This site going down just recently …

Spread the love

Dear dizzy,

An audit of our hosting environment showed a malware php file in a hidden directory on your website/s. Our investigations have shown there were no vulnerabilities on our platform that caused this issue, and the attacker most likely used an outdated plugin to gain access.

This site went down! twice just recently. Think that I know which pluggin and had already removed it. Using long passwords e.g. a phrase of 20 or more characters, is a sensible and effective security precaution. [ed: Don’t use the same password for all websites. You’re asking for trouble if you use the same password for a news site and your email.] I am pleased with my website host.

15/3/22 Previous strikethrough applied. This follows a migration by my host and subsequent problems contacting support. I expect to be moving to a different host.

Continue ReadingThis site going down just recently …

Reinstalling Debian woes

Spread the love

This is a geeky post which is unlikely to be interesting or even understandable to anyone other than those familiar with Debian Linux or similar systems.

I managed to trash my Debian system just recently. The /root partition was too small. I used gparted to increase it but made the mistake of gparted’ing the / EFI partition while increasing the size of the /root partition. My Debian system has been great for years and I’m out of practice installing Linux. My excuse – as poor as it is – is that / is traditionally the root partition. The Linux filesystem has changed and now there’s a /root partition and / is the /boot partition.

I tried to the repair the / EFI partition without success. The reEFI tools wouldn’t work for me. I reinstalled Debian many times while keeping my /home partition. I was using Debian install in expert mode.

I found that xfce4 was virtually useless after the Debian install. I suppose that it may be because I’m keeping my /home partition upsetting the settings. [2/11/16 I’ll try getting rid of anything relevant. [2/11 later. It was the previous config messing it up))  All applications are obscuring the start menu and the minimise, maximise, close window **adornments** are missing. Audio is simply not working after a Debian 8 install – what’s that about? It should just work, I tried fixing it but I shouldn’t have to. Debian used to install so well. It’s a 2011 A64 system [2/11/16 Amd64) , mainstream now and really should be no problem.

Years ago (95-05) gnome was fine if a bit heavy and slow. I can’t stand it now even in classic mode. The default gnome is unbearable. KDE is so slow and a real pain to achieve anything. Audio still not working. [2/11/16  soundcard not recognised appears to be a problem with Deb8 install. I tried to get hold of Deb7 install because it upgrades fine … )

[ed: After reinstalling Debian on one occasion apt was warning that installations were unverified. apt’s verification system was compromised.)

I then tried to netinstall Debian. I suppose this is the real reason of this post. Fetching a netinstall image from Debian.org I noticed that I was downloading from another not Debian.org site. I do anyway check integrity and the netinstall image sha256sum was wrong. I found it difficult to find the sha256sum on the Debian site which was a bit of a pain.

[ed: Were the spooks onto me?)

I’m likely to install OpenBSD as a desktop.

Simple security suggestions: Check integrity of install images, use long passwords, use a firewall, check what services are visible using nmap.

[4/11/16 Looks like audio was fine and not working due to a silly mistake by me.]

Continue ReadingReinstalling Debian woes

Computer Security: Why Yahoo email surveillance is a big deal

Spread the love

Reuters reported yesterday that Yahoo had actioned a secret dictate by a US security agency to search all it’s customers’ incoming emails.

A small excerpt of Reuters report

“…

Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo’s challenge was unsuccessful.

Some Yahoo employees were upset about the decision not to contest the more recent edict and thought the company could have prevailed, the sources said.

They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company’s security team in the process, instead asking Yahoo’s email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.

The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

…”

A program was written to search emails “for character strings”.

Yahoo facilitated remote retrieval.

Yahoo’s security team were excluded from the process.

Yahoo’s security team discovered the program in May 2015.

“within weeks of it’s installation”.

Chief Information Security Officer Alex Stamos resigns claiming that he was excluded from a decision that hurts client security.

Stamos says that hackers could have accessed the stored emails due to a programming flaw.

Why it’s a big deal

I’m not at all surprised that Stamos was pissed off. His security team would have their systems watching their networks for the slightest hint that anyone was thinking about hacking them. They would be watching which processes were running and be continually confirming the integrity of their programs. And then his boss allowed the government to root (rootkit) his systems.

In simple terms, the backdoor (remote retrieval) and it’s traffic was hidden, the running process was hidden and file system integrity checking was bypassed to hide the new program. That’s serious shit needing changes to the running system. It needs a rootkit to make a system hide all those things and behave as normal while hiding the rootkit itself. It was Stamos’s job to prevent some evil hackers from installing rootkits and therefore owning his systems and his boss has gone and installed one behind his back – and it may have been an insecure one at that.

There is a problem that the security team can’t really know how long they were pwned once the system is controlled by a rootkit. A competent rootkiter would certainly be able to fix the security archive as it was written to hide it’s existence and activity. This raises further questions: How long were they owned? Was the earlier security breach of late 2014 related in some way? The earlier security breach is attributed to state-sponsored actors.

[Even more: Take for example file integrity checking. The classic example is tripwire. At intervals it will check the integrity of system files. It’s basically enumerating system files checking that there are not more or less without reason and checking the integrity of important files e.g. program that run, to make sure that they haven’t changed.

To list files on Unix, the command ‘ls’ is used. ‘ls -al’ also shows hidden files and their lengths. The action of the ‘ls’ and similar commands are changed so that rootkit files and the new spying program is hidden – everything needs to appear normal and unchanged. The new program and the rootkit hides from everything by altering the running system.]

6/10/16 8am update:

Later reports suggest that the spying / scanning program was integrated with a pre-existing programme scanning for child pornography, malware and spam. This presents a reasonable explanation so that the new program changes and consequent process (running programme) were part of normal development / evolution of systems.

It still leaves the issue of the backdoor (remote access). It appears that a choice is presented: either there is a rootkit hiding the backdoor and it’s traffic or the string being searched for is the security agency’s string allowing remote access. It’s difficult to hide that backdoor and overall I’d go with a rootkit.

A rootkit tends to support Yahoo’s useless security over the past few years and the fact that it took so long to realise i.e. their systems were owned.

Continue ReadingComputer Security: Why Yahoo email surveillance is a big deal

Partial anatomy of a hack by GCHQ – It’s pwned

Spread the love

[5/2/15 I may have been mistaken about the running inside virtualization and that is probably normal livecd messages. There is still something amiss with the different ps axu(s) – it does at least make me very suspicious since I can’t think of any reason why that would happen other than nasty. I’m also surprised that this system is so difficult to boot into OpenBSD. You can’t be too paranoid, or can you?]

I’ve got an AMD64 thin client as a gateway / router that also runs a tor relay. It usually runs dnsmasq but has been running the more conventional dhcpd and named recently. It uses a small camera-style flash card as a hard drive running current and patched OpenBSD. My internal network connects to this through a switch. I run firewalls on all machines – pf on this of course and usually arno-iptables-firewall on debian boxes. This box currently has an uptime of over 59 days.

Image of GCHQ donught building. Doesn't look like a doughnut. Look. Oh c'mon, can't you see - open your eye.

Just recently I’ve had a hard drive fail on my desktop debian machine. I was very surprised at this since it’s very low mileage and being debian linux it hardly ever gets powered down. It appeared to have many and increasing terrible errors that also seemed to jump about whenever I tried e2fscking them. I can’t help but suspect that GCHQ contributed to the apparent demise of this drive.

My new replacement drive arrived yesterday and I had decided to install an OpenBSD xfce desktop. None of the OpenBSD install cds were recognised. What’s going on here?

At the OpenBSD box:

# ps axu | grep bin
root         1  0.0  0.0   744   148 ??  Is    23Nov14    0:01.16 /sbin/init
_syslogd 12341  0.0  0.1   756   876 ??  I     23Nov14    0:08.61 /usr/sbin/sys
_iscsid  10832  0.0  0.1   624   548 ??  Is    23Nov14    0:00.00 /usr/sbin/isc
root     17049  0.0  0.1  1068  1100 ??  Is    23Nov14    0:00.04 /usr/sbin/ssh
_sndio    1059  0.0  0.0   712   344 ??  I<s   23Nov14    0:00.00 /usr/bin/sndi
root     25566  0.0  0.1   904  1092 ??  Ss    23Nov14    0:09.31 /usr/sbin/cro
< (xterm widened) >
# ps axu | grep bin
root         1  0.0  0.0   744   148 ??  Is    23Nov14    0:01.16 /sbin/init
_syslogd 12341  0.0  0.1   756   876 ??  S     23Nov14    0:08.61/usr/sbin/syslogd
_iscsid  10832  0.0  0.1   624   548 ??  Is    23Nov14    0:00.00 /usr/sbin/iscsid
root     17049  0.0  0.1  1068  1100 ??  Is    23Nov14    0:00.04 /usr/sbin/sshd
_sndio    1059  0.0  0.0   712   344 ??  I<s   23Nov14    0:00.00 /usr/bin/sndiod
root     25566  0.0  0.1   904  1092 ??  Ss    23Nov14    0:09.31 /usr/sbin/cron
_tor     18528  0.0  2.8 21700 25344 ??  S<    23Nov14  1927:49.62 /usr/local/bin/tor

That can’t be right – that tor only appears in the second and subsequent ps axu(s). Having huge difficulty i.e. it is impossible, to install OpenBSD to my desktop machine. They’re pwned.

OpenBSD doesn’t install under a Linux  virualization ‘wrapper’. Linux runs under Linux virtualization, OpenBSD won’t – at least not under this virtualization.

“NET: Registered protocol family 17

mpls_gso: MPLS GSO support” it reads – it’s embedded Linux.

It appears to be a very small wrapper in IPv6 coming from the OpenBSD router / gateway. My laptop starts complaining that BIOS has been changed – not seen that message before. The tor router relay is stopped pretty sharpish.

GCHQ? Well my connection to my ISP is to their ‘audit’ machine. I guess that means GCHQ. My close friend’s car was hours late back from it’s first service – shouldn’t the first service only be oil and filter, a half hour job? After that it was clear that cops could hear everything said in that car and were often waiting for us to arrive. A friend who I was once close to had the ‘Water Board’ round to check his taps. He remarked that she was well-presented. I’ve noticed that local ‘Scientific Investigation’ policewomen are well-presented. Oh, and we had a deep cover spy at our anti-casualisation group meetings. He was also at a pre-G8 2005 meeting. I think that he was Met, very interested in me and an apparent dirty, hairy anarchist cop.

I was using a password 29 characters long. My guess is that they used my mobile to map my keyboard – different characters sound different and there are differences in the time I take to reach them. Or they could have watched (spied) through the window.

I don’t know if they wanted me to find this or not.  I met someone from GCHQ in the Bunch of Grapes one Friday afternoon many years ago. It’s their job, it’s what they do.

I watched this a few hours earlier. You may get lost after the first 10 minutes or so. 30 to 37 minutes or so is good for politicians.

Can’t copy embed code. Bloody GCHQ. Bruce Schneier at MIT: https://www.youtube.com/watch?v=QXtS6UcdOMs

I’m listening to this at the moment

but while I’m listening to this I want to explain a far greater danger than terrorism that I face almost daily because you see, I am a cyclist.

Yesterday I was almost mown down by a motorist that was on the wrong side of the road and almost mowed me down. He had not seen me because he was texting.

Motorists on mobile phones are lethal to cyclists – a far greater danger than any supposed attacks by ‘terrorists’. I can attest that there is a far greater danger to people – pedestrians, cyclists and motorcyclists – than terrorism. We need a sense of proportion, to be measured and to asses issues. As a cyclist, I am telling you it is far more dangerous than any fake manufactured, terrorism nonsense. I accept that there are a very few terrorists – usually insane. How can they be anything other than insane? But, they are caught up in the terrorist narrative. Cycling and being a pedestrian is far more dangerous.

Where is the international campaign against motorists using mobile phones? Surely NASA, GCHQ can catch these ‘t*******ts’? Don’t they cause terror to ordinary people and kill indiscriminitely? Actually, yes they do. And far more than this terrorism BS.

There are very few terrorist. Yes they should be pursued. There is fake, manufactured terrorism which is still terrorism pursued by nation-states and criminal cabals. There are also a few poor sods caught up in the terrorism narrative but let’s get it in perspective.

Indiscriminite drones. Stop it.

Ok, er, cycling is nothing compared to rockets from a drone. It’s much the same that it’s totally undeserved but I reckon a drone is far more lethal

– he’s talking about speed limits now

struck by lightening

I suggest that you watch the Greenwald vid. still long to go – talking about inscenity now

Talking about terrorism defined as what Muslims do. We had this in Uk recently with the car driven into council offices up North which then exploded. Strangely enough that wasn’t a car bomb and was reported on the news as most definitely not terrorism …

Intermission: I take advantage of this intermission to point out out that I do magick: that I have converted water into wine with the assistance of fruit, sugar and yeast. I made Melomel for the first time this year and I think that it may have been the first medicine (Meddygon Myddfai). Untreated, unadulterated honey and currant fruits worked really well. It was like a universal medicine – anything that was wrong with you it cured. I believe that it is possible to keep bees without exploiting them.

OK, intermission over.

<snip>

22/1/15 2.40am At least they know that I’m not into CP. I wish that they would go for the ones that are (and more). Actually, I want them to go for the people that abuse children. My understanding of GCHQ’s purpose is that it’s outside their remit. I think that GCHQ is military and concerned with defence. Can we change that so that they catch paedos?

better now ;)

Continue ReadingPartial anatomy of a hack by GCHQ – It’s pwned

The simple way to install Tor for online anonymity

Spread the love

Image of Tor onion networkingThe bad news is that the National Security Agency (the US authority that spies on internet users) targets anyone searching for privacy tools.

NSA classifies Linux Journal readers, Tor and Tails Linux users as “extremists”

“Months of investigation by the German public television broadcasters NDR and WDR (ARD), drawing on exclusive access to top secret NSA source code, interviews with former NSA employees, and the review of secret documents of the German government reveal that not only is the server in Nuremberg under observation by the NSA, but so is virtually anyone who has taken an interest in several well-known privacy software systems,” said the ARD report.

The program marks and tracks the IP addresses of those who search for ‘tails’ or ‘Amnesiac Incognito Live System’ along with ‘linux’, ‘ USB ‘,’ CD ‘, ‘secure desktop’, ‘ IRC ‘, ‘truecrypt’ or ‘ tor ‘. It also refers to the Tails Linux distribution as “a comsec mechanism advocated by extremists on extremist forums”.

The good news is that it’s never been easier to install tor anonymity software. Just head over to Torproject, grab the tor browser bundle and follow the instructions.

 

edit: I support the Tor project by running a Tor relay.

Continue ReadingThe simple way to install Tor for online anonymity

Con-Dem David Cameron’s censorship and attack on human rights

Spread the love

Original graphic published at www.reachinglight.com.

Infographic: UK Filter to Block ‘Esoteric Content’ - Worldwide Implications

Hmm, esoteric content? web forums? This is a huge attack on free thinking and any type of organisation or collaborative endeavour. It will probably include geeky tech and alternative politics.

What will the web be like without conspiracy theories and conspiracy theorists?

This post subject to change

Continue ReadingCon-Dem David Cameron’s censorship and attack on human rights

Tim Berners-Lee condemns spy agencies as heads face MPs

Spread the love

http://www.theguardian.com/world/2013/nov/06/tim-berners-lee-encryption-spy-agencies

Inventor of world wide web condemns ‘dysfunctional and unaccountable’ oversight as intelligence chiefs face MPs

 Sir Tim Berners-Lee, the computer scientist who created the world wide web, has called for a “full and frank public debate” over internet surveillance by the National Security Agency and its British counterpart, GCHQ, warning that the system of checks and balances to oversee the agencies has failed.

The damning assessment was given as the heads of GCHQ, MI5 and MI6 prepared to face questioning by MPs in the Commons on Thursday. In an unprecedented hearing in Westminster, questions over the conduct of Britain’s spy agencies will be raised when the heads of the three secret services – MI5, MI6 and GCHQ – go before parliament’s intelligence and security committee.

The 90-minute session will give the nine-strong committee, led by Sir Malcolm Rifkind, a chance to question the agencies about the reach of the mass surveillance programmes that have provoked a global debate about privacy in the internet age. While critics have often despaired of the ISC’s lack of clout, Rifkind has promised to use new powers to provide robust scrutiny of the agencies and restore public confidence in what they have been doing.

As the inventor of the global system of inter-connectivity known as the web, with its now ubiquitous www and http, Berners-Lee is uniquely qualified to comment on the internet spying revealed by the former NSA contractor Edward Snowden.

In an interview with the Guardian, he expressed particular outrage that GCHQ and the NSA had weakened online security by cracking much of the online encryption on which hundreds of millions of users rely to guard data privacy.

He said the agencies’ decision to break the encryption software was appalling and foolish, as it directly contradicted efforts of the US and UK governments to fight cybercrime and cyberwarfare, which they have identified as a national security priority. Berners-Lee also said it was a betrayal of the technology industry.

In contrast to several senior British politicians – including the prime minister, David Cameron – who have called for the Guardian to be investigated over reporting of the Snowden leaks, Berners-Lee sees the news organisation and Snowden as having acted in the public interest.

“Whistleblowers, and responsible media outlets that work with them, play an important role in society. We need powerful agencies to combat criminal activity online – but any powerful agency needs checks and balances and, based on recent revelations, it seems the current system of checks and balances has failed,” he said.

As the director of the World Wide Web Consortium (W3C) that seeks to forward global standards for the web, Berners-Lee is a leading authority on the power and the vulnerabilities of the internet.

He said the Guardian’s coverage of the Snowden leaks had to be seen within the context of the failure of oversight of GCHQ’s and the NSA’s surveillance activities. “Here is where whistleblowing and responsible reporting can step in to protect society’s interests.

“It seems clear that the Guardian’s reporting around the scale and scope of state surveillance has been in the public interest and has uncovered many important issues which now need a full and frank public debate.”

Talking in his office at the Massachusetts Institute of Technology in Cambridge, Massachusetts, Berners-Lee said that though he had anticipated many of the surveillance activities exposed by Snowden, including taps on the internet through the Prism program, he had not been prepared for the scale of the NSA/GCHQ operations. “I didn’t realise it would be so big,” he said.

At worst, such spying could damage the public’s confidence in the intimate privacy of the internet as a free and safe place to interact. “When you take away the safe space, you take away a lot of the power of human problem solving,” he warned.

Berners-Lee will mark the 25th anniversary of his invention of the web next year by campaigning for greater public awareness of threats to the internet and by pushing for a charter that would codify the rights of all its users. As head of the World Wide Web Foundation, on 22 November he will release the 2013 Web Index, which measures the web’s growth, utility and impact across about 80 countries – including indicators on censorship and surveillance.

 Al Gore: Snowden ‘revealed evidence’ of crimes against US constitution

Former US vice-president Al Gore has described the activities of the National Security Agency as “outrageous” and “completely unacceptable” and said whistleblower Edward Snowden has “revealed evidence” of crimes against the US constitution.

Gore, speaking Tuesday night at McGill University in Montreal, said he was in favour of using surveillance to ensure national security, but Snowden’s revelations showed that those measures had gone too far.

“I say that as someone who was a member of the National Security Council working in the White House and getting daily briefings from the CIA,” Gore said, in comments reported by the Canadian Press.

Gore had previously said he believed the practice of the NSA collecting US citizens phone records was unlawful and “not really the American way”, but his comments on Tuesday represent his strongest criticism yet.

Asked about Snowden, the NSA whistleblower whose revelations have been reported extensively by the Guardian, Gore said the leaks had revealed uncovered unconstitutional practices.

“He has revealed evidence of what appears to be crimes against the Constitution of the United States,” Gore said.

Continue ReadingTim Berners-Lee condemns spy agencies as heads face MPs

Blind old cnut Blunkett all of a sudden – many years too late – says that interception was too much

Spread the love

Blind old cnut Blunkett all of a sudden says “Human nature is you get carried away, so we have to protect ourselves from ourselves,” he said. “In government you are pressed by the security agencies. They come to you with very good information and they say ‘you need to do something’. So you do need the breath of scepticism, not cynicism, breathing on them. You need to be able to take a step back. If you don’t have this, you can find yourself being propelled in a particular direction.”

I suspect that this is about spying on mobile phone users: In fact I suspect that it’s about governments demanding the ability to spy on mobile phone users is designed into the systems. This was on big C cnut Blunkett’s watch after all …

COUNCIL RESOLUTION of 17 January 1995 on the lawful interception of telecommunications
(96/C 329/01)
Official Journal C 329 , 04/11/1996 p. 0001 – 0006

[These demands from ‘law enforcement agencies’ are for every signal including location. Mobile phones signal their location continuously. Isn’t that a bug? … Blunkett, what do you have to say? You were home secretary after all … ]

[Later edit: Blunkett became Home Secretary in 2001. It should be recognised that mobile phones announce their location and much more.

[Later: It appears that there was no opposition by Blunkett to these demands from ‘law enforcement agencies’. Wasn’t there a scandal about this time about New Labour databases? –  Escalibur was associated with Mandy and Labour coming into power but it was more than that – have to research this.]

Don’t look at this Mobile phones are designed to be mobile bugs

Continue ReadingBlind old cnut Blunkett all of a sudden – many years too late – says that interception was too much

An original geeky post for a change (because as well as a political activist I’m also a geek)

Spread the love

OpenBSD is widely regarded as the most secure operating system. Today is the release date of the latest release OpenBSD 5.4. You’ll need to give it a few hours because it’s not yet 1/11 in Canada.

OpenBSD is secure because it is continually security audited. It is absolutely ideal for firewall/routers because of it’s advanced pf packet filter. It’s best suited for servers but also performs well on desktops and multimedia machines.

Other geeky things I’ve been doing lately

Learning C programming properly. C is all about pointers and indirection. It seems to be taught totally the wrong way. Pointers are key and all else follows …

I recapped a motherboard. You don’t need a new machine nowadays and I was pleased to revive a machine for a friend’s parents. It’s good to save a computer from the skip. I solder badly because I don’t do it often enough but I obviously solder well enough.

I replaced a Sempron LE-1150 with a really fast Athlon X2. Now it rocks.

[Cartoon of CMS learning curve implying that Drupal is very difficult to learn11/11/13  I’ve been trying to learn Drupal 7. Drupal is a Content Managment System (CMS) which also claims to be a CMS framework. A CMS is used to build websites and Drupal is used to build many of the most complex and advanced websites. As the diagram shows, Drupal is difficult to grok. My experience is that it’s counterintuitive and opposed to many of the principles of programming e.g. the use of global variables. But then it’s not programming of course – it’s an application for developing websites.

I did try Joomla and WordPress but it looks like Drupal is what I need to build the websites I want. I think it may be that you just have to learn the Drupal way. Just lately I’ve been doing some maintenance to this blog and realised that WordPress produces an awful lot of dead links which are no good to anyone. I’m thinking of converting this blog to Drupal soon and get some practice in.

There’s some weirdness about this post – not allowing me to edit it as I normally would. I’ve had to use a different browser because it simply appeared totally blank in the browser I normally use but yet it appears published fine. Weird.]

[9/12/13 I’ve been repairing analogue radios just recently. It’s surprising what some contact cleaner, compressed air and a vacuum cleaner can achieve. I still need to repair my favourite radio which was second-hand and well used when I got it about 1999. It will need some soldering but some radios are special.]

Some geeky tips

Use strong passwords. I particularly like long passwords because I know about brute-forcing.

Backup.

Get a real operating system. Linux livecds can help.

[More geeky tips. This could go on and on.

Firewall. Firewall on all interfaces especially on laptops and mobile devices. Lock it down.

Wireless should be considered insecure.

[6/11/13 The Guardian has published a Guide to Tor. The latest Tor browser bundle should be used and care should be taken. People have been caught-out accessing web-based email by not appreciating how it works. It should not be used for anything that divulges personal info and there’s not really much point in watching Youtube through Tor. If you’re in a repressive country it’s worth using. Basically, it hides what you’re looking at. [edit: It’s likely to get past broad political internet censorship. ]

If you have geek competence and spare resources please consider running a Tor relay as I do. There are certain dangers involved in running an exit node (relay) which do not apply to intermediate nodes.]

 

[4/11 What was I not thinking about? Mobile phones are designed to be mobile bugs.

… and here are the regulations from the ILETS / ENFOPOL affair of the 90s. These regulations are demands made by law enforcement authorities of the capabilities needed to infiltrate communications. Essentially, these law enforcement demands are design requirements for communication systems. You will notice that these requirements date from the mid 1990s. It’s probably safe to assume that they have been implemented by now. [Later edit: These regulations were intended particularly at mobile devices: phones at that time e.g. the reference to location. These regulations are bound to have been updated in the same culture of secrecy for technological developments since.]

COUNCIL RESOLUTION of 17 January 1995 on the lawful interception of telecommunications
(96/C 329/01)
Official Journal C 329 , 04/11/1996 p. 0001 – 0006

Annex: Requirements

This section presents the Requirements of law enforcement agencies relating to the lawful interception of telecommunications. These requirements are subject to national law and should be interpreted in accordance with applicable national policies. Terms are defined in the attached glossary.

1.Law enforcement agencies require access to the entire telecommunications transmitted, or caused to be transmitted, to and from the number or other identifier of the target service used by the interception subject. Law enforcement agencies also require access to the call-associated data that are generated to process the call.

1.1.Law enforcement agencies require access to all interception subjects operating temporarily or permanently within a telecommunications system.

1.2.Law enforcement agencies require access in cases where the interception subject may be using features to divert calls to other telecommunications services or terminal equipment, including calls that traverse more than one network or are processed by more than one network operator/service provider before completing.

1.3.Law enforcement agencies require that the telecommunications to and from a target service be provided to the exclusion of any telecommunications that do not fall within the scope of the interception authorization.

1.4.Law enforcement agencies require access to call associated data such as:

1.4.1.signalling of access ready status;

1.4.2.called party number for outgoing connections even if there is no successful connection established;

1.4.3.calling party number for incoming connections even if there is no successful connection established;

1.4.4.all signals emitted by the target, including post-connection dialled signals emitted to activate features such as conference calling and call transfer;

1.4.5.beginning, end and duration of the connection;

1.4.6.actual destination and intermediate directory numbers if call has been diverted.

1.5.Law enforcement agencies require information on the most accurate geographical location known to the network for mobile subscribers.

1.6.Law enforcement agencies require data on the specific services used by the interception subject and the technical parameters for those types of communication.

2.Law enforcement agencies require a real-time, fulltime monitoring capability for the interception of telecommunications. Call associated data should also be provided in real-time. If call associated data cannot be made available in real time, law enforcement agencies require the data to be available as soon as possible upon call termination.

3.Law enforcement agencies require network operators/service providers to provide one or several interfaces from which the intercepted communications can be transmitted to the law enforcement monitoring facility. These interfaces have to be commonly agreed on by the interception authorities and the network operators/service providers. Other issues associated with these interfaces will be handled according to accepted practices in individual countries.

3.1.Law enforcement agencies require network operators/service providers to provide call associated data and call content from the target service in a way that allows for the accurate correlation of call associated data with call content.

3.2.Law enforcement agencies require that the format for transmitting the intercepted communications to the monitoring facility be a generally available format. This format will be agreed upon on an individual country basis.

3.3.If network operators/service providers initiate encoding, compression or encryption of telecommunications traffic, law enforcement agencies require the network operators/service providers to provide intercepted communications en clair.

3.4.Law enforcement agencies require network operators/service providers to be able to transmit the intercepted communications to the law enforcement monitoring facility via fixed or switched connections.

3.5.Law enforcement agencies require that the transmission of the intercepted communications to the monitoring facility meet applicable security requirements.

4.Law enforcement agencies require interceptions to be implemented so that neither the interception target nor any other unauthorized person is aware of any changes made to fulfil the interception order. In particular, the operation of the target service must appear unchanged to the interception subject.

5.Law enforcement agencies require the interception to be designed and implemented to preclude unauthorized or improper use and to safeguard the information related to the interception.

5.1.Law enforcement agencies require network operators/service providers to protect information on which and how many interceptions are being or have been performed, and not disclose information on how interceptions are carried out.

5.2.Law enforcement agencies require network operators/service providers to ensure that intercepted communications are only transmitted to the monitoring agency specified in the interception authorization.

5.3.According to national regulations, network operators/service providers could be obliged to maintain an adequately protected record of activations of interceptions.

6.Based on a lawful inquiry and before implementation of the interception, law enforcement agencies require: (1) the interception subject’s identity, service number or other distinctive identifier; (2) information on the services and features of the telecommunications system used by the interception subject and delivered by network operators/service providers; and (3) information on the technical parameters of the transmission to the law enforcement monitoring facility.

7.During the interception, law enforcement agencies may require information and/or assistance from the network operators/service providers to ensure that the communications acquired at the interception interface are those communications associated with the target service. The type of information and/or assistance required will vary according to the accepted practices in individual countries.

8.Law enforcement agencies require network operators/service providers to make provisions for implementing a number of simultaneous intercepts. Multiple interceptions may be required for a single target service to allow monitoring by more than one law enforcement agency. In this case, network operators/service providers should take precautions to safeguard the identities of the monitoring agencies and ensure the confidentiality of the investigations. The maximum number of simultaneous interceptions for a given subscriber population will be in accordance with national requirements.

9.Law enforcement agencies require network operators/service providers to implement interceptions as quickly as possible (in urgent cases within a few hours or minutes). The response requirements of law enforcement agencies will vary by country and by the type of target service to be intercepted.

10.For the duration of the interception, law enforcement agencies require that the reliability of the services supporting the interception at least equals the reliability of the target services provided to the interception subject. Law enforcement agencies require the quality of service of the intercepted transmissions forwarded to the monitoring facility to comply with the performance standards of the network operators/service providers.

22/7/14 My stats show that this is the most popular post – probably because of the ILETS / ENFOPOL quote above.

Got a spares or repair box off eBay cheap and swaped the processor. It rocks – quad core, 2T hard drive and I only ever use a small part of the memory.

Learning django at the moment and hoping to build a site using it soon. Python is good.

Everything wireless strikes me as fantastically insecure. Normal computer users are going to be vulnerable to evil twins at public hotspots. What about wireless keyboards? That’s a keyboard transmitting what keys are pressed. I don’t know but would doubt that encryption is used.

Continue ReadingAn original geeky post for a change (because as well as a political activist I’m also a geek)