Category Archives for Hackers

The Only Fact You Need To Know If You Use The Internet

February 12, 2016

Regarding safety and sovereignty, there are many things to be aware of when using the internet. Right now, I'm going to point out the one right at the top.

And it's second to none. By far.

Not to say there aren't many important facts and matters that can't be over-emphasized, but this one you can't avoid, at any cost.

Additionally, this fact will only be strengthened going into the future. Just as it has solidified itself into significance as the internet as gained wider use, it will continue into the future.

That fact put simply is this:

"There is no way to guarantee your security online."

I don't care what anybody says. Everything has a crack. It might take the most sophisticated hacker(s) to spot and penetrate it, but if they want to, they will.

Admittedly, that is just the simple fact.

So what is Clear Your Tracks about then? If there is no guaranteed way to ensure my safety and ability to "clear my tracks," then what's the point?

First, there are the basic points of interest. Like staying up to date on the ways to keep your girlfriend from knowing, that even though you're 38 years old, you still like to watch Justin Bieber videos on YouTube. And how to keep a curious kid from checking your Google history to see what presents you've been researching for their birthday or Christmas.

You can guarantee those abilities.

What can't be guaranteed, is that your Gmail account won't be sold out by Google to a third party. Or that Facebook won't be monitoring your activity for your opinion on "hot topics," then hand it over to the government. Email, social media, and anything you think is, or should be private, is at best, not really. Not from everyone.

Your online activity is as secure as the platform provider allows it to be. Remember when you checked the box, agreeing to the Terms of Use, the conditions, and the Privacy Policy? That's where you, for instance, signed away your Freedom of Speech. Just as an NFL player does when he signs up with the NFL. He's no longer a citizen with rights. He's a player with separate rules and privileges. What he can say to a referee on the street with no issue, he could be fined $25,000 for if he says it to him on the field, in uniform. He signed away that right to free speech when he signed his contract with the NFL and agreed not to call the referee such a name. And when you break that rule, you are subject to another whole judge and jury...

And when you leave the "field," and those rules, you have the "streets" which are synonymous with the wild, wild west. You have HACKERS. And you're an international citizen. Somebody can mug you on the streets of the internet, but you can't yell out for a cop at that point. They just don't deal with most of the offenses online. Your bank account gets hacked? It's not like your wallet being stolen.

THAT is where Clear Your Tracks comes in. It's about each of us being informed of the facts of the digital world we are living in, and being well disposed to protect and ensure our safety and the safety of those we care about most. 

We can definitely do a LOT when it comes to that.

Baby, Can You See Me Now?

December 17, 2015

I’ve been researching baby monitors for a little while now.

Like most (if not all) products to do with babies, there is no shortage of them; mostly to do with different levels of technology. The ones that really surprised me are the ones put out by companies like Foscam and Nest. These are video baby monitors with WiFi built into them, so if the parent is away from the house where baby is, you can still see him through the WiFi connection hooked up to the video monitor. I first read about the issues resulting from these devices being hacked in Mark Goodman's book Future Crimes: Everything Is Connected, Everyone Is Vulnerable And What We Can Do About It.

I totally see how this is cool, and how so many people are intoxicated by the new technology. I read some reviews on this product from people who were just learning that this even existed and the response echoes repeatedly, oh that’s so cool. It’s always the “cool factor.” I don’t see it having much to do with safety factors. After all, baby monitors, as electronic devices, haven’t existed for most of civilization, and when they did come around, they just monitored audio. Not anymore. Now, for parents that are sensitive to the latest and "greatest" gadgets, we have video monitoring devices that can be employed wherever in the world you may be, as long as you have an internet connection.

I can’t help but wonder, if I can tap into this video feed wherever I am, what’s to stop someone else from doing the same thing? The answer? Not much. It’s just a wifi connection. While it certainly has it's security measures in place, if someone wants to hack it, they’ll find a way.

I think we’ll be opting for the old-fashioned radio frequency-based monitor. How easy are those to hack? Some crazy bastard would have to be standing out in the front yard. They don’t have the wifi capabilities that the new fancy ones do. They work right within the confines of your house/property.

While baby monitors are not completely up the road of “clearing your tracks,” it’s important to note that this is Big Brother’s twin sibling. There is tremendous vulnerability on the internet, but similar vulnerabilities are also creeping into our regular day-to-day household items at an alarming rate. The internet and the "internet of things," (IoT). They're really two heads of the same monster.

Be aware of the big picture. The old world is gone. If we want to be safe, we need to take calculated, conscious steps to ensure our security. It’s simple and relatively easy.

We just have to do it.

Do You Want To Know A Secret?

December 12, 2015

Do you want to know a secret?

Creativity is the name of this game. And it doesn’t just flow. Not just under any circumstances.

When The Beatles were preparing to record their next album in late 1968, the idea came up to film the whole process of album creation. That would include them working out all the songs from their roughest form, and the audience would follow them through their evolution. They actually set up in Twickenham Film Studios. This was not a place where music was recorded. It's a place where movies are made. A very different atmosphere than what they were used to at Abbey Road.

What started out as a unique and fun idea quickly turned sour. First of all, they were used to starting work in the studio later in the day and going to the wee hours of the morning, sometimes pushing dawn. Now, they working on working class schedules. As John said, “you can’t make music at 8 o’clock in the morning!”

Second, with the tensions growing among the band members at this time, being filmed was the last thing they needed as they worked on these new songs. During the early stages of one song, Paul and George are shown having a bit of a fight about something. The camera’s off to the side, and we are watching the four of them sit there. George is trying to get Paul off his back about playing something incorrectly, and when the camera cuts to Ringo, we get a clear sense that this is uncomfortable even for him. A few days later, John and George get into a massive fight, presumably off camera. George quit the band that day after lunch only to return a few days later after they agreed to move the band back to a more comfortable setting and just finish the album. The concept of filming the creation of this album had taken over, and it had become too much.

Obviously, they eventually finished the album, which was Let It Be. And while all the other Beatles films have long been officially released on DVD and Blu-Ray, Let It Be remains an unreleased soar spot. Rather than document the creation of their album it recorded the dissolution of the band.

I’ve always liked that album and the bootlegged DVD copy of the film I found years ago, but it can’t help but be noticed that the filming of their private, creative process had an impact on their behavior. And this was just filming they were in total control of. Closed-circuit. Nothing externally imposed. They could have burned all the reels if they wanted to and ever showed anyone. But even still, knowing they were being filmed in privacy, it had an impact on their behavior- in a less creative, free way.

It’s one thing to make a recording of audio or film that is intentional. When the recording is being made for the sake of recording. Like when The Beatles sang into a microphone. This kind of intentional and conscious recording is one thing. It’s another whole thing when the recording instrument is off to the side, as a witness.

I argue that such acts of creativity are more fruitfully done in “secret.” And how far does that line reach? Writing a book? Singing to my infant son? A family making dinner? We have technology all around us now that lets anyone tap into our business as long as they have the simple know-how and a lack of morality. Microphones on cell phones can be remotely turned on by hackers or NSA, even with the phone off. There’s also no shortage of the woes surrounding desktop computer cameras and microphones. Same thing with devices like the Amazon Echo.

The Beatles had no “secrets” when they were making Let It Be. But, with the cameras off, they were probably better off keeping it a “secret”.

Banking On Safety On Cyber Monday

November 29, 2015

Please.


This is a major pet peeve of mine.

Do not use your debit card online. Hackers can perhaps surprisingly easily break the encryption around your debit card that puts your whole bank account at risk. If your debit card gets hacked, you may have a challenging time getting that money back.


Instead, use your credit card. They're traditionally much safer and more secure. And disputing a charge on your credit card is much more user-friendly than trying to replace funds from a debit card hack.


Additionally, you can also use a Simon card or a credit card gift card. These are even more secure since they operate as simple gift cards that can be used practically anywhere. One thing to keep in mind when using them is that you sometimes need to register them when making purchases online, which means attaching your name and address to it. It isn’t required with every use, but if you go to purchase a $75 item with $100 on the card, even though you have sufficient funds on the card, the merchant may have stricter security measures and not allow the transaction to complete if the card has not been registered. Then you have to wait for the card company to refund the money back to the card, which of course takes them about a week to do.

If you’re looking for near-total anonymity and security when shopping online, one clever way to go is to use a Coinstar. These machines are all over the place in the US, UK, Ireland, Canada, Puerto Rico and Mexico. You can cash coins in and get cash for a small fee, OR you can cash coins and/or cash in and get a gift card for many businesses, including Amazon.com for NO FEE. You don’t have to give up your email or street address. Simply give the machine your money and it’ll give you a coupon code to many businesses.

Now, if you are concerned about spying and monitoring of purchases by the NSA, then beware that these approaches don't address that concern. Even if you use a browser like Tor to shop on say, Amazon, they can still get access to that if they want. It's best to assume that the NSA can monitor anything you do that leaves a paper trail. Even if you use a service like Coinstar, they can access the purchase on Amazon, and trace the gift card number back to the specific Coinstar you used in which grocery store. And that whole transaction obviously has the shipping address you used to have that purchase sent to you. If you're concerned about this, then see the next post about keeping yourself completely anonymous from even the NSA.

It's actually quite easy.

Until then, I hope you're having a fantastic holiday season so far! Be safe and have fun.

Caught In The Deep Web On Silk Road

Wow. I just watched Alex Winter’s new documentary, “The Deep Web.”

If you haven’t seen this, I highly recommend you check it out now. Since you’re obviously online, it affects you and numerous rights that you hold assumed. The implications in this film are far-reaching and long-lasting.

It’s the story of the deep web and Ross Ulbricht, or as he was allegedly known on the Silk Road website, “Dread Pirate Roberts.” (As you may have imagined, the name was taken from the mythical Princess Bride character.) I don’t want to spoil the film for you but here are some key points to get you to check it out:

- Ross Ulbricht is an intelligent guy. He held multiple degrees, including a Master’s from Penn State, where he attended on a full scholarship.

- He supposedly started Silk Road to create a community for, probably among other reasons, to minimize the violence that is encountered through drug transactions and the overall “War on Drugs.”

- Through the forums on the Silk Road website, he wove a very clever political message and created a very large community with it.

- The story of Wired magazine senior editor, Andy Greenberg’s early correspondence with Ross on the Silk Road forums.

- Ross’s parents are interviewed extensively. Their presence sheds an interesting light on the dynamic of his family life. His sister is also featured.

The film shows some of the messages written by Dread Pirate Roberts, (aka, “DPR”) on the Silk Road website. “He” makes clear that Silk Road is not about drugs, or guns, or “sticking it to the man,” but more about freedom and citizen rights.

That does, however, contradict the fact that much of Silk Road ended up being about drugs, guns, and illegal activity. At least to those outside Silk Road. Additionally, while Ross was studying at Penn State, he became interested in Libertarianism.

This philosophical connection to DPR seems to thicken the plot a bit.

One of the initial challenges I think he will face regarding the public's opinion is the identity of the DPR character. Ross denies being DPR, but he was arrested in a public library in San Francisco with his laptop opened and confiscated while he was logged into the Silk Road website. With that evidence the government says Ross is DPR.

Ross admits starting Silk Road but denying being DPR with the government having his computer with all kinds of damning evidence (including a journal he supposedly kept of the whole Silk Road creation) may present a challenge in the court of public opinion.

According to the film, the judge that Ross faced in court significantly restricted the Defense’s ability to counter much of the evidence and witnesses presented by the prosecution. One of the most troubling aspects of the whole case is that the FBI never had to disclose how they -seemingly- hacked the Silk Road servers. They had no warrant so it seems as though they may have violated Ross’s 4th Amendment by what may be an illegal search and seizure. The Defense was not allowed to bring this matter up during the trial.

There is still tremendous mystery and fear surrounding the Deep Web. Ross Ulbricht's story is one of getting caught in the deep web while on the Silk Road paved with Bitcoins and the FBI hot on his trail for years. There is so, so much to this story and film. And it affects all of us. I highly encourage you to check it out.

Here it is on their website. Also on Hulu.

It’s a great film. And an important one. Whether you agree with the outcome of the trial or not, this is a Landmark Case and affects everyone in the world of Internet Privacy and our rights surrounding it.

Secure: The Phones They Don’t Want You To Have

October 26, 2015

Edward Snowden, Steve Jobs, and Google walk into a bar- sketch some ideas on a napkin…

Well, I suppose, that’s not exactly how it happened. But, that it did happen is twice as intriguing and thrice as cool.​

In a nutshell: A smartphone running on an Android-based software system. They call it SilentOS.

I’m talking about the latest edition of the Blackphone (Blackphone 2) released by Silent Circle. It looks like a smartphone, but it’s intelligence reaches far beyond that of the smartphones we are used to. It reaches into a different direction. “Privacy Without Compromise,” they say.

Is it perfect? No. Is it better than the common iPhones and Androids? When it comes to matters of privacy and the sovereign rights of the user, we have to say yes. Anything is hackable, but what we have here is going in the direction of our best interest.

The point is that they are addressing a growing concern that companies such as Verizon, AT&T and other telecommunications companies are selling their customers out to a number of sources, including governmental agencies. And the common smartphones most of us use are much more vulnerable to hackers and trackers.

Silent Circle, the makers of the Blackphone 2, are not alone either. Boeing actually makes a similar type of “secure” smartphone. They call it the Boeing Black. Lastly, FreedomPop has what they call, the “Privacy Phone,” sometimes referred to as the Snowden Phone (a reference to NSA whistleblower Edward Snowden). It's advertised to “protect your privacy from hackers, government agencies and spyware.” I’d like to try all three of these out. Give ‘em a test drive and see how they fare.

Have you used any one of these three smartphones? Let us know in the comments. I’ll keep you posted as I explore them too. There are a lot of excellent reviews of the Privacy Phone on the FreedomPop website. I’ve also heard good things about the Blackphone 2. A lot of improvements have been made since the original Blackphone came out in early 2014.

Again, check these out if you have yet to hear about them:

Blackphone 2, from Silent Circle.

The Privacy Phone, aka, the Snowden Phone, from FreedomPop.

And the Boeing Black.

The phones they don't want you to have. To be mobile and keep thy tracks cleared.​

Not Too Big To Rig

October 17, 2015

“There’s nothing I can do about it.”

That’s what she told me. The lady at the bank, when I confirmed with her that my account was hacked. A few months later it happened again.

“That’s it,” I thought. “I’m done.”

So we’re talking chump change. A few cents here and there under a transaction referred to in my bank statement as “Foreign ATM / Exchange Fee.” $.54 here, $.68 there. One time it was $8.32. And it all adds up. How much money could you gather if you accumulated all the pocket change, coins in your couch or under your car seat for a good period of time?

It’ll add up, that’s for sure.

That’s the idea. Small amounts don’t set off alarms in the banking security system. And although the federal law states that the bank is liable in the event of a security breach, the stolen amounts are adding up. In what direction is this system going? Who are the people that hack into someone else’s bank account?

In a way, they’re winning. The banks aren’t making an issue of the matter either. And this whole scheme is rarely, if ever, reported in major news outlets. So hackers gonna hack! And the banks are going to turn a blind eye as long as their customers don’t make a big enough noise about the lack of security. After all, it’s just chump change, right?!

But it does all add up. So that’s when I said enough’s enough. I don’t want to be on the hacked end of this scheme anymore. I dug into the whole world of internet/computer security. I’m enjoying the experience too. Computers and the internet totally influence our daily life. It’s about time we all start becoming accustomed to how they work, specifically regarding our safety and protecting our interests, financial, health, etc.

That is how humans seem to act across the board though. We just are not that concerned about safety or security until we actually see that it needs to be addressed. We needed many head injuries to happen before we decided to make helmets for bicycle riders. So many people born in the 1940s and 50s have joked about riding in the back window when they were kids and roll all over the back seat when dad would make a turn or come to a stop. Now, kids are strapped into specially made car seats until practically old enough to drive.

A new technology comes on the scene, and we have our fun. Then we adapt and see where we need to protect ourselves. That’s where we’re at now. The internet, as most of us know it, is still a teenager. And for the younger generation, it’s older than them. And we have the damn internet driving the car while we’re all rolling around in the back seat having fun.

We want to have fun. We just want to have a few safeguards in place to make sure we can stay having fun for a long time. It’s considered common sense now to where bicycle helmets. Kids are in car seats in every state across the country. Similar types of precautions and safety measures that we write about on ClearYourTracks.com will also one day become commonplace.

They need to. We now know that the banks are not too big to rig. And we know the government has rigged itself. It’s now just a matter of consumer advocacy.

Clear your tracks. Or else.

You Can’t Touch This. No, Actually You Can.

October 5, 2015

I’ll just tell you how it happened. A recent conversation.

          Friend: Do you use TouchID on your phone?

          Me: Looks at him like he has 47 heads. “Nah, man.”

          Friend: Why not?

          Me: Because it’s my fingerprint.

          Friend: I don’t get it. You have a passcode on your phone. Isn’t your fingerprint more secure and private than a passcode? How can you hack a fingerprint? You can’t!

          Me: You haven’t been to IsTouchIDHackedYet.com, have you?

          Friend: (laughs) No, never heard of it.

          Me: It’s no longer active. See, a few years ago when Apple came with their chest sticking out, talking about how great and secure their new TouchID technology is, as life would have it, someone had to prove them wrong. IsTouchIDHackedYet.com was set up by the Chaos Computer Club in Germany. They kinda had a party. They put $20,000 up and challenged someone to hack it. That is, a bunch of these hackers all chipped in and challenged one another to find a way to hack it. You know, for fun. And for $20,000. Here’s the kicker. Not only did someone do it- they did it within 24 hours. You can imagine all the time and the many millions of dollars that went into developing this technology, and here it only takes someone a day to break it, hack it.

          Friend: Wow, that’s crazy, I’d never heard about that. But the fingerprint thing is just so cool, that it's just there on our phone!

          Me: Well yeah, that’s why you never heard about it. We become intoxicated by the fancy technology. We lull ourselves into a trance. Subconsciously, we recall all the high-tech spy-CIA-FBI-KGB thriller movies we saw where the person presses their finger to a piece of glass on the wall and the door slides open, ever so smoothly. And is it secure? Well yeah! In the movies, they have to cut off the guys finger (or hand) if they need his fingerprint! But not anymore. They don’t need the fingerprint. Just a little MacGyver-styled hacking. You're done within the day. None too many is the wiser.

Until now, my friends.

The moral of the story is have fun, but be aware.

Beware.

Beware the latest and greatest thing coming down the pike, lest you get hacked, cracked and tracked.

Life Is Short, Hack An Affair

August 24, 2015

Life is short, hack an affair?

The recent Ashley Madison hack highlights the concern that even sites whose actual gimmick demands high security are not even safe from hackers. There could be a lot of reasons why someone (or a group) would want to invade a site specifically like Ashley Madison. I don’t want to get caught up in the moral debate whether or not the customers of that site deserved it or not. I’ll just say I was not a member.

The point is that a site that depends on complete privacy for everything it’s members do, say and write has been hacked to the furthest degree. Not just credit cards. As seen by former reality TV star Josh Duggar’s hacked profile, intimacies like the details of the kind of sexual encounter he was seeking were also stolen and then released to the public.

It would be like someone breaking into one’s home and stealing a bunch of valuable stuff. Jewelry, collector coins, antiques, etc. But while they are there, they also grab a diary. There’s always valuable stuff in a diary! They bring it home and looking through the diary they read that this person has been hiding something from their spouse. Like, say, an extramarital affair. Now, this can be used as leverage in at least a couple ways. One, the burglar could mail the diary to the spouse who has been cheated on and tell them to look at the bookmarked page to find out for themselves. Second, a little note could be mailed to the cheating spouse telling them their little secret is known and the burglar is now using it as leverage to violate this family further.

hacker as burglar

We see someone breaking into our home as wrong every single time. If they were to discover and disclose an affair one is having with their spouse, we would empathize with that cheated spouse but we would still keep most of the focus on the burglar. This is one of the tricky things about the modern burglary, called hacking. It’s done by an anonymous person, sitting in their house. Total anonymity. There’s no dusting for fingerprints. Today’s hackers have an easier time concealing their identity than yesterday’s house burglar. The policing of this stuff has just not been perfected yet to any significant degree. So we have to police ourselves.

See that hacking is wrong. It’s immoral and illegal. Furthermore see that when you get hacked it’s not a simple process of prosecution. We don't just call 911, have the local police officer come to our house and arrest the bad guy and take him to jail. You have to be your own cop. A preventative cop. All over the world there are computers (including smartphones) and they each represent a respective direction from which a burglar could come. You need a policy in place on how to protect yourself from that potential threat.

More on that in the next chapter.

This Is No Peep Show

When I was a young child, I wondered how street lights worked. I imagined a little man inside the traffic light flipping switches from green to yellow to red as he monitored the intersection and counted the seconds in between each cycle. I couldn’t see him, but he could see me. There’s nothing like the imagination of children!

But what if I told you about a structure that does operate like that? A panopticon. A panopticon is a building with a type of large tower in the center. At the top of the tower is a room in which an authority figure would presumably be watching over everyone. It would always still be a challenge to convince everyone they are constantly under surveillance. Why that’s ok, and why it’s effective is because the lens through which this authority monitors the citizens (ahem, excuse me, I mean the inmates) is opaque. It’s a type of one-way mirror. The “warden” can see out, but the inmates can’t see in. That refers to what is called the Hawthorne effect. The Hawthorne effect is the concept that our behavior will change if we even think we are being watched. That is an ideal setup in places like prisons where one wants to control the behavior of inmates.

We accept this type of monitoring in a prison, but this is now being brought to another whole level. A camera can work as a one-way mirror. A camera like on your computer and cell phone. Take the case of Miss Teen USA, Cassidy Wolf, who was horrifically violated when she opened her email one day and found naked pictures of herself. These photographs had been taken with the camera on the computer in her bedroom while she was getting dressed!

That is the outermost layer of skin on a monstrous genetically-modified onion that would make even Monsanto execs scream “Organic!” So what can you do? What do you do when there is a camera on your computer that is vulnerable to the kind of monsters which attacked Cassidy Wolf? There’s a camera on the cell phone you carry everywhere you go. These cameras (and computers, in general, as we’ll explore) serve as a virtual panopticon. Anyone with the sick desire to hack into them can do so whenever they want. So what do you do?

We’ll be exploring this matter deeply, but for now you may just want to put some masking tape over that camera when you’re not using it. I call this “closing the eye.” The word “panopticon” refers to the ancient Greek word “Panoptes,” which means “all-seeing.” That is what our technologies are sometimes serving as- all seeing eyes.

As law-abiding, stand-up citizens we don’t need to be monitored like inmates in a prison. We are not to be tracked by others in the public or private sectors.

Put a little piece of tape on that camera at the top of your screen. Think of it as an eyelid.