Category: News

Do You Trust Your TV? It Could be Spying on You.

Well if you have a new Samsung TV then perhaps you should think twice before answering that question.  Their new generation of Smart TVs have a voice activation feature that allows you to switch on and off, change channels and stuff like that, but it’s possible that this comes at a significant cost.

 

An eagle eyed EFF activist called Parker Higgins, took the time to read the privacy policy of these TVs and discovered a rather alarming paragraph which stated –

Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.

So let’s just have a think about this, if you enable the voice recognition function on your shiny new Samsung Smart TV, the bloody thing will not only listen to all your conversations it will also transmit them to a myriad of  third party companies.  Your TV would actually be sitting in the corner of your room spying on you!

Now putting aside my personal dislike of all voice enabled devices, I mean why is talking to an inanimate device preferable to pushing a button, this is a seriously worrying threat to people’s privacy.  For a start you’d have to be permanently on your guard, who knows where your conversations are going to – just some spotty Samsung technical geek  or more likely a selection of marketing companies?   Secondly, it’s not only spying on you the owner of the TV but anyone who happens to be in the room – have they given their permission ?  Should anyone entering your living room be given a disclaimer and need to sign a consent form !!

Samsung have now modified the wording in their policy insisting that the TV doesn’t in fact listen to ordinary conversations.  This is however rather difficult to believe after the initial policy wording,  I mean you’d never put that down in writing if it wasn’t in some way true.  There is obviously little thought being put into the design of these devices, as far as privacy goes – relying on stuffing a few sentences deep in the TVs documentation (which it probably thought nobody would read).

There are other aspects to the technology which makes it even more unlikely that conversations can’t be monitored by the device.  For start the TV is capable apparently of recognising complex requests like –

‘recommend a good Sci-Fi Movie’ or ‘open BBC iPlayer

I mean a TV would have to listen to pretty much everything to pick up and filter requests like that, this is beyond someone like me shouting OFF  in his stupid accent.

What is more that the TV doesn’t have a single microphone, you can’t just huddle in the corner away from the TV whispering – there’s another in the damn remote control.   Cunning move, the TV remote in my house for example it is the singlest most difficult to find device by far.  It routinely turns up in all sorts of obscure locations and I’m sure my children are on some sort of retainer to hide it every time they’ve finished watching.

Well I for one, will not be purchasing one of these things, however unfortunately it will also involve me upgrading my general level of paranoia.  I foresee a future of creeping around electronic stores or checking the backs of friends TV sets when I enter their house  (and of course enquiring about the location of the remote).

Does anyone really need this rubbish !!

Turkish Hacker Sentenced

If you’re thinking of setting up for a career in computer crime, there’s many very tempting options for locating your centre of operations.  The obvious place is somewhere like Russia, where as long as you make money the police will be likely to turn a blind eye for a few dollars. There are many other places where minimal law enforcement exist particularly in relation to computer crime which mean the risks are relatively negligible particularly if there’s a lack of any extradition treaties to the developed world.
turkish-hack

However some countries are a staggeringly bad idea to base a criminal cyber empire and it looks like Turkey is one of those. The reason is now becoming clear to a 26 year old Turkish hacker named Onur Kopcak who was sentenced on Sunday for stealing 11 people’s credit card information and selling them online to other criminals. It wasn’t the world’s worst cyber crime and in fact would largely pass unnoticed in many places.

Although to be fair  Onur’s crimes did extend to a few more people after more were discovered from the initial investigation – in all 54 in total claimed to have their card details stolen by him. He, along with a few other hackers set up a few interfaces designed to mimic a bank’s internet portals and combined with a phishing campaign were beginning to see some results from their criminal enterprise.

Unfortunately for the fledgling gang and in particular Onur Kopcak,  these crimes were heard and sentenced separately and Onur received a 199 year sentence for the initial victims followed by an additional 135 years for the later offences. The crimes were listed as identity fraud, access device fraud, wire fraud and website forgery which are all criminal offences in Turkey.

So for a crime which probably netted only a few hundred dollars before they were caught Kopçak has been sentenced to 334 years in prison. It’s a staggering sentence and Onur will probably look in awe at the sentence handed to a UK fraudster called Theogenes de Montford who stole 35,000 credit card details and was sentenced to 4 and a half years in prison for his role in the theft.

So remember all you budding cyber criminals – setting up in Istanbul or anywhere in Turkey is likely a very bad idea if there’s the slightest risk that you’ll be caught.

EU Change Forces iPlayer Rethink

There’s encouraging news that the European Union is going to be forcing the way forward in the market for digital services and one of the biggest impacts could be on the BBC iPlayer.   As you probably know the BBC iPlayer works wonderfully if you’re actually in the United Kingdom but stops working the moment you try and access it from anywhere else.  Which leads to the situation where a BBC license fee payer is blocked simply because they are outside the country,  so you can’t watch the News on holiday or keep up with your favorite soaps.

europe-558828_1280

Obviously there’s now a whole range of VPN and IP proxy products available to circumvent the blocks but should it really be necessary for a valid purchaser to use these just because they happen to be out of the country for whatever reason.

The BBC is not alone, virtually every large digital media company on the internet operates under similar restrictions.  You can’t watch Hulu or HBO from outside the USA, M6 Replay is blocked outside France and so on.  Even supposedly global digital companies do the same, your Netflix account will only work if you are in a country it which it operates,  certainly seems a nonsense in this digital world.

EU Proposals are designed to move towards a single European digital market with the idea that if you legally buy content in one country there should be no restrictions on accessing them in any other country.   Currently there are all sorts of restrictions on digital content usually fuelled by complex copyright rules and regulations.    However these could all be overruled if it became a new right for EU citizens that these digital products were portable across European boundaries.

As it stands it’s just a proposal, the planned implementation if it gains approval is 2017 however we might have to wait a little longer than that.  Firstly there are genuine concerns that some countries will not be keen to support this proposal, particularly those who like to protect their own culture and national media.

There are also some powerful and well funded lobby groups who feel that it is a fundamental right to be able to control production and distribution based on specific territories.  However of course, they would say that because it enables them to operate profit maximisation techniques by selling for different prices in European regions – certainly not the definition of a single market.

For the BBC there will also be some technical difficulties in implementing a system which allows license fee payers the rights to watch wherever they are in Europe, the current BBC iPlayer has no real authentication system like Netflix or Sky. It is likely that the changes required will take some time, perhaps even beyond the 2017 implementation proposal.

However at least there is hope on the horizon that we will genuinely be able to access digital content internationally without having to use a VPN or Smart DNS that we have legitimately bought, without having to pay individually in each country we want to access it from.

The IQ of Cyber Criminals – the Bootle Cyber Attacker

There is I suspect rather a misconception about the IQ level of your average cyber criminal. From your harmless hacker to the sophisticated cyber crime networks of Asia and Eastern, everyone involved is normally portrayed as sophisticated, misguided and highly intelligent. The reality is I’m afraid far from truth and a huge proportion of those who commit cyber crimes are pretty damn stupid.

Meet Mr Ian Sullivan, from Bootle who has just been jailed for 8 months for conducting a series of DDoS attacks on high profile websites.

cybercrime

The 51 year old, unemployed father of six conducted these attacks against 300 websites taking many of them offline.  A DDoS attack involves saturating the target servers with thousands of requests which are difficult for the server to process.   It simply aims to overload the target server with these connections until it falls over.

DoS – Denial of Service Attack (Single attack)

DDoS – Distributed Denial of Service Attack ( attack involving multiple machines usually using malware installed on ordinary computers)

There are a variety of these attacks, most involve volume but often involve specialist techniques crafted against certain types of web servers.  Have a google of these attacks if you want to know more

  • Buffer Overflow
  • Smurf Attack
  • Ping of Death
  • SYN Attack
  • Teardrop Attack

However the thing to remember about the vast majority of DDoS attacks is that you can conduct them through a simple software interface i.e. you need very little technical knowledge.  Of course, there are very skilled attackers out there who can bring down servers with individually crafted attacks against specific targets however these are certainly the exception not the rule.  Mainly there’s little to be gained from Denial of Service attacks although many try extortion to stop them.

Although Mr Sullivan claimed some sort of affiliation with the activist group Anonymous, there are suspicions that his technical knowledge was perhaps limited. One of the biggest clues that this wasn’t the work of a digital moriarty is the fact that he would post warnings to the websites he attacked with his Twitter account.  It’s kind of like posting a self addressed letter to the victim, it does help tracking down criminals when they leave huge clues like this.

I think  the point to take away from this, is that computer crime is actually very easy to do.  Many popular attacks have been automated so you only have to fill a few fields in on a web front end, pay a few bucks to for a service from the Darkweb or install a DoS program on yours and a few computers.   The important part is that you need the intelligence and the knowledge to hide your tracks which is much, much harder.

When they looked up Mr Sullivan’s Twitter account and paid him a visit they found lots of  DDoS/DoS related software installed on his machine using simple computer forensics techniques.  Probably his only smart move was to plead guilty, which presumably led to the relatively low sentence of 8 months in prison.  He would not have got away so lightly if he’d performed this attack in the US or against a US based server though.

What a cyber muppet !!

Facebook Crime – Removal Scam

There is a very real and fundamental problem with buying and selling anything using social media, identifying whether the person you are dealing with is legitimate. Think about it, normally when you find a trader or company they will have premises, registered offices, land lines. You may have responded to an advert or directory listing, all these things take time and money to set up.

Now let’s compare that with a Facebook Company page, which takes two minutes and no verification. In fact, you can set up a Facebook page for a fictitious company and then add hundreds of fake likes and reviews in an hour or so. The result can look extremely legitimate and representative of a well respected, reliable company or tradesman. It’s not hard to do and costs very little money, what is more if you’re reasonably careful almost impossible to trace back.

moving-312082_640

 

 

This is unfortunately what happened to Becky Szenk and her partner Mark Higgins when they moved from their flat in Wolverhampton.

They needed to find a inexpensive removal firm, and like many of us turned to the social media site Facebook to see if they could find someone. They managed to find one of those ‘man with a van’ services and immediately contacted them to book his services. Many of us do exactly the same, only last month I booked a roofing contractor who came up in a Facebook search. My experience was good despite my lack of care, however it was a very different story for Becky Szenk.

The removal guys turned up on time, and two of them quickly and efficiently loaded up their worldly possessions into a large transit van. What was notable was the speed in which they completed the task, loading up in about 45 minutes and driving off to the pub that they had invested their savings in.  Or so they thought, in fact that was the very last time they saw their stuff – the men and their possessions were never seen again.

“I have never cried more in my life than I did on Friday afternoon – I am so distraught that they have taken my engagement ring and my baby’s toys.”
Becky Szenk

It’s not an isolated case, police have reported several similar incidents just within the West Midlands area of the UK.  It is an easy crime to perpetrate, you can easily hide your tracks and the payoff can be extremely large – the possessions lost by Betty Szenk and her partner were estimated in the region of £10, 000.