Researchers discover cell phone hackers can track your location without your knowledge
University of Minnesota computer science Ph.D. student Denis Foo Kune, working with associate professors Nick Hopper and Yongdae Kim, and undergraduate student John Koelndorfer, described their work in a recently released paper "Location Leaks on the GSM Air Interface" which was presented at the 19th Annual Network & Distributed System Security Symposium in San Diego, California.
"Cell phone towers have to track cell phone subscribers to provide service efficiently," Foo Kune explained. "For example, an incoming voice call requires the network to locate that device so it can allocate the appropriate resources to handle the call. Your cell phone network has to at least loosely track your phone within large regions in order to make it easy to find it."
The result is that the tower will broadcast a page to your phone, waiting for your phone to respond when you get a call, Foo Kune said. This communication is not unlike a CB radio. Further, it is possible for a hacker to force those messages to go out and hang up before the victim is able to hear their phone ring.
Cellular service providers need to access location information to provide service. In addition, law enforcement agencies have the ability to subpoena location information from service providers. The University of Minnesota group has demonstrated that access to a cell phone user's location information is easily accessible to another group—possible hackers.
"It has a low entry barrier," Foo Kune said. "Being attainable through open source projects running on commodity software."
Using an inexpensive phone and open source software, the researchers were able to track the location of cell phone users without their knowledge on the Global System for Mobile Communications (GSM) network, the predominant worldwide network.
In a field test, the research group was able to track the location of a test subject within a 10-block area as the subject traveled across an area of Minneapolis at a walking pace. The researchers used readily available equipment and no direct help from the service provider.
The implications of this research highlight possible personal safety issues.
"Agents from an oppressive regime may no longer require cooperation from reluctant service providers to determine if dissidents are at a protest location," the researchers wrote in the paper. "Another example could be thieves testing if a user's cell phone is absent from a specific area and therefore deduce the risk level associated with a physical break-in of the victim's residence.
Foo Kune and his group have contacted AT&T and Nokia with low-cost techniques that could be implemented without changing the hardware, and are in the process of drafting responsible disclosure statements for cellular service providers.
More information: Visit http://z.umn.edu/f … kuneresearch to read the full research paper.
http://phys.org/news/2012-02-cell-hackers-track-knowledge.html
The FBI took -- and mysteriously returned -- their server. Here's their story
Ever wonder what it's like to have FBI agents knock on your door? Or to have them walk into your business unannounced and walk away with your computer? Jamie McClelland and Alfredo Lopez can tell you.
Their recent run-in with the men in black – the result of a spate of email bomb threats to the University of Pittsburgh -- offers a rare glimpse into the collision between free speech rights and the benefits of anonymity on one side with the needs of law enforcement to act quickly in the face of real threats on the other.
Their tale ends with an odd twist: FBI agents, caught on video, returning the server only four days after it was seized from a co-location facility in New York City. At the moment, no one knows why the FBI would take that unusual step. FBI Special Agent Bill Crowley said the agency wouldn't comment on either the seizure or the return of the server.
Tou can read the rest at
http://redtape.msnbc.msn.com/_news/2012/05/11/11647813-the-fbi-took-and-mysteriously-returned-their-server-heres-their-story?chromedomain=usnews
Strassel: Trolling for Dirt on the President's List
Here's what happens when the president of the United States publicly targets a private citizen for the crime of supporting his opponent.
Frank VanderSloot is the CEO of Melaleuca Inc. The 63-year-old has run that wellness-products company for 26 years out of tiny Idaho Falls, Idaho. Last August, Mr. VanderSloot gave $1 million to Restore Our Future, the Super PAC that supports Mitt Romney.
Three weeks ago, an Obama campaign website, "Keeping GOP Honest," took the extraordinary step of publicly naming and assailing eight private citizens backing Mr. Romney. Titled "Behind the curtain: a brief history of Romney's donors," the post accused the eight of being "wealthy individuals with less-than-reputable records." Mr. VanderSloot was one of the eight, smeared particularly as being "litigious, combative and a bitter foe of the gay rights movement."
.About a week after that post, a man named Michael Wolf contacted the Bonneville County Courthouse in Idaho Falls in search of court records regarding Mr. VanderSloot. Specifically, Mr. Wolf wanted all the documents dealing with Mr. VanderSloot's divorces, as well as a case involving a dispute with a former Melaleuca employee.
Mr. Wolf sent a fax to the clerk's office—which I have obtained—listing four cases he was after. He would later send a second fax, asking for three further court cases dealing with either Melaleuca or Mr. VanderSloot. Mr. Wolf listed only his name and a private cellphone number.
Some digging revealed that Mr. Wolf was, until a few months ago, a law clerk on the Democratic side of the Senate Permanent Subcommittee on Investigations. He's found new work. The ID written out at the top of his faxes identified them as coming from "Glenn Simpson." That's the name of a former Wall Street Journal reporter who in 2009 founded a D.C. company that performs private investigative work.
The website for that company, Fusion GPS, describes itself as providing "strategic intelligence," with expertise in areas like "politics." That's a polite way of saying "opposition research."
When I called Fusion's main number and asked to speak to Michael Wolf, a man said Mr. Wolf wasn't in the office that day but he'd be in this coming Monday. When I reached Mr. Wolf on his private cell, he confirmed he had until recently worked at the Senate.
When I asked what his interest was in Mr. VanderSloot's divorce records, he hesitated, then said he didn't want to talk about that. When I asked what his relationship was with Fusion, he hesitated again and said he had "no comment." "It's a legal thing," he added.
Fusion dodged my calls, so I couldn't ask who was paying it to troll through Mr. VanderSloot's divorce records. Mr. Simpson finally sent an email stating: "Frank VanderSloot is a figure of interest in the debate over civil rights for gay Americans. As his own record on gay issues amply demonstrates, he is a legitimate subject of public records research into his lengthy history of legal disputes."
.A look through Federal Election Commission records did not show any payments to Fusion or Mr. Wolf from political players, such as the Democratic National Committee, the Obama campaign, or liberal Super PACs. Then again, when political groups want to hire researchers, it is not uncommon to hire a less controversial third party, which then hires the researchers.
This is not the first attack on Mr. VanderSloot. While the executive has been a force in Idaho politics and has helped Mr. Romney raise money, he's not what most would consider a national political power player. Through 2011, nearly every mention of Mr. VanderSloot appeared in Idaho or Washington state newspapers, often in reference to his business.
That changed in January, with the first Super PAC disclosures. Liberal bloggers and media have since dug into his past, dredging up long-ago Idaho controversies that touched on gay issues. His detractors have spiraled these into accusations that Mr. VanderSloot is a "gay bashing thug." He's become a national political focus of attention, aided by the likes of partisan Salon blogger Glenn Greenwald and MSNBC host Rachel Maddow. Bloggers have harassed his children, visiting their social media accounts and asking for interviews and information.
Mr. VanderSloot has said his attackers have misconstrued facts and made false allegations. In February he wrote a long reply, publicly stating that he has "many gay friends whom I love and respect" who should "have the same freedoms and rights as any other individual." The Obama campaign's response, in April, was to single out Mr. VanderSloot and repeat the slurs.
Political donations don't come with a right to privacy, and Mr. VanderSloot might have expected a spotlight. Then again, President Obama, in the wake of the Gabby Giffords shooting, gave a national address calling for "civility" in politics. Yet rather than condemn those demeaning his opponent's donors, Mr. Obama—the nation's most powerful man—instead publicly named individuals, egging on the attacks. What has followed is the slimy trolling into a citizen's private life.
Mr. VanderSloot acknowledges that "when I first learned that President Obama's campaign had singled me out on his 'enemies list,' I knew it was like taping a target on my back." But the more he's thought it through, "the public beatings and false accusations that followed are no deterrent. These tactics will not work in America." He's even "contemplating a second donation."
Still. If details about Mr. VanderSloot's life become public, and if this hurts his business or those who work for him, Mr. Obama will bear responsibility. This is what happens when the president makes a list.
http://online.wsj.com/article/SB10001424052702304070304577396412560038208.html
No comments:
Post a Comment