Paranoid Technology All things cybersecurity


Thoughts on the Electronics Ban and How to Protect Your Privacy

Initially was a longer analysis of the whole situation, but we wanted to just focus on the security aspects - here it goes:

Those of us that has been in the field of security for a while knows the concept of security-in-depth… What this means in this context; imagine the airport layers as concentric rings until you get to the plane, there are many – why is this focus on the airplane itself? If the bad guys want to do damage, outer layers of the airport security; ticketing, luggage claim is more vulnerable than anywhere else in the airport because that is where a lot of people congregate in masses, more collateral damage…

Also, is an explosive device in the cargo bay safer than on flight deck? We are not experts on explosives, but logic dictates pressure change in a pressurized cabin in high altitude will not be safe wherever on deck you make it go off… According to the reports the Russian Airliner that went to down over Egypt's Sinai Peninsula in October 2016 was due to an explosive in the cargo hold.


Does the Patriot Act apply to D**k Pics?

After a period of silence watching and obsorbing events around us, we are back with this funny bit on Patriot Act... As you might have followed the intelligence agencies are trying to renew the Patriot Act program under the radar, which is set to expire on June 1, 2015.

Even after the Snowden Revelations the ignorance of the general public on the effects of this program to personal freedoms, the very essence of the U.S. - "Freedom of Speech" is very concerning.  Understandably the technical nature of the Snowden documents are  somewhat intimidating and  people cannot relate to most of these programs unless given a concrete example.  Up until now!!


Symantec Research Discovers a New APT

Almost 24 hours ago Symantec Security researchers published a report on a new APT dubbed Reign. The new threat is a five stage advanced piece of malware (each stage is hidden and encrypted, with the exception of the first stage) , seemingly it has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Reign is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals. Read the full article here.

View the technical paper here.


Zuckerberg Calls Obama about NSA’s antics…

fb-markzuckerbegMark Zuckerbeg apparently called President Obama the day after more revelations from Edward Snowden documents came into light that NSA was using a system called Turbine to emulate Facebook servers for hijacking user accounts and hacking into computer systems.

Zuckerberg who has been speaking against NSA's intrusive surveillance operations for a while now wrote on his page:

"I've called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform."

On his personal page Zuckerberg further said -


GCHQ Tops the Cake with Spying on Yahoo Messenger

optic-nerveAccording to the Guardian newspaper British intelligence agency GCHQ collected millions of people's webcam chats and stored still images of them, including sexually explicit ones in a program called Optic Nerve. Wow! This really tops the cake and takes the UKUSA intelligence sharing agreement to a new level. Let's not forget the "Five Eyes" alliance with Canada, Australia and New Zealand either...

The implications of GCHQ's actions can be far reaching, given that quite a bit of the images captured were sexually implicit ones - just the thought of your government wanting to collect your naked images while chatting is extremely disturbing. Well the thought of being naked in front of the chat is a little disturbing too, but I guess one will think twice before doing that now. Especially the bad guys!


Google Glass can get you a Date with the “Feds” in a Movie Theater


We came across this interesting article on "the gadgeteer" - in short DHS agents unleashed on a Google Glass user in a movie theater. We leave this one to your interpretation:


I have been using Google Glass for about 2 months now, and about 2 weeks ago I got prescription lenses for the glasses. So in the past two weeks I was wearing Google Glass all the time. There were no stories to write about, until yesterday (1/18/2014).

I went to AMC (Easton Mall, Columbus, OH) to watch a movie with my wife (non- Google Glass user). It is the theater we go to every week, so it has probably been the third time I’ve been there wearing Google Glass, and the AMC employees (guy tearing tickets at the entrance, girl at the concession stand) have asked me about Glass in the past and I have told them how awesome Glass is with every occasion.


President given “broad authority” to order cyber attacks

cyber-warfareEnter the era of official cyber warfare. According to a report by The New York Times; a secret White House legal review has cleared the way for preemptive cyber attacks if the president determines there is credible evidence of a pending attack. Granted certain countries are really trying hard to steal corporate secrets, but hopefully, this will not end-up like conventional warfare - remember the (on-going) misguided UAV attacks and now the new enemy cyber terrorists....  Officials who had been involved in the review told The Times' David Sanger and Thom Shanker that the new rules give the president "broad power" to order computer-based attacks on adversaries that disrupt or destroy their systems, without requiring a declaration of war from Congress. The rules also govern how intelligence agencies can monitor networks for early warnings of imminent attacks, and when the Department of Defense can become involved in dealing with domestic network-based attacks.


Twitter Transparency Report

twitter-transperancyTwitter issued its second privacy transparency report today, first one was published on July 2, 2012. In this report Twitter aims to inform the public about the data disclosure requests coming from the governments. There a number of disclosure requests from various world governments, but the majority of the requests came from the U.S. government with 815 accounting for 81% of all requests. Twitter complied with 69% of the requests, identifying 1145 user accounts. See details below:


Red October Cyber Espionage Ring

large-red-october We thought it started with StuxNet and/or Flame - Red October cyber espionage ring has been in operation for 5 years, deep undercover. It targeted most major European governments, diplomatic offices all over the world. The most interesting thing this may not be a state sponsored attack, or so far it seems. During its 5 year existence Red October downloaded hundreds of terabytes of data to its operators. Who is behind this operation is currently unclear. Kaspersky Labs uncovered this espionage ring; senior Kaspersky researcher Roel Schouwenberg told SecurityWatch:...


Wiretapping Law Gets an Extension

wiretappingBetter late then  never, we decide to report this one after all. On Sunday, December 30, 2012, President Obama signed a five-year extension program of a 2008 law that governs warrantless wiretapping.

The warrantless intercept program would have expired at the end of 2012 without the president's approval. The renewal bill won final passage in the Senate on Friday, December 28, 2012. Known as the Foreign Intelligence Surveillance Act (FISA),