Category: technology

Internet Monitoring – UK Snooping Plans

The UK Government have decided to take some lessons from the likes of China, Iran and Syria and started implementing increased internet surveillance. It often seems to happen when Governments are having a tough time they roll out the ‘tough on terrorism’ plans and start telling us how it will catch criminals and keep us safe.   After all it sounds good and is easy to implement – even though for the most part it’s completely pointless.

Under these plans, Police, the Government and intelligence agencies will be able to access data on all phone calls, emails, internet useage. They will be able to read through your web mail, Facebook messages, Linkedin posts, forums and gaming boards – just about anything you do electronically will be accessible to these people.

The Metropolitan Police Commissioner says –

Put simply, the police need access to this information to keep up with the criminals who bring so much harm to victims and our society.

Sigh……

What they will have is data and information on people who are doing nothing wrong. The criminals will be using SSH encryption, VPNs, secure proxies or they will simply just use other peoples Wifi connections. The only criminals you’ll catch by this incredibly intrusive internet snooping is thick ones who you should have caught anyway.


For instance I’m quite a careful driver however I live in an area where the Police force seems to have one single aim in life to catch people who exceed speed limits by three miles an hour. As such I have quite a few penalty points on my license which I’m not altogether happy with.

However I know several speed obsessed, thrill seekers who drive like they are on the Le Mons racetrack who have absolutely no points at all. Do you know why – it’s because they all have Warning systems and Radar detectors things in their cars. As such the only speeders that get caught are dozy ones like me who occasionally drift over the limit by a tiny amount.

This is the reality – and in this case too there are lots of easy ways to avoid this surveillance.

All this rubbish about a ‘Total War on Crime’ is just an excuse to further erode our privacy and civil liberties.  For example if I use Identity Cloaker then nobody will be able to see anything I do online, my data is encrypted and all the logs will just contain my fake IP address from the Identity Cloaker proxy server that I use. The logs on those are deleted almost instantly so that makes me just about invisible online.

So what’s to stop a terrorist using any one of these security systems ?

Nothing which is why the British Government will be left spying on ordinary people. That’s going to win the war on crime isn’t it?  Of course if you snoop on enough people for long enough I’m sure you’ll catch some people doing something illegal. But is it worth the cost, are we really expected to believe that this data won’t be routinely accessed to build profiles of individuals.

At the moment, the police can access this information anyway, however they need a warrant from a judge. Of course a judge isn’t going to issue these on the basis of ad hoc requests and idle snooping – which is exactly the way it should be.

We all know these powers will be abused, even if the police and intelligence services only exercise these rights in extreme cases (yeah right) – you can be certain that databases will be hacked, logs left on trains or USB sticks dropped in taxis.  All the time the criminals will be not remotely be worried as they will be the only ones not being monitored.

What is a Web Proxy Online Server?

A long time ago, at least in the context of the Internet – we used to call proxy servers –  gateways. In  fact the first WWW gateway was created at CERN by the World Wide Web team led by Tim Berners-Lee.  Yep that BernersLee – the man who invented the World Wide Web !

So how can we define these gateways, what do they actually do?  Well the most common description is that they are devices which forward packets between different networks.  Of course sometimes these networks are fairly different so the gateways need to translate protocols before they forward them on.  The difficulty here was that two distinct types of devices were being grouped together under the title – gateways – which needed defining.

The first type were Internet gateways which acted both as a firewall and a gateway to the internet.  These would sit in front of secure private networks and allow access both inbound and outbound – these were defined as proxy servers.  The other type were information gateways which usually acted on behalf of a server rather than the client.  These were defined as ‘gateways’ although some call them reverse proxies just to keep it slightly confusing.

So there are even quite a few different types of proxy servers, ranging from the one page web proxies you’ll find on loads of web sites, to big corporate proxy servers which you use to access the internet from work or college.

There are however some common properties that all proxies should share –

First of all they should be transparent.  That is to say they should not affect the end result, the client should receive exactly the same result from the web site whether you use a proxy or not.

Second, the decision to use a proxy should be instigated and controlled from the client.  Although in most corporate networks this is true – the use of a proxy is normally hard coded in to the configuration.  Most Windows clients will enforce the browser to surf through the corporate network, use specific DNS settings and cache pages on a proxy.  Next time at work or school if you look in your browser under connections you’ll probably see a proxy server address set here which you cannot alter. (Under IE you’ll find it under Internet Options/connections/LAN settings).

Finally the last main property is that the destination server or web site should be completely unaffected by the use of a proxy server.

These three definitions are however slightly under threat particularly because of the increasing use of geolocation.  This technology targets and controls content based on the geographical location of the client. However if you surf through a proxy server, then it is the location of  the proxy that determines what you can access or see.  This is why proxies are becoming so popular – if you have access to the right proxies you can access any content you like.  For instance if you want to access BBC Iplayer and you live outside the UK you’ll have your access blocked.  However if  you connect through a UK proxy server, then you’ll be considered a UK surfer and be allowed to use it.

Proxy Avoidance – An Introduction

So what does this mean to you? Proxy avoidance? Aren’t proxies used to help you keep your privacy – why would you want to avoid them.   Unfortunately there are some proxies you really should be looking to avoid.  Just using a proxy means absolutely nothing, it’s a bit like saying you are environmentally aware because your car happens to be colored green.  Proxies can enhance security but equally they can also be used to steal all your details and finance a Russian cyber crime gang’s Christmas party.

Bloody Spoilsports !!

 

So should you use or bypass a proxy server – well it really depends on a couple of factors – who’s running it and how it’s set up.

For instance I recommend a couple of proxies/vpns on this site – both of them don’t keep logs, they don’t monitor traffic and delete pretty much everything.   However this is not the case for the vast majority of proxies – some are actually designed to monitor you and control what you can or can’t do online.

The one thing you should remember is – that if you use a proxy server, then all your data is being channeled through that server.  Which is why most businesses make sure their employees surf the internet through a proxy.   They control and configure the proxy so that they have full control of what you do online on their time.

So let’s just be clear, if you are being blocked from accessing your favorite site at work, school or through your ISP, it’s probably because you are being forced to surf through their proxy server.

In this case you will also be requiring one of these if you need to avoid this particular proxy –

Luck – or rather some incompetence. If your client, browser or proxy security is set up badly, it can be fairly easy to avoid a proxy server.

Technical Knowledge – always helps but if you want to bypass the sneaky IT department, the more you know the better.

Security Software – programs like Identity Cloaker have special functions to piggy back existing proxy servers or bypass firewalls. Nothing guarantees that you by can avoid a proxy specifically designed to control your internet access but it’s usually possible.You can always test theories out – for instance the free – trial version of Identity Cloaker allows access to a selection of websites including Facebook.    This site is often blocked by content filters or proxies (usually because people are liable to spend hours on it!) – so test out to see if it works in your environments – the free demo version can be .

Remember a proxy server set up in your work or college – is acting as an intermediary for each client on the network.    As such it knows and records every single site you visit – so if you’ve got something to keep private – don’t do it at work !! Unfortunately there are lots of different ways that proxy servers can be set up, transparent, caching or anonymising for example.  When proxies where first used they were primarily used for speed. They would be set to cache requested pages – so when another client on the network requested the page it could be delivered locally.  This would mean that you would only need to download a page once and then served when required.

Here’s a useful video about – change IP address software that you might enjoy.

They are now used for a whole lot more – a proxy is a vital tool for controlling and configuring access to the internet for any client.  You can use a proxy to block, filter or simply monitor any request passing through it.  Have a look at your browser settings at work, if set up properly you should be blocked from manually changing the settings.   This is a simple first step in making sure that any employees cannot avoid using the proxy server – secure your proxy settings in the browser.  If you’re using Windows then this is normally used by using Windows Group Policy Objects which can tie down all security settings on your client.   Generally not only will this stop people fiddling with their settings, but it will be backed up by firewall rules.   The most common rule set would be that outgoing web traffic is only allowed via the IP address of the official proxy server.  Which is why most people get stuck when trying to be a proxy ninja on their school or company network.

In addition to the installation of a proxy server, most organisations now are rightly paranoid about ‘nasty stuff’ on the net, and so they utilise some sort of additional content filters.  The most common one I’ve come across is from Websense but there are quite a few different ones.   These will monitor online all the traffic and URLs, and block or log according to specific rules and algorithms.  These filters are generally installed on the ‘wire’ and will have access to all traffic on the network.   There’s only one real way to beat a decent filter and that’s to stop it analysing what you’re doing – that means you must use encryption.

It can be via SSL, a VPN or like Identity Cloaker which uses Rjindael-AES 256 bit Encryption over a SSH connection.  It’s difficult to summarise what situation you might find in any specific environment.  In any vaguely secure environment you’ll probably find most stuff I’ve mentioned being implemented.

Of course us Ninja surfers can get round all these issues using a variety of methods from cloaking to fake ip addresses.  Normally it’s not that hard to do usually because of the way a security measure has been implemented. For example you’ll commonly find Internet Explorer locked down very tightly stopping you doing anything.   But then the rest of the client will be neglected and a user can often install a different browser like Firefox which has no such restrictions!!  You may be allowed to access basic network configuration details so that using something like Smart DNS like this may be an option.

If an organisation hasn’t stopped you installing a new browser on your PC then it’s unlikely they’ve created any security templates either.   It’s not uncommon to see surprisingly – a super locked down version of IE alongside a completely un-monitored copy of Firefox.  Of course before you start messing around with the Internet at work or college, you should consider your position.   Check out your Internet Use Policy and see what you’re allowed to do?  Are you allowed to watch the BBC online, can you use Facebook and is there something that says you can’t use another browser for example !

It’s a big subject and I’ll cover some more specific scenarios in future posts.  I’ll mostly use Identity Cloaker as it normally has the functionality to bypass most corporate blocks and filters but there are others.   Don’t bother messing around with stupid online web proxies though – they won’t work unless your network admins are particularly stupid.

The Next Pavarotti?

Ok I love Turkey, but doing business there is so hard work!! But my frustration waiting for yet another piece of paper in an office in Ankara simply melted away when I heard this – a fabulous performance…

If you’re not in the UK – you’ll need a proxy or security program (like Identity Cloaker) to give you access I’m afraid.

More security stuff coming next post I promise………………………time to hack your neighbors Wifi….

Blocking Anonymity – China and TOR

There’s loads of places where it’s pretty simple to bypass the blocks and restrictions that Governments put up. In reality a lot of countries have no access to the skills, equipment and in some cases the will to ensure that they really do control access to the internet. For instance in Turkey, there are a lot of sites which are officially blocked like Gay and Lesbian groups ( serious sites not porn) but thousands of people access every day with no problem.

Subscribing to a anonymity service is quite common in many countries, not particularly due to the privacy issues but more because they want to access TV and media sites in other countries. The Geographical blocks that stations like the BBC and Hulu put above are easily circumvented by using a security program like . .   In fact if you speak to these companies you’ll find that 95% of the traffic is related to watching video and not to secure or private browsing.   In Identity Cloaker for example you can turn off the encryption to increase speed which is what many users do. Then people select the proxy server that they need – anything from an Australian proxy or a French, German or British one.

However the simple Geo blocks of the media companies are much worse for many people – for instance in China.  Whilst many countries are as mentioned pretty hopeless at controlling internet access – the techies behind the Great Firewall of China are very switched on indeed.

TOR Access Block

TOR is free software which links to an open network run by it’s users, it’s designed to provide anonymity online and let users bypass blocks and firewalls.   It does have it’s problems mainly based on the open format of it’s network – you relay traffic through other users computers.  As such there are security problems and it can be painfully slow to use.  But it is very difficult to block as you are not reliant on specific servers and there’s no specific IP addresses you can restrict access to.   But the Chinese have reportedly been block TOR users for several months.

The security team at Team Cymru have recently investigated how the Chinese Government was blocking access made to the TOR network.  It’s pretty interesting reading and demonstrates that the Chinese are actively combating the use of Tor through the Great Firewall of China.   Every time a user connected to a one of the Tor Bridges (which relays the connection through the Open network) then probes would be sent out from a Chinese IP address.  The probe was only sent if a connection was made to port 443 (HTTPS) in which an SSL negotiation was performed, any non secure connection did not cause the probe.

The probe was extremely sophisticated and designed specifically to connect with Tor, even able to communicate using the Tor Protocol.  As soon as one  of the probes was received the connection of the original Tor User was blocked by the Chinese Firewall and the connection dropped.

The team Cymru researcher was able to identify how the Tor connection was been identified.  The Tor handshake was located by inspecting inside the packet and locating the specific SSL ciphers used by Tor to establish the handshake.

Pretty heavy stuff,  to utilize this level of Deep Packet Inspection requires very sophisticated technology and obviously teams of people actively researching  how to block anonymity systems like Tor!

You can read the full details of this research conducted by Tim Wilde of Team Cymru here – Great Firewall of China Tor Probing.