Technical aspects of the surveillance in and around the Ecuadorian embassy in London - Details about the man hunt for Julian Assange and Wikileaks

The talk explains and illustrates the procedural and technical details of the surveillance in and around the Ecuadorian embassy in London during the time Julian Assange stayed in there from June 2012 until April 2019.

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-11247-technical_aspects_of_the_surveillance_in_and_around_the_ecuadorian_embassy_in_london

#video #CCC #36c3 #surveillance #Assange
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Listening Back Browser Add-On Tranlates Cookies Into Sound

‘Listening Back’ is an add-on for the Chrome and Firefox browsers that sonifies internet cookies in real time as one browses online. Utilising digital waveform synthesis, ‘Listening Back’ provides an audible presence for hidden infrastructures that collect personal and identifying data by storing a file on one’s computer. By directing the listener’s attention to hidden processes of online data collection, Listening Back functions to expose real-time digital surveillance and consequently the ways in which our everyday relationships to being surveilled have become normalised.

Our access to the World Wide Web is mediated by screen devices and ‘Listening Back’ enables users to go beyond the event on the screen and experience some of the algorithmic surveillance processes that underlie our Web experience. This project therefore explores how sound can help us engage with complex phenomena beyond the visual interface of our smart devices by highlighting a disconnect between the graphical interface of the Web, and the socio-political implications of background mechanisms of data capture.

By sonifying a largely invisible tracking technology ‘Listening Back’ critiques a lack of transparency inherent to online monitoring technologies and the broader context of opt in / default cultures intrinsic to contemporary modes of online connectivity. By providing a sonic experiential platform for the real-time activity of Internet cookies this project engages listening as a mode of examination and asks what is the potential of sound as a tool for transparent questioning?

👉🏼 Chrome:
https://chrome.google.com/webstore/detail/listening-back/gdkmphlncmoloepkpifnhneogcliiiah

👉🏼 Firefox:
https://addons.mozilla.org/en-GB/firefox/addon/listening-back/

💡 Read more:
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10855.html

#addon #chrome #firefox #CCC #36c3 #cookies #ListeningBack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Listening Back Browser Add-On Tranlates Cookies Into Sound

https://mirror.netcologne.de/CCC/congress/2019/h264-hd/36c3-10855-eng-Listening_Back_Browser_Add-On_Tranlates_Cookies_Into_Sound.mp4

👉🏼 Read more:
https://t.iss.one/BlackBox_Archiv/779

#addon #chrome #firefox #CCC #36c3 #cookies #ListeningBack #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Vincent Canfield - 36C3 Staff Brutally Assaulted Me for Political Reasons

On Saturday night (Sunday morning) at around 4:30AM my friend and I were the victim of a brutal assault that was started, escalated, and carried out by the most senior members of the Orga group of the Chaos Communication Congress. If it were not for the evidence we collected, you would think I was crazy. But these abuses are very real.

https://vc.gg/blog/36c3-staff-assaulted-me-for-political-reasons.html

https://twitter.com/gexcolo/status/1211268694741061632?s=19

#CCC #36c3 #Canfield #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The KGB Hack: 30 Years Later

The 36C3 seems an excellent opportunity to take a look back at the instance of hacking which, even more so than previous events like the BTX and NASA Hacks, brought the CCC into the focus of the (West-)German public – and, additionally, the Federal Office for the Protection of the Constitution (Verfassungsschutz) and the Federal Intelligence Service (Bundesnachrichtendienst).

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-11031-the_kgb_hack_30_years_later

#video #CCC #36c3 #KGB #hacking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Septor 2020

Septor Linux is a operating system that provides users with a perfect computing environment for surfing the Internet anonymously. Septor providing users with a stable and reliable distribution that is based on Debian GNU/Linux and works on a wide range of computers. Distribution featuring a customised KDE Plasma deskop and Tor technologies.

Linux Kernel 5.3 Plasma 5.14.5
Software Management: Synaptic, GDebi
Internet: Tor Browser, Thunderbird, Ricochet IM, HexChat, QuiteRSS, OnionShare
Utilities: Gufw, Konsole, Ark, Image Writer, Bootiso, Sweeper, KGpg, Kleopatra, MAT, KWallet, VeraCrypt
Graphics / Multimedia: GIMP, Gwenview. VLC, K3b, Guvcview
Office: LibreOffice, Kontact, КOrganizer, Okular, Kwrite, Kate, Eqonomize

https://septor.sourceforge.io/

#Septor #Linux #Debian
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Obscurix: Linux Live System for privacy, security and anonymity

#Obscurix is a new open source #Live operating system based on #Arch #Linux. Obscurix attaches great importance to your #privacy, #security and #anonymity on the net. The live operating system routes all your traffic quite securely through the #Tor# network and also supports many other networks like #I2P and #Freenet.

Privacy, Security and Anonymity
To get it straight up front: Obscurix does not want to be a Linux operating system for pentesters. Even if you mainly want to play games on your computer, you better find something else. Obscurix is simply a secure and easy to use live operating system. In addition, the developers have done a lot to make it resistant against various forms of tracking and #surveillance. As a user you don't have to configure much, which makes it easy to get started.

One of the big differences between this and other Linux operating systems is the special focus on privacy, security and anonymity. Therefore Obscurix is not an operating system that you should install on your hard disk. As a pure live operating system it runs only in the memory of your computer. During shutdown the #OS automatically deletes all digital "traces" that third parties could otherwise evaluate later.

Continue on:
https://tarnkappe.info/obscurix-linux-live-system-fuer-privatsphaere-sicherheit-und-anonymitaet/

👉🏼 Obscurix:
https://obscurix.github.io/

👉🏼 ObscurixOS TG support group:
https://t.iss.one/Obscurix_OS

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’

Company’s work in 68 countries laid bare with release of more than 100,000 documents

An explosive #leak of tens of thousands of documents from the defunct data firm #CambridgeAnalytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million #Facebook profiles.

More than 100,000 documents relating to work in 68 countries that will lay bare the global infrastructure of an operation used to manipulate voters on “an industrial scale” is set to be released over the next months.

It comes as Christopher Steele, the ex-head of MI6’s Russia desk and the intelligence expert behind the so-called “Steele dossier” into Trump’s relationship with Russia, said that while the company had closed down, the failure to properly punish bad actors meant that the prospects for manipulation of the US election this year were even worse.

The release of documents began on New Year’s Day on an anonymous Twitter account, @HindsightFiles, with links to material on elections in Malaysia, Kenya and Brazil. The documents were revealed to have come from Brittany Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be the same ones subpoeaned by Robert Mueller’s investigation into Russian interference in the 2016 presidential election.

Kaiser, who starred in the Oscar-shortlisted Netflix documentary The Great Hack, decided to go public after last month’s election in Britain. “It’s so abundantly clear our electoral systems are wide open to abuse,” she said. “I’m very fearful about what is going to happen in the US election later this year, and I think one of the few ways of protecting ourselves is to get as much information out there as possible.”

Read more:
https://www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation

#DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Serious cyber-attack on Austria's foreign ministry

Austria's foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country.

The ministry said the seriousness of the attack suggested it might have been carried out by a "state actor".

The hack started on Saturday night and experts warn it could continue for several days.

The breach occurred on the same day Austria's Green party backed forming a coalition with conservatives .

It was recognised very quickly and countermeasures taken immediately, the foreign ministry said in a statement.

"Despite all intensive security measures, there is never 100% protection against cyber-attacks," the ministry said.

https://www.bbc.com/news/world-europe-50997773

https://www.rte.ie/news/world/2020/0105/1104411-austria-cyber-attack/

#austria #cyberattack #stateactor #hacker #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Interview: Vincent Canfield from cock.li comments on his expulsion from the 36C3

In our conversation Vincent Canfield tells us how the violent expulsion from 36C3 happened from his point of view. Vincent is not exactly an undisputed personality, to put it objectively. He tells us how he came up with the idea of founding his e-mail service cock.li. We also learn about Vincent’s political view of the world or how seriously he thinks cock.li should be taken. Of course we also talk to him about the „unpleasant“ moments he unfortunately had to experience at this year’s Chaos Communication Congress (36C3) in Leipzig. The man from the National.Shitposting.Agency (NSA?)had to face some questions in our interview.

Vincent Canfield: a topic about which people elsewhere prefer to remain silent?

No year should end without the annual Chaos Communication Congress (36C3). Also this year, one headline quickly followed the next. As has been the case for many years, the media have taken up the topics of the Chaos Communication Congress. Whether it’s about hacking in general, data protection or autonomous driving, 5G networks or the final proof that Deutsche Bahn is indeed unpunctual. As every year, everything was reported in detail. Apparently, (almost) nobody wanted to report on just one topic until today: Vincent Canfield, the head of cock.li, has obviously been thrown out of this year’s 36C3 congress in a rather unpleasant way.

👉🏼 The interview in english:
https://tarnkappe.info/vincent-canfield-from-cock-li-comments-on-his-expulsion-from-the-36c3/

👉🏼 The interview in german:
https://tarnkappe.info/interview-vincent-canfields-meinung-zu-cock-li-und-ueber-den-ccc/

https://twitter.com/gexcolo/status/1214261610338037761

#Vincent #cockli #CCC #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The Hidden Cost of Ransomware: Wholesale Password Theft

#Organizations in the throes of cleaning up after a #ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single password stored on each infected endpoint. The result of this oversight may offer attackers a way back into the affected organization, access to financial and healthcare accounts, or — worse yet — key tools for attacking the victim’s various business partners and clients.

In mid-November 2019, Wisconsin-based Virtual Care Provider Inc. (#VCPI) was hit by the #Ryuk ransomware strain. VCPI manages the #IT #systems for some 110 clients that serve approximately 2,400 nursing homes in 45 U.S. states. VCPI declined to pay the multi-million dollar ransom demanded by their extortionists, and the attack cut off many of those elder care facilities from their patient records, email and telephone service for days or weeks while VCPI rebuilt its network.

👉🏼 Read more:
https://krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesale-password-theft/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Project Zero - Google will publish security vulnerabilities later

Google's #cybersecurity team from #ProjectZero has announced that it will change its #disclosure #policy for handling discovered #vulnerabilities. This mainly concerns the time of publication.

https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Cyber war: 9 things to do now before a cyberattack hits


📺 How social media is escalating tensions with Iran
https://video.foxnews.com/v/6120650076001

👉🏼 Read as well:
9 things to do now before a cyberattack hits
https://www.foxnews.com/tech/9-things-to-do-now-before-a-cyberattack-hits

👉🏼 Read as well (🇩🇪):
https://tarnkappe.info/cyber-krieg-wie-iranische-hacker-gegen-die-usa-vorgehen/

#video #cyberwar #iran #usa #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Anti Social - A Modern Dating Horror Story

From invidio.us/watch?v=GEWnXmDfVZg

#antisocial

Nobody but us - The rIse and fall of the golden age of signals intelligence

The United States’ National Cryptologic Museum in Fort Meade, Maryland, displays versions of two important encryption machines. The first is the Enigma machine, the most famous cryptographic apparatus ever built. The second machine, less well known, is called SIGABA. These devices are similar in certain important respects. Each employs an electromechanical rotor-based design. Each was used during World War II; the Nazis deployed Enigma while US forces relied on SIGABA. It is no exaggeration to say that, during the conflict, these machines protected—or tried to protect—some of the most important messages in the world.

👉🏼 #PDF:
https://www.hoover.org/sites/default/files/research/docs/buchanan_webreadypdf.pdf

💡 More info on #NOBUS:
https://en.wikipedia.org/wiki/NOBUS

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

microG: Android (almost) without Google – our interview with the developer

The use of microG means that on smartphones, you can enjoy the comfort of Android without being spied on from front to back. It’s a sort of „castrated“ Android, where hardly any data are transferred to the Google servers. How does Google manage to enforce control over the mobile operating system Android with all its might? What does it take to stand up against Google? That and much more, we will find out in our interview with the inventor of microG, Marvin Wißfeld.

👉🏼 👉🏼 Read more:
https://tarnkappe.info/microg-android-almost-without-google-our-interview-with-the-developer/

#interview #microG #android #google #DeleteGoogle #Marvin
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Netanyahu's party exposes data on over 6.4 million Israelis

The app's website exposed a link to an API endpoint that was left without a password, allowing third-parties to obtain passwords for admin accounts.

A misconfiguration in an election day app developed by Likud, the party of Israeli prime minister Benjamin Netanyahu, may have potentially exposed and compromised the personal details of almost 6,5 million Israeli citizens.

The leak was discovered and detailed today by Ran Bar-Zik, an Israeli-born frontend developer for Verizon Media.

It is unclear if the exposed server and data was harvested by unauthorized parties before Bar-Zik's discovery and public disclosure. Local Israeli media like Haaretz, Calcalist, and Ynet confirmed Bar-Zik's findings.

👉🏼 Read more:
https://www.zdnet.com/article/netanyahus-party-exposes-data-on-over-6-4-million-israelis/

#leak #Israel #Netanyahu #Likud #compromised
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The intelligence coup of the century’
For decades, the CIA read the encrypted communications of allies and adversaries.

For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret.

The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software.

The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.

But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.

The decades-long arrangement, among the most closely guarded secrets of the Cold War, is laid bare in a classified, comprehensive CIA history of the operation obtained by The Washington Post and ZDF, a German public broadcaster, in a joint reporting project.

👉🏼 Read more:
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/?itid=hp_hp-top-table-main_crypto-730am%3Ahomepage%2Fstory-ans

👉🏼 In German:
https://www.zdf.de/politik/frontal-21

#CIA #BND #USA #Germany #spionage #cryptoAG #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

U.S. Officials Say Huawei Can Covertly Access Telecom Networks

Trump administration ramps up push for allies to block Chinese company

U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persuade allies to exclude the Chinese company from their networks.

Intelligence shows Huawei has had this secret capability for more than a decade, U.S. officials said. Huawei rejected the allegations.

The U.S. kept the intelligence highly classified until late last year, when American officials provided details to allies including the U.K. and Germany, according to officials from the three countries. That was a tactical turnabout by the U.S., which in the past had argued that it didn’t need to produce hard evidence of the threat it says Huawei poses to nations’ security.

👉🏼 Read more:
https://www.wsj.com/articles/u-s-officials-say-huawei-can-covertly-access-telecom-networks-11581452256

#huawei #usa #backdoors
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Report: 1,000s of Plastic Surgery Patients Exposed in Massive Data Leak

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to plastic surgery technology company NextMotion.

NextMotion provides clinics working in dermatology, cosmetic, and plastic surgery with digital photography and video devices for their patients.

The compromised database contained 100,000s of profile images of patients, uploaded via NextMotion’s proprietary software. These were highly sensitive, including images of patients’ faces and specific areas of their bodies being treated.

This breach made NextMotion, its clients, and their patients incredibly vulnerable and represented a significant lapse in the company’s data privacy policies.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the data are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was named after the company, so we quickly identified NextMotion as the potential owner. We investigated further to ensure this was correct before moving forward.

Read more:
https://www.vpnmentor.com/blog/report-nextmotion-leak/

#leak #breach #nextmotion
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Why Did Twitter Just "Lockdown" WikiLeaks Account? https://www.zerohedge.com/technology/why-did-twitter-just-lockdown-wikileaks-account … The Extradition Hearing on whether to send Julian Assange to an American Gulag starts on February 24. #FreeAssange https://dlvr.it/RQDWb2 #WikiLeaks 🆘 @saveAssange via Twitter