August 5, 2009

RFID, GPS Technology and Electronic Surveillance

Feds at DefCon Hacker Conference Alarmed After RFID’s Scanned

August 4, 2009

Wired – It’s one of the most hostile hacker environments in the country –- the DefCon hacker conference held every year in the summer in Las Vegas.

But despite the fact that attendees know they should take precautions to protect their data, federal agents at the conference got a scare on Friday when they were told they might have been caught in the sights of an RFID reader.

The reader, connected to a web camera, sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks as they passed a table where the equipment was stationed in full view.

It was part of a security-awareness project set up by a group of security researchers and consultants to highlight privacy issues around RFID. When the reader caught an RFID chip in its sights — embedded in a company or government agency access card, for example — it grabbed data from the card, and the camera snapped the card holder’s picture.

But the device, which had a read range of 2 to 3 feet, caught only five people carrying RFID cards before Feds attending the conference got wind of the project and were concerned they might have been scanned.

Kevin Manson, a former senior instructor at the Federal Law Enforcement Training Center in Florida, was sitting on the “Meet the Fed” panel when a DefCon staffer known as “Priest,” who prefers not to be identified by his real name, entered the room and told panelists about the reader.

“I saw a few jaws drop when he said that,” Manson told Threat Level.

“There was a lot of surprise,” Priest says. “It really was a ‘holy shit,’ we didn’t think about that [moment].”

Law enforcement and intelligence agents attend DefCon each year to garner intelligence about the latest cyber vulnerabilities and the hackers who exploit them. Some attend under their real name and affiliation, but many attend undercover.

Although corporate- and government-issued ID cards embedded with RFID chips don’t reveal a card holder’s name or company — the chip stores only a site number and unique ID number tied to an agency’s database where the card holder’s details are stored — it’s not impossible to deduce the company or agency from the site number. It’s possible the researchers might also have been able to identify a Fed through the photo snapped with the captured card data or through information stored on other RFID-embedded documents in his wallet. For example, badges issued to attendees at the Black Hat conference that preceded DefCon in Las Vegas were embedded with RFID chips that contained the attendee’s name and affiliation. Many of the same people attended both conferences, and some still had their Black Hat cards with them at DefCon.

But an attacker wouldn’t need the name of a cardholder to cause harm. In the case of employee access cards, a chip that contained only the employee’s card number could still be cloned to allow someone to impersonate the employee and gain access to his company or government office without knowing the employee’s name.

Since employee access card numbers are generally sequential, Priest says an attacker could simply change a few digits on his cloned card to find the number of a random employee who might have higher access privileges in a facility.

“I can also make an educated guess as to what the administrator or ‘root’ cards are,” Priest says. “Usually the first card assigned out is the test card; the test card usually has access to all the doors. That’s a big threat, and that’s something [that government agencies] have actually got to address.””

In some organizations, RFID cards aren’t just for entering doors; they’re also used to access computers. And in the case of RFID-enabled credit cards, RFID researcher Chris Paget says the chips contain all the information someone needs to clone the card and make fraudulent charges on it — the account number, expiration date, CVV2 security code and, in the case of some older cards, the card holder’s name...

Congress Proposed Implanting Airport Workers with RFID Chips

August 3, 2009

Infowars - A news report from May 2007 reveals high level discussions, including debate in Congress, to require all airport employees to be subject to greater security measures– including a serious discussion of imposing implantable RFID chips into workers or subjecting them to biometric identification systems.

Such proposals have already been introduced in various contexts throughout the world, and their acceptance paves the way for more widespread use of such measures. As Steve Watson reported in 2007:
Government workers in Mexico are being forced to take the chip or lose their job. Staff of Mexico’s attorney general had to take the chip in order to access secure areas.
In February, a Cincinnati surveillance equipment company became the first U.S. business to use this application when a handful of employees voluntarily got implants to allow them to enter secure rooms.

News reports in May 2007 identified the possibility that mandatory requirements for biometrics and even implanted RFID chips could be imposed on airport employees– anyone from restaurant employees to airline mechanics:
Congress is moving quickly to put into motion measures that will ensure airport employees are subjected to stricter security checks. Everyone from Restaurant employees to airline mechanics could soon be forced to provide biometric finger and iris scans and may even face the possibility of being implanted with a microchip. Currently all airport employees must pass a police and FBI background check, however this may soon be upgraded to include credit checks, routine searches of bags and property and the use of biometric readers with the possibility of microchip implants on the table. The measures are still under Congressional discussion...


Government Spying on Your Email

August 5, 2009

The Guardian (London) - Government plans to outsource official spying, forcing communication service providers like BT to retain personal communications data – records of all phonecalls, emails, texts and internet connections – have been severely criticised by the industry expected to do ministers dirty work for them.

In a submission to the Home Office as part of a public consultation, internet firms have candidly labelled the plans as "an unwarranted intrusion into people's privacy" and have suggested people were deceived about the extent of the government's ambitions to monitor the country's communications data. According to the Sunday Times, the London Internet Exchange which represents 330 firms including BT, Virgin, and Carphone Warehouse, says that the proposals are deceptive. "We view the description of the government's proposals as 'maintaining' the capability as disingenuous: the volume of data the government now proposes [we] should collect and retain will be unprecedented, as is the overall intrusion into then privacy of the citizenry..."

UK Government to Install Surveillance Cameras in Private Homes

August 3, 2009

Prison Planet - The UK government is about to spend $700 million dollars installing surveillance cameras inside the private homes of citizens to ensure that children go to bed on time, attend school and eat proper meals.

No you aren’t reading a passage from George Orwell’s 1984 or Aldous Huxley’s Brave New World, this is Britain in 2009, a country which already has more surveillance cameras watching its population than the whole of Europe put together.

Now the government is embarking on a scheme called “Family Intervention Projects” which will literally create a nanny state on steroids, with social services goons and private security guards given the authority to make regular “home checks” to ensure parents are raising their children correctly.

Telescreens will also be installed so government spies can keep an eye on whether parents are mistreating kids and whether the kids are fulfilling their obligations under a pre-signed contract.

Around 2,000 families have been targeted by this program so far and the government wants to snare 20,000 more within the next two years. The tab will be picked up by the taxpayer, with the “interventions” being funded through local council authorities.

Another key aspect of the program will see parents deemed “responsible” by the government handed the power to denounce and report bad parents who allow their children to engage in bad behavior. Such families will then be targeted for “interventions.”

Both parents and children will also be forced to sign a “behavior contract” with the government known as Home School Agreements before the start of every year, in which the state will dictate obligations that it expects to be met...

The move to install surveillance cameras inside private homes is also on the agenda across the pond. In February 2006, Houston Chief of Police Harold Hurtt said cameras should be placed inside apartments and homes in order to “fight crime” due to there being a shortage of police officers.
“I know a lot of people are concerned about Big Brother, but my response to that is, if you are not doing anything wrong, why should you worry about it?” Chief Hurtt told reporters.

Andy Teas with the Houston Apartment Association supported the proposal, saying privacy concerns would take a back seat to many people who would, “appreciate the thought of extra eyes looking out for them.”
If such programs come to fruition and are implemented on a mass scale then the full scope of George Orwell’s depiction of a totalitarian society is his classic novel 1984 will have been realized.

Smart CCTV Cameras Spot Suspicious Moves

August 2, 2009

London Times - A new generation of “intelligent” CCTV is being developed which can spot violent gestures or suspicious movements. “Active awareness” systems can detect when someone raises their hand suddenly, runs along a street or takes an unusual route around a car park.

The computerised controls zoom the camera in on the target and alert the CCTV operator.

Portsmouth council has installed 152 cameras around its city centre equipped with an early version of the American Perceptrak system, and other councils are considering doing the same. Future versions may be able to recognise sounds such as screaming or glass breaking and could integrate face-recognition software to pick known criminals out of crowds.

David Brown, an industrial scientist at Portsmouth University, is one of those developing the technology. “Our work fits a skeleton over the person,” he said. “We look at that skeleton’s movement and speed so if someone’s arm moves quickly or their heels are off the floor it can alert the control room.”

Graeme Gerrard, assistant chief constable of Cheshire and lead officer on CCTV at the Association of Chief Police Officers, said: “Anything that assists the operator to target cameras on behaviour that might be criminal will be of assistance. [Currently], we are reliant on someone monitoring it live and telling us an incident has occurred.”

Isabella Sankey, director of policy at Liberty, said: “Smart techniques demonstrate how much more intrusive CCTV has become. It is becoming akin to targeted surveillance.”

Logon to Cash for Clunkers and the Government Owns Your Computer



August 3, 2009

Ironic Surveillance - BEWARE! This should scare the living daylights out of you all. Once car dealers log onto cars.gov, click on the “dealers” button and accept the privacy agreement, they are vulnerable to Federal Government spying. Everyday consumers may not get the same warning, but their info would be accessible from the dealer’s computer.
“This application provides access to the DoT CARS system. When logged on to the CARS system, your computer is considered a Federal computer system and is the property of the US Government. Any or all uses of this system and all files may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized CARS, DoT, and law enforcement personal, as well as authorized officials of other agencies, both domestic and foreign.”

No comments:

Post a Comment