Undersea data – the evidence of the snoop ?

It’s been a while since I put out a blog, but this caught my eye.

This [LINK] interactive graphic shows the undersea cable maps of the world. It’s a really good graphic and is very useful in giving us some intelligence. We’ve seen other graphics of the undersea cable maps [LINK] but this new interactive one can show the cable routes per year.

So how come this important ?

Well, if we look at the Snowden leak info of the NSA PowerPoint screenshots, we can see that most of the dates quoted on these documents are from 2004 onwards. [LINK]

If we also add this intelligence with the time to lay a cable – which is around 100-150km per day [LINK] we can start making projections backwards as to which cables are being used for which projects and where the boosts in investment may have come from. If you fancy having a go and putting projects to cables, feel free to get in touch and I’ll add an update to this blog.

More info about undersea cables [LINK]

 

@SPCoulson

Digital Freedom – the manifesto is launched

Mikko Hypponen and David Hasselhoff have appeared on stage at re:publica 14 and launched the new Digital Freedom manifesto.

The manifesto is based on 4 points :

  1. Freedom from mass surveillance (target / blanket)
  2. Freedom from digital persecution (privacy in the future)
  3. Freedom from digital colonisation
  4. Freedom of digital access, movement and speech

 

I watched the keynote with interest and have the following thoughts :

Freedom from mass surveillance (target / blanket)

I appreciate that there is a time and place for surveillance. CCTV watches our every move and our internet traffic is scanned for key words. To remove this I believe would be a mistake – but instead, they should be more transparent instead. Go ahead, watch me and scan me … but only if you do something useful with this data to keep me safer. Sure I have secrets and sure, I am aware of what I post … but can you imagine a world where facial recognition does not pick up the criminals ? I think that there is a specific use case for mass surveillance, but it is currently not being handled well and certainly not following the same standard of disclosure globally.

Freedom from digital persecution (privacy in the future)

This I understand and totally support. Right now, May 2014, it is OK to have certain views, prejudices etc, but in 2020, will those standards still hold. Will my old opinion still be the same ? I once thought I was going to be an electrical engineer – that didn’t work out, so why should the opinions I have still hold ANY weight in the future ? We need to isolate a case, sure, look back in history to see if it a long-held opinion, but certainly not to use it to persecute in the future.

Freedom from digital colonisation

The lines between technology and our existence are more blurred than ever. With the Internet of Things, mobile tech etc … we see more intrusion of technology into our lives. And it is just that .. an intrusion. We need to learn to adopt the divide between tech and life. Just because technology exists doesn’t mean we have to shoe-horn it into every day lives – especially if it is to the detriment of our privacy. We all need to learn to have down-days. Non-tech days … and if you don’t know the answer to a problem, instead of Googling it … use this method:

  • Brain – think about it, work out the options and the theory.
  • Book – read it in a book, they are more than paperweights !
  • Buddy – ask a friend, a colleague … the meat space !
  • Boss – ask a person in authority, your boss, a department head, a lecturer, they generally got there by knowing something !

Freedom of digital access, movement and speech

Should I be allowed to write what I want ? What about offending someone or prejudice ? Should I be restricted in what I can/can’t say ? I think this comes down to an old skill that we seem to have forgotten with the advent of technology – the art of common sense. So I would like to introduce you to Gran’s law. Think about an elderly relative (a Grand-parent for example). Now go ahead and type your real feelings about something you feel passionate about. If your Gran were to read it, would she be offended, clip you round the ear, would she be horrified about it … if the answer is yes, then it is probably best to keep it off the internet ! Common sense can save you a lot of conversations later. You should not be thinking about your intended audience but that the internet sees all.

 

What are your thoughts ? Have you posted on the Digital Freedom site ?

 

The not so shocking NSA revelations

I don’t work for the government.
I am a UK citizen.
I work in IT security.

 
Edward Snowden stole 1.2 million documents and has started leaking them in small batches. News agency Spiegel has found some interesting stuff in there :

http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html

It appears that the NSA in 2007 (7 years ago) had a catalog of tools that could be used to allow varying degrees access to devices. This confidential document is now public for all to see and we can now browse through this catalog ourselves – http://t.co/Ra19VNCwEJ
 
Although it is revealing as to what was available back in 2007, we need to remember that we are judging 2007 technology through 2014 eyes. Our perception as to how we view privacy etc has changed in the last 7 years. If we could rewind to 2007, how many people would have supported this technology at that time ?

So let us put ourselves back in the frame of mind of 2007 :

  • the first iPhone was launched (June 29th)which means …
  • Steve Jobs is still alive (in fact he hasn’t got ill yet)
  • We launch the Core 2 duo this year
  • Dropbox … 1st lines of code are written
  • Vista and Office 2007 were January 30th
  • Tumblr is launched
  • There is no Anonymous
  • Android was released November 2007

In 1 year Chrome will be launched

In 2 years Minecraft is to be launched

In 3 years we get Stuxnet discovery

In 4 years Aarown Swartz gets arrested

In 5 years SOPA protests get commercial backing

In 6 years Hotmail brand gets shut down
 
 
Since 2007 we have had a hell of a ride and we are now all so much more paranoid about our security and our privacy. We loved the lack of privacy in 2007 – I mean, 7 years ago, how much were you posting on Facebook/MySpace/Bebo before you realised what was going on ?

And so we need to think about the NSA again. In 2007, they were snooping – isn’t that their job? Now I don’t know about you but I’m not surprised. I mean, the UK has had Goonhilly since 1962. Why are we all so shocked?

And so to get to the point…

If you are a good citizen who is behaving responsibly then what fear have you if the NSA/GCHQ/FSB or whoever the hell is in authority reads what you are doing. If you are so concerned about your privacy then why are you on the internet exposing all your data to all the parties involved in getting you online ?

When I connect to the internet, I connect via a router I do not own over a telecoms company’s cable through ISP equipment onto undersea cables owned by someone else to a data-centre owned by a hosting company to a web developers server to a website of a person who I hope knows how to write secure code and give them my credit card number and delivery address which is then passed on to my bank and his bank to complete the transaction. Privacy ? Where ?

If the NSA want to read all emails and therefore build up a profile of how a typical user in the US / UK / France or wherever should operate, then it is easier for those who do not behave like the norm to be spotted. If we find in the UK that no-one uses the word bomb and fertiliser together but ‘da bomb’ is popularised, then we can discount 90% of noise from the holistic view and focus on only those who appear to be creating an unusual profile.

So

Reading that catalog from the eyes of the NSA : We have got a massive set of interfaces that we need to be aware of and somehow access .. how can we make it easy to monitor ?

If we have access to the machine use the USB, if the target uses common routers then have an accessible backdoor in that router etc. Now build this up to a nation of billions of people – the targets can then be targeted and if an innocent is picked up – so long as they fit the population normal model then they’ll be fine. There is no way the NSA could monitor the whole of the US – the traffic would be so massive it could not be analysed realtime and the storage would be prohibitively massive – so it cannot be a whole population monitor. That NSA shopping list is designed for specific targets not for whole populations.

Am I concerned ?

Well no actually. I know my privacy is shot – I gave it up well before 2007 when we had that thing called the internet and I first naively connected to that BBS using my real name!
 
 
So I guess the real question is ..
 
If that was the 2007 catalog .. I wonder what the 2014 catalog looks like ?
 
 

Is Tesco censoring or were they hacked ?

This morning Twitter started to pick up on a particular product posted on the Tesco.com website :

http://www.tesco.com/direct/inflatable-gy-best-friend/239-6708.prd

Yes, apparently you could buy your very own “Buy Inflatable g*y Best Friend from our Gadgets & Electronic Toys”. It then went on to give some interesting descriptions of the product. I assumed it was a hack myself as the age content was 3-4yrs even though it was ideal for Hen parties.

Since then, it has been removed from their store and an apology published. Huffington Post ran with a theme about the censoring of the product saying that g*y was censoring of the word gay.

OK, think about this – if they’d been hacked, the damage to brand and reputation would be significant. However, they could easily ‘pay off’ any charities that were offended by the product (see their other offending items in the Halloween saga!!).

But what makes me continue to think this is a hack is this. Let’s do a Google search :

https://www.google.co.uk/webhp#q=%2B%22g*y%22+site:tesco.com&safe=off

And oh look – there is a “Grow Your Own g*y Best Friend” which is still on the site. This item is not liked to any other part of the site and does not have an image.

http://www.tesco.com/direct/grow-your-own-gy-best-friend/585-6694.prd

Grow your own g*y Best Friend
Grow your own g*y Best Friend

I am posting the text to make it easier for you to read :

Product Details

Grow Your Own g*y Best Friend If American shows ever taught us anything it is that g*y best friends are fashionable, fun and a must have this season. Findmeagift.com introduce the Grow Your Own g*y Best Friend! He will give you an honest opinion on your hair and style, loves to shop, will tell you when he thinks your butt looks too big and comes in this handy pocket-sized form! With cropped jeans, flip-flops and a pink shirt, this is one g*y friend who is out and proud. Simply pop him in a pot of water and in 3 days your g*y best friend will have grown nearly 600% his original size! Watch Friends reruns together and argue whether Ross or Chandler is more boyfriend material, share dance moves and talk SEX in the City with your new expandable chum. Our Grow Your Own g*y Best Friend makes an ideal stocking filler or novelty gift! Grow Your Own g*y Best Friend The Grow Your Own g*y Best Friend will grow up to 600% of its original size when put into water! When removed it will slowly shr…

Couple of things to note :

  1. Same text as the other post
  2. Reference to Findmeagift
  3. The post is incomplete and ends …

And sure enough, Find me a gift does in fact sell this product : http://www.find-me-a-gift.co.uk/gifts/inflatable-gay-best-friend.html

I don’t believe that Tesco were censoring the name of the product. I believe that Tescos would probably have an algorithm to pick up on certain keywords (hence the energy drink is listed as P***y). Also, to remove SQLi attacks, I assume that you are not able to search the site for * (try it!).

So were they attacked ? Was this a rogue employee ?

I don’t know but it is sure going to be an interesting time someone explaining it !!