Category Archives: Surveillance

Are Backup Extractors New Cell Phone Tracker Apps?

Image Credit: Alejandro Escamilla / unsplash.com

While cell phone tracking applications are growing in numbers and popularity, the discussions around the ethical and moral issues of their usage don’t stop either. However, popularity can’t compensate for certain limitations of the software – all such apps require physical access to a target phone to be effective.

Surely, the existing options are pretty much sufficient for many users, but how much better would it be if physical access was optional? Mobile tracking at entirely new level, almost DIY hacking for beginners. Yet, are there any such options already present in the market?

We have recently reviewed two backup extractors on our website – Auto Forward and DDI utilities. We did it because we had several reasons.

  • These seemingly unrelated products have gained our attention due to the fact that both of them proposed:

1. for iPhone

2. for Android

 

  • Which is quite extraordinary, by the way, considering the fact that all backup extractors require connection to a phone, regardless of the original backup location (i.e. iCloud or iPhone device itself.) These applications state that they don’t. They actually claim that no physical access is required; however, it is quite hard to understand how they actually work.
  • Besides, both websites offer pretty much the same options as most cell phone spyware programs do – they grant access to all the backup data on the target phone, calls and text messages, media files and all. Well?..
  • It’s also curious that Auto Forward used to be Auto Forward Spy and now changed its course. DDI Utilities hasn’t been noticed in any monitoring activity before; however, its website resembles Auto Forward in a number of ways, and they do have the same information when it comes to the payment step. So, is there any chance they are related?..

While there are are dozens of mobile tracking applications available today: mSpy, HighsterMobile, FlexiSpy, TeenSafe and SpyEra, and so on, none of them can be used absolutely remotely – the app has to be installed on a target phone right at the beginning for it to actually work.

If the aforementioned applications can access a target phone remotely, it’s fascinating, for one thing, and a matter for concern, for another. As a backup extractor such an app won’t provide its user with real-time information, live calls and keylogging option, however, it gives a sufficient opportunity to access all the past information that can be accessed. And it’s something to think of, really.

Most backup extractors are very useful and convenient apps that can save someone’s life, in fact. However, it seems the same application can be used in many ways. If “Enter the Apple ID and password of the device you want to” is all you have to know – you might actually do more than backup or recover YOUR data.

Needless to say, none of these applications claim to be mobile tracking software; however, there’s definitely a certain potential.

How to Withdraw from the Internet

hide online, disappear online

Image Credit: Elizabeth Lies / unsplash.com

The last decade’s social network euphoria has prompted many of us to ladle out personal information, which can be compromised and used against us. This may be the last thing you think about right now. However, as the euphoria subsides, privacy becomes a primary concern. We begin to realize that there is personal information we should not have posted, because it can cause us a lot of trouble if and when it falls into the wrong hands. Once you discover you do not want your personal information to show up online any more, you can take steps to mute your ‘fame’.

Cut down on social networks

Sites like Facebook, Twitter, Google+, etc., make us want to share tons of personal information. It may include names, job positions, social status, pictures, avatars, etc. Therefore, your accounts should be the first meat for the grinder, if you are really concerned about your privacy.

If it is Facebook, Twitter, Google+, and LinkedIn, they have options, which allow you to terminate your use of them. Select them and follow further instructions.

This is not only about social networks. We also share personal data when registering on other websites and forums. Some users have registered on dozens and even hundreds of resources, so they have trouble remembering them all. An average American user has over a hundred accounts and profiles per email address! Too much for human memory to handle, isn’t it? In this case, it is advisable to use a tool or service to track all your accounts and have them erased automatically.

Get them off your back

There is one thing you should be aware of: it will not disappear immediately from search engines. With Facebook, Twitter, LinkedIn, Google+, etc., it may take weeks for your profile data to disappear completely. Well, as long as the process continues, you can use other ways to mask your footprints.

Request search engines to delete results, which refer to your personal data. For example, you can use Googles’s URL removal tool. Once a result is removed from the database, the search engine will never show it.

Type in your name in a search engine and look where it pops up. Bookmark places where it appears. Because you cannot delete the floating content immediately, all you can do now is contact the resource and ask them politely to remove the data as soon as possible. This can be your employer’s website with your name still dancing on it, your relative’s website or blog, where he or she has posted images with you, etc.

Image Credit: William Iven / unsplash.com

Because you cannot remove everything right away, and not all websites remove your data upon your request, do some cover-up tricks to distract users from your personal data. For example, you can create several profiles on same popular sites without posting any details on them except some general information, which cannot be compromised. Your ill-wishers will see nothing but blank pages and there will be nothing they can do about it.

If there are accounts you cannot delete, you can change them beyond recognition and trick visitors into thinking that you live in another city, have a different name, work at a different company, etc. use your creative potential!

Go the automated way!

As mentioned above, there are tools and services, which can help you deal with your accounts, if you have accumulated ton of them, in less than a few minutes. You know that not everything can be removed manually. Happily, there are websites, which can do the job for you. These services take great care about your privacy, and they use every chance to erase data instantly upon your request.

There you can find any network or resource, where you might have registered years ago, and the system will do the mop-up and give you the much-longed-for freedom and peace.

Popular Flash Keyboard Appeared to Be a Spy Program

flashIn accordance with the recent news a very popular Flash-board disclosed some functions of data collection and transfer to third party servers.

Fkash Keyboard is one of the numerous Android application that has become popular due to its functionality as well as multilingual support and also due to nice design. It was positioned as “extremely adaptive” as well as easy to use in any situation. The total number of downloads as well as installs for this app actually exceeded the ones for WhatsApp; and that’s saying something.

However, it seems that the keyboard was not only useful for its users. As the research by Pentest shows, it actually asked for more permissions than necessary and got access to some private data of its users. For example:

  • the app got access to a camera of the device;
  • it was also able to replace the lock screen with the ad one;
  • it sent alert messages;
  • was able to terminate some of the background processes (e.g. antivirus apps);
  • it also seems to send the collected data (mostly data about the device model, manufactur, GPS location data as well as IMEI number) to the serves in the US, China and the Netherlands. Pentest believes that these data might have been used for analytics platforms.

Surely, such services are not threatening in their nature; however, the excessive permissions as well as excessive data are one of the things that can always be misused by someone.

It is believed that the app was not developed to be a tracking one intentionally; however, it is rather strange that the Hong Kong-based developer of Flash Kewboard DotC United refused to comment the situation when asked for it by several media resources.

As of late, the application was taken down and is no longer available in Google Play Store; however, a new analogous keyboard developed by the same company is now available for general public. Let’s hope, it does not use the same tricks.

 

How Americans See Surveillance

Most Americans are familiar with U.S. surveillance programs


In accordance with the PEW research carried out in the previous year most Americans are aware about government surveillance programs; however, the attitude of general public greatly differs.

As the study showed, about 31% of all the U.S. population know (and 56% sort of suspect) that the government uses various strategies to monitor terrorist activity in the first place; and that these strategies involve cell phone and email monitoring as well as other means of communication.

Men are better aware of the fact, as the research showed – 37% vs. 26%; and college graduates have more information on the account than people who have only graduated from high school.


Another aspect that was studied in the PEW research is the level of public concern about the surveillance fact. Again, the answers differed to a degree. About 17% of the answers depicted “high” level of concern with the issue, 35% have “some” concern; 33% have “very little” concern over the issue and 13% are “not at all” concerned.

However, most people showed far more concern when it came to the issue of surveillance that related to their own activities (not some governmental terrorist monitoring programs). The reasons and spheres of concern here differ with different groups that were questioned.

  • Search engine concerns gathered about 39%.
  • Email monitoring collected about 38% of concerned answers.
  • Cell phone monitoring issues bothers about 37% of the U.S. citizens.
  • Facebook or Twitter and other social network monitoring by the government find concern in 31% of the audience questioned.
  • Mobile apps monitoring represent concern for about 29% of people.

The statistic also shows that women are less likely to have concerns about government surveillance than men. However, they are much more concerned about the monitoring activities then the question is about their own private matters.

The U.S. citizens also more comfortable with the idea of targeted surveillance of others but only when it doesn’t concern their own matters.

Majority of Americans see targeted surveillance as a necessity in the light of all the terrorist events; they also see it acceptable to have leaders of the country under the radar, at least some part of the population finds it so.

  • Monitoring of the terrorists under suspicion is ok with 82% of Americans
  • 60% find it right to be aware of the American leaders’ communications.
  • 60% fins it normal to monitor foreign leaders.
  • Communications from foreign citizens is not something to hide – supposes about 54% of Ameicans.

However, only 40% of the population inquired finds it unacceptable for the government to monitor their own people; about 57% find it downright unacceptable.

The research revealed several interesting patterns in the answers of the people questioned. The major pattern is that those people who are better aware of the situation with monitoring and government’s potential in this sphere are less likely to approve the idea in general, no matter the target – foreign or home citizens. The same refers to the difference in age groups – younger generations find it much less appropriate and acceptable than older ones.


All in all, here is a brief summary:

  • 77% of all American adult population is in favor of the government’s monitoring activities when the case is about a person who “ has visited a child pornography website”.
  • 68% find it ok to have “someone who exchanged emails with an imam who preached against infidels” under the radar.
  • 67% are in favor of the idea that a person with ties and connections to “known anti-American groups” should be monitored.
  • For 65% it is acceptable to have a person with weapon-related keywords in the search engines monitored.
  • 51% even find it ok to monitor a person with “unusual withdrawal” withdrawals from a bank.
  • The usage of encryption software is a reason for monitoring activity for about 49% of people.
  • 49% think usage of “hateful language about American leaders” is the reason sufficient enough for such a person’s activity to be monitored.

More information and full report can be acquired on the official PEW website.

Continue reading

FBI Warns about a USB devices/Keyloggers

keysweeperAs of FBI official information there appeared a number of USB/charging devices that work a keyloggers and are able to read and transmit all the information from the wireless keyboards.

Everyone who follow the new in the sphere should remember KeySweeper by Samy Kamkar that represented a normally-looking USB-charger.

The device work as a wireless sniffer, it actually is able to decode, store and send any keystrokes detected from a wireless keyboard. All the interested audience was able to check the vitality of a product as well as to follow the stages of its creation on the blog of its creator.

It is pretty hard to get why FBI decided that it’s high time to take measures to the device that appeared a year ago; but be it as it may, KeySweeper is now closely monitored by the law enforcement officials.

One of the major issues that FBI names with regards to such devices is that they are pretty easy to use, or, rather, misuse. They look totally normal to the eye, can be placed anywhere around an office or any other place where wireless keyboard or other devices are used. Thus, cybercriminal are able to steal everything with regards to personally identifiable information or intellectual property, any login/password info, trade secrets, and other confidential information.

The problem is that decoded information is transferred at such speed that it is quite hard even to understand that something crucial was stolen.

FBI report also claim that the aforementioned data was received in the course of some classified investigation. In accordance with the journalists’ who contacted Samy Kamkar the latter had given no information to the aforementioned organization in the first place.
There has never been reported any of the attacks with the usage of such USB-turns-Keylogger device; however, FBI suppose that the one who is forewarned is forearmed.

Office Security and Mobile Apps

Technology is created for our benefit and we surely do use it to make a world better in its turn. The same refers to various mobile applications that employees bring to their working places. There appears to be a risk to the office security system as well as many other problems that are bound to arise.

One of the things that many organizations have started to practice – BYOD (Bring Your Own Device) systems or adding stealth monitoring software to make sure that everything is all right. However, not everything is very smooth about such practice.

Recent report created by Gartner that was carried in 2015 proved that the majority of such mobile tracking apps have no adequate security protocols that would make their use safe and secure especially for the use inside of an organization and especially a large enterprise.

BYOD policy does not guarantee security and if your organization complies with this policy, it is high time to improve security testing of all mobile apps. The thing is that organizations are sometimes are either ignorant or unaware of the threat that might come with the mobile apps; however, there are a lot of things that an organization is better to be protected from.

Recommendations for Avoiding Problems

  • It is essential that companies should update their SAST and DAST (static application security testing, dynamic application security testing). Why is it essential? The thing is that it is necessary that a company’s tests should be compliant with all mobile devices. Surely, the task is not really easy as apps multiply by day.
  • All employers should have access to the background monitoring process options in order to be able to prevent any unwelcome activities.
  • All the server and devices should be tested and protected, especially the ones that are connected with mobile devices on a regular basis.
  • Only the apps that have passed the security testing should be admitted and allowed for download.
  • Wrapping as well as SDKs for application containment usage are advised for companies for better data protection.

More than 90 percent of the businesses today rely on third-party apps for their BYOD policies. This is why, according to Gartner, the year 2017 will start seeing a shift of enterprise security towards mobile app security. Endpoint breaches will have more focus on smartphones and 75% security threats will be because of mobile apps.

At the present moment there are more than 90% of companies that rely on BYOD policies. However, the shift to mobile security is coming and fast. It makes sense to pay better and closer attention to mobile apps as they are likely to pose a stronger threat with time. They become better and with this more complicated as well as with regards to enterprise security. It is high time to pay closer attention to applications that will protect a company’s data.

Encrypted Smartphone and Consumers’ Reaction

In the light of all the interesting information revealed about the NSA actually spying on their own citizens, the problem of mobile security got more attention. It has become known that the National Security Agency was involved in various surveillance activities that included cell phones’ tracking and the like. In this respect the appearance of the new device – an encrypted smartpone is probably not surprising to anyone.

Taking into consideration the fact that the idea and device are new and it is hard to predict the number of customers who can potentially be interested in buying such a smartphone.

The new encrypted device got the name of the Blackphone and is a creation of Silent Circle. The company specializes in encryption and cell phone security and as they claim, the created a product that can be relied on. In accordance with their words the best effort was made to make sure that a user’s privacy is secured and that no side control over the device is possible. In the light of the recent revelations is it quite clear that many smartphone users feel uneasy and less secure about their mobile devices and there are great expectations that the new Blackphone will gain popularity pretty soon.

The main goal of the Blackphone creation was to make a cell phone that could send and receive encrypted messages and calls without the risk of the latter being intercepted and interpreted. The smartphone is claimed to be easy to use and familiar with the customers in terms of interface and applications and general appearance.

The Blackphone is surely to draw the attention of those users who are involved in the spheres with high security levels necessity as well as businessmen and so on. It will be also of interest to general public as in the light of the NSA recent activity, many people are not really happy about the perspective of being tracked or overheard, and stripped of their privacy. As long as the devise has just recently been launched, it is hard to make any definite prediction about its mass market perspectives or the like. Besides, it is really not very clear whether the Blackphone is really as reliable as the promises sound.

One thing is for sure, the Blackphone is a new word in mobile world and it definitely has much better encryption for security among the existing mobile phone models; however, unless it becomes more available for general public and proves that it works the way it should, it is hardly likely that the model won’t stay the choice of only narrow circle of interested people.

Ways the NSA Uses in their Surveillance Practice

In accordance with the recent article published in the Spiegel the NSA has got a great number of ways that it uses for spying. Its ANT division is equipped with a great number of tactics and some of them have very strange and even funny names. However, this does not interfere with them being highly effective.

As a matter of fact, there are more than several dozens of such techniques and here are just several of them.

IRONCHEF
This hardware is a tricky one and is manufactured by Hewlett-Packard. It stays alive put even after the spyware is removed.

ANGRYNEIGHBOR
This spyware has a very eloquent name and it is able to track the objects in your house, in the rooms and etc. It makes possible to track what’s happening on any computer screen in the house.

SURLYSPAWN
This program is able to log the keystrokes even in the offline status and as far as the street across, isn’t it impressive? This spying soft is closely related to the aforementioned “angryneighbor” and it does not presuppose any downloads as it works on radio frequency.

TAWDRYYARD
This one serves as a beacon that helps to locate the necessary units. It is a part of RAGEMASTER and its cost is just $30 but it works perfectly and it is able to intercept video.

CANDYGRAM
In fact, the agency does not have any need in going into contact with any of the cell phone companies as they have this tracking software – candigram. This one is very interesting as it is able to imitate the GSM cell tower and make the observations without any need for direct interference.

NIGHTSTAND
The agency is able to attack any computer that works on Windows OS within the distance of 8 miles. It can be done via an 802.11 wireless exploit and it is usually used when there is no option for wired access.

IRATEMONK
IRATEMONK activity is based on either remote access or interdiction. It is usually installed on a target’s computer and can be accessed every time whenever the PC starts.

Surely, these are just the simplest ones of the NSA’s cell phone spying techniques and tactics and in some ways it is even better not to know about the rest of the surveillance options.

 

CSEC and Its Spying on Canadians

It has been revealed recently that the surveillance agency of Canada spies on its citizens from time to time, as they say “incidentally”.

This revelation was made by the Communications Security Establishment of Canada (CSEC). They admitted that in the course of their work they may incidentally intercept the communications of Canadian citizens. They explain it by the fact that the while targeting foreign entities such things can happen as the world of today in overfilled with various networks.

The same it seems to be indicated in the report of Globe and Mail that was issued in 2011 and contained the approval of the former defence minister Peter MacKay to spy on the global telephone and internet network. It was nicely put in the terms of “secretly monitoring” and the approval spread to spying on the Canadian citizens as well.

As a matter of fact, the agency has neither right nor need to spy on the cell phones of Canadian citizens. However, the agency admits that the cases of surveillance of Canadian citizens can happen and if this to be the place the authorization from the Minister of National Defence is acquired for every specific situation. In case private communications get intercepted for some reason, each and every possible step is taken so that the information stayed private and didn’t appear in the hands of any third party.

There is a new section on the website of the Communications Security Establishment of Canada (CSEC) and it explains the activity of the agency and its relationships with other security agencies that operate both abroad and in Canada. As of the words of the agency there is nothing illegal in these actions and they are only aimed at protecting the citizens of Canada in the first place.

Surely, not everyone is likely to believe as not so long ago the Communications Security Establishment of Canada was involved in the issue when it actually was accused in the collaboration with the Canadian Security Intelligence Service. It is believed that they tried to purposefully withhold court information that referred to top-secret warrants for interception. So, it is quite hard to say, whether the intentions of the CSEC are really what they actually try to describe them.

Cell Phone Spying and Privacy Issues

Cell Phone SpyingIt is sort of impossible to imagine dealing with crimes and doing without secrecy. It is the most essential thing that helps to be ahead of terrorists and criminals and make the work of police all the more effective.

This is really great to be able to use such powerful tools; however, it is also a bit annoying to realize that the same tools can be used in order spy on the citizens. What is more annoying in this case is that it seems impossible to find out how exactly the data is collected.

As of the report of the Indianapolis Star it seems that about $373,995 was spent by the Indiana State Police during the period of the last year on the device that is called “Stingray”. It is believed to allow tracking the movements and activity of a person within one mile radius with the help of a cell phone.

What is more, officials are not eager to provide any information on the account of the subject in general and in particularly about how the data is collected and who’s got access to it as well as whether it is being stored or destroyed and the last but not the least question is whether the whole procedure is legal.

Opinions on the account of spying on cell phones differ; however, three senators in the least are determined to introduce the new bill that will make police agencies to obtain special warranties for data collection activities.

As it has already been said, cell phone tracing can be a very useful and powerful tool in the struggle with terrorists and criminals; however, it should be regulated as well as any other activity on the part of security organs. Tracing people’s cell phones means violating their right for privacy and such violations should be controlled, if it is done. The idea of the personal information to be stored and accessed by someone for some reason is still new and bizarre; however, so was the idea of a cell phones to be easily tracked – but now it is reality.

Surely, the whole surveillance issue is a medal with two sides. There always are the guilty and the innocent sides and some consensus that would allow police to conduct the investigations involving data collection but do it legally.

It’s impossible to find that middle ground when information to begin a conversation and debate on this technology is not forthcoming. That needs to change and we hope the conversation will begin with the introduction of legislation next year.

However, it is frequently seems to be next to impossible to find this middle ground. Let’s just hope that the police will use their surveillance power tools in a decent way and the public officials will take better job in explain the whole thing to the general public so that no misunderstanding would take place.