It's getting more difficult with every passing day to keep from being spied upon by nefarious tools interested in getting their hands on your personal information, creeping on what you're browsing with on your laptop or phone and, if you've not bothered to cover up that webcam, keep tabs on your life as they stream images of your day-to-day doings across the Internet. Thanks to a group of computer-savvy scientists, it looks like there may soon be one more monitoring method that we'll have to watch out for.
From Ars Technica:
Daniel Genkin of the University of Michigan, Mihir Pattani of the University of Pennsylvania, Roei Schuster of Cornell Tech and Tel Aviv University, and Eran Tromer of Tel Aviv University and Columbia University investigated a potential new avenue of remote surveillance that they have dubbed "Synesthesia": a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on "content-dependent acoustic leakage from LCD screens."
Synesthesia, at its core, is pretty much just Van Eck phreaking with a twist. Where Van Eck phreaking typically uses radio signals leaking from display hardware to snoop on what a computer user's perusing, Synesthesia listens for aural emissions from the bits and pieces that are required to power a display. Depending on what you're looking at on your computer's screen, the power being sent out to drive each pixel ramps up or down. This changes the pitch of power running through the display's guts. By capturing this audio for review, using the microphone built into the device or a nearby device like an Amazon Echo or other digital assistant-enabled device (never let one in your house,) it's very possible that a hacker could sort out what you were looking at with a bit of skill and a whole lot of machine learning. Read the rest
If someone has been trashing your Detroit gas station for an hour, and cops still haven't responded, chances are your business hasn't enrolled in Project Green Light. Read the rest
Internet traffic nowadays is mostly encrypted (“HTTPS”). Thus, for a few years now, Law Enforcement Agencies (LEA) have been facing far more challenges at gathering data through the interception of connections than they used to.
The Snoopers Charter, an extreme surveillance bill that passed last week, and it's the most extensive domestic spying regime that any "democratic" country has passed, and is a potential blueprint for Orwellian surveillance elsewhere in the years to come. Read the rest
Geofeedia bills itself as a way for marketers to reach potential customers through geotagged "hashtag listening," but they also sell it to police departments for "predicting, analyzing and acting on social media conversations," like, say, peaceful protests. Read the rest
America paid about $16 billion to five companies last year for 80% of our contracted domestic and international surveillance: Leidos Holdings, CSRA Inc., SAIC, CACI International, and Booz Allen Hamilton, recently in the news following an employee arrest on cyberweapons theft charges.
Tim Shorrock at The Nation did the legwork to to come up with the numbers.
“The problem with just five companies providing the lion’s share of contractors is that the client, the U.S. government, won’t have much alternative when a company screws up,” says David Isenberg, the author of Shadow Force: Private Security Contractors in Iraq. [...] “There comes a point when the marketplace is so concentrated that the service provider simply becomes too big to fail, no matter how lousy their performance,” says Isenberg, who closely monitors the privatization of national-security work. “If that makes you think of the financial-services industry, well, that’s exactly what I’m talking about.”
• 5 Corporations Now Dominate Our Privatized Intelligence Industry (The Nation)
Image: Thomas Tolkein Read the rest
The Intercept has obtained a secret government catalog that law enforcement agencies use to source even-more-secret cellular spying devices, mostly variants on the Read the rest