• Categories

  • Pages

  • Digg”
  • Statcounter

  • Shinystat

  • Expertcounter

    Free Counter, Blog Counter

Iran Has Built a Censorship Monster, With Help From Western Tech

22 06 2009 – When it comes to online censorship and monitoring online activities, the first country that usually comes to mind is China and its Great Firewall.

This, however, may soon change, as it seems that Iran has built one of the most advanced systems for monitoring all online traffic, with the help of technology built by Nokia and Siemens.

The Great Firewall of Iran, as it will undoubtedly be dubbed, involves deep packet inspection, a technique that examines both the header and the data part of internet data packets and can be used for eavesdropping, censorship and data mining.

According to the Wall Street Journal, Iran’s online monitoring and censorship system digs through data at one big choke point, which is made easy by the fact that the government owns a telecom which holds a monopoly over the country’s online communication. This is different from China’s Great Firewall, which is far more decentralized, but it makes it even more advanced than the Chinese version, since it’s easier to monitor traffic at one point than having to synchronize such efforts at many locations. This is enhanced by the fact that China has 300 million Internet users, compared to Iran’s 23 million Internet users.

The equipment that enables such measures has been provided to Iran, in part, by a joint venture between Nokia and Siemens, and according to the WSJ, the spokesman for the venture, Ben Roome, has confirmed this. However, the company has since sold the business of “and interception of all types of voice and data communication on all networks” – as described in the company brochure – to a Munich-based investment firm Perusa Partners Fund 1 LP.

The morality of creating “intelligence solutions” such as these and selling them to oppressive regimes is subject to debate. However, what the end user needs to be concerned with is stopping and preventing such measures. One approach, is encryption. The idea is for a critical mass of users – perhaps 30% of all Internet users – to start encrypting their Internet traffic, which would make it too expensive and too complex for any organization, even a government of a wealthy country, to monitor it.

Several initiatives that help end users easily encrypt traffic have emerged in recent years; hopefully, some of them will soon enter the mainstream and make any censorship and online monitoring effort futile.

Source: mashable.com

Nokia: We don’t know why criminals want our old phones

21 04 2009 – The Nokia 1100 can allegedly be hacked to facilitate illegal online banking transfers.The mystery why cybercriminals want a discontinued Nokia phone isn’t getting any clearer.

Hackers have been offering up to $32,413 in underground forums for Nokia 1100 phones made in the company’s former factory in Bochum, Germany. The phone can allegedly be hacked so as to facilitate illegal online banking transfers, according to the Dutch company Ultrascan Advanced Global Investigations.

Nokia said on Tuesday it is not aware that resale prices for a phone that retailed for less than $17 when it debuted in 2003 have risen so high. Further, Nokia maintains the phone’s software isn’t flawed.

“We have not identified any phone software problem that would allow alleged use cases,” the company said in an e-mailed statement.

The 1100 can apparently be reprogrammed to use someone else’s phone number, which would also let the device receive text messages. That capability opens up an opportunity for online banking fraud.

In countries such as Germany, banks send an mTAN (mobile Transaction Authentication Number) to a person’s mobile phone that must be entered into a Web-based form in order to, for example, transfer money into another account. A TAN can only be used once, a security feature known as a one-time passcode.

Criminals have proven adept at obtaining people’s usernames and log-ins for online bank accounts, either through tricking people into visiting look-alike bank Web sites, through clever e-mail messages or simply hacking PCs.

European banks typically issue customers a list of TANs, but phishers tricked people into revealing those. Deutsche Postbank used to accept any TAN from the list to complete a transaction. Then the bank moved to requesting specific TANs from the list. After continuing fraud, it decided in 2005 to expanded the use of mTANs.

“The mTAN is valid only for the requested transfer and only for a short period,” according to the bank’s Web site. “It thus has no value for a fraudster.”

That is, unless the hacker could also receive the mTAN, which Nokia 1100 hack allegedly allows.

Nokia said it doesn’t know of an 1100 software problem that would allow call spoofing. The company said that a phone’s SIM (Subscriber Identity Module) card — which holds the device’s phone number — has security mechanisms that are separate from the phone itself.

Nokia said it is aware of commercial services that claim to provide caller identification or phone-number spoofing services, but in those cases the service provider acts as a proxy between the caller and the recipient, Nokia said.

But it is possible to have multiple phones running on a service provider’s network that use the same phone number, said Sean Sullivan, a security adviser at F-Secure Corp., a security vendor in Helsinki, Finland. Usually, the last phone that used the network will be the one that receives inbound messages, he said.

“So if this particular Nokia 1100 can be modified to spoof the victim’s phone number, it should be possible to become the primary handset — at least long enough to receive the TAN,” Sullivan said.

Technical details on how the 1100 is being modified are still unknown, said Frank Engelsman of Ultrascan. However, a woman in Finland contacted his company on Monday after seeing a news story and offered to send her Bochum-made Nokia 1100. When it arrives, the phone will be examined and tested to see if the TAN interception can be replicated, Engelsman said.

Meanwhile, a Dutch technology site, portablegear.nl, wrote that it placed a fake advertisement for the particular Nokia 1100 on an online marketplace. People offered as much as $86, offering to immediately come pick up the device.

Nokia produced more than 200 million devices in the 1100 model family. The company said it doesn’t disclosure figures such as how many 1100s were made in Bochum.

Source: ComputerWorld