Category Archives: Technology

The Threat of Silence

Meet the groundbreaking new encryption app set to revolutionize privacy and freak out the feds.

By 

Updated Monday, Feb. 4, 2013, at 12:21 PM ET

 

For the past few months, some of the world’s leading cryptographers have been keeping a closely guarded secret about a pioneering new invention. Today, they’ve decided it’s time to tell all.

Back in October, the startup tech firm Silent Circle ruffled governments’ feathers with a “surveillance-proof” smartphone app to allow people to make secure phone calls and send texts easily. Now, the company is pushing things even further—with a groundbreaking encrypted data transfer app that will enable people to send files securely from a smartphone or tablet at the touch of a button. (For now, it’s just being released for iPhones and iPads, though Android versions should come soon.) That means photographs, videos, spreadsheets, you name it—sent scrambled from one person to another in a matter of seconds.

“This has never been done before,” boasts Mike Janke, Silent Circle’s CEO. “It’s going to revolutionize the ease of privacy and security.”

True, he’s a businessman with a product to sell—but I think he is right.

The technology uses a sophisticated peer-to-peer encryption technique that allows users to send encrypted files of up to 60 megabytes through a “Silent Text” app. The sender of the file can set it on a timer so that it will automatically “burn”—deleting it from both devices after a set period of, say, seven minutes. Until now, sending encrypted documents has been frustratingly difficult for anyone who isn’t a sophisticated technology user, requiring knowledge of how to use and install various kinds of specialist software. What Silent Circle has done is to remove these hurdles, essentially democratizing encryption. It’s a game-changer that will almost certainly make life easier and safer for journalists, dissidents, diplomats, and companies trying to evade state surveillance or corporate espionage. Governmentspushing for more snooping powers, however, will not be pleased.

By design, Silent Circle’s server infrastructure stores minimal information about its users. The company, which is headquartered in Washington, D.C., doesn’t retain metadata (such as times and dates calls are made using Silent Circle), and IP server logs showing who is visiting the Silent Circle website are currently held for only seven days. The same privacy-by-design approach will be adopted to protect the security of users’ encrypted files. When a user sends a picture or document, it will be encrypted, digitally “shredded” into thousands of pieces, and temporarily stored in a “Secure Cloud Broker” until it is transmitted to the recipient. Silent Circle, which charges $20 a month for its service, has no way of accessing the encrypted files because the “key” to open them is held on the users’ devices and then deleted after it has been used to open the files. Janke has also committed to making the source code of the new technology available publicly “as fast as we can,” which means its security can be independently audited by researchers.

The cryptographers behind this innovation may be the only ones who could have pulled it off. The team includes Phil Zimmermann, the creator of PGP encryption, which is still considered the standard for email security; Jon Callas, the man behind Apple’s whole-disk encryption, which is used to secure hard drives in Macs across the world; and Vincent Moscaritolo, a top cryptographic engineer who previously worked on PGP and for Apple. Together, their combined skills and expertise are setting new standards—with the results already being put to good use.

According to Janke, a handful of human rights reporters in Afghanistan, Jordan, and South Sudan have tried Silent Text’s data transfer capability out, using it to send photos, voice recordings, videos, and PDFs securely. It’s come in handy, he claims: A few weeks ago, it was used in South Sudan to transmit a video of brutality that took place at a vehicle checkpoint. Once the recording was made, it was sent encrypted to Europe using Silent Text, and within a few minutes, it was burned off of the sender’s device. Even if authorities had arrested and searched the person who transmitted it, they would never have found the footage on the phone. Meanwhile, the film, which included location data showing exactly where it was taken, was already in safe hands thousands of miles away—without having been intercepted along the way—where it can eventually be used to build a case documenting human rights abuses.

One of the few people to have tested the new Silent Circle invention is Adrian Hong, the managing director of Pegasus Strategies, a New York-based consulting firm that advises governments, corporations, and NGOs. Hong was himself ensnared by state surveillance in 2006 and thrown into a Chinese jail after getting caught helping North Korean refugees escape from the regime of the late Kim Jong Il. He believes that Silent Circle’s new product is “a huge technical advance.” In fact, he says he might not have been arrested back in 2006 “if the parties I was speaking with then had this [Silent Circle] platform when we were communicating.”

But while Silent Circle’s revolutionary technology will assist many people in difficult environments, maybe even saving lives, there’s also a dark side. Law enforcement agencies will almost certainly be seriously concerned about how it could be used to aid criminals. The FBI, for instance, wants all communications providers to build in backdoors so it can secretly spy on suspects. Silent Circle is pushing hard in the exact opposite direction—it has an explicit policy that it cannot and will not comply with law enforcement eavesdropping requests. Now, having come up with a way not only to easily communicate encrypted but to send files encrypted and without a trace, the company might be setting itself up for a serious confrontation with the feds. Some governments could even try to ban the technology.

Janke is bracing himself for some “heat” from the authorities, but he’s hopeful that they’ll eventually come round. The 45-year-old former Navy SEAL commando tells me he believes governments will eventually realize that “the advantages are far outweighing the small ‘one percent’ bad-intent user cases.” One of those advantages, he says, is that “when you try to introduce a backdoor into technology, you create a major weakness that can be exploited by foreign governments, hackers, and criminal elements.”

If governments don’t come round, though, Silent Circle’s solution is simple: The team will close up shop and move to a jurisdiction that won’t try to force them to comply with surveillance.

“We feel that every citizen has a right to communicate,” Janke says, “the right to send data without the fear of it being grabbed out of the air and used by criminals, stored by governments, and aggregated by companies that sell it.”

The new Silent Circle encrypted data transfer capability is due to launch later this week, hitting Apple’s App Store by Feb. 8. Expect controversy to follow.

This article arises from Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.

Slate

DoS vulnerability affects older iPhones, Droids, even a Ford car

Publicly available code allows hackers to disable Wi-Fi in a range of products.

by  – Oct 26 2012, 1:50pm EDT

 

The iPhone 4 and a slew of older devices from Apple, Samsung, HTC, and other manufacturers are vulnerable to attacks that can make it impossible to send or receive data over Wi-Fi networks, a security researcher said.

Proof-of-concept code published online makes it trivial for a moderately skilled hacker to disable older iPhones, HTC Droid Incredible 2s, Motorola Droid X2s, and at least two-dozen other devices, including Edge model cars manufactured by Ford. The Denial-of-Service vulnerability stems from an input-validation error in the firmware of two wireless chips sold by Broadcom: the BCM4325 and theBCM4329. The US Computer Emergency Readiness Team has also issued an advisory warning of the vulnerability.

“The only requirement to exploit the vulnerability is to have a wireless card that supports [the] raw inject of 802.11 frames,” Andrés Blanco one of the researchers from Core Security who discovered the vulnerability, told Ars. “The Backtrack Linux distribution has almost everything you need to execute the POC provided in the advisory.”

The Core Security advisory said that Broadcom has released a firmware update that patches the “out-of-bounds read error condition” in the chips’ firmware. Device manufacturers are making it available to end users on a case-by-case basis since many of the affected products are older and already out of service.

Blanco said the exploit makes it impossible for an affected device to send or receive data over Wi-Fi for as long as the DoS attack lasts. Once the malicious packets subside, the device will work normally. Other device functions are unaffected by the Wi-Fi service interruption. He said it’s possible the bug could be exploited to do more serious things.

“We are not sure that we could retrieve private user data but we are going to look into this,” he said.

 http://arstechnica.com/security/2012/10/dos-vulnerability-affects-older-iphones-androids-even-a-ford-car/

Computer Forensics New York

ICORP Investigations provide expert computer forensic investigations, e-discovery, and preventative forensics to businesses, individuals and attorneys worldwide.

Types of Cases

  • Wrongful termination lawsuits
  • Employee theft of trade secrets, customer/marketing/sales data
  • Copyright/patent/intellectual property infringement
  • Divorce and other family-law matters
  • Illegal internet activity or pornography
  • Sexual harassment lawsuits, threats, or hostile workplace claims
  • Use of business computers for personal work or outside ventures
  • Industrial espionage and software piracy
  • Breach of contract or violation of fiduciary duties

How can ICORP help you.

IRS releases annual ‘Dirty Dozen’ tax scams

Originally published Saturday, April 7, 2012 at 8:00 PM

The IRS doesn’t send you an email out of the blue asking for information. And if you get such an email, you should forward it to phishing@irs.gov.

By Eileen Ambrose, The Baltimore Sun

Each year, the Internal Revenue Service puts out a list of the top 12 tax scams to avoid — as victim or perpetrator. This year’s list:

• Identity theft: The IRS says it has a comprehensive strategy targeting ID theft. It also has increased internal reviews “to spot false tax returns before tax refunds are issued and is working to help victims of identity theft refund schemes.”

• Phishing: With this tactic, a thief sends an email or sets up a fake website with the hope of luring consumers to give up some of their personal information. The IRS doesn’t send you an email out of the blue asking for information. And if you get such an email, you should forward it to phishing@irs.gov.

• Return-preparer fraud: Shady preparers have taken clients’ refunds, overcharged customers and promised fat refunds to gain new clients. If you don’t deserve a fat refund, though, you can end up getting burned.

• Hiding income offshore.

• “Free money” from the IRS and tax scams involving Social Security: The IRS says this scam has been cropping up in community churches. The scammers convince the elderly and those with low income that they are entitled to money from the IRS and Social Security. The con artists collect a fee, but the filer’s claims are rejected.

• False/inflated income and expenses.

• False Form 1099 refund claims: This involves creating a false federal income-tax form to claim tax breaks.

• Frivolous arguments: One of them is that the 16th Amendment, which permits tax collections, wasn’t ever ratified, so you don’t have to pay taxes. Not true, as some jailed celebrities have found out.

• Falsely claiming zero wages.

• Abuse of charitable organizations and deductions.

• Disguised corporate ownership: Some people hide the true ownership of a business so they can avoid taxes.

• Misuse of trusts: You can’t always use a trust to shelter assets from taxes.

%d bloggers like this: