Feb 21
2015

The DarkWeb: Not easy being un-regulated

Posted on February 21, 2015 by Cloak Meister

If the purpose of the Dark Web was just the sharing of information for free – information that perhaps is illegal in the real world – then it would probably do okay. I’m sure there are existing hidden networks that operate purely to share illegal images. Everyone is on the same side, and they want to help each other out.

But once you create a lawless community, there will immediately be some that wish to profit from it, or . A fine example is Second Life, which started out as a multi-player MineCraft and ended up being full of porn shops and anarchists bent on destruction.

So it was that Silk Road ended up being policed, even so far as people being threatened with physical harm if they did wrong. The problem, of course, is that it is hard to trust a crook:

Game theory suggests that without the possibility of retaliation, no buyers will enter into business in the first place, since they have every expectation that they will be cheated. There will, in short, be no market. Sellers will have no-one to sell to, and everyone will be worse off.

…This creates a market niche for intermediaries, who can become entrepreneurs of trust, supporting relationships between buyers and sellers who otherwise would not trust each other. Again, the Sicilian Mafia provides a precedent. Gambetta finds that they began as brokers of trust between buyers and sellers in a rural society without effective laws. The Mafia made money by guaranteeing transactions, threatening cheaters, and sometimes cultivating a general atmosphere of paranoia in order to ensure demand for their services. In other words, it built an informal order of its own, inimical to conventional laws, that gradually began to supplant the traditional state.

The above is from a great article at Aeon on the same topic. Libertarianism is fine ideal, as long as you understand that it is different from anarchy. There has to be a basic framework of control from authorities, so that freedom (and illegal activities) can flourish.

There will be a Dark Web one day, where you can trust the bad guys. It will be just like the Dark Web of today, except there will be an admission fee or a tax involved, and for that you get protection. The degrees of oversight required will mean those in charge will be vulnerable to being caught by real world authorities. So I don’t expect any too last more than a year or two.

Ultimately I expect that black market trade will primarily exist in the real world, not virtual. People will use the web for encrypted contact, and even payment and delivery, but there will be real world connections, so that retaliation is possible if need be.

Posted in Dark Web | Leave a comment
Dec 28
2014

Australian Drone Laws Updated

Posted on December 28, 2014 by Cloak Meister

Common-sense rules for private drone operation are coming into force in Australia:

  • must be kept at least 30 metres away from other people
  • more than 5 kms from airports
  • lower than 121 metres in height
  • not flown over large groups of people or events
  • only in daylight
  • only with direct line-of-sight

These rules follow several incidents where emergency services were hindered by private drones.

Of course in the long-term the real concern will be masses of commercial drones, and identifying them. What will be done with unauthorised drones that cannot be traced to an owner or operator? Will the authorities operate police drones? Will there be means of disablement?

Posted in Eye In The Sky, Spy Equipment | Leave a comment
Dec 26
2014

DarkNet Markets Taken Down

Posted on December 26, 2014 by Cloak Meister

It looks like the awesome anonymity of TOR meant that router operators were lax about general security. Well, however it happened, the authorities have hacked their way into the DarkNet and pulled the plug on a number of blackmarket sites, including Silk Road 2.0:

The list of dark markets seized by law enforcement includes Alpaca, Black Market, Blue Sky, Bungee 54, CannabisUK, Cloud Nine, Dedope, Fake Real Plastic, FakeID, Farmer1, Fast Cash!, Flugsvamp, Golden Nugget, Hydra, Pablo Escobar Drugstore, Pandora, Pay Pal Center, Real Cards, Silk Road 2.0, Smokeables, Sol’s Unified USD Counterfeit’s, Super Note Counter, Tor Bazaar, Topix, The Green Machine, The Hidden Market and Zero Squad.

Source: h+ Magazine

Posted in Dark Web | Leave a comment
Oct 02
2014

Be Wary of Big Data in the Wrong Hands

Posted on October 2, 2014 by Cloak Meister

 

Here’s a great example. The New York City Taxi and Limousine Commission records and keeps data on every taxi fare, including the driver, vehicle, start and finish addresses and the fare and tip. Makes sense, and I am sure most western cities have something similar.

But because it is a public authority, then the data belongs to the public as long as it doesn’t breach the privacy of individuals. A freedom of information request caused this massive dataset to become available online.

Read the full story at Neustar…

The only personal information was the names of the drivers, and these were obscured in the data release (since unscrambled!). Unfortunately the government body didn’t appreciate how many taxi journeys begin or end at home. Or work. In some cases this information, on its own but more probably combined with other collaborating data, can actually show the journey a particular known individual took.

An example provided used photos of celebrities entering taxis to find the pick up point and time to search the database with.

Just because privacy laws are in place, doesn’t mean that you can trust the people in charge, and also of course people make errors of judgement.

 

 

Posted in Identification and Personal Data | Leave a comment
Sep 26
2014

The New Silk Road(s)

Posted on September 26, 2014 by Cloak Meister

When Silk Road – the online bazaar for drugs, weapons and more – was taken down by US authorities, aficionados wondered how long it would take for replacements to arrive, if they would be better or worse.

Based on the number of listings (incredibly tiny compared to the legit world) it would seem that several replacements are in place and doing healthy business, although of some concern is that any morals that Silk Road had are evaporating away.

Evolution – launched in early 2014, after 5 months of operation has 15,000 listings. Mostly drugs, but also (never allowed on Silk Road) weapons,  stolen credit card numbers and credentials for hacked online accounts (source: Wired). In the long-term, additional security measures could see Evolution winning the Dark Web bazaar wars:

Evolution accepts only bitcoins and runs on the anonymity software Tor to prevent its users or itself from being tracked by law enforcement. But it also implements a bitcoin feature called “multi-signature transactions.” When users make a purchase on Evolution, they can place their bitcoins in an escrow account created by the site. Control of that account is shared by the site’s administrators, the buyer, and the seller; two out of three of those parties must sign off on the deal before the coins can be moved again. That makes it far more difficult for buyers and sellers to scam each another, and prevents coins from being stolen by the site’s operators or seized by law enforcement.

It also has two-factor authentication. However, being in part a marketplace for hackers (the company is connected to a well-known carding forum TCF) might scare away users who only want drugs, and they also charge a 4% commission.

Silk Road 2.0 – lost $2.7 million of BitCoins that belonged to users, so reputation is suffering. Unless it upgrades security by copying Evolution’s system, the “goodwill” of the brand could be a millstone.

OpenBazaar – peer-to-peer, which means the authorities might not be able to shut it down. However, it still needs to be managed by people, and people can be arrested.

Agora – also allows weapons that Silk Road doesn’t.  16,000 listings makes it the co-leader in this space. You need an invite code, but these are easily found in places as accessible as Reddit.

Posted in Dark Web | Leave a comment
Aug 23
2014

Android Phones: Your Every Movement Is Tracked

Posted on August 23, 2014 by Cloak Meister

If you have set Location Tracking to ON, security services can know everywhere you have been.

  • We know that Google gives up info to the NSA
  • For ad serving purposes, they keep account of your movements

Log in with your Android account here and see your location history:
https://maps.google.com/locationhistory/b/0

Even worse, if you have given any app permission to know your location, your OFF can become ON.

If you prefer to travel anonymously, use the most basic phone you can buy and have calls forwarded.

Better still – no phone!

 

Posted in Government Surveillance | Leave a comment
Aug 14
2014

Your Switched-Off Phone Might Be Listening!

Posted on August 14, 2014 by Cloak Meister

To be fair, a phone that is fully switched off can’t do a thing. But what if you only thought you had turned it off?

Back in 2006, media reported that the FBI applied a technique known as a “roving bug” which allowed them to remotely activate a cell phone’s microphone and listen to nearby conversations.

Pinpointing a person’s location to within just a few meters has not been a problem either thanks to a tracking device built into mobile phones.

…In July last year, Washington Post wrote that “By September 2004, a new NSA technique enabled the agency to find cellphones even when they were turned off.”

…if an attacker had a chance to install malware before the phone is turned off, the software could make it only look like the phone is shutting down. Instead, it “enters a low-power mode that leaves its baseband chip—which controls communication with the carrier—on”.

Such “playing dead” state would allow the phone to receive commands, including one to activate its microphone.
Source: RT.com 

So, just like in the movies, what you need to do is remove the battery.

If that is impossible because you have an iPhone, you can do this:

  • hold the home and power buttons simultaneously for 10 seconds . This will put the phone in too low level a state for anything to able to interact with its baseband
  • the phone won’t turn on when someone holds the power button or power up when the phone is plugged into a power source
  • to use the phone again, hold the power button and home button together until the Apple logo appears
Posted in Avoiding Detection | Leave a comment
Aug 11
2014

Create a Second You

Posted on August 11, 2014 by Cloak Meister

Anywhere you use your actual name, your face, or your everyday contact details, people can work out it is you. And if you choose to be anonymous (this option will fade away with time…), that might inspire deeper digging (IP address) or afford you less trust.

Another option is to make up a persona, that is not connected to you in any way.

To do so, you will need:

  • a name
  • a head shot
  • email address
  • phone number (Skype)
  • real world address (use a mail forwarding service)
  • encrypted internet connection from somewhere you don’t otherwise use
  • ID

ID is the sticking point. When Curtis Wallen invented his second persona, he achieved this by buying a fake driver’s licence via the Dark Net. This isn’t an option for most people, because it is either too hard for them to achieve, or they prefer not to do anything illegal.

The face is easy – Curtis just merged elements from a few people he knew:

(the fake face is second from the right)

OK, it is a lot of effort. But if you wish to be a credible person, without any way for the authorities to connect them with your true self, it needs to be.

If you only put in half the effort (skipping ID and using a different IP address), then it will suffice for stopping regular folk knowing it is you. But just regular folk.

 

Posted in Avoiding Detection, Identification and Personal Data | Leave a comment
Jul 31
2014

FBI Terrorist Screening Database Grows by 468,749 in 2013

Posted on July 31, 2014 by Cloak Meister

Data revealed during a civil lawsuit shows that over 1.5 million have been added to the list over the past five yearsreports the Associated Press.

The rate of growth is accelerating:

  • 2009: ~250,000
  • 2010: ~250,000
  • 2012:  336,712
  • 2013:  468749

Clearly there aren’t that many terrorists. My guess is that, because the existing list isn’t providing the results they hoped for, they keep expanding the eligibility criteria.

We don’t know what the criteria is, but you can safely assume that if your name sounds Middle Eastern then you are in. Anyone who fits the profiles on our Terrorist Types page would probably be on it.

Posted in Identification and Personal Data | Leave a comment
Jul 19
2014

Estonia: Getting ID Cards Right?

Posted on July 19, 2014 by Cloak Meister

Many people are opposed to ID cards. It seems to me that ID cards on their own are immensely useful – try to imagine international travel without passports – but the concern lies with their potential misuse.

In Estonia, a country really making the headlines, they seem to have worked out how to run an ID card system without any problems, and have been doing so for a decade now!

Some good points (read more at The Economist):

  • The electronic ID cards, which are used in health care, electronic banking and shopping, to sign contracts and encrypt e-mail, as tram tickets, even to vote.
  • Taxes take less than an hour to file, and refunds are paid within 48 hours.
  • By law, the state may not ask for any piece of information more than once
  • People have the right to know what data are held on them.
  • It uses suitably hefty encryption.
  • Two PIN codes, one for authentication (proving who the holder is) and one for authorisation (signing documents or making payments).
  • Only a minimum of private data are kept on the ID card itself.
  • Lost cards can simply be cancelled.
  • In over a decade, no security breaches have been reported.

So, you can always find out the date the government has on you. One step authentication for everyday things, two step for important things. Losing the card doesn’t matter. One card for just about everything!

Finland is looking into using the same system.

(Yes, such a card is scary, but in reality we are using proxies for it all the time. When you open a bank account, rent a car or even rent a DVD you are asked for pretty serious forms of ID. Half the websites you sign-up to ask for your DOB…)

The concern for cloakers is how far does the ID go? Are your train journeys (paid with the card) tracked? Will you one day need to swipe it every time you purchase something? Will it have an RFID chip that tracks your location?

This wouldn’t be the first time that an acceptable idea has spread roots, and then unacceptable extensions have been surreptitiously added on.

You won’t be able to have a second identity….

Posted in Identification and Personal Data | Leave a comment