Monthly Archives: December 2014

Terror laws clear Senate, enabling entire Australian web to be monitored and whistleblowers to be jailed

George Brandis struggled to explain metadata on live TV.image

Attorney-General George Brandis praised the laws being passed. Photo: Andrew Meares

Following the biggest counter-terrorism raids in Australia’s history and the beefing up of Parliament House security, Australia’s Senate passed laws enabling Australian spies to monitor the entire internet with just one warrant.


Henry Sapiecha

George Brandis in ‘car crash’ interview over controversial data retention regime

Attorney-General George Brandis praised the terrorism laws being passed in australia image

George Brandis struggled to explain metadata on live TV. Photo: Alex Ellinghausen

Attorney-General George Brandis struggled to explain live on Sky News what metadata the federal government’s upcoming mandatory data retention regime would capture. The interview led to Sky News journalist and presenter David Speers winning a Walkley for his efforts in interrogating Senator Brandis.


Henry Sapiecha

Man who introduced serious ‘Heartbleed’ security flaw denies he inserted it deliberately

When the Heartbleed bug was uncovered, many people in the IT security industry were asking whether the code containing the flaw had deliberately been inserted. Dr Robin Seggelmann,image

When the Heartbleed bug was uncovered, many people in the IT security industry were asking whether the code containing the flaw had deliberately been inserted. Dr Robin Seggelmann, who introduced the flaw, said it was “tempting” to assume this, but said “it was a simple programming error”.


Henry Sapiecha

Ten ways to shut down the internet

cyber-attack-internet shutdown image

There are many ways to break the internet, and they don’t necessarily involve Kim Kardashian.

On Tuesday North Korea was officially offline for nearly 10 hours, in what appears to be a fresh twist to its ongoing cyber-stoush with the US over the Sony Pictures hack.

Analysts are still picking over what may have caused the outage.

Matthew Prince from internet and security company Cloudflare says the more connected a country is, the harder it is to knock it offline.

A country like Australia, while remote, is well connected, so we’re unlikely to be cast adrift completely.

But mass outages do happen from time to time and there are many potential causes.

So how exactly can a country’s internet be disrupted or turned off?

1. Attack it

norse internet shut down chart image

One way to knock a country offline is via a denial-of-service attack. Such an attack typically involves flooding the core routers of a country’s telecommunications infrastructure with more traffic than they can handle. To do this the attacker has to have more network capacity than the target.

“Botnets” — computers infected with malicious software — are typically used in distributed-denial-of-service attacks to increase the hacker’s capacity.

Last year a denial-of-service attack in China knocked all websites registered with a country domain – “.cn” (the Chinese version of “”) – offline. A similar attack against an Australian betting agency in 2004 knocked out the whole of Telstra’s Alice Springs network, part of Adelaide, and Telstra central in Sydney.

2. Pull the plug on it or order a shutdown

egypt-internet chart image

A graph showing internet traffic to and from Egypt in 2011.

Where connections are few and far between and governments have high degrees of power, it is possible for them to shut down internet access in the country.

This happened during the Arab Spring. In 2011, then Egyptian president Hosni Mubarak cut the cord on his country’s internet and 3G mobile services in an attempt to quash protestors who were communicating with each other online.

A month later, Libya followed suit ahead of planned citizen protests.

Cloudflare’s Mr Prince said the North Korean shutdown was unlikely to be state-sponsored, or it would likely still be “down for the count” (i.e. still out).

If one country relies on a neighbouring country for its connection to the internet and the rest of the world, it will obviously be at the behest of its neighbour. So if one country that connects another pulls the plug on the cable, the other country’s internet will be affected if there is no back-up connection.

North Korea has only one internet connection to the rest of the world, via China’s Unicom.

3. Do something stupid

excavator digging image

It’s not unheard of for cables delivering the internet to be cut accidentally. Last year hundreds of Sydney residents were without their internet for days, supposedly due to some very poorly planned civil works. NBN contractors have also come under fire in the past for cutting connections.

Back in 2009, an EnergyAustralia contractor cut through at least 10 Telstra cables in Sydney, affecting CBD phones, internet and eftpos.

Councils and builders, or dogs looking to bury bones in hard-to-find places, can get advice on where it’s safe to dig at

4. Unintentionally dig it up

what's the internet. cable damage image

What’s the internet? … Hayastan Shakarian holds a handsaw near her native village of Armazi.  Photo: AFP

In 2011, a grandmother severed the internet connections of thousands of people in Georgia and neighbouring Armenia while she was digging for scrap copper. The outage lasted five hours.

She was a 75-year-old pensioner and claimed she didn’t even know what the internet was. It wasn’t the first time someone had done this in Georgia.

5. Drown it

flooded internet exchange image

A large number of websites hosted in the US went down during Hurricane Sandy. Photo:

Data centres go offline when flooded or without power. Hurricane Sandy knocked out data centres in the US in 2012, taking many popular US websites offline. Floods in Queensland in 2011 also resulted in thousands being disconnected.

6. Set it on fire

phone exchange fire aftermath image

A fire led to Warrnambool Telephone Exchange’s demise. Photo: Telstra

Tens of thousands of phone and internet connections in Victoria were shut off in 2012 after a fire razed the Warrnambool Telephone Exchange. It was thought to be the biggest disruption of its kind in Australia.

7. Vandalise it


In May, iiNet said vandals damaged a backhaul fibre cable in Traralgon South, Victoria. The disruption was felt all the way down in Tasmania, with impaired connections for “some broadband customers”, iiNet said.

In 2012, a separate rogue individual deliberately cut several Telstra cables in Sydney, causing millions of dollars worth of damage and cutting communications from many homes and suburbs, including the local police station.

8. Let the sharks at it

shark attacking underwater cable image

While undersea cables are typically susceptible to accidental breakage by ship anchors, fish trawlers and natural disasters, sharks are also a threat. Internet giant Google recently revealed how it was using Kevlar-style wrapping material on its cables to prevent against these types of attacks.

Australia has several fibre-optic submarine cables connecting it to the rest of the world, which means that if one goes down traffic can be re-routed.

Other countries are not so lucky: if a fibre cut occurs they can go dark.

In 2005, Pakistan was cut off completely and had to rely on a slow back-up satellite connection.

9. Let its hardware fail all by itself

Kyle internet failure image

Much like in episode six, season 12 of South Park (“The Day the Internet Stood Still“), router malfunctions can sometimes cause outages.

But unlike in South Park, turning it off and on again doesn’t always work.

In 2012, Telstra was cut off from its international data network after one of its resellers, Dodo, was blamed for “a very minor hardware failure” resulting in very major routing issues that affected millions of customers’ internet connections for about 45 minutes. iiNet services were affected too.

Earlier this year Vodafone also suffered data and phone issues when a faulty repeater in WA on a primary fibre link and a back-up cable failed.

“From time to time equipment fails,” a spokesman for the cable said at the time.

large loan application banners image (4)

Henry Sapiecha

Shellshock just one tool in hackers’ cyber arsenal

shellshock virus cartoon safe cracker image

Silent thief: The Shellshock vulnerability went unnoticed for more than 20 years.

Online shoppers need to be extra vigilant against malicious links during the holiday shopping season, warns Adam Turner.

Unwitting Australians click on more than 15 million malicious internet links every month, lured by increasingly sophisticated attempts to infect their computers and steal valuable information.

Australians clicked on more than 45.5 million malicious links in the third quarter of 2014, up from 39 million in the three months before, according to security vendor Trend Micro’s third-quarter security roundup report. This ranks Australia fifth in the world for countries with the highest number of visits to malicious sites after the United States, Japan, France and Italy.

The growing threat from malicious links is partly attributed to September’s discovery of the Shellshock security flaw in many web servers. Among other things, the Shellshock flaw lets attackers hijack legitimate web pages and secretly download malicious software on to the computers of people who visit the site, known as a drive-by download.

The Shellshock vulnerability went unnoticed for more than 20 years, suggesting the likelihood of more long-undiscovered vulnerabilities lurking within with operating systems and applications.

Meanwhile, the threat from vulnerabilities in mobile devices and apps is also increasing, with ransomware targeting mobile devices along with desktop computers.

Ransomware encrypts the contents of a device and demands a ransom for precious files, such as photographs, to be returned. One of the latest ransomware threats involved fake emails, purporting to be from Australia Post, with an attachment that claims to contain details of parcel deliveries but in fact encrypts the computer’s hard drive and demands payment.

The latest report is a clear indication that Australian consumers still need to be educated about their online vulnerability, especially as cyber threats become more complex, says Trend Micro’s Australia and New Zealand consumer director, Tim Falinski.

“Consumers need to be extra vigilant heading into the holiday shopping season and new year sales, which is typically a time of year that sees an increase in cyber crime.”

project & construction finance banner image (2)

Henry Sapiecha


Unattended Bag Prompts Evacuation Of O'Hare Terminal

A new leaked CIA document from WikiLeaks reveals a few government secrets that could be useful for travelers this holiday season. In it, the CIA explains how to avoid a secondary screening at the airport if you’re traveling abroad.

The basic tips: Don’t bring too many new items in your luggage (sorry, Christmas gifts); don’t be nervous and visibly sweating; don’t change your itinerary within a day of your flight; don’t be weird about passport screening procedures; and make sure your luggage isn’t disproportionate to your purported reasons for your trip, which could mean how it’s packed or how fancy the stuff on the inside is.

The documents also contains security procedures from around the globe, shining a light on what other countries look for in a passenger profile. Turkish accents in Iraq get you an almost automatic screening. In Israel, lone male travelers with backpacks often get secondary screening, while lone travelers from China elicit concerns of illegal immigration from Chilean authorities.

In addition, Austria and Singapore have Russian agent watch lists at the ready, and Colombia is on the lookout for Iranian and Venezuelan spies. Portugal keeps an eye out for travels from Western Africa and any of its former colonies, fearing illegal immigration. Cambodia fears terrorists from around the Arab world, while Saudi Arabia is suspect of travellers from Iraq, Iran, Libya, Palestine, and Syria. And in the Seychelles, there’s plenty of fear of Nigerian drug trafficking.

Read the whole report here.

large loan application banners image (9)

Henry Sapiecha

Tony Abbott warns terrorist attack ‘likely’ post Sydney siege

Prime Minister Tony Abbott says there has been a “heightened level of terror chatter” in the wake of the Martin Place siege but has resisted raising the terrorism threat level of extreme.

The National Security Committee met on Tuesday and was briefed on the development by intelligence officials, Mr Abbott said.


Prime Minister Tony Abbott says the National Security Committee met on Tuesday. Photo: Andrew Meares

But it has also emerged that the deputy chairman of Parliament’s joint committee on intelligence and security, Anthony Byrne has been privately warning parliamentary colleagues on both sides for the past month of the need to raise the terror threat over Christmas.

“On the basis of recent events both here in Australia and overseas, and provided the information that the Prime Minister spoke about was sound and accurate there is a strong case to raise the terror threat to extreme as quickly as possible,” he said.

The alert from the Prime Minister comes as the NSW Opposition Leader John Robertson resigned hours after moves began to dump him over revelations he signed a letter of request for gunman Monis

In recent days Mr Byrne has also called for a judicial inquiry into events surrounding the Martin Place siege and in particular whether or not the intelligence or security agencies could have done anything more to prevent the siege from taking place.

Mr Abbott emerged from the security briefings in Sydney to front a snap media conference, in which he urged Australians to celebrate Christmas as normal but be on guard for any suspicious activity.

“The briefing from the security agencies today indicated that there has been a heightened level of terrorist chatter in the aftermath of the Martin Place siege,” Mr Abbott said.

“That’s why it’s important that people remain alert and aware.”

ASIO and the Australian Federal Police recommended the national terrorism threat level be raised from “medium” to “high” in September, meaning a terrorism attack was regarded as “likely”.

Cafe manager Tori Johnson and barrister Katrina Dawson were killed when Man Haron Monis took 18 people hostage in the Lindt Cafe on the morning of December 15 and held them for 17 hours.

Mr Abbott confirmed on Sunday that an anonymous caller phoned the National Security hotline the weekend before the siege, to warn them of Man Haron Monis’ extreme views.

Mr Abbott said the call was followed up but “didn’t reveal any imminent attack by this individual.”

He stressed the Commonwealth-State investigation, due to report by the end of January next year, would look into the matter, as part of its examination into whether the policing and security agencies dealt with the matter to the best of their ability.

Mr Abbott said he had attended a memorial service for Ms Dawson “a brilliant and beautiful woman from a wonderful and accomplished family who has been cruelly snatched away from us”.

“As we prepare to join family and friends to celebrate Christmas we do need to be conscious of the fact that the terror threat remains high. There are people who would do us harm and who can do us harm,” he said.

He urged members of the public to report any suspicious behaviour to authorities.

“I do want to reassure you though that our law enforcement agencies and our police forces and our security agencies will be working around the clock to keep you as safe as possible over the holiday season, as they do at all times.”

Mr Abbott said the national security committee of the cabinet met for the first time on Tuesday afternoon following the swearing in of his new ministers.

“It was important to me that they were fully briefed on the domestic and international security situation as quickly as possible,” he said.

The national security committee was briefed by the head of the Australian Security and Intelligence Organisation and the commissioner of the Australian Federal Police.

Asked if the Martin Place siege had provoked further security threats, Mr Abbott said he would not speculate.

“In the wake of the Martin Place brush with terrorism there has been a heightened level of chatter amongst people who we would normally think of as terrorist sympathisers,” he said.

Mr Abbott has previously raised concerns about gunman Man Haron Monis falling through the security net.

“One of the things we are doing is asking ourselves do we need to go back and have a look at people who have come to our attention previously and see what is best done to ensure that the community is as safe as it humanly can be. This is the assurance I constantly give to the Australian people.

“The first duty of government is the safety of the community.”

large loan application banners image (5)

Henry Sapiecha

Privacy shall be thought of as a luxury in 2025 say the pundits

Experts believe the exchange of personal data for online conveniences will soon erode today's notions of privacy. guy with infrared binocs image

Experts believe the exchange of personal data for online conveniences will soon erode today’s notions of privacy.

Today’s notions of privacy will be eroded significantly within the next decade as growing reams of personal data are willingly exchanged for the convenience of living our lives online.

That’s the prevailing view among the more than 2500 industry experts from around the world – including academics, legislators and staff at global companies such as Google, Microsoft and Yahoo – who were quizzed on the future of privacy and security.

Respondents to the study from the Pew Research Center in the US, in conjunction with North Carolina’s Elon University, said they believed living a public life online would be the new default by 2025.

They variously predicted current notions of privacy would soon become “quaint”, “archaic”, a “fetish” and “the new taboo” – something that future generations would fail to understand, let alone appreciate.

“Everyone will expect to be tracked and monitored, since the advantages, in terms of convenience, safety, and services, will be so great,” Google chief economist Hal Varian wrote in his response.

Optimistically, one policy co-ordinator believed internet organisations would reach an international consensus on how best to balance privacy and security with popular content and services.

However, many more foresaw a backlash against the evolving social norms.

One respondent, who wished to remain anonymous, predicted more people would engage in acts of civil disobedience by choosing to “opt out” of online services, rather than be tracked by companies.

Others believed new tools would be created to give citizens greater agency over what information they shared, and with whom.

Some saw encryption tools, which can be used to hide personal information and files, becoming more widely used.

However, researcher Kate Crawford said such service providers would be likely to seek commercial benefit, resulting in the creation of privacy as a “luxury good”, and a new social divide of “privacy rich” and “privacy poor”.

Companies the world over are investing more and more in “big data” and “data mining”, which allows them to trawl through customer data to better tailor and market their products and business.

Professor Michael Fraser, director of the Communications Law Centre at the University of Sydney, said that while individuals legally consented to companies storing their data when signing up to online services, it was not necessarily informed consent.

“Facebook, Google and others, their entire value comes from the exploitation of our personal, private information,” he said.

Professor Fraser also warned of the link between the private sector’s collection of customer data and government agencies’ ability to access such data, saying it was effectively government surveillance by proxy.

In 2013, Australian authorities made more requests to access user data from major technology companies such as Google, Facebook and Apple than any other country except the US, according to “transparency reports” published by the companies.

Legislative changes recently increased the powers of Australia’s top spy agencies, with a plan to force telcos to retain customer metadata for up to two years still in the pipeline.

Professor Fraser said privacy law reform was needed to protect citizens’ personal data as a property right.

Many respondents to the Pew survey were sceptical whether the push for such protections would succeed in the face of large corporate interests and lobby groups.

The study was part of a broader internet research project by the Pew Research Center to mark the 25th anniversary of the creation of the World Wide Web by Sir Tim Berners-Lee.

Source: Pew Research Center

Privacy in 2025: Experts’ Predictions

We canvassed thousands of experts to ask them to predict the future of privacy in America and found they were divided on whether or not a secure, trusted privacy-rights infrastructure would be in place by 2025. Highlights from their responses are featured below. Read the full quotes and responses from many more experts in the complete report.

commercial business loans info flyer (19)

Henry Sapiecha

In the next 10 years, I would expect to see the development of more encryption technologies and boutique services for people prepared to pay a premium for greater control over their data. This is the creation of privacy as a luxury good. It also has the unfortunate effect of establishing a new divide: the privacy rich and the privacy poor. Whether genuine control over your information will be extended to the majority of people—and for free—seems

Amateur spies put North Korea on the map after sourcing info about the country

one of North Korean dictator Kim Jong Il's palatial mansions with expansive gardens.image

Living large … one of North Korean dictator Kim Jong Il’s palatial mansions with expansive gardens.

A group of amateur spies has used Google Earth to provide a rare glimpse inside North Korea, one of the world’s most secretive countries.

By default the Google Earth map of North Korea is completely bare, with no roads or landmarks labelled.

Over two years, US doctoral student Curtis Melvin and other volunteers pored over news reports, images, accounts, books and maps painstakingly identifying and locating thousands of buildings, monuments, missile-storage facilities, mass graves, secret labour camps, palaces, restaurants, tourist sites, main roads and even the entrance to the country’s subterranean nuclear test base.

The result, North Korea Uncovered , is one of the most detailed maps of North Korea available to the public today. The small file, which can be installed on top of Google Earth, has been downloaded more than 47,000 times since an updated version was released last month.

“We have portrayed things about which they are most proud and ashamed,” Melvin said in an email interview.

Among the most notable findings is the site of mass graves created in the 1990s following a famine that the UN estimates killed about 2 million people.

“Graves cover entire mountains,” Melvin said.

Also visible is the stark contrast between the living conditions of North Korea’s elite and the general population.

The palaces housing dictator Kim Jong Il and his inner circle, clearly shown on the maps, contain Olympic-size swimming pools with giant waterslides and golf courses.

Conversely, much of North Korea’s population is reliant on foreign food aid, ironic given the authoritarian regime is built around the ideology of self-reliance.

Analysing the satellite maps allowed Melvin to plot the country’s transport and electricity network, revealing that many towns have no power supply at all.

Melvin and his team also believe they have discovered the Vinalon complex that has been connected with chemical warfare experiments.

The project highlights the collaborative power of the internet, which allows disparate groups of amateur sleuths to work together to uncover state secrets and shine new light on previously hidden countries.

North Korea is of particular interest to diplomats, analysts and the public of late because the communist regime has ramped up its nuclear tests, launched a series of short-range missiles and threatened possible attacks on South Korea.

Melvin said he notified two North Korean embassies of his project but received no response.

“This project is a terrific record of their ‘revolution’ so I would love to have more of their input for historical purposes,” he said

Melvin, who began the project as a way of mapping places in North Korea that he had visited, said he pored over books, maps, pictures and news reports to identify locations on the Google satellite map. But he received significant help from collaborators, some of whom have studied North Korea professionally.

For instance, The Wall Street Journal reported that Joshua Stanton, a Washington attorney who has served in the US military in South Korea, identified one of the country’s most notorious prisons, Camp 16, by combing the map for structures identified in sketches created by defectors.

A US senator then used Stanton’s information to criticise North Korea’s human rights record, saying “Google has made a witness of all of us … we can no longer deny these things exist”.

North Korea’s own publicity of the movements of Kim Jong Il have also been invaluable to Melvin. Media reports from the country allowed him to identify locations the dictator has visited, such as a hydroelectric dam and power station he toured in April.

project & construction finance banner image (8)

Henry Sapiecha

Meet the phone cracker Navid Sobbi explains what a treasure trove of information your phone can be and how to protect your information.

If you thought wiping your mobile phone once to delete its contents, or having a passcode to protect it from prying eyes was enough, think again.

Meet the ultimate mobile phone data extractor, a $40,000 Israeli-made machine manufactured by Cellebrite and used by private investigator Navid Sobbi’s business National Surveillance and Intelligence and numerous law-enforcement agencies around the word.

The machine can crack passwords and extract varying degrees of data from almost every smartphone on the market bar a number of Blackberry models and the iPhone 5 and above. Photos, texts, locations and more can be extracted from the phone’s memory even if previously wiped.

The Cellebrite system phone access image

Navid connects an iPhone up to a laptop to begin examination of the data recovered. Photo: Tessa Stevens

In total, the device claims to be able to extract varying degrees of data from about 8000 phone models. Newer iPhones are not susceptible to the password cracking because Apple’s encryption methods have improved over time, but most phones are still able to have their data extracted if the password is provided, Mr Sobbi said.

“If it’s a smartphone such as Android or Apple we can get absolutely everything,” he said.

“So that’s locations, SMS, MMS, passwords, notes, emails and call logs.”

The Cellebrite system phone access image www.intelagencies (1)

The Cellebrite system has a cable for every phone on the market. Photo: Tessa Stevens

Often data from mobile phones is used to corroborate or disprove theories in criminal trials.

In one recent case, US forensic investigators looked at data stored on murder suspect Pedro Bravo’s smartphone to infer he used the phone’s flashlight when he buried the body of a former friend in a remote wooded area. Bravo was later found guilty of the murder.

Mr Sobbi said most phones were “easy” to get into.

The Cellebrite system phone access image www.intelagencies (2)

The Cellebrite system can extract data from a variety of phones. Photo: Tessa Stevens

He said the could bypass an iPhone 4 passcode and get into the phone “within about five minutes”.

Some Android phones, such as the HTC One, were also easy to crack but piecing the data together was a time consuming task. Blackberrys for example were “extremely hard to get into”, he said.

Blackberry is well known for its secure phones, being the preferred brand of governments for their leaders and diplomats. Sydney bikies have also reportedly used them to thwart police efforts to intercept their communications.

Based in Sydney, Mr Sobbi has worked with NSW Police on criminal matters and also in tendering evidence for family court cases. He has also assisted with corporate leak investigations, where employees have taken a company’s intellectual property to a competitor.

Those that have accidentally deleted data – like family photos – also go to him for help and in about 90 to 95 per cent of cases he has been able to successfully retrieve the data.

“But it all comes down to how the phone is used,” he said. “So if, for example, the phone has been factory-reset a number of times or damaged, then our success rate is a lot less.”

After using the Cellebrite tool for several years, Mr Sobbi said it was most surprising it could get location data even when a phone’s GPS was turned off.

“We’ve noticed that [some phones] still store probably every 15 minutes or once every hour … a location of where the device is,” Mr Sobbi said.

“Even if [location is] off in the GPS option, it might store it from the cell tower option.”

He advised people to wipe their phones several times before selling or disposing of them.

“When a consumer wants to change their phone or just wants to give their phone to someone else, the best thing to do is at least restore it back to factory settings a minimum of about five times.

“The more you do that the harder it becomes for the forensic examiner to recover the data.”

He said he could also extract data from tablets and computer hard drives.

Although many law-enforcement agencies praise the Cellebrite system, not everyone is happy.

The American Civil Liberties Union of Michigan has previously expressed concern about how its state police force has used the gadget, saying it can “quickly download data from cell phones without the owner of the cell phone knowing it”.

commercial business loans info flyer (22)

Henry Sapiecha

Massive security flaw that undermines privacy of mobile phone networks revealed by German researchers


Researchers have found a huge security flaw in a system used by the world’s mobile networks. Photo: Glenn Hunt

German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when mobile networks are using the most advanced encryption now available.

The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s mobile carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of mobile customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.

Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and mobile carriers by using SS7 functions, the researchers say.

These vulnerabilities continue to exist even as mobile carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorised eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into mobile networks in the United States, Europe or anywhere else.

large loan application banners image (4)

“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers.

Engel, founder of Sternraute, and Karsten Nohl, chief scientist for Security Research Labs, separately discovered these security weaknesses as they studied SS7 networks in recent months, after The Washington Post reported the widespread marketing of surveillance systems that use SS7 networks to locate callers anywhere in the world. The Post reported that dozens of nations had bought such systems to track surveillance targets and that skilled hackers or criminals could do the same using functions built into SS7. (The term is short for Signaling System 7 and replaced previous networks called SS6, SS5, etc.)

The researchers did not find evidence that their latest discoveries, which allow for the interception of calls and texts, have been marketed to governments on a widespread basis. But vulnerabilities publicly reported by security researchers often turn out to be tools long used by secretive intelligence services, such as the National Security Agency or Britain’s GCHQ, but not revealed to the public.

“Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation,” said Christopher Soghoian, principal technologist for the ACLU and an expert on surveillance technology. “They’ve likely sat on these things and quietly exploited them.”

The GSMA, a global cellular industry group based in London, did not respond to queries seeking comment about the vulnerabilities that Nohl and Engel have found. For the Post’s article in August on location tracking systems that use SS7, GSMA officials acknowledged problems with the network and said it was due to be replaced over the next decade because of a growing list of security and technical issues.

The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a mobile phone’s “forwarding” function – a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

Nohl on Wednesday demonstrated the ability to collect and decrypt a text message using the phone of a German senator, who cooperated in the experiment. But Nohl said the process could be automated to allow massive decryption of calls and texts collected across an entire city or a large section of a country, using multiple antennas.

“It’s all automated, at the push of a button,” Nohl said. “It would strike me as a perfect spying capability, to record and decrypt pretty much any network. … Any network we have tested, it works.”

Those tests have included more than 20 networks worldwide, including T-Mobile in the United States. The other major US carriers have not been tested, though Nohl and Engel said it’s likely at least some of them have similar vulnerabilities. (Several smartphone-based text messaging systems, such as Apple’s iMessage and Whatsapp, use end-to-end encryption methods that sidestep traditional mobile text systems and likely would defeat the technique described by Nohl and Engel.)

In a statement, T-Mobile said: “T-Mobile remains vigilant in our work with other mobile operators, vendors and standards bodies to promote measures that can detect and prevent these attacks.”

The issue of mobile phone interception is particularly sensitive in Germany because of news reports last year, based on documents provided by former NSA contractor Edward Snowden, that a phone belonging to Chancellor Angela Merkel was the subject of NSA surveillance. The techniques of that surveillance have not become public, though Nohl said that the SS7 hacking method that he and Engel discovered is one of several possibilities.

US embassies and consulates in dozens of foreign cities, including Berlin, are outfitted with antennas for collecting cellular signals, according to reports by German magazine Der Spiegel, based on documents released by Snowden. Many mobile phone conversations worldwide happen with either no encryption or weak encryption.

The move to 3G networks offers far better encryption and the prospect of private communications, but the hacking techniques revealed by Nohl and Engel undermine that possibility. Carriers can potentially guard their networks against efforts by hackers to collect encryption keys, but it’s unclear how many have done so. One network that operates in Germany, Vodafone, recently began blocking such requests after Nohl reported the problem to the company two weeks ago.

Nohl and Engel also have discovered new ways to track the locations of mobile phone users through SS7. The Post story, in August, reported that several companies were offering governments worldwide the ability to find virtually any mobile phone user, virtually anywhere in the world, by learning the location of their mobile phones through an SS7 function called an “Any Time Interrogation” query.

Some carriers block such requests, and several began doing so after the Post’s report. But the researchers in recent months have found several other techniques that hackers could use to find the locations of callers by using different SS7 queries. All networks must track their customers in order to route calls to the nearest cellular towers, but they are not required to share that information with other networks or foreign governments.

Carriers everywhere must turn over location information and allow eavesdropping of calls when ordered to by government officials in whatever country they are operating in. But the techniques discovered by Nohl and Engel offer the possibility of much broader collection of caller locations and conversations, by anyone with access to SS7 and the required technical skills to send the appropriate queries.

“I doubt we are the first ones in the world who realise how open the SS7 network is,” Engel said.

Secretly eavesdropping on calls and texts would violate laws in many countries, including the United States, except when done with explicit court or other government authorization. Such restrictions likely do little to deter criminals or foreign spies, say surveillance experts, who say that embassies based in Washington likely collect cellular signals.

The researchers also found that it was possible to use SS7 to learn the phone numbers of people whose cellular signals are collected using surveillance devices. The calls transmit a temporary identification number which, by sending SS7 queries, can lead to the discovery of the phone number. That allows location tracking within a certain area, such as near government buildings.

The German senator who cooperated in Nohl’s demonstration of the technology, Thomas Jarzombek of Merkel’s Christian Democratic Union party, said that while many in that nation have been deeply angered by revelations about NSA spying, few are surprised that such intrusions are possible.

“After all the NSA and Snowden things we’ve heard, I guess nobody believes it’s possible to have a truly private conversation on a mobile phone,” he said. “When I really need a confidential conversation, I use a fixed-line” phone.

Washington Post

project & construction finance banner image

Henry Sapiecha

Federal & NSW Police raid homes in Sydney: Operation ‘not connected to Martin Place siege’

australian federal police banner image


Raids are being carried out on several homes in Sydney by NSW Police and Australian Federal Police (AFP).

NSW Police said officers were conducting search warrants as part of an ongoing operation, but the action was not connected to Monday’s Martin Place siege.

It has been reported one of the properties being raided is a unit block in the north-western suburb of Marsfield.

It is also understood that at least one of the properties was targeted during large-scale counter-terrorism raids in September.

An AFP spokesman said they would release further information when it was safe to do so.

“As this activity remains ongoing, and to ensure the safety and security of the operation and the members involved, it is not appropriate to provide further details at this time,” the spokesman said.

“We will endeavour to provide further information as the AFP and NSW Police are in a position to do so.”

Henry Sapiecha

Opposition leader has supported the security agencies in their handling of the recent seige

bill shorten image

Shorten expresses confidence in security agencies


The Opposition Leader Bill Shorten joins the ABC program to discuss the implications of the Syndey siege for Australia’s national security system, and whether more could have been done to avert the situation.

Henry Sapiecha

Family day care operators put on notice after investigators uncover suspected fraud worth $300 million

Investigation finds evidence of child swapping & phantom claims kids playing  image

A crackdown on childcare payments rorts has found “phantom claims” and “child swapping” are contributing to suspected fraud worth $300 million, the Federal Government says.

Assistant Education Minister Sussan Ley said the vast majority of suspected improper claims were coming from family day care operations.

“The common thing is that there’s a claim made for childcare benefit or childcare rebate for care that hasn’t taken place,” Ms Ley said.

The Government’s compliance investigation has identified cases of “phantom claims” where taxpayer funds were claimed for non-existent children.

It also found evidence of “child swapping”, cases where groups of parents become accredited as childcare providers and fraudulently claim to have looked after each others’ children in order to receive benefits.

Ms Ley said parents could check for evidence of rorting themselves.

“I also stress the importance of families checking their childcare statements for any irregularities,” she said.

The Government said there were prosecutions under consideration and about $4 million had been recovered so far.

About 50 childcare services have faced compliance action since the Coalition was elected last year, including suspensions, cancelled accreditation and fines of more than $2.5 million.

The number of family daycare centres has doubled over the past four years.

Henry Sapiecha