Resources

Stare Into The Lights My Pretties

The dangers of trusting robots

Emphasis added:

“There are many other examples of intelligent technology gone bad, but more often than not they involve deception rather than physical danger. Malevolent bots, designed by criminals, are now ubiquitous on social media sites and elsewhere online. The mobile dating app Tinder, for example, has been frequently infiltrated by bots posing as real people that attempt to manipulate users into using their webcams or disclosing credit card information. So it’s not a stretch to imagine that untrustworthy bots may soon come to the physical world.

Meanwhile, increasing evidence suggests that we are susceptible to telling our deepest, darkest secrets to anthropomorphic robots whose cute faces may hide exploitative code – children particularly so. So how do we protect ourselves from double-crossing decepticons?”

Stare Into The Lights My Pretties

The dystopian lake filled by the world’s tech lust

“Welcome to Baotou, the largest industrial city in Inner Mongolia. I’m here with a group of architects and designers called the Unknown Fields Division, and this is the final stop on a three-week-long journey up the global supply chain, tracing back the route consumer goods take from China to our shops and homes, via container ships and factories.

You may not have heard of Baotou, but the mines and factories here help to keep our modern lives ticking. It is one of the world’s biggest suppliers of “rare earth” minerals. These elements can be found in everything from magnets in wind turbines and electric car motors, to the electronic guts of smartphones and flatscreen TVs. In 2009 China produced 95% of the world’s supply of these elements, and it’s estimated that the Bayan Obo mines just north of Baotou contain 70% of the world’s reserves. But, as we would discover, at what cost?

After seeing the impact of rare earth mining myself, it’s impossible to view the gadgets I use everyday in the same way. As I watched Apple announce their smart watch recently, a thought crossed my mind: once we made watches with minerals mined from the Earth and treated them like precious heirlooms; now we use even rarer minerals and we’ll want to update them yearly. Technology companies continually urge us to upgrade; to buy the newest tablet or phone. But I cannot forget that it all begins in a place like Bautou, and a terrible toxic lake that stretches to the horizon.”

“New website lets anyone spy on Tinder users”

“Tinder isn’t as private as many of its users think, and a new website which aims to exploit that is causing concern among users of the dating app.

“Swipebuster” promises to let Tinder users find out whether people they know have an account on the dating app, and even stalk them down to their last known location.

The website charges $4.99 (£3.50) to let someone see whether the target is using Tinder, and can narrow down results by first name, age, gender and location.

But it doesn’t do so by hacking into Tinder, or even by “scraping” the app manually. Instead, it searches the database using Tinder’s official API, which is intended for use by third-party developers who want to write software that plugs in with the site. All the information that it can reveal is considered public by the company, and revealed through the API with few safeguards.

Although the site seems targeted at those who want to catch cheating partners on the app, its developer says he had a different motivation in mind, telling Vanity Fair that he wanted to highlight oversharing online.

“There is too much data about people that people themselves don’t know is available,” the anonymous developer said. “Not only are people oversharing and putting out a lot of information about themselves, but companies are also not doing enough to let people know they’re doing it.”

But the argument that Swipebuster is made to highlight privacy breaches on Tinder’s part seems questionable when one looks at the website itself. Under a headline reading “Find out if they’re using Tinder for only $4.99”, the site says nothing about privacy or expectations thereof, instead offering only a walkthrough for users who want to pay for its services. An animated gif showing the process ends with an image of the supposed target superimposed with the word “Busted”.

Brain implant that automatically adjusts Dopamine levels

CIA investing in firms that mine Tweets, Instagram photos, and skin care products that collect your DNA

“Soft robots that can grasp delicate objects, computer algorithms designed to spot an “insider threat,” and artificial intelligence that will sift through large data sets — these are just a few of the technologies being pursued by companies with investment from In-Q-Tel, the CIA’s venture capital firm, according to a document obtained by The Intercept.

Yet among the 38 previously undisclosed companies receiving In-Q-Tel funding, the research focus that stands out is social media mining and surveillance; the portfolio document lists several tech companies pursuing work in this area, including Dataminr, Geofeedia, PATHAR, and TransVoyant.”

Source: https://theintercept.com/2016/04/14/in-undisclosed-cia-investments-social-media-mining-looms-large/

And…

“SKINCENTIAL SCIENCES, a company with an innovative line of cosmetic products marketed as a way to erase blemishes and soften skin, has caught the attention of beauty bloggers on YouTube, Oprah’s lifestyle magazine, and celebrity skin care professionals. Documents obtained by The Intercept reveal that the firm has also attracted interest and funding from In-Q-Tel, the venture capital arm of the Central Intelligence Agency.

The previously undisclosed relationship with the CIA might come as some surprise to a visitor to the website of Clearista, the main product line of Skincential Sciences, which boasts of a “formula so you can feel confident and beautiful in your skin’s most natural state.”

Though the public-facing side of the company touts a range of skin care products, Skincential Sciences developed a patented technology that removes a thin outer layer of the skin, revealing unique biomarkers that can be used for a variety of diagnostic tests, including DNA collection.

Skincential Science’s noninvasive procedure, described on the Clearista website as “painless,” is said to require only water, a special detergent, and a few brushes against the skin, making it a convenient option for restoring the glow of a youthful complexion — and a novel technique for gathering information about a person’s biochemistry.”

Source: https://theintercept.com/2016/04/08/cia-skincare-startup/

FBI surveilled cars sporting pro-peace bumper stickers, targeting activists

“Tomorrow marks the 35th anniversary of Food Not Bombs—the name given to autonomous groups and independent collectives that serve free vegan and vegetarian food in opposition of poverty and hunger, and also in protest of economic disparity and rapacious militarism. But, “despite seemingly the non-controversial nature of the activist group’s titular three-word mission statement, FBI files released earlier this week show that serving up home-cooked vegan moussaka is apparently enough to warrant suspicions of terrorism.

The files, which begin in the early naughts, appear to be focused on one particular FNB chapter based out of Virginia Commonwealth University in Richmond, Virginia. The bulk of the records concern the organization’s rather obvious opposition to the Iraq war.

In fact, the release included a CD comprised of extensive surveillance footage from an anti-war protest in Richmond on July 3rd, 2003.”

Fingerprints to be tested as ‘currency’

“Starting this summer, the [Japanese] government will test a system in which foreign tourists will be able to verify their identities and buy things at stores using only their fingerprints.

The government hopes to increase the number of foreign tourists by using the system to prevent crime and relieve users from the necessity of carrying cash or credit cards. It aims to realize the system by the 2020 Tokyo Olympic and Paralympic Games.

The experiment will have inbound tourists register their fingerprints and other data, such as credit card information, at airports and elsewhere.

Tourists would then be able to conduct tax exemption procedures and make purchases after verifying their identities by placing two fingers on special devices installed at stores.”

Heavy social media users trapped in endless cycle of depression

“The more time young adults spend on social media, the more likely they are to become depressed, a study has found.

Of the 19 to 32-year-olds who took part in the research, those who checked social media most frequently throughout the week were 2.7 times more likely to develop depression than those who checked least often.

The 1,787 US participants used social media for an average 61 minutes every day, visiting accounts 30 times per week. Of them a quarter were found to have high indicators of depression.”

How mass surveillance silences minority opinions

“A new study shows that knowledge of government surveillance causes people to self-censor their dissenting opinions online. The research offers a sobering look at the oft-touted “democratizing” effect of social media and Internet access that bolsters minority opinion.

The study, published in Journalism and Mass Communication Quarterly, studied the effects of subtle reminders of mass surveillance on its subjects. The majority of participants reacted by suppressing opinions that they perceived to be in the minority. This research illustrates the silencing effect of participants’ dissenting opinions in the wake of widespread knowledge of government surveillance, as revealed by whistleblower Edward Snowden in 2013.

The “spiral of silence” is a well-researched phenomenon in which people suppress unpopular opinions to fit in and avoid social isolation. It has been looked at in the context of social media and the echo-chamber effect, in which we tailor our opinions to fit the online activity of our Facebook and Twitter friends. But this study adds a new layer by explicitly examining how government surveillance affects self-censorship.”

Surveillance cameras sold on Amazon infected with malware

“Security researcher Mike Olsen has warned that some products sold through the Amazon marketplace are habouring a dark secret — malware.

Olsen said in a blog post that while scouring Amazon for a decent set of outdoor surveillance cameras for a friend, he came across a deal for 6 PoE cameras and recording equipment.

The seller, Urban Security Group, had generally good reviews and was offering a particular Sony setup on sale.

After purchasing the kit, Olsen started setting up the surveillance system, logging into the administrator panel to configure it.

While the page hosted the camera feed, no “normal controls or settings were available,” according to the researcher.

”Being one of those guys who assumes bad CSS, I went ahead and opened up developer tools,” Olsen said.

”Maybe a bad style was hiding the options I needed. Instead what I found tucked at the bottom of the body tag was an iframe linking to a very strange looking host name.”

Further investigation revealed the host name, Brenz.pl, is linked to malware distribution.

According to cybersecurity firm Securi, Brenz was first spotted distributing malware back in 2009 before being shut down, but reemerged in 2011. Compromised domains link to the address through malicious iFrames for the purpose of distributing malware hosted on the website.

VirusTotal recognizes the web domain as a malicious source and scans reveal that Trojans and viruses may be hosted by Brenz.pl.

If the device’s firmware links to this domain, malware can be downloaded and installed, potentially leading to unlawful surveillance and data theft.

The problem was also recently brought up in a forum post on the SC10IP firmware, which is used in commercial products and also links to Brenz.pl.

Threats do not just come from dodgy social media links, phishing campaigns or social engineering — firmware can host malware, too.

The take-home from this is that any device, especially when it contains networking or Internet capabilities, can harbour threats to personal safety and data security, and while the average person is unlikely to do a full-scale code search, checking reviews and alerts for such products online is worthwhile — even if the platform is trusted.

”Amazon stuff can contain malware,” Olsen said.”

Surveillance drones routinely circle over most major cities in United States

Feeding Video Game Data to AIs

Feed the data of millions of people playing various computer games into AI machine learning and shaping algorythms… It’s already happening to an extent:

“The latest computer games can be fantastically realistic. Surprisingly, these lifelike virtual worlds might have some educational value, too—especially for fledgling AI algorithms.

Adrien Gaidon, a computer scientist at Xerox Research Center Europe in Grenoble, France, remembers watching someone play the video game Assassins Creed when he realized that the game’s photo-realistic scenery might offer a useful way to teach AI algorithms about the real world. Gaidon is now testing this idea by developing highly realistic 3-D environments for training algorithms how to recognize particular real-world objects or scenarios.

The idea is important because cutting-edge AI algorithms need to feed on huge quantities of data in order to learn to perform a task. Sometimes, that isn’t a problem. Facebook, for instance, has millions of labeled photographs with which to train the algorithms that automatically tag friends in uploading images (see “Facebook Creates Software that Matches Faces Almost as Well as You Do”). Likewise, Google is capturing huge amounts of data using its self-driving cars, which is then used to refine the algorithms that control those vehicles.

But most companies do not have access to such enormous data sets, or the means to generate such data from scratch.

To fill in those gaps, Gaidon and colleagues used a popular game development engine, called Unity, to generate virtual scenes for training deep-learning algorithms—a very large type of simulated neural network—to recognize objects and situations in real images. Unity is widely used to make 3-D video games, and many common objects are available to developers to use in their creations.

A paper describing the Xerox team’s work will be presented at a computer vision conference later this year. By creating a virtual setting, and letting an algorithm see lots of variations from different angles and with different lighting, it’s possible to teach that algorithm to recognize the same object in real images or video footage. “The nice thing about virtual worlds is you can create any kind of scenario,” Gaidon says.

Gaidon’s group also devised a way to convert a real scene into a virtual one by using a laser scanner to capture a scene in 3-D and then importing that information into the virtual world. The group was able to measure the accuracy of the approach by comparing algorithms trained within virtual environments with ones trained using real images annotated by people. “The benefits of simulation are well known,” he says, “but [we wondered], can we generate virtual reality that can fool an AI?”

The Xerox researchers hope to apply the technique in two situations. First, they plan to use it to find empty parking spots on the street using cameras fitted to buses. Normally doing this would involve collecting lots of video footage, and having someone manually annotate empty spaces. A huge amount of training data can be generated automatically using the virtual environment created by the Xerox team. Second, they are exploring whether it could be used to learn about medical issues using virtual hospitals and patients.

The challenge of learning with less data is well known among computer scientists, and it is inspiring many researchers to explore new approaches, some of which take their inspiration from human learning (see “Can This Man Make AI More Human?”).

“I think this is a very good idea,” says Josh Tenenbaum, a professor of cognitive science and computation at MIT, of the Xerox project. “It’s one that we and many others have been pursuing in different forms.”

Study: The Chilling Effect of Mass Surveillance with Social Media

“Research suggests that widespread awareness of mass surveillance could undermine democracy by making citizens fearful of voicing dissenting opinions in public. A paper published in Journalism and Mass Communication Quarterly, the flagship peer-reviewed journal of the Association for Education in Journalism and Mass Communication (AEJMC), found that “the government’s online surveillance programs may threaten the disclosure of minority views and contribute to the reinforcement of majority opinion.” The NSA’s “ability to surreptitiously monitor the online activities of U.S. citizens may make online opinion climates especially chilly” and “can contribute to the silencing of minority views that provide the bedrock of democratic discourse,” the researcher found.”

“How entitled children are making their parents’ lives hell”

“Sons are smashing windows, furious they’re asked to stop playing computer games. Doors are hanging off hinges having been slammed so hard in a fit of pique. Teenagers are holding knives to their mother’s throat, or threatening to kill themselves.

This is the pointy end of entitlement, the defining characteristic of this generation of children.

[…]

Mental health issues predicted

Kids who grow up insulated from difficulty and disappointment are also likely to struggle in adulthood if they don’t get into their first preference for uni, miss out on a job, or are dumped by the love of their life.”

“Dog Grabs Shoppers’ Attention Via Interactive Billboards”

An example of advertising meets personalisation for good-old manipulative marketing outcomes. Please excuse the barrage of branding/product mentions throughout the copy and media materials.

Also note how the point of deploying the technology is entirely covert and great lengths are gone to embed hidden tracking systems into the physical environment. Persons subjected to the advertising are also not told that they’re accepting a tracking device for the purposes of such advertising where the content displayed is specifically for tailored emotional manipulation much more than ordinary advertising. Persons later question if the experience was a “coincidence,” etc.

Emphasis added:

For two weeks this past spring, some shoppers at the Westfield Stratford shopping mall in the United Kingdom were followed by a homeless dog appearing on electronic billboards. The roving canine, named Barley, was part of an RFID-based advertisement campaign conducted by Ogilvy on behalf of the Battersea Dogs and Cats Home, a rehabilitation and adoption organization for stray animals. The enabling technology was provided by Intellifi, and was installed by U.K.-based RFID consultancy RFIDiom.

Ogilvy’s ad campaign was the brainchild of William Godfrey, an “experience designer” at the advertising agency. Ogilvy is a fan of Battersea—and of pets in general—Godfrey explains, and he thought about how technology could be used to bring the plight of homeless animals directly to the public in a memorable way. “I had the idea that it would be lovely to digitalize dogs,” he says, and radio frequency identification seemed the best technology to make it appear that a digitalized canine was following people in the way that an actual stray dog might do. Ogilvy had considered the use of other technologies, such as cameras, but ultimately decided that RFID would make the process seamless and automatic.

[…]

Eric Jones, RFIDiom’s managing director, says he, too, is an animal lover. When Ogilvy suggested a campaign using RFID to put images of pets in front of shoppers on an individualized basis, Jones was up to the task, despite the short (two-week) deadline. It was a bit different than the company’s typical RFID deployments (which include document-tracking, supply chain management and industrial traceability solutions), and he says he and his engineers enjoy a good challenge.
 

The RFID system worked this way: representatives of the Battersea Dogs and Cats Home, including Fishersmith herself, greeted shoppers at the entrance, offering them an RFID-tagged Battersea brochure if they seemed especially interested in pets. To better judge this, one individual stood at the entrance holding a dog or cat from the shelter. Every shopper who walked up to the animal to get a closer look at or pet it received a brochure. Attached to that brochure was a Smartrac Frog 3D RFID inlay encoded with a unique ID number that the system would recognize. That ID was not connected to any data about the individual carrying the brochure, since the company’s intention was that shoppers would remain anonymous.

Consumers were not told that the brochure had any special technology built into it. Therefore, an individual could be surprised when the advertising video changed to a dog—Barley—when he or she approached the billboard.

An Intellifi Smartspot RFID reader.

A total of seven digital billboards, located in or near the mall, were RFID-enabled, according to Matthijs van der Weg, Intellifi’s CEO.

An Intellifi reader (known as a Smartspot), with as many as six antennas built into it, was installed at each of the seven billboard sites, and some of the readers were also fitted with an additional external Intellifi reader antenna. The reader detected the zone in which an individual was located. Each antenna supported two to three zones, with a single zone’s radius equal to a distance of three steps that a shopper might move while walking. The reader forwarded the brochures’ unique IDs and signal information to Intellifi’s Brain software on the server, which then calculated each shopper’s location relative to that particular billboard.

The location data was provided to Ogilvy’s content-management software, which displayed an image of a dog whose movements corresponded to that shopper’s location. If the person holding the RFID-tagged brochure was walking to the left, the dog followed in that direction. As he or she approached the screen, the animal on the video seemed to approach as well.

The system also tracked which screens a shopper had already passed. This allowed the billboards to play only video images that he or she had not already seen.

Some reader installations were easier than others, Jones says. At some billboards, for instance, there was a power source to which the reader could be connected, while in other cases RFIDiom installed standalone power units to energize the readers. It was important that the hardware not be apparent, he adds, and RFIDiom made a few creative adjustments to ensure that the readers, antennas and power units were obscured.

In some cases, the readers were painted green and hung in trees or placed in bushes near the screen, while others were attached to lampposts. One RFID-enabled billboard was located on a nearby footbridge that some shoppers traversed to reach the mall. In this case, RFIDiom installed flowerbeds with false bottoms and buried the readers in with the flowers.

 
During the two weeks in April, the system tracked hundreds of shoppers. “People did a bit of a double-take,” Fishersmith says. “At first, they weren’t sure if it was just a coincidence that the dog seemed to be following them.” In some cases, they approached the Battersea representatives in front of the mall to ask if their experience had just been a coincidence, and many wanted to repeat the process.

Altogether, Godfrey says, shoppers carried about 700 brochures throughout the mall. The campaign’s successful result, he adds, “has put RFID on the radar” for other Ogilvy engineers. “I don’t think it will be the last time” Ogilvy will use such technology, he predicts, noting that the specific campaign will need to be one that benefits from the sense of having content follow an individual (in the same way Barley did).

“The main thing is that we proved it could be done,” Jones says, speaking on behalf of Intellifi and RFIdiom.

Here is some footage of people “interacting” with the system as part of the marketing campaign. The footage is basically an ad, it’s from the campaign’s website:
 

When our Televisions Watch Us

“George Orwell would be proud. Earlier this week Propublica discovered that more than 10 million Vizio televisions silently record what their owners are watching and send a live-stream of their viewing habits to a commercial company that uses it to profile them. Most disturbingly, Vizio ties this viewing information to the user’s IP address, allowing their offline interests to be used to target them with advertisements in the online world.

According to Vizio, the company uses this information to offer advertisers “highly specific viewing behavior data on a massive scale with great accuracy” thatrepresents a “revolutionary shift across all screens that brings measurability, relevancy and personalization to the consumer like never before.” Security vendor Avast published an analysis on Wednesday that dissects the data stream Vizio sends back, showing that it is essentially a low-resolution screen capture taken at regular intervals of whatever is on the screen at that moment.

Yet, for all of the uproar this discovery has caused, it is just part of a broader trend of humans being intricately profiled through the digital trails they leave. Hospitals and insurance companies are beginning to explore using public records and credit card purchase data to determine how healthy you are being in your daily life. For example, buying a pack of cigarettes at the gas station, buying donuts on the way home, stopping off at a fast food restaurant for lunch, or letting your gym membership lapse could all be reported back to your doctor and potentially used to increase your insurance rates.”

How the CIA made Google… and WHY

Two articles from Medium by ‘Insurge Intelligence,’ a crowd-funded investigative journalism project, tell the story of how the United States intelligence community funded, nurtured and incubated Google as part of a drive to dominate the world through control of information. Seed-funded by the NSA and CIA, Google was merely the first among a plethora of private sector start-ups co-opted by US intelligence to retain ‘information superiority.’

By Nafeez Ahmed.

 

Part One: How the CIA made Google

“From inception, in other words, Google was incubated, nurtured and financed by interests that were directly affiliated or closely aligned with the US military intelligence community: many of whom were embedded in the Pentagon Highlands Forum.

The US intelligence community’s incubation of Google from inception occurred through a combination of direct sponsorship and informal networks of financial influence, themselves closely aligned with Pentagon interests.

The Highlands Forum itself has used the informal relationship building of such private networks to bring together defense and industry sectors, enabling the fusion of corporate and military interests in expanding the covert surveillance apparatus in the name of national security. The power wielded by the shadow network represented in the Forum can, however, be gauged most clearly from its impact during the Bush administration, when it played a direct role in literally writing the strategies and doctrines behind US efforts to achieve ‘information superiority.’”

Noting Google’s genesis with DARPA funding, the expansion of the empire today in the realm of Google’s actions with GeoEye and Keyhole; Boston Dynamics, DeepMind, Nest Labs, Dropcam, etc—the trajectory becomes clear.

 

Part Two: Why Google made the NSA

“Mass surveillance is about control. It’s promulgators may well claim, and even believe, that it is about control for the greater good, a control that is needed to keep a cap on disorder, to be fully vigilant to the next threat. But in a context of rampant political corruption, widening economic inequalities, and escalating resource stress due to climate change and energy volatility, mass surveillance can become a tool of power to merely perpetuate itself, at the public’s expense.

A major function of mass surveillance that is often overlooked is that of knowing the adversary to such an extent that they can be manipulated into defeat. The problem is that the adversary is not just terrorists. It’s you and me. To this day, the role of information warfare as propaganda has been in full swing, though systematically ignored by much of the media.

Here, INSURGE INTELLIGENCE exposes how the Pentagon Highlands Forum’s co-optation of tech giants like Google to pursue mass surveillance, has played a key role in secret efforts to manipulate the media as part of an information war against the American government, the American people, and the rest of the world: to justify endless war, and ceaseless military expansionism.”

Seeing Through Walls – Thermal Imaging Cameras

The use of technology that allows the police to “see” inside the homes of suspects has raised privacy questions.

At least 50 US police forces are believed to be equipped with radars that can send signals through walls.

The use of the radar device, known as Range-R, was made public in a Denver court late last year.

It was used by police entering a house to arrest a man who had violated the terms of his parole.

In 2001, the Supreme Court ruled that police cannot use thermal cameras without a warrant, specifically noting that the rule would also apply to radar-based systems that were then being developed.

“The idea that government can send signals through the wall of your house to figure out what’s inside is problematic,” Christopher Soghoian, principal technologist for the American Civil Liberties Union told USA Today.

“Technologies that allow the police to look inside of a home are among the intrusive tools that police have.”

Police set-up Sydney Muslims with post-seige raids, culture of fear

“About 2pm on Monday, December 15, Rebecca Kay took a phone call from NSW Police Counter-Terrorism.

The officer wondered if she could help police find an Islamic State flag. This was one of the demands of Man Haron Monis, the gunman holding 18 hostages at the Lindt cafe in Martin Place.

”And if they give him a flag he was going to exchange it for a hostage,” says Ms Kay, a convert to Islam who has become a prominent community member in western Sydney.

Ms Kay was one of several people contacted that afternoon, and she was only too willing to help.

”A lot of people in the Muslim community were devastated,” she says. “We were ready to jump – ‘just say how high’ – to help police prevent a tragedy.”

Ms Kay believes she called as many as 50 people, but finding an IS flag – or anyone willing to admit they had one – proved no easy task.

And soon her contacts started asking: “Are we being set up?”

”They were very suspicious,” she says. “Some accused me of being an informant.”

But she counselled that they should try to help.

And the officer kept calling back, “three or four times over the next hour to see if I had got an Islamic State flag or not. There was a sense of urgency that I get it and that I take it down to Bankstown police station, and they were going to put it in a patrol car, with the lights [flashing], and bring it to the city.”

Monis’s hostages recited his demands on Facebook and YouTube, as police worked to have them taken down. Hostage Julie Taylor, a barrister, said he would free five hostages if Prime Minister Tony Abbott called him to record a short conversation to be played on air. He would release two if the politicians told “the truth, which is that this is an attack by Islamic State against Australia”. And he would allow one to go if the flag were delivered.”

 
“In the end, Ms Kay says, police sourced their own flag. But then they told her it had been decided there would be no trade with Monis in any case.

By now she had burnt many bridges in her own community.

It got worse. About 2am the next morning – about the time of the deadly final shootout inside the Lindt cafe – NSW police searched the western Sydney home of one of the young men she had contacted. He had considered handing over his flag to Ms Kay but then thought, no, it was a trap.

”And so he then believed I did try to set him up,” she says.

The next morning, she was told, the Australian Federal Police raided the homes of another two men who had been contacted during the community’s urgent attempt to help save hostages.

“Obviously, they were listening to all our phone calls,” Ms Kay says.

“I want to be able to have dealings with police … but when it gets thrown back in your face, it sets us back two steps.”

Lawyer Zali Burrows, who represents some of the people who tried to help police, wonders: “Why didn’t they just print one out.” A laser printer could have produced the flag on cloth and they could have delivered it in half an hour, she says.

Lydia Shelly, a solicitor from the Muslim Legal Network, says: “Our overriding concern was with the safety of those innocent Australians being held against their will.”

Police would not respond to questions about the flag or whether they intended to allow Monis to display it to the world’s televisions and risk him winning the support of other extremists.

Ms Kay says there is nothing sinister about the flag that Islamic State has misappropriated. It depicts the prophet’s seal and “it’s a flag that Muslims should have. It’s not our fault that these barbarians have taken it as their flag.”

She says she would want to help police in another such crisis, but: “They’re not building trust. With this incident they have not built trust at all.

”You don’t understand the pressure cooker we’re in and the interference that the AFP and ASIO have, and the fear that they create, and how they stalk – and I can say stalk with confidence – members of our community and instil fear in their families and ostracise them from their workplace and the people they know, so they become paranoid and they don’t interact with anyone.”

”This is the kind of norm they’ve created here, where no one trusts anyone anymore.””

Mass Surveillance of mobile phones for the masses

“German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.

The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.

Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.

These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.

“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers.

Engel, founder of Sternraute, and Karsten Nohl, chief scientist for Security Research Labs, separately discovered these security weaknesses as they studied SS7 networks in recent months, after The Washington Post reported the widespread marketing of surveillance systems that use SS7 networks to locate callers anywhere in the world. The Post reported that dozens of nations had bought such systems to track surveillance targets and that skilled hackers or criminals could do the same using functions built into SS7. (The term is short for Signaling System 7 and replaced previous networks called SS6, SS5, etc.)

The researchers did not find evidence that their latest discoveries, which allow for the interception of calls and texts, have been marketed to governments on a widespread basis. But vulnerabilities publicly reported by security researchers often turn out to be tools long used by secretive intelligence services, such as the National Security Agency or Britain’s GCHQ, but not revealed to the public.

“Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation,” said Christopher Soghoian, principal technologist for the ACLU and an expert on surveillance technology. “They’ve likely sat on these things and quietly exploited them.”

The GSMA, a global cellular industry group based in London, did not respond to queries seeking comment about the vulnerabilities that Nohl and Engel have found. For the Post’s article in August on location tracking systems that use SS7, GSMA officials acknowledged problems with the network and said it was due to be replaced over the next decade because of a growing list of security and technical issues.

The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function — a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

Nohl on Wednesday demonstrated the ability to collect and decrypt a text message using the phone of a German senator, who cooperated in the experiment. But Nohl said the process could be automated to allow massive decryption of calls and texts collected across an entire city or a large section of a country, using multiple antennas.

“It’s all automated, at the push of a button,” Nohl said. “It would strike me as a perfect spying capability, to record and decrypt pretty much any network… Any network we have tested, it works.”

Those tests have included more than 20 networks worldwide, including T-Mobile in the United States. The other major U.S. carriers have not been tested, though Nohl and Engel said it’s likely at least some of them have similar vulnerabilities. (Several smartphone-based text messaging systems, such as Apple’s iMessage and Whatsapp, use end-to-end encryption methods that sidestep traditional cellular text systems and likely would defeat the technique described by Nohl and Engel.)”

 
“In a statement, T-Mobile said: “T-Mobile remains vigilant in our work with other mobile operators, vendors and standards bodies to promote measures that can detect and prevent these attacks.”

The issue of cell phone interception is particularly sensitive in Germany because of news reports last year, based on documents provided by former NSA contractor Edward Snowden, that a phone belonging to Chancellor Angela Merkel was the subject of NSA surveillance. The techniques of that surveillance have not become public, though Nohl said that the SS7 hacking method that he and Engel discovered is one of several possibilities.

U.S. embassies and consulates in dozens of foreign cities, including Berlin, are outfitted with antennas for collecting cellular signals, according to reports by German magazine Der Spiegel, based on documents released by Snowden. Many cell phone conversations worldwide happen with either no encryption or weak encryption.

The move to 3G networks offers far better encryption and the prospect of private communications, but the hacking techniques revealed by Nohl and Engel undermine that possibility. Carriers can potentially guard their networks against efforts by hackers to collect encryption keys, but it’s unclear how many have done so. One network that operates in Germany, Vodafone, recently began blocking such requests after Nohl reported the problem to the company two weeks ago.

Nohl and Engel also have discovered new ways to track the locations of cell phone users through SS7. The Post story, in August, reported that several companies were offering governments worldwide the ability to find virtually any cell phone user, virtually anywhere in the world, by learning the location of their cell phones through an SS7 function called an “Any Time Interrogation” query.

Some carriers block such requests, and several began doing so after the Post’s report. But the researchers in recent months have found several other techniques that hackers could use to find the locations of callers by using different SS7 queries. All networks must track their customers in order to route calls to the nearest cellular towers, but they are not required to share that information with other networks or foreign governments.

Carriers everywhere must turn over location information and allow eavesdropping of calls when ordered to by government officials in whatever country they are operating in. But the techniques discovered by Nohl and Engel offer the possibility of much broader collection of caller locations and conversations, by anyone with access to SS7 and the required technical skills to send the appropriate queries.

“I doubt we are the first ones in the world who realize how open the SS7 network is,” Engel said.

Secretly eavesdropping on calls and texts would violate laws in many countries, including the United States, except when done with explicit court or other government authorization. Such restrictions likely do little to deter criminals or foreign spies, say surveillance experts, who say that embassies based in Washington likely collect cellular signals.

The researchers also found that it was possible to use SS7 to learn the phone numbers of people whose cellular signals are collected using surveillance devices. The calls transmit a temporary identification number which, by sending SS7 queries, can lead to the discovery of the phone number. That allows location tracking within a certain area, such as near government buildings.

The German senator who cooperated in Nohl’s demonstration of the technology, Thomas Jarzombek of Merkel’s Christian Democratic Union party, said that while many in that nation have been deeply angered by revelations about NSA spying, few are surprised that such intrusions are possible.

“After all the NSA and Snowden things we’ve heard, I guess nobody believes it’s possible to have a truly private conversation on a mobile phone,” he said. “When I really need a confidential conversation, I use a fixed-line” phone.”