Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Tuesday, June 11, 2024

Quotes from Tor and the Dark Art of Anonymity: How to Be Invisible from NSA Spying by Lance Henderson

Tor and the Dark Art of Anonymity: How to Be Invisible from NSA Spying by Lance Henderson
We'll get into the nitty details later, but these are the Rules I've set for myself: - Refrain from routing normal traffic through it - Never do anything illegal (more later as it's a grey area) - Never put sensitive files on it (financial info, love notes, court docs) - Be as transparent as possible that I'm running an exit - If I get complaints from The Olde ISP (or university), I use this template.
Law enforcement and prospective employers who mine your social media presence for data are often worse than thieves who salivate when you announce on Twitter you'll be out of town for two weeks. Thieves, while unsavory and criminally deviant to be sure, rarely profess to be just. And thieves, as stated before, come in all shapes and sizes. If they take your private data without asking you first, that's stealing. Employers can be the worst of the lot, as hypocritical as Harvey Two-Face, demanding transparency in your life but not their own. Make an inflamed political post or drink wine on vacation in Bora Bora with half-naked Filipinas twirling fire sticks and you could lose your job... or be denied one. Not kidding. Mention you use Tor and you may hear your interviewer ask: "I noticed you're a big fan of Tor. Could you elaborate on why you need to use an anonymizing service? We like transparency in our employees." Yes, I was actually asked this in an interview for a position that handled a lot of money. It came out of nowhere, but what really bothered me was the casual way it was asked, like every applicant should have something to hide if they desire anonymous communications. Maybe I was some rabid fan of Jason Bourne and up to no good. At any rate, they did not like my answer. "Because I value freedom."
Any intelligence agency has unlimited funding to kill freedom by censoring all of us - even censoring the freedom to buy what you want to buy. With the media in their back pocket they can conjure any boogeyman they want to run over you. It's not illegal for them to lie to you, but it is for you to lie to them. This hypocrisy costs them nothing but costs you everything, so like them, you must keep on top of changes to good security, updating as necessary and being on constant alert of new zero-day threats.
One thing though: when you have not one but two or three silver bullets to take down a werewolf, the better your chances of staying invisible to any other lycans roaming around out there. Mind you, I'm not prejudiced against those with Lycanthropy, as it is no laughing matter. But then neither is herd mentality.
Tor and the Dark Art of Anonymity: How to Be Invisible from NSA Spying by Lance Henderson, English, May 16, 2015, ISBN: 1512049581

Tuesday, February 27, 2024

Edward Snowden. Quote from Permanent Record

Edward Snowden
WHENEVER I GO outside, I try to change my appearance a bit. Maybe I get rid of my beard, maybe I wear different glasses. I never liked the cold until I realized that a hat and scarf provide the world's most convenient and inconspicuous anonymity. I change the rhythm and pace of my walk, and, contrary to the sage advice of my mother, I look away from traffic when crossing the street, which is why I've never been caught on any of the car dashcams that are ubiquitous here. Passing buildings equipped with CCTV I keep my head down, so that no one will see me as I'm usually seen online - head-on. I used to worry about the bus and metro, but nowadays everybody's too busy staring at their phones to give me a second glance. If I take a cab, I'll have it pick me up at a bus or metro stop a few blocks away from where I live and drop me off at an address a few blocks away from where I'm going.

Tuesday, June 7, 2022

10 Commandments of Gray Man. Tactics and Mindset

10 Commandments of Gray Man. Tactics and Mindset
  1. Do not create excess stimuli for others.
  2. Be aware of others and your surroundings.
  3. Maintain calmness and self-control.
  4. Do not wear tactical clothing or gear.
  5. Avoid bright-colored clothing/accessories.
  6. Practice good OPSEC and PERSEC protocols.
  7. Do not seek out conflicts.
  8. Choose flight over fight when possible.
  9. Learn and use counter-surveillance tactics.
  10. Your safety is YOUR responsibility.
OPSEC stands for Operations Security,
PERSEC - for Personal Security.
Source - Hidden Success Tactical

Thursday, September 30, 2021

Plapie. Security Emergency Keychain Alarm

Plapie. 120dB Security Protect Self-defense Emergency Keychain Alarm
120dB emergency alarm with push button activation, 120dB sound capacity alert others around you while in danger. Ideal self defense keychain for college and student security, police and correctional officers, walkers, joggers, elderly, students, lone workers.

Material: Plastics
Color: Black
Dimension: Approx. 70*34*20mm / 2.76x1.34x0.78"
Battery: 3xLR44 Batteries (Included)

Plapie. Rape Whistle. Security Emergency Keychain Alarm


Available in store


Review: significantly quieter than Alarm Siren Personal Defense Keychain


Брелок - аварийная сигнализация

Friday, April 23, 2021

Ruin My Search History

Sick of Google harvesting all your personal data?
Ruin My Search History is a simple, effective and fun way to throw Google off the scent!
By generating random search queries, the tool prevents Google from building an accurate picture of who you are.
Decide just how random you want the searches to be using the slider below and click 'Ruin My Search History'.
If you dare!
Ruin My Search History

Friday, April 2, 2021

Ultrasonic dog trainer repeller

Ultrasonic Anti Bark Dog Repeller Training Device
Model: AD-100
Declared power: 150 dB
Material: Plastic
Powered: 9V battery
Size: 130*26*40mm
Weight: 64g
Work Distance: approx 5m
Available in store, store
Dogs hear the device. But do not get scared

Tuesday, March 9, 2021

Alarm Siren Personal Defense Keychain

130dB Alarm Alert Panic Siren Personal Defense Keychain
The perfect defense mechanism to prevent kidnappings and abductions of young children and teenagers.
Commonly used by seniors to call for help in case of falling, feeling unsafe, physically threatened, medical emergencies, accidents, or allergic reactions.
Emergencies Can Happen At Any Moment. Unfortunately, many victims are too traumatized from the shock of an attack and are too scared to ask for help.
Protect yourself in a moment of need with Self Defense Siren. Personal Alarm Siren can be used against animals too.
130dB Alarm Alert Panic Siren Personal Defense Keychain
Sound: about 130dB
Material: ABS
Height: 7.2cm
Width: 5cm
Chain: 5cm
Power: 3 Button Battery LR44
Battery working time: 1.5hour (continuously making alarm sound)
LED emergency light: about 24-hour lighting.
Available in store

Сирена для персональной защиты, громкий сигнал тревоги. Звуковое давление ~130 дБ
Питание: 3 батарейки LR44

Tuesday, February 2, 2021

Some Folding Locksmith Pocket Tool

H&H Folding Locksmith 6 in 1 Pocket Tool
6-in-1 practice training kit so you can pick the right tool for any emergency situation, which consists of rakes, picks and tension tools, includes 6 tools and 1 built in removable tensioner.
Dimension: 88(L) x 1.8(W)cm / 3.49 x 0.71 inch
Weight: 150g
Material: stainless steel


Available in store, store

Thursday, January 28, 2021

Image "Cloaking" for Personal Privacy

Shawn Shan†, PhD Student
Emily Wenger†, PhD Student
Jiayun Zhang, Visiting Student
Huiying Li, PhD Student
Haitao Zheng, Professor
Ben Y. Zhao, Professor
† Project co-leaders and co-first authors

NEWS

4-23: v1.0 release for Windows/MacOS apps and Win/Mac/Linux binaries!
4-22: Fawkes hits 500,000 downloads!
1-28: Adversarial training against Fawkes detected in Microsoft Azure (see below)
1-12: Fawkes hits 335,000 downloads!
8-23: Email us to join the Fawkes-announce mailing list for updates/news on Fawkes
8-13: Fawkes paper presented at USENIX Security 2020
News: Jan 28, 2021. It has recently come to our attention that there was a significant change made to the Microsoft Azure facial recognition platform in their backend model. Along with general improvements, our experiments seem to indicate that Azure has been trained to lower the efficacy of the specific version of Fawkes that has been released in the wild. We are unclear as to why this was done (since Microsoft, to the best of our knowledge, does not build unauthorized models from public facial images), nor have we received any communication from Microsoft on this. However, we feel it is important for our users to know of this development. We have made a major update (v1.0) to the tool to circumvent this change (and others like it). Please download the newest version of Fawkes below.
2020 is a watershed year for machine learning. It has seen the true arrival of commodized machine learning, where deep learning models and algorithms are readily available to Internet users. GPUs are cheaper and more readily available than ever, and new training methods like transfer learning have made it possible to train powerful deep learning models using smaller sets of data.
...

Publication & Presentation

Fawkes: Protecting Personal Privacy against Unauthorized Deep Learning Models.
Shawn Shan, Emily Wenger, Jiayun Zhang, Huiying Li, Haitao Zheng, and Ben Y. Zhao.
In Proceedings of USENIX Security Symposium 2020. ( Download PDF here )

Downloads and Source Code - v1.0 Release!

NEW! Fawkes v1.0 is a major update. We made the following updates to significantly improve the protection and software reliability.
We updated the backend feature extractor to the-state-of-art ArcFace models.
We injected additional randomness to the cloak generation process through randomized model selection.
We migrated the code base from TF 1 to TF 2, which resulted in a significant speedup and better compatibility.
Other minor tweaks to improve protection and minimize image perturbations.
Download the Fawkes Software:
(new) Fawkes.dmg for Mac (v1.0)
DMG file with installer app
Compatibility: MacOS 10.13, 10.14, 10.15, 11.0(new)

Fawkes.exe for Windows (v1.0)
EXE file
Compatibility: Windows 10

Setup Instructions: For MacOS, download the .dmg file and double click to install. If your Mac refuses to open because the APP is from an unidentified developer, please go to System Preference>Security & Privacy>General and click Open Anyway.

Download the Fawkes Executable Binary:
Fawkes binary offers additional options on selecting different parameters. Check here for more information on how to select the best parameters for your use case.
Download Mac Binary (v1.0)
Download Windows Binary (v1.0)
Download Linux Binary (v1.0)
For binary, simply run "./protection -d imgs/"
Fawkes Source Code on Github, for development.
...

Frequently Asked Questions

  • How effective is Fawkes against 3rd party facial recognition models like ClearView.ai?
    We have extensive experiments and results in the technical paper (linked above). The short version is that we provide strong protection against unauthorized models. Our tests against state of the art facial recognition models from Microsoft Azure, Amazon Rekognition, and Face++ are at or near 100%. Protection level will vary depending on your willingness to tolerate small tweaks to your photos. Please do remember that this is a research effort first and foremost, and while we are trying hard to produce something useful for privacy-aware Internet users at large, there are likely issues in configuration, usability in the tool itself, and it may not work against all models for all images.
  • How could this possibly work against DNNs? Aren't they supposed to be smart?
    This is a popular reaction to Fawkes, and quite reasonable. We hear often in popular press how amazingly powerful DNNs are and the impressive things they can do with large datasets, often detecting patterns where human cannot. Yet the achilles heel for DNNs has been this phenomenon called adversarial examples, small tweaks in inputs that can produce massive differences in how DNNs classify the input. These adversarial examples have been recognized since 2014 (here's one of the first papers on the topic), and numerous defenses have been proposed over the years since (and some of them are from our lab). Turns out they are extremely difficult to remove, and in a way are a fundamental consequence of the imperfect training of DNNs. There have been multiple PhD dissertations written already on the subject, but suffice it to say, this is a fundamentally difficult thing to remove, and many in the research area accept it now as a necessary evil for DNNs.
    The underlying techniques used by Fawkes draw directly from the same properties that give rise to adversarial examples. Is it possible that DNNs evolve significantly to eliminate this property? It's certainly possible, but we expect that will require a significant change in how DNNs are architected and built. Until then, Fawkes works precisely because of fundamental weaknesses in how DNNs are designed today.
  • Can't you just apply some filter, or compression, or blurring algorithm, or add some noise to the image to destroy image cloaks?
    As counterintuitive as this may be, the high level answer is no simple tools work to destroy the perturbation that form image cloaks. To make sense of this, it helps to first understand that Fawkes does not use high-intensity pixels, or rely on bright patterns to distort the classification value of the image in the feature space. It is a precisely computed combination of a number of pixels that do not easily stand out, that produce the distortion in the feature space. If you're interested in seeing some details, we encourage you to take a look at the technical paper (also linked above). In it we present detailed experimental results showing how robust Fawkes is to things like image compression and distortion/noise injection. The quick takeaway is that as you increase the magnitude of these noisy disruptions to the image, protection of image cloaking does fall, but slower than normal image classification accuracy. Translated: Yes, it is possible to add noise and distortions at a high enough level to distort image cloaks. But such distortions will hurt normal classification far more and faster. By the time a distortion is large enough to break cloaking, it has already broken normal image classification and made the image useless for facial recognition.
  • How is Fawkes different from things like the invisibility cloak projects at UMaryland, led by Tom Goldstein, and other similar efforts?
    Fawkes works quite differently from these prior efforts, and we believe it is the first practical tool that the average Internet user can make use of. Prior projects like the invisibility cloak project involve users wearing a specially printed patterned sweater, which then prevents the wearer from being recognized by person-detection models. In other cases, the user is asked to wear a printed placard, or a special patterned hat. One fundamental difference is that these approaches can only protect a user when the user is wearing the sweater/hat/placard. Even if users were comfortable wearing these unusual objects in their daily lives, these mechanisms are model-specific, that is, they are specially encoded to prevent detection against a single specific model (in most cases, it is the YOLO model). Someone trying to track you can either use a different model (there are many), or just target users in settings where they can't wear these conspicuous accessories. In contrast, Fawkes is different because it protects users by targeting the model itself. Once you disrupt the model that's trying to track you, the protection is always on no matter where you go or what you wear, and even extends to attempts to identify you from static photos of you taken, shared or sent digitally.
  • How can Fawkes be useful when there are so many uncloaked, original images of me on social media that I can't take down?
    Fawkes works by training the unauthorized model to learn about a cluster of your cloaked images in its "feature space." If you, like many of us, already have a significant set of public images online, then a model like Clearview.AI has likely already downloaded those images, and used them to learn "what you look like" as a cluster in its feature space. However, these models are always adding more training data in order to improve their accuracy and keep up with changes in your looks over time. The more cloaked images you "release," the larger the cluster of "cloaked features" will be learned by the model. At some point, when your cloaked cluster of images grows bigger than the cluster of uncloaked images, the tracker's model will switch its definition of you to the new cloaked cluster and abandon the original images as outliers.
  • Is Fawkes specifically designed as a response to Clearview.ai?
    It might surprise some to learn that we started the Fawkes project a while before the New York Times article that profiled Clearview.ai in February 2020. Our original goal was to serve as a preventative measure for Internet users to inoculate themselves against the possibility of some third-party, unauthorized model. Imagine our surprise when we learned 3 months into our project that such companies already existed, and had already built up a powerful model trained from massive troves of online photos. It is our belief that Clearview.ai is likely only the (rather large) tip of the iceberg. Fawkes is designed to significantly raise the costs of building and maintaining accurate models for large-scale facial recognition. If we can reduce the accuracy of these models to make them untrustable, or force the model's owners to pay significant per-person costs to maintain accuracy, then we would have largely succeeded. For example, someone carefully examining a large set of photos of a single user might be able to detect that some of them are cloaked. However, that same person is quite possibly capable of identifying the target person in equal or less time using traditional means (without the facial recognition model).
  • Can Fawkes be used to impersonate someone else?
    The goal of Fawkes is to avoid identification by someone with access to an unauthorized facial recognition model. While it is possible for Fawkes to make you "look" like someone else (e.g. "person X") in the eyes of a recognition model, we would not consider it an impersonation attack, since "person X" is highly likely to want to avoid identification by the model themselves. If you cloaked an image of yourself before giving it as training data to a legitimate model, the model trainer can simply detect the cloak by asking you for a real-time image, and testing it against your cloaked images in the feature space. The key to detecting cloaking is the "ground truth" image of you that a legitmate model can obtain, and unauthorized models cannot. How can I distinguish photos that have been cloaked from those that have not? A big part of the goal of Fawkes is to make cloaking as subtle and undetectable as possible and minimize impact on your photos. Thus it is intentionally difficult to tell cloaked images from the originals. We are looking into adding small markers into the cloak as a way to help users identify cloaked photos. More information to come.
  • How do I get Fawkes and use it to protect my photos?
    We are working hard to produce user-friendly versions of Fawkes for use on Mac and Windows platforms. We have some initial binaries for the major platforms (see above). Fawkes is also available as source code, and you can compile it on your own computer. Feel free to report bugs and issues on github, but please bear with us if you have issues with the usability of these binaries. Note that we do not have any plans to release any Fawkes mobile apps, because it requires significant computational power that would be challenging for the most powerful mobile devices.
...

Full text is Image "Cloaking" for Personal Privacy

Wednesday, October 7, 2020

Kufar и МВД

Kufar.by restricted
Блокирование доступа с адресов VPN и TOR ничего не принесёт, кроме репутационных потерь.
Далее цитата с указанием источника:
...принято решение о совместной реализации таких мер, как оперативное предоставление в управление «К» сведений о цифровых следах подозрительных пользователей, информации об осуществлении несанкционированного доступа к аккаунтам указанной площадки, а также анализ сведений о лицах, осуществляющих атаки и массовые пробивы.
...речь идет об IP-фильтрации (в части невозможности использования TOR, VPN)...

В МВД руководители управления "К" и «KUFAR.BY» обсудили вопросы кибербезопасности
https://www.mvd.gov.by/ru/news/7471
P.S.
Сайт МВД РБ тоже не открывается с VPN и TOR


Отзыв на Куфар
  1. По моему наблюдению, на Куфаре максимальная цена, которую здесь ожидают - 100-150 рублей, уже при 200 впадают в тупняк.
  2. Ждуны. Могут ждать долго, пока продавец, потеряв терпение продать свой товар, сбрасывает резко цену.
  3. Еще на Kufar пришла игра "какие ньюансы"? Неопытный продавец честно рассказывает недостатки своего товара, после его ему цену сбрасывают до бросовой...

Thursday, September 3, 2020

Permanent Record

Permanent Record. Edward Snowden
The Sunday Times top ten bestseller. Edward Snowden, the man who risked everything to expose the US government's system of mass surveillance, reveals for the first time the story of his life, including how he helped to build that system and what motivated him to try to bring it down. In 2013, twenty-nine-year-old Edward Snowden shocked the world when he broke with the American intelligence establishment and revealed that the United States government was secretly pursuing the means to collect every single phone call, text message, and email. The result would be an unprecedented system of mass surveillance with the ability to pry into the private lives of every person on earth. Six years later, Snowden reveals for the very first time how he helped to build this system and why he was moved to expose it. Spanning the bucolic Beltway suburbs of his childhood and the clandestine CIA and NSA postings of his adulthood, Permanent Record is the extraordinary account of a bright young man who grew up online - a man who became a spy, a whistleblower, and, in exile, the Internet's conscience. Written with wit, grace, passion, and an unflinching candor, Permanent Record is a crucial memoir of our digital age. 'A riveting account . . . Reads like a literary thriller' - New York Times

Permanent Record. Edward Snowden. Эдвард Сноуден. Личное дело
Эдвард Сноуден. Личное дело. По-русски

Tuesday, September 17, 2019

Edward Snowden. Permanent Record

Permanent Record. Edward Snowden
Edward Snowden’s revelations about the extent of US surveillance operations sent shockwaves around the world, the effects of which are still being felt today. In Permanent Record, the whistle-blower gives his side of the story, as well as detailing his personal background and the reasoning behind his actions. Edward Snowden, the man who risked everything to expose the US government’s system of mass surveillance, reveals for the first time the story of his life, including how he helped to build that system and what motivated him to try to bring it down. In 2013, twenty-nine-year-old Edward Snowden shocked the world when he broke with the American intelligence establishment and revealed that the United States government was secretly pursuing the means to collect every single phone call, text message, and email. The result would be an unprecedented system of mass surveillance with the ability to pry into the private lives of every person on earth. Six years later, Snowden reveals for the very first time how he helped to build this system and why he was moved to expose it. Spanning the bucolic Beltway suburbs of his childhood and the clandestine CIA and NSA postings of his adulthood, Permanent Record is the extraordinary account of a bright young man who grew up online – a man who became a spy, a whistleblower, and, in exile, the Internet’s conscience. Written with wit, grace, passion, and an unflinching candor, Permanent Record is a crucial memoir of our digital age and destined to be a classic.

... The fact is, no one with a biography like mine ever comes comfortably to autobiography. It’s hard to have spent so much of my life trying to avoid identification, only to turn around completely and share “personal disclosures” in a book. The Intelligence Community tries to inculcate in its workers a baseline anonymity, a sort of blank-page personality upon which to inscribe secrecy and the art of imposture. You train yourself to be inconspicuous, to look and sound like others. You live in the most ordinary house, you drive the most ordinary car, you wear the same ordinary clothes as everyone else. The difference is, you do it on purpose: normalcy, the ordinary, is your cover. This is the perverse reward of a self-denying career that brings no public glory: the private glory comes not during work, but after, when you can go back out among other people again and successfully convince them that you’re one of them. Though there are a score of more popular and surely more accurate psychological terms for this type of identity split, I tend to think of it as human encryption. As in any process of encryption, the original material—your core identity—still exists, but only in a locked and scrambled form. The equation that enables this ciphering is a simple proportion: the more you know about others, the less you know about yourself. After a time, you might forget your likes and even your dislikes. You can lose your politics, along with any and all respect for the political process that you might have had. Everything gets subsumed by the job, which begins with a denial of character and ends with a denial of conscience. “Mission First.” Some version of the above served me for years as an explanation of my dedication to privacy, and my inability or unwillingness to get personal. It’s only now, when I’ve been out of the IC almost as long as I was in it, that I realize: it isn’t nearly enough. After all, I was hardly a spy—I wasn’t even shaving—when I failed to turn in my English class assignment. Instead, I was a kid who’d been practicing spycraft for a while already—partly through my online experiments with game-playing identities, but more than anything through dealing with the silence and lies that followed my parents’ divorce. ... In the Intelligence Community, the “Frankenstein effect” is widely cited, though the more popular military term for it is “blowback”: situations in which policy decisions intended to advance American interests end up harming them irreparably. Prominent examples of the “Frankenstein effect” cited by after-the-fact civilian, governmental, military, and even IC assessments have included America’s funding and training of the mujahideen to fight the Soviets, which resulted in the radicalization of Osama bin Laden and the founding of al-Qaeda, as well as the de-Baathification of the Saddam Hussein–era Iraqi military, which resulted in the rise of the Islamic state. ... The CIA is the primary American intelligence agency dedicated to HUMINT (human intelligence), or covert intelligence gathering by means of interpersonal contact—person to person, face-to-face, unmediated by a screen. The COs (case officers) who specialized in this were terminal cynics, charming liars who smoked, drank, and harbored deep resentment toward the rise of SIGINT (signals intelligence), or covert intelligence gathering by means of intercepted communications, which with each passing year reduced their privilege and prestige.
Nothing is harder than living with a secret that can’t be spoken. Lying to strangers about a cover identity or concealing the fact that your office is under the world’s most top-secret pineapple field might sound like it qualifies, but at least you’re part of a team: though your work may be secret, it’s a shared secret, and therefore a shared burden. There is misery but also laughter. When you have a real secret, though, that you can’t share with anyone, even the laughter is a lie. I could talk about my concerns, but never about where they were leading me. To the day I die I’ll remember explaining to my colleagues how our work was being applied to violate the oaths we had sworn to uphold and their verbal shrug in response: “What can you do about it?” I hated that question, its sense of resignation, its sense of defeat, but it still felt valid enough that I had to ask myself, “Well, what?”
Edward Snowden. Permanent Record
Permanent Record. Edward Snowden. Эдвард Сноуден. Личное дело
Эдвард Сноуден. Личное дело. По-русски

Saturday, April 20, 2019

RFID Card and Passport Protectors

Anti-theft electromagnetically opaque shield RFID Card and Passport Protectors
The protector sleeves are powerful electromagnetically opaque shield, which blocks RFID signals and from unauthorized scans. Enduring resistant material to stand tears and punctures, suitable for daily use and even waterproof.
Passport card protector: 105*135mm
Bank card protector: 91*63mm


Available in Factory's Store, Shop4524033 Store

Защитные мешки для защиты RFID-меток карт и паспортов

Monday, March 4, 2019

Surveillance Detection

Surveillance Detection

Part I: Surveillance Detection Basics

How To Know If You’re Being Followed

Surveillance detection is a fancy spy term for identifying if you are being followed. It is one of the best skills an individual can learn to protect themselves and the ones they love. In the “spy” world, being able to identify if you have surveillance or are being followed by the intelligence services of foreign government or a terrorist can mean the difference between life and death for yourself or anyone you meet. In fact, this invaluable skill is the difference between life and death in the real world, as well.

I reached out to my former agency teammate Mark Laine at Center Line Systems to talk over ideas for teaching some of the basic elements of surveillance detection. Mark is a real-life master when it comes to surveillance detection so I wanted to pick his brain on how to take our training and experience regarding surveillance detection and translate it into some easy techniques that can be employed by dads, moms, and citizens everywhere to improve their personal safety practices and protect their loved ones.

What we came up with is a basic guide that will cover:

  1. What surveillance detection actually is
  2. Why you should know if you are being followed
  3. How to identify if you are being followed
  4. Safety steps you need to take to protect yourself and loved ones from danger

What Is Surveillance Detection?

Surveillance Detection is a series of techniques that you can employ to identify if you are being followed. The word “surveillance” really means to “observe.” While someone parked outside your neighborhood or place of work who is watching your comings and goings is true “surveillance,” so is someone following you in a car or on foot. We’ve all seen movies where a guy looks in the rear-view mirror and sees a tail six cars back. Or when a woman walking down the street ducks into a shop to escape out the back to lose her pursuer. Ah, Hollywood… but this time they aren’t all that wrong.

Why Do You Need To Know If You Are Being Followed?

Whether you are a “spy” or a soccer mom, one of the biggest threats to our personal safety is complacency. Everyone wants to believe the minor confrontation over a parking space, the guy driving like a jerk on the freeway, or the creepy person staring at you in the shopping mall is nothing more than that. However, everything from how you are dressed, how you carry yourself, your actions or even the location you are frequenting may bring you to the attention of criminal elements. Worst case scenario, your child caught the eye of a predator and now he wants to know where your kid lives or goes to school.

Part II: How To Identify Surveillance

Are You Being Followed? In the world of an intelligence officer, there are many different types of surveillance and techniques to use to identify if you are under surveillance. In the civilian world we are more likely to face a very specific type of surveillance and we can get away with employing techniques that require less finesse. So, for the purpose of this article I will keep it as simple as possible so that the skills discussed can be remembered and easily executed when needed.

Again, situational awareness cannot be stressed enough here as the only way you are going to identify a pursuer is by paying attention in the first place. Identification by being hit over the head is truly a poor technique. Surveillance detection works for both travel on foot or in a vehicle and is executed through three easy tests… but only if you are paying attention. It may sound strange or as a challenge to your ego, but you need to train yourself to “pay attention” to your surroundings.

Three Tests

1. Distance Traveled Test
The concept here is simple. If a person or car is still behind you over a long distance, then you place that person/car higher up on your mental list of potential pursuers. However, this test only shows us one piece of the puzzle and if used by itself can produce false results.
...

2. Length of Time Traveled Test
The longer you are traveling, the higher the likelihood that someone who is following you is going to stand out or be noticed as you have had more “time” to notice them (that is, if you are paying attention). Chances are this person has not had the chance to change their clothes or vehicle and hopefully seeing the same person or car for the last hour will start to set off some warning bells in your brain.
...

3. Change of Direction Test
Changing your direction of travel, either on foot or vehicle, helps avoid the random “going in the same direction” or “out driving around town for the same amount of time” random event. The more changes of direction you can incorporate into your routine, the better chance you have of narrowing down your mental list of potential suspects. If going from Point A to Point B consists of six turns and the same vehicle is behind you for each of them, well, you might want to pay attention. That said, this test is like the others, can produce false observations if used only by itself. For example, everyone uses this shortcut, this is the main/easiest way to get to the freeway, departing your neighborhood to the main street that leads to the grocery store, etc.
...

Tips While Driving

As you begin to practice this skill, start concentrating on those three tests as you drive or walk around. If you have been driving across town in a straight line, take a few turns out of your way. Doing so will help you determine if someone is following you by isolating, or weeding out, a lot of the cars you’ve seen driving behind you up to that point. Throw in a few stops to increase your driving time and add some turns between stops to further narrow down the list of potential vehicles. Jump back on the main road and repeat.

Tips While On Foot

If you are on foot walking downtown from Point A to B, conduct your route in the same way. Change directions and keep an eye on anyone that may be behind you. Remember, your urban environment provides all kinds of opportunities to look behind without “looking behind”. Think about using reflections in windows, doors, bus stops, and windshields of passing vehicles to see who is behind you. To add some time to your walk, stop to read a menu posted outside a restaurant, duck into a store to grab a coffee or use a restroom. Most folks will pass you by if you do.

So you don’t appear paranoid by looking behind you constantly and raising other people’s suspicions, add some turns to your route. As you turn, swivel your head to see where you came from – this is normal as you should look left and right before crossing traffic! This technique is great because it forces you to always change directions and can be done mindlessly to always know what is going on behind you. Think situational awareness and repeat until you are able to determine if someone is or is not following you… then decide what to do next!
...

Part III: What To Do After Confirming Surveillance

Steps to Take After Identifying You Are Being Followed What should you do if you have identified that you are being followed? Simple – get to safety!

Let’s back it up for a second. What if (seeing as all of this is new to you) you are not totally sure if this person has been following you or it’s just a random event or your imagination? Well, Hollywood isn’t the real world, which is where you are located and where there are actual laws and consequences, so trying to “lose” them is stupid, dangerous, and probably not going to work for you. However, here are a couple easy, safe and legal ideas that you could try:

Simply turn around… pull into any area that easily and quickly allows you to turn around and go back the way you just came. It really would be beyond coincidental if that suspect vehicle behind you performed the same maneuver, wouldn’t it? If you are on the freeway and there is an off-ramp that has an immediate on-ramp as well, then just exit the freeway, wait until it is safe to cross traffic and simply drive back onto the freeway. Again, I would call this a pretty solid clue if that suspect vehicle does the same thing.
...

Stay Calm, Change the Situation

Stay calm and change the situation to your advantage and personal safety. Call 911 and drive to the nearest police or fire station. If there isn’t a station nearby, think of a well-lighted and public location that would provide you with easy escape routes, where you can also easily keep this person in view (from a safe distance), where law enforcement can easily find you, or where it is obvious there are lots of video cameras or security guards. Don’t let the bad guy get the advantage. Avoid places such as roads or alleys where you could become stuck, blocked in, cut off or otherwise isolated, parking ramps, or any such place where maneuverability and visibility are limited.

Prevention is Better Than A Cure

Like a disease or illness, prevention is much better than the cure and good safety habits are the Vitamin C of personal security. So start changing your habits to include practicing situational awareness, creating surveillance detection routes, mixing up your daily/weekly routines, and the most challenging practice ever – stop communicating your schedules, events and vacations on social media!
...

Teaching Kids Personal Safety

Knowing how to identify if you are being followed is a skill that could potentially save lives. And like situational awareness, teaching my wife and children how to identify if they are being followed is a fun activity to bond over while increasing their security/survivor mindset.
...

Reno Dads is all about exploring fatherhood in all its glory. If you enjoyed this article, check out Teaching Kids Situational Awareness (expanded discussion on our podcast) and 15 Travel Tips From Former Undercover CIA Officers for more strategies on keeping your family safe. As always, thanks for your support.
...

Full text - Surveillance Detection – A CIA Officer’s Guide to Protecting Your Family


Обнаружение слежки

Thursday, February 14, 2019

Why is the first IP address in my relay circuit always the same?

Tor imposes the first entry node
That is normal Tor behavior. The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this blog post and paper on entry guards.

https://support.torproject.org/tbb/tbb-2/
And I have already managed to change the "Entry guard" several times: from United Kingdom to Germany and to Ukraine, to France. But the lamers can not do it and do not even know about the new feature of The Tor Project

I continue the experiments...

I revealed that Tor begins to ignore directive ExcludeExitNodes in torrc file.
Moreover, the application when starting, removes this directive the configuration file.


I solved this problem. Simply and reliably

Wednesday, January 2, 2019

Kevin Mitnick. The Art of Invisibility

Kevin Mitnick. The Art of Invisibility. Искусство быть невидимым. Как сохранить приватность в эпоху Big Data
Искусство быть невидимым. Как сохранить приватность в эпоху Big Data
Кевин Митник
Думаете, ваши данные в Интернете хорошо защищены? Так глубоко вы никогда не заблуждались! Кевин Митник - самый разыскиваемый хакер планеты в прошлом, а ныне один из ведущих специалистов по кибербезопасности, знает, насколько опасна неосведомленность в вопросах защиты данных в сети. Как сбить со следа Большого брата и не пасть жертвой таргетинга и навязчивых маркетинговых кампаний? Как сделать так, чтобы ваша личная информация принадлежала только вам и никому другому? Никто не расскажет об этом лучше всемирно известного экс-хакера номер один.

Кевин Митник: Искусство быть невидимым. Как сохранить приватность в эпоху Big Data. Бумажная версия на русском языке. (Лабиринт)

Tuesday, January 1, 2019

Edward Snowden. Permanent Record. По-русски

Permanent Record. Edward Snowden. Эдвард Сноуден. Личное дело
Мировой бестселлер! После того, как правительство США подало иск против бывшего сотрудника ЦРУ и АНБ Эдварда Сноудена за публикацию этих мемуаров, они стали самой продаваемой книгой в мире. Эдвард Сноуден рискнул всем, чтобы разоблачить систему массового наблюдения, созданную правительством США. Теперь он рассказывает свою историю. В 2013 году 29-летний Эдвард Сноуден шокировал мир: будучи агентом ЦРУ и сотрудником АНБ, он рассказал, что правительство США тайно стремится отслеживать каждый телефонный звонок, сообщение и посланное электронное письмо. Результатом стала бы беспрецедентная система массового наблюдения с возможностью вмешательства в частную жизнь каждого человека на Земле. Эдвард Сноуден принимает важное решение: он публикует секретные документы, ставя на кон всю свою жизнь. Он знает, что никогда больше не увидит свою семью, свою родину и женщину, которую любит. Молодой человек, который вырос в Сети. Он становится шпионом, разоблачителем и, наконец, защитником свободного Интернета и главным диссидентом цифровой эпохи. Мемуары Сноудена подводят итог самого важного конфликта нашего времени: до какого момента мы должны терпеть - и где мы обязаны начать сопротивляться? "Эдвард Сноуден - самый яркий за последние десятилетия кейс, известный как "верность против справедливости": когда вопрос присяги и долга вступает в противоречие с представлениями о морали. Я очень надеюсь, что в случае со Сноуденом именно об этом конфликте идет речь, а не о конфликте долга и верности с амбициями и жаждой славы" - Алексей Пивоваров, журналист, автор YouTube-канала "Редакция" "Эта книга не просто интересна. Не просто представляет собой поразительный рассказ о том, как с помощью современной техники государство устанавливает слежку за каждым, без исключения, гражданином. Это книга о мужестве, о чувстве долга, наконец, о патриотизме. Сказать, что эта книга совершенно уникальна - это не сказать ничего" - Владимир Познер, журналист

Эдвард Сноуден. Личное дело. Бумажная версия на русском языке. (Лабиринт)

Tuesday, October 16, 2018

How to be a Gray Man

The Gray Man
• Wear nondescript clothes.
• Dress for the occasion.
• Hide distinguishable features.
• Lose the scent.
• Control your movements.
• Adapt to your surroundings.
• Minimize interaction.
• Get rid of old habits.
• Don’t play the hero or the villain.
• Know the ins and outs of the city.
• Observe people.
• Be careful what you post online.

The concept of the gray man revolves around the idea of a person who does not draw attention to himself, who does not stand out from the normal inhabitants of a location in any way. A gray man can move through an area, even through a large group of people, without anyone taking special notice of him.
While it may sound like the province of airport spy novels and clandestine agency activity, this is undoubtedly useful in situations such as:

• Martial law and state of emergency
• Getting clear of a riot
• Post SHTF bartering
• Moving while carrying valuables
• Avoiding attention from authorities or criminal elements

Full text is here. Author - Dan “Survival” Sullivan


Как быть "Серым Человеком"

Friday, September 21, 2018

Как вас прослушивают

Многие из методов ниже имеют законные основания. Но не все.
Как правило, если вы не занимаетесь ничем противозаконным или не находитесь под подозрением, то и прослушивать вас не будут. Но это не отменяет шанса прослушки со стороны бизнес-конкурентов, преступников и прочих недоброжелателей.
Просто знайте всю эту информацию и спите спокойно.

СОРМ

Система оперативно-розыскных мероприятий – прослушка официальная, государственная, тотальная. В РФ все операторы связи обязаны устанавливать СОРМ на своих АТС и обеспечивать правоохранительным органам доступ к разговорам и переписке пользователей.
Если у оператора не будет СОРМ, ему не выдадут лицензию. Если он отключит СОРМ, лицензию аннулируют. К слову, не только в соседних Казахстане и Украине, но и в США, Великобритании и многих других странах действует та же система.
СОРМ принято делить на три поколения:
  • СОРМ 1 позволяет следить за аналоговой связью, телефонными переговорами. Её разработали а 80-е годы.
  • СОРМ 2 создана для прослушивания мобильной связи и контроля интернет-трафика. Второе поколение СОРМ стали внедрять в 2000 году. В составе системы – отдельный сервер, подключённый к пульту управления ФСБ, и кольцевой буфер, который должен хранить весь проходящий через провайдера трафик за последние 12 часов.
  • СОРМ 3 – это новейший вариант, который обеспечивает объединение всех вышеуказанных систем и дополнительно контролирует часть VPN-серверов, прослушивает в режиме реального времени спутниковую связь, мессенджеры и др., хранит метаданные о звонках, интернет-сессиях, переданных сообщениях, позволяет получить данные из внутренних систем оператора. СОРМ 3 начали внедрять в 2014 году.
Операторы РФ преимущественно используют СОРМ 2. Но на практике у 70% компаний система либо вообще не работает, либо работает с нарушениями.
Прежде всего, СОРМ устанавливать дорого (а делать это оператор должен за свои деньги по индивидуальному плану, утвержденному местным управлением ФСБ). Большинству операторов проще заплатить около 30 тыс. рублей штрафа в соответствие с ч.3 ст.14.1 КоАП РФ.
Кроме того, СОРМ оператора может конфликтовать с комплексами ФСБ. И из-за этого записывать трафик пользователей технически невозможно.
Операторы не контролируют, как спецслужбы используют СОРМ. Соответственно, запретить прослушивать конкретно ваш номер они не могут.
Однако спецслужбам для прослушки формально нужно решение суда. В 2016 году суды общей юрисдикции выдали правоохранительным органам 893,1 тыс. подобных разрешений. В 2017 году их количество снизилось, но незначительно.
Впрочем, сотрудникам правоохранительных органов ничего не стоит включить чей-то номер в набор для прослушки как потенциально подозрительный. И сослаться на оперативную необходимость.
К тому же уровень безопасности СОРМ часто невысок. Так что остаётся возможность и для несанкционированного подключения – незаметно для оператора, абонента и спецслужб.
Сами операторы тоже могут посмотреть историю звонков, сообщений, перемещений смартфона по базовым станциям.

Сигнальная сеть SS7 (ОКС-7)

SS7, ОКС-7, или система сигнализации №7 – набор сигнальных протоколов, которые применяют для настройки телефонных станций PSTN и PLMN по всему миру. Протоколы используют цифровые и аналоговые каналы для передачи управляющей информации.
Уязвимости в SS7 находят регулярно. Это позволяет хакерам подключиться к сети оператора и прослушивать ваш телефон. Вообще говоря, в SS7 практически не вшивали системы защиты – изначально считалась, что она защищена по умолчанию.
Обычно хакеры внедряются в сеть SS7 и отправляет по её каналам служебное сообщение Send Routing Info For SM (SRI4SM). В качестве параметра сообщения он указывает номер для прослушки. В ответ домашняя сеть абонента отправляет IMSI (международный идентификатор абонента) и адрес коммутатора MSC, который в настоящий момент обслуживает абонента.
После этого хакер отправляет ещё одно сообщение – Insert Subscriber Data (ISD). Это позволяет ему внедриться в базу данных и загрузить туда свой адрес вместо биллингового адреса абонента.
Когда абонент совершает звонок, коммутатор обращается к адресу хакера. В результате осуществляется конференц-звонок с участием третьей стороны (злоумышленника), которая может всё слушать и записывать.
Подключиться к SS7 можно где угодно. Так что российский номер вполне могут ломать из Индии, Китая, да хоть из далёкой жаркой Африки. Кстати, SS7 позволяет использовать USSD-запросы для перехвата SMS или перевода баланса.
Вообще SS7 – это «мать всех дыр» и самое уязвимое место мобильной системы. Её сейчас используют не только для прослушки, но и для обхода двухфакторной аутентификации. Иначе говоря, для доступа к вашим банковским аккаунтам и другим защищённым профайлам.

Троянские приложения

Это как раз самый простой и распространённый способ. Установить приложение, пока «половинка» в душе, или использовать методы социальной инженерии, чтобы заставить перейти по ссылке, гораздо проще, чем договариваться с операми и ФСБ.
Приложения позволяют не только записывать разговоры по мобильному или читать SMS. Они могут активировать микрофон и камеру, чтобы скрыто слушать и снимать всё происходящее вокруг.
Самый популярный троян такого рода – FinFisher. В 2008-2011 годах его устанавливали на iPhone через дыру в iTunes, которую Apple почему-то не закрывала.
В 2011 году правительство Египта использовало FinFisher в ходе Арабской весны. Причём приобрело официальную версию за 287 тыс. евро.
Как вас могут уговорить установить шпион для прослушки? Это может быть обновление популярной игры из «левого» каталога, приложение со скидками, подделка под обновление системы.
К слову, правоохранительные органы тоже используют шпионские приложения – к примеру, когда не могут пойти официальным путём и получить разрешение суда. Трояны под 0day-уязвимости в Android и iOS – многомиллионный рынок, продукты на нём востребованы во многих странах мира.

Дистанционная прослушка

Варианта здесь три – мобильный комплекс, фемтосота или поддельная базовая станция. Все они недешевы, так что рядового юзера так прослушивать не будут. Но всё же расскажем, как это работает.
Мобильный комплекс устанавливают на расстоянии до 300-500 м от прослушиваемого смартфона. Направленная антенна перехватывает все сигналы, компьютер их сохраняет и расшифровывает с помощью радужных таблиц или других технологий. Когда прослушка закончена, комплекс просто уезжает.
У поддельной базовой станции (IMSI-перехватчика) сигнал мощнее, чем у настоящей. Смартфон видит, что такая станция даст лучшее качество связи, и автоматически подключается к ней. Станция перехватывает все данные. Размер станции – чуть больше ноутбука. Стоит она от 600 долларов (кустарная) до 1500-2000 долларов (промышленные варианты).
К слову, поддельные станции нередко используют для рассылки спама. В Китае такие устройства умельцы собирают и продают компаниям, которые хотят привлечь покупателей. Нередко поддельные БС применяют и в районах боевых действий, чтобы дезинформировать военных или население.
Фемтосота – устройство более миниатюрное. Она не такая мощная, как полноценная станция связи, но выполняет те же функции. Фемтосоты обычно устанавливают компании, чтобы прослушивать трафик своих сотрудников и партнёров. Данные перехватываются до того, как отправятся на базовые станции сотовых операторов. Но такую же фемтосоту можно установить и для точечной прослушки.

Выводы

Технически самый простой и универсальный способ прослушки – это мобильное приложение. В случае чего всё можно свалить на абонента: мол, сам разрешил доступ к камере, микрофону, отправке данных и т.п. Остальные методы – скорее для профессионалов или людей, которые могут оплатить услуги профессионалов.
https://telegra.ph/Kak-ponyat-chto-vash-smartfon-proslushivayut-09-20