YouTube influencers Josh Pieters and Archie Manners, popularly known as Josh & Archie, have shed light on the secret communication methods used by the activist group, Just Stop Oil. The duo discovered that the protesters employ an encrypted messaging service, specifically the Signal app, to ensure the confidentiality of their activities and prevent police intervention.

In a recent interview on Good Morning Britain, Pieters and Manners disclosed that they had a mole within the ranks of Just Stop Oil for approximately a week. This insider informed them about the groups use of Signal app, highlighting its effectiveness in preserving the element of surprise and secrecy.

The YouTubers decided to prank Just Stop Oil as part of their series of stunts, setting off alarms and attaching them to balloons during a meeting in London held on July 23rd. Reflecting on the prank, Manners characterized it as essentially very childish.

The revelation of Just Stop Oils use of encrypted messaging services raises questions about the groups intentions and methods. While activism can take various forms, the reliance on such technologies suggests a concerted effort to remain covert and avoid potential legal consequences.

By highlighting this aspect of the protesters behavior, Pieters and Manners provide insight into the steps taken by activist groups to evade detection and maintain privacy. As the prevalence of encrypted messaging services continues to grow, it becomes increasingly crucial for authorities to adapt their strategies to effectively monitor and respond to unlawful activities conducted through these platforms.

While the pranks orchestrated by Josh & Archie may be considered light-hearted entertainment, their discovery lends a deeper understanding of the tactics employed by Just Stop Oil and sheds light on the pervasive influence of encrypted messaging services in contemporary activism.

See the original post here:
YouTubers Reveal Encryption Tactics of Just Stop Oil Protesters - EnergyPortal.eu

Its been more than five years since I first asked whether ATSC 3.0, aka NextGen TV, would spell doom for over-the-air DVR. The answers are coming in now, and theyre not encouraging.

The latest television broadcasting standard, also called NextGen TV, is supposed to introduce new features such as 4K HDR video and dialog enhancement. But it also gives broadcasters the ultimate say over where and how you watch free local channels. With new encryption measures that many stations are now adopting, ATSC 3.0 can limit recording capabilities, block out-of-home viewing, and restrict the use of certain video player apps. Even basic playback requires seemingly endless certification hoops, potentially driving up the cost of ATSC 3.0 converter boxes.

Broadcasters say theyre trying to protect against media piracy, and that they might address some of these complaints in the future, but encryption still leaves them, rather than audiences, in control of whats possible. Over-the-air DVR has been one of the last great ways to watch TV on your own terms. NextGen TV could stop that from happening.

This story is part of TechHives in-depth coverage of the best over-the-air DVRs.

Although broadcasters downplayed ATSC 3.0s DRM (digital rights management) features in the standards early years, theyre starting to lock things down with encryption as more stations come online, and the issue has gained wider attention thanks to recent coverage by Tyler Antenna Man Kleinle and Lon Seidman.

Users can see which ATSC 3.0 stations are encrypted on the RabbitEars website, which has been tracking the NextGen TV rollout. Out of more than 400 NextGen TV channels in the United States, roughly 16 percent of them are now encrypted.

None of this should be noticeable if you have a smart TV with an ATSC 3.0 tuner, as it should already have the necessary keys to decrypt these locked-down channels. It also doesnt affect channels that use the current ATSC 1.0 standard, which broadcasters are required to support for at least another four years.

But if you were an early adopter of external ATSC 3.0 tuners such as the HDHomeRun Flex 4K or Bitrouter ZapperBox, you wont be able to watch any encrypted channels. These devices launched without DRM support before broadcasters started encrypting their channels, and while they plan to support DRM in the near future, the complications of doing so has led to numerous delays.

DRM isnt just a temporary inconvenience. It will also introduce new restrictions on your ability to access free, over-the-air channels through external tuners. Here are some examples that Ive confirmed with device makers:

DVR solutions such as Channels will need their own DRM certification, and its unclear if that will happen.

FancyBits

Pearl TV spokesman Dave Arland said future updates to ATSC 3.0s copy-protection system, called A3SA, could address these issues. (Pearl TV is the broadcaster consortium thats backing ATSC 3.0, and is a part-owner of A3SA.)

Remote viewing, for instance, is on the A3SA development roadmap, Arland said, and Pearl TV has proof-of-concept proposals that would allow external tuners to work without even occasional internet connectivity. While there are considerable technical challenges to letting users transfer recordings across devices, Arland said Pearl TV believes these are surmountable as well.

Arland did not deny that A3SA allows broadcasters to set expiration dates on recordings or block them outright, but said hes not aware of any broadcasters that are doing so. He also noted that A3SAs current rules prohibit restrictions on recordings for ATSC 1.0 channels that are simulcast in ATSC 3.0.

Content protection is designed to prevent piracy, not stop home recording, Arland said.

Well-intentioned or not, A3SA in its current form still serves to lock down over-the-air DVR and make it more like what you get with live TV streaming services. Instead of being free to watch local broadcasts on any device, using whichever app you prefer, youll be at the whims of the broadcasters and TV networks.

If youre not an over-the-air DVR user and only use an antenna for live TV, you might shrug off issues Ive raised above. But heres another reason to be concerned: DRM could make external tuner boxes more expensive.

Most existing TVs can only pick up broadcasts in the older ATSC 1.0 standard, and even some new TVs continue to ship without ATSC 3.0 tuners onboard. For viewers who dont want to replace their entire televisions, ATSC 3.0 will require an external converter box.

The HDHomeRun Flex 4K is one of only two ATSC 3.0 tuner boxes on the market right now.

SiliconDust

But one device maker, who asked not to be named in this story, said that ATSC 3.0 DRM has both up-front and ongoing costs, both for licensing and certification testing. For the small vendors that are currently building ATSC 3.0 tuner boxes, these costs can be significant, and like other licensing fees they inevitably get passed onto users. (Pearl TVs Dave Arland said A3SA provides significant per-model discounts to smaller manufacturers.)

DRM can also complicate the process of bringing new products to market in the first place. Nuvyyo, makers of the Tablo over-the-air DVR line, specifically pointed to DRM as the reason for delaying its first ATSC 3.0 tuner. The status of that product remains uncertain, as Nuvyyo has since been acquired by The E.W. Scripps Company, a major broadcaster.

So far, weve yet to see an external tuner ship for less than $200, and even ADTHs upcoming tuner box has a price of around $100. While DRM might not be solely to blame, it is a factor in limiting options and keeping prices high.

While the rise of on-demand streaming has made DVR less relevant, in a way its more important than ever. As streaming services raise prices for ad-free viewing and trim their catalogs, being able to record TV programming on a device of your choosing is one of the last ways for viewers to exercise some control.

ATSC 3.0 DRM threatens to take that away. Combined with the dismantling of CableCARD, it ensures that users will be funneled into apps in which the content providers call the shotseven for free, over-the-air TV.

What can you do about it? Lon Seidman has encouraged users to complain to the FCC, which is seeking public feedback about the future of over-the-air TV. Broadcasters want the ability to turn off ATSC 1.0 as soon as its feasible, but they need the FCCs permission to do it, and a loud and sustained consumer outcry could force some concessions on the encryption front.

Alternatively, you can just ride out ATSC 1.0 until the bitter end. As of now, thatll be at least until July 2027, as the FCC is requiring broadcasters to support the old standard until then. If you buy an over-the-air DVR todayeven one without ATSC 3.0 supportyoull get at least four years of life out of it, and in a sense youll be voting against the new standard.

Either way, enjoy the unfettered state of over-the-air DVR while it lasts, because its future looks very cloudy.

Sign up for Jareds Cord Cutter Weekly newsletter to get columns like this in your inbox every Friday.

Continued here:
NextGen TV's DRM puts future of the over-the-air DVR in doubt - TechHive

Conduct threat modeling exercises to help identify potential security threats to AI systems and assess their impact. Some common threats to model include data breaches, unauthorized access to systems and data, adversarial attacks and AI model bias. When you model threats and impacts, you can identify a structured approach with proactive measures to mitigate risks

Consider the following activities as part of your threat modeling:

1.Criticality

Document the business functions and objectives of each AI-driven solution, and how they relate to the criticality of your organizations operations. This helps you establish a baseline for criticality, making controls commensurate with the criticality of the AI application and determining the thoroughness of the threat model.

2.Connections

Identify the AI platforms, solutions, components, technologies and hardware, including the data inputs, processing algorithms, and output results. This will assist in identifying the logic, critical processing paths and core execution flow of the AI that will feed into the threat model and help edify the organization on the AI application.

3.Boundaries

Define system boundaries by creating a high-level architecture diagram, including components like data storage, processing, user access and communication channels. This will help you understand the AI applications data and activity footprint, threat actors and dependencies.

4.Data characteristics

Define the flows, classifications and sensitivity for the data that the AI technology will use and output. This will help determine the controls and restrictions that will apply to data flows, as you might need to pseudonymize, anonymize or prohibit certain types of data.

5.Threats

Identify potential threats for your business and technologies, like data breaches, adversarial attacks and model manipulation.

6.Impacts

Assess the potential impacts of identified threats, and assign a risk level based on vulnerability, exploitability and potential damage.

7.Mitigation

Develop and implement mitigation strategies and countermeasures to combat the identified threats, including technical measures like encryption, access controls or robustness testing, along with non-technical measures like employee training, policies or third-party audits.

8.Adaptation

Review and update the threat model on an ongoing basis as new threats emerge or as the system evolves.

Read more from the original source:
Form a strategy to mitigate cybersecurity risks in AI - Grant Thornton

The story so far: The Computer Emergency Response Team of India issued an alert for ransomware dubbed Akira. The ransomware, found to target both Windows and Linux devices, steals and encrypts data, forcing victims to pay double ransom for decryption and recovery. The group behind the ransomware has already targeted multiple victims, mainly those located in the U.S., and has an active Akira ransomware leak site with information, including their most recent data leaks.

The Akira ransomware is designed to encrypt data, create a ransomware note and delete Windows Shadow Volume copies on affected devices. The ransomware gets its name due to its ability to modify filenames of all encrypted files by appending them with the .akira extension. The ransomware is designed to close processes or shut down Windows services that may keep it from encrypting files on the affected system. It uses VPN services, especially when users have not enabled two-factor authentication, to trick users into downloading malicious files.

Once the ransomware infects a device and steals/encrypts sensitive data, the group behind the attack extorts the victims into paying a ransom, threatening to release the data on their dark web blog if their demands are not met.

As mentioned above, the ransomware deletes the Windows Shadow Volume copies on the affected device. These files are instrumental in ensuring that organisations can back up data used in their applications for day-to-day functioning. VSS services facilitate communication between different components without the need to take them offline, thereby ensuring data is backed up while it is also available for other functions. Once the ransomware deletes the VSS files it proceeds to encrypt files with the pre-defined the .akira extension.

The ransomware also terminates active Windows services using the Windows Restart Manager API, preventing any interference with the encryption process. It is designed to not encrypt Program Data, Recycle Bin, Boot, System Volume information, and other folders instrumental in system stability. It also avoids modifying Windows system files with extensions like .syn. .msl and .exe.

Once sensitive data is stolen and encrypted, the ransomware leaves behind a note named akira_readme.txt which includes information about the attack and the link to Akiras leak and negotiation site.

Each victim is given a unique negotiation password to be entered into the threat actors Tor site. Unlike other ransomware operations, this negotiation site just includes a chat system that the victim can use to communicate with the ransomware gang, a report from The Bleeping Computer shares.

(For top technology news of the day, subscribeto our tech newsletter Todays Cache)

Ransomware is typically spread through spear phishing emails that contain malicious attachments in the form of archived content (zip/rar) files. Other methods used to infect devices include drive-by-download, a cyber-attack that unintentionally downloads malicious code onto a device, and specially crafted web links in emails, clicking on which downloads malicious code. The ransomware reportedly also spreads through insecure Remote Desktop connections.

Maintain up-to-date offline backups

Ensure OS and networks are updated regularly, with virtual patching for legacy systems

Establish Domain-based Message Authentication, Reporting, and Conformance, Domain Keys Identified Mail (DKIM), and Sender policy for organizational email validation

Strong password policies

Strong Multi-Factor Authentication

Strict external device usage policy

Data-at-rest and data-in-transit encryption

Blocking attachment file types with .exe,.pif, .url, or other such extensions

Avoid clicking on suspicious links to avoid downloads of malicious code

Conduct regular security audits of systems, especially database servers

In use since March 2023, the ransomware has steadily built up a list of victims, targetting corporate networks in various domains including education, finance, real estate, manufacturing, and consulting. Once it breaches a corporate network, the ransomware spreads laterally to other devices after gaining Windows domain admin credentials. The threat actors also steal sensitive corporate data for leverage in their extortion attempts.

CERT-In has advised users to follow basic internet hygiene and protection protocols to ensure their security against ransomware. These include maintaining up to date offline backups of critical data, to prevent data loss in the event of an attack.

Additionally, users are advised to ensure all operating systems and networks are updated regularly, with virtual patching for legacy systems and networks. Companies must also establish Domain-based Message Authentication, Reporting, and Conformance, Domain Keys Identified Mail (DKIM), and Sender policy for organizational email validation, which prevents spam by detecting email spoofing. Strong password policies and multi-factor authentication (MFA) must be enforced. There should also be a strict external device usage policy in place and data-at-rest and data-in-transit encryption along with blocking attachment file types like .exe, .pif, or .url to avoid downloading malicious code. The agency has also advised periodic security audits of critical networks/systems, especially database servers.

View original post here:
What is the Akira ransomware, and why has the government issued a warning against it? - The Hindu

Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

A group of cybersecurity researchers has uncovered what they believe is an intentional backdoor in encrypted radios used by police, military, and critical infrastructure entities around the world. The backdoor may have existed for decades, potentially exposing a wealth of sensitive information transmitted across them, according to the researchers.

While the researchers frame their discovery as a backdoor, the organization responsible for maintaining the standard pushes back against that specific term, and says the standard was designed for export controls which determine the strength of encryption. The end result, however, are radios with traffic that can be decrypted using consumer hardware like an ordinary laptop in under a minute.

There's no other way in which this can function than that this is an intentional backdoor, Jos Wetzels, one of the researchers from cybersecurity firm Midnight Blue, told Motherboard in a phone call.

Do you know about other vulnerabilities in communications networks? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or emailjoseph.cox@vice.com.

The research is the first public and in-depth analysis of the TErrestrial Trunked RAdio (TETRA) standard in the more than 20 years the standard has existed. Not all users of TETRA-powered radios use the specific encryption algorithim called TEA1 which is impacted by the backdoor. TEA1 is part of the TETRA standard approved for export to other countries. But the researchers also found other, multiple vulnerabilities across TETRA that could allow historical decryption of communications and deanonymization. TETRA-radio users in general include national police forces and emergency services in Europe; military organizations in Africa; and train operators in North America and critical infrastructure providers elsewhere.

Midnight Blue will be presenting their findings at the upcoming Black Hat cybersecurity conference in August. The details of the talk have been closely under wraps, with the Black Hat website simply describing the briefing as a Redacted Telecom Talk. That reason for secrecy was in large part due to the unusually long disclosure process. Wetzels told Motherboard the team has been disclosing these vulnerabilities to impacted parties so they can be fixed for more than a year and a half. That included an initial meeting with Dutch police in January 2022, a meeting with the intelligence community later that month, and then the main bulk of providing information and mitigations being distributed to stakeholders. NLnet Foundation, an organization which funds those with ideas to fix the internet, financed the research.

The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Since then, TETRA has been used in products, including radios, sold by Motorola, Airbus, and more. Crucially, TETRA is not open-source. Instead, it relies on what the researchers describe in their presentation slides as secret, proprietary cryptography, meaning it is typically difficult for outside experts to verify how secure the standard really is.

The researchers said they worked around this limitation by purchasing a TETRA-powered radio from eBay. In order to then access the cryptographic component of the radio itself, Wetzels said the team found a vulnerability in an interface of the radio. From there, they achieved code execution on the main application processor; they then jumped to the signals processor, which Wetzels described as something equivalent to a wifi or 3G chip, which handles the radios signals. On that chip, a secure enclave held the cryptographic ciphers themselves. The team finally found vulnerabilities in that which allowed them to extract the cryptography and perform their analysis. The team then reverse-engineered how TETRA implemented its cryptography, which led to the series of vulnerabilities that they have called TETRA:BURST. It took less time than we initially expected, Wetzels said.

Most interestingly is the researchers findings of what they describe as the backdoor in TEA1. Ordinarily, radios using TEA1 used a key of 80-bits. But Wetzels said the team found a secret reduction step which dramatically lowers the amount of entropy the initial key offered. An attacker who followed this step would then be able to decrypt intercepted traffic with consumer-level hardware and a cheap software defined radio dongle.

This is a trivial type of attack that fully breaks the algorithm. That means an attacker can passively decrypt everything in almost real time. And it's undetectable, if you do it passively, because you don't need to do any weird interference stuff, Wetzels said.

Not all current TETRA-radio customers will use TEA1, and some may have since moved onto TETRAs other encryption algorithms. But given TETRAs long life span, its existence still means there may have been room for exploitation if another party was aware of this issue.

There's bigger fish who likely found this much earlier, Wetzels said, referring to other third parties who may have discovered the issue.

The researchers say they identified multiple entities that they believe may have used TEA1 products at some point. They include U.S. Africom, a part of the U.S. military which focuses on the continent. Multiple military agencies did not respond to Motherboards request for comment.

In the interest of public safety, we do not share detailed information on our cybersecurity infrastructure, Lenis Valens, a spokesperson for PANYNJ which manages JFK airport, said in a statement when asked if the organization used TETRA radios when contacted by Motherboard. The agency has robust protocols in place and employs the latest technologies and best practices. Safety for our passengers and customers always comes first, the statement said.

Most law enforcement agencies contacted by Motherboard did not respond to a request for comment. Swedish authorities declined to comment.

Several radio manufacturers directed Motherboard to ETSI for comment. Claire Boyer, press and media officer for ETSI, told Motherboard in an email that As the authority on the ETSI TETRA technology standard, we welcome research efforts that help us further develop and strengthen the security of the standard so that it remains safe and resilient for decades to come. We will respond to the report when it has been published.

Specifically on the researchers claims of a backdoor in TEA1, Boyer added At this time, we would like to point out that the research findings do not relate to any backdoors. The TETRA security standards have been specified together with national security agencies and are designed for and subject to export control regulations which determine the strength of the encryption.

The researchers stressed that the key reduction step they discovered is not advertised publicly.

Intentional weakening without informing the public seems like the definition of a backdoor, Wouter Bokslag from Midnight Blue told Motherboard in an email.

In ETSIs statement to Motherboard, Boyer said there have not been any known exploitations on operational networks of the vulnerabilities the researchers disclosed.

Bokslag from Midnight Blue said in response that There is no reason ETSI would be aware of exploitations in the wild, unless customers reach out to ETSI after detecting anomalies in their network traffic. Then with the TEA1 issues specifically, since it can be passively intercepted and decrypted, there is no detectable interference, and ETSI not knowing any concrete cases seems like a bit of a meaningless statement with this regard.

In response to some of the researchers findings, radio manufacturers have developed firmware updates for their products. For TEA1, however, the researchers recommend users migrate to another TEA cipher or apply additional end-to-end encryption to their communications. Wetzels said that such an add-on does exist, but that hasnt been vetted by outside experts at this time.

Bart Jacobs, a professor of security, privacy and identity, who did not work on the research itself but says he was briefed on it, said he hopes this really is the end of closed, proprietary crypto, not based on open, publicly scrutinised standards.

Subscribe to our cybersecurity podcast,CYBER. Subscribe toour Twitch channel.

Read more from the original source:
Researchers Find 'Backdoor' in Encrypted Police and Military Radios - VICE