Social Icons

Showing posts with label snowden. Show all posts
Showing posts with label snowden. Show all posts

Sunday, August 13, 2017

Whonix : Debian GNU/Linux based Security-focused Linux distribution

1.     Even if one is not doing anything wrong, he is being watched and recorded in real time as Edward Snowden revealed few years back. Most Internet users value online anonymity, with majority saying they have taken steps to remove or mask their digital footprints, and  reporting that they have taken steps to avoid being observed by specific people, organizations, or governments.Whonix is a Debian GNU/Linux based security-focused Linux distribution which aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", running Debian GNU/Linux. All communications are forced through the Tor network.This post gives you screen-shots of installation and execution of the virtual appliances involved.

2.    The Gateway VM is responsible for running Tor, and has two virtual network interfaces. One of these is connected to the outside Internet via NAT on the VM host, and is used to communicate with Tor relays. The other is connected to a virtual LAN that runs entirely inside the host.

3.    The Workstation VM runs user applications and is connected only to the internal virtual LAN, and can directly communicate only with the Gateway, which forces all traffic coming from the Workstation to pass through the Tor network. The Workstation VM can "see" only IP addresses on the Internal LAN, which are the same in every Whonix installation.

4.  Download the two virtual machines ie the Gateway and the workstation from https://www.whonix.org/wiki/VirtualBox

5.   Once you download the two machines as above from the link in reference,the following screen-shots will assist you in installation of the same.The two downloaded files are seen below : 
Instead of typically creating a virtual machine and then mounting a vdi,in this case more simply we have to just import the .ova appliance,rest is in auto mode.
Next
Next
Agree to the T&C
Next
Will take few minutes loading
Next
Import
Agree again
Import appliance of the workstation
So u have two machines in the virtualbox console as seen in the bottom two listing below :
Just click both with the start button...and the machine start



Next
Next
Next
Ok
Updated TOR download



Here we see the IP address relating to Budapest Hungary....and thats surely not the user....:-)

Saturday, February 13, 2016

Computer Hacking is LEGAL @ GCHQ

1.  Privacy International , a UK-based registered charity that defends and promotes the right to privacy across the world, lost a case challenging RIGHT TO PRIVACY.

 

So as it stands the GCHQ now has a official tick to itself forcing into hacking devices to obtain intelligence thereby ensuring National Security interests.The court ruled in favor of GCHQ and thus for the first time the GCHQ has confirmed that it has been associated with hacking into IT and computer devices which till date were only thought in anticipation or were believed right based on the NSA whistle blower Edward Snowden.

 Source : http://www.wired.co.uk/news/archive/2015-03/20/gchq-hacking-faq

Source : http://www.wired.co.uk/news/archive/2015-03/20/gchq-hacking-faq

2.   An extract produced as follows from http://www.bbc.com/news/uk-politics-35558349

"Hackers can remotely activate cameras and microphones on devices, without the owner's knowledge, log keystrokes, install malware, copy documents and track locations among other things"

3.   Another extract produced below from the I
"The use of computer network exploitation by GCHQ, now avowed, has obviously raised a number of serious questions, which we have done our best to resolve in this Judgment. Plainly it again emphasises the requirement for a balance to be drawn between the urgent need of the Intelligence Agencies to safeguard the public and the protection of an individual's privacy and/or freedom of expression."

3.   How much of this stands right or wrong irrespective,but one thing has come out large and clear....there stands no privacy while anyone is on the net...whatever you may do or attempt from your mobile device or the computer,nothing is yours.....

Sunday, January 31, 2016

Detecting Firmware Infection : Prelim start@Google's VIRUSTOTAL

1.   The severity in cases where firmware is already infected at the time of first purchase by the user is now being realized over the years. Be it the Dell server case , Seagate firmware case , Equation Group , Proof of Concept for even Macs , NSA revelations by Snowden and the list is pretty long to workout.Over various discussions and forums I read across I could never get any kind of implementing a solution to detect a threat at the firmware level not before I read about about the first such attempt via Google VirusTotal.

2.   Google’s VirusTotal service has come-out with a new tool that analyzes firmware, the low-level code that bridges a computer’s hardware and operating system at startup. The new tool will label firmware images as either legitimate or suspicious. It can also extract certificates attached to firmware and if there are other executable files inside of it. The tool can extract portable executables (PEs) inside firmware since these could sometimes be a source of malicious behavior. 

“These executables are extracted and submitted individually to VirusTotal, such that the user can eventually see a report for each one of them and perhaps get a notion of whether there is something fishy in their BIOS image,” Santos wrote. 


3.   It will now be possible for people to extract their own firmware and submit it to VirusTotal, which has the potential to create a database of various firmware images that could contribute to research into bad ones. 

4.    No details could be fetched across of how it actually works.But happy about there being a kind of first.More options wil arise after this circulates around and we have a secure eco-system of web.

Thursday, November 27, 2014

VPN: Graduating to NECESSITY!!!!

1.   Years back in India some where in 1990's...computer was still a rich men's possession...so was the case with plain mobiles graduating further to smart phones..but over the years today both are part of routine possession of every one...PCs/Laptops/Tablets today have entered almost all domains of most of the minutes we spend with our eyes open...whether it is office...studies... entertainment.. personal life... everything...The growing dependence has made new problems too...prime being PRIVACY.The privacy issue has recently taken a more serious note with so many Cyber Espionage operations coming in open...wiki leaks happening...Snowden out in open with his story ...government backed cyber traffic monitoring projects incl few as mentioned below :

    PRISM
    ECHELON
    Carnivore
    DISHFIRE
    STONEGHOST
    Tempora
    Frenchelon
    Stellar Wind
    Fairview
    MYSTIC
    Bullrun
    Upstream

    
2.   The above list is actually endless with specific aims of collecting information in form of call records,location mapping,building profiles....all happening in the name of building Intelligence for the safeguard of respective individual nations.There is no way one naive citizen without a tech background of any country can safeguard himself from all above operations and projects.In recent times.....VPN has been increasingly showcased across various forums and even by the likes of Snowden and Julian Assange who have used it in their routine transactions of email...Skype and messaging someone..

VPN is a network that is constructed by using public wires — usually the Internet — to connect to a private network, such as a company's internal network.  There are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
3.  Now with the growing paranoia and due concern of Cyber Security and Privacy in general public too,the option of VPN has started gaining due focus....with free VPN Services in abundance...like openvpn, freevpn, vpnbook,Shrew Soft, Comodo Unite and the free/basic version of Hamachi etc...the lure is only becoming more tempting. Most people are coming out of the typical mindset of VPN being only a corporate protocol for business travellers and people who work remotely.VPN is thus gradually moving from an option today to a necessity.The good thing is that even the paid VPN services are not so costly to make an impact on pocket.With a VPN configured in ur PC/Laptop...u r rest assured safe from prying eyes of free wifi zones at Coffee shops or places like at airport.

Does VPN imply 100% Safety for the user?

4.   Like all security solutions, even the securest of VPNs can be compromised surprisingly since if the user is keen enough/careless to download malicious files, which is why the onus lies finally with the user habits of surfing safely.A VPN only makes sure that the traffic from user end is encrypted from third party eyes...it does not defy the need for Anti-virus software’s which are primarily responsible for detecting Virus/Malwares etc

Tuesday, July 29, 2014

Snowden Reveals : Projects to Profile YOU

1.  Documents revealed by Edward Snowden pertaining to the National Security Agency (NSA), US surveillance programs and US Intelligence Community partners abroad were released about a year back and revealed a horde of code named projects that were all intruding our lives in some way or the other.This post brings out the glossary of codenamed PROJECTS along with a small brief of what was the intent of the project.These have been listed here after I read " The Snowden Files" by Luke Harding.This long list is actually a miniscule of thousands hidden projects which all are after every bit of info that we all share digitally....skype...sms...mms..whatapp...fax,emails,chat,photos etc...thats all in all everything!!!!!


Blackfoot

The codename given to an NSA operation to gather data from French diplomats' offices at the United Nations in New York and this information was collected from bugged computer screens.

Accumulo

The name given to an open-source database created by the National Security Agency (NSA) but later made available to others via the Apache Foundation. It stores large amounts of structured and unstructured data across many computers and can use it to create near real-time reports.

Blackpearl

NSA has been spying on Petrobas, Brazil's largest oil company, through the "Blackpearl" program that extracts data from private networks.

Evening Esel

The NSA conducts its surveillance of telephone conversations and text messages transmitted through Mexico's cell phone network under the internal code name "Eveningeasel."

Angry Birds

Leaked documents indicate that the NSA and GCHQ routinely try to gain access to personal data from Angry Birds and other mobile applications.

Bullrun/Edgehill

The revelations claim that "vast amounts of encrypted Internet data which have up till now been discarded are now exploitable vide  Bullrun,a clandestine, highly classified decryption program run by the United States National Security Agency (NSA) and The British signals intelligence agency Government Communications Headquarters (GCHQ) with a similar program codenamed Edgehill.

Boundless Informant

A tool used by the NSA to analyse the metadata it holds. It aims to let analysts know what information is currently available about a specific country and whether there are trends can be deduced.

Cheesy Name

A GCHQ program designed to identify encryption keys that could be cracked by the agency's computers.

Dishfire

The codename for a system used to process and store SMS message data.A leaked 2011 NSA presentation, published by the Guardian, indicated it was used to collect about 194 million texts a day, adding that the content was shared with GCHQ.

Dropmire

The name for a way to bug security-enhanced fax machines to provide the NSA with access to documents that have passed through encrypted fax machines based in other countries' foreign embassies.

Genie

An NSA programme, identified in a leaked memo analysed by the Washington Post, which is said to involve the remote delivery of spyware to devices on foreign-controlled networks.

Marina

The NSA's tool to gather metadata about the online activity of targets and other internet users.The Marina metadata application tracks a user's browser experience, gathers contact information/content and develops summaries of target.

Thinthread

A proposed NSA system to chart relationships between people in real-time.

Muscular

A joint project operated by the NSA and GCHQ used to intercept data from the cable links that are used by Google and others to connect up their computer servers, which are located across the world .

Fallout

Identified by an alleged NSA slide, the term appears to refer to an effort to screen out metadata collected about US citizens as part of the Prism programme before it is analysed by the Marina and Mainway systems.

Nucleon

An NSA tool used to analyse voice data gathered via the Prism programme.

EgotisticalGiraffe

The alleged codename given to an NSA effort to track users of Tor (The Onion Router) - a project that aims to let people browse the web anonymously by bouncing their traffic through other people's computers.

Perdido

The codename for an NSA surveillance operation targeting the EU's offices in New York and Washington.

Prism

A surveillance system launched in 2007 by the NSA allows the organization to "receive" emails, video clips, photos, voice and video calls, social networking details, log-ins and other data held by a range of US internet firms including Apple, AOL, Facebook, Google (including YouTube), Microsoft (including Skype), Paltalk and Yahoo.

QuantumInsert

A technique used to redirect a target's computer to a fake website where it can be infected with malware.

Stellarwind

A metadata-collecting scheme from communications in which at least one party was outside the US, and none of the other parties could be known to be US citizens.
 
Tempora

The codename given to an operation to create a "buffer" to allow huge amounts of data to be temporarily stored for analysis and is run by GCHQ to hold content gathered from tapped fibre-optic cables for three days and metadata for 30 days so that both it and the NSA can search and analyse it before details are lost.

FoxAcid

A tool reportedly used by the NSA to study what vulnerabilities a target's computer has. It then uses this knowledge to infect the machine with malware via a web browser.

 

Sunday, July 27, 2014

Harden PRIVACY : PRIVACY BADGER Tool

1.    Till few years back PRIVACY as a word meant the state of being free from unsanctioned intrusion in physical life from your peers/friends/strangers but the whole meaning has taken a new dimension since Snowden released his HIDDEN FILES last year around June.Today not only NSA but a plethora of third party agencies are after you all to track you..profile you...read you.Though in my earlier posts here,I had given a mention of few tools like disconnect.me,Adblock Plus,Ghostery etc but with time technology has further improved and here in this post I discuss about PRIVACY BADGER that is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.  If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.  To the advertiser, it's like you suddenly disappeared.Looks Interesting..!!!



3.   Once installed as seen above we get a red hexagon..indicating installed and this has color indicators as follows :
  • Green means there's a third party domain, but it hasn't yet been observed tracking you across multiple sites, so it might be unobjectionable. When you first install Privacy Badger every domain will be in this green state but as you browse, domains will quickly be classified as trackers.
  • Yellow means that the thirty party domain appears to be trying to track you, but it is on Privacy Badger's cookie-blocking "whitelist" of third party domains that, when analyzed, seemed to be necessary for Web functionality. In that case, Privacy Badger will load content from the domain but will try to screen out third party cookies and supercookies from it.
  • Red means that content from this third party tracker has been completely disallowed.
4.   Currently available for CHROME,here I have used the beta for Mozilla browser ...though the site says they will soon release the extension for other browsers incl opera and safari too.....!!!!

Monday, June 09, 2014

Google joins the ENCRYPTION Race : End-to-End Extension

1.    After Snowden leaks,one thing that has been most sought after is privacy and encryption and there have been a horde of tools and extensions that offer u the same vide many companies.Like in the last mail I mentioned about PROTONMAIL,there is another one in the offering from the horses mouth itself...ie Google offering an extension by the name of End-to-End extension...that
means data leaving your browser will be encrypted until the message’s intended recipient decrypts it, and that similarly encrypted messages sent to you will remain that way until you decrypt them in your browser.It’s a Chrome extension intended for users who need additional security.

2.    Though it is not yet available since still in Alpha stage but as per the Google blog at http://googleonlinesecurity.blogspot.in/2014/06/making-end-to-end-encryption-easier-to.html,it is likely to be available soon for all chrome browser users as an extension.Google wants to make it harder to spy on email by encouraging maximum providers to adopt server-to-server encryption. The new tool is based on OpenPGP and is meant to be a more user-friendly encryption option than programs such as PGP, which can be difficult to configure and use.
3.   So till it releases.....no options other then to wait.....

Tuesday, March 25, 2014

Bullrun And Edgehill @ Secret Decryption Programs

 
1.    Most of the techies who have relied always on their favourite encryption methods to have privacy in store should be in for a shock like me if they have not heard of BULLRUN and EDGEHILL @ Secret Decryption Programs.Below I produce an unedited extract from the Snowden talk at TED last week.He was asked a question by Chris Anderson,the curator of TED and what followed is produced below :

Chris Anderson : Come here, because I want to ask you about this particular revelation. Come and take a look at this. I mean, this is a story which I think for a lot of the techies in this room is the single most shocking thing that they have heard in the last few months. It’s about a program called “Bullrun.” Can you explain what that is?
 
Snowden : So Bullrun, and this is again where we’ve got to thank the NSA for their candor, this is a program named after a Civil War battle. The British counterpart is called Edgehill, which is a U.K. civil war battle. And the reason that I believe they’re named this way is because they target our own infrastructure. They’re programs through which the NSA intentionally misleads corporate partners. They tell corporate partners that these are safe standards. They say hey, we need to work with you to secure your systems, but in reality, they’re giving bad advice to these companies that makes them degrade the security of their services. They’re building in backdoors that not only the NSA can exploit, but anyone else who has time and money to research and find it can then use to let themselves in to the world’s communications. And this is really dangerous, because if we lose a single standard, if we lose the trust of something like SSL, which was specifically targeted by the Bullrun program, we will live a less safe world overall. We won’t be able to access our banks and we won’t be able to access commerce without worrying about people monitoring those communications or subverting them for their own ends.

2.   It was always suspected for long but now the newly leaked documents by Edward Snowden, the NSA and GCHQ are said to have defeated most of the online encryption used by internet users and the likes of Microsoft, Google, Yahoo and even banks.Few important things about these two programs are bought below :

- Bullrun Is the Most Expensive Program Leaked by Snowden.The funding allocated for Bullrun in top-secret budgets dwarfs the money set aside for programs like PRISM and XKeyscore. PRISM operates on about $20 million a year, according to Snowden, while Bullrun cost $254.9 million in 2013 alone. Since 2011, Bullrun has cost more than $800 million.

- Bullrun Began 10 Years Ago

- A majority of the funding for Bullrun goes toward actively engaging tech companies in their product design. The NSA covertly influenced tech companies to insert vulnerabilities into commercial products that would allow the NSA access without consumers’ knowledge. 

- NSA and GCHQ View Encryption as a Threat(That's....incredible....)

- Edgehill started with the initial goal of decrypting the programs used by three major Internet companies, which were unnamed in Snowden’s leak, and 30 Virtual Private Networks.

- GCHQ hopes that by 2015 Edgehill will have decrypted 15 major Internet companies and 300 VPNs.

- NSA Covertly Influenced International Encryption Standards.

3.  Besides BULLRUN/EDGEHILL,the NSA and GCHQ have a number of programs for gathering different types of internet metadata few of which mentioned in Luke Harding's Book are :
   
Prism - Secret access to the servers of Google, Facebook and others.

Boundless informant - Mapping of all secret data to specific countries.

Upstream - Catch as much of the global internet traffic as it passes across the United States

Stellar Wind - liaison with US internet and telephone companies to provide metadata information.

Beam Remote Presence Operations

1.   Recently watched the Snowden Interview/Interaction at TED here as seen below



and got curious to know about the device used and he interacted vide.....and so got this video link with details of the BEAM remote presence operations...a very interesting device to say


2.  More details at https://www.suitabletech.com/
Powered By Blogger