Computer Hacking is LEGAL @ GCHQ

1.  Privacy International , a UK-based registered charity that defends and promotes the right to privacy across the world, lost a case challenging RIGHT TO PRIVACY.

 

So as it stands the GCHQ now has a official tick to itself forcing into hacking devices to obtain intelligence thereby ensuring National Security interests.The court ruled in favor of GCHQ and thus for the first time the GCHQ has confirmed that it has been associated with hacking into IT and computer devices which till date were only thought in anticipation or were believed right based on the NSA whistle blower Edward Snowden.

 Source : http://www.wired.co.uk/news/archive/2015-03/20/gchq-hacking-faq

Source : http://www.wired.co.uk/news/archive/2015-03/20/gchq-hacking-faq

2.   An extract produced as follows from http://www.bbc.com/news/uk-politics-35558349

"Hackers can remotely activate cameras and microphones on devices, without the owner's knowledge, log keystrokes, install malware, copy documents and track locations among other things"

3.   Another extract produced below from the Investigatory  Powers Tribunal (IPT) complete copy of which is available for reading at http://www.ipt-uk.com/docs/Privacy_Greennet_and_Sec_of_State%20.pdf reads as follows :

 

"The use of computer network exploitation by GCHQ, now avowed, has obviously raised a number of serious questions, which we have done our best to resolve in this Judgment. Plainly it again emphasises the requirement for a balance to be drawn between the urgent need of the Intelligence Agencies to safeguard the public and the protection of an individual's privacy and/or freedom of expression."

3.   How much of this stands right or wrong irrespective,but one thing has come out large and clear....there stands no privacy while anyone is on the net...whatever you may do or attempt from your mobile device or the computer,nothing is yours.....

Anti Keylogger : KeyScrambler

1.   How would u ever know that all your key logs on the PC are not being logged by a key logger working incognito in the background?...if u r not the SMARTEST....m sure u will never know....so what can u do to avoid that when u know u r equally prone like anyone across the web space?...stop typing...or use OSK(on screen keyboard) or use KEY SCRAMBLER....which would encrypt every key stroke that u type on your pc immediately as you type....available in three versions....at this site at http://www.qfxsoftware.com/index.html.The good news is that one version is free that will take care of most of you.....

2.   Something about KeyScrambler.....is an anti-keylogging program that encrypts user keystrokes at the keyboard driver level, deep in the operating system. The scrambled keys are indecipherable while they travel to the destination app so that no keylogger can steal your passwords or other crucial information. Thus it defeats known and unknown keyloggers.The unobtrusive overlay window lets realtime encryption in process so you know how and when KeyScrambler is working. 

Image Courtesy : http://www.qfxsoftware.com/index.html (Click to enlarge)

HOW IT WORKS ?

-   As u type, this simultaneously encrypting your keystrokes at the keyboard driver level. Because KeyScrambler is located in the kernel, deep in the operating system, it is difficult for key loggers to bypass the encryption.

-   While the encrypted keystrokes travel along the crucial path, it doesn't matter if they get logged, or whether the keylogging malware is known or brand new, because your keystrokes remain completely indecipherable the whole time.

-   When the encrypted keystrokes finally arrive at the destination app, the decryption component of KeyScrambler goes to work, and you see exactly the keys you've typed.

3.   Thanks http://www.qfxsoftware.com/

FinFisher : THE LAWFUL INTERCEPTOR

1.  Some thing to read here about one security software named FINFISHER thats making some news...a sequence wise time line of events related to this is produced below : 

-  FinFisher is security software. 

-  Marketed by Gamma International to various government security officials assuring that it could be covertly installed on suspect's computers through exploiting security lapses.

-  In the name of Lawful Interception (LI), FinFisher was found in the Egyptian Secret Police Spy headquarters used to track people down during the revolution when Egyptian dissidents ransacked the office's of Egypt's secret police during the overthrow of President Hosni Mubarak 

-  Egyptian dissidents who ransacked the office discovered a contract with Gamma International for £287,000 for a license to run the FinFisher software.

-  A security flaw in so called "designed secure" applications like Apple's iTunes allowed unauthorized third parties to use iTunes online update procedures to install unauthorized programs.Gamma International offered presentations to government security officials at security software trade shows where they described to security officials how to covertly install the FinFisher spy software on suspect's computers using iTunes' update procedures.

FEATURES OF FINFISHER : 

-  FinFisher is able to record Skype and other voice over IP communications.

-  Logs keystrokes and turn on a computer's webcam and microphone. 

-  Can also steal files from a hard disk

-  Built to bypass dozens of antivirus systems.

-  Presently found across 12 C&C servers in 10 countries: the US, Indonesia, Australia, Qatar, Ethiopia, Czech Republic, Estonia, Mongolia, Latvia and Dubai.

-  Not confirmed by any govt agencies as being used officially but then who else would at such a large scale???

-  Expected to be particularly difficult to detect. 

-  Used to access target Systems to give full access to stored information with the ability to take control of target systems' functions to the point of capturing encrypted data and communications. 

"When used in combination with enhanced remote deployment methods, the Government Agencies will have the capability to remotely deploy software on target systems".............................extract from official finfisher site at http://www.finfisher.com/FinFisher/en/portfolio.php

2.    Thanks http://thehackernews.com and http://www.bloomberg.com

KYPS : HELPS AVOID BEING VULNERABLE!!

1. In an earlier post when I had discoursed how much prone are you at any cyber cafe or at some other non friendly computer when u surf web on a holiday outside or when u dont have your own laptop,how prone you become to keylogger!!I had given out given out few suggestions in form of using mobile/portable browser etc. that was at http://anupriti.blogspot.com/2009/06/are-you-secure-at-your-friendly.html

2. Not a new thing but I tried this for the first time yesterday ie KYPS that stands for Keep Your Password Secret.Now for the understanding of this I will write a small step by step instruction.

3. BACKGROUND

How to avoid typing username and password at the outside or malicious looking cyber cafe computer.?

4. SOLUTION

(a) Register at http://kyps.net/home/

(b) Get a set of codes at your email id

(c) Register those username/passwords site that u intend using sometime later at some other computer.

(d) Now when u wish to access the email account at the cyber cafe you simply have to log into the site of KYPS and site will help you reach and access the e-mail without using the username and password,but by using the one time codes that I had mentioned earlier.

5. EXAMPLE

(a) You register your email id abc@yahoo.com at KYPS.

(b) Once you register,a set of codes will be mailed to you.Qty will be decided as per your choice.Say 80.

(c) These codes will look some thing like :

100 9?nRQuJ8p 110 DzobNpk?M 120 Xg1Z2kXsL 130 maXXcACKV

101 x0Ivy4XsB 111 jcK8p7JRl 121 WqJ6GXDz4 131 XfjKVH65p

102 ilKzybBE0 112 /nvspLbmr 122 VoaX7yI1 132 5ILuG5ddN

103 tXaRNJwk? 113 lcMEO?GN? 123 MjpXow3CI 133 vBbKpkXiT

104 lAJNJnfcZ 114 Lf?U7Zzyn 124 VX71za0+J 134 KGXkxsVc

(d) You go to a Cyber Cafe.Log into the KYPS site with your e-mail id.

(e) Select which e-mail you would like to access.

(f) Once selected, KYPS will ask you the equivalent code of 100 ie 9?nRQuJ8p

(g) and you log into the email page to access your mails.

(h) DONE.That's it.

6. RISK

The only risk you build here is that since you rely on KYPS which has your info in their server but they claim is never stored.So one risk closed is one risk open......thats the funny side of SECURITY

Are you secure at your friendly neighbourhood CYBER CAFE ?

1. This one comes after I have read a wonderful article in the DIGIT Carnival issue Jun 09 on Cyber café Security. This article covered how few Cyber Cafe’s with notorious intentions can play with crucial, critical and confidential information of the user who might have accessed his e-mail accounts or would have booked a flight ticket with his credit card or might have done some personal work on the cyber cafe’s PC.In the following paragraphs I would just go over the preventive measures in brief as outlined in that article. Genuine Informative CREAMY INFO THAT IS!!!!!!!!

2. PORTABLE WEB BROWSER : A portable web browser as the name suggests would be able to allow you to take bookmarks and passwords with you while not writing any information on the host computer. This allows to bypass key loggers who would be expecting that all that you type would be logged in one separate file unknown to the user. So this feature of the portable browser would allow you to access your accounts without typing and thus preventing from leaking your crucial info. But at the same time you have to be aware that PENDRIVE would be equal to your most precious thing in life….so don’t ever try and attempt loosing it.Mozzilla,Opera have these free softwares ready for download at the click of a button and Chrome is working still!!!!!

3. Another thing about the key logger software’s available in the market, yes they include OPEN SOURCE TYPE ALSO………so all the more vulnerable the user becoming a quarry. Key logger can be of two types :

a. Hardware Type – By using a small chip in the keyboard which makes by passing impossible.As shown in the figure below,we see a normal CPU rear from back and another PC with the malicious chip placed in between the cable.

b. Software Type – Can be activated with the help of a Trojan or with the help of a simple installation.

4. A software based key logger can either keep a record of what is being typed or would be able to take periodic screen shots while the user is using the PC.All this being sent to a remote server without the knowledge of the bechara user.Hai na kamaaal ke baat!!!!!!!!!!

5. VIRTUAL KEYBOARD : Although the endeavor of the cyber cafe PC user should be to ensure that in no circumstance, credit card details should be typed,but if at all it is marta kya na karta wali baat,then use of virtual keyboard should be exploited. This would be available as Start > Accessories > On Screen Keyboard.Although there are ways and means to even break this,but then there would never be a guarantee of sort…after all U R ON THE WEB BHAISAAAB…..every thing is accessible.

6. I would like to mention one more thing here….VIRTUAL KEYBOARDS/ON SCREEN KEYBOARDS are not a guarantee for ensuring safety. There are key loggers which are even configured to log only details from on screen key boards. There is a solution to this also and that is OBFUSCATION.

7. OBFUSCATION : This basically allows key loggers to log a certain combination of keys,while keying in different combination. There are some programs that are targeted at different obfuscation algorithm and thus by pass typing in the meat thing. Obfuscation is actually the deliberate hiding of the software's behavior, is used by malware authors as well as legitimate software developers. They both use code obfuscation techniques to keep curious souls from understanding how their software works and what it is doing to the computer on which it runs.A complex thing in itself but who needs to know that….aaam khao….not to worry of guthli!!!!!!!!!!!How to use it?Pl BING or Google.

8. Another important thing to be ensured is to protect your USB drive from Viruses.The first thing to do when you plug in your USB Drive into a public computer is to identify and disable malicious processes running. Process Explorer is a good utility for doing this.This is actually like windows task manager but with few more good options to work on. A Screen Shot from my lap top shown below.

9. Securely deleting data : Last but not the least…ensure using a good software that ensures that no trace of activity on the used computer is left behind.I recommend using ERASER and Free Commander ……tried and tested……………