Leaked e-mails reveal the Calgary Police Service looked seriously last year at purchasing software that would allow investigators to remotely hack cellphones and computers and to surreptitiously monitor activity on those devices even when it is encrypted.

While the head of the force’s electronic surveillance unit insists CPS decided not to purchase the spyware from the Italian company after a demonstration last November, he refused to say whether his officers are using a similar product acquired from another manufacturer.

“This is not something we are able to release,” Staff Sgt. Ryan Jepson said in an e-mail response to questions.

“Investigative techniques and technologies is not something we publicly discuss in order to protect their effectiveness.”

While Jepson said CPS would only use this type of product if it was authorized by a court, a privacy advocate was aghast at the broad capabilities of the spyware and doubtful about whether judges possess the necessary technical expertise to knowledgeably approve and oversee how it might be used by police.

“It’s one thing to have a tap on someone’s phone and to know who they’re talking to,” said Linda McKay-Panos, executive director of the Alberta Civil Liberties Research Centre.

“This is totally ‘Big Brother’ territory.”

The remote control service (RCS) software developed by Hacking Team at its Milan headquarters is capable of intercepting phone calls, text messages and passwords from compromised computers and phones, and can quietly turn on a target’s webcam and microphone.

E-mails and documents posted on WikiLeaks after the company’s servers were hacked show CPS was one of four law enforcement agencies in Canada — along with forces in Vancouver, Edmonton and the RCMP — who expressed interest in or tested the product.

The data dump after the July 5 breach shows Hacking Team sold its product to the FBI and Russian intelligence and that its clients include repressive regimes like Sudan, Saudi Arabia and Kazakhstan.

Searching through the one million plus emails, it seems Calgary investigators first expressed interest in the RCS product in mid-2011 when Cst. Shafik Punja wrote to ask for a demonstration.

“Where is the exploited data stored. On your servers or can I elect, as a customer, to send data directly to servers of my choice that I control?” Punja asked.

“I have both law enforcement and private sector clients that assist law enforcement and intelligence groups interested in this.”

The exchanges indicate that CPS officers first met Hacking Team officials at the National Technical Investigators’ Association annual conference in Memphis, Tennessee two years ago.

Last October, Cst. Shane Cross wrote the company to ask for a “ball park figure” on what the technology would cost and to “quickly arrange” a further discussion and demonstration.

“Our service is currently exploring options for tools that encompass network penetration solutions with an end-to-end command and control centre capability,” Cross said.

A report and messages written by a Hacking Team field engineer show that on November 24 he met with members of the CPS’ electronic surveillance unit at their Sunridge Way offices in the city’s northeast.

During the three-hour demonstration, Sergio Rodriguez-Solis writes that he showed investigators how the software could infect Android and Blackberry devices, record passwords, watch targets logging into Gmail and Facebook and even listen while they chatted with “partners in crime” on Skype.

“Very kind people, questions, more than 10 people attending,” Rodriquez-Solis wrote in an accompanying e-mail.

“They were interested.”

Jepson said he decided later not to purchase Hacking Team’s software because it did not fit with the unit’s operational needs.

While he refused to say whether CPS has acquired another spyware product instead, the service advertised recently for staff to work in the surveillance unit intercepting “highly confidential and sensitive conversations through a computer-based system.”

Corwin Odland, a CPS spokesman refused to elaborate on what system the ad is referring to, but he did say the posting was for an existing position.

“It is not new and is not part of any new initiative,” Odland said in a written response to questions.

Jepson also refused to provide statistics on how often his unit uses wiretap, but he did provide a link to a recently-released report that shows in 2013 police across Alberta applied for and received all 26 authorizations they sought from the court to intercept electronic communication as part of criminal investigations.

Kathleen Ganley, the newly-minted Justice Minister and Solicitor General, declined to be interviewed for this story, but she did issue a prepared statement.

“We rely on our police forces to keep our communities safe,” Ganley said.

“Any police use of surveillance technologies is subject to the Criminal Code and requires judicial authorization.”

Rod Fong, chairman of the Calgary Police Commission, said it is “responsible” of CPS to be constantly considering and exploring new technologies that would make officers more efficient and effective.

“As CPS determined that the (Hacking Team) software did not meet their operational needs, this matter was not brought to the commission’s attention,” Fong said in a prepared statement.

“While the commission does have an oversight role, these decisions (about acquiring surveillance technology), do not require (our) approval.”

If police need spyware to fight crime in a high-tech world, McKay-Panos said there needs to be a separate body to assist judges in providing civilian oversight so it’s not abused.

“It needs to be someone with technical know-how, it needs to be transparent,” she said.

“This technology is going to give police everything.”

http://calgaryherald.com/news/local-news/calgary-police-sought-software-to-hack-phones-computers

...

.

...

If the police can hack the public, the mafia can definitely hack the police.

In which case, there are times I think the criminals just wait for the police to do all of the legwork, the sorting the storing - and then just take it all when they are done.

Just add the CPS app to your phone and it will be all okkkk !!

(they sure are promoting the CPS app lots on Twitter)

Originally posted by Sugarphreak
If the software is available to CPS, it is available to criminals just the same

Blackberry has far better security than something like a Samsung
If you read the article, the software infects Android and Blackberry devices. Time to get an iPhone.

BTW: "If you've got nothing to hide then you've got nothing to worry about" is not a valid argument for big brother.

People who tend to advocate this idea, usually assume that only good and just and protectors have access to information about yourself. Which is of course, completely false.

The darker elements that can attain big brother information can use it for their purposes as well. They might not care at all about the porn surfing habits or drug use of citizens, but be looking for the exact opposite - easy marks, the churchgoers who give to charity.

Information is funny that way.. It can be completely altruistic to start with in gathering, but end up in the wrong hands - it will with certainty. And with certainty, any information can be used for nefarious deeds as well as good.

I know Rage2 is only joking, Iphones are just as vulnerable, they wouldn't leave the most popular device untouched.

The RCMP for years have had those devices they cart around in vehicles, they point them at any target walking or driving, and it immediately grabs every phone number, ISN, passwords, and other info on that phone. THat is 10 year old tech, and then some. I'm sure software solutions and more modern hardware tech have come even further.

I'm sure Weapon_R, the local legal expert here, will be able to report that many trials involving organized crime and others, have featured audio evidence collected from the accused own cell phone microphone, even when it wasn't in use. While not "common", it's happening more frequently - L/E using vidoe and audio taken from devices when the accused wasn't even aware they were operating.

I always laugh at guys using "IP Vanish" VPN software, or tunneling stuff, or even TOR browsers - if they truly are after you or surveilling you, they can see everything you see on your monitor, and the very first thing they install is a keylogger. Adios passwords. I suppose the above give a small, very small measure of protection versus a first glance by an ISP to see if you download Game of Thrones or not, but aren't good for securing anything more or else.

Usually when they finally release that they are "considering it", theyre already doing it.

If people think the police have time to hack everyday people's phone they need a reality check.

Any evidence they get from this would be inadmissible in court unless they had some sort of search warrant or production order authorized by the judiciary, which takes investigation and evidence. Otherwise that evidence would be irrelevant and excluded from court proceedings. Theres no difference between that or police executing a search warrant on your house.

CPS barely have time to solve real time crimes so why the hell do you think your self-important phone is of any danger of being hacked? If anything you've probably already been hacked by dozens of criminals who have infiltrated your wifi... and I dont seem to see any outrage about that.

Originally posted by rage2

If you read the article, the software infects Android and Blackberry devices. Time to get an iPhone.

Time to get a blackphone or the Turing Phone once its out. They don't hack iPhones, they just hack your icloud :rofl:

Originally posted by OTown
If people think the police have time to hack everyday people's phone they need a reality check.

Any evidence they get from this would be inadmissible in court unless they had some sort of search warrant or production order authorized by the judiciary, which takes investigation and evidence. Otherwise that evidence would be irrelevant and excluded from court proceedings. Theres no difference between that or police executing a search warrant on your house.



:werd: This will be used for potential terrorists ala Bill C-51.,

.

Its also a good way for religious zealots to identify assasination targets, passwords for airport security doors, and nuclear blueprints.

Arguably, the occasional porn or weed peddler that is caught is absolutely not worth it compared to what this type of information can be done when it eventually hits the wrong hands.

Completely against it. Information is a two way street, you can't just have one side with the information. The organized criminals will have just as much information as the police can gather (always have) if you take away privacy, the losers are always the ones that are a minority (which includes rich people as well as race)

Originally posted by OTown
If people think the police have time to hack everyday people's phone they need a reality check.

Any evidence they get from this would be inadmissible in court unless they had some sort of search warrant or production order authorized by the judiciary, which takes investigation and evidence. Otherwise that evidence would be irrelevant and excluded from court proceedings. Theres no difference between that or police executing a search warrant on your house.
.

Agreed. Even with exiting legitimate technology, there's a limit between "pings" of a cell phone they can do, even when locating could be life-saving.

The police and organized crime are both far behind the data collection of the corporations that make the phones. Apple and Google know exactly where the phones are and what they are used for.

Should Apple and Google give their information to the police? Should Apple and Google give their information to organized crime for potential profits? No. Should Apple and Google be collecting the information in the first place? No.

Kim Jong Il asks Apple for information to help its local police force to find and persecute Imperialist capitalist dogs. Donald Trump asks Apple for information to find Chinese citizens so that he can charge them an extra 25% over white people? Assad asks for racial profiling so that he can gas only certain parts of the city?

We are lucky to live in a part of the world where the local enforcement is relatively just. In many parts of the world, the local officers do the will of those in power and who pay the most.


Thats the way I see it. Besides the fact that breaking encryption and stealing information is illegal in itself (must hold the law up to its own standards, especially law enforcers or else you hit that slippery slope)

You guys are ignorant to think the police will only use those techniques for criminals. Look at all the shady police stories in the news. Look at Edmonton and the police officers who got charged for dealing drugs... It's not uncommon for the police to abuse their powers to get people charged for a crime and hope that it sticks... Worst case scenario for the police is they get someone thrown in jail for a few months before a judge throws the charges out.

I'm not a fan of broad surveillance techniques that have them answering to no one.

Originally posted by gwill
You guys are ignorant to think SOME, VERY FEW, CROOKED MEMBERS of the police will only use those techniques for criminals.

FTFY, and they would do that with or without these surveillance techniques, because those few are just like that.

Maybe the simpler explanation is that the police regularly harass innocent people all the time. Some times by mistake other times on purpose. It's not uncommon for the police to push the limits of the law during routine patrols and investigations....

These aren't extremely crooked cops.. These are every day officers who go a bit further then they should. Your recourse when this happens is slim to none.

.

Originally posted by ZenOps
Information is a two way street, you can't just have one side with the information. The organized criminals will have just as much information as the police can gather (always have) if you take away privacy, the losers are always the ones that are a minority (which includes rich people as well as race) [/B]

Yeah the issue with that right now is that it only goes one way. The criminals have the upper hand and they know it and they get away with it every single day because of it. You cant fault the police for trying to curb the one-sided battle that has become cyber warfare.

Originally posted by ZenOps
The police and organized crime are both far behind the data collection of the corporations that make the phones. Apple and Google know exactly where the phones are and what they are used for.

Should Apple and Google give their information to the police? Should Apple and Google give their information to organized crime for potential profits? No. Should Apple and Google be collecting the information in the first place? No.

Kim Jong Il asks Apple for information to help its local police force to find and persecute Imperialist capitalist dogs. Donald Trump asks Apple for information to find Chinese citizens so that he can charge them an extra 25% over white people? Assad asks for racial profiling so that he can gas only certain parts of the city?

We are lucky to live in a part of the world where the local enforcement is relatively just. In many parts of the world, the local officers do the will of those in power and who pay the most.


Thats the way I see it. Besides the fact that breaking encryption and stealing information is illegal in itself (must hold the law up to its own standards, especially law enforcers or else you hit that slippery slope)

I cant believe i just read a Zenops post that actually makes some sense and I largely agree with.

There is no way to justify the mass infection of civilian phones with viruses, spyware, backdoors so that IF MAYBE in the future one of those phones are used in a crime it makes it easier for the police to track down and convict someone. That's not how innocent until proven guilty works.

This is Batman: Dark Knight style surveillance and it is wrong.

As for the whole "police dont have time to bother going through your personal information for no reason etc etc etc" that's complete horseshit. How many cases are there annually in just Canada of police officers CAUGHT abusing police resources to do things like check up on ex wives etc.

Could you imagine if their workstations had a little button to turn on their cell phones camera and mic now?

:nut:

I am sure the service would log every use etc. but to turn the argument back around do you really think the police have time to check the actions of every single officer? No they wont unless someone gets egg on their face publicly and they have to order an internal investigation.

These kind of actions are why trust for police forces is at an ALL TIME historical low. Once upon a time a police officer was someone to be trusted, it seems these days an officer is someone to protect yourself from.

http://www.theglobeandmail.com/globe-debate/editorials/trust-in-police-is-at-a-low-ebb-heres-one-way-to-fix-it/article24580833/

For those who advocate this kind of police power ( for a local police force of all things ) all I say is:


Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety

The biggest issue is that none of this stuff actually requires a human to run it :dunno: Soon enough there will be AI that can run the surveillance software/equipment and when that time comes (it is happening already) surveillance of the general public will jump exponentially.

Originally posted by OTown


Yeah the issue with that right now is that it only goes one way. The criminals have the upper hand and they know it and they get away with it every single day because of it. You cant fault the police for trying to curb the one-sided battle that has become cyber warfare.

Hacking phones and computers isn't cyber war fare. Calgary police aren't dealing with international spying cases so why should they have the ability to remotely hack into whatever they want?

A few shady examples of police from my own experiences. I've had police purjor themselves and lie on the stand when questioning them during a traffic ticket I fought.

While hanging out with friends I had police kick In the door over a conversation someone had in the house on their cell phone. No warrant. No arrests were made. No one went to jail.... House was torn apart and everyone in the house was searched.

As much as most of the police are legit there are just as many that aren't. They regularly push the limits of what's legal and what's not.... Allowing them to do as they please by hacking any phone or computer will only get abused.

The problem with hacking is that you never know what you might come up with.

When you do something like this, everything from sexual preference to electrical usage habits and medial history comes up. Like GATTACA, this can be used against you in future job prospects (not sending a potential heart failure patient on a critical long term space mission)

Transparency in government is fine, because they are paid public servants. The public itself though should be allowed the benifit of doubt (innocent until proven guilty) and hot hunted down or targetted, especially as a source of revenue.

Originally posted by killramos


I cant believe i just read a Zenops post that actually makes some sense and I largely agree with.

There is no way to justify the mass infection of civilian phones with viruses, spyware, backdoors so that IF MAYBE in the future one of those phones are used in a crime it makes it easier for the police to track down and convict someone. That's not how innocent until proven guilty works.

This is Batman: Dark Knight style surveillance and it is wrong.

As for the whole "police dont have time to bother going through your personal information for no reason etc etc etc" that's complete horseshit. How many cases are there annually in just Canada of police officers CAUGHT abusing police resources to do things like check up on ex wives etc.

Could you imagine if their workstations had a little button to turn on their cell phones camera and mic now?

:nut:

I am sure the service would log every use etc. but to turn the argument back around do you really think the police have time to check the actions of every single officer? No they wont unless someone gets egg on their face publicly and they have to order an internal investigation.

These kind of actions are why trust for police forces is at an ALL TIME historical low. Once upon a time a police officer was someone to be trusted, it seems these days an officer is someone to protect yourself from.

http://www.theglobeandmail.com/globe-debate/editorials/trust-in-police-is-at-a-low-ebb-heres-one-way-to-fix-it/article24580833/

For those who advocate this kind of police power ( for a local police force of all things ) all I say is:



I don't think that the cops are looking for a back door into every phone for future use. I'd imagine they would need court authorization to bug a phone. Basically they are looking for a software solution instead of the old style of physically tapping a line.

Originally posted by Nitro5


I don't think that the cops are looking for a back door into every phone for future use. I'd imagine they would need court authorization to bug a phone. Basically they are looking for a software solution instead of the old style of physically tapping a line.

They specifically referred to it as spyware, which generally isn't a targeted hack.

I interpret it as this Italian company mass infects phones with spyware and CPS as looking to pay to use their exploit for access.

Originally posted by killramos


They specifically referred to it as spyware, which generally isn't a targeted hack.

I interpret it as this Italian company mass infects phones with spyware and CPS as looking to pay to use their exploit for access.

Thats the thing with interpreting, its open to interpretation.

Either way, CPS arent using it and this is a conversation on a hypothetical.

I think the lesson from this entire thread is that NOTHING on the internet is private. Its always going to be open to hacking and exploits and any security features are a mere deterance. If you dont want people to know your secrets and business dont put it on the internet. This is the same as that Ashley Madison cheating website... what do you expect?

They refused to answer the question when asked if they are using a similar service. That means they are otherwise they would answer truthfully.

Originally posted by OTown
I think the lesson from this entire thread is that NOTHING on the internet is private. Its always going to be open to hacking and exploits and any security features are a mere deterance. If you dont want people to know your secrets and business dont put it on the internet. This is the same as that Ashley Madison cheating website... what do you expect?

Your analogy is way off base. If they Hack my home computer they can access all the files that aren't uploaded online. They mentioned accessing web cams which could also mean security systems in your house. The data on my cell phone is private and not on the web.... When they hack my phone they'd have access to everything they shouldn't.

Originally posted by gwill
They refused to answer the question when asked if they are using a similar service. That means they are otherwise they would answer truthfully.

No, they just refused to answer because that knowledge (whether they do or not) is protected information. You dont see the army giving out battle plans because those plans are protected under a level of security (A, B, Confidential, Secret, Top Secret, etc). Same thing here

Originally posted by gwill


Your analogy is way off base. If they Hack my home computer they can access all the files that aren't uploaded online. They mentioned accessing web cams which could also mean security systems in your house. The data on my cell phone is private and not on the web.... When they hack my phone they'd have access to everything they shouldn't.

My mistake, I should have been more specific. I meant any information on any device that has an internet connection.

You do realize that anyone with the skill and equipment could do any of the stuff you mentioned within minutes, right? Happens every day.

If you think that any information on your devices is safe then you are truly living in a fantasy land.

There are countless break and enters where hackers take over the electronic door locks, enter, steal items, then lock it back and no one even knew they were there.

.

Originally posted by codetrap
So, to address gman's statement that they have a device they can point at your phone and remotely strip all the information off it. I can't find anything like that, or references to anything that can do that. Sounds like more in the realm of fiction than fact....


Thoughts?

Considering how long it takes to put a f'ing movie on my iPhone I have a hard time believing that somehow the police have a magic remote that can wirelessly auto hack and decrypt my phone and get every byte of info off it within 10 seconds. :rofl:

That's tin foil type theories made up from people who don't know how technology works.

Originally posted by gwill
They refused to answer the question when asked if they are using a similar service. That means they are otherwise they would answer truthfully.

Or they just want people to think that they have that kind of technology as a bluff.

Interesting point in that article: only 26 electronic authorization requests for electronic monitoring were requested to the courts in all of Alberta yet our police forces want to go out of their way to acquire services like this?

That math doesn't add up. Let's assume 10 of those electronic authorizations were for Calgary.... Does this merit the need for such drastic eaves dropping measures? The simple answer is no.

Has anyone seen the actual wiki leaks documents or have a link for it?

Originally posted by codetrap
So, to address gman's statement that they have a device they can point at your phone and remotely strip all the information off it. I can't find anything like that, or references to anything that can do that. Sounds like more in the realm of fiction than fact....


Thoughts?

Quick google search can get you their website pretty easily. http://www.hackingteam.it/

Being that this company had all of its data leaked it's far from fiction.

Originally posted by gwill


Your analogy is way off base. If they Hack my home computer they can access all the files that aren't uploaded online. They mentioned accessing web cams which could also mean security systems in your house. The data on my cell phone is private and not on the web.... When they hack my phone they'd have access to everything they shouldn't.

The target profile of your home computer or phone is smaller than a hosted service that everyone knows about. A hacker is far less likely to target your computer as opposed to Ashley Madison. There are constant port scans on pretty much every IP on the internet. Cams are rarely "hacked", the port was simply open and a random scan found it (like the ones on http://insecam.org.) But actual hacking, a group of people putting forth a concerted effort to break-in to a system, is pretty much never going to happen to your personal computer or device.

Data is always safer off "the cloud" (hate that term, its just someone else's computer) because no one gives enough shits about Bill's laptop and iPhone to put forth the effort to target it specifically.

Originally posted by codetrap
So, to address gman's statement that they have a device they can point at your phone and remotely strip all the information off it. I can't find anything like that, or references to anything that can do that. Sounds like more in the realm of fiction than fact....


Thoughts?

Without knowing ANYTHING about the specific system that is being talked about - consider this:

Almost all of the integrated circuits on most mobile (and electronic) devices are generic and are used all over the world to do different things. Your phone for eg. might only use 50% of the features and functions of one particular the chip, otherwise these parts of the IC's remain unused (not needed for function of phone, but might be used in a printer).

These "snoop" devices mentioned likely have the ability to call on the IC to function outside its intended use in the device to do something completely different.

Welcome to electronic warfare. Going on what, 50 years now?

Source?


You can just use the interwebs. None of this tech is classified at the moment.

Example - Stingray system. This has been around for 15 years now, and does everything I described and more. It's a tech that's constantly evolving with the times. The RCMP/L/E/CSIS in Canada very likely use similar devices to do all I previously said, as well as clone phones of targets they are investigating, which receive a copy of all text/calls in real time. They can intercept you on foot, your bike, in your car, or at home, and grab your cell/smart phone data completely, by simply targeting the receiver antennae at you from a distance, and zap, every phone in the target area is now theirs. The can use either a wide area antennae and mimic a tower and grab everything in a given radius, or a more focused system as I described, which allows them to literally point and target specific small areas like foot mobiles or vehicles.

https://www.aclu.org/map/stingray-tracking-devices-whos-got-them

Remember, this system has been around since the time that the "StarTac" was the "cool" phone to have.

The RCMP and CSIS won't deny that they have such systems.

So, as far as "thoughts" about it sounding "far fetched, and science fiction", the system and others like it have been used for over a decade, and the RCMP/CSIS refuse to discuss it.

...

You guys should watch 'Citizen 4' which is the recent interview documentary with Ed Snowden. 10 years ago the surveillance was far more advanced than I would have guessed.

My premise is that:

- if the technology sounds a little like fiction, its probably true -

.

I'm not sure what you're defining as new, or what your specific question even is.

The systems they are using are able to immediately capture all the data on any communication device, as well as monitor it from anywhere once they've targeted a device. This includes live voice - if that's your contention, that intercept systems are only able to get data, but not voice - hilarious. Voice is as least as important if not more, do you seriously believe that monitoring devices only grab the electronic registrations and text/computer data on the phone? Hell, 7 or 8 years ago the majority of comms was ONLY voice, text messaging was just beginning to gain popularity over voice and there was no iPhones or smartphone devices then. As I said, it's a progressive technology, back in the days of text/phone only, L/E/CSIS/etc would target you, get all the phone info, and then create a clone, either virtual or physical, and listen in and record every single syllable uttered on a phone to phone basis. There have been people convicted from the taps they've created.

What, do you think they just have the phone companies do that tap for them? Hah. There used to be a floor in one of the Telus buildings in BC where they had corporate security do some of that - guess what. Leak city. Now L/E in Canada completely cuts out the companies BY using this particular tech which takes the middle man out of the equation when it comes to portable devices. Get near target, capture target phone info/create virtual clone (physical is rarely done now), and that's all she wrote. Everything, including voice, is now going to be logged. Once a court order/warrant is issued, all the L/E need to do next is find you, use the system, and they then have captured all past and future data and all future voice comms. Different procedure for land lines.

I find it absurd that you somehow thing that real time voice comms would somehow not be included in such monitoring, let alone all the data. That's the entire point, just getting the IMEI/IMSI is useless so far as intel and building a case goes.

Hell, there is stuff out there commercially available to bug cells phones in terms of vox and data, does anyone actually believe that L/E and the nations intelligence services aren't able to do the same, only better, faster, and more efficiently? Portable, as in not affixed to the vehicle, systems have been in use in this country for a while now, that do precisely that. The frequency of targets using prepaid devices precludes monitoring their devices in any other way than a non-compliant targeting system such as what I've described.

You seem to be laboring under the delusion that L/E needs to physically be in possession of your device in order to get access to all the data and voice calls to be monitored. If you believe that to be true, I hope you are a solid citizen and have nothing to hide.

.

It was a lot easier to snoop 10 years ago than it is today. What Gman is describing are tools that take advantage of the flaws of the GSM network to hijack the identity of a device and literally snoop on all of it's data. It's been proven time and time again that cell phone networks are insecure and susceptible to snooping not just by law enforcement, but anyone with a few thousand bucks worth of tools. Voice and data travelling over cell networks should be expected to be susceptible, even today. Your voice call and text messages can be heard/read by anyone with a few ebay purchases.

With that being said, the big changes over the last decade is the closed off secure technology that runs over cell networks. Blackberry was at the forefront of this a decade ago which made them so secure compared to anyone else. By encrypting traffic before sending it out on the network, anyone snooping would just get encrypted data that was useless unless you had the keys, which only the handset and the BES server knew. All of a sudden, instant messages (BBM) and emails (to and from BES server) wasn't susceptible to snooping.

With the smartphone revolution came consumer level encryption that's even better than what Blackberry pioneered. iMessage goes a step further in that the server doesn't even get to decrypt the messages, keys are held point to point on each device, making it even harder for government officials to use man in the middle attacks to eavesdrop on communications.

Of course, nothing is perfect, and that goes back to the original leaked docs referenced in the OP. Spyware is a lot different now in that it looks for flaws in BBX, Android and iOS, breaks in using these flaws to access the decrypted data directly on the device. Instead of easily accessible data on everyone using mobile networks like 10 years ago, eavesdropping is now highly targeted, where it's a pain in the ass to just snoop on 1 single device. As security holes continue to be closed, it just gets harder and harder, especially without specific user intervention to trigger these flaws.

Long story short, you can't point a device at a smart phone and magically steal everything off it. :)

.

.

Originally posted by Cos
I have someone close to me who works in this unit, and I've heard nothing but complaints about how difficult a remotely locked iPhone can be. Not sure if it isn't locked out how that changes things.
If there's a way to jailbreak an iPhone, there's a hole that can get access to the phone. Of course that requires physical access, and you're only going to get encrypted data, as everything on local storage is encrypted. Turn on strong passwords on an iPhone and it makes it very tough to brute force decryption. Android just started doing this with their latest OS, so it's just as tough to dump decrypted data.

As for the remote exploits, iPhones are tougher to attack because of Apple's closed ecosystem. iOS just won't allow you to run unsigned/unauthorized applications, and Apple won't let malicious apps into the App Store. Not saying it's not impossible, there's always 0-day flaws that allows bad things to run on iOS. Just don't expect them to be used on anything but the most valuable targets.

.

.

Originally posted by rage2
if you're just a drug dealer and not a mafia boss, chances are the cops won't have access to your phone. Just turn off touch ID, set an advanced passcode and they won't be able to extract data if you don't give up the passcode.

Originally posted by Mibz
http://imgs.xkcd.com/comics/security.png

.

I don't disagree with anything anyone is saying, but you're missing a few key facts IMO.

1. NSA/CSIS/Whoever have the tech to read the keys for your encryption right from the CPU unit of you handheld device or home PC. And yes, I realize that you can't instantly grab gigabytes of data, it depends on the rate of the handset is able to upload, but once they grab that, they CAN grab all the data so long as they stay in trasmit range with their portable surveillance tools. Again, programs like PGP and such, as well as the encryption on iphones are easily defeated by reading the signals given off from the CPU itself- in fact an Israeli company even sells the tech to do this now.

2. CBSA isn't far enough up the classification ladder to get access to such tech, plus they don't need it, as they can get physical access and force peopel to give out PW. They can't apply for warrants beforehand for certain targets like the L/E and Intel services can either (and won't need as much to with C51).

Feel free to tell yourself that your iphone/BBerry/whatever device can't be monitored in an instant fashion, as I said, I hope anything who believe this is a solid citizen. Again, how do you think Intel services get INTEL without such portable systems, especially since criminals/threats use unregistered devices, and rapidly discard them.

Originally posted by Gman.45
...the tech to read the keys for your encryption right from the CPU unit of you handheld device or home PC.

Programs like PGP and such, as well as the encryption on iphones are easily defeated by reading the signals given off from the CPU itself Source?

Originally posted by Gman.45
Again, how do you think Intel services get INTEL without such portable systems, especially since criminals/threats use unregistered devices, and rapidly discard them. I think you give criminals [who are successfully surveilled] more credit than they deserve.

^ it think he watches to much TV lol

There are lots of other ways that criminal activity can be tracked without wirelessly pulling saved data off a smart phone.

Phones, once flagged can be easily tracked by cell tower triangulation a procedure that doesn't require the phone to be compromised in any way. you just need to know what phone it is. That's why people burn temporary phones not because they are concerned about their cameras being hacked.

Also i don't think there is a debate on if the NSA is capable of retrieving cell phone encryption codes, but even having those codes doesn't not automatically make them capable of wireless beaming information from the devices. With physical access? I have no doubt that they could pull everything off of my phone with time and effort.

I don't know what kind of signals you think you can get off a CPU that can be used to pull information but considering the CPU's are not designed to broadcast information and they don't have an antenna system in place you are talking about VERY small distances that you would have to place a monitoring device in to be able to detect and accurate record such signals. A distance so small you might as well just have physical access to the device.

This si tin foil hat type shit right now lol. i expect this from someone like Zenops.

Originally posted by Gman.45
Again, how do you think Intel services get INTEL without such portable systems, especially since criminals/threats use unregistered devices, and rapidly discard them.

HUMINT.

Originally posted by Gman.45
I don't disagree with anything anyone is saying, but you're missing a few key facts IMO.

1. NSA/CSIS/Whoever have the tech to read the keys for your encryption right from the CPU unit of you handheld device or home PC.
The encryption keys are encrypted by your passcode. You can read all the data you want off the phone, without the passcode, your encryption keys are useless. These keys are wiped from RAM every time you lock the phone, and regenerated every time you unlock the phone. This is why I mentioned switching to the longer passcode, as the 4 digit passcode isn't very hard to brute force.

In case you're bored:

http://www.darthnull.org/2014/10/06/ios-encryption

And because the passcode derived keys can only come from the hardware, you have to brute force it right on the hardware. This means you have to have silly ways of doing it to bypass the iOS password lockout.

http://techcrunch.com/2015/03/19/iphone-bruteforce-pin/

Pretty hilarious, 4.5 days to break the 4 digit PIN. This flaw has been patched, so you can't brute force it like this anymore.

That first link references Apple's whitepaper and it's fucking fantastic.

https://www.apple.com/business/docs/iOS_Security_Guide.pdf

.

bump.

Thought this was relevant.

http://appleinsider.com/articles/15/08/12/prosecutors-press-on-with-think-of-the-children-campaign-against-encryption-in-ios-android

Cops and prosecutors pissed off at Apple encryption, says it impeded in their investigation into murder, sex abuse of a child, sex trafficking ring, and assaults and robberies.

Originally posted by rage2
bump.

Thought this was relevant.

http://appleinsider.com/articles/15/08/12/prosecutors-press-on-with-think-of-the-children-campaign-against-encryption-in-ios-android

Cops and prosecutors pissed off at Apple encryption, says it impeded in their investigation into murder, sex abuse of a child, sex trafficking ring, and assaults and robberies.

Good :thumbsup:

iTouchKids

Originally posted by codetrap
So, to address gman's statement that they have a device they can point at your phone and remotely strip all the information off it. I can't find anything like that, or references to anything that can do that. Sounds like more in the realm of fiction than fact....


Thoughts?

It's called a stingray but it doesn't strip any information. It hijacks the connection between your phone and a tower. It actually can't target specific phones, so it gets every phone in the area. It's used for eavesdropping as well as for identifying who is in the vicinity based on which phones connect to it.

Edit: gman and most people speculating are out to lunch, rage2 is the only one making sense. Source: I do things like this and am very familiar with what was in the leak. It's not new or particularly sophisticated compared to other things out there. Also the stingray stuff has nothing to do with the HackingTeam stuff.

.

there is nothing to hack...all texts, emails, everything you do goes through your cell company and they have access to everything you send. call you cell company and they have every text you ever sent. you can request a print out even.

Originally posted by bikeaddict
there is nothing to hack...all texts, emails, everything you do goes through your cell company and they have access to everything you send. call you cell company and they have every text you ever sent. you can request a print out even.

That's not true. Text messages, yes. SMS is brutally plaintext. Most insecure method of data transmission. But any communication outside of that which is encrypted is not accessible. Same goes for your ISP. IF they chose to monitor and log your internet traffic, which they don't, encrypted communication is not visible to them. Sensative communications, email for example, is usually encrypted by default these days when you add the account to your phone.

Originally posted by bikeaddict
there is nothing to hack...all texts, emails, everything you do goes through your cell company and they have access to everything you send. call you cell company and they have every text you ever sent. you can request a print out even.

Not iMessage. You can intercept in transit.

BBM used to be good too but BB is know to hand over keys to governments to gain market.

I applaud Apple/MS at least on the surface, they standed firm.

Originally posted by Xtrema


Not iMessage. You can intercept in transit.

BBM used to be good too but BB is know to hand over keys to governments to gain market.

I applaud Apple/MS at least on the surface, they standed firm.

Not originally. Apple was complacent to NSA demands in 2012, and was referenced in a slide on PRISM has having been added to data they could collect legally.

Social backlash and numerous publicized hacks has changed their stance. Apple has been, up until recently, very reactionary in terms of security instead of being proactive. I believe blackberry has cooperated in India in terms of handing over keys in cases of Judicial request. Around the same time apple did...not publicly of course but they have been loading security back-doors on their phones they sell in India.

Oh sheeple.


Technology site The Register speculates that the protocols are there to conform with America's 1994 Communications Assistance for Law Enforcement Act — legislation that requires technology companies to maintain backdoors for the benefit of law enforcement agencies. Zdziarski, however, told the site that the level of access Apple provides "exceeds anything that law requires." This is from 2014.

Link (http://timesofindia.indiatimes.com/tech/tech-news/Apple-installed-security-backdoors-on-600-million-iPhones-iPads-Researcher/articleshow/38894518.cms)

So if BB gave up the keys for BBM in order to get into India why didn't apple have to? Surely they would have more customers...answer is that apple did. They just didn't tell anyone. And BBM was being monitored by the NSA in 2009 but BB was not on the list of legal access...BB had to be hacked. I trust the guy who was hacked rather than hand over the keys to the NSA. I trust they guy who publicly announced they gave keys to India rather than do it via backdoors and not release a statement saying they did so.

I'm not saying BB is currently more secure than Apple. Not at all. Just that one has approached security vastly different than the other. BB has never complied with the NSA (Obama is only allowed to use a BB, telling) while Apple is been forced into proper security measures, kicking and screaming, after the snowden leaks and Jennifer Lawrence's boobs broke the internet. Apple actually recently told the court that there is no issue with getting past older iPhones encryption but not the newest ones (released after the fappening and snowden leaks). Blackberry still contends that hacking into an older blackberry is not authorized and would be an illegal entry.

Who do you trust? I don't use BBM and right now I am quite confident in iPhone security BTW. I just like the approach one company uses as opposed to the other.

DOJ still trying to push hard to unlock that iPhone...

http://thehill.com/policy/cybersecurity/258111-doj-pushes-back-against-apple-in-encryption-fight

A juicy detail:


“Apple has repeatedly assisted law enforcement officers in federal criminal cases by extracting data from passcode-locked iPhones pursuant to court orders,” the brief reads.
So yes, Apple definitely used to help law enforcement unlock iPhones at some point in time.


Originally posted by frizzlefry
Obama is only allowed to use a BB, telling
Interesting note to all this, Obama was a BB addict, and used a restricted BB in his early days in office. This was before the iPhone was released. By the time the iPhone was out, he wanted one, but was rejected by the NSA, who instead gave him an updated but still restricted BB. This is why he still uses BB today.

Bump.

RCMP has BB master keys. Damn. Wonder how long they've had it for.

http://www.ctvnews.ca/canada/outrageous-rcmp-can-unlock-blackberry-messages-1.2861290

...

.

Actually...

All newer intel chips have the built in ability to push out a wireless HDMI signal.

http://ark.intel.com/search/advanced?WiDi=true&MarketSegment=DT

Technically, anything can be hacked. If they can hack your built in camera, its pretty much half a step further to turn on a WiDi display and see mirrored copy of anything you are looking at right now.

As is now if you ask me, WiDi is inferior to Steams "in-home streaming" over 802.11 bgn or better yet 802.11 ac. Widi allows for direct wireless links though, which means it will not be detected as regular internet traffic.

http://www.arovia.io/blog/2016/2/29/high-def-wireless

2.4 and 5ghz will probably not be used going forward. the 60ghz band will probably end up being the standard for wireless HDMI/4K/8K HDMI. But make no mistake, the circuitry is already built into many chips.

BTW: Lining your computer with a couple layers of Mylar (emergency blanket, like what can be found at dollarama for $1) should block most signals (but will not stop signals if they are sent to an external antenna of course) This will also unfortunately block any Bluetooth / 4.0 signals that may be emanating from your CPU/motherboard.

Originally posted by 01RedDX
I'm surprised there was no mention of this here - the FBI hacked the San Bernardino attacker's phone without Apple's help: http://www.reuters.com/article/us-apple-encryption-whitehouse-idUSKCN0XB05D?feedType=RSS&feedName=technologyNews&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+reuters%2FtechnologyNews+%28Reuters+Technology+News%29

They also will not be disclosing the method to Apple because it belongs to a third party.

Apple walks up to the FBI's door with their tail between their legs, while requesting to know how to hack an iPhone.

Oh the irony :)

Apple is just trolling the FBI because the FBI and the US government created a process to reveal vulnerabilities to companies to help fix issues in public technologies. There's already a lot known about how the FBI got in. Only iPhones up to the 5C are vulnerable. Phones with the A7 and up (starting with 5S) have secure data in the secure enclave and isn't vulnerable. Because the data is simply stored in standard memory, they're just resetting the failed attempt counter after every 5 or so tries to allow brute force attack without triggering self erase.

The whole idea is a common political tactic. That is, claim the worst, deny it, then slowly implement the exact same thing, but at a lower level.

Do that, and the sheeple will not only fall for the scam, but embrace it.

That's not by necessity in regards to the specifics of the thread, but rather a generalization of a scam characteristic.

I hope no one thinks/believes that simply having one app (eg. encrypted whatsapp) means that youre immune from government monitoring. There could easily be another shadow program in your mainstream device that monitors key inputs - perhaps masquerading as a useful app (weather?).

So while the data being sent in your encrypted app is fine from end to end, the device might be sending the keyboard data elsewhere.

Might be a good idea to teach the people that what they write online, is stored despite that pesky delete or so call called "private" option.

I would explain all that, but the average person is too brainwashed to have any affect.

Originally posted by ZenOps
Actually...

... wireless HDMI signal.

the standard for wireless HDMI


Why do you keep saying this? "HDMI" is a proprietary cable (physical) connection standard. It is not a wireless standard.

Originally posted by revelations
I hope no one thinks/believes that simply having one app (eg. encrypted whatsapp) means that youre immune from government monitoring. There could easily be another shadow program in your mainstream device that monitors key inputs - perhaps masquerading as a useful app (weather?).

So while the data being sent in your encrypted app is fine from end to end, the device might be sending the keyboard data elsewhere.

True, but that kind of compromise is on a whole different level than snatching things out of the air. You need to compromise the device in the first place, which is generally going to require physical access. Deterministic builds have also made it relatively easy to detect these compromises. I'm not saying it's impossible, or even improbable, just a whole different can of worms.

Originally posted by Inzane


Why do you keep saying this? "HDMI" is a proprietary cable (physical) connection standard. It is not a wireless standard. why don't you have zenops on ignore like everyone else?

LOL, ZenOps with yet another tech knowledge fail.

Fucker's making a Visual Basic GUI to track down the killers IP!

I remember on another board where a regular poster was labeled as Captain Tin Hat due to saying that the NSA and government could monitor every computer/internet out there at will, as well as record every phone call, in any language, and store all the recordings forever in giant banks of computers at Ft. Mead.

Everyone laughed at him, me included, back around 2005 or 6.

Turns out he should have been the one laughing.


That lesson learned, I now going forward just assume that the Gov and L/E can and will monitor and record every type of electronic communication out there at will, and even if they come up against systems with encryption and other protections, there is always some person or company in the wings able to crack it for them.

Not that I have anything to hide, but assuming that ANY comms either online or on the phone can't be monitored these days is absurd at best. IF you want something to be truly private, say it face to face, and well out of range of anything with a speaker and/or mic, as they can listen through those on TVs and smart phones, as well as laptops and anything else too.

As Revelations just said, there are many ways to skin the cat, even IF you're using encrypted/secure xyz whatever, all it takes is a keystroke logger sending your strokes directly through a hidden program to bypass all that. There are undoubtedly ways of monitoring and intercepting comms that all of us here will never know or dream up, unless another Snowden thing happens in the future, or some other big reveal occurs for some reason.

If Trudeau builds his quantum computer, it'll be game over for most secure communications. Instead of thousands of centuries to crack an RSA key, it'd take minutes. We'd have to reinvent a lot of encryption again.

...

I can't trust no one. So if you need me, just page me and I'll call you back from here:
https://s-media-cache-ak0.pinimg.com/736x/71/b1/43/71b143eebd9c43279888f96c71fefeac.jpg

With the # of cameras out there today, it won't be hard to locate you using a payphone on video. Plus that call is totally unencrypted.

iMessage for texts, FaceTime audio for audio calls. Nobody can intercept that shit.

Originally posted by rage2
If Trudeau builds his quantum computer, it'll be game over for most secure communications. Instead of thousands of centuries to crack an RSA key, it'd take minutes. We'd have to reinvent a lot of encryption again. There are already many forms of proposed encryption that QC cannot break.

http://security.stackexchange.com/questions/48022/what-kinds-of-encryption-are-not-breakable-via-quantum-computers

Look up post-quantum computing cryptography.

Originally posted by suntan
There are already many forms of proposed encryption that QC cannot break.

http://security.stackexchange.com/questions/48022/what-kinds-of-encryption-are-not-breakable-via-quantum-computers

Look up post-quantum computing cryptography.
Yea, but we have to use it first, and that's the biggest problem. It's like ipv6, sure we have a solution to a problem, but it's not a solution until it's widely adopted.

Right now we're completely reliant on encryption that'll be easily broken in 5 (or so) years when quantum computing becomes reality. Sniff all my traffic, save it somewhere, and in 5 years BAM you can break the keys and see it all in the clear.

Just take all your encrypted stuff and re-encrypt it with something more secure.

Originally posted by suntan
Just take all your encrypted stuff and re-encrypt it with something more secure.
Quantum computing only breaks public key encryptions (public/private key). Stuff you have a rest is encrypted using symmetric algorithms which isn't going to break in the future with quantum computing.

So the worry is your child luring chats or drug dealing chats gets broken into in the future haha.