Nachrichtenagentur Radio Utopie
Nachrichten direkt von der Quelle. Im Kontext sehen. News directly from the source. There is context in life. Deutsch, English. 24 h. – Democracy First!
We’re told it is potentially capable of spying on the victims‘ chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It’s said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.
On Thursday this week, TAG revealed its analysis of the software, and how it helped dismantle the infection.
Google erklärte weiter, in einigen der nun aufgedeckten Fälle mit der Spähsoftware aus Italien hätten die Hacker die Spionagesoftware möglicherweise unter Zusammenarbeit mit Internetdienstanbietern eingesetzt. Daraus könne geschlossen werden, dass die Käufer der Programme Verbindungen zu staatlich unterstützten Akteuren hatten.
(23.06.2022)
Seven of the nine zero-day vulnerabilities our Threat Analysis Group discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors. TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors.
(..)
In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masqueraded as mobile carrier applications. When ISP involvement is not possible, applications are masqueraded as messaging applications. (…)
We assess, based on the extensive body of research and analysis by TAG and Project Zero, that the commercial spyware industry is thriving and growing at a significant rate. This trend should be concerning to all Internet users.
These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house. While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments for purposes antithetical to democratic values: targeting dissidents, journalists, human rights workers and opposition party politicians.
Block connections to pages and web resources hosted in major cloud services if the user wishes to do so. Supports blocking Google, Amazon, Facebook, Apple, Microsoft and Cloudflare.
(March 16, 2022)
“We don’t want our best trained intel officers going straight into the hands of foreign governments for the sake of money,“ Castro said. „This discourages intelligence mercenaries and protects our national interest.“
The UAE spying operation, called Project Raven, hacked into Facebook and Google accounts and thousands of Apple iPhones, targeting activists that human rights groups say were later arrested and tortured
(September 14, 2022)
In the legal battles with a focus on listening devices like “smart speakers,” etc, that are currently active in the US, Google and Amazon are not spared either. Reports, including by Reuters, say that a number of filings allege that their devices and apps are recording users’ conversations without their consent, and that Big Tech companies use this material to make money by giving it to advertisers, who can then more precisely target people based on knowledge of their behavior and interests.
The committee constituted by the Supreme Court to look into allegations of snooping using the Pegasus spyware invited all citizens who suspected their mobile phones had been targeted to contact the panel by noon on January 7.
“The committee requests any citizen of India who has reasonable cause to suspect that his/her mobile has been compromised due to specific usage of NSO Group Israel’s Pegasus software to contact the technical committee appointed by the Hon’ble Supreme Court of India, with reasons as to why you believe your device may have been infected with Pegasus malware, and whether you would be in a position to allow the Technical Committee to examine your device,” the three-member panel said in an advertisement in several national dailies.
“This is on par with serious nation-state capabilities,” he says. “It’s really sophisticated stuff, and when it’s wielded by an all-gas, no-brakes autocrat, it’s totally terrifying. And it just makes you wonder what else is out there being used right now that is just waiting to be discovered. If this is the kind of threat civil society is facing, it is truly an emergency.”
After years of controversy, there may be growing political will to call out private spyware developers.
Bemerkenswert finde ich auch etwa die Frage vom Kollegen von der »Süddeutschen Zeitung«, ob sich aus der Protestbewegung eine Terrorbewegung entwickelt. Und die Frage, ob man Apple und Google auffordern könne, die Telegram-App nicht mehr anzubieten. Kommentatoren sahen diese Frage als indirekte Aufforderung an die Regierung, das zu tun.
If you were compiling a list of the most toxic tech companies, Facebook – strangely – would not come out on top. First place belongs to NSO, an outfit of which most people have probably never heard. Wikipedia tells us that “NSO Group is an Israeli technology firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smartphones”.
Pause for a moment on that phrase: “remote zero-click surveillance of smartphones”.
Dieser Markt ließe sich unermesslich steigern, sollte die Propaganda, dass die gesamte Menschheit (B. Gates) und in Deutschland fast die gesamte Bevölkerung (A. Merkel) geimpft werden solle und auch müsse, umgesetzt werden. Deshalb schätzt das Finanz- und Analyseunternehmen „Morningstar“ für 2021 zu erwartenden Umsatz von 67 Milliarden US-Dollar für Covid-19-Impfstoffe. Der Umsatz der Rüstungsindustrie umfasste 2019 166 Mrd. US-Dollar.
Zwei dieser Biotech-Unternehmen sollen näher betrachtet werden: Biontech und Curevac.
(October 4, 2021)
The July report by Citizen’s Lab and Microsoft found that Candiru had been used to spy on more than 100 human rights activists, regime opponents, journalists and scholars from countries such as Iran, Lebanon, Yemen, UK, Turkey and even Israel.
Revelations about Candiru make it the first time that fingers were being pointed at a second Israeli cyber-surveillance company, which is considered a competitor of the NSO Group. The notorious Israeli firm sparked a global scandal in July following the discovery that as many as 50,000 phones were targeted by its Pegasus spyware.
(Sep. 7, 2020)
NSO’s specialty is hacking smartphones. Up till now, little was known about Candiru. TheMarker has revealed that the firm offers hacking tools used to break into computers and servers, and now, for the first time, has confirmed it also has technology for breaking into mobile devices.
(Oct 3, 2019)
Israel is home to scores of hacker-for-hire businesses, but one of the most clandestine has been Candiru. With no website and few records available, it’s operated largely under the radar.
But now a researcher is claiming the elite Tel Aviv-based firm sold cyber weapons to the government of Uzbekistan, while industry sources tell Forbes the company is hacking both Microsoft Windows and Apple Macs for various nation states.
In August, Apple detailed several new features intended to stop the dissemination of child sexual abuse materials. The backlash from cryptographers to privacy advocates to Edward Snowden himself was near-instantaneous, largely tied to Apple’s decision not only to scan iCloud photos for CSAM, but to also check for matches on your iPhone or iPad. After weeks of sustained outcry, Apple is standing down. At least for now.
(06.08.2021)
(02.08.2021)
(06.08.2021)
(06.08.2021)
(05.08.2021)
To say that we are disappointed by Apple’s plans is an understatement. Apple has historically been a champion of end-to-end encryption, for all of the same reasons that EFF has articulated time and time again. Apple’s compromise on end-to-end encryption may appease government agencies in the U.S. and abroad, but it is a shocking about-face for users who have relied on the company’s leadership in privacy and security.
There are two main features that the company is planning to install in every Apple device. One is a scanning feature that will scan all photos as they get uploaded into iCloud Photos to see if they match a photo in the database of known child sexual abuse material (CSAM) maintained by the National Center for Missing & Exploited Children (NCMEC). The other feature scans all iMessage images sent or received by child accounts—that is, accounts designated as owned by a minor—for sexually explicit material, and if the child is young enough, notifies the parent when these images are sent or received. This feature can be turned on or off by parents.
(05.08.2021)
(05.08.2021)
Apple intends to install software on iPhones sold in the United States to scan for child abuse imagery, raising alarm that the move could open the door to surveillance of millions of personal devices.
Liberty Vittert, a professor of data science at Washington University in St. Louis and the features editor of the Harvard Data Science Review, says this is “a cosmic shift in big tech monitoring.”
If the thousands of security and privacy experts who’ve raised an outcry on social media over the past few days — and signed at least one letter calling for change — are correct, then Apple is about to make a staggeringly awful miscalculation. More specifically, they’re warning that a new feature set baked into the company’s software in the name of cracking down on one very specific, very horrible act (using iPhones in the service of child exploitation) will actually open the door to the very dystopian privacy nightmare that Apple’s own leaders have warned about for years.
Sicherheitsexperten von Amnesty International fanden auf mehreren, auch aktuellen iPhones Spuren der „Pegasus“-Software, die anscheinend auf diesem Weg auf das Gerät gelangt war. Ihrer Analyse zufolge kann das Spähprogramm unter Ausnutzung des internetbasierten Dienstes iMessage aus der Ferne installiert werden. Die NSO-Kunden müssen dafür nur die Telefonnummer der Zielperson eingeben.
Apple on Friday said it didn’t know former President Donald Trump’s Department of Justice was subpoenaed data on Democrats when it complied with the request.
Apple said it was under a gag order not to disclose the subpoena to the affected parties.
Microsoft also acknowledged it received a similar subpoena.
Die „New York Times“ schrieb, Angehörige des Justizministeriums hätten 2017 und 2018 von Apple unter Strafandrohung die Herausgabe von Daten der Betroffenen verlangt – als Teil von Untersuchungen zu möglicher Weitergabe offizieller Informationen rund um die Russland-Ermittlungen gegen Trump. Apple sei zugleich verpflichtet worden, Stillschweigen über die Datenanforderung zu wahren.
Die großen Medientechnologiekonzerne der Wall Street haben eine beispiellose Säuberungswelle im Internet gestartet. Big Tech löscht nicht mehr länger nur Nutzerbeiträge. Nun wollen Facebook, Google, Twitter, Apple und Amazon aller Welt zeigen, dass sie als Meinungswächter frei entscheiden können, wer sich im Internet äußern darf – und wer nicht.
“We need to stop fascism so let’s give massive sweeping powers to an elite alliance of unelected authoritarians.”
“Well I’m a leftist and I haven’t been banned on social media.”
That’s because the left is politically impotent in our society. Unless this is just a hobby for you, at some point you should plan on the left becoming a threat to the oligarchs and warmongers. What do you think happens then?
Do you really think if the left actually becomes a threat to the status quo the Neera Tandens and Rachel Maddows aren’t going to suddenly discover a reason why you’re dangerous and need to be censored? The only way to be fine with censorship is to plan on never challenging power.
I’ve been resisting the conclusion that this is Liberals‘ 9/11 because it at first seemed hyperbolic, even though they’re using the same weapons against their critics (if you question all the new powers they want, it means you love the Terrorists).
But this is Liberals‘ 9/11.
(13. November 2020)
Nachdem der Quellport de-randomisiert worden sei, sei es möglich gewesen, eine böswillige IP-Adresse einzuschleusen und so erfolgreich einen DNS-Cache-Poisoning-Angriff durchzuführen. Die Details haben die Forscher im Paper „DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels“ publiziert.
Weitere Experimente unter realistischen Serverkonfigurationen und Netzwerkbedingungen würden zudem zeigen, dass ihre grundlegende Methode leicht an das gesamte DNS-System angepasst werden könnte.
The researchers determined that 35% of open resolvers are open to the attack, as well as four of six home routers made by well-known brands.
They also found that 12 of 14 popular public resolvers (now 11—Cloudflare says they’ve corrected their systems) are susceptible. Even a patched DNS server could be made vulnerable by an unpatched or misconfigured NAT gateway.
Their 19-page paper on the exploit includes lists of devices and services tested. They have since set up a SAD DNS website featuring a Q&A and a tool that anyone can use to determine whether their DNS is vulnerable.
The flaw is being tracked as CVE-2020-25705, and affects Linux 3.18 – 5.10, Windows Server 2019 version 1809 and newer, macOS 10.15 and newer, and FreeBSD 12.1.0 and newer. The researchers did not test earlier versions of the listed operating system.
(31.12.2020)
Aliada, according to the suit, is a group of cyberweapon companies whose products are branded under the name Intellexa. In May 2019, it added, the group recruited Eran Beck, a former head of the Military Intelligence’s cyber department, as its director of development.
Fourteen members of INCLO express grave concerns regarding recent moves by various groups to breakencryption. We note with alarm calls from the Council of the European Union, the EuropeanCommission, and the Department of Justice in the US, with support from Australia, Canada, New Zealand, India, Japan and the UK, to allow police authorities intercept encrypted communications.
(13.11.2020)
We will also examine with interest the Commission’s announced proposal to designate hate speech and hate crime and incitement as criminal offences that are provided for and regulated under European Union law.
In the same vein, the Council must consider the matter of data encryption so that digital evidence can be lawfully collected and used by the competent authorities while maintaining the trustworthiness of the products and services based on encryption technology.
(12.10.2020)
The top justice officials of the United States, Britain, Australia, Canada and New Zealand said in a statement that the growth of end-to-end encrypted apps that make official oversight impossible – like Signal, Telegram, FaceBook Messenger and WhatsApp – “pose significant challenges to public safety.”
“There is increasing consensus across governments and international institutions that action must be taken,” they said.
(11.10.2020)
We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions:
– Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
– Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
– Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.
The House Judiciary Subcommittee on Antitrust will hear from the tech giants‘ leaders.
Proponents are hailing the arrival of the system as a step towards stamping out the virus and ending lockdown.
The function is automatically disabled in countries without contact-tracing apps, such as Britain and the US.
The UK follows Germany, Italy and Denmark among others in switching from a so-called „centralised“ approach to a „decentralised“ one.
The government is expected to confirm the news shortly.
Nach dem ihr Programm auf E.U.-Ebene ausgerechnet an Google und Apple gescheitert ist, versucht es die Bundesregierung jetzt im Inland – unter fast amüsanter Nachrichtensperre.
„Von Exitstrategie keine Spur, eine ungeeignete Smartphone-App wird als Lösung aller Probleme verkauft“, lautet das Attest der ARGE Daten, die daher empfiehlt: „Finger weg von der App, vernünftige Distanz halten, regelmäßig Hände waschen!“
pple kündigte heute ein 2,5 Milliarden Dollar (2,2 Mrd. Euro) schweres Maßnahmenpaket an. Zuvor hatten bereits Google und Facebook jeweils eine Milliarde Dollar zugesagt.
Der Anstieg der Immobilienpreise hat in den vergangenen Jahren Wohnraum für viele unerschwinglich gemacht.
The implant has access to all the database files (on the victim’s phone) used by popular end-to-end encryption apps like Whatsapp, Telegram and iMessage. We can see here screenshots of the apps on the left, and on the right the contents of the database files stolen by the implant which contain the unencrypted, plain-text of the messages sent and received using the apps:
(…)
There’s something thus far which is conspicuous only by its absence: is any of this encrypted? The short answer is no: they really do POST everything via HTTP (not HTTPS) and there is no asymmetric (or even symmetric) encryption applied to the data which is uploaded. Everything is in the clear. If you’re connected to an unencrypted WiFi network this information is being broadcast to everyone around you, to your network operator and any intermediate network hops to the command and control server.
This means that not only is the end-point of the end-to-end encryption offered by messaging apps compromised; the attackers then send all the contents of the end-to-end encrypted messages in plain text over the network to their server.
I recommend that these posts are read in the following order:
“To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group,” he said. “All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”
Außerdem war die IP-Adresse des Servers, zu dem die Daten versandt wurden, fest in der Malware kodiert. Das erleichtert es, den Angreifer ausfindig zu machen – Google hat aber hierzu keine weiteren Informationen öffentlich gemacht.
Techkonzern Apple ist an der Börse wieder mehr wert als eine Billion Dollar (knapp 897 Mrd. Euro).
Antidote is a free Tox client for iOS.
Whether it’s corporations or governments, digital surveillance today is widespread. Antidote is easy-to-use software that connects you with friends and family without anyone else listening in. While other services may require you to pay for features, Antidote is completely free and comes without advertising.
The document, filed Tuesday, sought a court order to force tech companies including Apple, Google and Microsoft, to turn over email information from eight targets of the investigation, including President Juan Orlando Hernandez and Security Minister Julian Pacheco.
Google hat einen entscheidenden Vorteil: Der Datenkonzern hat die besseren Beziehungen zu Verlagen, die zugleich seine Klienten und Konkurrenten sind. Seit 2015 finanziert Google journalistische Innovationsprojekte mit Millionenbeträgen und bietet den Verlagen nützliche Dienste – von Google Analytics bis zum AMP-Standard, der schnelleres Laden von Inhalten ermöglicht. Der Konzern hat die großen Presseverlage dadurch zu Partnern erzogen.
Der Einstieg von Google, Apple und Facebook ins Abo-Geschäft wird das Machtgefälle zwischen Digitalkonzernen und Nachrichtenmedien ohne Frage verstärken.
Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.
Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?”
Doch einige populäre iPhone-Apps erfassen nicht nur, wann und wie oft der Nutzer auf irgendwelche Buttons gedrückt hat. Sie nehmen gleich den ganzen Bildschirm auf, berichtet Techcrunch. Es sind etwa die Apps der Modekette Abercrombie & Fitch, Hotels.com oder verschiedener Airlines, die eine Funktion namens „Session Replay“ mitbringen.
Die Bürgerrechtsorganisation American Civil Liberties Union (A.C.L.U.) und Jon Callas arbeiten seit dem 3.12.2018 für die nächsten beiden Jahre zusammen. Jon Callas ist Profi auf dem Gebiet der sicheren, verschlüsselten Kommunikation.
(5.10.2018) The Intel Management Engine (ME) is a subsystem used to handle tasks during the booting process and in the background, and has been in use since 2008. The Register reports the investigation by security firm Positive Technologies looked into how the subsystem could be abused, as a „side-channel threat“ to the processor.
Researchers Maxim Goryachy and Mark Ermolov, who previously were involved in the finding of a related Intel ME firmware flaw one year ago, posted on Tuesday about their latest discovery.
Some companies may misrepresent things, or try to play down stories, but outright fabrication is not at all common (and the consequences of a company doing it would be severe). And here, both Amazon and Apple’s denials were so clear, so specific and so adamant that it raised serious questions about the reporting.
Die Sensationsmeldung des Wirtschaftsportals Bloomberg über manipulierte Hardware für Cloud Computing stellt sich im FM4-Faktencheck als fast völlig faktenfrei heraus. Am Freitag kam ein langerwarteter Bericht des Pentagon heraus, der vor der Elektronikfertigung in China warnt.
YouTube, Facebook and Apple have taken steps to remove content associated with InfoWars and its founder Alex Jones.
Die New York Times und die Washington Post veröffentlichten diese Woche Berichte über ein privates Treffen zwischen acht großen Technologie- und Social-Media-Konzernen und den amerikanischen Geheimdiensten, das letzten Monat stattfand. Dabei wurde über die gemeinsamen Zensurbestrebungen im Vorfeld der kommenden Zwischenwahlen im November 2018 diskutiert.
Das Treffen fand am 23. Mai im Hauptsitz von Facebook in Menlo Park (Kalifornien) statt. Unter den Teilnehmern waren Vertreter von Facebook, Amazon, Apple, Google, Microsoft, Snap, Twitter und Oath, ein 2017 gegründetes Unternehmen, zu dem auch Yahoo und der Telekommunikationskonzern Verizon gehören, sowie Agenten des FBI und des Heimatschutzministeriums.
Trotz Software-Update: Die US-Behörden versuchen weiter, iPhones zu knacken. Kriminelle warten gespannt auf neue Hacks.
When a shooter opened fire on YouTube’s campus before killing herself, Silicon Valley didn’t just experience a tragedy that’s rocked other communities and prompted an intense debate over gun control in the United States. The incident may also have prompted a rethink among tech companies which have enjoyed a culture that’s embraced open spaces, including cafes, restaurants and gift shops, shared with the public.
Tim Cook, CEO of Apple, sees things differently. In an interview with Kara Swisher of Recode and Chris Hayes of MSNBC scheduled to air April 6, he tells the two hosts, “I think the best regulation is no regulation, is self-regulation. However, I think we’re beyond that here.” He then goes on to blast Facebook and Google for their despicable business ethics — assuming they have any at all.
Dabei war die Branche in der Vergangenheit durchaus zusammengerückt, wenn Druck von außen aufkam: Als die US-Bundespolizei FBI etwa Apple zwingen wollte, die verschlüsselten Daten eines iPhones preiszugeben, sprangen Google, Facebook und Microsoft dem Konzern zur Seite. Solcherlei Corps-Geist aber kann oder will sich die Branche in Zeiten zunehmender Probleme offenkundig nicht mehr leisten.