Malware as surveillance tool…

Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge, it may be designed to cause harm, often as sabotage (e.g., Stuxnet), or to extort payment (CryptoLocker).”

In legal mumbo-jumbo, it’s called “computer contaminant” and there are number of laws that carry a stiff penalty, if and when the perpetrator(s) are caught.

Except when it comes to law enforcement…

Federal, and presumable local, law enforcements agencies, had been purchasing malware for surveillance purposes. The solution purchased by your tax dollars is a “turn-key Remote Control System” that manages infecting computers/portable devices including smartphones, collects data from the victims… oops, from the suspects, deletes itself from the target system, etc. Most of the solutions are purchased from Italy, France, Israel, etc., and it is  booming market. Just in recent years, DEA and US Army had purchased $1.2M worth of hacking… oops, surveillance tools.

From the recipient’s perspective, there’s no difference between the malware and computer surveillance. In either case, the system is compromised and it’s at the mercy of malware, or surveillance.

How do you differentiate between the good and bad guys? How do you differentiate between hackers and law enforcement agencies compromising your system?

The answer for the first question is simple, you don’t. There’s no difference between the two, regardless of the purpose of the hacking.

The answer to the second question is more complex. Generally, hackers compromise your system for financial gain, stealing information etc. You’ll know in a relatively short timeframe if and when the hacker owns your system. On the other hand, law enforcement surveillance/hacking you won’t know about, until they show up with an arrest/search warrant.

Protection against the malware, be that by hackers or law enforcement agencies, are limited. The major culprit for this limitation is the vulnerability of operating systems and applications, in addition to technologies developing against malware. By no means I am suggesting that software companies intentionally leave some backdoors in their software. While it is possible, I am not that suspicious… yet…

But I am suspicious enough to suspect that antivirus company may exempt the “surveillance tools” from being detected in their solutions. It’s probably relatively easy to achieve, but unfortunately, the actual hackers’ can easily mimic these “surveillance tools” and evade detection.

Depending on where live, you may want to install an antivirus and other security solution that is developed in a foreign country. For example… If you live in the US, Kaspersky might be a better solution than Symantec for detection surveillance tools from US law enforcement agencies. The drawback is that Kaspersky may not detect Russian hackers and law enforcement agencies malware.

Yeah, you cannot win this battle…

 

 

Threat Brief email tracking…

Threat Brief‘s “Daily Threat Brief, or DTB, is a daily  open source intelligence report modeled after the concept of the President’s Daily Brief (PDB). Every day the analysts of Cognito succinctly provide insights into global risk and security issues in ways that can reduce your personal and business risks and inform your strategic decision making.” You can subscribe to receive email highlights of these reports on a daily basis, more or less useful for security people.

Threat Brief does not use their business email server to send out the daily briefs, smart, they subscribe to a service provider that tracks the links in the email that you’d click on :

http://threatbrief.us1.list-manage.com/track/click?u=xxxxxxxxxxxxxxxx&id=xxxxxxxxxxxxxx=xxxxxxxxxxx*

*-Actual tracking IDs replaced by x

That’s nothing new, this have been done on the regular basis. What’s new is that the list-manage.com site does not show the email clicked link in the browser, if the browser happens to be IE11, secured as it should be in addition to Ghostery blocking tracking script.

The tracking script is blocked by Ghostery is from MailChimp Tracking:

Monkey business

Cue the jokes about monkey business, etc… 🙂

While tracking isn’t necessarily a security risk for the most part, certainly can be, it is a threat for the privacy of the end user without question. Now, why would Treat Security utilize a third-party mass-mailer that results in privacy and potential security risks for the recipients of the Daily Threat Brief? That’s beyond me… Isn’t that a contradiction to the intended purpose of the threat brief?

After evaluating the “risk and security issues” of the employed tracking method for the daily threat emails, unsubscribe is in order. Fortunately, there’s an unsubscribe link on the bottom of the daily brief, let’s see how that one works…