All posts by Lawrence Christopher Skufca, J.D.

My name is Lawrence Christopher Skufca. I am a civil rights activist and community organizer in the Camden, New Jersey area. I hold a Juris Doctor from Rutgers School of Law; a B.A. in Political Science from Furman University; and an A.A. in the Social Sciences from Tri-County Technical College.
Privacy & Security, Uncategorized

What Are Man-in-the-Middle Attacks and How Can I Protect Myself From Them?

Leave a comment
 

By Vic Hargrave

In my October 23 blog, I mentioned that iOS 4.3.4 was susceptible to a man-in-the-middle attack that was later corrected in iOS 4.3.5. These attacks are frequently mentioned in the security literature, but many of you may still be wondering what they are exactly and how they work. With this article, I’ll explain what man-in-the-middle attacks are and how you can avoid falling prey to them.

How the Attack Works

To see how man-in-the-middle attacks work, consider the illustration below. Network traffic normally travels directly between two computers that communicate with each other over the Internet, in this case the computers belonging to User 1 and User 2.

The man-in-the-middle attack uses a technique called ARP spoofing to trick User 1’s computer into thinking that it is communicating with User 2’s computer and User 2’s computer into thinking that it is communicating with User 1’s computer. This causes network traffic between the two computers to flow through the attacker’s system, which enables the attacker to inspect all the data that is sent between the victims, including user names, passwords, credit card numbers, and any other information of interest.Man-in-the-middle attacks can be particularly effective at cafes and libraries that offer their patrons Wi-Fi access to the Internet. In open networking environments such as these, you are directly exposed to computers over unencrypted networks, where your network traffic can be readily snatched. 

How to Avoid Being Attacked

In practice, ARP spoofing is difficult to prevent with the conventional security tools that come with your PC or Mac. However, you can make it difficult for people to view your network traffic by using encrypted network connections provided by HTTPS or VPN (virtual private network) technology.

HTTPS uses the secure sockets layer (SSL) capability in your browser to mask your web-based network traffic from prying eyes. VPN client software works in a similar fashion – some VPNs also use SSL – but you must connect to a VPN access point like your company network, if it supports VPN. To decrypt HTTPS and VPN, a man-in-the-middle attacker would have to obtain the keys used to encrypt the network traffic which is difficult, but not impossible to do.

When communicating over HTTPS, your web browser uses certificates to verify the identity of the servers you are connecting to.  These certificates are verified by reputable third party authority companies like VeriSign.

If your browser does not recognize the authority of the certificate sent from a particular server, it will display a message indicating that the server’s certificate is not trusted, which means it may be coming from a man-in-the-middle-attacker. In this situation you should not proceed with the HTTPS session, unless you already know that the server can be trusted – like when you or the company you work for set up the server for employees only.

If you want to dive into the technical details and learn more about the tools used to carry out a man-in-middle attack, I recommend watching the YouTube video – Man In The Middle Attack – Ethical Hacking Example created by the InfoSec Institute.

In the meantime, use HTTPS and VPN in public networks and stay away from web servers you don’t trust.

I work for Trend Micro and the opinions expressed here are my own.

For more tips and advice regarding Internet, mobile security and more, just “Like” Trend Micro Fearless Web Facebook page!

Activism, Civil Liberties, First Amendment

Protest Movements as Political Strategy

2 Comments

by Ben West

Recent protests throughout Sudan are the latest in an ongoing trend of protest movements around the world, from Muslim Brotherhood supporters in Egypt to oil workers in Norway and opposition parties in Thailand. Protests have proved an effective strategy against autocratic regimes, political repression and austerity measures. As with insurgency strategy, protests rely on underlying support from the population rather than on superior weapons. Both insurgency and protests are forms of asymmetric opposition in which the insurgents or protesters cannot succeed by using force to overwhelm the state but must find (or create) and exploit specific weaknesses of the state.

However, protest movements are not as aggressive as insurgencies. Violence is integral to insurgent strategy, but protest movements may be simply a negotiation tactic to extract concessions from a state or a corporation. Strikes are one of the most common forms of protest used to leverage labor resources for higher wages or more benefits. Thousands of protests, such as strikes, occur around the world every week. Most are small and insignificant outside the protesters’ community. In order to address the geopolitical importance of protest movements, this analysis will focus on protests intended to create political change.

Sometimes protests can spur insurgencies. In the case of Syria, civilians congregated in the streets and public places to call for political change. As the state’s responses became increasingly violent, elements of the movement formed a militia that began a parallel insurgency. As violence escalated in Syria, insurgent tactics eventually replaced protest tactics.

Not all protests evolve into insurgencies, though. Some are repressed by the regime, while others are able to achieve their objectives through other means. The ultimate challenge of analyzing protest movements is to distinguish between movements that could successfully change the order of a country and movements that fizzle after grabbing a few headlines. Stratfor distinguishes the two by looking at the tactics a given group of protesters uses and the strategic imperatives of the state against which the protesters are demonstrating.

Protest Tactics

Protest movements usually start with far fewer resources and far less organization than the established entity against which they are protesting. They are fighting an asymmetric battle against a state that has far more resources to use against protesters. For example, the April 6 movement that was behind Egypt’s 2011 protests got its name from April 6, 2008, the day Egyptian authorities clamped down on a fledgling political youth movement with a series of arrests. The Egyptian state was able to end the 2008 protest movement relatively quietly; this is how most protest movements end.

Those groups that do survive must have a fluid yet responsive organizational capability, and they must control the perception of what they — and their opponents — stand for.

Organization

Organizing protests becomes increasingly dangerous as the movement becomes more successful. Most authorities will tolerate a certain amount of activism because it is seen as a way to let off steam. They appease the protesters by letting them think that they are making a difference — as long as the protesters do not pose a threat. But as protest movements grow, authorities will act more aggressively to neutralize the organizers. Sincere protest movements may prove successful if they can survive a round of arrests, a baton charge from the police or a counterprotest from government supporters.

Another element to look for in protest organization is the unity of message. Using the same slogans and carrying mass-produced signs, especially if the protesters are in multiple cities, shows a level of unity that indicates a single organizer, whether that be an individual or a committee. The centralization of a protest movement is key because it means better coordination and swifter decision-making in response to obstacles. And later on, if the protest movement is successful, there is an individual or small group of individuals who can exploit the power generated by the protest movement for political gains.

The level of discipline shown by the members is another important indicator of a movement’s organization. It is absolutely critical that a protest movement maintain the moral high ground; otherwise it is too easy for their opponents to smear the protesters as thieves, thugs or hooligans. Once protest movements number in the tens or hundreds of thousands it is impossible for organizers to enforce discipline themselves. However, organizers can recognize the importance of discipline and instill a zero-violence rule across the movement, while relying on grassroots security efforts to enforce it.

Protest movements become successful when large groups of people gather, yet abstain from the obvious power they have to loot, steal or commit other crimes in the chaos of street protests. That abstention shows discipline, and discipline indicates control over what is effectively a civilian army.

Perceptions

In the beginning, protest organizers must overcome the authorities’ attempts to disperse the movement as well as the movement’s initial lack of legitimacy. Protest movements typically start small and represent a fringe opinion. In order to increase the movement’s numbers, organizers have to convince others that their interests are best pursued through protest. One way to do this is to make the smaller demonstrations appear larger in order to convince people that the protests represent the interest of more of a majority.

Protest movements often frame their demonstrations to make them appear larger. If a protest only has a few hundred people, it will look small and insignificant huddled in the middle of a massive central square. It will look much more formidable walking down a narrow, winding street that conceals the length of their procession and amplifies their noise. This doesn’t mean that protest movements demonstrating on narrow, winding streets are necessarily small, but if they are, it is likely someone skillfully picked an appropriate venue for their demonstration. Knowing when and where to demonstrate indicates the sophistication of a protest movement.

Many times, the availability of imagery of a protest indicates how media savvy a protest movement is. A sophisticated movement will alert the media ahead of a demonstration to ensure it is broadcast — more sophisticated movements will make sure to provide symbolic images for the media to disperse. A good example of this is when Iranian students breached the perimeter of the British Embassy in Tehran in November 2011. Dozens of journalists and cameramen (many with pre-positioned tripods) were on hand to record the symbolic moment. In that case, the actual breach did not cause much damage, but the degree to which Iranian authorities flaunted their disregard for embassy security eventually led to the British abandoning the mission. Imagery of protest scenes is crucial to analysis of a protest; if the scenes are set up well, it’s likely someone organized it that way to ensure the message got out.

Perception becomes reality when fear of the regime evaporates. Despotic regimes rule through fear, and when demonstrators lose their fear of the regime and begin to realize that they have power to make changes, the protests often can make some quick progress — as seen with the rapid fall of former Romanian President Nicolae Ceausescu in 1989. However, this loss of fear does not always guarantee success; the government sometimes can drastically increase violence to counter protesters’ lack of fear — as seen in Tiananmen Square in 1989. In the Syrian uprising in 1982, fear of the regime never evaporated, and the movement was quickly and firmly put down in a few weeks. In the Syrian opposition’s current iteration, the fear of the regime has been broken, and the movement has persisted for more than a year.

Pillars of the State

Once the tactics of a protest movement have been assessed as organized and sophisticated, it’s time to assess strategic weaknesses of the state that the movement can attack. Governments rule by controlling key pillars of society, through which they exercise authority over the population. These pillars include security forces (police and military), the judicial system, civil services and unions. If the protest movement is trying to overthrow the government and not just extract concessions, the movement will work to undermine the pillars of the state. Removing the support of one or more of these pillars will erode a government’s power until it can no longer effectively govern, at which point protest movements can begin assuming institutional control.

It’s important then to assess the key pillars of the government that a protest movement is targeting.Stratfor has done this in Syria by identifying the al-Assad clan, Alawite unity, supremacy of the Baath party and control over the military-intelligence apparatus as the key pillars of the Syrian state. The Syrian opposition may employ the most sophisticated tactics possible, but unless those tactics erode one or more of those pillars, the government can continue to exercise power over the state.

Context

Finally, when considering the overall impact of a protest movement, context is crucial. Some states have a higher tolerance for protests than others. Typically, open democratic states tolerate protests more than closed repressive states because security is not as crucial a pillar in open states as it is in closed states. For example, Thailand regularly sees protests with participants numbering in the tens of thousands. Protests have effectively shut down Bangkok and even disrupted the Association of Southeast Asian Nations conference in 2009, but the basic pillars of the state have remained intact.

Meanwhile, the protests that began June 16 in Sudan have numbered only in the hundreds but are grabbing media attention. Due to Sudan’s reputation as being repressive, even such small protests could trigger dramatic responses from the state. Thailand has a number of state institutions — particularly the monarchy — with which it wields authority, whereas the Sudanese regime relies much more on security and energy revenues to assert its authority. Sudan has less tolerance for even mild threats to either pillar. Stratfor is watching Sudan carefully to see if the protest movement there can survive the ongoing security crackdown.

By understanding how a protest movement works and how well it targets and exploits the weaknesses of the state it is demonstrating against, we can assess how successful movements are likely to be.

Activism, Civil Liberties, First Amendment

198 Methods of Nonviolent Action

Leave a comment

Practitioners of nonviolent struggle have an entire arsenal of “nonviolent weapons” at their disposal. Listed below are 198 of them, classified into three broad categories: nonviolent protest and persuasion, noncooperation (social, economic, and political), and nonviolent intervention. A description and historical examples of each can be found in volume two of The Politics of Nonviolent Action by Gene Sharp.

The Methods of Nonviolent Protest and Persuasion

Formal Statements
1. Public Speeches
2. Letters of opposition or support
3. Declarations by organizations and institutions
4. Signed public statements
5. Declarations of indictment and intention
6. Group or mass petitions

Communications with a Wider Audience
7. Slogans, caricatures, and symbols
8. Banners, posters, and displayed communications
9. Leaflets, pamphlets, and books
10. Newspapers and journals
11. Records, radio, and television
12. Skywriting and earthwriting

Group Representations
13. Deputations
14. Mock awards
15. Group lobbying
16. Picketing
17. Mock elections

Symbolic Public Acts
18. Displays of flags and symbolic colors
19. Wearing of symbols
20. Prayer and worship
21. Delivering symbolic objects
22. Protest disrobings
23. Destruction of own property
24. Symbolic lights
25. Displays of portraits
26. Paint as protest
27. New signs and names
28. Symbolic sounds
29. Symbolic reclamations
30. Rude gestures

Pressures on Individuals
31. “Haunting” officials
32. Taunting officials
33. Fraternization
34. Vigils

Drama and Music
35. Humorous skits and pranks
36. Performances of plays and music
37. Singing

Processions
38. Marches
39. Parades
40. Religious processions
41. Pilgrimages
42. Motorcades

Honoring the Dead
43. Political mourning
44. Mock funerals
45. Demonstrative funerals
46. Homage at burial places

Public Assemblies
47. Assemblies of protest or support
48. Protest meetings
49. Camouflaged meetings of protest
50. Teach-ins

Withdrawal and Renunciation
51. Walk-outs
52. Silence
53. Renouncing honors
54. Turning one’s back

The Methods of Social Noncooperation

Ostracism of Persons
55. Social boycott
56. Selective social boycott
57. Lysistratic nonaction
58. Excommunication
59. Interdict

Noncooperation with Social Events, Customs, and Institutions
60. Suspension of social and sports activities
61. Boycott of social affairs
62. Student strike
63. Social disobedience
64. Withdrawal from social institutions

Withdrawal from the Social System
65. Stay-at-home
66. Total personal noncooperation
67. “Flight” of workers
68. Sanctuary
69. Collective disappearance
70. Protest emigration (hijrat)

The Methods of Economic Noncooperation: Economic Boycotts

Actions by Consumers
71. Consumers’ boycott
72. Nonconsumption of boycotted goods
73. Policy of austerity
74. Rent withholding
75. Refusal to rent
76. National consumers’ boycott
77. International consumers’ boycott

Action by Workers and Producers
78. Workmen’s boycott
79. Producers’ boycott

Action by Middlemen
80. Suppliers’ and handlers’ boycott

Action by Owners and Management
81. Traders’ boycott
82. Refusal to let or sell property
83. Lockout
84. Refusal of industrial assistance
85. Merchants’ “general strike”

Action by Holders of Financial Resources
86. Withdrawal of bank deposits
87. Refusal to pay fees, dues, and assessments
88. Refusal to pay debts or interest
89. Severance of funds and credit
90. Revenue refusal
91. Refusal of a government’s money

Action by Governments
92. Domestic embargo
93. Blacklisting of traders
94. International sellers’ embargo
95. International buyers’ embargo
96. International trade embargo

The Methods of Economic Noncooperation: The Strike
Symbolic Strikes
97. Protest strike
98. Quickie walkout (lightning strike)

Agricultural Strikes
99. Peasant strike
100. Farm Workers’ strike

Strikes by Special Groups
101. Refusal of impressed labor
102. Prisoners’ strike
103. Craft strike
104. Professional strike

Ordinary Industrial Strikes
105. Establishment strike
106. Industry strike
107. Sympathetic strike

Restricted Strikes
108. Detailed strike
109. Bumper strike
110. Slowdown strike
111. Working-to-rule strike
112. Reporting “sick” (sick-in)
113. Strike by resignation
114. Limited strike
115. Selective strike

Multi-Industry Strikes
116. Generalized strike
117. General strike

Combination of Strikes and Economic Closures
118. Hartal
119. Economic shutdown

The Methods of Political Noncooperation

Rejection of Authority
120. Withholding or withdrawal of allegiance
121. Refusal of public support
122. Literature and speeches advocating resistance

Citizens’ Noncooperation with Government
123. Boycott of legislative bodies
124. Boycott of elections
125. Boycott of government employment and positions
126. Boycott of government departments, agencies, and other bodies
127. Withdrawal from government educational institutions
128. Boycott of government-supported organizations
129. Refusal of assistance to enforcement agents
130. Removal of own signs and placemarks
131. Refusal to accept appointed officials
132. Refusal to dissolve existing institutions

Citizens’ Alternatives to Obedience
133. Reluctant and slow compliance
134. Nonobedience in absence of direct supervision
135. Popular nonobedience
136. Disguised disobedience
137. Refusal of an assemblage or meeting to disperse
138. Sitdown
139. Noncooperation with conscription and deportation
140. Hiding, escape, and false identities
141. Civil disobedience of “illegitimate” laws

Action by Government Personnel
142. Selective refusal of assistance by government aides
143. Blocking of lines of command and information
144. Stalling and obstruction
145. General administrative noncooperation
146. Judicial noncooperation
147. Deliberate inefficiency and selective noncooperation by
enforcement agents
148. Mutiny

Domestic Governmental Action
149. Quasi-legal evasions and delays
150. Noncooperation by constituent governmental units

International Governmental Action
151. Changes in diplomatic and other representations
152. Delay and cancellation of diplomatic events
153. Withholding of diplomatic recognition
154. Severance of diplomatic relations
155. Withdrawal from international organizations
156. Refusal of membership in international bodies
157. Expulsion from international organizations

The Methods of Nonviolent Intervention

Psychological Intervention
158. Self-exposure to the elements
159. The fast
a) Fast of moral pressure
b) Hunger strike
c) Satyagrahic fast
160. Reverse trial
161. Nonviolent harassment

Physical Intervention
162. Sit-in
163. Stand-in
164. Ride-in
165. Wade-in
166. Mill-in
167. Pray-in
168. Nonviolent raids
169. Nonviolent air raids
170. Nonviolent invasion
171. Nonviolent interjection
172. Nonviolent obstruction
173. Nonviolent occupation

Social Intervention
174. Establishing new social patterns
175. Overloading of facilities
176. Stall-in
177. Speak-in
178. Guerrilla theater
179. Alternative social institutions
180. Alternative communication system

Economic Intervention
181. Reverse strike
182. Stay-in strike
183. Nonviolent land seizure
184. Defiance of blockades
185. Politically motivated counterfeiting
186. Preclusive purchasing
187. Seizure of assets
188. Dumping
189. Selective patronage
190. Alternative markets
191. Alternative transportation systems
192. Alternative economic institutions

Political Intervention
193. Overloading of administrative systems
194. Disclosing identities of secret agents
195. Seeking imprisonment
196. Civil disobedience of “neutral” laws
197. Work-on without collaboration
198. Dual sovereignty and parallel government

Source: Sharp, Gene. The Politics of Nonviolent Action (3 Vols.), Boston: Porter Sargent, 1973. Provided courtesy of the Albert Einstein Institution.

Civil Liberties, Fifth Amendment, Law, Videos

Fifth Amendment Right Against Self Incrimination

Video Leave a comment

The right against self-incrimination is spelled out in the Fifth Amendment to the U.S. Constitution and also extends to state and local jurisdictions. When someone exercises this right, we often say that they “plead the Fifth.”  Continue reading Fifth Amendment Right Against Self Incrimination

Privacy & Security, Videos

How Smartphones are Covertly Hacked through SMS Messaging

Video Leave a comment

Hacking into mobile phones is a walk in the park, say experts. All it takes is a single SMS sent from the hacker’s phone, to break into a phone and gain total control over it, including listening to recordings of phone conversations, reading text messages and even accessing passwords. Experts say that mobile is the new playground for hackers as these devices are easier to break into than PCs, and consumers pay less attention and are tardy when securing their phone.

Internet and Data Security, Privacy & Security, Videos

Bram Bonné: Your Smartphone is Leaking Your Information

Video Leave a comment

Bram Bonné is a PhD student in computer science at the Expertise Centre for Digital Media at Hasselt University, where he specializes in computer security and privacy. During his PhD, he developed an interest in privacy-sensitive information leaking from smartphones and laptops. Bonné  summarizes the basic Wi-Fi technology hackers exploit for “man-in-the-middle” attacks. He explains how your personal information is available to anyone tracking Wi-Fi traffic and some steps you can take to make these type of attacks more difficult.

Privacy & Security, Public Policy, Videos

Matthew Green: Why the NSA is Breaking Our Encryption

Video Leave a comment

Encryption dates back to the Founding Fathers and the Bill of Rights. Now, the United States National Security Agency is breaking and undermining core encryption technologies that power the Internet, saying it’s being done for our own protection from terrorists. But are we sacrificing our freedoms for fear? Matthew Green discusses the campaign waged by U.S. intelligence and law enforcement agencies to weaken commercial encryption standards to make our communications more accessible.

Matthew Green is an Assistant Research Professor of Computer Science at the Johns Hopkins University. His research focuses on computer security and cryptography, and particularly the way that cryptography can be used to promote individual privacy. His work includes techniques to securely access medical databases, enhance the anonymity of Bitcoin, and to analyze deployed security systems. Prior to joining the Johns Hopkins faculty he served as a Senior Technical Staff Member at AT&T Laboratories.

Activism, Privacy & Security, Privacy Rights, Videos

The Tor Project: Protecting Online Anonimity

Video Leave a comment

Jacob Appelbaum introduces the Tor Project and the Tor Network – an anonymity network used to protect individual’s identities online. Tor is free software for enabling anonymous online communication. The name TOR is an acronym derived from the original software project name The Onion Router. Tor is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication, by keeping their Internet activities from being monitored. The core principle of of the Tor Project, called “onion routing”, was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than six thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes visits to Web sites, online posts, instant messages, and other communication forms. It is legally used by millions worldwide to circumvent censorship and to stay safe from online snooping.