Archiv für die Kategorie ‘IT-Security’

◾ „Your perspective on life comes from the cage you were held captive in.  Shannon L. Alder


Looking for usefull IT-Security sites on the web did lead me to the one of EchoSec (echosec.net).
EchoSec offers a service for location based searches on social media. The site is a platform that
provies public safety, security, journalism and intelligence professionals actionable knowledge
based on aggregated social media and other Information.

EchoSec

If you think this is nothing new, think again! EchoSec managed to detect open available (!) information
e.g. on Twitter, Facebook, Google+, LinkedIn, Foursquare, Youtube, Instagram and much more networks
and map it all together. And this is getting close to my idea of linking all the API together for a better Monitoring!
See: Soziale Netzwerke: wie wir uns der Überwachung ausliefern (in german)!

The gathered information are posted even by YOU everytime you use your social media accounts.
Your posts are open to the public in many cases, and your nickname might be traceable back to your real name…

On a world-map you are able to trace (footprint) individuals, if they did post e.g. to Twitter with
having their location activated/shared. Further more you are able to drag a boundary on a digital map
and you will get all the social media Feeds from within that special zone & period of time you selected.
Special search terms, Accountnames or hashtags are a good starting point to look up, what you are
looking for in your region or even world-wide!

It is all about location ;-)

It is all about location ;-)

I had the pleasure to test EchoSec with a Pro-Account and I can definitely recommend the service.
If you need to investigate what is going on in a particular place you are able to get live information
so you are up to date. No wonder as EchoSec says it is working hard with Law Enforcement Officers to
optimize the service. The private & confidential Whitepaper and Feature-List, which I am not going to
share here, are quiet promising.

It is about protecting society and not spying!

Some Information, such as possible threats, are detectable with EchoSec. With the option to look back
to a special date you are able to track back possible suspects after something like a robbery or other criminal
action did happen. If you are lucky you can even prove innocence as well…

Location-MI6 U.K.

Location-MI6 U.K.

For a test I did use my own tool to post from several locations such as the MI6 in the U.K, the german
chancellorship and the NSA in Fort Meade ;-)

EchoSec managed to catch my post in realtime and I was able to footprint where I have (virtually) been
with my Twitter account. It did grab the correct banner from what kind of Client I did post my tweet.
In this case from „Tactic4lHQ“ – my own developed CyberToolkit.

Location-Kanzleramt

Location-Kanzleramt

The usefull option „fly to“ (where possible, because of geolocation activated), which is indicated by a plane,
lets you jump to the specific publication on the digital map, to look up the location and maybe drag a new
search around the area for deeper investigations.

Location-NSA

Location-NSA

Social media is the best place to get fast and latest news, on what is going on out there. Not out of pure curiosity,
but to protect the public interest! There are events that might require additional investigative Information such as:

  •  Protests
  •  Riots
  •  Terror attacks
  •  State visits by higher government members
  •  Hostage Situations
  •  General Crisis Scenarios

To name only a few possible rather critical reasons! You are free to look up a good place to go to lunch with
the EchoSec service as well ;-) It is up to you what you use this service for. There are virtually no limits to
imagination…

I reported some possible improvements to EchoSec, such as simply fix the digital map, so you don’t have to
scroll to the top of the site. Having an API would be pretty cool as well, so you could integrate EchoSec
into your own toolkits (did this with shodanhq.com and some others e.g.).
Got a positive feedback, that my suggestions might be on the roadmap now :-) Let’s wait and see.

In my last blogpost about Pegida I mentioned I would write a follow up post. The follow-up would have been
about homegrown terrorism and I wanted to point out how important it is to monitor who is coming back
from crisis countries. In the meantime we all know what did happen in France. Take this blog post as a substitute.
Sometimes you start to give up privacy with a tweet, like, webcheckin or blog post. We need to analyze all the
information we can, to stop things like that have happened in France. It does not mean you are under a general
suspicion! You decided to tweet, like, share and use all the – sometimes even unsecure or- open available platforms
on the net for a better living comfort…..

 

EchoSec Social Geo Intel Dashboard demo:

 

◾ „Privacy is not something that I’m merely entitled to, it’s an absolute prerequisite.  Marlon Brando

[25.11.2014/22:00 UTC+1 – UPDATE]

Insecam.com now says: „The coordinates of the cameras are approximate„. But that is simply not true.
Despite insecam now only seems to show obvious uncontroversial cams, you are now able to get to the cameras IP-address. I found cameras which I am not sure, if they were intentionally open to take control over (zoom, rotate etc.).

This might lead in some cases to circumstances under which you could manage the camera to look into areas that are not supposed to be streamed. Insecam continues with its explanation: „They point to the ISP (IP) address and not the physical address of the camera. This information is accurate only to a few hundred miles. The coordinates are provided only to locate the city where the camera is located, but not it’s exact position or address.

Uhm, not sure how much more accurate you could be with having the IP-address which does forward to the cam?!?
Or do I misinterpret this point somehow? Even if you are changing the coordinates generously on insecams geo-map, the IP-address does not lie.

E.g. I found this camera in Liechtenstein: http://www.insecam.cc/cam/view/511xx/
with coordinates (47.141510 | 9.521540) on insecam:

Liechtenstein-Studio

If you click to open the stream, you are directed to the IP which provides the camera and its interface:

http://80.72.XXX.XXX:82/CgiStart?page=Single&Language=0

Now I decided to look who this might be via his IP-address. I did use iplocation.net to select the best result and opened
the associated Google-Maps-Link:

Altenbach_1

 

Looking at the streamed Image I noticed the text „Studio_Decke“ (in the lower left corner), so I did look on Google if
I could find a „Studio“ in the area „Altenbach“.

After a few minutes I got two perfect results. One company has a very similar logo as shown on the streamed front door.
I did sent the company owner an email, and now I am waiting for a response, if it is his cam and if he wanted to stream
his visitors to the world.

Remember what insecam told us? This information is accurate only to a few hundred miles. The coordinates are provided only to locate the city where the camera is located, but not it’s exact position or address.


I don’t only want to criticize his work with insecam.com constantly and I am happy he decided to
take the private streams offline, but the more you look into details, the more questions arise.


I decided not to dig deeper on that insecam thing. It is up to competent authorities to decide what actions are necessary, or not…


 

Mail-Insecam

Answered questions by admin(at)insecam.com (1 of 2)

The original blogpost (12.11.2014) about identifying the insecam owner is currently protected via password for special access only. Competent authorities were informed to investigate the issue on insecam.com. The site insecam.com and insecam.cc do currently not stream private Webcams anymore, and so my „work“ for the moment seems to be done.

Cat out of the bag

I am sorry for the guy behind insecam.com, that I had to make him public known, but there was no other way
to force his ugly site to be off the web! I can not accept someone does stream kids and private cameras all over the world!

It is NOT a collateral damage to stream private cameras. And it is not right or justifiable to login to cameras which are protected with simple or standard passwords! They ARE protected! No matter if with weak password or not. You do not have the right to log in to this systems and it IS a crime!


If you are a serious IT-Security Researcher you would never try to inform the masses about such kind of problem
by exposing them public! You would rather setup a site which detects only the visitors IP-Address and offer to scan
for weak passwords and a possible open stream (right that is more work than just grab the data from Shodan-API and stream cams & draw the IP-Geolocation!).

The guy behind insecam knows that I got him. And I can only ask him to stand behind his „project“ with his real Name! Because what we are seeing now on the News is a lot of crap about „Russia“ is attacking us, and panic that suggests false things about „evil l33t haxors“ (maybe let us call him the „moldovan programmer looking for a job“)…

He is only making things worse by trying to hide and keep an illusory and mysterious veil of fog on insecams intentions.


The lesson he might have learned: „cover your tracks, before trying to come around the next corner with your pseudo operation you don’t want to be traced back to…“

 

If you are a journalist or from a law enforcement authority and want to get in contact with
me for details, please do so via Twitter first (@Tactic4l).

Important:
The intention behind this article is NOT to start a smear campaign against someone.
I might be totally wrong and I would then apologize. But so far I am trying to find the
bigger context of all of this. Maybe the one person (yes it is a single person as he did let me know) behind insecam had really good intentions. And this assumed I urge you all to not stalk or harass this guy. But we need to find another solution to throw light on such kind of issue as with open cameras (or poor secured ones). I have a lot of respect for the one that started this campaign, but he should have put his name on the site, and explain open to the media what his intention is. He should have created a site which lets you detect if your private camera is streaming to the world….using the front door was not the best option in this case, although it did lead to more excitement! All all at the expense of privacy….

Trying to stay anonymous, with this kind of site he created, is like to challenge the devil…always a bad idea!

You all stay safe & remember to regularly change your (hopefully strong) passwords ;-)

Challenge accepted:


Here some related articles worth to read:

Webcam snooper now looking for a Job (pcworld.com by @Jeremy_Kirk )
Dem Webcam-Spion auf der Spur (NZZ.ch)
Russian webcam hacker uses Insecam site to look for Job (Independent UK)
Programmer behind webcam-snooping Website replaces site with a job ad (Fox News)
Piraten erstatten Anzeige (Tageblatt.lu)
Security Cams in Luxemburg geknackt (Tageblatt.lu)


Office of the Privacy Commissioner of Canada (Letter to operators of webcam website)
Information Commissioner’s Office blog
Office of the Information & Privacy Commissioner of British Columbia

UK moves to shut down Russian hackers streaming live British webcam footage (the Guardian)
This Terrifying Website Lets You Spy on People Through 73,000 Private Security Cameras (Mic.com)
This Website Streams Camera Footage from Users Who Didn’t Change Their Password (Moterhboard)
Thousands Of People Worldwide With Home Security Cameras Are Being Spied On By A Russian Website (Business Insider)

 

Dieser Inhalt ist passwortgeschützt. Um ihn anzuschauen, gib dein Passwort bitte unten ein: