Watcher Forum
Would you like to react to this message? Create an account in a few clicks or log in to continue.


Welcome to Watcher Forum
 
HomeLatest imagesSearchRegisterLog in

 

 How Agencies Could Hack Your Computer Via Videos

Go down 
2 posters
AuthorMessage
Guest
Guest




How Agencies Could Hack Your Computer Via Videos Empty
PostSubject: How Agencies Could Hack Your Computer Via Videos   How Agencies Could Hack Your Computer Via Videos I_icon_minitimeWed Aug 20, 2014 12:43 pm

http://www.blacklistednews.com/How_Various_Law_Enforcement_Agencies_Could_Hack_Your_Computer_Via_YouTube_Videos/37373/0/38/38/Y/M.html

How Various Law Enforcement Agencies Could Hack Your Computer Via YouTube Videos
August 19, 2014

Source: Tech Dirt

When we recently wrote about Google starting to make use of SSL for search rankings, one of our commenters noted that not every site really "needs" HTTPS. While I used to agree, I've been increasingly leaning in the other direction, and I may have been pushed over the edge entirely by a new research report from the Citizen Lab by Morgan Marquis-Boire (perhaps better known asMorgan Mayhem), entitled Schrodinger’s Cat Video and the Death of Clear-Text. He's also written about it at the Intercept (where he now works), explaining how watching a cat video on YouTube could get you hacked (though not any more). 
The key point was this: companies producing so-called "lawful intercept" technology, that was generally (but not always) sold to governments and law enforcement agencies had created hacking tools that took advantage of non-SSL'd sites to use a basic man-in-the-middle attack to hack into targeted computers.
Quote :
Companies such as Hacking Team and FinFisher sell devices called “network injection appliances.” These are racks of physical machines deployed inside internet service providers around the world, which allow for the simple exploitation of targets. In order to do this, they inject malicious content into people’s everyday internet browsing traffic. One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge. The machine also exploits Microsoft’s login.live.com web site in the same manner.Fortunately for their users, both Google and Microsoft were responsive when alerted that commercial tools were being used to exploit their services, and have taken steps to close the vulnerability by encrypting all targeted traffic. There are, however, many other vectors for companies like Hacking Team and FinFisher to exploit.
I'd bet pretty good money that both of these companies also target some popular ad networks. For reasons that are still beyond me, many large ad networks still refuse to support SSL -- which is also why so few media sites support SSL. In order to do so, you have to drop most ad networks. Between ad networks and popular media targets, it's likely that there are plenty of opportunities for network injection going on.
Quote :
Provided that the attacker can persuade a sufficiently large carrier to install a network injection apparatus, they can be reasonably certain of the success of any attack. While an attacker would still need an exploit to escape from the context of the target’s browser, one of the browser plugins (such as flash, java, quicktime, etc.) or similar is likely to provide a low cost avenue for this. This type of capability obviates the need for spear-phishing or more clumsy attacks provided the target is in the attacker’s domain of influence. 

This type of approach also allows for the ‘tasking’ of a specific target. Rather than performing a manual operation, a target can be entered into the system which will wait for them to browse to an appropriate website and then perform the required injection of malicious code into their traffic stream. As such, this could be described as ‘hacking on easy mode’.
The key point made by the new report is not about the ideas behind network injection. That's been well-known for a while, and the NSA's and GCHQ's "Quantum Insert" packet injection system has been talked about recently. The main revelation here is that there are commercial vendors selling this technology to all sorts of law enforcement folks, meaning that it's probably widely used with little oversight or transparency. And that should be a pretty big concern:
Quote :
These so-called “lawful intercept” products sold by Hacking Team and FinFisher can be purchased for as little as $1 million (or less) by law enforcement and governments around the world. They have been used against political targets including Bahrain Watch, citizen journalists Mamfakinch in Morocco, human rights activist Ahmed Mansoor in the UAE, and ESAT, a U.S.-based news service focusing on Ethiopia. Both Hacking Team and FinFisher claim that they only sell to governments, but recently leaked documents appear to show that FinFisher has sold to at least one private security company.
With all the attention on NSA/GCHQ surveillance, it's good that people are recognizing just how powerful some of these tools are. But we ought to be quite concerned about how ordinary law enforcement around the globe is making use of these tools as well, often with much less oversight and even less accountability.
Back to top Go down
r3m0

r3m0


Posts : 94
Reputation : 5
Join date : 2012-01-04
Age : 53
Location : north central Tejas

How Agencies Could Hack Your Computer Via Videos Empty
PostSubject: Re: How Agencies Could Hack Your Computer Via Videos   How Agencies Could Hack Your Computer Via Videos I_icon_minitimeWed Aug 20, 2014 2:29 pm

this is why i block ads.


**************************************************************************
Luke 12:7: But even the very hairs of your head are all numbered. Fear not therefore: ye are of more value than many sparrows.

Isaiah 44:24: Thus saith the Lord, thy redeemer, and he that formed thee from the womb, I am the Lord that maketh all things; that stretcheth forth the heavens alone; that spreadeth abroad the earth by myself;

1 Thes. 5:18: In every thing give thanks: for this is the will of God in Christ Jesus concerning you.


How Agencies Could Hack Your Computer Via Videos 2958853248 ... ian
Back to top Go down
researcher
Admin
researcher


Posts : 14669
Reputation : 962
Join date : 2011-08-13
Age : 72
Location : San Diego

How Agencies Could Hack Your Computer Via Videos Empty
PostSubject: Re: How Agencies Could Hack Your Computer Via Videos   How Agencies Could Hack Your Computer Via Videos I_icon_minitimeWed Aug 20, 2014 3:07 pm

r3m0 wrote:
this is why i block ads.

Amen brother! Me too! If you use Firefox, IE, Opera, Android and a few more, go get AdBlock Plus. Works great.

https://adblockplus.org/
Back to top Go down
Sponsored content





How Agencies Could Hack Your Computer Via Videos Empty
PostSubject: Re: How Agencies Could Hack Your Computer Via Videos   How Agencies Could Hack Your Computer Via Videos I_icon_minitime

Back to top Go down
 
How Agencies Could Hack Your Computer Via Videos
Back to top 
Page 1 of 1
 Similar topics
-
» one of the best videos that i have ever seen
» Videos 1-11-20
» Time to Wake Up
» Interesting Videos
» Prep videos

Permissions in this forum:You cannot reply to topics in this forum
Watcher Forum :: Welcome! :: General Discussion-
Jump to: