watching you watching us . .

Posts tagged “Privacy

Securing Freedom, What Tactics Should and Currently are Being Used to Combat Criminal Exploitation of the Internet, and is it Legal or Proportionate ?

A few recent broadcasts not too be missed..

Stephen Grey investigates the use of computer hacking by the police and security agencies to combat criminal exploitation of the internet and asks if it is legal.

“.. RIPA .. range of surveillance powers.. unspecified hardware/software, keyloggers..

software installed on suspect computers could be considered breaking section 3 of Computer Misuse Act, by altering data..

lack of clarity from authorities, Article 8 Human Rights Act, scope of states power must be disclosed and made clear what authorities will or won’t use ..

William Hague, who speaks for the government on computer security issues, said: “Any export of goods that could be used for internal repression is something we would want to stop” .. He also admitted the law governing software exports was a grey area ..”

UK firm denies ‘cyber-spy’ deal with Egypt
Stephen Grey, File on 4, BBC Radio 4, 20 September 2011
http://www.bbc.co.uk/news/technology-14981672 – (Full Broadcast) – last access 23 September 2011

~

Excellently delivered by Eliza, offering public insight into reasons behind securing freedom and perceived hypocrisy.

Her second Reith lecture of 2011, the former director-general of the British Security Service (MI5), Eliza Manningham-Buller, discusses policy priorities since 9/11. She reflects on the Arab Spring, and argues that the West’s support of authoritarian regimes did, to some extent, fuel the growth of al-Qaeda.

The Reith Lectures – Securing Freedom: 2011 : Freedom
Eliza Manningham-Buller, BBC Radio 4, 20 September 2011
http://www.bbc.co.uk/iplayer/episode/p00k4053/The_Reith_Lectures_Eliza_ManninghamBuller_Lecture_3_Freedom/ – (Full Broadcast) – last access 23 September 2011

Her first and the previous Reith Lecture:

The Reith Lectures – Securing Freedom: 2011 : Security
Eliza Manningham-Buller, BBC Radio 4, 13 September 2011
http://www.bbc.co.uk/iplayer/episode/b014fcyw/The_Reith_Lectures_Securing_Freedom_2011_Eliza_ManninghamBuller_Security/ – (Full Broadcast) – last access 23 September 2011

/cobramark3

Advertisements

Covert hard drive fragmentation – Steganography Ad-dress

Snippets of recent article in the New Scientist..

“.. hide data on a hard drive without using encryption. Instead of using a cipher to scramble text, the method involves manipulating the location of data fragments.

– snip –

..possible to encode a 20-megabyte message on a 160-gigabyte portable hard drive. It hides data so well that its existence would be “unreasonably complex” to detect

– snip –

Encryption .. shows someone might have something to hide..

– snip –

steganography, hiding data in plain sight.. But these techniques are well known and easily detected, says Khan. So, with colleagues at the National University of Science and Technology in Islamabad, Pakistan, he has developed an alternative.

Their technique exploits the way hard drives store file data in numerous small chunks, called clusters. The operating system stores these clusters all over the disc, wherever there is free space between fragments of other files.

Khan and his colleagues have written software that ensures clusters of a file, rather than being positioned at the whim of the disc drive controller chip, as is usually the case, are positioned according to a code. All the person at the other end needs to know is which file’s cluster positions have been encoded.

The code depends on whether sequential clusters in a file are situated adjacent to each other on the hard disc or not. If they are adjacent, this corresponds to a binary 1 in the secret message. If sequential clusters are stored in different places on the disc, this encodes a binary 0 (Computers and Security, DOI: 10.1016/j.cose.2010.10.005). The recipient then uses the same software to tell them the file’s cluster positions, and hence the message. The researchers intend to make their software open source.

“An investigator can’t tell the cluster fragmentation pattern is intentional- it looks like what you’d get after addition and deletion of files over time,” says Khan. Tests show the technique works, as long as none of the files on the hard disc are modified before handover.

“The real strength of this technique is that even a completely full drive can still have secret data added to it – simply by rearranging the clusters,” adds Khan.

Others are impressed with the technique but see limitations.

“This type of steganography could be used by spies, police or informants – but the risk is that it requires direct contact to physically exchange the USB device containing the secret data,” says Wojciech Mazurcyk, a steganographer at Warsaw University of Technology in Poland. “So it lacks the flexibility of internet steganography. Once you embed the secret data on the disk it is not easy to modify it.”

– snip –

“It’s how security vulnerability disclosure works,” says Khan. “We have identified that this is possible. Now security agencies can devise techniques to detect it.” He adds that his team have had no issues with either US or Pakistani security agencies over their development of this secret medium – despite current political tensions between the two nations.

“The use of steganographic techniques like this is likely to increase,” says Fred Piper, director of information security at Royal Holloway, University of London. “Eavesdroppers can learn much from the fact that somebody is encrypting a message.”

..”

“Covert hard drive fragmentation embeds a spy’s secrets”
Paul Marks, New Scientist.com, 21 April 2011
http://www.newscientist.com/article/mg21028095.200-covert-hard-drive-fragmentation-embeds-a-spys-secrets.html – last access 29 April 2011 – ( Full Article )

/cobramark3