Five years on from the revelations that the U.S. National Security Agency (NSA) collects personal data on every American—and many more people worldwide—the storm has passed.
It is important to learn about the methods the NSA uses to spy on citizens. Once you understand how your liberties are violated, you can start defending your data and reclaim your privacy.
Let’s take a look at 8 methods the NSA is using to spy on you right now, according to documents leaked by Edward Snowden and further investigation by the press.
How the NSA spies on you in America
1. They can access your phone records
In 2017, the NSA acquired data from over 534 million phone calls and text messages. Unbelievably, this tally is over triple the amount collected in 2015, when the USA Freedom Act supposedly limited NSA access to data from communication companies.
2. Your favorite internet services pass your data to the NSA
Facebook, Google, Apple, and six other leading online services have all gone on record as having given their customers’ data to the NSA, as legally required by the “PRISM” program. Data shared includes emails, messages, and documents.
3. The NSA can hack your devices
The NSA’s hacking unit, Tailored Access Operations, has developed a whole range of hacking exploits. These enable the NSA to break into consumer electronics devices and IT systems as it sees fit. When the NSA finds a security hole in a popular consumer device, they do not, as previously intended, fix the security hole, but instead exploit it. That leaves all our devices vulnerable to hackers.
4. All your security devices are exploitable thanks to the NSA
The NSA has also made the job of hacking security devices easier for itself, by coercing many manufacturers into building vulnerabilities into products such as networking switches, firewalls, and encryption protocols. These vulnerabilities are known to the NSA, which can exploit them at any time. The NSA also intercepts shipments of computers and phones and plants backdoors in them.
5. The NSA can track you wherever you are
When you move around your town, cell phone towers can calculate your exact position. The NSA keeps records of where you are at any time, and they can read all your incoming text messages and phone calls and store them indefinitely.
How the NSA spies on you overseas
6. The NSA has tapped internet lines worldwide
The internet connects different continents via undersea fiber optic cables that carry truly massive amounts of data. In some places, the NSA has deals with local intelligence agencies to tap into these cables; in others, it does so on its own. The NSA even uses submarines to attach snooping bugs to wires deep beneath in the ocean.
7. The NSA hack foreign companies
In Brazil, Germany and other countries, the NSA has broken into the internal networks of major telecommunications providers, intercepting the data they gather and weakening the security of their systems. They collect every email and phone call they can.
8. The NSA knows exactly what you own and buy
The NSA has access, through agreements and hacking, to major credit card networks, payment gateways, and wire transfer facilities. This allows them to follow every cent of your money, where it comes from, and what you are spending it on.
Protect yourself from government surveillance
While the NSA’s reach extends across the globe, there is still a lot you can do to safeguard your internet privacy. Check out this list of top privacy tips and always be conscious of what you’re sharing, with whom you’re sharing, and how you share it.
Mashable's been closely covering this story — you canread everything here— but we'll give you the TL;DR version. The FCC has decided that large internet service providers (ISPs) like Xfinity, Verizon, RCN, and any other company in the game can charge customers premium rates for faster internet access. This decision was also significant in that it set ISPs significantly free from the confines of government oversight, and it is sparkingjustifiable privacy concernsas deregulation could empower ISPs to peek into our browsing behavior even more than they already do, or worse,sellthat data.
If you're one of those people who likes to stock up on canned goods before the first snowflakes even start to fall, all of this change might make you feel a little twitchy. But we're here for you: One way to get some peace of mind is by downloading a virtual private network (VPN) so that what you do online stays between you and your mouse.
A VPN will essentially allow you to access the web with protections that encrypt your data from prying ISP eyes. VPNs can help add a layer of privacy online no matter where you are, which is why they've long been used by people who travel abroad and want to protect personal info (financial or otherwise) while browsing on public Wi-Fi. Journalists working on sensitive stories find VPNs useful, too.
If you're new to the VPN game, then we have a few suggestions — most of which are even on sale.
According to PC Mag, TunnelBear is a "friendly" VPN option for first-time users due in large part to its "pleasing, approachable design." While it doesn't have P2P, BitTorrent, or any specialized servers, it's worth noting that TunnelBear works with Netflix, which isn't always the case with VPNs.
With more than 2,000 servers around the world and the ability to pay for a subscription in Bitcoin, NordVPN is a PCMag Editor's Choice product with a (rare) 5-star review. "None of the searches or streaming activities that originate within NordVPN's software are logged anywhere on any of NordVPN's servers," says PCMag. "The company maintains no logs of a user's internet path or actions."
This high-rated VPN has a bigger suite of advanced features than others, like automatic IP address cycling, and has some 750 servers across 61 countries. CNET lists IPVanish as one of the best VPN services of 2017. A con for IPVanish though is that it's expensive. Good news for you: it's currently on sale.
Though KeepSolid doesn't allow ad blocking, it's one of the most consistently affordable VPNs out there and offers many of the features you'll want: browser extensions, specialized servers, P2P networking, and more. (Read the TechRadar review here.) One of the biggest draws though is KeepSolid's flexible pricing plan, which includes an Infinity Plan for lifetime use that's currently 70% off.
PCMag gives VyprVPN 4.5 stars, due in part to its multi-platform and multi-protocol support. According to the review, VyprVPN has hundreds of servers and a great interface, though it covers fewer devices than others on the market. In case you're on the fence, VyprVPN also has the option of a three-day free trial.
There are 2 primary methods to hack passwords: Brute Force and Password Guessing. Of the 2, believe it or not, it is easier to guess someone’s password than to try every combination of letters, numbers and symbols. In a brute force attack, password attempts would progress from: a, b, c; to aa, ab, ac; to aaa, aab, aac; and so on.
The core question is not, “Can my password be hacked?”, but rather “How long would it take?”. That’s where password entropy comes into play for our (the user’s) benefit. Loosely defined, entropy is disorder. Since a brute force attack is a very orderly attack, the more disorder you have in your password = better.
Numbers Game With 5 lower case characters, an online attack would get your password right in an average of 1 hour, 21 minutes. However, by introducing say a capital letter, a number, and a special character, that time rises to around 1.5 months.
With 7 lower case characters, a brute force attack would consume ~3.2 months, but if you introduce those other random characters, it rockets up to an average of 11 centuries! Taking it even further, at 8 characters the online crack time goes to 1,000 centuries which is effectively long enough to be considered near impossible under current computing capabilities.
That said, if the hacker is able to do an offline, or massive cracking array scenario, the password can again be deduced in a matter of hours. As such, even though the typical minimum / safe password length is 8 characters, what you use as your password matters even more.
Simplicity Opens the Door Every attempt to get your password will begin with guessing. According to a released “hack file” of 5 million passwords, we know what the most common passwords are, so hackers will start there.
As we bring more and more smart devices into our homes, we potentially open ourselves up to a variety of new risks with devices opening back doors into networks or falling prey to botnets.
German antivirus company Avira is launching a new approach to home security which needs no new infrastructure on the domestic network and no configuration done by the user.
SafeThings sits within the home router and works with cloud-based machine learning. Avira licenses the product to router manufacturers and internet service providers, enabling them to protect networks from misuse and to deliver value-added IoT security services directly to end users.
"At Avira, we have been at the forefront of Artificial Intelligence innovation for a decade, being the first vendor within the security industry to identify how to apply AI to our field and to do it," says Travis Witteveen, CEO of Avira. "We have a wealth of experience in protecting both the privacy of end-users and the security of their traditional devices. Today we stand alone in the cyber security industry with the introduction of Avira SafeThings, an innovative router app and behavioral threat intelligence platform that secures all IoT devices in the home. We've designed SafeThings to effectively solve the IoT vulnerabilities without being too invasive, expensive, or complicated for the end user -- and we've done this in a way that provides additional benefits for the internet service providers and router manufacturers."
SafeThings is made up of a number of modules, Protection Cloud builds category and individual device profiles to create device management and rule definitions and automatically protect the device functionality. By analyzing metadata on gateway traffic, no invasive deep packet inspections are needed.
The Sentinel module is a software agent positioned at the gateway to each smart home, embedded in the firmware on the router, Sentinel fingerprints IoT devices and collects packet header metadata for AI analysis. After communicating with Protection Cloud, Sentinel enforces protection and communication rules.
A web-based user interface shows users in real time what each IoT device in their network is doing and enables them to see and modify firewall policies and device rules. There's also a Data Forefront API service that lets service providers and OEMs access and control SafeThings functionality, for example to drill down into specific details and control rules and actions to be taken in case of a compromised device.
It also allows for custom plugins to let SafeThings clients offer their end users additional security apps via a branded secure app store. These integrated services such as VPN or parental controls would operate at router level with management in the cloud.
"We see SafeThings as a 'B2B2C' product, providing consumers with the security and privacy protection they need while delivering it to them via the internet service providers and router manufacturers. As an embedded software solution, SafeThings is imminently flexible according to each client’s technical and marketing needs,” adds Witteveen.
Researchers have discovered that digital code signing certificates are being sold for more than is required to buy a gun in the web's underground markets.
On Tuesday, security researchers from Venafi said there is a flourishing trade in the sale of digital code signing certificates, which can be used to verify software applications.
These certificates are a fundamental way of ensuring software and apps are legitimate, but if compromised, can be used to install malware on networks and devices while avoiding detection.
A single certificate can fetch up to $1,200. Credit cards can go for as little as a few dollars, while US passports can be picked up for roughly $850 -- and a handgun may only set buyers back $600.
"We've known for a number of years that cybercriminals actively seek code signing certificates to distribute malware through computers," said Peter Warren, chairman of the CSRI. "The proof that there is now a significant criminal market for certificates throws our whole authentication system for the internet into doubt and points to an urgent need for the deployment of technology systems to counter the misuse of digital certificates."
he six-month investigation was carried out by the CSRI in partnership with the Cyber Security Centre at the University of Hertfordshire.
"With stolen code signing certificates, it's nearly impossible for organizations to detect malicious software," said Kevin Bocek, chief security strategist at Venfai. "Any cybercriminal can use them to make malware, ransomware, and even kinetic attacks trusted and effective."
"In addition, code signing certificates can be sold many times over before their value begins to diminish, making them huge money makers for hackers and dark web merchants," the executive added. "All of this is fuelling the demand for stolen code signing certificates."
In October, Flashpoint researchers uncovered another worrying trend in online underground marketplaces, of which remote access to PCs. Access to Windows XP desktop PCs is being sold for as little as $3, and attackers can tap into compromised Windows 10 systems for only $9.
Given this access, cyberattackers can spy on consumers and businesses without the need to compromise systems through phishing or malware campaigns.
This morning Bezos and team announced Amazon Key, an in-home camera and smart lock. As expected, the news was met with hugs and disgust. “Hell no. There’s no way I’m letting a stranger into my home.” – Person on the Internet.
Regardless of your position, Amazon’s chess move to get a key to your door is brilliant. This gives the “A” in FANG (Facebook, Amazon, Netflix, and Google) a gateway to in-home services, including:
Grocery delivery Dog walking House cleaning Elderly care Home repairs
Amazon’s playing a very long game. The seeds planted today will enable a new wave of exciting (and society altering) automation as robots clean your home, walk your dog, and deliver eggs.
If you’re looking for a security camera but not ready to give strangers a key to your home, check out this $19.99 smart camera. It’s #3 on Product Hunt today.
You would be forgiven for thinking that wireless mesh networking is just another marketing bullet point for new Wi-Fi routers, a phrase coined to drive up prices without delivering benefits. But we can avoid being cynical for once: mesh technologydoes deliver a significant benefit over the regular old Wi-Fi routers we’ve bought in years past and that remain on the market.
Mesh networks are resilient, self-configuring, and efficient. You don’t need to mess with them after often minimal work required to set them up, and they provide arguably the best and highest throughput you can achieve in your home. These advantages have led to several startups and existing companies introducing mesh systems contending for the home and small business Wi-Fi networking dollar.
Mesh networks solve a particular problem: covering a relatively large area, more than about 1,000 square feet on a single floor, or a multi-floor dwelling or office, especially where there’s no ethernet already present to allow easier wired connections of non-mesh Wi-Fi routers and wireless access points. All the current mesh ecosystems also offer simplicity. You might pull out great tufts of hair working with the web-based administration control panels on even the most popular conventional Wi-Fi routers.
Luma Home, Inc.
A conventional wireless router delivers limited coverage if you can't hardwire additional Wi-Fi access points to it.
The concept of mesh networks first appeared in the 1980s in military experiments, and it became commercially available in the 1990s. But hardware, radio, and spectrum requirements; cost; and availability made it truly practical for consumer-scale gear only in the last couple of years. That’s why we’re seeing so many systems hit the market all at once.
Mesh networking treats each base station as a node that exchanges information continuously about network conditions with all adjacent nodes across the entire set. This allows nodes that aren’t sending and receiving data to each other to still know all about each other. This knowledge might reside in a cloud-based backend or in firmware on each router.
Mesh networks don’t retransmit all the data passing through among a set of base stations. The systems on the market dynamically adjust radio attributes and channels to create the least possible interference and the greatest possible coverage area, which results in a high level of throughput—far higher than anything that’s possible with WDS (Wireless Distribution System) and similar broadcast-style systems.
Luma Home, Inc.
Mesh network routers, such as Luma, connect multiple wireless nodes to blanket your home with Wi-Fi.
The principle behind all wireless networking is “how do I transmit this number of bits in the smallest number of microseconds and get off and let someone else use it?” explains Matthew Gast, former chair of the IEEE 802.11 committee that sets specs used by Wi-Fi. Mesh networks manage this better than WDS.
In some cases, Gast notes, a mesh node might send a packet of data to just one other node; in others, a weak signal and other factors might route the packet through other nodes to reach the destination base station to which the destination wireless device is connected.
Some mesh routers have single-band-at-a-time radios, and are meant more as smart extensions. But it’s more common that the nodes have radios for two or even three frequency bands, like the latest Eero. This lets mesh dedicate bands to intra-node data, switching channels to reduce congestion, or mixing client data and “backhaul” data on the same channel.
Netgear
High-end conventional routers offer high-performance features not currently found in mesh Wi-Fi systems. The Netgear Nighthawk X10, for instance, has a 10Gbps ethernet port for network storage.
The ultimate goal is to make sure as much throughput remains reserved for actual productive traffic, such as streaming 4K video from one end of a house to the other or making fast connections to internet multiplayer games, relative to that consumed by moving data around the network.
If a node is powered down or crashes—your cat gets a little too interested and knocks one off a shelf—the network doesn’t go down, too. As long as every node can continue to communicate with at least one other node, you still have a fully functioning network.
You typically rely on a smartphone to help set up the first node and network parameters and add additional nodes to an existing network. Because you don’t have to plan where mesh nodes go, mesh systems automatically reconfigure as you add nodes. Most of the systems available offer help in figuring out where to locate units, some of them using indicators on the nodes themselves while others require smartphone software. “There is an immense amount of engineering effort to make something very simple,” says Gast.
Is it smart to invest in mesh?
The price you pay for this better efficiency? Proprietary protocols. While Wi-Fi remains standardized, and extremely and reliably compatible among equipment from different makers, no two mesh systems on the market work with each other. An early mesh protocol, 802.11h, wound up being not just insufficient to the task, but entirely ignored by companies as they pursued better results and competitive advantages. It’s also unlikely that any time in the next few years a compatible industry standard would arise and get uptake, given no such standard is currently working its way through the pipeline.
Michael Brown
Every major router manufacturer, and a number of startups, have jumped on the mesh network bandwagon.
You have three reasons to want compatibility: a way to acquire cheaper equipment if one manufacturer charges more than you want to pay for additional nodes; as an escape route if a company or product line goes under; or as a way to upgrade a network gradually to incorporate new standards. That’s not possible with mesh.
Being locked in to one manufacturer increases risk, because several companies making mesh gear—Eero, Luma, and Securifi—are startups, and not all startups succeed. More established firms, such as D-Link, Linksys, Netgear, and TP-Link, make mesh networking hardware, but if those product lines don’t produce profit, they won’t continue to make units forever.
All of this could affect you in six ways:
Inability to get technical support when something goes wrong.
Lack of warranty coverage for failed hardware. (Companies in bankruptcy, however, might be required to fund some amount of repair and replacement.)
No way to purchase new units to expand your network.
Smartphone apps, which some systems rely upon exclusively, stop receiving updates and stop working.
Cloud-based elements for configuration and management get turned off, rendering the nodes inoperable or locked into the last configuration. A Wi-Fi camera memory card maker at one point intended to disable configuration updates to its cloud-linked product. This can be an issue even with active products: Google accidentally reset its non-mesh OnHub and mesh Google Wifi routers in February because of a cloud-based account login issue.
Critical security flaws are discovered, but can’t be updated. While it seems unlikely that a mesh device that didn’t sell enough to be a success would be exploited, most standalone hardware of any kind—from DVRs to internet-connected cameras—use a variation of Linux and one of a handful of widely used chipsets.
Balanced against this is the lifecycle of Wi-Fi routers. In my nearly 20 years of buying and testing wireless networking hardware, I’ve found that it either fails in three to five years or needs an upgrade in that time to take advantage of newer networking features. Consider the price tag on a mesh system your rental price across that period, and think about whether the value of $70 to $150 a year, depending on the system and number of nodes, delivers enough utility. If you’re lucky, it will last much longer.
Michael Brown
The Netgear Orbi RBK50 is our current top pick in Wi-Fi routers (even if it isn't a true mesh router).
Weaving a finer mesh
The future of mesh isn’t more and more and more nodes. Rather, it’s nodes that have more and different kinds of radios and other features built in. Already, some mesh nodes have Bluetooth for configuration and personal area networking control and up to three Wi-Fi radios supporting the full 802.11a/b/g/n/ac range.
Future nodes could add more radios or slice-and-dice an 802.11ac Wave 2 feature that allows beamforming and device targeting to further separate intra-node traffic from device-to-device traffic. And they could throw in 802.11ad/Wi-Gig for superfast ultra-high-definition streaming or ZigBee and other smart-home standards.
But the baseline set already today is for fast, efficient, and simple. Newer nodes can put more icing on the cake.
To comment on this article and other TechHive content, visit our Facebookpage or our Twitter feed.
Luma Home, Inc.
Luma Home, Inc.
