February 10, 2017
UNM4SK3D: Dark Net, Vizio, and Homeland Security
February 10, 2017
"Hello, Freedom Hosting II, you've been hacked." That's the message visitors to any of the 10,000 affected websites that were a part of a Dark Web hack received recently. So, it seems Anonymous isn't afraid to pwn their peers. Talk about a very, very tangled web.
The Dark Web is hosted using the Tor network, which is designed to hide the identities of its users. Freedom Hosting II is the server that hosted the Tor pages, and those pages aren't indexed by mainstream search engines, so it serves as a hub for illegal online activities. Among the illegal activities being conducted, 50% of the sites contained child pornography. This is said to be the motivator that led one Anonymous member to take them down, in what is apparently the hackers first hack, according to an interview with Motherboard. Looks like the Dark Web just got a little lighter.
In addition to taking Freedom II offline, the person stole 74 gigabytes in files and a 2.3-GB database, one that is said to contain 381,000 email addresses. Thousands of them are rumored to have .gov extensions, although none have been verified at this time. The hacker's statement read "We are disappointed...This is an excerpt from your front page 'We have a zero tolerance policy to child pornography.'....We are Anonymous. We do not forgive. We do not forget. You should have expected us." But the attack was far from expected. If anything, it shows that when it comes to resistance to vulnerabilities, the Dark Web doesn't have an edge. It also points to the danger of concentrating resources in a central location.
I think the new pattern is going to be [that] as vulnerabilities are revealed on the open Web, people are going to go to the Dark Web and see if there are any sites with those same vulnerabilities -Tim Condello, technical account manager and security researcher, RedOwl
Various illegal enterprises have lured all kinds of people into the underground network. Read 'Curiosity of the Dark Web and Its Dangerous Effects' for a deeper look.
#acrHave TVs become too smart for their own good? It's a funny question to ask. That is until it was discovered that while you watch TV, your TV also watches you. Wait...what?Big Brother has a new first name, Vizio. One of the largest smart TV makers has been caught secretly collecting consumers data through over 11 million smart TVs. What's worse, they, in turn, sell this data to third-parties without your explicit consent. According to FTC, the smart TV maker installed data tracking software to collect viewing habits through its Smart Interactivity feature. In addition to viewing habits, they also tracked each household's IP address, nearby access points, and zip code.Is there a bright, less creepy side to this? Well, sort of. Vizio has agreed to pay a $2.2 million fine to settle the lawsuit. There's also a way to check if you're being spied on, and to change the setting if so. Open Vizio TV's settings menu or directly open HDTV Settings app and check if options under "Automated content recognition (ACR)" are ON. Turn this setting to OFF immediately!
The data tracking software reportedly worked by collecting a selection of on-screen pixels every second your TV was on, and then compared that data to a database of known movies, television shows, and commercial commercials, and another type of video content. This practice is known as automatic content recognition (ACR) -The Hacker News
If you're concerned in what other ways smart TVs are tracking your data, read this thought provoking article 'Consumer Carelessness Leaves Sensitive Data in Returned Devices.'
Border security has been major news lately. And in the latest wave, it's been said that US embassies could ask visa applicants for passwords to their own social media accounts in future background checks.
This comes as many social media privacy policies, including Facebook's, state in not-so unclear terms, “You will not share your password (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.” Which we'd say is just common sense. From Homeland Security's perspective, this access may be a necessity in an effort to toughen vetting of visitors to screen out people who could pose a security threat.
Homeland Security Secretary John Kelly, while stressing no decision had been made on this proposal yet, also stated that tighter screening was definitely in the future, even if it means longer delays for awarding US visas to visitors. In a subsequent quote, he said "But if they come in, we want to say, what websites do they visit, and give us your passwords. So we can see what they do on the internet...If they don't want to cooperate, then they don't come in."
The Immigration and Naturalization Act (INA), the body of law governing current immigration policy, provides for an annual worldwide limit of 675,000 permanent immigrants, with certain exceptions for close family members
Social media, like security, has many dimensions. Read 'The Many Faces of Social Media' to get a sense of them all.