prison for 20 years and you'll never see your kids again or you can sit there and write down all you passwords."
Someone asked about ISPs. To my knowledge there isn't a single UK-based ISP that will promise as a matter contract or sales pitch to fight any court orders. Most ISPs wil ignore complaints from nobodies. Some will readily comply with the demands of corporate attorneys (especially when it comes to TOS issues), all will buckle and yield to any court order, and from what I gather most won't ask the police to many jurisdictional questions, if any.
But I did read a few years back about some guy who has bought a decommissioned MOD platform in the Atlantic and is running "secure" accounts outside national law... but whether that was just leased lines or domestic too, I cannot remember.
I have no idea if he is kosher; I know some people who had offered similar services in the US were outed as "ex-NSA/CIA"...
But anyone in a built up area can homebrew a PMCIA WiFi card into a decent receiver dish and just piggyback open WiFi routers... and WEP is apparently as efficacious as wet toilet paper in keeping people out too, so I guess there will be WEP scripts out there.
They wouldn't have to try very hard
@They wouldn't have to try very hard
07.01.2009 18:09
I've read some critisms of Truecrypt, even on Indymedia, but no one has criticised its claim of plausible deniability.
I fully agree with you on the second point. I reckon if you even use low strength encryption then the biggest risk to your data is from someone you trust. Every algorithm can be broken eventually but people just break on their own, so I send my mail through Hotmail and the like and the only time I've used mail-encryption is for other peoples data. You can send an encrypted mail from the most secure PC possible in the most secure environment in the most secure manner and if the person you are mailing opens it on a PC fitted with say, a root-kit screen-scraper or any other minor fatal flaw, then you are fucked. Plus it saves me evaluating each person I email as to whether they are just malicious or stupid eough to cut'n'paste what I have written. I just don't have much data worth protecting and the stuff that is is too important to stick on any computer.
"But anyone in a built up area can homebrew a PMCIA WiFi card into a decent receiver dish and just piggyback open WiFi routers... and WEP is apparently as efficacious as wet toilet paper in keeping people out too, so I guess there will be WEP scripts out there."
I cable. If I was to be up to looking at or creating dodgy sites then I'd be tempted to install WiFi and not enable any security except to disconnect my PC cable when not in use, hide it in plain view so to speak and blame the kid across the street or at least 'plausibly deny' it was you. You can build a directional tube using a CD behind a WiFi stickk and a tube around it. Point it at the window of anyone you know uses WiFi - and if it is someone elses unprotected WiFi that is being used, it is unprotected for any 'lurkers' too. Most people don't change the default password on their router. Most people setup a new PC os and then immediately connect to the internet for security downloads, before setting up any security - and most of them with an unpassworded admin/su account, no wonder Cisco got rich.
xMCSE
MSc != MSCE
10.01.2009 20:03
MCSE is Microsoft Certified Systems Engineer which is a proprietary certificate. I think it expires after a number of years, which is why they are an xMCSE (ex-MCSE).
re: encryption on Linux:
Most distributions come with full disk encryption (apart from the boot image) as part of a standard install. Certainly the Debian-based Linux distributions like Ubuntu have this. I have always found it to work very well and to be very reliable.
g33k