Category: News

UK Users to Receive Piracy Warning Letters

A couple of weeks ago I sat in the front room of an elderly neighbour, on the TV screen was a Premier League football match being broadcast on Sky Sports.    I was surprised because I knew this chap struggled on a basic pension and the Sky Sports package is not cheap!   However I then noticed the digital box, it was not the standard Sky digital  box but a custom TV media box complete with VPNs.

For a few pounds a year to cover updates, this box was pre-installed with a version of Kodi and a few extras which granted free access to every single Sky subscription channel.  The cost of these channels if paid for legitimately would be over a hundred pounds a month, yet the cost for these was virtually nothing.  The box even simulated the Sky selection screen which meant that this 80 year old man was happily surfing at the cutting edge of digital piracy.

A New Breed of Digital Pirate?

It turns out his nephew has installed it and he’d been using it for several months.   He was blissfully unaware that technically he was stealing all this content from Sky and to be honest I didn’t feel the need to spoil his enjoyment by telling him

The reality is that in the UK and indeed across the world, digital piracy is starting to hit the mainstream.  In millions of households, neat little digital boxes sit happily under TVs streaming illegal copies of US cable channels or UK satellite channels.  It’s got to the point that it’s so common that most people don’t even consider it illegal, something like taping a radio programme or copying a DVD.  After all why pay a fortune monthly to some huge media conglomerate when you can purchase a pre-installed media streamer that supplies the same for nothing.

It does of course, cost the media companies huge amounts of lost revenue and obviously they are trying to stop this.  In the UK this month, will see the first phase of action designed to stop this behaviour.  The biggest ISPs in the UK will all be sending out emails to any individual who’s internet connection is being used to download copyrighted material illegally.

It’s been discussed for years but has always been postponed for a variety of reasons.   For example there was a lot controversy when copyright holders started using a practice dubbed as speculative invoicing.  These were basically demands for money threatening legal action against anyone who’s internet connection was being used to download copyrighted material – you can read about in this article – Bittorrents Monitored.   The issue has never been detecting the downloads but rather what actions can be taken, legally it was very difficult to prove an individual was responsible even if their internet connection was being used.

The letters will be sent in the form of emails, and will simply inform the user that their internet connection is being used to download copyrighted material and information about where it can be obtained legitimately.    There will be no threats, fines or further action and critics have pointed out that it will have little effect.   The action will only target P2P users, those who download using torrents and file shares – however the use of these methods has fallen dramatically over the last few years.  The majority of people who view copyrighted material now stream directly using these TV boxes and programs such as Kodi which are slightly more difficult to detect.

It is likely that these users will be targeted later although who knows how long this will take.

Snooper’s Charter – UK Passes Surveillance Law

This was always likely to happen given recent events, the ridiculous snooper’s charter which was originally tabled in 2012 by the then home secretary Theresa May has been approved and passed.

12-01-2009-anonsymoussurfingsoftware-anonymous_democracy-dictators

Over the years it’s been blocked and repealed with good cause, civil liberties groups have described it as the most extreme surveillance legislation ever passed in a democratic nation.   It’s a huge blow to personal privacy with the government basically having access to pretty  much everything we do online.

Here’s some stand out points:

Internet provider’s Forced to Log Web History for 12 Months

This is a great one, your ISP will be forced to record every single web site you visit for 12 months.  So just imagine this, Government departments will be able to generate a list of every single web site you have visited for the last year.   Sounds a bit Orwellian,  a bit intrusive?  We thinks so!  Further imagine sitting down for an interview or an application with some Government official sitting across the desk from you with that list in hand.

Decrypt Data on Demand

The government will have the power to force any company or individual to decrypt data on demand.  Obviously no one really has any idea how this will work or how it can be implemented, but this just means it can be made up to suit the situation.  Is your VPN a protection, who knows if the law demands you hand over the key perhaps not.

Intelligence Agencies can Hack into Our Devices and Computers

Great eh!  Not only do they get a list of every porn site you may have inadvertently clicked on over the last 12 months, but the Government can legitimately hack into your phone, TV or internet enabled toaster to pry just a little bit further.  The use of the word ‘devices’ means they have pretty much ‘carte blanche’ to break into every electronic device in your possession and create sinister, snoopy lists and databases.

government-snoop-information

There are many other provisions, and in the spirit of oppressive regimes everywhere lots  of them are kept suitably vague and unclear.  This is important because it allows the security agencies to do pretty much anything and claim it is covered under the legislation.  Places like Iran, Turkey and China have been doing this for decades.

Is privacy a basic human right?  Many people think so, yet this legislation completely erodes that concept.   It’s been criticized from all quarters – privacy groups, United Nations representatives, lots of IT companies and even the parliamentary committee that was tasked with looking through the bill.

Nothing seemed to matter and the UK has now established a legal right to spy on it’s citizens like some second rate, despotic regime.

IP Address Mapping Hell in Kansas

Is there such a thing as a ‘digital hell’ well although it sounds like some sort of melodramatic media headline, one couple in Kansas could arguably have been living there for several years.

Everything that is connected to the internet has an IP address, every computer, laptop, tablet or smart phone needs some sort of address in order to communicate on the world wide web. Tracking, mapping and filtering these addresses is big business and many companies have sprung up providing accurate information on the IP address attached to your device.

Obviously knowing the location is one major part of the puzzle and there are several services for looking up the physical location of an IP address. You can have a look here at where your IP address appears to be located – https://www.whatismyip.com/ – did it return your correct location?  Sometimes these can be very accurate, the information sourced from companies like MaxMind has been built up over many years through a variety of methods. The information is used for a variety of reasons, from targeting advertising to region locking and filtering used by companies like Netflix

Sometimes, however this information is not very accurate at all  but sufficient if you just want a specific country or region. However when a company like MaxMind have no relevant data on an IP address they will tend to resort to assigning a default location. For example if they have no further information other than country is USA, Maxmind will return a default location – the geographic center of the United States.

ipad-632394_640-1

Sounds logical? It is until you realise that located in the geographical center of the US is a small farm in Kansas owned by James and Theresa Arnold. Furthermore there are quite a few IP addresses which are registered to this ‘default location’ – specifically just over 600 million addresses.

Now it might seem that this isn’t really a problem, but unfortunately this is not the case. These 600 million addresses are real and being used online all the time – and of course with such a huge volume some of these addresses are being used for all sorts of activities. Spammers, hackers, cyber crime, terrorists, pedophiles are all using these IP addresses online and when anyone tries to investigate their location – they are directed to this small rural farm in Kansas.

For years the couple have been subject to all sorts of accusations – they’ve had visits from law enforcement agencies, public officials, ordinary people who’ve been crime victims and have tracked the IP address back to the Arnold’s home address. You can imagine the volume when even a small percentage of 600 million addresses are used for criminal purposes.

It’s not the only situation like this, there is a house located at the end of a cul-de-sac in Ashburn, Virginia which has similar problems. The town itself is the home to several huge data centers and server farms, all with registered commercial IP addresses – the house was unfortunately given as the default location for millions more IP addresses with similar results – strange accusations and police raids being a common occurrence.

Fortunately there should be a happy ending for both these parties as the ‘default locations’ for unknown IP addresses is being changed to non-residential addresses such as the middle of a lake! The Arnold’s though are unsurprisingly also seeking some financial compensation for the distress and inconvenience over the year, and you can hardly blame them!

The Big Business Hackers

When you imagine a team of highly skilled hackers attempting to make money, most people will probably think of some criminal exercise of exploitation, cyber crime or extortion.   You certainly wouldn’t think of the stock market or investment firms profiting directly from this sort of enterprise – yet it seems this is exactly what is happening.

Hacking is going mainstream and it looks likely that there will be a lot more profit going legitimate than through the standard ransom or blackmailing routes.   Others will perhaps argue that these new methods are pretty much the same as the criminals use.

The story arises from the tactics of a company called MedSec a cyber security firm which has recently started up.  They investigated a range of hospitals and medical hardware for potential security issues and identified one medical devices company to be at particular risk – St Jude Medical Incorporated, more specifically the pacemakers and defibrillators they make.

At this point MedSec faced a classic, traditional ‘hackers dilemma’ – you find a serious vulnerability – what do you do?   For the ethical hacker it often represented a difficult choice particularly if a little digital trespassing was involved.  Many individuals have found themselves behind bars after attempting to inform a company or organisation about a vulnerability in their software or network, while some have been praised and rewarded.   The MedSec guys though have a plan to inform and profit at the same time, although the ethics seem fairly dubious to many.

They approached an investment firm run by Carson Block called Muddy Waters Capital LLC with their money making initiative.   The idea was unusual, MedSec team would prepare all the evidence demonstrating the problems with the medical devices, however before making this public the investment company would take out a short position on the parent company of St Jude Medical.    Basically they would both make money if the share price fell in response to the negative news.

Sounds like insider dealing? Perhaps, although it is assumed legal advice was taken before this unusual tactic  – here’s a MedSec representative justifying their tactics.

Convinced? Nope me neither, I suspect they may be in trouble for using this tactic. Where will it end ? The false concern about patients using these medical devices to try and justify their money making scheme was particularly hard to believe. Currently the tactic seems to have paid off though with the share price falling significantly and presumably making the ‘short’ position profitable.

Activism or Sensationalism – Erdogan Emails

It’s a pretty turbulent in Turkey at the moment, with many people genuinely worrying about it’s future as a democratic republic.  The failed military coup has ignited all sectors of the country and President Erdogan has seized the opportunity to round up his enemies and imprison them.

So it’s obviously a pretty dramatic time for WikiLeaks to release what’s it’s calling the Erdogan Emails which it says is leaked from the AKP, the ruling party in Turkey.  There are approximately 300,000 which are being released in stages, you can find them on the WikiLeaks website in a searchable database.

turkey-953415_640

The response has been predictable, the WikiLeaks site has been blocked in Turkey and the activists around the world have shouted and tweeted about the censorship of the Turkish Government. Although people in Turkey are well versed in the use of Open DNS, VPNs and proxies so this has very little effect.

They are of course right, but it doesn’t take much for the Turkish authorities to start banning stuff, in fact it doesn’t mean anything in itself.  Which in this case seems to be the problem, this leak doesn’t seem to actually contain much more than personal information of ordinary Turkish women.   I have had a decent look and found nothing but apparently others have been combing through this stuff for days without finding anything vaguely relevant to power (and/or the abuse of it).

There is however a lot of personal private information of ordinary Turkish voters such as the home addresses, phone numbers or women in most of the Turkish voters list.    Also identifying information such as the Turkish Citizen ID whether they’re in the AKP and similar – in truth it’s the sort of information of much more use to Identity thieves and stalkers than freedom fighters.

There is no doubt that this information could be used to cause significant damage to innocent individuals, so was WikiLeaks right to publish this?

It’s easy to argue the case that WikiLeaks isn’t responsible for deciding what is or isn’t released. Plus the resources needed to individually check and verify the data fully is probably beyond the organisation. However surely there should be some cursory checks before releasing the personal details of so many innocent Turkish women. It really is difficult to get passed the mundane and personal feel to these emails, much of it just simple correspondence from Turkish citizens.

The reality is that the information was probably already available before WikiLeaks released it, including all the people likely to try and exploit this information. The opposite argument suggests that once information is already released then it’s best for as many people possible to be aware, the victims are better forewarned than ignorant.

Overall though I think an organisation like WikiLeaks should be careful that the information released is in the public interest, perhaps we might find something in the coming months in these emails too.