Archive for the ‘Privacy’ Category

Making an Onion List and Checking It Twice (or more)

Wednesday, December 13th, 2017

Bash script to check if .onions and other urls are alive or not

From the post:

The basic idea of this bash script is to feed a list of .onion urls and use torsocks and wget to check if the url is active or not, surely there are many other alternatives but it always nice to have another option.

Useful script and daily reminder:

Privacy is a privilege you work for, it doesn’t happen by accident.

Going Among Capitalists? Don’t Forget Your S8 USB Cable!

Wednesday, November 15th, 2017

Teardown of a consumer voice/location cellular spying device that fits in the tip of a USB cable by Cory Doctorow.

From the post:

Mich from ha.cking bought a $25 “S8 data line locator” device — a cellular spying tool, disguised as a USB cable and marketed to the general public — and did a teardown of the gadget, offering a glimpse into the world of “trickle down surveillance” where the kinds of surveillance tools used by the NSA are turned into products and sold to randos over the internet for $25.

The S8 makes use of the GSM cellular network and takes a regular micro-SIM, and can use any of the international GSM bands. You communicate with it by sending it SMSes or by using a web front-end, which causes it to switch on a hidden mic so you can listen in on its surroundings; it can also give a coarse approximation of its location (based on GSM towers, not GPS, and accurate to within about 1.57km).

For all the technical details see: Inside a low budget consumer hardware espionage implant by mich @0x6d696368by.

In some legal jurisdictions use of this cable may be construed as a crime. But, as US torture of prisoners, NSA surveillance, and numerous other crimes by US operatives demonstrates, prosecution of crimes is at the whim and caprice of prosecutors.

Calling something a “crime” is pejorative labeling for media purposes, unless you are a prosecutor deciding on prosecution. Otherwise, it’s just labeling.

Intel MINIX – Universal Vulnerability?

Tuesday, November 7th, 2017

MINIX — The most popular OS in the world, thanks to Intel by Bryan Lunduke

Unless most claims of being “widespread,” the claims about MINIX, a secret OS on Intel chips, appear to be true.

From the post:


MINIX is running on “Ring -3” (that’s “negative 3”) on its own CPU. A CPU that you, the user/owner of the machine, have no access to. The lowest “Ring” you have any real access to is “Ring 0,” which is where the kernel of your OS (the one that you actually chose to use, such as Linux) resides. Most user applications take place in “Ring 3” (without the negative).

The second thing to make my head explode: You have zero access to “Ring -3” / MINIX. But MINIX has total and complete access to the entirety of your computer. All of it. It knows all and sees all, which presents a huge security risk — especially if MINIX, on that super-secret Ring -3 CPU, is running many services and isn’t updated regularly with security patches.

For details, see Replace your exploit-ridden firmware with a Linux kernel, by Ron Minnich, et. al. (Seventy-one (71) slides. File name: Replace UEFI with Linux.pdf. I grabbed a copy just in case this one goes away.)

Intel material on UEFI.

Unified Extensible Firmware Interface Forum, consortium website. For the latest versions of specifications see: http://www.uefi.org/specifications but as of today, see:

ACPI Specification Version 6.2 (Errata A)

ACPI can first be understood as an architecture-independent power management and configuration framework that forms a subsystem within the host OS. This framework establishes a hardware register set to define power states (sleep, hibernate, wake, etc). The hardware register set can accommodate operations on dedicated hardware and general purpose hardware. [page 1.] 1177

UEFI Specification Version 2.7 (Errata A)

T
his Unified Extensible Firmware Interface (hereafter known as UEFI) Specification describes an interface between the operating system (OS) and the platform firmware. UEFI was preceded by the Extensible Firmware Interface Specification 1.10 (EFI). As a result, some code and certain protocol names retain the EFI designation. Unless otherwise noted, EFI designations in this specification may be assumed to be part of UEFI.

The interface is in the form of data tables that contain platform-related information, and boot and runtime service calls that are available to the OS loader and the OS. Together, these provide a standard environment for booting an OS. This specification is designed as a pure interface specification. As such, the specification defines the set of interfaces and structures that platform firmware must implement. Similarly, the specification defines the set of interfaces and structures that the OS may use in booting. How either the firmware developer chooses to implement the required elements or the OS developer chooses to make use of those interfaces and structures is an implementation decision left for the developer.

Using this formal definition, a shrink-wrap OS intended to run on platforms compatible with supported processor specifications will be able to boot on a variety of system designs without further platform or OS customization. The definition will also allow for platform innovation to introduce new features and functionality that enhance platform capability without requiring new code to be written in the OS boot sequence. [page 1.] 2575

UEFI Shell Specification Version 2.2

The UEFI Shell environment provides an API, a command prompt and a rich set of commands that extend and enhance the UEFI Shell’s capability. [page 1] 258

UEFI Platform Initialization Specification Version 1.6

This specification defines the core code and services that are required for an implementation of the Pre-EFI Initialization (PEI) phase of the Platform Initialization (PI) specifications (hereafter referred to as the “PI Architecture”). This PEI core interface specification (CIS) does the following:
[vol. 1, page 1] 1627

UEFI Platform Initialization Distribution Packaging Specification Version 1.1

This specification defines the overall architecture and external interfaces that are required for distribution of UEFI/PI source and binary files. [page 1] 359

TCG EFI Platform Specification

PC Client Work Group EFI Platform Specification, Version 1.22, Revision 15

This document is about the processes that boot an Extensible Firmware Interface (EFI) platform and load an OS on that platform. Specifically, this specification contains the requirements for measuring EFI unique events into TPM PCRs and adding boot event entries into the Event Log. [page 5] 43

TCG EFI Protocol Specification

PC Client Work Group EFI Protocol Specification, Family “2.0”, Level 00, Revision 00.13

The purpose of this document is to define a standard interface to the TPM on an EFI platform. This standard interface is useful on any instantiations of an EFI platform that conforms to the EFI Specification. This EFI Protocol Specification is a pure interface specification that provides no information on “how” to construct the underlying firmware implementation. [page 9] 46

By my count, 5,585 pages from the Unified Extensible Firmware Interface Forum, consortium website alone.

Of course, then you need to integrate it with other documentation, your test results and the results of others, not to mention blogs and other sources.

Breaking this content into useful subjects would be non-trivia, but how much are universal vulnerabilities worth?

Cheap Tracking of Public Officials/Police

Thursday, October 12th, 2017

The use of license plate readers by law enforcement and others is on the rise. Such readers record the location of your license plate at a particular time and place. They also relieve public bodies of large sums of money.

How I replicated an $86 million project in 57 lines of code by Tait Brown details how he used open source software to create a “…good enough…” license plate reader for far less than the ticket price of $86 million.

Brown has an amusing (read unrealistic) good Samaritan scenario for his less expensive/more extensive surveillance system:


While it’s easy to get caught up in the Orwellian nature of an “always on” network of license plate snitchers, there are many positive applications of this technology. Imagine a passive system scanning fellow motorists for an abductors car that automatically alerts authorities and family members to their current location and direction.

The Teslas vehicles are already brimming with cameras and sensors with the ability to receive OTA updates — imagine turning them into a virtual fleet of good samaritans. Ubers and Lyft drivers could also be outfitted with these devices to dramatically increase the coverage area.

Using open source technology and existing components, it seems possible to offer a solution that provides a much higher rate of return — for an investment much less than $86M.

The better use of Brown’s less expensive/more extensive surveillance system is tracking police and public official cars. Invite them to the gold fish bowl they have created for all the rest of us.

A great public data resource for testing testimony about the presence/absence of police officers at crime scenes, protests, long rides to the police station and public officials consorting with co-conspirators.

ACLU calls for government to monitor itself, reflect an unhealthy confidence in governmental integrity. Only a close watch on government by citizens enables governmental integrity.

Evidence of Government Surveillance in Mexico Continues to Mount [Is This News?]

Monday, September 25th, 2017

Evidence of Government Surveillance in Mexico Continues to Mount by Giovanna Salazar, translated by Omar Ocampo.

From the post:

In early September, further attempts to spy on activists in Mexico were confirmed. The president of Mexicans Against Corruption and Impunity (MCCI), an organization dedicated to investigative journalism, received several SMS messages that were intended to infect his mobile device with malicious software.

According to The New York Times, Claudio X. González Guajardo was threatened with Pegasus, a sophisticated espionage tool or “spyware” sold exclusively to governments that was acquired by the Mexican government in 2014 and 2015, with the alleged intention of combating organized crime. Once installed, Pegasus spyware allows the sender or attacker to access files on the targeted device, such as text messages, emails, passwords, contacts list, calendars, videos and photographs. It even allows the microphone and camera to activate at any time, inadvertently, on the infected device.

Salazar’s careful analysis of the evidence leaves little doubt:

these intrusive technologies are being used to intimidate and silence dissent.

But is this news?

I ask because my starting assumption is that governments buy surveillance technologies to invade the privacy of their citizens. The other reason would be?

You may think some targets merit surveillance, such as drug dealers, corrupt officials, but once you put surveillance tools in the hands of government, all citizens are living in the same goldfish bowl. Whether we are guilty of any crime or not.

The use of surveillance “to intimidate and silence dissent” is as natural to government as corruption.

The saddest part of Salazar’s report is that Pegasus is sold exclusively to governments.

Citizens need a free, open source edition of Pegasus Next Generation with which to spy on governments, businesses, banks, etc.

A way to invite them into the goldfish bowl in which ordinary citizens already live.

The ordinary citizen has no privacy left to lose.

The question is when current spy masters will lose theirs as well?

Warrantless Stingray Unconstitutional – Ho-Hum

Friday, September 22nd, 2017

Tracking phones without a warrant ruled unconstitutional by Lisa Vaas.

From the post:

A Washington DC Court of Appeals said on Thursday that law enforcement’s warrantless use of stingrays—suitcase-sized cell site simulators that mimic a cell tower and that trick nearby phones into connecting and giving up their identifying information and location—violates the Constitution’s Fourth Amendment protection against unreasonable search.

The ruling (PDF) overturned the conviction of a robbery and sexual assault suspect. In its decision, the DC Court of Appeals determined the use of the cell-site simulator “to locate a person through his or her cellphone invades the person’s actual, legitimate and reasonable expectation of privacy in his or her location information and is a search.”

Civil libertarians will be celebrating this decision! But the requirements of Jones vs. US are:

  1. You MUST commit a crime.
  2. You MUST be arrested for the crime in #1.
  3. You MUST be prosecuted for the crime in #1.
  4. The prosecutor MUST rely evidence from use of a warrentless stingray.
  5. The evidence in #4 MUST be crucial to proving your guilt, otherwise you are convicted on other evidence.

If any of those five requirements are missing, you don’t profit from Jones vs. US.

The exclusionary rule, the rule that excludes unconstitutionally obtained evidence sounds great, but unless you meet all its requirements, you are SOL.

For example, what if your phone and the phones of other protesters are subject to warrantless surveillance at a pro-environment rally? Or at a classic political rally? Or at a music concert? The government is just gathering data on who attended.

The exclusionary rule doesn’t do anything for you in those cases. Your identity has been unlawfully obtained, unconstitutionally as constitutional lawyers are fond of saying, but there no relief for you in Jones vs. US.

Glad the DC Circuit took that position but it has little bearing on your privacy in the streets of the United States.

Darkening the Dark Web

Monday, September 18th, 2017

I encountered Andy Greenberg‘s post, It’s About to Get Even Easier to Hide on the Dark Web (20 January 2017), and was happy to read:

From the post:


The next generation of hidden services will use a clever method to protect the secrecy of those addresses. Instead of declaring their .onion address to hidden service directories, they’ll instead derive a unique cryptographic key from that address, and give that key to Tor’s hidden service directories. Any Tor user looking for a certain hidden service can perform that same derivation to check the key and route themselves to the correct darknet site. But the hidden service directory can’t derive the .onion address from the key, preventing snoops from discovering any secret darknet address. “The Tor network isn’t going to give you any way to learn about an onion address you don’t already know,” says Mathewson.

The result, Mathewson says, will be darknet sites with new, stealthier applications. A small group of collaborators could, for instance, host files on a computer known to only to them. No one else could ever even find that machine, much less access it. You could host a hidden service on your own computer, creating a way to untraceably connect to it from anywhere in the world, while keeping its existence secret from snoops. Mathewson himself hosts a password-protected family wiki and calendar on a Tor hidden service, and now says he’ll be able to do away with the site’s password protection without fear of anyone learning his family’s weekend plans. (Tor does already offer a method to make hidden services inaccessible to all but certain Tor browsers, but it involves finicky changes to the browser’s configuration files. The new system, Mathewson says, makes that level of secrecy far more accessible to the average user.)

The next generation of hidden services will also switch from using 1024-bit RSA encryption keys to shorter but tougher-to-crack ED-25519 elliptic curve keys. And the hidden service directory changes mean that hidden service urls will change, too, from 16 characters to 50. But Mathewson argues that change doesn’t effect the dark web addresses’ usability since they’re already too long to memorize.

Your wait to test these new features for darkening the dark web are over!

Tor 0.3.2.1-alpha is released, with support for next-gen onion services and KIST scheduler

From the post:

And as if all those other releases today were not enough, this is also the time for a new alpha release series!

Tor 0.3.2.1-alpha is the first release in the 0.3.2.x series. It includes support for our next-generation (“v3”) onion service protocol, and adds a new circuit scheduler for more responsive forwarding decisions from relays. There are also numerous other small features and bugfixes here.

You can download the source from the usual place on the website. Binary packages should be available soon, with an alpha Tor Browser likely by the end of the month.

Remember: This is an alpha release, and it’s likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

The Vietnam War series by Ken Burns and Lynn Novick makes it clear the United States government lies and undertakes criminal acts for reasons hidden from the public. To trust any assurance by that government of your privacy, freedom of speech, etc., is an act of madness.

Will you volunteer to help with the Tor project or place your confidence in government?

It really is that simple.

Tor Browser 7.0.5 is released – Upgrade! Stay Ahead of Spies!

Tuesday, September 5th, 2017

Tor Browser 7.0.5 is released

From the webpage:

Tor Browser 7.0.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release makes HTTPS-Everywhere compatible with Tor Browser on higher security levels and ensures that browser windows on macOS are properly rounded.

Well, no guarantee you will stay ahead of spies but using the current release of Tor is the best one can do. At least for browsers.

Enjoy!

US Labor Day (sic) Security Reading

Friday, September 1st, 2017

I know, for the US to have a “labor day” holiday is a jest too cruel for laughter.

But, many people will have a long weekend, starting tomorrow, so suggested reading is in order.

Surveillance Self-Defense, a project of the EFF, has security “playlists” for:

Academic researcher? Learn the best ways to minimize harm in the conduct of your research.

Activist or protester? How to keep you and your communications safe wherever your campaigning takes you.

Human rights defender? Recipes for organizations who need to keep safe from government eavesdroppers.

Journalism student? Lessons in security they might not teach at your j-school.

Journalist on the move? How to stay safe online anywhere without sacrificing access to information.

LGBTQ Youth Tips and tools to help you more safely access LGBTQ resources, navigate social networks, and avoid snoopers.

Mac user? Tips and tools to help you protect your data and communications.

Online security veteran? Advanced guides to enhance your surveillance self-defense skill set.

Want a security starter pack? Start from the beginning with a selection of simple steps.

Have a great weekend!

Radio Navigation, Dodging Government GPS

Tuesday, August 8th, 2017

Radio navigation set to make global return as GPS backup, because cyber by Sean Gallagher.

From the post:

Way back in the 1980s, when I was a young naval officer, the Global Positioning System was still in its experimental stage. If you were in the middle of the ocean on a cloudy night, there was pretty much only one reliable way to know where you were: Loran-C, the hyperbolic low-frequency radio navigation system. Using a global network of terrestrial radio beacons, Loran-C gave navigators aboard ships and aircraft the ability to get a fix on their location within a few hundred feet by using the difference in the timing of two or more beacon signals.

An evolution of World War II technology (LORAN was an acronym for long-range navigation), Loran-C was considered obsolete by many once GPS was widely available. In 2010, after the US Coast Guard declared that it was no longer required, the US and Canada shut down their Loran-C beacons. Between 2010 and 2015, nearly everyone else shut down their radio beacons, too. The trial of an enhanced Loran service called eLoran that was accurate within 20 meters (65 feet) also wrapped up during this time.

But now there’s increasing concern about over-reliance in the navigational realm on GPS. Since GPS signals from satellites are relatively weak, they are prone to interference, accidental or deliberate. And GPS can be jammed or spoofed—portable equipment can easily drown them out or broadcast fake signals that can make GPS receivers give incorrect position data. The same is true of the Russian-built GLONASS system.

Sean focuses on the “national security” needs for a backup to GPS but it isn’t North Koreans, Chinese or Russians who are using Stingray devices against US citizens.

No, those are all in use by agents of the federal and/or state governments. Ditto for anyone spoofing your GPS in the United States.

You need a GPS backup, but your adversary is quite close to home.

The new protocol is call eLoran and Sean has a non-technical overview of it.

You would have unusual requirements to need a private eLoran but so you have an idea of what is possible:


eLoran technology has been available since the mid-1990s and is still available today. In fact, the state-of-the-art of eLoran continues to advance along with other 21st-century technology. eLoran system technology can be broken down into a few simple components: transmitting site, control and monitor site, differential reference station site and user equipment.

Modern transmitting site equipment consists of a high-power, modular, fully redundant, hot-swappable and software configurable transmitter, and sophisticated timing and control equipment. Standard transmitter configurations are available in power ranges from 125 kilowatts to 1.5 megawatts. The timing and control equipment includes a variety of external timing inputs to a remote time scale, and a local time scale consisting of three ensembled cesium-based primary reference standards. The local time scale is not directly coupled to the remote time scale. Having a robust local time scale while still monitoring many types of external time sources provides a unique ability to provide proof-of-position and proof-of-time. Modern eLoran transmitting site equipment is smaller, lighter, requires less input power, and generates significantly less waste heat than previously used Loran-C equipment.

The core technology at a differential eLoran reference station site consists of three differential eLoran reference station or integrity monitors (RSIMs) configurable as reference station (RS) or integrity monitor (IM) or hot standby (RS or IM). The site includes electric field (E-field) antennas for each of the three RSIMs.

Modern eLoran receivers are really software-defined radios, and are backward compatible with Loran-C and forward compatible, through firmware or software changes. ASF tables are included in the receivers, and can be updated via the Loran data channel. eLoran receivers can be standalone or integrated with GNSS, inertial navigation systems, chip-scale atomic clocks, barometric altimeters, sensors for signals-of-opportunity, and so on. Basically, any technology that can be integrated with GPS can also be integrated with eLoran.
Innovation: Enhanced Loran, GPS World (May, 2015)

Some people are happy with government controlled services. Other people, not so much.

Who is determining your location?

See Through Walls With WiFi!

Thursday, June 22nd, 2017

Drones that can see through walls using only Wi-Fi

From the post:

A Wi-Fi transmitter and two drones. That’s all scientists need to create a 3D map of the interior of your house. Researchers at the University of California, Santa Barbara have successfully demonstrated how two drones working in tandem can ‘see through’ solid walls to create 3D model of the interiors of a building using only, and we kid you not, only Wi-Fi signals.

As astounding as it sounds, researchers Yasamin Mostofi and Chitra R. Karanam have devised this almost superhero-level X-ray vision technology. “This approach utilizes only Wi-Fi RSSI measurements, does not require any prior measurements in the area of interest and does not need objects to move to be imaged,” explains Mostofi, who teaches electrical and computer engineering at the University.

For the paper and other details, see: 3D Through-Wall Imaging With Unmanned Aerial Vehicles and WiFi.

Before some contractor creates the Stingray equivalent for law enforcement, researchers and electronics buffs need to create new and improved versions for the public.

Government and industry offices are more complex than this demo but the technology will continue to improve.

I don’t have the technical ability to carry out the experiment but wondering if measurement of a strong signal from any source as it approaches a building and then its exit on the far side would serve the same purpose?

Reasoning that government/industry buildings may become shielded to some signals but in an age of smart phones, not all.

Enjoy!

Tor 7.0! (Won’t Protect You From @theintercept)

Wednesday, June 7th, 2017

Tor Browser 7.0 Is Out!

The Tor browser is great but recognize its limitations.

A primary one is Tor can’t protect you from poor judgment @theintercept. No software can do that.

Change your other habits as appropriate.

Skype/Microsoft – Invasion of Privacy

Thursday, June 1st, 2017

I first noticed this latest invasion of privacy by Skype/Microsoft yesterday.

A friend tried to share an image via Skype and when I went to look at it, I saw a screen similar to this one:

I say “similar to this one” because yesterday I closed the window and got the image via email.

Today, I had a voice message on Skype, which I cannot access without supplying my birthday!

The

“We need just a little more info to set up your account.”

is a factual lie. My account is already set up. Has been (past tense) for years.

This information is required” is that color in the original, no editing.

Anyone else experiencing a similar invasion of privacy courtesy of Skype/Microsoft?

More Dicking With The NSA

Sunday, May 21st, 2017

Privacy-focused Debian 9 ‘Stretch’ Linux-based operating system Tails 3.0 reaches RC status by Brian Fagioli.

From the post:

If you want to keep the government and other people out of your business when surfing the web, Tails is an excellent choice. The Linux-based operating system exists solely for privacy purposes. It is designed to run from read-only media such as a DVD, so that there are limited possibilities of leaving a trail. Of course, even though it isn’t ideal, you can run it from a USB flash drive too, as optical drives have largely fallen out of favor with consumers.

Today, Tails achieves an important milestone. Version 3.0 reaches RC status — meaning the first release candidate (RC1). In other words, it may soon be ready for a stable release — if testing confirms as much. If you want to test it and provide feedback, you can download the ISO now.

Fagioli covers some of the details but the real story is this:

The sooner testers (that can include you) confirm the stability, etc., of Tails Version 3.0 (RC1), the sooner it can be released for general use.

In part, the release schedule for Tails Version 3.0 (RC1) depends on you.

Your response?

Check Fagoli’s post for links to the release and docs.

Effective versus Democratic Action

Saturday, May 13th, 2017

OpenMedia is hosting an online petition: Save our Security — Strong Encryption Keeps Us Safe to:

Leaked docs reveal the UK Home Office’s secret plan to gain real-time access to our text messages and online communications AND force companies like WhatsApp to break the security on its own software.1 This reckless plan will make all of us more vulnerable to attacks like the recent ransomware assault against the NHS.2

If enough people speak out right now and flood the consultation before May 19, then Home Secretary Amber Rudd will realise she’s gone too far.

Tell Home Secretary Amber Rudd: Encryption keeps us safe. Do not weaken everyone’s security by creating backdoors that hackers and malicious actors can exploit.
… (emphasis in original, footnotes omitted)

+1! on securing your privacy, but -1! on democratic action.

Assume the consultation is “flooded” and Home Secretary Amber Rudd says:

Hearing the outcry of our citizens, we repent of our plan for near real time monitoring of your conversations….

I’m sorry, why would you trust Home Secretary Amber Rudd or any other member of government, when they make such a statement?

They hide the plans for monitoring your communications in near real time, as OpenMedia makes abundantly clear.

What convinces you Home Secretary Rudd and her familiars won’t hide government monitoring of your communications?

A record of trustworthy behavior in the past?

You can flood the consultation if you like but effective actions include:

  • Anyone with access to government information should leak that information whenever possible.
  • Anyone employed by government should use weak passwords, follow links in suspected phishing emails and otherwise practice bad cybersecurity.
  • If you don’t work for a government or have access to government information, copy, repost, forward, and otherwise spread any leaked government information you encounter.
  • If you have technical skills, devote some portion of your work week to obtaining information a government prefers to keep secret.

The only trustworthy government is a transparent government.

Alert! Alert! Good Use For Cat Videos!

Friday, April 28th, 2017

A Trick That Hides Censored Websites Inside Cat Videos by Kaveh Waddell.

From the post:

A pair of researchers behind a system for avoiding internet censorship wants to deliver banned websites inside of cat videos. Their system uses media from popular, innocuous websites the way a high schooler might use the dust jacket of a textbook to hide the fact that he’s reading a comic book in class. To the overseeing authority—in the classroom, the teacher; on the internet, a government censor—the content being consumed appears acceptable, even when it’s illicit.

The researchers, who work at the University of Waterloo’s cryptography lab, named Slitheen after a race of aliens from Doctor Who who wear the skins of their human victims to blend in. The system uses a technique called decoy routing, which allows users to view blocked sites—like a social-networking site or a news site—while generating a browsing trail that looks exactly as if they were just browsing for shoes or watching silly videos on YouTube.

Slitheen’s defining feature is that the complex traffic it generates is indistinguishable from a normal request. That is, two computers sitting next to one another, downloading data from Amazon.com’s homepage—one that does so normally and another with the contents of this Atlantic story instead of Amazon’s images and videos—would create identical traffic patterns. The more complex Slitheen request would take slightly longer to come back, but its defining characteristics, from packet size to timing, would be the same.

How about that! With a clean local browser history as well.

After reading Waddell’s post, read Slitheen: Perfectly imitated decoy routing through traffic replacement, then grab the code at: https://crysp.uwaterloo.ca/software/slitheen/.

Talk up and recommend Slitheen to your friends, startups, ISPs, etc.

Imagine an Internet free of government surveillance. Doesn’t that sound enticing?

Scotland Yard Outsources Violation of Your Privacy

Monday, April 24th, 2017

Whistleblower uncovers London police hacking of journalists and protestors by Trevor Johnson.

From the post:

The existence of a secretive unit within London’s Metropolitan Police that uses hacking to illegally access the emails of hundreds of political campaigners and journalists has been revealed. At least two of the journalists work for the Guardian.

Green Party representative in the British House of Lords, Jenny Jones, exposed the unit’s existence in an opinion piece in the Guardian. The facts she revealed are based on a letter written to her by a whistleblower.

The letter reveals that through the hacking, Scotland Yard has illegally accessed the email accounts of activists for many years, and this was possible due to help from “counterparts in India.” The letter alleged that the Metropolitan Police had asked police in India to obtain passwords on their behalf—a job that the Indian police subcontracted out to groups of hackers in India.

The Indian hackers sent back the passwords obtained, which were then used illegally by the unit within the Met to gather information from the emails of those targeted.

Trevor covers a number of other points, additional questions that should be asked, the lack of media coverage over this latest outrage, etc., all of which merit your attention.

From my perspective, these abuses by the London Metropolitan Police (Scotland Yard), are examples of the terrorism bogeyman furthering government designs against quarrelsome but otherwise ordinary citizens.

Quarrelsome but otherwise ordinary citizens are far safer and easier to spy upon than seeking out actual wrongdoers. And spying justifies part of Scotland Yard’s budget, since everyone “knows” a lack of actionable intelligence means terrorists are hiding successfully, not the more obvious lack of terrorists to be found.

As described in Trevor’s post, Scotland Yard, like all other creatures of government, thrives in shadows. Shadows where its decisions are beyond discussion and reproach.

In choosing between supporting government spawned creatures that live in the shadows and working to dispel the shadows that foster them, remember they are not, were not and never will be “…on you side.”

They have a side, but it most assuredly is not yours.

The Upside To Overturning Internet Privacy Rules

Monday, April 3rd, 2017

Trump signs measure overturning internet privacy rules by David McCabe.

From the post:

President Trump has signed a Congressional resolution overturning Federal Communications Commission rules that would have required internet providers to get their customers’ permission before sharing personal data like browsing history with advertisers. The rules had yet to go into effect.

Is this a bad thing?

Sure, but there is an upside.

You have already seen media reports urging everyone to start using VPNs and the like to protect their privacy from ISP predators.

What happens if VPNs come into everyday use by the average user? Aside from greater profits for VPN vendors.

Hmmm, several orders of magnitude more VPN connections than are being tracked by the usual alphabet soup agencies.

Encourage every user you know to use a VPN connection. Hell, offer them as swag at conferences.

Teacher and library conferences. Church camps. Oh, yeah, technical conferences too.

Hackers in the mist? 😉

Eroding the Presumption of Innocence in USA

Saturday, April 1st, 2017

You may be laboring under the false impression that people charged with crimes in the USA are presumed innocence until proven guilty beyond a reasonable doubt in a court of law.

I regret to inform you that presumption is being eroded away.

Kevin Poulsen has a compelling read in FBI Arrests Hacker Who Hacked No One about the case of Taylor Huddleston was arraigned on March 31, 2017 in the Federal District Court for the Eastern District of Virginia, docket number: 1:2017 cr 34.

Kevin’s crime? He wrote a piece of software that has legitimate uses, such as sysadmins trouble shooting a user’s computer remotely. That tool was pirated by others and put to criminal use. Now the government wants to take his freedom and his home.

Compare Kevin’s post to the indictment, which I have uploaded for your reading pleasure. There is a serious disconnect between Poulsen’s post and the indictment, as the government makes much out of a lot of hand waving and very few specifics.

Taylor did obtain a Release on Personal Recognizance or Unsecured Bond, which makes you think the judge isn’t overly impressed with the government’s case.

I would have jumped at such a release as well but I find it disturbing, from a presumption of innocence perspective, that the judge also required:

My transcription:

No access to internet through any computer or other data capable device including smart phones

Remember that Taylor Huddleston is presumed innocence so how is that consistent with prohibiting him from a lawful activity, such as access to the internet?

Simple response: It’s not.

As I said, I would have jumped at the chance for a release on personal recognizance too. Judges are eroding the presumption of innocence with the promise of temporary freedom.

Wishing Huddleson the best of luck and that this erosion of the presumption of innocence won’t go unnoticed/unchallenged.

Peeping Toms Jump > 16,000 In UK

Monday, March 27th, 2017

The ranks of peeping toms swells by at least 16,000 in the UK:

More than 16,000 staff in the public sector empowered to examine your web browsing by Graeme Burton.

From the post:

More than 16,000 staff in the public sector and its agencies have been empower by Section 4 of the Investigatory Powers Act to snoop on people’s internet connection records.

And that’s before the estimated 4,000 staff at security agency MI5, the 5,500 at GCHQ and 2,500 at MI6 are taken into account.

That’s according to the responses from a series of almost 100 Freedom of Information (FOI) requests made in a bid to find out exactly who has the power to snoop on ordinary people’s web browsing histories under the Act.

GCHQ, the Home Office, MI6, the National Crime Agency, the Ministry of Justice, all three armed forces and Police Service of Scotland all failed to respond to the FOI requests – so the total could be much higher.

My delusion that the UK has a mostly rational government was shattered by passage of the Investigatory Powers Act. Following web browsing activity, hell, even tracking everyone and their conversations, 24 x 7, isn’t going to stop random acts of violence.

What part of random acts of violence being exactly that, random, seems to be unclear? Are there no UK academics to take up the task of proving prediction of random events is possible?

Unless and until the UK Parliament comes to its senses, the best option for avoiding UK peeping toms is to move to another country.

If re-location isn’t possible, use a VPN and a Tor browser for all web activity.

Smile! You May Be On A Candid Camera!

Thursday, March 9th, 2017

Hundreds of Thousands of Vulnerable IP Cameras Easy Target for Botnet, Researcher Says by Chris Brook.

From the post:

A researcher claims that hundreds of thousands of shoddily made IP cameras suffer from vulnerabilities that could make them an easy target for attackers looking to spy, brute force them, or steal their credentials.

Researcher Pierre Kim disclosed the vulnerabilities Wednesday and gave a comprehensive breakdown of the affected models in an advisory on his GitHub page.

A gifted security researcher who has discovered a number of backdoors in routers, estimates there are at least 18,000 vulnerable cameras in the United States alone. That figure may be as high as 200,000 worldwide.

For all of the pissing and moaning in Chris’ post, I don’t see the problem.

Governments, corporations, web hosts either have us under surveillance or their equipment is down for repairs.

Equipment that isn’t under their direct control, such as “shoddily made IP cameras,” provide an opportunity for citizens to return the surveillance favor.

To perform surveillance those who accept surveillance of the “masses” but find surveillance of their activities oddly objectionable.

Think of it this way:

The US government has to keep track of approximately 324 million people, give or take. With all the sources of information on every person, that’s truly a big data problem.

Turn that problem around and consider that Congress has only 535 members.

That’s more of a laptop sized data problem, albeit that they are clever about covering their tracks. Or think they are at any rate.

No, the less security that exists in general the more danger there is for highly visible individuals.

Think about who is more vulnerable before you complain about a lack of security.

The security the government is trying to protect isn’t for you. I promise. (The hoarding of cyber exploits by the CIA is only one such example.)

That CIA exploit list in full: … [highlights]

Wednesday, March 8th, 2017

That CIA exploit list in full: The good, the bad, and the very ugly by Iain Thomson.

From the post:

We’re still going through the 8,761 CIA documents published on Tuesday by WikiLeaks for political mischief, although here are some of the highlights.

First, though, a few general points: one, there’s very little here that should shock you. The CIA is a spying organization, after all, and, yes, it spies on people.

Two, unlike the NSA, the CIA isn’t mad keen on blanket surveillance: it targets particular people, and the hacking tools revealed by WikiLeaks are designed to monitor specific persons of interest. For example, you may have seen headlines about the CIA hacking Samsung TVs. As we previously mentioned, that involves breaking into someone’s house and physically reprogramming the telly with a USB stick. If the CIA wants to bug you, it will bug you one way or another, smart telly or no smart telly. You’ll probably be tricked into opening a dodgy attachment or download.

That’s actually a silver lining to all this: end-to-end encrypted apps, such as Signal and WhatsApp, are so strong, the CIA has to compromise your handset, TV or computer to read your messages and snoop on your webcam and microphones, if you’re unlucky enough to be a target. Hacking devices this way is fraught with risk and cost, so only highly valuable targets will be attacked. The vast, vast majority of us are not walking around with CIA malware lurking in our pockets, laptop bags, and living rooms.

Thirdly, if you’ve been following US politics and WikiLeaks’ mischievous role in the rise of Donald Trump, you may have clocked that Tuesday’s dump was engineered to help the President pin the hacking of his political opponents’ email server on the CIA. The leaked documents suggest the agency can disguise its operations as the work of a foreign government. Thus, it wasn’t the Russians who broke into the Democrats’ computers and, by leaking the emails, helped swing Donald the election – it was the CIA all along, Trump can now claim. That’ll shut the intelligence community up. The President’s pet news outlet Breitbart is already running that line.

Iain does a good job of picking out some of the more interesting bits from the CIA (alleged) file dump. No, you will have to read Iain’s post for those.

I mention Iain’s post primarily as a way to entice you into reading the all the files in hopes of discovering more juicy tidbits.

Read the files. Your security depends on the indifference of the CIA and similar agencies. Is that your model for privacy?

EFF Urges Trusting Cheaters

Sunday, February 19th, 2017

Congress Must Protect Americans’ Location Privacy by Kate Tummarello.

From the post:

Your smartphone, navigation system, fitness device, and more know where you are most of the time. Law enforcement should need a warrant to access the information these technologies track.

Lawmakers have a chance to create warrant requirements for the sensitive location information collected by your devices.

It’s already against the law to intercept and transcribe all phone calls but the weight of the evidence shows the US government is doing exactly that.

The periodic EFF calls for legislation by known cheaters leave me puzzled.

Laws, to government agencies, mark “don’t get caught zones” and little more.

Protecting sensitive location information, to be effective, must be demanded by consumers of manufacturers.

No backdoors, no warrants, no snooping, it’s just that simple.

Amazon Chime – AES 256-bit Encryption Secure – Using Whose Key?

Wednesday, February 15th, 2017

Amazon Chime, Amazon’s competitor to Skype, WebEx and Google Hangouts.

I’m waiting on answers about why the Chime Dialin Rates page omits all of Africa, as well as Burma, Cambodia, Laos and Thailand.

While I wait for that answer, have you read the security claim for Chime?

Security:


Amazon Chime is an AWS service, which means you benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. In addition, Amazon Chime features security capabilities built directly into the service. Messages, voice, video, and content are encrypted using AES 256-bit encryption. The visual roster makes it easy to see who has joined the meeting, and meetings can be locked so that only authenticated users can join.

We have all heard stories of the super strength of AES 256-bit encryption:


As shown above, even with a supercomputer, it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years). If one were to assume that a computing system existed that could recover a DES key in a second, it would still take that same machine approximately 149 trillion years to crack a 128-bit AES key.
… (How secure is AES against brute force attacks? by Mohit Arora.)

Longer than the universe is old! That’s secure.

Or is it?

Remember the age of universe example is a brute force attack.

What if an FBI agent shows up with a National Security Letter (NSL)?

Or a conventional search warrant demanding the decrypted content of a Chime conversation?

Unlocking AES encryption with the key is quite fast.

Yes?

PS: This isn’t a weakness limited to Chime. Any encryption where the key is not under your control is be definition insecure.

Twitter Activist Security

Tuesday, January 31st, 2017

Twitter Activist Security by the grugq.

From the post:

Many people are starting to get politically active in ways they fear might have negative repercussions for their job, career or life. It is important to realise that these fears are real, but that public overt resistance is critical for political legitimacy. This guide hopes to help reduce the personal risks to individuals while empowering their ability to act safely.

I am not an activist, and I almost certainly don’t live in your country. These guidelines are generic with the hope that they will be useful for a larger number of people.

The basic principles of operational security are actually very simple, they’re what we call the three Cs:

  • Cover
  • Concealment
  • Compartmentation

There is more to serious counterintelligence, of course, but keep these three concepts in mind. The two most important concerns will be compartmentation and concealment. In practice this means that you need to separate your resistance Twitter account from your personal life completely.

I won’t quote the details because any omission could be the one that trips you up.

It’s not a short read but if you want to be safe, read Twitter Activist Security at least once a month and see how you stack up against the advice.

The precautions are good ones but I would be asking what “political activism” requires a Twitter account?

Unless you are using the account to stream coded messages, the purpose of such an account is unclear to me.

Not to mention that every account associated with another identity is an opportunity to make a mistake and break cover.

Defeating New York Surveillance (with knitting)

Monday, January 30th, 2017

In Proposal to Reduce Privacy in New York City I pointed out pending plans to add surveillance cameras at seven tunnels and bridges in and out of the city.

I was describing the need to defeat the cameras for personal identity and my wife, a librarian and knitter, said what I was looking for a balaclava. She also said knitting sites, such as Ravelry are full of patterns, etc.

Imagine the chagrin of surveillance camera operators when they encounter:

balaclava-reg-460

Just add sun glasses and you’re set! Total identity concealment!

Don’t get too creative, as a balaclava like this one:

balaclava3-460

is distinctive enough to be recognized a second time and/or found in your apartment or car.

Lastly, there are some people who don’t “get” the idea of a balaclava being for concealment, such as Andrew Salomone, who has preserved his identity with:

balaclava-id-460

Andrew does beautiful work but I’m not inviting him to any op-sec meetings. 😉

Support your local librarians and/or knitters!

Proposal to Reduce Privacy in New York City

Sunday, January 29th, 2017

Memo: New York Called For Face Recognition Cameras At Bridges, Tunnels by Kevin Collier.

From the post:

The state of New York has privately asked surveillance companies to pitch a vast camera system that would scan and identify people who drive in and out of New York City, according to a December memo obtained by Vocativ.

The call for private companies to submit plans is part of Governor Andrew Cuomo’s major infrastructure package, which he introduced in October. Though much of the related proposals would be indisputably welcome to most New Yorkers — renovating airports and improving public transportation — a little-noticed detail included installing cameras to “test emerging facial recognition software and equipment.”

The proposed system would be massive, the memo reads:

The Authority is interested in implementing a Facial Detection System, in a free-flow highway environment, where vehicle movement is unimpeded at highway speeds as well as bumper-to-bumper traffic, and license plate images are taken and matched to occupants of the vehicles (via license plate number) with Facial Detection and Recognition methods from a gantry-based or road-side monitoring location.

All seven of the MTA’s bridges and both its tunnels are named in the proposal.

NYCbridgesTunnels-460

Proposals only at this point but take this as fair warning.

Follow both Kevin Collier and Vocativ as plans by the State of New York to eliminate privacy for its citizens develop.

Counter-measures

One counter measure to license plate readers is marketed under the name PhotoMaskCover.

PhotoMaskCover-460

Caution: I have never used the PhotoMaskCover product and have no relationship with its manufacturer. It claims to work. Evaluate as you would any other product from an unknown vendor.

For the facial recognition cameras, I was reminded that a hoodie and sunglasses are an easy and non-suspicious way to avoid such cameras.

For known MTA facial recognition cameras, wear a deep cowl that casts a complete shadow on your facial features. (Assuming you can drive safely with the loss of peripheral vision.)

As the number of deep cowls increase in MTA images, authorities will obsess more and more over the “unidentifieds,” spending their resources less and less effectively.

Defeating surveillance increases everyone’s freedom.

Online tracking: A 1-million-site measurement and analysis [Leaving False Trails]

Tuesday, January 17th, 2017

Online tracking: A 1-million-site measurement and analysis by Steven Englehardt and Arvind Narayanan.

From the webpage:

Tracking Results

During our January 2016 measurement of the top 1 million sites, our tool made over 90 million requests, assembling the largest dataset (to our knowledge) used for studying web tracking. With this scale we can answer many web tracking questions: Who are the largest trackers? Which sites embed the largest number of trackers? Which tracking technologies are used, and who is using them? and many more.

Findings

The total number of third parties present on at least two first parties is over 81,000, but the prevalence quickly drops off. Only 123 of these 81,000 are present on more than 1% of sites. This suggests that the number of third parties that a regular user will encounter on a daily basis is relatively small. The effect is accentuated when we consider that different third parties may be owned by the same entity. All of the top 5 third parties, as well as 12 of the top 20, are Google-owned domains. In fact, Google, Facebook, and Twitter are the only third-party entities present on more than 10% of sites.
… (emphasis in original)

Impressive research based upon an impressive tool, OpenWPM.

The Github page for OpenWPM reads in part:

OpenWPM is a web privacy measurement framework which makes it easy to collect data for privacy studies on a scale of thousands to millions of site. OpenWPM is built on top of Firefox, with automation provided by Selenium. It includes several hooks for data collection, including a proxy, a Firefox extension, and access to Flash cookies. Check out the instrumentation section below for more details.

Just a point of view but I’m more interested in specific privacy tracking data for some given set of servers than general privacy statistics.

Specific privacy tracking data that enables planning the use of remote browsers to leave false trails.

Kudos to the project, however you choose to use the software.

Raw SIGINT Locations Expanded

Tuesday, January 17th, 2017

President Obama has issued new rules for sharing information under Executive Order 12333, with the ungainly title: (U) Procedures for the Availability or Dissemination of Raw Signals Intelligence Information by the National Security Agency Under Section 2.3 of Executive Order 12333 (Raw SIGINT Availability Procedures).

Kate Tummarello, in Obama Expands Surveillance Powers On His Way Out by Kate Tummarello, sees a threat to “innocent persons:”

With mere days left before President-elect Donald Trump takes the White House, President Barack Obama’s administration just finalized rules to make it easier for the nation’s intelligence agencies to share unfiltered information about innocent people.

New rules issued by the Obama administration under Executive Order 12333 will let the NSA—which collects information under that authority with little oversight, transparency, or concern for privacy—share the raw streams of communications it intercepts directly with agencies including the FBI, the DEA, and the Department of Homeland Security, according to a report today by the New York Times.

That’s a huge and troubling shift in the way those intelligence agencies receive information collected by the NSA. Domestic agencies like the FBI are subject to more privacy protections, including warrant requirements. Previously, the NSA shared data with these agencies only after it had screened the data, filtering out unnecessary personal information, including about innocent people whose communications were swept up the NSA’s massive surveillance operations.

As the New York Times put it, with the new rules, the government claims to be “reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.”

All of which is true, but the new rules have other impacts as well.

Who is an “IC element?”

The new rules make numerous references to an “IC element,” but comes up short in defining them:

L. (U) IC element is as defined in section 3.5(h) of E.O. 12333.
(emphasis in original)

Great.

Searching for E.O. 12333 isn’t enough. You need Executive Order 12333 United States Intelligence Activities (As amended by Executive Orders 13284 (2003), 13355 (2004) and 13470 (2008)). The National Archives version of Executive Order 12333 is not amended and hence is misleading.

From the amended E.0. 12333:

3.5 (h) Intelligence Community and elements of the Intelligence Community 
        refers to:
(1) The Office of the Director of National Intelligence;
(2) The Central Intelligence Agency;
(3) The National Security Agency;
(4) The Defense Intelligence Agency;
(5) The National Geospatial-Intelligence Agency;
(6) The National Reconnaissance Office; 
(7) The other offices within the Department of Defense for the collection of 
    specialized national foreign intelligence through reconnaissance programs;
(8) The intelligence and counterintelligence elements of the Army, the Navy,
    the Air Force, and the Marine Corps;
(9) The intelligence elements of the Federal Bureau of Investigation;
(10) The Office of National Security Intelligence of the Drug Enforcement
     Administration;
(11) The Office of Intelligence and Counterintelligence of the Department
      of Energy;
(12) The Bureau of Intelligence and Research of the Department of State;
(13) The Office of Intelligence and Analysis of the Department of the Treasury;
(14) The Office of Intelligence and Analysis of the Department of Homeland 
     Security;
(15) The intelligence and counterintelligence elements of the Coast Guard; and
(16) Such other elements of any department or agency as may be designated by 
     the President, or designated jointly by the Director and the head of the 
     department or agency concerned, as an element of the Intelligence Community. 

The Office of the Director of National Intelligence has an incomplete list of IC elements:

Air Force Intelligence Defense Intelligence Agency Department of the Treasury National Geospatial-Intelligence Agency
Army Intelligence Department of Energy Drug Enforcement Administration National Reconnaissance Office
Central Intelligence Agency Department of Homeland Security Federal Bureau of Investigation National Security Agency
Coast Guard Intelligence Department of State Marine Corps Intelligence Navy Intelligence

I say “incomplete” because from E.O. 12333, it is missing (with original numbers for reference):

...
(7) The other offices within the Department of Defense for the collection of 
    specialized national foreign intelligence through reconnaissance programs;
(8) The intelligence and counterintelligence elements of ..., and the 
    Marine Corps;
...
(16) Such other elements of any department or agency as may be designated by 
     the President, or designated jointly by the Director and the head of the 
     department or agency concerned, as an element of the Intelligence Community.

Under #7 and #16, there are other IC elements that are unnamed and unlisted by the Office of the DOI. I suspect the Marines were omitted for stylistic reasons.

Where to Find Raw SIGINT?

Identified IC elements are important because the potential presence of “Raw SIGINT,” beyond the NSA, has increased their value as targets.

P. (U) Raw SIGINT is any SIGINT and associated data that has not been evaluated for foreign intelligence purposes and/or minimized.
… (emphasis in original, from the new rules.)

Tummarello is justly concerned about “innocent people” but there are less than innocent people, any number of appointed/elected official or barons of industry who may be captured on the flypaper of raw SIGINT.

Happy hunting!

PS:

Warning: It’s very bad OPSEC to keep a trophy chart on your wall. 😉

IC_Circle-460

You will, despite this warning, but I had to try.

The original image is here at Wikipedia.

The People vs the Snoopers’ Charter [No Input = No Surveillance, Of Gaff Hooks]

Friday, January 13th, 2017

The People vs the Snoopers’ Charter

From the webpage:


Ever googled something personal?

Who you text, email or call. Your social media activity. Which websites you visit.

Who you bank with. Where your kids go to school. Your sexual preferences, health worries, religious and political beliefs.

Since November, the Snoopers’ Charter – the Investigatory Powers Act – has let the Government access all this intimate information, building up an incredibly detailed picture of you, your family and friends, your hobbies and habits – your entire life.

And it won’t just be accessed by the Home Secretary. Dozens of agencies – the Department for Work and Pensions, HMRC and 46 others – can now see sensitive details of your personal life.

Over 200,000 people signed a petition to stop the Snoopers’ Charter, the Government didn’t listen so we’re taking them to court and we need your help.

There’s no opt-out and you don’t need to be suspected of anything. It will just happen all the time, to every one of us.

The Investigatory Powers Act lets Government keep records of and monitor your private emails, texts and phone calls – that’s where you are, who you speak to, what you say – and all without any suspicion of wrongdoing.

It forces internet companies like Sky, BT and TalkTalk to log every website you visit or app you have used, creating a vast database of deeply sensitive and revealing information. At a time when companies and governments are under increasingly frequent attack from hackers, this will create a goldmine for criminals and foreign spies.

Your support will help us clear the first hurdle, being granted permission by the Court to proceed with our case against the Government.

It’s time we all took a stand. We’ve told the Government we’ll see them in court and we need your help to make that happen. Please donate whatever you can to fund this vital case.
… (emphasis in original)

In case you are missing the background, see: Investigatory Powers Act 2016, which is now law in the UK.

The text as originally enacted.

The true extent of surveillance in the United States is unknown so it isn’t clear if the UK was playing “catch up” with this draconian measure or trying to beat the United States in a race to the least civil society.

Either way, it is an unfortunate milestone in the legal history of a country that gave us the common law.

surveillance-camera-460

From a data science perspective, I would point out that no input = no surveillance.

Your eyes maybe better than mine but in the surveillance camera image, I count at least three vulnerabilities that would render the camera useless.

Ordinary wire cutters:

cutters-460

won’t be useful but a gaff hook could be quite effective in creating a no input state.

The same principle applies whether you choose a professionally made gaff hook or some DIY version of the same instrument.

A gaff hook won’t stop surveillance of ISPs, etc., but disabling a surveillance camera could be seen as poking the government in the eye.

That’s an image I can enjoy. You?

PS: I’m not intimate with UK criminal law. Is possession of a gaff hook legal in the UK?