• Welcome to the new Internet Infidels Discussion Board, formerly Talk Freethought.

Man In The Middle FBI Attack That Worked Well

Coleman Smith said:
www.theverge.com

The absolutely wild, true story of Anom, the FBI’s secret phone startup to wire tap criminals

Cybersecurity journalist Joseph Cox joins Decoder to discuss his new book Dark Wire all about the FBI’s secretive secure phone startup.
www.theverge.com www.theverge.com
Click to expand...
That is truly terrifying!

I would never buy something marketed to be that, though.

I prefer open source and curated systems like TAILS for what it's worth. It's still not perfect, but it's way easier to prevent malarky when nerds on the open internet can nerd in the general direction whatever.
 
It's basically impossible to defend systems against determined state-level attacks. Look at that recent one that was caught--because someone noticed it was too slow. Why should we think that was a one-off? However, state level actors will generally be very cautious about using such things so long as they remain undiscovered because every time you use it that's another chance for someone to notice something. And with sting operations like this one you have to reveal it to actually use the data.
 
Loren Pechtel said:
Look at that recent one that was caught--because someone noticed it was too slow.
Click to expand...
You mean XZ compressor "attack"?
contrary to what it was portrayed I think it was lame. They tried to put executable into a source distribution. That would not get you too far regardless.
 
barbos said:
They tried to put executable into a source distribution. That would not get you too far regardless.
Click to expand...
The I believe this worked when the user sent and encrypted enquiry it was decrypted an a copy of the deciphered text was retained by the feds with all the identification of the sender.

Otherwise it worked like a normal VPN.

Also, when the user subscribed his payment method became an identifier.
 
Coleman Smith said:
barbos said:
They tried to put executable into a source distribution. That would not get you too far regardless.
Click to expand...
The I believe this worked when the user sent and encrypted enquiry it was decrypted an a copy of the deciphered text was retained by the feds with all the identification of the sender.

Otherwise it worked like a normal VPN.
Click to expand...
You don't understand. Details of how that exploit was supposed to operate once it's was installed are irrelevant.

Coleman Smith said:
Also, when the user subscribed his payment method became an identifier.
Click to expand...

Wha?
 
From the article, "The company was called Anom, and for about three years, it gave law enforcement agencies around the world a crystal-clear window into the criminal underworld. In the end, the feds shut it down in large part because it was too successful — again, a truly wild story."

The feds were happy with it.
 
They should see the Citizens app. Real reporting.
 
Loren Pechtel said:
It's basically impossible to defend systems against determined state-level attacks. Look at that recent one that was caught--because someone noticed it was too slow. Why should we think that was a one-off? However, state level actors will generally be very cautious about using such things so long as they remain undiscovered because every time you use it that's another chance for someone to notice something. And with sting operations like this one you have to reveal it to actually use the data.
Click to expand...
Not entirely true, not entirely false.

There are definitely ways to accomplish it, but generally they will involve not just the use of a particular kind of operating system that is configured and used properly, and well audited at release by various stakeholders.

Most users are simply not going to have the discipline to consistently encrypt their communications properly without a framework that makes it easy, let alone disable scripts, find .onion links by reliable sources and so on.

It will always, as a result, be skill based.
 
Hey, for all we know the forum is front for the CIA...be afraid, be very very afraid...HeeHeee.
 
Back in the 90s a woman ended on a watch list for no apparent reason. It turned out the FBI was scanning emails looking for keywords.

In an email she said her kid had bombed in a school play and the word bombed put her on a list.

I think the program was called Dragon.

Foreign adversaries have set up bogus cell phone towers to intercept communications.

China set up servers that routed global email through a surveillance process.

When email first became common many of us learned the hard way to never put anything you do not want known or repeated in email.

All that being said, it is not the government you really need to be afraid of, it is corporate data collection and analyses.

A bank's AI that autonomously derives a profile of you can affect ability to get a loan.
 
steve_bank said:
Back in the 90s a woman ended on a watch list for no apparent reason. It turned out the FBI was scanning emails looking for keywords.

In an email she said her kid had bombed in a school play and the word bombed put her on a list.

I think the program was called Dragon.

Foreign adversaries have set up bogus cell phone towers to intercept communications.

China set up servers that routed global email through a surveillance process.

When email first became common many of us learned the hard way to never put anything you do not want known or repeated in email.

All that being said, it is not the government you really need to be afraid of, it is corporate data collection and analyses.

A bank's AI that autonomously derives a profile of you can affect ability to get a loan.
Click to expand...
Some of us reacted to such scanning by using taglines that had various words they might be searching on. Bury them in noise.
 
With the sophistication of today's AI an AI would scan not just our emails but your entire work and financial history and social media.

China has been dong it for a while. In China the govt can go from facial recognition of somebody on the street to a political reliability profile automatically.

So far that extreme will not be legal by our govt for the foreseeable future. The Patriot Act has been reduced.

So again, it is corporate entities that are microfilm and surveilling citizens. Some of the things that have coe out recently like getting around turned off location reporting.

If you are trying to confuse email surveillance AI will likely see through it.

As the 60s song goes '...paranoia strikes deep into your life it will creep...it starts when you are always afraid..'.
 
steve_bank said:
With the sophistication of today's AI an AI would scan not just our emails but your entire work and financial history and social media.

China has been dong it for a while. In China the govt can go from facial recognition of somebody on the street to a political reliability profile automatically.
Click to expand...
Except facial recognition isn't 100%.

And you get things like the Chinese executive who got a jaywalking ticket from a facial recognition system--because her face was in the road. In an ad on the side of a bus.
 
You must log in or register to reply here.
Back
Top Bottom