Major vulnerability in 5G means that anyone with $500 worth of gear can spy on a wide area's mobile activity

Stingrays (AKA IMSI catchers) are a widespread class of surveillance devices that target cellular phones by impersonating cellular towers to them (they're also called "cell-site simulators"). Read the rest

Undercover who targeted Citizen Lab over Israeli cyber-arms dealer is an ex-Israeli spook linked to black ops firm used by Harvey Weinstein

Last week, Citizen Lab and the AP published a blockbuster story revealing that Citizen Lab had been targeted by undercover operatives who pumped Lab employees for information on the group's work uncovering illegal surveillance operations undertaken by authoritarian governments using tools made by the notorious Israeli cyber-arms dealer NSO Group. Read the rest

Teen Vogue counsels taping over your webcam to resist FBI (and other) surveillance

As EFF's Eva Galperin notes, Nicole Kobie's story about resisting surveillance by taping over your webcam "proves that once more, the best and most straightforward tech reporting is being done by Teen Vogue." Read the rest

El Chapo went down because his sysadmin sold him out

Here's something to remember come the next Sysadmin Appreciation Day: Mexican drug lord El Chapo was only caught because his systems administrator flipped and started working for the feds, backdooring El Chapo's comms infrastructure and providing the cops with the decryption keys needed to eavesdrop on El Chapo's operations. Read the rest

Italian prosecutors have given up on catching the person who hacked and destroyed Hacking Team

Hacking Team (previously) was an Italian company that developed cyberweapons that it sold to oppressive government around the world, to be used against their own citizens to monitor and suppress political oppositions; in 2015, a hacker calling themselves "Phineas Fisher" hacked and dumped hundreds of gigabytes' worth of internal Hacking Team data, effectively killing the company. Read the rest

State surveillance company leaked its own data, its customers' data, and its customers' victims' data

Wolf Intelligence is a German state surveillanceware company founded by Manish Kumar, selling tools that independent researchers described as "very shitty and it’s just copy paste from open source projects," used by governments to spy on their citizens. Read the rest

Evidence of NSO Group surveillance products found in 45 countries, including notorious human-rights abusers

Researchers from the University of Toronto's outstanding Citizen Lab (previously) have published their latest research on the notorious and prolific Israeli cyber-arms-dealer The NSO Group (previously), one of the world's go-to suppliers for tools used by despots to spy on dissidents and opposition figures, often as a prelude to their imprisonment, torture and murder. Read the rest

The secret, unaccountable location-tracking tool favored by dirty cops has been hacked (and it wasn’t hard)

Securus is the widely abused location-tracking tool that exploits a loophole in privacy law to allow police to extract realtime and historical cellphone location data without a warrant or any accountability. Read the rest

Cops routinely unlock phones with corpses' fingers

Since 2016, when an FBI agent first used a dead suspect's finger to unlock his phone, police forces across the USA have made a routine practice of unlocking phones using suspects and victims' dead fingers, saving big on buying cyberwar tools like Cellebrite's $1500-$3000 unlocker, or Grayshift's $30k/year Graykey. Read the rest

Raleigh cops are investigating crime by getting Google to reveal the identity of every mobile user within acres of the scene

Public records requests have revealed that on at least four occasions, the Raleigh-Durham police obtained warrants forcing Google to reveal the identities of every mobile user within acres of a crime scene, sweeping up the personal information of thousands of people in a quest to locate a single perp. Read the rest

AMDFLAWS: a series of potentially devastating (but controversial) attacks on AMD processors

Israeli security research firm CTS-Labs has published a white paper detailing nine flaws in AMD processors that they claim leave users open to devastating attacks with no mitigation strategies; these attacks include a range of manufacturer-installed backdoors. Read the rest

A new government malware company, fronted by Hacking Team's old spokesjerk, says it can spy on Signal and Telegram

Grey Heron is a new cyber-arms dealer offering to sell hacking tools to governments; it is fronted by Eric Rabe, who previously represented the disgraced, hacked Italian malware company Hacking Team, notorious for selling spy tools to governments that used them to target dissidents who were tortured and murdered after they were outed. Read the rest

Epidemic of cryptojacking can be traced to escaped NSA superweapon

The epidemic of cryptojacking malware isn't merely an outgrowth of the incentive created by the cryptocurrency bubble -- that's just the motive, and the all-important the means and opportunity were provided by the same leaked NSA superweapon that powered last year's Wannacry ransomware epidemic. Read the rest

Dissidents are getting destroyed by information attacks and tech isn't doing enough to help

A pair of researchers have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable. Read the rest

Motherboard files legal complaint against London police to force it to explain why an officer bought creepy, potential illegal stalkerware

Flexispy is the creepy stalkerware advertised to abusive spouses and exes that Motherboard's Joseph Cox has been relentlessly tracking; when he acquired a leaked trove of the company's files, he started to mine it to see who was buying the potentially illegal app. Read the rest

Florida state cop says he can't remember why he bought mobile stalking app

Flexispy is a creepy, potentially illegal piece of stalkerware marketed to abusive men who want to spy on their partners; but Jim Born, an ex-DEA cop and retired Florida Department of Law Enforcement agent (now a crime novelist) says that he thinks he "used on a case or tried it to understand how it worked. Nothing nefarious." Read the rest

Only Chinese companies will be allowed to map Chinese roads

Self-driving cars require incredibly accurate, up-to-date maps; in China, only Chinese companies will be able to make these maps. Nominally, this is about preventing espionage, but it also has the non-coincedental effect of forcing foreign autonomous vehicle companies to partner with (much more easily controlled) Chinese firms, a policy already in place for traditional auto manufacturing. Read the rest

More posts