Feeds:
投稿
コメント

Posts Tagged ‘Surveillance’

GCHQ

[英国の GCHQ:The Guardian

世界最大のスパイ組織[米 NSA と英 GCHQ]がすでに SIM カードの暗号化キーを入手済みだというなんともショッキングなニュース。

Snowden 文書の中でも超弩級のニュースではないか・・・

The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle | The Intercept

     *     *     *

SIM カードの暗号化キーが盗まれた

NSA[米国家安全保障局]の内部告発者 Edward Snowden が The Intercept に提供した極秘文書によれば、米国と英国のスパイ組織が世界最大の SIM カードメーカーのコンピュータネットワークに侵入して、携帯通信のプライバシーを保護する暗号化キーを盗みだしたという。

American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

     *     *     *

モバイル通信は筒抜け

NSA と英国の GCHQ[Government Communications Headquarters:英政府通信本部]が共同でこのハッキングを実行した。2010 年の GCHQ 秘密文書によれば、これら諜報機関は世界の携帯通信(データ通信および音声通信)の大部分を秘密裡にモニターすることが可能になるという。

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

     *     *     *

痕跡すら残さない

盗まれた暗号化キーを使うことで、通信会社や外国政府の同意を得なくても諜報機関がモバイル通信をモニターすることが可能になる。暗号化キーを所有することにより令状や盗聴の必要もなくなり、無線通信事業者のネットワークに通信を傍受した痕跡も残さずに済む。さらにキーが大量に盗まれたことにより、諜報機関はこれまで傍受したいかなる暗号通信でもロック解除できることになるという。ただし今のところは暗号解読はできないという。

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

     *     *     *

NSA と GCHQ の標的とされたオランダの会社「Gemalto」は世界最大の SIM カードメーカーだという。年間 20 億枚の SIM カードを製造、AT&T、T-Mobile、Verizon、Sprint をはじめとする世界の 450 のワイヤレスネットワークサービスプロバイダが顧客で、世界 85 か国で営業を展開する。

そんな会社の極秘中の極秘が盗み出されたワケだ。

5000 語を超える長文の記事は、これまで存在さえ知られていなかったハッキングチーム Mobile Handset Exploitation Team(MHET)の活動からそのもたらす影響まで詳細にわたっている。

ウェブでは個人はまる裸だと痛感していたが、SIM カードの暗号化キーまでハッキングされているとなると、これはもういかなる個人といえども監視の目を逃れることは不可能だということではないか・・・

広告

Read Full Post »

gamma-group-header.0

[Wikileaks が明らかにした FinFisher:The Verge

もの凄いことになっているスパイウェアの世界・・・

A Spy in the Machine | The Verge

One day in 2011, Moosa opened the Facebook Messenger app on his iPhone. What he saw was chilling: someone else typing under his name to an activist friend of his in Bahrain…

Facebook was only the beginning. Unbeknownst to him, Moosa’s phone and computer had been infected with a highly sophisticated piece of spyware, built and sold in secret.

It was a sign of a more sophisticated author at work. The implant used a technique called process-hollowing — injecting its own code into a program that’s still running in order to use the legitimate program as cover. […] “I thought, Finspy, that rings some bells,” Marquis-Boire recalls. “Holy shit, I think this is FinFisher!”

FinFisher had become a kind of bogeyman in the security community since brochures advertising the software’s capabilities popped up in a Wikileaks drop in December of 2011. FinFisher could purportedly empower its owner with the kinds of advanced intrusion techniques usually reserved for the NSA. “There was a certain amount of interest just because no one had seen it,” Marquis-Boire says. “All we had were these leaked documents.”

FinFisher was created and sold by Gamma International, an international surveillance company with offices in London and Frankfurt. The Gamma brochures promised remote monitoring and keylogging — they even said they could listen in on a target’s Skype calls in real time.

But now Marquis-Boire had caught a FinFisher sample in the wild, and thanks to the leaked brochures, he had a roadmap of everything the implant could do.

Marquis-Boire enlisted the aid of Claudio Guarnieri, a researcher at security firm Rapid7, to further explore the software. The two uncovered a mobile version of the implant, which came in different versions for iOS, Android, and even Symbian, like a hot startup trying to cover as much of the market as possible. […] Once the implant was installed, your phone effectively became an enemy agent. “I’d be working at my computer and start squinting at my phone, thinking, maybe I should turn that off,” Marquis-Boire says. “It produced this weird dissonance between me and this device that I carry around all the time.”

Instead of a few outposts, they found an army. FinFisher’s agents were everywhere: Japan, Germany, India, Serbia, Mongolia — there were even servers in the US. It was an atlas of personal invasions. All told, 25 countries hosted a server of some kind, each hired out to a different regime and pointing the x-ray at a different enemy of the state.

Marquis-Boire published the work in a series of three landmark papers from July 2012 to March of 2013, each titled with a cheeky Bond pun like 
”The Smartphone Who Loved Me” or “You Only Click Twice.” The papers laid out everything he knew about FinFisher’s network, revealing a global surveillance network that was being hired out to some of the world’s most repressive governments. Targeted exploits weren’t just for the NSA anymore. They were available to anyone who could pay for them.

Once the papers were published, FinFisher went back underground. The coders behind the program began to change its routines and filenames enough to let it slip by unnoticed.

Their primary concern stems not from what effect FinFisher could have on their activism, but from the specter of having their personal lives invaded — the same fundamental privacy concern behind much of the NSA surveillance controversies in the US.

“They actually have a system that the government buys, and they get the whole package,” Marczak says. “It’s not just the code itself, it’s the administration, the analysis, the support — the whole framework is provided.”

That turns the same surveillance conducted by the NSA or GCHQ into a market product, available to the highest bidder with no questions asked. “The value proposition is essentially: ‘Activists in your country are giving you trouble? Well here’s a product that will allow you to turn their cellphone or computer into basically a wiretap, a surveillance tool, and you can spy on everything they do,’” Marczak says. “And I think governments are very attracted to that.”

Wikileaks releases FinFisher files to highlight government malware abuse | The Guardian

FinSpy Surveillance Tool Takes Over Computers Video – Bloomberg | YouTube

国民監視用マルウェア詰め合わせキット「FinFisher/FinSpy」の内部文書やソースコード40GB分がリークされて誰でもダウンロード可能に | GIGAZINE

伊東 寛 × 櫻井よしこ「国益を守るため情報を取るのは世界の常識だ。日本はかなり劣っている」:世界の情報監視プログラムから考える日本の情報・諜報活動 | 言論テレビ

Read Full Post »

[Amazon Prime Air | YouTube

アマゾンの無人配達ドローン[drone:無人機]が話題になっている

Vesper のデベロッパでシアトル在住の Brent Simmons の反応がオモシロい・・・

inessential.com: “Ack-ack” by Brent Simmons: 03 December 2013

     *     *     *

ズドーン、ズドーン(Ack-ack)

自分は銃を持っていない。しかしアマゾンが Air ドローン(Amazon Prime Air)を考えていると知ってライフルを買う気になった。玄関のポーチに座って、ブンブン飛んで行くドローンを撃ち落としたらどんなに気持ちがいいだろう。

I don’t own any guns, but the Amazon Air drones tempt me to buy a rifle. It would be so much fun to sit on my front porch and shoot at the drones as they buzz by.

今日の Ballard[シアトルの近郊]は寒いが、空は驚くほど澄んでいる。スキー帽をかぶり、ウィスキーびんを持って、一仕事して空をきれいに片づけてくるか・・・

It’s cold today in Ballard but the sky is marvelously blue. Today I’d put on a ski cap and grab a bottle of good whisky and do my part to keep the sky clean.

     *     *     *

監視ドローンとどう違うのか

コラテラル・ダメージ[collateral damage:巻き添え被害]の問題ともいえるが、しかしアマゾンの一見無害で幸せなドローンと、グーグルの24時間人間監視装置や警察や NSA[国家安全保障局]のそれとどう区別すればいいというのか。いっそ全部撃ち落としてしまえばいいのだ。

I might argue it’s a matter of collateral damage. I don’t know how I could tell Amazon’s harmless, happy-day drones from Google’s real-time people-watchers — or those of the police or the NSA. It’s best to shoot them all down.

それとも撃ち落とすのが単に楽しいからといった方がいいだろうか。メチャ楽しいと・・・

Or I might argue that it’s just plain fun. So much fun.

     *     *     *

Amazon Prime Air についての記事では Brent Simmons のこの反応がいちばんオモシロかった。

ドローンというとイラクやアフガニスタンで攻撃する遠隔操作の無人偵察・爆撃機のことを考えてしまう。

中国にも 300 機を超えるドローン部隊があるらしい。

フクシマの原発事故直後に放射能測定をしたのもドローンだった。

無人配達機のドローンだといわれてもいささか複雑な思いがする。

NSA 騒ぎに揺れるアメリカでは、国民総監視の可能性と結びつけて考えるひとも多いということか。

最近の技術は手放しでよろこべないものが増えてきたような気がする・・・

[via The Loop

★ →[原文を見る:Original Text

Read Full Post »