A Cybersecurity Threat That Could Be Lurking On Your Phone

A Cybersecurity Threat That Could Be Lurking On Your Phone

Gary Miliefsky, SnoopWall CEO, and founding member of the US Department of Homeland Security announces a privacy breach posed by smartphone flashlight apps. Miliefsky has advised two White House Administrations on Cybersecurity.

He was scheduled to join us on set for Special Report, but we had to make room for breaking news. We know you were all excited to hear this story and so we brought Gary in just for The Daily Bret. Share your thoughts with us on Twitter @BretBaier or here on the blog– after hearing this story will you delete your flashlight app?

Revealed: How governments can take control of smartphones

Revealed: How governments can take control of smartphones

“Our latest research has identified mobile modules that work on all well-known mobile platforms, including as Android and iOS”

RT.com
June 25, 2014

‘Legal malware’ produced by the Italian firm Hacking Team can take total control of your mobile phone. That’s according to Russian security firm Kaspersky Lab and University of Toronto’s Citizen Lab(which also obtained a user manual).

Operating since 2001, the Milan-based Hacking Team employs over 50 people and offers clients the ability to “take control of your targets and monitor them regardless of encryption and mobility,” while “keeping an eye on all your targets and manage them remotely, all from a single screen.”

It’s the first time Remote Control Systems (RCS) malware has been positively linked with mobile phones and it opens up a new privacy threat potential to mobile phone users.

“Our latest research has identified mobile modules that work on all well-known mobile platforms, including as Android and iOS,” wrote Kaspersky researcher Sergey Golovanov.

“These modules are installed using infectors – special executables for either Windows or Macs that run on already infected computers. They translate into complete control over the environment in and near a victim’s computer. Secretly activating the microphone and taking regular camera shots provides constant surveillance of the target – which is much more powerful than traditional cloak and dagger operations.”

20140625-164404-60244101.jpg
Image from citizenlab.org

Police can install the spy malware directly into the phone if there is direct access to the device, or if the owner of the phone connects to an already infected computer, according to Wired.

Various softwares can also lure users to download targeted fake apps.

Once inside an iPhone, for instance, it can access and activate all of the following: control of Wi-Fi, GPS, GPRS, recording voice, e-mail, SMS, MMS, listing files, cookies, visited URLs, cached web pages, address book, call history, notes, calendar, clipboard, list of apps, SIM change, live microphone, camera shots, support chats, WhatsApp, Skype, and Viber.

20140625-164453-60293182.jpg
Image from citizenlab.org

While the malware can be spotted by some of the more sophisticated anti-virus software, it takes special measures to avoid detection – such as “scouting” a victim before installation, “obfuscating”its presence, and removing traces of its activity.

Hacking Team has maintained that its products are used for lawful governmental interceptions, adding that it does not sell items to countries blacklisted by NATO or repressive regimes.

Wired reported that there have been cases where the spying apps were used in illegal ways in Turkey, Morocco, and Saudi Arabia.

Citizen Lab discovered spying malware hiding in a legitimate news app for Qatif Today, an Arabic-language news and information service that reports on events in Saudi Arabia’s eastern Qatif region. It also argued that circumstantial evidence pointed to Saudi Arabia’s government using the spying malware against Shia protesters in the area.

“This type of exceptionally invasive toolkit, once a costly boutique capability deployed by intelligence communities and militaries, is now available to all but a handful of governments. An unstated assumption is that customers that can pay for these tools will use them correctly, and primarily for strictly overseen, legal purposes. As our research has shown, however, by dramatically lowering the entry cost on invasive and hard-to-trace monitoring, the equipment lowers the cost of targeting political threats for those with access to Hacking Team and Gamma Group toolkits,” Citizen Lab said in its report.

20140625-164550-60350694.jpg
Map showing the countries of the current HackingTeam servers’ locations (Image from securelist.com)

Hacking Team controls the spying malware remotely via command-and-control servers. Kaspersky has discovered more than 350 such servers in more than 40 countries. A total of 64 servers were found in the US – more than in any other country. Kazakhstan came in second, with a total of 49 servers found. Thirty-five were found in Ecuador and 32 in the UK.

Here Are 17 Top Bug And Issue Tracking Apps For Developers!

http://www.efytimes.com/e1/fullnews.asp?edid=130338

Tuesday, February 18, 2014: Developers come across a plethora of bugs and issues while creating hundreds, or even thousands, of lines of code! The same can be quite frustrating. In such a situation, making use of bug and issue tracking within your workflow leads to a better end product.

20140218-070449.jpg

Stand Up and Be Counted

My fellow Americans and Friends; on Tuesday, November 6th we stand to either choose a new President or to give 4 more years to the incumbent.  The choice is up to you and the Electoral College.  This is a bit astray from Networking, but every bit as important in my book.  I would ask you to give great thought towards your choice and truly research that which is best for the country, as a whole.

If you should choose to vote for someone other than the primary Republican or Democratic parties or if you should choose not to vote at all, is your vote thrown away?  I would say no, because it is your right and therefore whatever you choose to do with it is completely up to you and no one else.  However, by choosing to cast your vote toward some other party you do not waste your vote because you are telling the country that you do not agree with, or like, the two primary parties.  By voting for someone other than the norm, which we have had ingrained in our minds since childhood, you have the power to say it is time for true change not the façade of change.  At some point in time the third party candidate(s) will get enough votes to truly become a great threat to the party norms and the establishment as a whole.

If you should choose to not vote at all, you are telling the country that you are disgusted with all  of the political BS that is going on these days, or perhaps you are just plain lazy.  In either case, you are telling the country that the party norm(s) are no longer the values that represent America.

Either road you may choose, I would implore you to be an informed voter by studying the issues and not just picking and choosing them.  All of the issues are important, important to you and others.  I urge you neither to vote not as your friends would, nor as your co-workers would, nor as your family would!  Think long and hard and, as John Quincy Adams told us to do, “Always vote for principle, though you may vote alone, and you may cherish the sweetest reflection that your vote is never lost.”  And his father, John Adams, told us that we must vote as a matter of conscience.  So, vote your way, vote your conscience!

You will choose between the following parties:  Republican, Democratic, Constitution, Libertarian, Green, Socialist, and Independent.  Think hard and choose well my friends, the future of the country is at hand and the rhetoric always seems to remain the same.  I have always believed that if you want true change, you must do things differently (think, approach, and vote).

We may not agree with each other, but we do need to respect one another.  Unfortunately, I have little faith that our present representation has any respect for those they purportedly serve.  For example, no matter the party affiliation demanded that the President does not serve more than two terms, but look at the dynasties that have been built by Congressman and Senators.  Some have served as many as 50 years, some 40…the list is quite long.  What of the benefits package, while the American people have 8% unemployment, loss of jobs, wages, and benefits, our representatives want an increase in pay and benefits…and for what?

Our Founding Fathers had the idea, the notion, that people would as a matter of public service represent their fellow Americans and they would not do so for benefits, retirement, etc.  Again, unfortunately, when did we vote for such a thing?  We didn’t, our public servants voted themselves these benefits, pays, and luxuries.  So I would urge you to consider these things when you cast your ballot.

 

Keep these words in mind: “Democracy never lasts long. It soon wastes, exhausts and murders itself. There was never a democracy that did not commit suicide.” ~John Adams

 

Updating to iOS 6

I have read several articles on the updating iPhone 3GS to the newly released iOS 6.

Most were good, a few bad; however, the bad seemed to be primarily with a different iPhone platform or a jail broken phone.

The reviews I have read were:

http://www.gottabemobile.com/2012/09/19/ios-6-on-iphone-3gs-first-impressions-and-performance/

http://answers.yahoo.com/question/index?qid=20120920164714AAYV0dg

http://www.product-reviews.net/2012/09/22/ios-6-problems-incorporate-iphone-battery/

http://arstechnica.com/apple/2012/09/tempting-fate-installing-ios-6-on-the-iphone-3gs/

While I got relatively good information, I remained a bit apprehensive to performing the update…but went ahead with it anyway.

I will play with it for about a week and make my final decision about it and will let you know my opinion.

Please feel free to passing along your thoughts.

CCENT/CCNA Certification

 

Well, I have decided to follow a different path in preparing for the CCNA.  As I have already obtained my CCENT Certification using the Todd Lammle book for the single test CCNA 640-802, without too much difficulty…other than my own foolishness, etc…but I thought I would try the Wendell Odom books through Ciscopress, Official Cert Guides CCNA1 and CCNA2 (640-822 and 640-816 test).  Both authors are CCIEs and are very well qualified for the task.  But each test is structured differently; in-fact, there are certain things that are not on the single test method and are on the dual test method – which for a person such as myself could be an advantage by being introduced to those few items of study.  I have read both good and bad things about the books, but who is ever really a good critic.  Especially when you buy a book, as many of us do, and we mistakenly believe the knowledge will somehow magically be imparted upon us.  So, I will give it a try.  I have not made it past the first chapter yet, but I do like it’s layout so far.  Of course, it does help to skim through the book initially.  I felt it was a nominal investment in my future.

Network VisualizerUp until now, I have used a lab simulator program to play with the many interconnections between the Cisco Routers and Switches.

 

 

 

However, I thought it would be better to have a physical connection to the hardware by obtaining a Cisco CCNA Certification LabI felt it would be better, for me, to have hands on.  Sometimes I just don’t “get it” because I have no connection to what is actually going on.  That is probably one of my biggest problems.  Unlike the books, this will be a rather hefty investment, with a wide range of costs and options; ranging from $199-$1400+.

Browsing Privacy

In this day and age, everyone wants a little privacy, the idealistic genre has the mind “if you don’t have anything to hide, then…” kind of attitude, and as you get older you come to have a great appreciation for privacy.  There are some steps you can take to help your own privacy along.  I was reading Rob Lightner’s article for CNET, “Five Smart Ways to Keep Your Browsing Private”

 

 

  1. One of you biggest concerns is to get rid of all tracking cookies on your computer.  There is a free software that does this called CCleaner.  It is very good, I have tried it.
  2. Opting out of tracking by use of third-party software such as PrivacyChoice, which offers several tools to aid in this endeavor (I have never used it).
  3. Another thing you can do is to prevent the depositing of those tracking cookies and you can do this by making changes to you web-browser.  This is something I do and quite simple to set up.  Just search for you specific browser the way to browse privately.
  4. Anonymous browsing.  According to the article he uses a TOR set up, which I have never used but may toy with sometime.  Apparently TOR protects you via encrypted pathways, thereby protecting the anonymity of your IP address.
  5. Anonymous browsing using proxies.  This is similar to StartPage’s (www.startpage.com) Proxy setting where you use StartPage’s resources to search for something without yielding your IP address.

Of course, there is always the use of a thumb drive being set up with another operating system and setting it in such a way that you save nothing, to be totally private.  I tried this with an old version of Linux when I was in college, but my computer kept locking up.  Just couldn’t figure out what was going on.  Apparently the thumb drive itself was not very compatible with Linux, so I changed the drive and it worked great.

Hope this is useful to you!

Resource: http://howto.cnet.com/8301-11310_39-57363219-285/five-smart-ways-to-keep-your-browsing-private/

 

Techie Tips

Did you know that more data breaches occur due to the improper or illegal use of USB drives within  a network?  How do you think that “bradass” obtained and uploaded the data he disseminated to wikileaks?  It is neither good nor bad, it just is what it is!  But most people do not pay much attention to the simplest of security techniques.  There are ways to shut down the accessibility of the usb ports either by changes in the registry , disabling devices via control panel, locking devices for your usb ports, or perhaps third party software.

People either don’t pay attention or just don’t care that their usb drives  can either carry and inject viruses into your system, or they can store and runoff with the keys to the kingdom (so-to-say) by stealing the information on your computer or network.  Although, it is easier to inject a virus to send all that data off to the cloud while you are unsuspecting the endeavor.

Being aware of what is available and what you can do is half of the battle…the other half is getting up off your backside and actually doing something about it.  In the business world you will/would be expected to do something about it -without fail and without question.  The internet is your stage and your resource, use it to your glory!

http://www.marketwatch.com/story/milton-security-group-the-usb-and-removable-media-security-crisis-2012-01-13