Tag Archives: hacking

More than two sides, the complexity of a story

Posted on by

In a lot of my writing, I typically focus on one aspect of the story. For example, with my writing about Ferguson I really focused on the wrong that I believed the police were doing. I didn’t really touch on the violence that the protesters were doing to the community (contained to the first few days) or the violence they were committing on the police. I didn’t ignore it personally, or as I was thinking about the articles, I just didn’t want to discuss it because it didn’t fit with the story I was trying to outline. That’s perfectly fine. You can’t fit everything into any given story. However, that doesn’t mean that omission was support of the actions of the protesters. I abhor their behavior and I think that it really negatively impacted their message. 

The past few days, we’ve had some pretty serious leaks. Over 100 celebrities have had their nude images leaked. The suspected culprit is iCloud. The iPhone, like most Android phones have the option to automatically backup your photos to a storage unit online. Apparently, there was a vulnerability in an application called Find My Phone, which allowed a person to try as many times as they wanted to access an account. What this meant was that brute force methods for cracking a login for an account would work eventually. It might have taken days or longer for whatever algorithm was used to crack the logins, but eventually it would have worked. There’s no way for it not. Essentially, the approach would run through as many permutations as possible for the login. furthermore, it could have actually been run concurrently on multiple different systems to test in parallel. It’s pretty horrible that someone was able to sneak into iCloud and steal these pictures, however, it’s also incumbent on the users of these systems and the owners of the systems to ensure that these simple lapses don’t happen. 

The users of these services bare a responsibility for understanding what is happening to their data once it leaves their phones. This is a requirement for any user, not just the famous. The famous likely should have someone help them with their security features, as it’s unlikely that many of them have the desire or knowledge to do it on their own. Not that this is any different for much of the rest of the population. They are as vulnerable as the famous, but aren’t a target simply by being uninteresting. 

In both cases, it’s fully acceptable to be upset by both sides of the story. It’s not impossible to say that police violence and militarization is bad and that the criminal element of the Ferguson protests is bad too. It’s also fine to say that you shouldn’t hack and that the people that develop the systems and use the systems are accountable as well. In most of our stories, there are complexities that are withheld or ignored because there is an angle the writer is going for, the story would take too long, or the writer has a low opinion of the readers. In my case, I was going for a specific angle with the Ferguson stories, because I assumed that it was obvious to the reader that the violence committed by the protesters was both known and understood to be a terrible wrong. Not mentioning it did make the police seem less rational than they were behaving though.

In the case of the leaks, most of the attention has been put on the leaker and the people enjoying the leaks, however, it’s important that we keep in mind that there’s a responsibility of the companies to keep that data safe. 

Goofy Stock photos might not be so silly any more

Posted on by
Silly Stock photo

@NFEN and @Cheddarchezz having a conversation about “hacking”

I just saw a few people that I follow tweeting about trying to take over Youtube. There’s a Meme on Youtube right now that’s been going on for a while as a form of protest over some of the recent changes to the comment policy, copyright policy, integration with Google+ and probably a litany of other issues. To the gaming community Youtube is a dying platform.

What struck me about the conversation wasn’t really what they were talking about, but the stupid stock photos that are supposed to represent “hackers’ breaking into a network. For some absurd reason stock photography companies almost always put them in the same outfit they’d be wearing if they were breaking into a house, mugging someone, or doing some other nefarious activity. Clearly it’s just a ploy to help people understand that the person using the computer is up to no good, but it just looks ridiculous as almost no one wears any of those clothes while using the computer. So instead of making it look like a criminal it just make it look like an idiot. However, I think that with some recent revelations about the FBI and the hacking process called “RAT” these imagines are looking less absurd. Not that I’ll go out and buy clothes like this to work at my computer on.

One of the more recent Edward Snowden revelations has to do with breaking into personal computers by the US government. This isn’t really shocking, nor is what they do when they are on the computer. The FBI has admitted that they have the capabilities to hack into your computer and activate your webcam without turning on the indicator light. These capabilities aren’t new. In fact Ars Technica did a report on this in the kiddie hacker community called RAT. I imagine that some of the tools that my friends used to use while we were in highschool to remotely open a CD drive or type messages to each other operates in a similar fashion.

So, if you are hacking a computer does it make sense to take precautions against showing your face? It might or as the Ars article suggest, just cover up the camera.The difference is that you don’t know if you’re under surveillance or not. It’s also not clear if the FBI only means laptop webcams or if they are able to do the same to a smart phone or tablet. As the ACLU mentions in one article “we’ve never had discussion” about law enforcement hacking into computers. This is part of the reason there was a petition for We the People to update our privacy laws. Regular mail and packages are protected by the fourth amendment while email is not. Using a web cam with or without a web cam constitutes a much larger breach of privacy than just taking pictures through the camera. It’s likely that with access to the webcam the entire computer is open to the FBI, which means that a warrant for a web cam is a warrant for everything you do. If you have services that you’re always logged into like Drop Box or Tresorit those are also accessible through the computer you’re cam is being used on.

We need to have a conversation about the limits of searching and privacy. I don’t want to sit around in a ski mask or cover up my webcam. Users likely need to install firewalls, more passwords, and disconnect from services they aren’t actively using.