FBI Can Remotely Activate Microphones in Android & Laptops to Record Conversations

ironman25dc

A Smug Cunt Who Loves The Cock
Jun 1, 2004
6,583
3,908
588
Chicago, IL
#1
The Wall Street Journal is reporting that the FBI uses super slick hacker tactics and tools to spy on people. It can get pretty dirty. Like, according to a former US official, the ability to "remotely activate the microphones in phones running Google's Android software to record conversations" dirty.

On top of the ability to record conversations with Android phones, the FBI can activate microphones in laptops without anyone ever knowing too. Supposedly, these hacker techniques are targeted towards cases involving organized crime, child pornography and terrorism. The FBI rarely uses hacking to investigate hackers since they don't want to get caught and embarrassed. Both Google and FBI declined to comment to the WSJ.


FBI Taps Hacker Tactics to Spy on Suspects
http://online.wsj.com/article_email...9674-lMyQjAxMTAzMDAwMTEwNDEyWj.html#printMode

Law-enforcement officials in the U.S. are expanding the use of tools routinely used by computer hackers to gather information on suspects, bringing the criminal wiretap into the cyber age.

Federal agencies have largely kept quiet about these capabilities, but court documents and interviews with people involved in the programs provide new details about the hacking tools, including spyware delivered to computers and phones through email or Web links—techniques more commonly associated with attacks by criminals.

People familiar with the Federal Bureau of Investigation's programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can't be wiretapped like a phone, is called "going dark" among law enforcement.






A spokeswoman for the FBI declined to comment.

The FBI develops some hacking tools internally and purchases others from the private sector. With such technology, the bureau can remotely activate the microphones in phones running Google Inc.'s Android software to record conversations, one former U.S. official said. It can do the same to microphones in laptops without the user knowing, the person said. Google declined to comment.

The bureau typically uses hacking in cases involving organized crime, child pornography or counterterrorism, a former U.S. official said. It is loath to use these tools when investigating hackers, out of fear the suspect will discover and publicize the technique, the person said.

The FBI has been developing hacking tools for more than a decade, but rarely discloses its techniques publicly in legal cases.
Earlier this year, a federal warrant application in a Texas identity-theft case sought to use software to extract files and covertly take photos using a computer's camera, according to court documents. The judge denied the application, saying, among other things, that he wanted more information on how data collected from the computer would be minimized to remove information on innocent people.

Since at least 2005, the FBI has been using "web bugs" that can gather a computer's Internet address, lists of programs running and other data, according to documents disclosed in 2011. The FBI used that type of tool in 2007 to trace a person who was eventually convicted of emailing bomb threats in Washington state, for example.

The FBI "hires people who have hacking skill, and they purchase tools that are capable of doing these things," said a former official in the agency's cyber division. The tools are used when other surveillance methods won't work: "When you do, it's because you don't have any other choice," the official said.

Surveillance technologies are coming under increased scrutiny after disclosures about data collection by the National Security Agency. The NSA gathers bulk data on millions of Americans, but former U.S. officials say law-enforcement hacking is targeted at very specific cases and used sparingly.

Still, civil-liberties advocates say there should be clear legal guidelines to ensure hacking tools aren't misused. "People should understand that local cops are going to be hacking into surveillance targets," said Christopher Soghoian, principal technologist at the American Civil Liberties Union. "We should have a debate about that."

Mr. Soghoian, who is presenting on the topic Friday at the DefCon hacking conference in Las Vegas, said information about the practice is slipping out as a small industry has emerged to sell hacking tools to law enforcement. He has found posts and resumes on social networks in which people discuss their work at private companies helping the FBI with surveillance.

A search warrant would be required to get content such as files from a suspect's computer, said Mark Eckenwiler, a senior counsel at Perkins Coie LLP who until December was the Justice Department's primary authority on federal criminal surveillance law. Continuing surveillance would necessitate an even stricter standard, the kind used to grant wiretaps.

But if the software gathers only communications-routing "metadata"—like Internet protocol addresses or the "to" and "from" lines in emails—a court order under a lower standard might suffice if the program is delivered remotely, such as through an Internet link, he said. That is because nobody is physically touching the suspect's property, he added.

An official at the Justice Department said it determines what legal authority to seek for such surveillance "on a case-by-case basis." But the official added that the department's approach is exemplified by the 2007 Washington bomb-threat case, in which the government sought a warrant even though no agents touched the computer and the spyware gathered only metadata.

In 2001, the FBI faced criticism from civil-liberties advocates for declining to disclose how it installed a program to record the keystrokes on the computer of mobster Nicodemo Scarfo Jr. to capture a password he was using to encrypt a document. He was eventually convicted.

A group at the FBI called the Remote Operations Unit takes a leading role in the bureau's hacking efforts, according to former officials.

Officers often install surveillance tools on computers remotely, using a document or link that loads software when the person clicks or views it. In some cases, the government has secretly gained physical access to suspects' machines and installed malicious software using a thumb drive, a former U.S. official said.

The bureau has controls to ensure only "relevant data" are scooped up, the person said. A screening team goes through all of the data pulled from the hack to determine what is relevant, then hands off that material to the case team and stops working on the case.

The FBI employs a number of hackers who write custom surveillance software, and also buys software from the private sector, former U.S. officials said.

Italian company HackingTeam SRL opened a sales office in Annapolis, Md., more than a year ago to target North and South America. HackingTeam provides software that can extract information from phones and computers and send it back to a monitoring system. The company declined to disclose its clients or say whether any are in the U.S.

U.K.-based Gamma International offers computer exploits, which take advantage of holes in software to deliver spying tools, according to people familiar with the company. Gamma has marketed "0 day exploits"—meaning that the software maker doesn't yet know about the security hole—for software including Microsoft Corp.'s Internet Explorer, those people said. Gamma, which has marketed its products in the U.S., didn't respond to requests for comment, nor did Microsoft.
 

Hudson

Supreme Champion!!!!!
Donator
Jan 14, 2002
32,840
4,566
898
Land of misfit toys
#2
So can schools on school issued laptops, and activate webcams.
 

d0uche_n0zzle

**Negative_Creep**
Sep 15, 2004
46,851
6,936
763
F.U.B.A.R
#3
Just babble like a lunatic and they'll surely leave you be.
 

Norm Stansfield

私は亀が好きだ。
Mar 17, 2009
15,949
4,075
328
#4
Sounds legit. Except for the buying of "0 day exploits". They're more than likely getting ripped off.
 

Creasy Bear

gorgeousness and gorgeousity made flesh
Donator
Mar 10, 2006
49,735
37,900
628
In a porn tree
#7
What? The FBI is watching me while I peruse the jailbait thread?

:eek:

I don't know you. Who is this? I'm hanging up now. Prank caller! Prank caller!
 

KRSOne

Registered User
Dec 8, 2011
13,133
3,032
258
Sunnydale
#8
Old news. They have always been able to do this since the patriot act.
 

d0uche_n0zzle

**Negative_Creep**
Sep 15, 2004
46,851
6,936
763
F.U.B.A.R
#9
Old news. They have always been able to do this since the patriot act.

'They' could do it before the UnPatriot Act, sir. It was just more difficult to do so before it 'passed'.
 

NuttyJim

Registered User
Feb 18, 2006
14,125
6,410
638
#10
This will all start to make sense once the reptilians reveal themselves.
 

mascan42

Registered User
Aug 26, 2002
19,051
5,845
848
Ronkonkoma, Long Island
#11
And all this time, I thought it was Nigerians and porn sites that kept turning my webcam on randomly. Good to know it's only the Feds.

Also, anybody who clicks on an email attachment they don't recognize is a fucking retard & deserves whatever they get.
 

jimmyslostchin

Malarkey is slang for bullshit isn't it?
Jun 8, 2005
2,331
50
313
NJ
#12
My webcam never randomly turns on. Even the FBI doesn't wanna look at me.
 

gleet

What's black and white and red all over?
Jul 24, 2005
22,541
13,853
608
Idaho
#13
My mother remotely turned my webcam on once.

Once.
 

THE FEZ MAN

as a matter of fact i dont have 5$
Aug 23, 2002
43,041
9,852
848
#16
Old news
 

KRSOne

Registered User
Dec 8, 2011
13,133
3,032
258
Sunnydale
#17
'They' could do it before the UnPatriot Act, sir. It was just more difficult to do so before it 'passed'.
That's why I have blue tape over my phones camera. That thing they did with the cellphones so Batman could see the city in the Dark Knight, is possible.
 

Norm Stansfield

私は亀が好きだ。
Mar 17, 2009
15,949
4,075
328
#18
That's why I have blue tape over my phones camera. That thing they did with the cellphones so Batman could see the city in the Dark Knight, is possible.
Batman supposedly used the phones as a sonar system to "image" all of Gotham. How is that "possible", stupid? It's gibberish. It's not even close to what cellphones do.
 

gleet

What's black and white and red all over?
Jul 24, 2005
22,541
13,853
608
Idaho
#21
Same shit, different device...

Your TV might be watching you
By Erica Fink and Laurie Segall @CNNMoney August 1, 2013: 11:32 AM ET

The camera in your TV is watching you
LAS VEGAS (CNNMoney)
Today's high-end televisions are almost all equipped with "smart" PC-like features, including Internet connectivity, apps, microphones and cameras. But a recently discovered security hole in some Samsung Smart TVs shows that many of those bells and whistles aren't ready for prime time.
The flaws in Samsung Smart TVs, which have now been patched, enabled hackers to remotely turn on the TVs' built-in cameras without leaving any trace of it on the screen. While you're watching TV, a hacker anywhere around the world could have been watching you. Hackers also could have easily rerouted an unsuspecting user to a malicious website to steal bank account information.


Samsung quickly fixed the problem after security researchers at iSEC Partners informed the company about the bugs. Samsung sent a software update to all affected TVs.

But the glitches speak to a larger problem of gadgets that connect to the Internet but have virtually no security to speak of.

Security cameras, lights, heating control systems and even door locks and windows are now increasingly coming with features that allow users to control them remotely. Without proper security controls, there's little to stop hackers from invading users' privacy, stealing personal information or spying on people.

Related story: The scariest search engine on the Internet

In the case of Samsung Smart TVs, iSEC researchers found that they could tap into the TV's Web browser with ease, according to iSEC security analyst Josh Yavor. That gave hackers access to all the functions controlled by the browser, including the TV's built-in camera.

"If there's a vulnerability in any application, there's a vulnerability in the entire TV," said Aaron Grattafiori, also an analyst at iSEC.

Yavor and Grattafiori were also able to hack the browser in such a way that users would be sent to any website of the hacker's choosing. While the hack would have been obvious if the website on the screen didn't match the desired address, Yavor says there could be serious implications if a bad actor sent a user to a lookalike banking page and retrieved a user's credentials.

Related story: NSA chief recruits hackers

The research was conducted on different models of 2012 Samsung Smart TVs and was presented this week at the Black Hat cybersecurity conference in Las Vegas.

In a statement to CNNMoney, Samsung said it takes user safety very seriously. Addressing the camera flaw, a company spokesperson said, "The camera can be turned into a bezel of the TV so that the lens is covered, or disabled by pushing the camera inside the bezel. The TV owner can also unplug the TV from the home network when the Smart TV features are not in use."

Samsung also recommends that customers use encrypted wireless access points.

The iSEC crew said they remain skeptical that the technology is perfectly secure, even after Samsung patched the bugs.

"We know that the way we were able to do this has been fixed; it doesn't mean that there aren't other ways that could be discovered in the future, " Yavor said.

Companies like Samsung pay hackers when they report security vulnerabilities like the ones iSEC found. The researchers are iSEC confident that there are more undetected flaws in these devices that they are running a fund-raiser off of finding bugs in Smart TVs at technology conference Def Con later this week.

Yavor and Grattafiori say users should run regular updates from vendors like they would for anti-virus definitions or system updates on the smartphone.

And when all else fails, users can always put tape over their cameras.
http://money.cnn.com/2013/08/01/technology/security/tv-hack/index.html
 

ironman25dc

A Smug Cunt Who Loves The Cock
Jun 1, 2004
6,583
3,908
588
Chicago, IL
#22
Great news for those who thought that government surveillance of all your communications should not be limited to the good folks in Greenbelt, Maryland:

FBI pressures Internet providers to install surveillance software
http://news.cnet.com/8301-13578_3-5...t-providers-to-install-surveillance-software/

The U.S. government is quietly pressuring telecommunications providers to install eavesdropping technology deep inside companies' internal networks to facilitate surveillance efforts.

FBI officials have been sparring with carriers, a process that has on occasion included threats of contempt of court, in a bid to deploy government-provided software capable of intercepting and analyzing entire communications streams. The FBI's legal position during these discussions is that the software's real-time interception of metadata is authorized under the Patriot Act.

Attempts by the FBI to install what it internally refers to as "port reader" software, which have not been previously disclosed, were described to CNET in interviews over the last few weeks. One former government official said the software used to be known internally as the "harvesting program."

Carriers are "extra-cautious" and are resisting installation of the FBI's port reader software, an industry participant in the discussions said, in part because of the privacy and security risks of unknown surveillance technology operating on an sensitive internal network.

It's "an interception device by definition," said the industry participant, who spoke on condition of anonymity because court proceedings are sealed. "If magistrates knew more, they would approve less." It's unclear whether any carriers have installed port readers, and at least one is actively opposing the installation.

In a statement from a spokesman, the FBI said it has the legal authority to use alternate methods to collect Internet metadata, including source and destination IP addresses: "In circumstances where a provider is unable to comply with a court order utilizing its own technical solution(s), law enforcement may offer to provide technical assistance to meet the obligation of the court order."

AT&T, T-Mobile, Verizon, Comcast, and Sprint declined to comment. A government source familiar with the port reader software said it is not used on an industry-wide basis, and only in situations where carriers' own wiretap compliance technology is insufficient to provide agents with what they are seeking.

For criminal investigations, police are generally required to obtain a wiretap order from a judge to intercept the contents of real-time communication streams, including e-mail bodies, Facebook messages, or streaming video. Similar procedures exist for intelligence investigations under the Foreign Intelligence Surveillance Act, which has received intense scrutiny after Edward Snowden's disclosures about the National Security Agency's PRISM database.

There's a significant exception to both sets of laws: large quantities of metadata can be intercepted in real time through a so-called pen register and trap and trace order with minimal judicial review or oversight. That metadata includes IP addresses, e-mail addresses, identities of Facebook correspondents, Web sites visited, and possibly Internet search terms as well.

A little-noticed section of the Patriot Act that added one word -- "process" -- to existing law authorized the FBI to implant its own surveillance technology on carriers' networks. It was in part an effort to put the bureau's Carnivore device, which also had a pen register mode, on a firmer legal footing.

A 2003 compliance guide prepared by the U.S. Internet Service Provider Association reported that the Patriot Act's revisions permitted "law enforcement agencies to use software instead of physical mechanisms to collect relevant pen register" information.

Even though the Patriot Act would authorize the FBI to deploy port reader software with a pen register order, the legal boundaries between permissible metadata and impermissible content remain fuzzy.

An industry source said the FBI wants providers to use their existing CALEA compliance hardware to route the targeted customer's communications through the port reader software. The software discards the content data and extracts the metadata, which is then provided to the bureau. (The 1994 Communications Assistance for Law Enforcement Act, or CALEA, requires that communication providers adopt standard practices to comply with lawful intercepts.)

Whether the FBI believes its port reader software should be able to capture Subject: lines, URLs that can reveal search terms, Facebook "likes" and Google+ "+1s," and so on remains ambiguous, and the bureau declined to elaborate this week. The Justice Department's 2009 manual (PDF) requires "prior consultation" with the Computer Crime and Intellectual Property Section before prosecutors use a pen register to "collect all or part of a URL."

"The last time I had to ask anybody that, they refused to answer," says Paul Rosenzweig, a former Homeland Security official and founder of Red Branch Consulting, referring to Subject: lines. "They liked creative ambiguity."

Some metadata may, however, not be legally accessible through a pen register. Federal law says law enforcement may acquire only "dialing, routing, addressing, or signaling information" without obtaining a wiretap. That clearly covers, for instance, the Internet Protocol address of a Web site that a targeted user is visiting. The industry-created CALEA standard also permits law enforcement to acquire timestamp information and other data.

But the FBI has configured its port reader to intercept all metadata -- including packet size, port label, and IPv6 flow data -- that exceeds what the law permits, according to one industry source.

In 2007, the FBI, the Justice Department, and the Drug Enforcement Administration asked the Federal Communications Commission for an "expedited rulemaking" process to expand what wireless providers are required to do under CALEA.

The agencies said they wanted companies to be required to provide more information about Internet packets, including the "field identifying the next level protocol used in the data portion of the Internet datagram," which could reveal what applications a customer is using. The FCC never ruled on the law enforcement request.

Because it's relatively easy to secure a pen register and trap and trace order -- they only require a law enforcement officer to certify the results will likely be "relevant" to an investigation -- they're becoming more common. The Justice Department conducted 1,661 such intercepts in 2011 (PDF), up from only 922 a year earlier (PDF).

That less privacy-protective standard is no accident. A U.S. Senate report accompanying the pen register and trap and trace law said its authors did "not envision an independent judicial review of whether the application meets the relevance standard." Rather, the report said, judges are only permitted to "review the completeness" of the paperwork.

Update 2:30 p.m. PT: Here's a link to a 2006 court case elaborating on what counts as metadata for pen register and trap and trace orders. In it, the U.S. District Court in Washington, D.C., ruled that federal law "unambiguously authorize" the government to use such an order to obtain all information about an e-mail account except "the Subject: line and body of the communication."
 

MayrMeninoCrash

Liberal Psycopath
Dec 9, 2004
24,668
8,840
693
Loveland, CO
#23
Who still thinks the Patriot Act is a good law that will never be abused and will only be kept to a narrow scope of stopping terrorism?
 

Hudson

Supreme Champion!!!!!
Donator
Jan 14, 2002
32,840
4,566
898
Land of misfit toys
#24
No they can't. Or not without getting sued they can't.
Ahh you caught yourself...good boy...But only if they do something stupid and get caught...If I recall they got sued because they suspended someone for something they turned on the webcam to watch.
 

KRSOne

Registered User
Dec 8, 2011
13,133
3,032
258
Sunnydale
#25
Batman supposedly used the phones as a sonar system to "image" all of Gotham. How is that "possible", stupid? It's gibberish. It's not even close to what cellphones do.
I don't know but if Batman was Obama, Lucius Fox would have no problem spying on everyone through cell phones.