I’ve written before about the need for more security for businesses and especially reporters who need to protect themselves and sources, but two new developments are incredibly dangerous and you’ve probably never heard about them.
One really bad problem is that hackers have apparently stolen (or accessed depending on your point of view) a computer software toolkit used by the NSA and other countries security agencies and are selling it online – some samples are even being given away for free.
NSA Hacker Kit
This toolkit is essentially a lockpick for computers – one of the tools used by the NSA to penetrate PCs and networks for national security purposes. Unlike encryption which requires powerful computers even banks of supercomputers to decrypt (read) messages, actually breaking into computers only requires an internet connection or network access and a common computer running hacker tools.
The hacking tools appear to be for routers built by three U.S. firms, Cisco Systems Inc., Juniper Networks Inc. and Fortinet Inc., two Chinese companies, Shaanxi Networkcloud Information Technology Co. and Beijing Topsec National Security Technology Co.
Most files on PCs and networks aren’t encrypted.
That means that ordinary hackers with this software can essentially break into computers as easily as one of the top security agencies in the world – the U.S. National Security Agency.
The Shadow Brokers is one name used by the group which released the code on the Internet on the 15th of August. They also announced that they would auction the cyber weapons soon.
The stolen hacking tools may have been generated by “the Equation Group” which is thought to be an NSA code name group combining the NSA, Australia, Canada, New Zealand and the United Kingdom (The Five Eyes).
Although governments will probably try to block access to these tools, once even one copy is on the Web they will always be available someplace.
SilverPush Apps Let TV Commercials Signal Smart Phones
Now the other bad news, a smartphone app which uses the commercial SilverPush technology makes your cell phone vulnerable to access by high-frequency sounds which can be included in TV commercials.
Now that many TVs have very good quality sound systems connected to them, higher frequencies in the 18KHz. To 19.5KHz. Range which is inaudible to many/most humans, can be transmitted and any smart phone left turned on and in range of the TV and which has one of the SilverPush apps (a number have reportedly been found in some Google Play apps) can pickup the sounds and turn them into commands that are supposed to be used to track user use and preferences but which can also do such things as tell the phone to transmit its location.
This isn’t some wild conspiracy fantasy, SilverPush is a company which builds tools to use what they call these Unique Audio Beacons. https://www.silverpush.co/#!/ Redefining TV Advertising
“These apps were capable of listening in the background and collecting information about consumers without notifying them,” said FTC consumer protection bureau director Jessica Rich.
“Companies should tell people what information is collected, how it is collected, and who it’s shared with.”
According to an article in UK-based The Register, the FTC said that it knows of 12 developers who are currently offering software for Android devices. All 12 of the devs have been given letters warning that in order to make use of the SilverPush code, they must first obtain direct permission from users to both access their microphone hardware and track user activity for targeted content.
These audio signals weren’t in any US TV signals as of a few months ago, but they could begin any day and they are in other countries, especially India where they are used by a number of marketing companies.
The Nielsen rating company uses similar audio signals to track radio station listeners but the difference is that you have to agree to this AND you even get paid.
Is there any reason to believe that government agencies can’t or won’t use the SilverPush technology to spy on individuals or even track down dissidents?
The use of SilverPush without explicit informed consumer consent is almost certainly illegal under EU, UK, and U.S. laws as well as those of other countries. Illegality would hardly stop unscrupulous users from using the system.
Taken together, these two developments are extremely serious security threats and I once again urge anyone who has any need for online security to get anonymous email accounts, use code words when referring to sensitive topics, and, above all, get and use Proton Mail, the most secure email system currently available with the possible exception of some government in-house systems, but even those are likely more vulnerable to attack than Swiss based Protonmail.ch.
How to Anonymously Contact Me
If you have any tips you’d like to share with me, contact me through NewsBlaze and I will send you my Protonmail account information. The site encrypts all emails and stores them in encrypted format which even the Protonmail operators can’t decrypt. The servers are also located in Switzerland which makes it difficult even for governments to access them.
One password is needed just to get into my account which is normal, but another extremely complex encryption is used on the message itself and only the account owner has the ability to decrypt (read) the message.
You can further enhance your security by accessing via the free TOR browser.