Security Octopus

The technology of Internet-traffic protection from the unauthorized access is developing alongside with protected traffic interception technology. Non-encrypted user traffic interception and access to it is no longer a difficult task, even for an ordinary user. Practically everybody knows the word “sniffer”. In theory, it’s impossible to intercept secure  SSL/TSL connections. But is it really so?

Actually, not really. Yes, encrypted traffic is practically impossible to decrypt, but in reality, if one has a strong desire and the necessity, even the encrypted traffic can be decrypted once a key is found. But in order to do that, great resources are required. In this case the decryption makes sense only on the level of government or military interests.

When working over secure connections (the easiest example –  HTTPS) all the traffic between the interacting points in the Net is encrypted on the sender’s side and decrypted on the recipient’s side. Traffic is encrypted in both directions. In order to encrypt and decrypt the traffic you need a pair of keys (asymmetric cryptography). The public key is used for encryption and is sent to the data receiver, while the private key is used for decryption and is kept by the sender. In this way, hosts with SSL-connection between them exchange public keys. Further on, to improve the performance a single key is created, which is sent already encrypted and is used for both encryption and decryption on both ends (symmetric encryption).

And how do they do it? Usually, through the same channel which will be used to transfer the secure traffic after that. At the same time the key exchange takes place in an open mode. In case of HTTPS, the server key is connected with the certificate, which the user is suggested to look through and accept. And exactly this certificate can be intercepted by any intermediate server through which the certificate is transferred in an open mode (proxy, router).

In order to “read” all of the user’s traffic, the intermediate server substitutes this certificate by its own. That is it connects to the client with its certificate and at the same time connects to the remote server. The client receives a wrong certificate from the server-intruder and the browser informs the user about danger (such certificates never have signatures). The user has a choice: to accept the certificate and work with the site or reject it, but then it’s impossible to work with that site at all. Sometimes users ignore the content of certificates and automatically accept any data transferred by them.

If the user accepts the false certificate, the traffic will be transferred according to the following scheme:

Client<=SSL-connection=>server-wiretap<=SSL-connection=>destination server

That means that the intermediate server will receive all of your “secure” traffic in an open mode. It should be also noted that the certificate transmission takes place in the beginning of each HTTPS session.

In case of secured SSH, during the first connection with the server, the server key remains on the client side and the client’s key on the server. These keys are transmitted between the given client and the server only once, at the time of the first connection. If someone tries to intercept SSH-traffic in this case, both the client and the server will reject the connection because of keys mismatch. Since keys can be transferred between the client and the server through alternative ways (through a secure channel or on an external device), this connection method is relatively secure. It can only be blocked, making the user work openly.

It should be noted that the so-called “Enterprise information security solutions” which intercept the complete traffic transferred through an office proxy-server and “read” it have been sold for a long time already. The programs search for specific phrases or information of certain type in the data flow from browsers, e-mail programs, ftp-clients, office workers’ messengers. Besides, such programs can identify and process correctly different types of communication with servers. Particularly, they check secure SSL-traffic by certificates substitution. I had an almost first-hand experience in one of such systems development.

Anyhow, there are ways to escape such a total tracing. It is possible to direct any necessary traffic via installed SSH connection, which will be transferred from the SSH-server in an open mode to the destination recipient. This method is called SSH-tunneling. This way the traffic transfer through the unprotected channel can be secured, but this approach makes sense only when there is a trustworthy server with the set up and tunneling customized daemon. And it’s rather simple to organize it. The SSH-client connects to the server, configures to wiretap any specific port on the local computer. Such a client will provide SOCKS5-proxy service, i.e. its usage can be set up in any browser, e-mail program, IMs, etc. Packets get to the server through the SSH-tunnel and then transferred to the target server from it. The scheme is as follows:

[localhost: client<=>proxy] <== SSH-connection==> server<=> target server

Another way to protect traffic is a VPN-channel. It is easier and more convenient to use than SSH-tunneling, but it’s more complicated in the initial installation and setup. The main convenience is that you don’t have to write a proxy in programs. Some of the software doesn’t support proxy at all, consequently only VPN will be suitable.

However, if you are not familiar with the technical back-end of the methods above,  there is another easy-to-use and effective solution to encrypt your traffic. The Hide IP software SmartHide is able to solve all the issues connected with the traffic encryption with a single click of a mouse button and thus help to stay protected from any unauthorized access. Consider purchasing our Hide IP software to secure your information and behavior in the Net for the future.

Copyright (c) SmartHide Security Octopus

The political crisis in Iran, which is gaining momentum these days, showed to the whole world not only the tough aggression of the repressive regime towards its “lieges”, but also how it is possible to control the network activity of the whole country with the help of modern technologies. I won’t go into political details – it’s neither the right place, nor the right time, and frankly speaking, I am not the right person to evaluate all the facts and arguments adequately and sort the wheat from the chaff. Even more in a situation when I am absolutely not familiar with the language of the country. We are speculating on a topic which is much closer to us – the censure, blocking people Worldwide who still do not use SmartHide Service from accessing their favorite web-resources.

On June 22nd the highly regarded “The Wall Street Journal” (further on WSJ) published a very interesting article where journalists report about an ultra-modern Internet traffic deep packet inspection system used in Iran. It was not hard for Iranians as well as for foreign observers to understand what “the government reads” – since the time when thousands of people went out on the streets to protest against the rigged elections, the Internet speed dropped significantly in the country. Bloggers as well as journalists who encounter difficulties with information transfer through the Net witness this. It is obvious that nobody would ever drop the transfer capacity without any reason. That was when the WSJ decided to dig deeper into the core of the story and found an interesting contract, signed in 2008 by the government of Iran, owning the monopoly on all kinds of the communication within the country (mobile connection, Internet, television, radio) and a joint venture of Finnish Nokia Corp. and German Siemens AG – Nokia Siemens Networks, for ultra-modern mobile phone networking equipment delivery, and as it became known later, for the complete national traffic analysis. We’ll start from where it should be started – from preceding events.

In the second half of 2008 Nokia Siemens Networks provided Iran with the special equipment according to the agreement “On Lawful Interception of Information and Internet content filtration”. One can’t say that there is something fantastic in that – the government of every country tries to protect its users from child pornography, web terrorism and other knowingly unlawful actions of criminals. As the official representative of the company Ben Roome reports:

“If you sell networks, you also, intrinsically, sell the capability to intercept any communication that runs over them”.

The “Monitoring Center”, installed by the joint venture of two communication giants, was a part of a big contract that included mobile phone and networking technologies. It should be noted that during the last 10 years the number of optical fiber miles in Iran grew by 50 times – the necessity of a “control” tool in such a situation is out of question. Nothing to be surprised with: a Muslim country, living according to its rules, it’s not anything like France or Sweden.

The Iranian government had experimented with the equipment for brief periods in recent months, but the filter or interception had not been used extensively. Nobody worried, life was going on. It continued until one fatal day: June 13, 2009 when all the network and mobile traffic practically stopped in the country.

Today Iranian network engineers say that

“nobody ever thought that the government is capable of such a level of control. We knew that there was some equipment, but now we know that it is a very powerful, modern and complex technical facility allowing almost complete tracking of the network”.

The method used in the Iranian data center is called deep packet inspection. All the flow of online data whether an online-data packet or a telephone call, SMS, a digital image – anything is deconstructed, examined for keywords, after that it’s reconstructed and reaches the recipient. It’s done within millseconds. But unlike China, where the same scheme is used by the provider and it is decentralized, in Iran the whole thing is done at a single location. The digital life of the whole country is filtered in a single room, to put it simple, and that’s why the Internet speed slowed down to less than a tenth of normal speed.

The reasons for such a behavior from the part of Iranian conservative government are again obvious. While they can still easily keep people misinformed/blocked from the information by means of national TV channels and radio stations, nobody will tell the “false truth” on the Internet. Today we are all familiar with the Twitter functionality in exposing any details – that’s what happened in the “Tibetan history”, with Moldova and now the same thing is taking place in Iran.

The government is trying to intrude deep into the network situation and it is doing that just perfectly. Bradley Anstis, the director of technical strategy with the American provider Orange says:

“This looks like a step beyond what any other country governed by the “regime” is doing, including China”.

China, however, has 300 million of Internet users, unlike Iran with “only” 23 millions, but actually, it doesn’t change the essence of the problem.

People are beginning to protest – consumers are writing angry letters to Siemens and Nokia saying that they destroyed their mobile phones and will recommend to do the same to people they know. It’ll last until the company “can make the right ethical choices”. However, Mr. Roome comments: ”Every company does have a choice whether to do business in a certain country.” Even if Nokia Siemens Networks could suggest that their equipment will be used for censure, being European democrats they could scarcely foreknow that mass espionage against country’s own citizens is possible. I believe that those people who made such a decision thought very deeply to find ways to justify themselves saying that communication interception and monitoring technology inevitably goes together with the equipment. It’s a normal situation in many quite civilized countries and in some of them it is even a standard requirement to the equipment, for example in Great Britain. During its existence (in March the company sold its communication business to a German investment company), Nokia Siemens Networks sold such data centers to the governments of 150 countries. However, official representatives say that neither China, nor Burma, nor any other country with such a tough censure policy are on the list.

However, one shouldn’t think that Iran and China are the only countries which feel easy to involve in such practices. In the already mentioned Great Britain, for example, there is a list of completely blocked sites, and the German government bought such equipment not long ago. In the USA, during the government of George Bush’s administration, such equipment appeared with the National Security Agency within the framework of the “Terrorist Surveillance Program”. However, we do not know if it’s still being used. The Australian government is still experimenting with Web content filtering systems. The Russian Federation… might also have modest desire to follow the example of its colleagues, especially now when the Internet is so widely spread.

Probably the safest way to protect yourself, your personal data and ensure your correspondence security is traffic encryption with services like Arovax SmartHide, that help you to encrypt all your internet traffic and protect your personal data and identity. Nobody will spend money, time and resources to analyze this kind of data. But it’s another story.

The following materials were used in the article: The Wall Street Journal, Wired (1, 2), Gizmodo, Mashable, Textually.

Copyright (c) SmartHide Security Octopus

You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how easy? Take a look.

Today we’re going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on. But first, a word: Knowledge is power, but power doesn’t mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn’t make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise.

Dozens of tutorials on how to crack WEP are already all over the internet using this method. Seriously—Google it. This ain’t what you’d call “news.” But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter. Here’s how it goes.

Security Octopus Note: All SmartHide Service users should not worry about the safety of your WiFi network connection. Using SmartHide makes your access to Internet using WiFi completely secure and your personal data will be safe. This video shows the actual danger of using WiFi without proper protection.

Source: lifehacker.com

Numerous Twitter users are reporting that access to Twitter and Facebook has once again been blocked in mainland China. This latest blockade comes one month after China has blocked access to these two sites, together with other major social networks and search engines.

According to ComputerWorld, Twitter has already been inaccessible in the last couple of days; Web2Asia now reports that since 8pm Chinese time Facebook has also been blocked. This has been confirmed by users on Twitter, some of which link the latest blockade to Uighur protests in Xinjiang, which had left over 150 people killed and over 1,000 wounded.

This latest attempt at censorship comes as no surprise as the Chinese government has decided to tighten its control over the Internet in the last couple of months. Unfortunately, the mechanisms of censorship seem to react faster and work better each time they’re employed.

Source: Mashable.com

Under the court decision, the “Revinform” blog, which criticizes the local administration, will not be accessible in Bashkiriya. Grani.ru reports that the Kirov Court of Ufa found this site extremist.

As the Republic Prosecutor’s First Officer Larisa Kuchina, responsible for the interaction with mass media explained, the articles published on this site contain appeals stimulating the formation of opinions about the necessity of taking actions aimed at forcible change of the constitutional order and Russian Federation integrity violation. Besides that, articles contain statements forming the positive attitude towards terrorist organizations, she added.

“Kirov district Prosecutor’s Office of the city Ufa sent a petition to the court in compliance with the Federal Law “on Counteracting Extremist Activity“. The prosecutor’s petition was satisfied, the news agency was found extremist”

, said Mrs. Kuchina and added that very soon the access to the site will be closed for Bashkiriya residents.

However, as blog users observed, the provider-monopolist “Bashinformsvyaz” blocked the access to the whole Livejournal, instead of one blog, leaving most of Bashkiriya users without opportunities to write anything into the journal or to read friends’ entries. The site is still accessible via “Ufanet” provider, but the company must actually enforce the court decision as well.

Copyright (c) SmartHide Security Octopus

Following last weekend’s deadly riots in its western region of Xinjiang, China’s central government has taken all the usual steps to block citizens from accessing foreign web services: aside from crippling Internet service in general, the authorities have blocked Twitter, removed unapproved references to the violence from search engines and has now apparently moved to bar its citizens from accessing Facebook from most parts of Mainland China just now. Two weeks ago, the government had already blocked just about every Google service, including communication tools like Gmail, Google Apps and Google Talk.

Web2Asia’s George Godula writes:

“As of today 8pm Chinese time Facebook seems not to be accessible from most parts of China Mainland anymore. On the China Telecom connection of our Shanghai office the service vanished at around 7:45pm. Friends in Hong Kong are reporting that they can still access the website.”

A quick test on WebsitePulse confirms the blocking of Twitter and YouTube (which have been restricted for a while) and now Facebook too, at least in some parts of the country.

Source: TechCrunch.com

On the 4th of June 2009 China has blocked most major social networks and search engines during the anniversary of the Tiananmen Massacre. Now, the Chinese authorities want to take it a step further, ordering that all PCs sold in the country, starting July 1, must come with software that blocks certain websites.

According to the Chinese government, who haven’t yet gone public with the announcement, but have warned PC makers about the deadline, this measure’s aim is to protect the Chinese from harmful content, primarily pornography. But since this same government has blocked sites like Twitter, YouTube, MySpace and Bing, it’s quite possible that this software’s primary aim is adding another layer of censorship over the existing Great Firewall.

The Chinese authorities have, however, taken a somewhat lax approach – for now. According to the WSJ, the software, whose Chinese name is “Green Dam-Youth Escort” needn’t be pre-installed on the PCs; it may simply come in the form of a CD, and the users can choose whether they want to install it or not. The software is designed in such a way that it allows transferring of user’s private information, as well as blocking sites other than pornography; according to software’s developer, Jinhui Computer System Engineering Co, it would have no reason to do so. It doesn’t sound very convincing, and given a choice, I’d definitely skip it; it’s unclear, however, whether the authorities plan to somehow pressure users into installing the software.

There’s always hope that the PC makers will try to resist these claims from the Chinese authorities, but it’s hard to imagine them saying no, given the importance of the Chinese market. Furthermore, as we’ve seen in this latest blockade, there’s always a technical workaround for these types of censorship attempts. However, if Chinese censors had control of what happens on user computers locally, as well as being able to block certain online destinations, it would make it much harder for users to circumvent such measures.

Eircom, Ireland’s biggest internet provider, has agreed to block access to any website the music industry says is responsible for illegal music-swapping.

In a letter sent to ISPs across the country last week, the Irish Recorded Music Association (IRMA) disclosed the deal and warned others to follow suit or face legal action.

Bowing to legal pressure from the music labels, Eircom had earlier settled to implement a French-style “three strikes” rule to disconnect customers repeatedly accused of illegally accessing copyrighted material. But a recent letter revealed IRMA’s more worrisome scheme against internet piracy.

IRMA – which represents the “big four” labels; EMI, Sony-BMG, Universal and Warner – will compile a list of websites the group claims harbors illegal music sharing. The labels will then file a court order to attempt to force other Irish internet providers to block access to the site. Eircom’s compliance will be automatic.

Under the settlement deal, Eircom has agreed not to oppose any court applications to blacklist websites. Speaking to The Sunday Business Post, an Eircom spokesperson confirmed IRMAs claims of the provider’s automatic compliance.

The music labels said the notorious den of P2P, The Pirate Bay, will be the first website targeted under its new censorship regime before it moves unto “similar websites.”

IRMA’s letter demanded other Irish ISPs join blocking websites on the music group’s list or they’ll face a lawsuit the same as Eircom. ®

Source: TheRegister.co.uk

Cyber criminals are taking advantage of our increasing reliance on computers and the Internet, CNN reports on June 22. Panda Security, a Spain-based antivirus maker, has been monitoring an onslaught of links with malicious software, or “malware,” on Twitter that tag hot topics such as the Air France crash, the NBA finals and the new iPhone.

“Cyber criminals are creating thousands of messages on Twitter embedded with words involving trending topics and malicious URLs,” states Sean-Paul Correll, a threat researcher for Panda Labs.

The growing sophistication of malware attacks mirrors the growing threat — and cash — generated by online crime. Already, cyber crime is estimated to cost companies and consumers more than $100 billion worldwide. Some officials claim it has now eclipsed illegal drugs as a criminal moneymaker.

Cyber crime is one of the few industries benefiting from the financial crisis. Last year, antivirus maker McAfee saw a 500 percent increase in malware types — more than the company had seen in the previous five years combined. In the United States, the FBI reported a 33 percent increase in Internet crime last year.

Companies lost an average of $4.6 million in intellectual property last year, according to a survey of 1000 firms worldwide by Purdue University and McAfee.

Here is what can happen with you if you do not use SmartHide Service: