Feeds:
投稿
コメント

Posts Tagged ‘Privacy’

GCHQ

[英国の GCHQ:The Guardian

世界最大のスパイ組織[米 NSA と英 GCHQ]がすでに SIM カードの暗号化キーを入手済みだというなんともショッキングなニュース。

Snowden 文書の中でも超弩級のニュースではないか・・・

The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle | The Intercept

     *     *     *

SIM カードの暗号化キーが盗まれた

NSA[米国家安全保障局]の内部告発者 Edward Snowden が The Intercept に提供した極秘文書によれば、米国と英国のスパイ組織が世界最大の SIM カードメーカーのコンピュータネットワークに侵入して、携帯通信のプライバシーを保護する暗号化キーを盗みだしたという。

American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

     *     *     *

モバイル通信は筒抜け

NSA と英国の GCHQ[Government Communications Headquarters:英政府通信本部]が共同でこのハッキングを実行した。2010 年の GCHQ 秘密文書によれば、これら諜報機関は世界の携帯通信(データ通信および音声通信)の大部分を秘密裡にモニターすることが可能になるという。

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

     *     *     *

痕跡すら残さない

盗まれた暗号化キーを使うことで、通信会社や外国政府の同意を得なくても諜報機関がモバイル通信をモニターすることが可能になる。暗号化キーを所有することにより令状や盗聴の必要もなくなり、無線通信事業者のネットワークに通信を傍受した痕跡も残さずに済む。さらにキーが大量に盗まれたことにより、諜報機関はこれまで傍受したいかなる暗号通信でもロック解除できることになるという。ただし今のところは暗号解読はできないという。

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

     *     *     *

NSA と GCHQ の標的とされたオランダの会社「Gemalto」は世界最大の SIM カードメーカーだという。年間 20 億枚の SIM カードを製造、AT&T、T-Mobile、Verizon、Sprint をはじめとする世界の 450 のワイヤレスネットワークサービスプロバイダが顧客で、世界 85 か国で営業を展開する。

そんな会社の極秘中の極秘が盗み出されたワケだ。

5000 語を超える長文の記事は、これまで存在さえ知られていなかったハッキングチーム Mobile Handset Exploitation Team(MHET)の活動からそのもたらす影響まで詳細にわたっている。

ウェブでは個人はまる裸だと痛感していたが、SIM カードの暗号化キーまでハッキングされているとなると、これはもういかなる個人といえども監視の目を逃れることは不可能だということではないか・・・

広告

Read Full Post »

gamma-group-header.0

[Wikileaks が明らかにした FinFisher:The Verge

もの凄いことになっているスパイウェアの世界・・・

A Spy in the Machine | The Verge

One day in 2011, Moosa opened the Facebook Messenger app on his iPhone. What he saw was chilling: someone else typing under his name to an activist friend of his in Bahrain…

Facebook was only the beginning. Unbeknownst to him, Moosa’s phone and computer had been infected with a highly sophisticated piece of spyware, built and sold in secret.

It was a sign of a more sophisticated author at work. The implant used a technique called process-hollowing — injecting its own code into a program that’s still running in order to use the legitimate program as cover. […] “I thought, Finspy, that rings some bells,” Marquis-Boire recalls. “Holy shit, I think this is FinFisher!”

FinFisher had become a kind of bogeyman in the security community since brochures advertising the software’s capabilities popped up in a Wikileaks drop in December of 2011. FinFisher could purportedly empower its owner with the kinds of advanced intrusion techniques usually reserved for the NSA. “There was a certain amount of interest just because no one had seen it,” Marquis-Boire says. “All we had were these leaked documents.”

FinFisher was created and sold by Gamma International, an international surveillance company with offices in London and Frankfurt. The Gamma brochures promised remote monitoring and keylogging — they even said they could listen in on a target’s Skype calls in real time.

But now Marquis-Boire had caught a FinFisher sample in the wild, and thanks to the leaked brochures, he had a roadmap of everything the implant could do.

Marquis-Boire enlisted the aid of Claudio Guarnieri, a researcher at security firm Rapid7, to further explore the software. The two uncovered a mobile version of the implant, which came in different versions for iOS, Android, and even Symbian, like a hot startup trying to cover as much of the market as possible. […] Once the implant was installed, your phone effectively became an enemy agent. “I’d be working at my computer and start squinting at my phone, thinking, maybe I should turn that off,” Marquis-Boire says. “It produced this weird dissonance between me and this device that I carry around all the time.”

Instead of a few outposts, they found an army. FinFisher’s agents were everywhere: Japan, Germany, India, Serbia, Mongolia — there were even servers in the US. It was an atlas of personal invasions. All told, 25 countries hosted a server of some kind, each hired out to a different regime and pointing the x-ray at a different enemy of the state.

Marquis-Boire published the work in a series of three landmark papers from July 2012 to March of 2013, each titled with a cheeky Bond pun like 
”The Smartphone Who Loved Me” or “You Only Click Twice.” The papers laid out everything he knew about FinFisher’s network, revealing a global surveillance network that was being hired out to some of the world’s most repressive governments. Targeted exploits weren’t just for the NSA anymore. They were available to anyone who could pay for them.

Once the papers were published, FinFisher went back underground. The coders behind the program began to change its routines and filenames enough to let it slip by unnoticed.

Their primary concern stems not from what effect FinFisher could have on their activism, but from the specter of having their personal lives invaded — the same fundamental privacy concern behind much of the NSA surveillance controversies in the US.

“They actually have a system that the government buys, and they get the whole package,” Marczak says. “It’s not just the code itself, it’s the administration, the analysis, the support — the whole framework is provided.”

That turns the same surveillance conducted by the NSA or GCHQ into a market product, available to the highest bidder with no questions asked. “The value proposition is essentially: ‘Activists in your country are giving you trouble? Well here’s a product that will allow you to turn their cellphone or computer into basically a wiretap, a surveillance tool, and you can spy on everything they do,’” Marczak says. “And I think governments are very attracted to that.”

Wikileaks releases FinFisher files to highlight government malware abuse | The Guardian

FinSpy Surveillance Tool Takes Over Computers Video – Bloomberg | YouTube

国民監視用マルウェア詰め合わせキット「FinFisher/FinSpy」の内部文書やソースコード40GB分がリークされて誰でもダウンロード可能に | GIGAZINE

伊東 寛 × 櫻井よしこ「国益を守るため情報を取るのは世界の常識だ。日本はかなり劣っている」:世界の情報監視プログラムから考える日本の情報・諜報活動 | 言論テレビ

Read Full Post »

1*xRyqgyE0vKZo7-nIFyy73w

A Teenager’s View on Social Media | Medium

Tumblr is where you are your true self and surround yourself (through who you follow) with people who have similar interests. It’s often seen as a “judgment-free zone” where, due to the lack of identity on the site, you can really be who you want to be. The only Tumblr URLs I know of people in real life are my close friends and vice versa.

Plus, it’s simple in Tumblr to just change your URL if anyone finds you. Your name isn’t attached to that profile at all so without that URL it is pretty difficult to find you again, especially for the typical parent snooping around. This really helps make the site a place where people can post and support others posts.

A Teenager’s View on Social Media | Marco.org

As a teenager, I escaped from these real-life people, problems, and social statuses to the internet — the last thing I wanted was to be surrounded by them there, too.

Read Full Post »

imrs.php

Everything Google knows about you (and how it knows it) | The Washington Post

If you have an Android phone, that device may log your location and velocity data. If you have a YouTube account, Google knows not only what videos you upload, but which you watch, too. There’s Google Maps. Google Play. Google Voice, if you use it to transcribe your missed calls. Between Google Contacts and Chat, the site has a pretty good idea who you’re friends with.

And while browsing data is aggregated differently than information from Google services, if you visit sites running Google Ads or Google Analytics software, Google also generally knows what you look at and what you click. According to one report from UC Berkeley’s School of Information, Google can track user behavior on 88 percent of all Internet domains.

Read Full Post »

apple_backdoor

Why can’t Apple decrypt your iPhone? | A Few Thoughts on Cryptographic Engineering

Addendum: how did Apple’s “old” backdoor work?

One wrinkle in this story is that allegedly Apple has been helping law enforcement agencies unlock iPhones for a while. This is probably why so many folks are baffled by the new policy. If Apple could crack a phone last year, why can’t they do it today?

But the most likely explanation for this policy is probably the simplest one: Apple was never really ‘cracking’ anything. Rather, they simply had a custom boot image that allowed them to bypass the ‘passcode lock’ screen on a phone. This would be purely a UI hack and it wouldn’t grant Apple access to any of the passcode-encrypted data on the device. However, since earlier versions of iOS didn’t encrypt all of the phone’s interesting data using the passcode, the unencrypted data would be accessible upon boot.

No way to be sure this is the case, but it seems like the most likely explanation.

Read Full Post »

joyoftech-1949

[Nest の製品はこうなる:Joy of Tech

テクノロジーの最新の話題をひとひねりしてイラストにする Joy of Tech がグーグルの Nest 買収を取り上げている。

Google+Nest switches the market! | The Joy of Tech

     *     *     *

Nest の製品はこうなる・・・

買収話を受けてこれまでの製品が一斉に 9.95 ドルでクリアランスセールというワケ。

しかしすぐにこうなる・・・

新しくグーグルのロゴが加わった新製品は2つまとめて 9.99 ドル。もし Google+ のアカウントを作ってくれればタダ!

BOTH for $9.99! — or FREE with G+ commitment!

一方、これまでの旧モデルが欲しければ 299.00 ドルで入手できる。グーグルには接続しないので完全にプライバシーが保てるというのがウリ。ただし在庫限りだが・・・

Old school!
NOT-connected to Google!
TOTAL PRIVACY!
$299.00 each!
Get’em while you can!

     *     *     *

プライバシーへの懸念

プライバシーへの懸念がいたるところで上がっている。

・Nilay PatelThe Verge

一斉に懸念の声が上がっている。真剣なもの、わざとらしいもの — いろいろだが、そのいずれも誰にもコントロールできないグーグルに対する恐怖が原因となっている。

Instead, there’s a chorus of concern — some sincere, some contrived, but all of it grounded in fear of an unchecked Google.

・Darrell EtheringtonTechCrunch

グーグルの Nest 買収から直ち分かるメリットはデータへのアクセスであることを考えれば興味深いことだ。

It’s interesting because the immediately apparent upside of Google acquiring Nest would be the data it stands to gain access to.

・Katie FehrenbacherGigaOM

情報収集の王者たるグーグルが今や各家庭の物理的空間への覗き穴を持ったのだ。

Google, the king of collecting and using your data, now has a peephole into the physical space of your home.

・John GruberDaring Fireball

Nest のデバイスから得られる情報をグーグルが欲しがらないなんて本気で考えるひとがいるだろうか?

Does anyone seriously think Google doesn’t want the information Nest’s devices provide?

・Marco ArmentMarco.org

グーグルがアナタの家庭へ侵入するのではない。アナタがグーグルを招き入れるのだ。

Google won’t break into your home. You’ll invite them in.

     *     *     *

そんな空気を Nitrozac と Snaggy がさっそく読んでイラストにした・・・

★ →[イラストを見る:Joy of Tech

Read Full Post »

lulu_screen

[Lulu の画面]

ちょっと考えさせられる話が Boing Boing に載っていた。

Boing Boing: “Lulu – an app for girls to anonymously rate boys” by Mark Frauenfelder: 11 October 2013

     *     *     *

Lulu アプリ

16歳の娘が昨日 Lulu というアプリを見せてくれた。友だちは誰でも使っているという。Facebook の男の子たちを匿名でランク付けするのに使うアプリだという。男の子たちの写真のわきに、その男の子の平均ランキングを示す1点から10点までの点数がついてる。女の子のユーザーが、肉体的魅力、キスのテクニック、交際の真剣さなどいくつかの属性について男の子を評価するのだ。

My 16-year-old daughter came home yesterday and showed me an app called Lulu that all of her friends are using. It’s purpose is to anonymously rate your male Facebook friends. Each boy is displayed alongside a number from 1 – 10, which represents an average rating for the guy. Users can rate the boys on a number of attributes, such as physical attractiveness, kissing skill, and commitment level.

このアプリが iPhone ストアでダウンロードできるのもそう長くはないだろうと思う。

I predict Apple will pull this from the iPhone store very soon.

サリーナに Lulu のことをもっと詳しく聞いてみた。

I asked Sarina to tell me more about Lulu:

     *     *     *

マーク:Lulu って何?

Mark: What is Lulu?

サリーナ:Lulu って、女の子が Facebook の男友だちのすべてを知るためのアプリよ。男の子は口を挟めない。そのプロファイルは自動的にアプリに送られるから・・・。アプリをダウンロードしてクリックすれば、どの男の子のプロファイルでも見ることができる。

Sarina: Lulu is an app where girls can see all their male Facebook friends. The boys don’t have a say in it — their profile automatically goes to the app. You just download the app and then you can click on any of the boy’s profiles.

Lulu の画面は男の子の写真ごとにいくつかに別れていて、それぞれ名前と平均点がついている。点数は女の子たちがつけた点数の平均よ。それで全体の感じが分かるけど、どんな男の子かもっと詳しく見たければそれもできる。とてもオモシロいアプリよ。でも学校中のみんながこのアプリのことを知ったら手が付けられなくなるでしょうね。男の子たちは大騒ぎになると思うわ。

The screen is divided into different squares with boys’ pictures, and it has their name and their average score. Their average score is all the scores that girls have given them, averaged together. If you just want to quickly review them you can look at that, but if you want the full report on what kind of guy they are you can look at it. I think it’s a pretty entertaining app, but I have a feeling it’s going to get out of hand soon once everybody in my school finds out about it and it’s going to cause a lot of drama with the boys.

マーク:男の子の写真をクリックするとどうなるの?

Mark: What happens when you click a boy’s picture?

サリーナ:他の女の子たちのした批評が読めるの。ボーイフレンドか、あるいは夢中な相手の場合、セックスしたかどうか。評価もつけられる。キスが上手か、性格はどうか、彼にのぼせている子が何人いるか、外見はハンサムか、真剣に交際するか、熱意があるか、マナーは、ユーモアは、最初のキスは・・・そんなことよ。

Sarina: You can see reviews that other girls gave them: hookups with them, if the girl is a friend of theirs, or if the girl has a crush on them. The girl can rate them on being a good kisser, on their personality, how many girls have a crush on them, their appearance, commitment, ambition, manners, humor, first kiss, and things like that.

マーク:女の子のコメントや点数は匿名なの?

Mark: Are the girls’ comments and ratings anonymous?

サリーナ:完全に匿名よ。女の子なら誰でも、どの男の子についてでも書き込める。女の子ならどの女の子が書いた批評でも全部見れる。男の子は自分について書かれていることを見れないの。女の子のためのアプリだから。もし誰かに夢中なら、その彼のプロファイルを見ればみんながどんなことをいっているのか分かる。[マーク:たしかに女の子しか見れないアプリだ。インストールしてみたが、男である自分には内容が見れなかった。]

Sarina: Completely anonymous. Any girl can review any of the guys on it. And girls can see all the reviews that other girls have done. It’s not really for the guys to look at to see what other people have said about them. It’s more for girls. If you have a crush on a guy, then you can go to their profile and see what other people have said about them and other people’s opinions. [It really is just for girls — I installed the app and it wouldn’t let me see the ratings since I am male. — Mark]

マーク:男の子のプロファイルには、ベストな性格やワーストな性格といった小さなハッシュタグがついている。サリーナのクラスメートの男の子の場合、ベストなハッシュタグは、「女性を尊重する」、「友だちが羨ましがる」、「素晴らしい笑顔」、「逞しい」、「ずっと一緒」、「洗濯物は自分でする」、「女友達はひとりだけ」、「引き締まったお腹」など。ワーストなハッシュタグは、「相性がわるい」、「完全過ぎ」、「愛してくれない」、「相手のことに気付かない」など。

Mark: So I see that the guys’ profiles have these little hashtags — attributes like best and worst qualities. The “Best” hashtags for this particular guy [one of Sarina’s classmates] says “Respects women.” “My friends are jealous.” “Epic smile.” “Strong hands.” “Always stays.” “Does his own laundry.” “One-woman man.” “Six pack.” And then “Worst:” “No chemistry.” “Almost too perfect.” “He loves me not.” “Doesn’t know I exist.”

マーク:男の子が女の子の点数をつけるアプリはないの?

Mark: Do they have a companion app for guys to rate girls?

サリーナ:ないわ。そんなアプリがまだなくてよかった。もしそんなアプリができたら大変でしょうね。

Sarina: No, they don’t, and I’m happy that that day hasn’t come yet. When it does, that will be a different story.

     *     *     *

Facebook を始めたのが女性だったらこうなっていただろうか?

いったんインターネットに載った情報は思わぬところで使われる・・・

[via The Loop

★ →[原文を見る:Original Text

Read Full Post »

Older Posts »