CIA tracked leakers with hilariously bad Web beacon trick Web beacons are objects such as transparent, single-pixel GIFs planted in emails and web pages to phone-home when users access the content. They're trivially easy to expose – simply forcing an e-mail client to show URLs instead of links can do the trick. In the case of the CIA's “Scribbles” program, WikiLeaks is trumpeting a …
Yes, but what's the name for the ubiquitous mandatory 4/5/6 pin interface in the bottom of all DECT phone BTS and inside the handset battery compartment?
With a £15 USB I2C bus-pirate , magically this interface gave me the very long-term crypto keys, such that any previously 'accidentally' recorded comms could be plained. It could also be used for factory loading of the eeprom, but then why need the external access post-sale?
Sometimes these things are done right!
(No beacon needed, I published this at an IEEE conference, hence few people are aware :-)
OK, I'll ask...
If one just stole/was-given a trove of CIA documents/tools, why would anyone assume they were not booby trapped in some way? So why would anyone open any of them while the machine was connected to any network? And why wouldn't one monitor the crap out of what happened when the delivery media was mounted, monitor the network, checksum the bios before & after (maybe the HD firmware too), etc? And when one was done, wipe the hard drive & do a clean OS install at the very least (even if one examined the documents within a VM)? Or just treat the machine as expendable and either destroy it or dedicate its use only for examining the trove (and destroy it later). And never ever connect it to a network ever again. Being safe would only cost you the price of a cheap laptop.
IMHO, given where the documents/tools came from, being crazy paranoid would be just common sense.
Is Wikileaks feeling that it hasn't been front and center in the news lately? Are they possibly feeling irrelevant so felt the need to boost their click-count? Because, if this is the most damning thing that they've received/come up with, that's pretty pathetic. (Except that, of course, they got news coverage so -- while it's STILL pathetic -- it is nonetheless successful, which counts, I suppose.)
Governments use many tricks to aid tracking from modified photocopying machines to custom fonts.
The photocopying mods centre around copy paper with ultra-violet paper coatings or imprinted characters that are detected by the newer, 'intelligent' copiers, etc.
The computer tricks are much more interesting, both 'visible' and 'invisible'. First rule - disconnect the InterNet after receiving dodgy comms.
The 'visible' are misspelled words, deliberately altered spaces (Kerning) between letters and words, shifted/displaced (up and down)(aka 'leading') characters all of which can be determined even on photocopies. Given laser printer 'features', command codes can be made to perform many identifier tricks that can also can be used for making uniquely identifiable printouts.
Most all of these techniques can be foiled using dot matrix printers or software like Notepad - or Edit.
The 'invisible' are identifiers exploiting computers. MS Word scripts (does ANYONE use them?) are pure evil. Use a 'REVEAL CODE' add-on. Governments also use custom font packages that have very, very slightly altered characters which can be used to make copies unique and vulnerable to tracking.
Best to have an e-mail client that accepts e-mails, then neuters then to pure ASCII, which are commonly deployed in banks and government.
And if you are transmitting anything surreptitiously, use a busy InterNet café which will make tracing your activities much harder. And use a 'disposable' e-mail address!
And if you are transmitting anything surreptitiously, use a busy InterNet café which will make tracing your activities much harder. And use a 'disposable' e-mail address!
Can you say, "logging?" Of course you can.
Seriously, these are the guys who can view what is shown on your monitor, and they knew what was being typed when electric typewriters became the norm. Old hat.
Anybody who opens a Word document is just asking for trouble. No, the way to do it is to strip the formatting out, and then view the text. And also beware embedded escape sequences, etc. Yeah, if you got through my sed-fu, you're good.
and they knew what was being typed when electric typewriters became the norm.
How? Given that a) these things had no form of storage bar for a few bytes of buffer, no form of communications to the outside world, and such communications hardware barely existed and was more expensive than the cost of the typewriter and needed some considerable configuration-fu to get working (I can still remember spending hours trying to find the best AT strings to send to a modem, and the joy I felt when software could actually start to save this (or your could save it in a modem). How could these guys have "known what was being typed". A good dose of [citation needed] methinks.
How?You need to be able to listen in on the typing in some way, but every keystroke sound is sufficiently unique to be distinguishable, allowing reconstruction of the document being typed.
The same would be true for any form of writing, however the ability to decipher what you're hearing would be difficult. And if you're bugging the place to that level, might as well drop in some cameras so you can see what is typed.
Such a sound thing would be easily defeated in a number of ways. Just having something like a recording of typing or a few people working on typewriters in the same room would defeat this. Randomly changing typewriters so that no one knows in advance what typewriter you'll be using etc etc etc. Even buying one with cash every now and then, so "they" can't tune them in.
Has this ever even been tried? Because the ways to defeat it are many and trivial if you suspect it's going on, vs the expense and expertise required to "tap" a typewriter in this fashion. I would be very interested in even almost-reputable references to this being done. Hell, I'll even settle for a wikipedia article. If it has references.
[Edit: The very next post contains a link to a reputable source - would still love to see evidence of it being used as a viable real-world attack though! :) ]
Not quite the same as just listening to the key presses, but the Soviets managed to develop a bug that fitted into an IBM typewriter and transmitted the keystrokes (sort of). In-depth article here.
And if you're bugging the place to that level, might as well drop in some cameras so you can see what is typed.
Keep in mind that this was done when Selectrics were still quite new; a sufficiently light-sensitive camera from that era wouldn't be as inconspicuous as a microphone, and neither would the transmitter to get the video signal out of the building without having to run cables. And while this method could well be defeated by having a bunch of typists working in the same room, it would probably be used mainly against targets that didn't know this to be a feasible attack vector. like diplomats from smaller countries, with a similarly small staff and budget, so unlikely to even have a typist room with several clerks working full-time. People who may occasionally handle interesting stuff while not working in an environment that would warrant full-blown countermeasures all the time.
And because Selectrics were mass-produced, an 'a' keystroke from one would sound nearly identical to an 'a' from any other, but different from a 'b', 'c' or 'd', etc.
Typewriter reference: see
https://www.schneier.com/blog/archives/2005/09/snooping_on_tex.html
Iirc in the bad old days you could use audio recordings of IBM selectrics and a lot of elbow grease to determine what was typed.
On the other hand a little dumpster diving for discarded ribbon and carbon paper could also be highly effective. Heck, its probably still effective today...
How?
The method is by "listening" to the RF energy generated by the electric typewriter as it operates. Each key has a unique signature, so by recording, then analyzing the signals, the document can be reconstructed. This is why TEMPEST-shielded typewriters were built.
192.168.1.7Nope. The tracker will at the very least see the external address of the NATed private network.
Just a crazy thought (that may betray some of my lack of in-depth networking..).
So my normal in-house router sits behind a nat, giving of course 192.168... (or 10.xx) addresses. What if I was to add another device in the chain that would give "fake" eg chinese addresses, ie I set things up so I have an internal network that appears to be a real-world address. Maybe a few of these even.. While I realise that the last hop in my chain would be my real-world IP (unless I could somehow get the lot over TOR or a VPN, but then why bother with the other stuff), how far would TPTB go in trying to trace things? Or is there something I'm missing that my 12:15am brain is saying should be damned obvious that even I can spot it, but I can't right now?
While I realise that the last hop in my chain would be my real-world IP
Indeed. Which means that either you live at the premises that kiwisp.co.nz is providing connectivity to using that Real-World IP, or you're having a VPN endpoint there which you connect to from your volcanic island lair/space station/Remotistan mountaintop bunker.
So TPTB, being sufficiently interested in your doings, will, ahem, politely ask judiciary.gov.nz to allow them to slightly twist kiwisp.co.nz's arm so that they get to know the Real-World address tied to the Real-World IP (even if they know it already, so that they appear to follow The Rules), They will then knock your door (optionally Obelix-wise), and either find you there, or find equipment allowing you to connect to the network behind the NAT router from your volcanic island lair/space station/Remotistan mountaintop bunker. They'll probably prefer to do so electronically and as inconspicuous as possible, though.
And how much effort they'll expend to figure out the doings of what appears to be an average Kiwi, I don't know. You'll probably be assumed, for all in tents and porpoises, to reside at your external IP, unless there's a reason to assume you actually don't.
Adding multiple layers of NAT within your local LAN isn't going to obfuscate things in any way; using TOR, and/or a VPN from, or via, a country farting in the general direction of the involved judiciaries does.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
