titaniumbunker.com

Evil geniuses and world domination are 2 of our goals... we also like Dr Who

Archive for the ‘ Privacy ’ Category

Bond Villian Office suplies

no comment

The other week Miss Vicki and I went to see SPECTRE, and maybe it’s my age, but while I enjoyed the film, later on I felt that a lot of the film was trying its hardest to dig up 1960s bond memes

Hey remember Bond drove an Aston Martin? Quick chuck in an Aston Martin – quick!

Hey, remember how cool all the voodoo stuff was in Live and Let die? here’s a sequence at the Mexican Day of the dead for no reason whatsoever

Hey remember the crap flirting between bond and Moneypenny, that somehow looks sexist in a modern society? SHAZAM- it’s back Baby!

Hey remember that sometimes Bond villains wore Mao suits or Nehru jackets?  let’s do it!

Hey remember how bond villains used to have rooms full of henchmen operating machinery? yeah chuck a high-tech headquarters in there

Well here at the Bunker we have wings of high-tech machines that go ping and are operated by legions of guys in overalls and hard hats so we know a thing or two about  running an underground base, so I thought it would be fun if I dug out this months copy of ‘Lairs and Bunkers’

lairs and bunkersNovember2015

Latest copy of Lairs & Bunkers

and look at some of the reviews inside:

 


Name

The Death Star


Aesthetic

classic with full on retro 70s stylings, with occasional swathes of red which is a welcome relief. Everything here is a monochromatic nightmare. Granted it can destroy a planet, but sheesh!


Henchmen

The word here is variety, there are lots of different styles of Henchmen White plated storm troopers, Black plated TIE fighter pilots grey officers all suited and booted with a certain Nazi stylings chuck into the mix the black-robed Emperor, and Darth Vader. However having lots of different Henchmen does not make up for the fact that yet again everything is GREY! it’s a mercy that imperial guards are crimson, because otherwise I might think I was watching a black and white film.


Health & Safety

Well, where to begin with this? The layout of the Death Star seems wildly illogical, the station seems to be hollow, with the most dangerous explosion-causing device (the main reactor) situated in the dead centre of the facility. This means that an explosion will destroy the whole facility. Whereas positioning the reactor off-centre would only destroy a section of the facility, and would allow the henchmen time to get to escape pods. The designers for the death star also thought that having long bottomless shafts without handrails was a perfectly acceptable way to design an interior along with doors that operate bridges. This is important if you are a storm trooper, you can surely not see much in that helmet and the reduced visibility will only lead to more accidents, which is a damming indictment of what is a government facility.


Overall Score


8


Verdict

Don’t Believe the hype. The ability to destroy a planet is insignificant next to the power of a work place free from tripping hazards and bottomless pits.


Name

Joker’s Lair – Batman


Aesthetic

Vivid bright colours and circus memorabilia all over the place, there are very few Lairs that accurately reflect the personality of their owner, The Joker takes every lair he has and makes it something totally unique. But here’s the problem: Any city planner worth their salt would simply devise a scheme where a wealthy philanthropist, like Bruce Wayne, could buy up all the disused joke shops, factories that made goods for joke shops or derelict fun fairs and turn them into affordable homes, reducing the number of potential lairs for the joker, it also makes him very easy to find.  The point of a secret lair is that its secret.  If batman can guess where you live and he’s right 9 times out of 10, then maybe its time to think about changing your property M.O.


Henchmen

Depends, Sometimes the joker opts for normal hoodlums and gives then cars to match his colour-scheme, sometimes he demands they actually dress like clowns, and some days he simply hires a lot of hoodlums and kills them off during the heist! Capriciousness. This makes for a stress filled working environment, No doubt an average henchman’s locker will be crammed depending on the mood of the joker, or if it’s dress-down Friday.


Health & Safety

Structurally, The Joker’s lairs seem sound, if not a little dilapidated. They have all variety of exploding props and things with spring-loaded hidden blades that can cause problems. There is also the possibility you will be sacrificed by your boss just for a punchline.


Overall Score


8


Verdict

The Joker’s lair is surprisingly well laid out with a consistent aesthetic.  High turnover of staff however will cause problems for the continued smooth running of the lair.


Name

V’s Lair – (V for Vendetta)


Aesthetic

As a contrast to most of the lairs on the list, V’s lair is can be described as a Man-cave for the intelligent man. Expect to see priceless works of art hanging on the wall next to a Wurlitzer jukebox , books stacked ceiling high and a copy of the Count of Monte Cristo on DVD.


Henchmen

None, This is a solitary place, a refuge from the world.  The last thing V needs is a house guest – if you do find yourself his guest, expect to stay for at least a year.

Health & Safety

There is very little wrong with V’s lair, probably the only thing V would need to worry about would be to make sure that his central heating boiler is serviced regularly, as with no windows, any build up of carbon monoxide could prove fatal. On the plus side the lair does come with its own tube train and track – only 1 destination – but it beats walking, and do you know how much property prices are in London these days?


Overall Score


9


Verdict

A place for quiet reflection, the overall feeling from this lair is of overstuffed wing back chairs, some Vivaldi or Ella Fitzgerald playing in the background and some dusty tome to read, accompanied by a cheeky red wine.

Well that was quite interesting, I’ll probably grab the next issue and print some of them out too.

Everyday Security

no comment

I been meaning to write this post for a while, but things are a little busy. How busy you ask? How about so busy that there is a little quiz on the latest episode of Hoo on Who where listeners are invited to finish the following sentence

“Dave Hingley is so busy…”

Still never mind.

Another reason this article has taken it’s time being published is that I had some question about whether or not I should actually be writing this. The story is a little about security and I was concerned with other people’s privacy. I ran it past Mike and the general consensus was that all the information was freely available in the public domain. So, here goes.

Here’s a fun story about a couple of delightful tykes who manage to sell their parents home in 6 days without using Estate agents, covered by the pinnacle of journalistic excellence – Yahoo

The original news article is here, but to cut a long story short, Yahoo took a picture of the posters the 2 children put up to sell their home:

Adorable Kids Selling their home

What a cute poster – awww!

Note they blurred out the house number . Very laudable.  And understandable. You don’t want to be swamped with members of the public taking photos or hassling these young kids right?
But what about these adorable kids in question? well here’s the picture that yahoo put up in the same story :
The Kids and Their poster

The Kids and Their poster

Yeah. seems kind of pointless blurring the address now doesn’t it? BECAUSE IT’S WRITTEN IN THE ARTICLE OR BY READING THE PICTURE OF THE POSTER THAT HAS CLEARLY NOT BEEN BLURRED. 
Thanks to the paranoia inducing @__freakyclown__‘s oggcamp talk about exif and digital image forensics data The images don’t look like they have any geotagging data in them.

The new buyers wish to remain anonymous, but how hard would it be to find out the name of the occupants, knowing the address?

Well, it seems that it’s entirely possible to trace the owners using tax records or even in this modern age, outsource this data gathering to an external website like findermonkey. and how much would this cost? Depends.  If the new owners where previous bad tenants, then Findermonkey claim to be able to find previous tenants for £65 – and using the information from yahoo would make it a lot easier wouldn’t it?

In the meantime, here’s some more information on the house in question, and here’s a google street view of it.

Looking at the information. it does raise an interesting question. If we assume that the house sale went through with no problems. there should be some kind of record on the Zoopla page right? wrong. Because is appears that Zoopla and other services get their data from estate agents.  as there was no estate agent involved in the sale, then there is no record of the sale.

However there is no way of knowing if the move went well, unless Yahoo decide to do a follow-up story. But think about this for a second. The property was sold without the need of an Estate agent. It was sold at the asking price without an estate agent, the price looks like it was derived from the last sale price , which would have been provided by an estate agent.

The assumption therefore,  is that any estate agent valuing a property in French weir avenue, for example, would look up the property on Zoopla, see what it was sold for and how long ago, and makes up a figure using that data.

How accurate can that model be? When there can be gaps introduced into records of individual house prices? If all that Estate agents are doing is making up a figure, based on previous data, and putting an advert in the paper – why should we kow-tow their expertise? if Estate Agents are such experts in property, why has there been a history of property bubbles and not a stable maintainable market?

At this point Mike got involved. from the information in the article he was able to obtain copies of the title plan and register details from the land regstry for the princely sum of £6 you can find them here and here. This does raise questions about how complex process of conveyancing actually is. I appreciate that buying a house is a lengthy process and as such you will want the protection that comes with a legal professional dealing with your claim. but maybe there is a saving to be made by performing theses types of searches yourself?

Looking at the Land registry Documents, The Penny’s still seem to be the registered owners. It is possible that records might take time to update, but the original story was published on Yahoo on the 5th February 2014, Mike obtained the documents from the Land registry on the 27th March 2014.

At this point. It occurs to me that the Zoopla Sales data  could be gathered from Land registry Register details. as it details the location, current owner and cost of the property and the reason that  Zoopla aren’t currently showing the property has sold, is because:

  • the sale actually hasn’t finalised yet
  • the sale has gone through but the records have not been refreshed either by the Land registry, which I doubt or by Zoopla , which I think would be more likely as its is presumably periodically  polling/scraping the Land registry website for the information
  • The sale has fallen through.

In any case this story had me consider the relevancy of Estate Agents, The ease of obtaining copies of important documents with freely available information and how hard or easy it would be to track someone down with just a few basic bits of information.

And just think, if Yahoo had been consistent with blurring the address of the property in question, I wouldn’t have bothered to do all this digging.

 

Privacy under threat?

no comment

 

I sent an email to my local MP via the writetothem.com service.  I had read with some alarm about sketchy plans to intercept communications summary information, so I started trying to research exactly what and how this surveilance was to be obtained.

 

Here is the email I sent to James Morris (MP).

Dear James Morris,

I have read with alarm the reports regarding a proposal to implement a
facility to provide real time monitoring of all communications covering
email, social media etc.

The same tired reasons keep getting trotted out...terrorism, organised
crime. But the more I read, the more concerned I am that the only
people affected by this will be the hardworking and law abiding
majority.

Real criminals will use secured vpn solutions, or technologies such a
TOR. using such technologies would prevent any surveillance as the
connection would be constant. Connections made from this proxy may not
fall under the jurisdiction of the UK and would therefore be
untraceable.

How would this work with other proxy based solutions - for example
gmail.com? Under this proposal I understand that the ISP would record
that the user visited gmail.com. Finding out if a mail was sent or
received would either require complete access to the web stream, which
I would interpret as intercept, or complete cooperation of Google.

Considering that Sky provide email from Google, then the answer for
criminals is to sign up for sky, or gmail.

Does this mean that users of gmail have something to hide?
People like :

Hon Margaret Hodge (hon.mar.Hodge@gmail.com)
Mr Mike Crockart MP (edinburghwestlibdems@gmail.com)
Mr Chris White MP
 (chrismfwhite@gmail.com)

Given that the technology can potentially be circumvented through
anonymity networks, or commercial vpn solutions then the perceived
benefits look laughable compared to the potential cost associated with
providing what is reported to be real-time access to the data.

I will be looking at interest in the developments surrounding this
proposal, and trust that as an advocate for the hard-working people of
the black country, that you will be as equally concerned as I am. 

Yours sincerely

Mike Hingley

and here is the response I got back.

James Morris Response letter - Page 1 James Morris Response Letter Page 2

I think it’s worth looking at what James has to say, so in this post I’ll be breaking down the content of his letter section by section.  James’s comments are in italic.

 

 

The Government and I are committed to maintaining national security and protecting the public in the face of changing circumstances while continuing to protect civil liberties.

No – I think not.  What is being discussed here is the erosion of civil liberties to facilitate a perceived threat in national security.  The proposal is to record all communication between people.  It is disingenuous to try and play both sides of the balancing act.  This is all about taking from civil liberties and giving to national security.  If the government were truly committed to both sides of that equation then something from national security should be bought back for civil liberties – might I suggest that the communication records between ministers be publicly available under this scheme.

 

Communications data – information such as who called whom and at what time – is already vital to law enforcement, especially when dealing with organised crime gangs, paedophile rings and terrorist groups.

These are the same tired reasons that get trotted out whenever the state want to do something “Won’t somebody think of the children”.   Communications Data is available to a wide variety of bodies under the act :

  • Charity Commission
  • Criminal Cases Review Commission
  • Common Services Agency for the Scottish Health Service
  • a county council or district council in England, a London borough council, the Common Council of the City of London in its capacity as a local authority, the Council of the Isles of Scilly, and any county council or county borough council in Wales
  • Department for Transport, for the purposes of:
    • Marine Accident Investigation Branch
    • Rail Accident Investigation Branch
    • Air Accidents Investigation Branch
    • Maritime and Coastguard Agency
  • a district council within the meaning of the Local Government Act (Northern Ireland) 1972
  • Department of Agriculture and Rural Development for Northern Ireland
  • Department of Enterprise, Trade and Investment for Northern Ireland (for the purposes of Trading Standards)
  • Department of Health (for the purposes of the Medicines and Healthcare Products Regulatory Agency)
  • Department of Trade and Industry
  • Environment Agency
  • Financial Services Authority
  • a fire and rescue authority
  • Fire Authority for Northern Ireland
  • Food Standards Agency
  • Gambling Commission
  • Gangmasters Licensing Authority
  • Government Communications Headquarters
  • Health and Safety Executive
  • HM Revenue and Customs
  • Home Office (for the purposes of the UK Border Agency)
  • Independent Police Complaints Commission
  • Information Commissioner
  • a Joint Board where it is a fire authority
  • Ofcom
  • Office of Fair Trading
  • The Pensions Regulator
  • Office of the Police Ombudsman for Northern Ireland
  • Port of Dover Police
  • Port of Liverpool Police
  • Post Office Investigation Branch
  • Postal Services Commission
  • NHS ambulance service Trust
  • NHS Counter Fraud and Security Management Service
  • Northern Ireland Ambulance Service Health and Social Services Trust
  • Northern Ireland Health and Social Services Central Services Agency
  • Royal Navy Regulating Branch
  • Royal Military Police
  • Royal Air Force Police
  • Scottish Ambulance Service Board
  • a Scottish council where it is a fire authority
  • Scottish Environment Protection Agency
  • Secret Intelligence Service
  • Security Service
  • Serious Fraud Office
  • the special police forces (including the Scottish Drug Enforcement Agency)
  • the territorial police forces
  • Welsh Ambulance Services NHS Trust

and the reasons don’t have to be national security.

From Big Brother Watch – Grim Ripa report we can see that Sandwell Council made 71 RIPA requests between 2009 and 2010.  Between 2008 and 2010 135 RIPA requests were authorised by Sandwell Council, resulting in 13 prosecutions.  A 9% prosecution rate.  If you’re interested Sandwell made requests about the following :

  • Trading Standards
  • Anti-Social Behaviour
  • Benefits Investigation
  • Environmental Protection

 

It has played a role in every major Security Service counter-terrorism operation and in 95 per cent of all serious organised crime investigations. 

It may well do, but the majority of cases published all seem to be relating to non counter-terrorism and organised crime.

 

But communications technology is changing fast, and criminals and terrorists are increasingly moving away from landlines and mobile telephones to communications on the internet, including voice over internet services like Skype and instant messaging services.

Interesting that you bought up Skype and IM.  If you use IM such as Microsofts Live Instant Messaging solution – that can be accessed via a web frontend.  To use Live Messenger via the web point your browser to Microsoft Live and messenger is available as an option on the webpage.  Now all this IM communications data (such as establish a connection to so-and-so) is sent via page posts to the server.  This proxy makes that communications data subject to intercept.  In this instance the communications data would only show Windows Live.

Does IM mean IRC?  if so that might not be tracked, as the connection is between you and the IRC server.  Connecting to a channel is (I believe) content data.

In terms of Skype – this is a closed source proprietary solution.  It might be that communications data can be recorded from the ISP – However as Skype is a peer-to-peer based network I would suggest that sending data from my machine to someone else’s machine does not mean that I established a connection to that machine.  Such a connection could be established by the Skype software internally.  For example:  when I switch on Skype it establishes connections to all the contacts on my list to see what state they are in.  I haven’t performed that communication.

The Government now estimates that it is now only able to access some 75 percent of the total communications data generated in this county compared with 90 per cent in 2006.

So the plan is to move towards total access of all communications data?

Given the pace of technological change, our future capability is very uncertain.  That is why, in the Government’s Strategic Defence and Security Review it said it would “introduce a programme to preserve the ability of the security, intelligence and law enforcement agencies to obtain data and intercept communications within the appropriate legal framework.”  It also made it clear that in seeking to ensure our law enforcement agencies continue to retain capabilities to protect us from harm, civil liberties would be respected and protected.

 

The Government therefore proposes to require internet companies to collect and store certain additional information, like who an individual has contacted and when, which they may not collect at present.

The information will show the context, but not the content, of communications. So we will simply have for internet based communications what we already have for mobile and landline telephone calls  The data will be available only to designated senior officers, on a case-by-case basis, authorised under the Regulation of Investigatory Powers Act, and the process will be overseen by the Interception of Communications Commissioner.  It will be available only if it is necessary and proportionate to a criminal investigation.  It should be noted that the police and other agencies will have no new powers or capabilities to intercept and read emails or listen to telephone calls and existing arrangements for interception will not be changed. 

This doesn’t work if the protocol you are capturing can be passed through a proxy.  In these situations you would need to intercept the content to extract the communications data.  Now imagine that the proxy is hosted in a foreign country – (gmail, Hotmail etc) – that could be difficult.  You would have to make a request to the server operator (Google / Microsoft ) to retrieve this information, and as they don’t fall under UK jurisdiction.

What would be more interesting would be if the target was running their own webmail system on shared hosting.  As the target would be running the server – does that mean that the security services would be making a request to the target to release their own logs?

No increase in the amount of interceptions is envisaged as a result of this.

As I said above -if communications data is sent as content to proxies, then to obtain this information will require more intercepts

Unlike the previous Government’s proposals there will be no government database and the data recorded will be strictly limited and regulated and will be destroyed after a year. The police and Security Service will not be able to intercept the content of calls and emails, except as now when it is necessary and proportionate as part of an investigation relating to serious crime or national security, and only when they have obtained a warrant signed by a Secretary of State.

Saying the Government isn’t storing all this data in a big government database is hardly reassuring.  All this solution does is place trust in the ISP’s to guard the ‘browsing habits’ of its customers.  I  seem to recall a company (phorm) using a similar mechanism to target adverts which would be inserted into a web page. It may be a bit cynical, but I can see ISP’s informing customer that their browsing habits will be tracked, and their hand is being forced by the law makers.  But while we’ve got this browsing information – lets try and sell you more targeted adverts.

As I’ve already raised above circumventing this ‘communications data only’ plan seems to be child’s play – for Email / IM a web based proxy turns all communications data into content data, making it inaccessible via these proposals. Linux format issue 158 even includes a live boot cover DVD containing tails – a debian based environment with added security.Encrypted Linux - on Linux Format ep158

Thank you again for contacting me.

 

Yours sincerely

 

James Morris

 

Other points to raise :

  • The Register raised an article here regarding Data Protection issues relating to this proposal to record communication data.
  • Communications data is pretty much useless unless you can tie an individual to it – What good is there in knowing that charliebrown172@SomeISP sent an email to snoopydawg188@somewhereelse unless you can convert these email addresses to real identities?
    • How would you do that?  There’s no national register of email addresses
  • The latest episode of Linux Format contains a boot-able Tor based linux distribution, along with counter surveillance techniques
  • James’ letter seems awfully similar to one sent to Ben Everard from Peter Luff, the Conservative MP for Mid Worcestershire
  • I have emailed my MP to arrange a surgery session, and got the following back :
  • Dear Mr Hingley
    My colleague Samantha has passed me your email.
    If you are able to give me a telephone number then I will ask James to give you a call at a time that is convenient for you.
    It would be helpful to know your specific concerns regarding the proposals (and please do bear in mind that at this stage
    they are just that – proposals) so that James can speak to the relevant people before he answers your questions.
    Kind regards
  • A thought occurs here – it’s a good job that the government and it’s representatives aren’t looking at the communication content – because it seems that despite the content of my email raising a few points that I thought were interesting , the questions raised within were not answered in his response.

Categories

Archives

Tags