Jump to content

Search the Community

Showing results for tags 'spy'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 8 results

  1. I had bought one from onespy.in which has expired. Is there a cheaper or free but effective solution/s available? Please help/suggest something useful. Thanks.
  2. Analysis Chinese government agents sneaked spy chips into Super Micro servers used by Amazon, Apple, the US government, and about 30 other organizations, giving Beijing's snoops access to highly sensitive data, according to a bombshell Bloomberg report today. The story, which has been a year in the making and covers events it says happened three years ago, had a huge impact on the markets: the company at the center of the story, San Jose-based Super Micro, saw its share price drop by nearly 50 per cent; likewise Apple's share price dropped by just under two per cent, and Amazon's dropped by more than two per cent. But the article has been strongly denied by the three main companies involved: Apple, Amazon, and Super Micro. Each has issued strong and seemingly unambiguous statements denying the existence and discovery of such chips or any investigation by the US intelligence services into the surveillance implants. These statements will have gone through layers of lawyers to make sure they do not open these publicly traded corporations to lawsuits and securities fraud claims down the line. Similarly, Bloomberg employs veteran reporters and layers of editors, who check and refine stories, and has a zero tolerance for inaccuracies. So which is true: did the Chinese government succeed in infiltrating the hardware supply chain and install spy chips in highly sensitive US systems; or did Bloomberg's journalists go too far in their assertions? We'll dig in. The report First up, the key details of the exclusive. According to the report, tiny microchips that were made to look like signal conditioning couplers were added to Super Micro data center server motherboards manufactured by sub-contractors based in China. Those spy chips were not on the original board designs, and were secretly added after factory bosses were pressured or bribed into altering the blueprints, it is claimed. The surveillance chips, we're told, contained enough memory and processing power to effectively backdoor the host systems so that outside agents could, say, meddle with the servers and exfiltrate information. The Bloomberg article is not particularly technical, so a lot of us are having to guesstimate how the hack worked. From what we can tell, the spy chip was designed to look like an innocuous component on the motherboard with a few connector pins – just enough for power and a serial interface, perhaps. One version was sandwiched between the fiberglass layers of the PCB, it is claimed. The spy chip could have been placed electrically between the baseboard management controller (BMC) and its SPI flash or serial EEPROM storage containing the BMC's firmware. Thus, when the BMC fetched and executed its code from this memory, the spy chip would intercept the signals and modify the bitstream to inject malicious code into the BMC processor, allowing its masters to control the BMC. The BMC is a crucial component on a server motherboard. It allows administrators to remotely monitor and repair machines, typically over a network, without having to find the box in a data center, physically pull it out of the rack, fix it, and re-rack it. The BMC and its firmware can be told to power-cycle the server, reinstall or modify the host operating system, mount additional storage containing malicious code and data, access a virtual keyboard and terminal connected to the computer, and so on. If you can reach the BMC and its software, you have total control over the box. With the BMC compromised, it is possible the alleged spies modified the controller's firmware and/or the host operating system and software to allow attackers to connect in or allow data to flow out. We've been covering BMC security issues for a while. Here is Bloomberg's layman explanation for how that snoop-chip worked: the component "manipulated the core operating instructions that tell the server what to do as data move across a motherboard… this happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow." There are a few things to bear in mind: one is that it should be possible to detect weird network traffic coming from the compromised machine, and another is that modifying BMC firmware on the fly to compromise the host system is non-trivial but also not impossible. Various methods are described, here. "It is technically plausible," said infosec expert and US military veteran Jake Williams in a hastily organized web conference on Thursday morning. "If I wanted to do this, this is how I'd do it." The BMC would be a "great place to put it," said Williams, because the controller has access to the server's main memory, allowing it to inject backdoor code into the host operating system kernel. From there, it could pull down second-stage spyware and execute it, assuming this doesn't set off any firewall rules. A third thing to consider is this: if true, a lot of effort went into this surveillance operation. It's not the sort of thing that would be added to any Super Micro server shipping to any old company – it would be highly targeted to minimize its discovery. If you've bought Super Micro kit, it's very unlikely it has a spy chip in it, we reckon, if the report is correct. Other than Apple and Amazon, the other 30 or so organizations that used allegedly compromised Super Micro boxes included a major bank and government contractors. A fourth thing is this: why go to the bother of smuggling another chip on the board, when a chip already due to be placed in the circuitry could be tampered with during manufacture, using bribes and pressure? Why not switch the SPI flash chip with a backdoored one – one that looks identical to a legit one? Perhaps the disguised signal coupler was the best way to go. And a fifth thing: the chip allegedly fits on a pencil tip. That it can intercept and rewrite data on the fly from SPI flash or a serial EEPROM is not impossible. However, it has to contain enough data to replace the fetched BMC firmware code, that then alters the running operating system or otherwise implements a viable backdoor. Either the chip pictured in Bloomberg's article is incorrect and just an illustration, and the actual device is larger, or there is state-of-the-art custom semiconductor fabrication involved here. One final point: you would expect corporations like Apple and Amazon to have in place systems that detect not only unexpected network traffic, but also unexpected operating system states. It should be possible that alterations to the kernel and the stack of software above it should set off alarms during or after boot. Bloomberg claims the chip was first noticed in 2015 in a third-party security audit of Super Micro servers that was carried out when it was doing due diligence into a company called Elemental Technologies that it was thinking of acquiring. Elemental used Super Micro's servers to do super-fast video processing. Big problem Amazon reported what it found to the authorities and, according to Bloomberg, that "sent a shudder" through the intelligence community because similar motherboards were in use "in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships." Around the same time, Apple also found the tiny chips, according to the report, "after detecting odd network activity and firmware problems." Apple contacted the FBI and gave the agency access to the actual hardware. US intelligence agencies then tracked the hardware components backwards through the supply chain, and used their various spying programs to sift through intercepted communications, eventually ending up with a focus on four sub-contracting factories in China. According to Bloomberg, the US intelligence agencies were then able to uncover how the seeding process worked: "Plant managers were approached by people who claimed to represent Super Micro or who held positions suggesting a connection to the government. The middlemen would request changes to the motherboards’ original designs, initially offering bribes in conjunction with their unusual requests. If that didn’t work, they threatened factory managers with inspections that could shut down their plants. Once arrangements were in place, the middlemen would organize delivery of the chips to the factories." This explanation seemingly passes the sniff test: it fits what we know of US intelligence agencies investigative approaches, their spy programs, and how the Chinese government works when interacting with private businesses. The report then provides various forms of circumstantial evidence that adds weight to the idea that this all happened by pointing to subsequent actions of both Apple and Amazon. Apple ditched Super Micro entirely as a supplier, over the course of just a few weeks, despite planning to put in a massive order for thousands of motherboards. And Amazon sold off its Beijing data center to its local partner, Beijing Sinnet, for $300m. Source
  3. Australia is set to give its police and intelligence agencies the power to access encrypted messages on platforms such as WhatsApp, becoming the latest country to face down privacy concerns in the name of public safety. Under the proposed powers, technology companies could be forced to help decrypt communications on popular messaging apps, or even build new functionality to help police access data. Amid protests from companies such as Facebook Inc and Google, the government and main opposition struck a deal on Dec 4 that should see the legislation passed by parliament this week. Under the proposed powers, technology companies could be forced to help decrypt communications on popular messaging apps, or even build new functionality to help police access data. Prime Minister Scott Morrison has said the legislation is needed to help foil terrorist attacks and organised crime. Critics say it is flawed and could undermine security across the Internet, jeopardising activities from online voting to market trading and data storage. The legislation thrusts Australia to the heart of a global tug of war between tech companies and governments over privacy and security. In 2016, the US Justice Department clashed with Apple Inc when the company refused to unlock an iPhone connected to a mass shooting in San Bernardino, California. The UK government, meanwhile, has been deeply critical of WhatsApp’s end-to-end encryption after the messaging service was used by a terrorist shortly before he killed five people in London in March 2017. The Australian government’s cybersecurity adviser Alastair MacGibbon said Dec 5 that authorities had been able to intercept telephone communications lawfully for almost 40 years, and needed new powers to keep pace with modern technology. Law enforcers have been “going blind or going deaf” because of encryption, he said in an interview with the Australian Broadcasting Corp. “What this law does is help codify a conversation between police and telecommunication companies, that has to be reasonable, has to be proportionate, and has to be technically feasible,” he said. The Digital Industry Group, an industry association whose members include Facebook and Google, has campaigned against the bill in a loose alliance with Amnesty International and the Human Rights Law Centre. Lobby group Digital Rights Watch said “some extremely dangerous elements” of the legislation had been addressed by the agreement between the government and the opposition Labour party. The legislation, for instance, will be subject to a review by a parliamentary committee for 12 months. And any so-called “technical capability notice” that would force tech companies to create new functionality would require stricter oversight. “But the fundamental fact remains that the powers being sought by law enforcement are ill-informed, badly drafted and a gross overreach,” Digital Rights Watch said in a statement. “This bill is still deeply flawed, and has the likely impact of weakening Australia’s overall cybersecurity, lowering confidence in e-commerce, reducing standards of safety for data storage and reducing civil right protections.” – Bloomberg Source
  4. The U.S. military is using balloons to monitor activity across six states in the Midwest. The 25 solar-powered balloons are reportedly being used to monitor portions of Iowa, Minnesota, Missouri, and Wisconsin. The military filed a Special Temporary Authorization for the balloons with the FCC this week, according to the Guardian. The purpose of the balloons according to that filing is to “conduct high altitude MESH networking tests over South Dakota to provide a persistent surveillance system to locate and deter narcotic trafficking and homeland security threats.” The filing was made “Sierra Nevada Corporation” which is an aerospace and defense company. The balloons are being launched from South Dakota, according to the Guardian. The balloons are capable of tracking multiple individuals or vehicles during the day or night. They’re also already recording, so should an event happen in an area being surveilled by the balloons, they’ll be able to essentially rewind the tape and see what occurred as well as where any potential suspects might have traveled. Tests with the balloons reportedly began in July and will continue through September. Presumably, if they’re successful they might continue after that September stop date or be deployed elsewhere. The balloons travel at height of up to 65,000 feet and can adjust their location if need be to get a better view of a particular person or area or to deal with weather conditions. The fact that we’re all being watched shouldn’t come as a huge surprise, although the fact that the surveillance is coming from giant un-manned solar-powered balloons is certainly a bit different. The U.S. government also isn’t the biggest offender when it comes to invading privacy. For instance, last year we wrote about new video surveillance systems in India that are using AI to detect crimes in process as well as predict a crime before it happens. The notion of predicting crime before it happens is particularly troublesome in that it is identifying individuals and in a way accusing them of criminal behavior even though at the time they haven’t done anything. We’ve reached out to the military for a comment on why this tech is being used specifically in the Midwest and will update this story if and when we hear back. Source
  5. Simjacker theoretically affects most phones. In a few cases,your SIM card may pose more of a security risk than your phone's software. AdaptiveMobile Security researchers say they've discovered a new vulnerability, nicknamed Simjacker, that's being used to surveil people's devices by an unnamed surveillance company. The technique sends SMS messages containing instructions for an old [email protected] Browser app supported on some carriers' SIM cards. Where [email protected] was originally intended to launch browsers, play sounds or otherwise trigger common actions on phones, Simjacker uses it to obtain location info and IMEI numbers that are later sent to an "accomplice device" (again using SMS) that records the data. Crucially, the approach is silent. While it does use SMS, you won't get notifications. An intruder can obtain frequent updates without giving away their activity. The exploit is also device-agnostic, and has been used against iPhones, numerous brands of Android phones and some SIM-equipped Internet of Things devices. And it's not just a theoretical exercise. The surveillance company has reportedly been using Simjacker in 30-plus countries (mainly in the Middle East, North Africa, Asia and eastern Europe) for a minimum of two years. While most targets were 'only' checked a few times per day over long stretches of time, a handful of people were targeted hundreds of times over the space of a week -- 250 in the case of the most prominent target. It's not believed to be a mass surveillance campaign, but AdaptiveMobile also hasn't said whether this was being used for tracking criminals or more nefarious purposes, like spying on political dissidents. The company is mounting a "highly sophisticated" operation, AdaptiveMobile said. It should be possible for networks to thwart these attacks. Simjacker is sending code rather than everyday text, so it should be feasible to block the code. It may be difficult to coordinate that response, though, when the affected countries have a total population of a billion. And while you're not likely to be targeted by this particular organization, there's nothing precluding a similarly capable attacker from launching a wider campaign. It may be a long while before you can assume your SIM isn't a potential weakness. Source
  6. Today, one of the top priority dimensions of raising capabilities of cyberoperations is the creation of special hardware and software appliances and information technologies to carry out intelligence-gathering and offensive operations. It involves active development of so-called information weapons, a category that encompasses the whole range of means of attacking the adversary’s information resources. This type of attack mainly affects computer and telecommunications systems, including software, databases, computing and data processing, and also communications networks. Of particular importance is the establishment of dedicated offensive technologies that can be applied covertly against command and control infrastructure in order to disrupt the orderly functioning of their key components, and to seize control over them. Intellligence-gather cyber tools are intended to collect information about adversary, including structure, functioning, and vulnerabilities of its command systems. To achieve that, automated workstations will have malware inserted in order to establish a distributed, remotely controlled, intelligence gathering network. It may include thousands of computers in government and military facilities in various countries. The definition of malware includes external or internal programming code possessing various destructive functions, such as: destroying or changing software, destroying or corrupting data after a certain condition is met (“logic bombs”); exceeding the user’s authority in order to copy confidential information or to make such copying possible (“trojan horses”); corrupting protection systems or making it possible to bypass them; intercepting user login credentials through phishing or keystroke logging; intercepting data flowing within a distributed systems (monitors, sniffers); concealing one’s presence; self-replication, associating with other software and/or embedding own fragments into other operating or external memory not originally targeted by the malware; destroying or corrupting software code in operating memory; corruption, blocking, or supplanting data created by applications and entered into data links or external memory. Overall, there are three main types of destructive functions that may be performed by malware: Preserving or collection of fragments of data created by user, applications, uploading and downloading data, in external memory (local or remote) in the net or a stand-alone computer, including passwords, keys, and other access credentials, confidential documents in electronic form, or simply general corruption of fragments of sensitive data; Changing application algorithms (deliberate action against external or operating memory), in order to change the basic logic of their functioning; imposing a specific work regime or changing data being recorded by data produced by malware. Overall, the use of malware assumes the existence of an internal distribution mechanism to spread it to global or local networks, including the internet, to carry out specific tasks. These may include: penetrating remote computers to completely or partially seize control; launching own copies of malware on the infected computer; possible further penetration of all available networks. Such malware is mainly distributed as files attached to emails and electronic messages, and also through specially placed hyperlinks. This type of attack is distinguished by its scale and high speed of infection. Internet sites engaged in spreading malware increase by a factor of two every year. These sites attract attention of internet users by posting current informational content: news, analysis, overview of information technologies, and also commercial and entertainment articles. More than 20% of sites are specifically intended for malware distribution. Other means of using malware include: distributed denial of service (DDOS) attacks by generating intense traffic from false requests, which makes it impossible for actual users to gain access to the network or servers; dissemination of malware through USB memory devices, the most efficient means of doing so; embedding and activating code inserts. At the same time, many NATO countries have established military units for cyber-operations, and also pursue the development of scientific and technical infrastructure to develop special information technologies for offensive use, including self-multiplying and self-distributing malware, and developing doctrines for their use. Moreover, there is the so-called file-less (packet) malware distributed as net packets and penetrating computers through OS vulnerabilities or security holes in applications. In order to embed malware remotely, one can use social engineering or weaknesses in organizational network administration, such as unprotected local disks. The most widespread means of embedding malware is the Internet. Offensive malware targets both individual computers and networks. It accomplishes penetration using known and newly discovered weaknesses of both software and hardware developed by the potential adversary, but also in devices and programs developed by the world’s leading IT firms, most of which are based in the US. Other means of embedding malware are: agents, remote technical means including peripheral appliances of the system being attacked, combined attacks, etc. Malware developers focus on the ability to maintain stealthy presence amidst the target’s software and remain there even after an upgrade or software renewal. Main means of covert embedding of malware include: Pretending to be ordinary software. This approach assumes embedding malware using the process of installing a new application. It may be embedded in graphic or text editors, system utilities, screensaver, etc. Its existence is not concealed after installation; Pretending to be a module for expanding the computing environment. It’s a frequent variation on the previous one, and uses access to the ability to expand environments. For example, for Microsoft Windows OS such modules may include DLL modules and drivers, potentially containing malware; Malware replacing one of several application modules of the attacked environment. This method consists of choosing one or several modules for replacement with malware-infected modules in order to carry out the intended tasks. Such malware should externally be able to carry out the normal functions of the software thus targeted; Direct association. This method consists of associating malware with executable files of one or several legal programs in the system. This is the simplest method for single-task, single-user systems; Indirect association. It consists of associating malware with the code of a software module loaded into operating memory. In this instance the executable file remains unchanged, which makes malware detection harder. It’s also necessary to ensure the installable part of the virus already is present in the system. The most potentially useful means of embedding malware, not including through global networks, in order to gain covert access to enemy networks are: IRATEMONK allows embedding of malware in order to conduct surveillance on desktop and portable computers through recording onto the hard-drive BIOS, giving it the ability to implement its code by replacing the MBR. It works on various types of hard drives, including Western Digital, Seagate, Maxtor, and Samsung. It supports FAT, NTFS, EXT3, and UFS file systems, but systems with RAID are not. After embedding, IRATEMONK launches its payload every time the target computer is turned on. SWAP allows embedding malware for espionage by using motherboard BIOS and HPA domain of the hard drive by running the OC launch code. This program allows remote access to various operating systems (Windows, FreeBSD, Linux, Solans) with various file systems (FAT32, NTFS, EXT2, EXT3, UFS 1.0). Two utilities are used for installation: ARKSTREAM (it spoofs the BIOS) and TWISTEDKILT (it writes SWAP protocol and the malware payload to the HPA area of hard drive, and is used mainly against cell phones). COTTONMOUTH is a USB device insert providing a wireless bridge to the target network and also for loading exploits to the target system. It may open a covert channel to send commands and data. Built-in radio transmitter allows it to collaborate with other COTTONMOUTH. It’s based on TRINITY component base, with HOWLERMONKEY used as the transmitter. There’s also a version called MOCCASIN, which is inserted into a USB keyboard’s commutation matrix. FIREWALK is an insert used to passively collect Gigabit Ethernet traffic, and to embed malware into Ethernet packets. It can create a VPN tunnel between the targeted network and the center. It’s possible to establish wireless communications with other HOWLERMONKEY-compatible devices. This insert is similar in execution to COTTONMOUTH. It uses TRINITY component base, and HOWLERMONKEY as transmitter. NIGHTSTAND is a mobile system for active attacks on Wi-Fi nets, with the target being Windows machines when direct access is not possible. The system is based on a notebook-type portable computer running Linux and equipped with radio communications. External amplifiers and antennas give it range of up to 13km. DEITYBOUNCE delivers programming access to Dell PowerEdge servers with the help of motherboard BIOS and the use of the SMM regime to obtain the ability to launch itself before the system is launched. After set-up, it will run every time the system is switched on. FEEDTROUGH is equipment for installing two types of malware, BANANAGLEE and ZESTYLEAK, used to overcome network firewalls. This method is used when the firewall is launch. Malware’s installation is performed if operating system is present in the database, otherwise it is installed normally. FEEDTROUGH remains in place when the firewall operating system is updated. CTX4000 is a portable continuous emitter. It is used to obtain data from inserts installed on targeted systems. NIGHTWATCH is a PC-based system, used to process signals from the targeted monitor. Signals may be obtained using data collection systems (inserts in fiberoptic cables) or from a general purpose receiver. HOWLERMONKEY is a short- and medium-range radio transmitter. It is a special radio module for other inserts. It is used to collect data from inserts and enabling remote access to it. Moreover, there are other methods of embedding malware, through transceivers installed in USB cables or devices, through Wi-Fi, Bluetooth, GSM devices and cables attached to the targeted computer. One of the promising methods of remote malware placement is the unmanned aerial vehicle (UAV). USAF specialists have developed the WASP (Wireless Aerial Surveillance Platform) UAV on the basis of the FMQ-117B aerial target. It’s main mission are reconnaissance cyberoperations. Thanks to its onboard equipment, it may break into detected Wi-Fi networks, intercept cell phone conversations. WASP equipment includes HD-resolution camera, 11 antennas for various radio communications, GPS receiver, and onboard computer running Linux. Its memory contains a malware arsenal to break into wireless networks and a dictionary with 340 thousand words for “brute force” attacks. Obtained data and intercepted conversations are recorded in the onboard computer memory (solid-state hard drive with 500 GB memory) and may also be sent using internet channels to a special server using 3G and 4G networks, or the compromised Wi-Fi hot-spots. The UAV’s GPS allows it to operate autonomously along an assigned route, but it needs operator’s involvement for take-off and landing. Each system costs about $6 thousand, not including the cost of the UAV. Similar efforts are underway by US Army Cyber Command in order to interfere with automated command points at tactical and operational levels. The Sun Eagle tactical reconnaissance UAV is being used to test equipment for remote malware insertion into Wi-Fi and LTE wireless networks. Overall, United States and NATO are developing various methods and means for remote malware insertion. They include various physical data processing and transmission, and also different environments for proliferation. Countering such types of cyber weapons is a difficult and complex task, demanding considerable research efforts and financial expenditures.
  7. It’s probably a bad idea to buy used connected devices because it can be difficult to determine who could still be connected to that device. A Wirecutter report has revealed that people who sold their Nest cameras could access images from the camera taken after a factory reset was done on the device. Wirecutter found that someone on the Facebook Wink Users Group posted about being able to see the current feed of a Nest camera he had sold. The person had connected the device to his Wink hub of smart-home tech when he owned the device. But even after he did a reset on the device and sold it, the feed was still coming into his account. The Wirecutter staff tested the issue out. They reported that they used a Nest camera that had been synced to a Wink hub. They removed the Nest camera from a Nest account, which counts as a “factory reset” on that device, according to Nest. After that, they could not see the stream. Then they created a new Nest account through a different mobile device, and were able to watch a new stream through the new account, showing the device had a new connection. But when they checked the Wink app, which Wirecutter had connected to the device originally, the staff could also see a stream of still images from the camera that should have been disconnected from that Wink hub through the factory reset. On Wednesday, Google told Business Insider it was investigating the issue. Now Google claims the matter has been resolved. “We were recently made aware of an issue affecting some Nest cameras connected to third-party partner services via Works with Nest,” a Google spokesperson told Gizmodo. “We’ve since rolled out a fix for this issue that will update automatically, so if you own a Nest camera, there’s no need to take any action.” Google did not answer Gizmodo’s question about how many Nest customers could have been affected by this issue. Source
  8. Secure comms biz says it simply follows the law – plus, there's always Tor Updated ProtonMail, a provider of encrypted email, has denied claims that it voluntarily provides real-time surveillance to authorities. Earlier this month, Martin Steiger, a lawyer based in Zurich, Switzerland, attended a presentation in which public prosecutor Stephan Walder, who heads the Cybercrime Competence Center in Zurich, mentioned the company. In a live-tweeted account of the event, subsequently written up on German and recently translated into English, Steiger said he learned that ProtonMail "voluntarily offers assistance for real-time surveillance." But Walder, the source of the revelation, subsequently contacted Steiger to clarify that he had been misquoted and had only described ProtonMail as a potential provider of assistance. Steiger maintains that he accurately reported what he heard and points to ProtonMail's own Transparency Report, which describes enabling IP logging in April in a case of clear criminal misconduct under Swiss law. The key word here is "voluntary." ProtonMail says that it is obligated to assist authorities, like every other company in Switzerland and elsewhere. "All Swiss service providers are obligated by law to assist law enforcement in criminal cases, and the law requires us to enable IP logging in criminal cases," the company said via Twitter. In an email to The Register, a company spokesperson dismissed Steiger's claims. "ProtonMail does not voluntarily offer assistance," the company spokesperson said. "We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in all criminal cases. Furthermore, end-to-end encryption means we cannot be forced by a court to provide message contents." Steiger's skepticism about ProtonMail security appears to follow from marketing non sequiturs – "ProtonMail is hosted in a former military command center deep inside the Swiss alps" – that fall short of testable technical guarantees. He is argument focuses on the fact that message metadata can be as revealing as message contents, and there's some truth to that. It's extraordinarily difficult to communicate securely and anonymously over the internet, particularly if law enforcement authorities have access to relevant service providers. But that problem is not specific to ProtonMail. The Register asked Steiger to comment but he didn't immediately respond. Updated to add Protonmail, clearly concerned that its privacy-focused customers might be freaking out a little, has explained its position in a blog post. PS: ProtonMail has a Tor-based .onion service if you don't want your real public IP address tracked. Source
×
×
  • Create New...