Econonomist, Richard Wolff, summarizes how the American class-based system functions
Econonomist, Richard Wolff, summarizes how the American class-based system functions
While most of the focus of Tuesday night’s primaries was on the battle for the White House, something extraordinary occurred in two local elections. Both Chicago’s Cook County State’s Attorney Anita Alvarez and Timothy McGinty, the Cuyahoga Prosecuting Attorney in Ohio, lost their bids for re-election.
In Alvarez’s case, it was a blow-out – she lost to her opponent almost 2-1.
As the so-called “top cops” in their respective jurisdictions, Alvarez and McGinty made key prosecutorial decisions in the controversial killings of unarmed African Americans by police officers. For Alvarez, it was the death of Laquan McDonald, shot 16 times by former officer Jason Van Dyke in 2014. In Cleveland, McGinty recommended that a grand jury not charge the officers who shot and killed 12-year-old Tamir Rice in a public park.
These are not the first prosecutors who recently failed to secure another term on name recognition and a “tough on crime” platform as the need for criminal justice reform gathers steam across the country. But they are the first ones to have faced off directly against the Black Lives Matter movement and lost.
“Black youth kicked Anita Alvarez out of office,” the Chicago activist group Assata’s Daughters wrote in a triumphant statement last night. “Just a month ago, Anita Alvarez was winning in the polls. Communities who refuse to be killed and jailed and abused without any chance at justice refused to allow that to happen.
“We did this for Laquan.”
According to the widely disseminated original account of the shooting of Laquan McDonald, the teenager had lunged at officers with a knife when he was shot. But dash camera footage of the incident – which was obtained by local journalists – showed he was moving away from police when Van Dyke opened fire, striking the 17 year old multiple times as he lay on the ground.
Though Alvarez ultimately charged Van Dyke with first-degree murder, she did it more than a year later, just before the camera footage was to be made public by a judge’s order. The timing gave the distinct impression that a cover-up had barely been averted, and that Alvarez was more interested in protecting the jobs of officers than she was in justice.
Alvarez ignored calls for her resignation and always maintained that she waited more than 400 days because she believed that a federal investigation needed to be completed before charges were brought against Van Dyke.
“I don’t believe any mistakes were made,” she insisted during the campaign.
A coalition of activists – members of Black Youth Project 100, Assata’s Daughters and Black Lives Matter Chicago – did not endorse Alvarez’s challenger, Kim Foxx. Instead they joined forces to oppose Alvarez.
Their protest and canvassing efforts culminated in the hashtag campaign #ByeAnita, words which could be seen fluttering on a huge banner trailing behind an airplane flying over downtown Chicago on election day. Alvarez started the day with a lead in the polls, but without key endorsements from former allies and the local media.
In the Rice case, McGinty encouraged a grand jury not to charge the two officers who opened fire on Rice after less than two seconds on the scene. After they obliged, McGinty said evidence showed it was indisputable that Rice was reaching to pull out his pellet gun when he was shot, despite differing expert testimony.
This was seen as a knee-jerk response to protect police, and Black Lives Matter Cleveland showed up with members of Rice’s family to picket McGinty’s home during the campaign. As Cleveland Scene editor in chief Vince Grzegorek sees it, nothing but public outrage can explain McGinty’s fall.
“It’s hard not to see the vote as anything but a referendum on McGinty’s handling of Tamir Rice and other police use-of-force cases,” he wrote in an email to BBC News.
The Black Lives Matter movement has been criticised for its lack of focus, aversion to a hierarchical structure, and inability to translate rage from street protests into tangible political goals. They have not coalesced behind a presidential candidate, and have disrupted both Democrats Bernie Sanders and Hillary Clinton at campaign events.
Aislinn Pulley, cofounder of Black Lives Matter Chicago, declined a recent invitation to the White House, deriding it as a “photo opportunity”. For those reasons, the movement has often been dismissed as an aimless and empty social media campaign.
But last night’s results answered those criticisms with definitive proof of the movement’s real political clout. The fact that the focus has shifted from police officers to prosecutors is significant, and these races prove that activists’ message resonates with voters. Prosecutors and politicians are now on alert – ignore their concerns at your own professional peril.
“For an evolving movement – youth-driven – to discover that it has this sort of electoral power, I can’t predict what will flow from that,” says Jamie Kalven, founder of the Invisible Institute, a non-profit journalism outfit on the south side of Chicago. “It’s really something.”
Where this newly discovered political might goes next remains to be seen. Chicago Mayor Rahm Emanuel, who like Alvarez denied that he was slow to act or that he was part of a cover-up, has already survived a re-election campaign – one that took place before the tape’s release and just days before the city settled a civil lawsuit brought by McDonald’s family. He’s been called “political poison” by the Chicago Tribune – Sanders tried to hurt Clinton in the Illinois primary by pointing out her ties to Emanuel.
“I’m quite sure he would concede the point that if he were on the ballot yesterday he would have been voted out emphatically,” says Kalven.
The morning after the primaries, another prosecutor – this one in Minneapolis, Minnesota – announced that he would not use a grand jury in order to decide whether to charge two officers in the shooting death of Jamar Clark in late 2015. Local Black Lives Matter activists celebrated the decision as a victory for transparency, proving once again that the movement now has prosecutors’ attention.
The new generation of prosecutors will not have a moment to rest easy. Michael O’Malley, McGinty’s successor, has demurred when asked how he would have handled the Rice case differently. Likewise, a vote for Foxx was really a vote against Alvarez, as Assata’s Daughters pointed out in their statement.
“We won’t stop until we’re free and Kim Foxx should know that as well,” they wrote.
Former adult actress says extreme scenes are harming amateur actresses
A retired adult film star has warned the growing appetite for ‘abuse’ porn is damaging amateur female performers, who are expected to take part in increasingly extreme scenes.
Lisa Ann left the industry in 2014 and now hosts a Fantasy Football show on Sirius XM radio. Unlike most performers whose careers within the industry often span just months or a few years, Ann appeared in adult films for two decades and has witnessed the industry’s trajectory towards more hardcore films.
Speaking to The Guardian, she claimed the difficulties some actresses face after leaving the adult industry often relate to the growing demand for extreme porn, and performers abusing drugs.
“There were times on set with people where I was like, ‘This is not a good situation. This is not safe. This girl is out of her mind and we’re not sure what she’s going to say when she leaves here,’” she said. “Everyone’s a ticking time bomb, and a lot of it is linked to the drugs. A lot of this new pain comes from these new girls who have to do these abusive scenes, because that does break you down as a woman.”
The demand for abuse scenes was addressed in the documentaryHot Girls Wanted, which included disturbing footage from a scene constructed to make a sex act appear forced on a female performer.
In an industry where pay rates have continuously declined, extreme acts also pay more, with the most radical commanding up to $2,500 per scene.
Rashida Jones, a producer on Hot Girls Wanted, described the cycle young women face when they start making amateur porn that she says encourages them to participate in more extreme scenes during an interview with Vice.
“Generally if you’re 18 and go to Miami, you’re done in a year, because there’s not enough amateur jobs for you. You can get some other jobs, but the niche stuff pays more, and the niche stuff is harder on your body,” she said.
“The pay can be $800, $1000 a shoot, but they still have to pay for hair and nails and make-up and travel and clothes – plus, they’re trying to live in a lavish way, so it ends up not being cost-effective. It’s not worth it.
“Then you have to make further negotiations with yourself, like, ‘Will I do torture porn? Will I do fetish porn? Will I do […] forced blowjobs?’ and things that you never expected to do.”
In 2010, a study conducted by Adult Video News reportedly found most of the scenes from 50 top-rented porn films involved the female performer appearing to be physically or verbally abused.
Researched, compiled and edited by L. Christopher Skufca
With the numerous methods incorporated by malicious hackers, the NSA, the FBI and even local law enforcement agencies to access your private data, Tor is the best alternative for anonymously surfing the internet. Fundamentally, Tor is secure; however, Tor itself can’t guarantee your privacy and security. Additional security measures must be taken to protect your anonymity. The experts at Information Security Stack Exchange provide guidance on best practices for preserving your online anonymity while using Tor.
Tor is free software for enabling anonymous online communication. Tor is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication, by keeping their Internet activities from being monitored. Tor protects anonymity by directing Internet traffic through a free, worldwide, volunteer network consisting of more than six thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. It is legally used by millions worldwide to circumvent censorship and to stay safe from online snooping.
Tor is an acronym for The Onion Router, encryption technology which was developed in the mid-1990s by United States Naval Research Laboratory for the purpose of protecting U.S. intelligence communications online. In 2004, the Naval Research Laboratory released the code for Tor under a free license, and in 2006 a Massachusetts-based 501(c)(3) research-education nonprofit organization called The Tor Project was founded. Its stated purpose is the research and development of online privacy tools.
The routing method utilized by the Tor network disguises your identity by moving traffic across different Tor servers, and encrypting that traffic, making it difficult to trace communications back to the original source. In an onion network, like that used by Tor, electronic data, including the destination IP address, is encapsulated in layers of encryption, analogous to layers of an onion. The encrypted data is then transmitted through a series of network nodes called onion routers, each of which “peels” away a single layer, uncovering the data’s next destination. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address.
Anyone who tries to identify the user would see traffic coming from random nodes on the Tor network, rather than the source computer. Because the routing of the communication is partly concealed at every hop in the Tor circuit, this method eliminates any single point at which the communicating peers can be determined through network surveillance that relies upon knowing its source and destination.
To access the Tor network, you simply need to download the Tor browser. Everything you do in the browser goes through the Tor network and doesn’t need any setup or configuration from you. One drawback of using Tor is that users experience a much more sluggish internet experience since their data is being transferred through multiple relays.
Tor is most useful for concealing internet browsing habits. Used in conjunction with additional security measures Tor can also be useful in protecting the anonymity of your communications with a third party. Tor has been utilized by researchers, journalists, whistleblowers, attorneys and even law enforcement officers hoping to conceal their IP address from detection.
There are several legitimate purposes for wanting to protect your online anonymity. Much of the Tor Project’s funding comes from federal grants issued by agencies, such as the U.S. State Department, that claim a vested interest in supporting safe, anonymous speech for dissidents living under oppressive regimes. It is used by human rights workers, activists, journalists and whistleblowers worldwide. Tor is also a useful tool for legal practitioners seeking to protect privileged attorney client communications and has been used as an effective tool for protecting the anonymity of undercover law enforcement officers and police informants.
However, in the wrong hands, Tor has also been used for more nefarious purposes. Tor’s technology can be utilized to provide anonymity to websites and other servers configured to receive inbound connections which are only accessible by other Tor users. These are called hidden services. Rather than revealing a server’s IP address (and thus its network location), a hidden service is accessed through its onion address. The Tor network understands these addresses and can route data to and from hidden services, even those hosted behind firewalls or network address translators (NAT), while preserving the anonymity of both parties. These hidden service sites create an opening for criminal activity, such as happened with the Silk Road exchange site caught which was shut down for trafficking illicit drugs. Tor’s hosting capabilities have also served as platforms for child pornography and illegal arms trading.
Anonymity is not the same as security. While it is difficult to hack the encryption of the Tor network, a network is only as secure as the technology used to access the network.
In a 2012 child pornography sting, the FBI utilized a hacking tool created by Metasploit called a “Decloaking Engine” to infect the servers of three different hidden Tor sites, which would then target anyone who happened to access them. The network investigative technique (NIT) used a Flash application that would ping a user’s real IP address back to an FBI controlled server, rather than routing their traffic through the Tor network and protecting their identity.
Woodward’s warning proved to be timely; in August 2013, the FBI was able to exploit a security flaw in the modified Firefox 17 browser included with the Tor Browser Bundle, a collection of programs designed to make it easy for people to install and use the software. Representatives of Tor responded to the breach with the following statement:
The good news is that they went for a browser exploit, meaning there’s no indication they can break the Tor protocol or do traffic analysis on the Tor network. Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.
Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody’s going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.
Two months later, in October 2013, The Guardian released an NSA presentation, provided by whistleblower Edward Snowden, revealing an NSA program targeting Tor users by exploiting the Tor browser bundle. The NSA attacks were designed to identify Tor users and the hidden sites they visited.
As The Guardian reported, this type of “man-on-the-side” style attack on Tor users cannot be pulled off by just anyone because it requires the assistance of internet service providers (ISP’s):
“(man-on-the-side attacks) are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a “race condition” between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack…
According to a top-secret operational management procedures manual provided by Snowden, once a target is successfully exploited it is infected with one of several payloads. Two basic payloads mentioned in the manual, are designed to collect configuration and location information from the target computer so an analyst can determine how to further infect the computer.
These decisions are made in part by the technical sophistication of the target and the security software installed on the target computer; called Personal Security Products or PSP, in the manual.”
Motherboard points to a 2013 FBI sting which utilized this method:
The FBI’s big child porn bust this summer also raised some suspicion from privacy advocates over how easy it is for the Feds to infiltrate Tor. The FBI managed to crack the anonymous network by injecting malware into the browser, in order to identify what it called “the “largest child porn facilitator on the planet.” In the process, the malware revealed the IP addresses of hundreds of users.
On January 05, 2016, Motherboard reported that the FBI conducted a network attack which targeted over a thousand computers and was was able to deanonymize visitors to a Tor hidden site called Playpen, allegedly one of the largest sites hosting child pornography on the Darkweb. According to the article, “the FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4,” during which time, “the FBI deployed what is known as a network investigative technique (NIT), the agency’s term for a hacking tool.” According to the complaint filed by the FBI, “approximately 1300 true internet protocol (IP) addresses were identified during this time.”
Tor explicitly warns against installing or enabling browser plugins. The Tor Browser is configured to block browser plugins such as Flash, RealPlayer, and Quicktime, because they can be manipulated into revealing your IP address. Therefore, Tor does not recommend installing additional addons or plugins into their Browser, as these may harm your anonymity and privacy by bypassing network protocols.
End Node Decryption
Tor has a known weakness: The last node through which traffic passes in the network has to decrypt the communication before delivering it to its final destination. Someone operating that node can see the communication passing through this server.
In 2007, Swedish security researcher, Dan Egerstad was able to intercept passwords and email messages from government agencies by running Tor exit nodes. According to Egerstad, many who use Tor mistakenly believe it is an end-to-end encryption tool. As a result, they aren’t taking the precautions they need to take to protect their web activity. University of Surrey professor, Alan Woodward, cautions that Tor volunteers are anonymous and therefore, users “do not choose which exit node you use so you cannot guarantee who it is that is actually running that node.” Woodward also remarked that Tor’s random routing between nodes makes it unlikely that anyone could target a specific individual in this way, unless they run a large proportion of the Tor nodes that are out there. Taking additional steps to encrypt data could also mitigate this risk.
Study on Traffic Correlation Attacks
In August 2013, Tor accounts increased by over 100%, leading many to suspect that Edward Snowden’s June 2013 revelations of the vast NSA surveillance program had led more internet users to protect their privacy. However, the sudden uptick in Tor users may be better explained by a joint research project designed to identify the effectiveness of these type of end node relay attacks.
In November of 2013, the US Naval Research Laboratory and Georgetown University in Washington, D.C. issued a joint report entitled “Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries.” The report focuses on traffic correlation attacks against Tor users, by network adversaries, such as such as corporations, intelligence and law enforcement agencies, or governments.
A network adversary is a network operator with ample network resources to observe a large portion of the underlying network over which Tor traffic is transported through controlling one or more autonomous systems or internet exchange points. Within the Internet, an autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the Internet. An Internet exchange point (IXP) is a physical infrastructure through which Internet service providers (ISPs) and Content Delivery Networks (CDNs) exchange Internet traffic between their networks (autonomous systems or ASes).
In layman’s terms, the study found that the more entrance and exit nodes a network adversary is capable of controlling, either through Tor exit relays or the destination servers themselves, the greater the probability the targeted communications will pass through a resource controlled by the attacker, exposing a Tor user (and their communications) to identification.
According to the report, “A network adversary leverages their position as a carrier of network traffic to correlate Tor traffic streams that cross their network at some point between the client and guard and exit and destination pairs.” As the researchers remark, “Tor does not currently implement any protection against adversaries who operate ASes or IXPs.”
In traffic correlation attacks, an adversary has the bandwidth capacity to run voluminous relays in the Tor network in order to deanonymize an individual user. The researchers report:
“Onion routing is vulnerable to an adversary who can monitor a user’s traffic as it enters and leaves the anonymity network; correlating that traffic using traffic analysis links the observed sender and receiver of the communication. Øverlier and Syverson first demonstrated the practicality of the attack in the context of discovering Tor Hidden Servers. Later work by Murdoch and Danezis show that traffic correlation attacks can be done quite efficiently against Tor.”
Since network adversaries can monitor entrance and exit traffic on any of the routers they control, the more points within their control, the greater their ability to expose a Tor users’ identity. Researchers found that, “sending many streams over Tor induces higher rates of circuit creation, increasing the number of chances the adversary has to compromise one. Alternatively, the specific destination addresses and ports that users connect to affect the probability a malicious exit is chosen because allowed exit policies differ from relay to relay.”
This is important because information travels through the encrypted layers of the Tor network through Internet Exchange Points (IXPs) or autonomous systems (ASes) that control multiple routers, such as ISPs. Since attackers can theoretically see exit or entrance traffic on any of the routers they control, logically, the more points of control, the faster and easier it is to expose a Tor users’ identity. As Meghan Neal at Motherboard points out, “Hypothetically, a state-sponsored cyberattacker could control all of the routers in the country.” Therefore, US intelligence agencies which have innumerable routers at their disposal would have a tremendous advantage in deanonymizing users and tracking their communications across the Tor network.
The Tor Project, itself, openly acknowledges:
“Just using Tor isn’t enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications.”
Therefore, it is highly recommended that Tor users always take additional security precautions by using an anonymous proxy tool, such as a virtual private network (VPN) and HTTPS encryption whenever possible as added layers of protection.
If you are not already using a VPN or HTTPS, you should be. If a site offers HTTPS, just go to https://www.thewebsite.com instead of just plain old http. To help ensure private encryption to websites, the Tor Browser includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website.
Using Tor Could Increase the Possibility that You are Targeted
Edward Snowden revealed in October 2013, the online anonymity Tor network is a high-priority target for the National Security Agency. In support, The Guardian released “Tor Stinks,” an NSA presentation (vintage June 2012) outlining current and proposed strategies for exploiting the network. The work of attacking Tor is done by the NSA’s application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.” Therefore, someone like the NSA or FBI can tell if you’re a Tor user making them more likely to target you.
Furthermore, an NSA document obtained by the Guardian in June 2013, titled Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence, reveals that using online anonymity services such as Tor or sending encrypted e-mail and instant messages are grounds for US-based communications to be retained by the National Security Agency even when they’re inadvertently collected.
Of concern, the NSA Minimization Procedures provide no ascertainable guidelines for protecting against warrantless domestic surveillance. Section 5 clearly reveals domestic communications are being monitored en masse and allows for the collection and dissemination of information relating to “evidence of a crime” to law enforcement agencies, whether or not a warrant has been obtained or an individual is the target of a current investigation. The procedures make no distinction between suspected terrorist or non-terrorist activity, or violent and non-violent offenses.
In August 2013, Reuters reported that law enforcement officers have been instructed to mislead judges and prosecutors by recreating the investigative trail to effectively cover up where the information obtained through NSA surveillance originated. An internal Special Operations Division (SOD) document obtained by Reuters reads: “Remember that the utilization of SOD cannot be revealed or discussed in any investigative function.” The document specifically directs agents to omit the SOD’s involvement from investigative reports, affidavits, discussions with prosecutors and courtroom testimony. Agents are also instructed to use a deceptive technique known as parallel construction to misrepresent that the evidence provided by SOD was collected through “normal investigative techniques.”
Likewise, Section 4, which deals with attorney-client communications, provides scarce safeguards for protecting attorney client privilege. Section 4 specifies that an analyst must cease monitoring communications between a person “known to be indicted in the United States” and their legal representative. However, there is no such protection for suspects who have not yet been indicted and the instruction or for privileged communications in civil or commercial proceedings.
Finally, a 2014 report published by German security researchers revealed the NSA internet database program XKeyscore, contains a piece of source code with rules for automatically capturing information about people who used Tor and privacy-focused operating system Tails. One rule seems to “fingerprint” people who visit the Tor website, as well as people who search for information about Tails or visit places known to have information on it, including the Linux Journal, where anything in the “Linux” category of articles is flagged. Fingerprints are flags that allow NSA agents to identify and track users across the web.
Tor As a Tool for Journalists and Whistleblowers
The SecureDrop open-source whistleblowing platform provides a way for sources, who can choose to remain anonymous, to submit documents and data while avoiding virtually all of the most common forms of online tracking.
It makes use of well-known anonymising technology such as the Tor network and the Tails operating system, which was used by journalists working on the Snowden files.
The SecureDrop platform was initially developed by the US developer and open source activist, Aaron Swartz, who committed suicide in 2013 after facing criminal prosecution under the Computer Fraud and Abuse Act for downloading mass quantities of academic research articles. To Date, the SecureDrop directory includes such familiar media sources as The Guardian, The Intercept, The New Yorker, The Sun and the Washington Post.
Is Tor Simply a Honeypot Run by U.S. Intelligence and Law Enforcement?
There is a legitimate concern among privacy advocates that Tor may simply be a honeypot for identifying illicit activities due to its historical and financial ties with the U.S. intelligence and law enforcement communities. Onion routing was originally developed in the mid-1990s by United States Naval Research Laboratory for the purpose of protecting U.S. intelligence communications online. Yasha Levine of Panda points out:
“Tor’s original — and current — purpose is to cloak the online identity of government agents and informants while they are in the field: gathering intelligence, setting up sting operations, giving human intelligence assets a way to report back to their handlers — that kind of thing. This information is out there, but it’s not very well known, and it’s certainly not emphasized by those who promote it.”
In addition, Tor’s own website states, “A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently.” The site adds, “Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.”
Furthermore, Tor’s onion routing technology was originally funded by the Office of Naval Research and DARPA. Early development was spearheaded by Paul Syverson, Michael Reed and David Goldschlag — all military mathematicians and computer systems researchers working for the Naval Research Laboratory, located within the Anacostia-Bolling military base in Washington, D.C.
In 2004, the Naval Research Laboratory released the code for onion routing under a free license, and in 2006 a Massachusetts-based 501(c)(3) research-education nonprofit organization called The Tor Project was founded. Since its inception, the vast majority of Tor Project funding has been provided by the Department of Defense and the US State Department:
The question is whether you can trust that a program which originated within the U.S. intelligence community, for use by US intelligence and law enforcement agencies and receives the majority of its funding from the Department of Defense and the State Department is sufficiently independent from these agencies to reasonable protect the privacy and anonymity of dissident journalists, activists and government whistle blowers. Your level of trust is most likely commensurate with the severity of the penalty that exposure would bring about.
For those of you not involved in criminal activity, exposing high level corruption or seeking to disclose state secrets, the following recommendations submitted on an Answers forum for network analysts should suffice in protecting your privacy.
As a very long time Tor user, the most surprising part of the NSA documents for me was how little progress they have made against Tor. Despite its known weaknesses, it’s still the best thing we have, provided it’s used properly and you make no mistakes.
Since you want security of “the greatest degree technically feasible”, I’m going to assume that your threat is a well-funded government with significant visibility or control of the Internet, as it is for many Tor users (despite the warnings that Tor is not sufficient to protect you from such an actor.
Consider whether you truly need this level of protection. If having your activity discovered does not put your life or liberty at risk, then you probably do not need to go to all of this trouble. But if it does, then you absolutely must be vigilant if you wish to remain alive and free.
I won’t repeat Tor Project’s own warnings here, but I will note that they are only a beginning, and are not adequate to protect you from such threats.
To date, the NSA‘s and FBI’s primary attacks on Tor users have been MITM attacks (NSA) and hidden service web server compromises (FBI) which either sent tracking data to the Tor user’s computer, compromised it, or both. Thus you need a reasonably secure system from which you can use Tor and reduce your risk of being tracked or compromised.
Tor contains weaknesses which can only be mitigated through actions in the physical world. An attacker who can view both your local Internet connection, and the connection of the site you are visiting, can use statistical analysis to correlate them.
Many Tor users get caught because they made a mistake, such as posting their real email address in association with their activities. You must avoid this as much as possible, and the only way to do so is with careful mental discipline.
These are big in the news lately, with the recent takedown of at least two high-profile hidden services, Silk Road and Freedom Hosting. The bad news is, hidden services are much weaker than they could or should be. The good news is, the NSA doesn’t seem to have done much with them (though the NSA slides mention a GCHQ program named ONIONBREATH which focuses on hidden services, nothing else is yet known about it).
In addition, since hidden services must often run under someone else’s physical control, they are vulnerable to being compromised via that other party. Thus it’s even more important to protect the anonymity of the service, as once it is compromised in this manner, it’s pretty much game over.
The advice given above is sufficient if you are merely visiting a hidden service. If you need to run a hidden service, do all of the above, and in addition do the following. Note that these tasks require an experienced system administrator; performing them without the relevant experience will be difficult or impossible.
Anonymity is hard. Technology alone, no matter how good it is, will never be enough. It requires a clear mind and careful attention to detail, as well as real-world actions to mitigate weaknesses that cannot be addressed through technology alone. As has been so frequently mentioned, the attackers can be bumbling fools who only have sheer luck to rely on, but you only have to make one mistake to be ruined. We call them “advanced persistent threats” because, in part, they are persistent. They won’t give up, and you must not.
The longtime friends and colleagues, now partners at Pepper Hamilton, a storied Philadelphia law firm led by a former FBI director, advertise themselves as victim advocates with big hearts in addition to legal know-how. Although none of the more than 50 colleges and universities they’ve worked with would freely admit it, they also offer schools struggling with PR crises a speedy way to send a message that they’re on the case.
In a 2013 profile, The American Lawyer called Smith a “guru for colleges and universities looking to reform sexual assault culture on campus” who helped institutions “avoid the courtroom” by conducting investigations and advising administrators on how to comply with gender equity law Title IX and the Clery Act, which requires schools to accurately report campus violence. The article also called Smith “part of the scandal cleanup crew” for her most “high-profile engagements,” including Occidental College, Amherst College, the University of North Carolina at Chapel Hill, and the University of California at Berkeley, all schools currently under investigation by the United States Department of Education for allegedly violating federal law regarding on-campus sexual assault.
But while college presidents love Smith and Gomez, many of the women who forced their universities to hire consultants in the first place loathe them. Complainants across the country told BuzzFeed that they believed their institutions were paying Smith and Gomez to clean up messes by paying lip service to federal compliance.
Although some students and faculty members praised their work, others said the retention of Smith and Gomez — who acknowledged that they’ve never read a student complaint — encourage their schools to crack down on activists instead of rapists and to adopt boilerplate policies instead of calling out inept administrators.
Since the schools pay the consultants’ bills, their allegiance is a regular source of tension and complaints from students who see their lives, not the universities’ brands, at the heart of the matter.
“It isn’t my rape that’s the problem now,” said Andrea Pino, who clashed with the consultants at the University of North Carolina at Chapel Hill, where she is currently a senior. “The rape was nothing compared to the way my school has treated me.”
Pino is one of five complainants who filed federal complaints against UNC last year alleging the administration dismissed the reports of sexual assault survivors, underreported rape statistics, and failed to train employees in offering support services. Soon after, the school denied the charges and hired Smith and Gomez.
Pino said she immediately resented Smith for insisting the university cared about her well-being when an academic advisor had called her “lazy” for seeking medical withdrawal from classes due to assault-related post-traumatic stress disorder. Still, she met with Smith for what she says was billed as a completely confidential meeting and told her that she had never received training on mandatory reporting, which is required by Title IX, while a resident adviser. Soon after, Smith reported her to the Department of Housing for underreporting alleged rapes.
“I’m so glad my complaint gave Smith a salary,” Pino said.
A lucrative cottage industry of college sexual misconduct consultants started booming in 2011, after the Department of Education sent a “Dear Colleague” letter warning educators that it was cracking down on Title IX, which prohibits sex-based discrimination, including sexual violence. Thanks to activist groups that help students file and publicize federal complaints, the industry has continued to grow. Last year, the Department of Education’s Office for Civil Rights received 30 sexual violence-related complaints against colleges and universities, almost double the previous year’s 17. The White House’s decision earlier this year to launch a task force to help prevent and prosecute campus sexual assaults likely means the numbers will continue to rise.
Schools in crisis — or hoping to prevent one — can call Margolis Healy & Associates, a firm founded by two former police chiefs, or the NCHERM Group, which bills itself as one of the “largest higher education-specific law practices” in the country. But Smith and Gomez stand out because they have decades of experience as prosecutors on terrible crimes (child abuse, domestic violence), an understanding of complicated federal and local laws, and come highly recommended by preeminent schools.
Occidental spokesperson James Tranquada said the college interviewed two other firms but were most impressed by Smith and Gomez’s extensive experience handling sex crimes and their work at peer institutions. “Their approach is not merely one of legal compliance — they passionately believe in what they are doing.” he wrote.
Smith is a pioneer in the field; she coined the now widely used term “institutional response to sexual misconduct” when she left her job as a Philadelphia assistant district attorney in 2006 and launched her new career at Ballard Spahr LLC. The practice was “sleepy” then compared to today, Smith said in an interview, adding that she was “dedicated to changing the conversation” before “it was in vogue to do so in the legal field.”
She and Gomez are both as warmly reassuring as teachers at a Quaker elementary school and so comfortable with each other that they finish each other’s sentences.
They’ve known each other since Gomez was an intern in the DA’s office; Smith, already an established prosecutor in the Family Violence Sexual Assault unit, soon became Gomez’s “life mentor.” Still, Gomez said, it took months for Smith to convince Gomez to join her at Ballard Spahr, which she finally did in 2011.
“I never set out to be a partner in a law firm — I’m really just a simple country girl with a strong core of common sense and responsibility,” Gomez said. “Gina convinced me that we could be proactive and could share our knowledge nationally — that was intriguing. But in the end, I joined the practice because I believed in Gina and I trusted her vision of how we could make a difference. It’s a choice I have never regretted.”
Pepper Hamilton, which snapped up the pair in 2013, probably doesn’t regret it, either. In a Feb. 14 press release announcing the previous year’s record fee income of $373 million, up 5.4% over the prior year, CEO Scott Green noted that the White Collar and Investigations practice group had more than doubled its revenue from 2012, partially in thanks to Smith and Gomez’s “thriving practice.”
Students can’t expect consultants who are brought in to review policy and procedure to fix larger cultural issues, said S. Daniel Carter, who runs the 32 National Campus Safety Initiative at the VTV Family Outreach Foundation, a nonprofit created by families and survivors of 2007’s Virginia Tech shooting.
“Students have broader interests,” he said. “They want allies. And they’re owed that, but people coming in from the outside to provide an objective review aren’t there to fill that role.”
But Gomez and Smith are successful because they do promise more than compliance — both are adamant that institutional liability isn’t their focus. “Our view starts with the students, and our goal is to listen with an earnest intent to understand their lens,” Gomez said. Many experts who know their work agree: Alison Kiss, the executive director of The Clery Center for Security on Campus, said she understands why students and faculty might mistrust for-profit consultants but that Smith and Gomez, whom she knows from the national conference circuit, aren’t just high-powered lawyers. “Beyond the knowledge of regulatory framework, you can see the care for victims shine through,” she said.
Without Smith and Gomez’s help, UNC couldn’t have launched the Title IX Task Force that is currently reworking the school’s approach to sexual misconduct, said Christi Hurt, UNC’s Interim Title IX coordinator. “They gave us a bird’s eye view of what the law required balanced with our needs as an individual university,” she said, adding that it was absolutely worth the money — a flat fee of $160,000 for eight months paid for by state taxpayer funds. Critics “obviously haven’t taken the time to get to know them,” said Sarah-Kathryn Bryan, a student on the task force who says she considers the women “good feminists” and her friends.
But many of the most prominent survivor activists in the country said that while they were initially optimistic about Smith and Gomez, they now warn each other in advance when the pair shows up on a new campus.
“Everyone in our inner circle of national student activists knows not to trust them or waste your time working with them because they’re just going to run you in circles anyway,” said Sofie Karasek, lead complainant in the federal complaints against the University of California at Berkeley. A UC Berkeley spokesperson confirmed that the school hired Smith and Gomez last fall to review and strengthen campus policies, but Karasek says she has no idea what they’re up to and that they’ve never tried to get in touch, a sentiment echoed by complainants across the country.
Although Smith and Gomez have publicly invited all interested members of theOccidental community to contact them via an anonymous suggestion box, Caroline Heldman and Danielle Dirks, two professors who are lead complainants in the federal complaints against their college, said that was an empty promise.
“We offered three times to set up individual and group meetings with survivors who were part of the federal complaint, and all three times they seemed interested but never took us up on the offer,” said Heldman, who, along with Dirks, has long advocated for sexual assault reform on campus. “After repeated offers that were ignored, we stopped asking. It was as if they were trying hard to not speak to survivors.”
Dirks and Heldman were dumbfounded by the price tag: They claim Smith and Gomez, who have been working with Occidental for more than a year, told them they were making $585 and $511 an hour, respectively. (Smith and Gomez declined to comment on their fees and would only say that they are consistent with the rates of other national law firms.) In exchange, Dirks said, the school has received a handful of ineffective “community forums” where the lawyers took few questions, some poorly planned training sessions, and a revised — and, in her view, “watered-down” — sexual assault policy.
Smith and Gomez “are great at making parents and students feel like something is being done because they are using big legal words, but words can’t take the place of legal action,” Dirks said. “They have had an absolute negative effect on our reform.”
Students and professors at other schools described similar experiences. Smith “just talked at us while the administrators sat silently behind her, sort of quivering, at this so-called public meeting,” said Altha Cravey, an assistant professor at UNC who attended a forum billed on Facebook as an open dialogue with the Chancellor. “It was supposed to be this ongoing public conversation, but instead we heard from a lawyer who reduced everything to technicalities. It was really offensive and awful.”
Other complaints about Smith’s and Gomez’s work concerned their external reviews. The University of Colorado at Boulder, which cheerily announced earlier this year that an external review by Smith and Gomez had found the school in compliance with Title IX, angered some students who were quick to note that the official federal complaint that spurred the review was still ongoing. The Amherst report Smith and Gomez helped conduct failed to identify “the underlying causes of sexual violence,” student survivor Dana Bolger wrote: The report found “no need to name specific student groups” that intimidate victims into staying silent about sexual assault, but went into detail about a “large and seasonally permanent” tent with a sound system that could host “large-scale poetry slams, small concerts, outdoor movies, recitals, dance lessons, and the like,” in hopes that students will “evolve and sustain new and more creative modes of play” and “escape the Amherst Awkward feeling” instead of assaulting their peers.
Pino isn’t the only complainant frustrated by Smith’s insistence on hardline mandatory reporting compliance. At Swarthmore, which employs Pepper Hamilton as its general counsel, Mia Ferguson was denied a job as a dormitory resident advisor after she filed a Title IX complaint because she wouldn’t provide authorities with details concerning an alleged rape. Under Title IX, resident advisors are “mandatory reporters,” meaning they are obligated to report all aware sexual misconduct to higher-ups.
But, as Ferguson pointed out in her complaint, Swarthmore was hardly fully compliant — she said she hadn’t even been properly trained on the duties of a mandatory reporter — and the information in question pertained to an incident that took place before Ferguson signed her RA contract. Was it really necessary to fire her as an example? In a New York Times article about the controversy, Smith said yes and defended the college’s decision.
“We love our schools, and we want them to succeed,” Ferguson said. “But [Smith] isn’t interested in helping schools push back against an antiquated law. She’s interested in helping schools comply so they stay out of court.”
Smith and Gomez told BuzzFeed they understand why survivors would be skeptical; institutional betrayal cuts deep, and sometimes there is “such a breakdown in trust that it can be difficult to transcend the past.” But although the pair stresses their experience working with victims of sex crimes, they’re also aggressive former prosecutors. Smith, in particular, drew criticism from public defenders in Philadelphia whom she went up against in sex crimes cases, and in at least one case, her office settled charges that she had crossed the line.
In 2005, Smith was sued by Nicole Schneyder, a reluctant witness in one of Smith’s first murder trials, for allegedly jailing Schneyder to force her to testify and then leaving her there for 48 days after the case was postponed against a judge’s order. While Schneyder was in jail, the man she called her father died. It was only when her sister appealed to the Public Defender’s Office to see if Schneyder could attend the funeral that an official realized she was being held for a trial that was still months away.
The Philadelphia District Attorney’s Office settled with Schneyder for $255,000 in 2011. “Whether to keep Schneyder in jail should have been the court’s decision, and Smith knew it,” the three-judge panel wrote, calling her alleged conduct “outrageous” and unconstitutional.
Daniel Silverman, Schneyder’s attorney, accused her of “acting as though she could disregard her professional and ethical obligations all in the service of winning her case.”
“That she had actual notice that my client was languishing in jail and ignored the pleas of her family to release her so she could say her final goodbyes to the dying man who raised her speak to her seeming belief that she did not need to play within the rules,” he said.
Smith said in response that she was dealing with a brutal case of rape and murder, and stressed that the case was “a settlement before any fact-finding and thus there was no admission or finding of fault.”
“As a prosecutor, my obligation was to seek justice with integrity — in this case, I followed a lawful process, supported by witnesses and documentary evidence, to advocate on behalf of a victim who had been raped and murdered,” she said.
It’s a long way from the courtroom to the campus, but sex crimes prosecutors have always needed to show more than one side. They’re expected to be both compassionate advocates for victims and hard-edged instruments of vengeance on perpetrators.
Smith’s and Gomez’s success is rooted in that balance, but as their legion of critics makes clear, it’s a tough one to maintain.
The two are “highly tuned weapons of legal warfare,” said Peter Lake, a higher education consultant and law professor who questions whether the prosecutorial approach is best for schools, given victims’ mistrust of the legal system and the confusion surrounding Title IX, which he believes “pits students against their institutions.”
“I’m a lawyer, but it scares me to death that we are lawyering up higher ed,” he said. “We’re legalizing this field very quickly with little attention being paid to how it will affect victims.”
Security I 07.21.15.07.21.15 I 6:00 AM
If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone. – CHARLIE MILLER
I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.
As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.
The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.
To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening. Then they told me to drive the Jeep onto the highway. “Remember, Andy,” Miller had said through my iPhone’s speaker just before I pulled onto the Interstate 64 on-ramp, “no matter what happens, don’t panic.”1
As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.
At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway.
“You’re doomed!” Valasek shouted, but I couldn’t make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.
I followed Miller’s advice: I didn’t panic. I did, however, drop any semblance of bravery, grab my iPhone with a clammy fist, and beg the hackers to make it stop.
This wasn’t the first time Miller and Valasek had put me behind the wheel of a compromised car. In the summer of 2013, I drove a Ford Escape and a Toyota Prius around a South Bend, Indiana, parking lot while they sat in the backseat with their laptops, cackling as they disabled my brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel. “When you lose faith that a car will do what you tell it to do,” Miller observed at the time, “it really changes your whole view of how the thing works.” Back then, however, their hacks had a comforting limitation: The attacker’s PC had been wired into the vehicles’ onboard diagnostic port, a feature that normally gives repair technicians access to information about the car’s electronically controlled systems.
A mere two years later, that carjacking has gone wireless. Miller and Valasek plan to publish a portion of their exploit on the Internet, timed to a talk they’re giving at the Black Hat security conference in Las Vegas next month. It’s the latest in a series of revelations from the two hackers that have spooked the automotive industry and even helped to inspire legislation; WIRED has learned that senators Ed Markey and Richard Blumenthal plan to introduce an automotive security bill today to set new digital security standards for cars and trucks, first sparked when Markey took note of Miller and Valasek’s work in 2013.
As an auto-hacking antidote, the bill couldn’t be timelier. The attack tools Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic experience on I-64; After narrowly averting death by semi-trailer, I managed to roll the lame Jeep down an exit ramp, re-engaged the transmission by turning the ignition off and on, and found an empty lot where I could safely continue the experiment.
Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they’re working on perfecting their steering control—for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route.
All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country. “From an attacker’s perspective, it’s a super nice vulnerability,” Miller says.
From that entry point, Miller and Valasek’s attack pivots to an adjacent chip in the car’s head unit—the hardware for its entertainment system—silently rewriting the chip’s firmware to plant their code. That rewritten firmware is capable of sending commands through the car’s internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Miller and Valasek say the attack on the entertainment system seems to work on any Chrysler vehicle with Uconnect from late 2013, all of 2014, and early 2015. They’ve only tested their full set of physical hacks, including ones targeting transmission and braking systems, on a Jeep Cherokee, though they believe that most of their attacks could be tweaked to work on any Chrysler vehicle with the vulnerable Uconnect head unit. They have yet to try remotely hacking into other makes and models of cars.
After the researchers reveal the details of their work in Vegas, only two things will prevent their tool from enabling a wave of attacks on Jeeps around the world. First, they plan to leave out the part of the attack that rewrites the chip’s firmware; hackers following in their footsteps will have to reverse-engineer that element, a process that took Miller and Valasek months. But the code they publish will enable many of the dashboard hijinks they demonstrated on me as well as GPS tracking.
Second, Miller and Valasek have been sharing their research with Chrysler for nearly nine months, enabling the company to quietly release a patch ahead of the Black Hat conference. On July 16, owners of vehicles with the Uconnect feature were notified of the patch in a post on Chrysler’s website that didn’t offer any details or acknowledge Miller and Valasek’s research. “[Fiat Chrysler Automobiles] has a program in place to continuously test vehicles systems to identify vulnerabilities and develop solutions,” reads a statement a Chrysler spokesperson sent to WIRED. “FCA is committed to providing customers with the latest software updates to secure vehicles against any potential vulnerability.”
Unfortunately, Chrysler’s patch must be manually implemented via a USB stick or by a dealership mechanic. (Download the update here.) That means many—if not most—of the vulnerable Jeeps will likely stay vulnerable.
Chrysler stated in a response to questions from WIRED that it “appreciates” Miller and Valasek’s work. But the company also seemed leery of their decision to publish part of their exploit. “Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” the company’s statement reads. “We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.”
The two researchers say that even if their code makes it easier for malicious hackers to attack unpatched Jeeps, the release is nonetheless warranted because it allows their work to be proven through peer review. It also sends a message: Automakers need to be held accountable for their vehicles’ digital security. “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller says. “This might be the kind of software bug most likely to kill someone.”
In fact, Miller and Valasek aren’t the first to hack a car over the Internet. In 2011 a team of researchers from the University of Washington and the University of California at San Diego showed that they could wirelessly disable the locks and brakes on a sedan. But those academics took a more discreet approach, keeping the identity of the hacked car secret and sharing the details of the exploit only with carmakers.
Miller and Valasek represent the second act in a good-cop/bad-cop routine. Carmakers who failed to heed polite warnings in 2011 now face the possibility of a public dump of their vehicles’ security flaws. The result could be product recalls or even civil suits, says UCSD computer science professor Stefan Savage, who worked on the 2011 study. “Imagine going up against a class-action lawyer after Anonymous decides it would be fun to brick all the Jeep Cherokees in California,” Savage says.2
For the auto industry and its watchdogs, in other words, Miller and Valasek’s release may be the last warning before they see a full-blown zero-day attack. “The regulators and the industry can no longer count on the idea that exploit code won’t be in the wild,” Savage says. “They’ve been thinking it wasn’t an imminent danger you needed to deal with. That implicit assumption is now dead.”
471,000 Hackable Automobiles
Sitting on a leather couch in Miller’s living room as a summer storm thunders outside, the two researchers scan the Internet for victims.
Uconnect computers are linked to the Internet by Sprint’s cellular network, and only other Sprint devices can talk to them. So Miller has a cheap Kyocera Android phone connected to his battered MacBook. He’s using the burner phone as a Wi-Fi hot spot, scouring for targets using its thin 3G bandwidth.
A set of GPS coordinates, along with a vehicle identification number, make, model, and IP address, appears on the laptop screen. It’s a Dodge Ram. Miller plugs its GPS coordinates into Google Maps to reveal that it’s cruising down a highway in Texarkana, Texas. He keeps scanning, and the next vehicle to appear on his screen is a Jeep Cherokee driving around a highway cloverleaf between San Diego and Anaheim, California. Then he locates a Dodge Durango, moving along a rural road somewhere in the Upper Peninsula of Michigan. When I ask him to keep scanning, he hesitates. Seeing the actual, mapped locations of these unwitting strangers’ vehicles—and knowing that each one is vulnerable to their remote attack—unsettles him.
When Miller and Valasek first found the Uconnect flaw, they thought it might only enable attacks over a direct Wi-Fi link, confining its range to a few dozen yards. When they discovered the Uconnect’s cellular vulnerability earlier this summer, they still thought it might work only on vehicles on the same cell tower as their scanning phone, restricting the range of the attack to a few dozen miles. But they quickly found even that wasn’t the limit. “When I saw we could do it anywhere, over the Internet, I freaked out,” Valasek says. “I was frightened. It was like, holy fuck, that’s a vehicle on a highway in the middle of the country. Car hacking got real, right then.”
That moment was the culmination of almost three years of work. In the fall of 2012, Miller, a security researcher for Twitter and a former NSA hacker, and Valasek, the director of vehicle security research at the consultancy IOActive, were inspired by the UCSD and University of Washington study to apply for a car-hacking research grant from Darpa. With the resulting $80,000, they bought a Toyota Prius and a Ford Escape. They spent the next year tearing the vehicles apart digitally and physically, mapping out their electronic control units, or ECUs—the computers that run practically every component of a modern car—and learning to speak the CAN network protocol that controls them.
When they demonstrated a wired-in attack on those vehicles at the DefCon hacker conference in 2013, though, Toyota, Ford, and others in the automotive industry downplayed the significance of their work, pointing out that the hack had required physical access to the vehicles. Toyota, in particular, argued that its systems were “robust and secure” against wireless attacks. “We didn’t have the impact with the manufacturers that we wanted,” Miller says. To get their attention, they’d need to find a way to hack a vehicle remotely.
Congress Takes on the
So the next year, they signed up for mechanic’s accounts on the websites of every major automaker and downloaded dozens of vehicles’ technical manuals and wiring diagrams. Using those specs, they rated 24 cars, SUVs, and trucks on three factors they thought might determine their vulnerability to hackers: How many and what types of radios connected the vehicle’s systems to the Internet; whether the Internet-connected computers were properly isolated from critical driving systems, and whether those critical systems had “cyberphysical” components—whether digital commands could trigger physical actions like turning the wheel or activating brakes.
Based on that study, they rated Jeep Cherokee the most hackable model. Cadillac’s Escalade and Infiniti’s Q50 didn’t fare much better; Miller and Valasek ranked them second- and third-most vulnerable. When WIRED told Infiniti that at least one of Miller and Valasek’s warnings had been borne out, the company responded in a statement that its engineers “look forward to the findings of this [new] study” and will “continue to integrate security features into our vehicles to protect against cyberattacks.” Cadillac emphasized in a written statement that the company has released a new Escalade since Miller and Valasek’s last study, but that cybersecurity is “an emerging area in which we are devoting more resources and tools,” including the recent hire of a chief product cybersecurity officer.
After Miller and Valasek decided to focus on the Jeep Cherokee in 2014, it took them another year of hunting for hackable bugs and reverse-engineering to prove their educated guess. It wasn’t until June that Valasek issued a command from his laptop in Pittsburgh and turned on the windshield wipers of the Jeep in Miller’s St. Louis driveway.
Since then, Miller has scanned Sprint’s network multiple times for vulnerable vehicles and recorded their vehicle identification numbers. Plugging that data into an algorithm sometimes used for tagging and tracking wild animals to estimate their population size, he estimated that there are as many as 471,000 vehicles with vulnerable Uconnect systems on the road.
Pinpointing a vehicle belonging to a specific person isn’t easy. Miller and Valasek’s scans reveal random VINs, IP addresses, and GPS coordinates. Finding a particular victim’s vehicle out of thousands is unlikely through the slow and random probing of one Sprint-enabled phone. But enough phones scanning together, Miller says, could allow an individual to be found and targeted. Worse, he suggests, a skilled hacker could take over a group of Uconnect head units and use them to perform more scans—as with any collection of hijacked computers—worming from one dashboard to the next over Sprint’s network. The result would be a wirelessly controlled automotive botnet encompassing hundreds of thousands of vehicles.
“For all the critics in 2013 who said our work didn’t count because we were plugged into the dashboard,” Valasek says, “well, now what?”
Congress Takes on Car Hacking
Now the auto industry needs to do the unglamorous, ongoing work of actually protecting cars from hackers. And Washington may be about to force the issue.
Later today, senators Markey and Blumenthal intend to reveal new legislation designed to tighten cars’ protections against hackers. The bill (which a Markey spokesperson insists wasn’t timed to this story) will call on the National Highway Traffic Safety Administration and the Federal Trade Commission to set new security standards and create a privacy and security rating system for consumers. “Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car,” Markey wrote in a statement to WIRED. “Drivers shouldn’t have to choose between being connected and being protected…We need clear rules of the road that protect cars from hackers and American families from data trackers.”
Markey has keenly followed Miller and Valasek’s research for years. Citing their 2013 Darpa-funded research and hacking demo, he sent a letter to 20 automakers, asking them to answer a series of questions about their security practices. The answers, released in February, show what Markey describes as “a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle.” Of the 16 automakers who responded, all confirmed that virtually every vehicle they sell has some sort of wireless connection, including Bluetooth, Wi-Fi, cellular service, and radios. (Markey didn’t reveal the automakers’ individual responses.) Only seven of the companies said they hired independent security firms to test their vehicles’ digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital commands.
UCSD’s Savage says the lesson of Miller and Valasek’s research isn’t that Jeeps or any other vehicle are particularly vulnerable, but that practically any modern vehicle could be vulnerable. “I don’t think there are qualitative differences in security between vehicles today,” he says. “The Europeans are a little bit ahead. The Japanese are a little bit behind. But broadly writ, this is something everyone’s still getting their hands around.”
Aside from wireless hacks used by thieves to open car doors, only one malicious car-hacking attack has been documented: In 2010 a disgruntled employee in Austin, Texas, used a remote shutdown system meant for enforcing timely car payments to brick more than 100 vehicles. But the opportunities for real-world car hacking have only grown, as automakers add wireless connections to vehicles’ internal networks. Uconnect is just one of a dozen telematics systems, including GM Onstar, Lexus Enform, Toyota Safety Connect, Hyundai Bluelink, and Infiniti Connection.
In fact, automakers are thinking about their digital security more than ever before, says Josh Corman, the cofounder of I Am the Cavalry, a security industry organization devoted to protecting future Internet-of-things targets like automobiles and medical devices. Thanks to Markey’s letter, and another set of questions sent to automakers by the House Energy and Commerce Committee in May, Corman says, Detroit has known for months that car security regulations are coming.
But Corman cautions that the same automakers have been more focused on competing with each other to install new Internet-connected cellular services for entertainment, navigation, and safety. (Payments for those services also provide a nice monthly revenue stream.) The result is that the companies have an incentive to add Internet-enabled features—but not to secure them from digital attacks. “They’re getting worse faster than they’re getting better,” he says. “If it takes a year to introduce a new hackable feature, then it takes them four to five years to protect it.”
Corman’s group has been visiting auto industry events to push five recommendations: safer design to reduce attack points, third-party testing, internal monitoring systems, segmented architecture to limit the damage from any successful penetration, and the same Internet-enabled security software updates that PCs now receive. The last of those in particular is already catching on; Ford announced a switch to over-the-air updates in March, and BMW used wireless updates to patch a hackable security flaw in door locks in January.
Corman says carmakers need to befriend hackers who expose flaws, rather than fear or antagonize them—just as companies like Microsoft have evolved from threatening hackers with lawsuits to inviting them to security conferences and paying them “bug bounties” for disclosing security vulnerabilities. For tech companies, Corman says, “that enlightenment took 15 to 20 years.” The auto industry can’t afford to take that long. “Given that my car can hurt me and my family,” he says, “I want to see that enlightenment happen in three to five years, especially since the consequences for failure are flesh and blood.”
As I drove the Jeep back toward Miller’s house from downtown St. Louis, however, the notion of car hacking hardly seemed like a threat that will wait three to five years to emerge. In fact, it seemed more like a matter of seconds; I felt the vehicle’s vulnerability, the nagging possibility that Miller and Valasek could cut the puppet’s strings again at any time.
The hackers holding the scissors agree. “We shut down your engine—a big rig was honking up on you because of something we did on our couch,” Miller says, as if I needed the reminder. “This is what everyone who thinks about car security has worried about for years. This is a reality.”
Update 3:30 7/24/2015: Chrysler has issued a recall for 1.4 million vehicles as a result of Miller and Valasek’s research. The company has also blocked their wireless attack on Sprint’s network to protect vehicles with the vulnerable software.
1Correction 10:45 7/21/2015: An earlier version of the story stated that the hacking demonstration took place on Interstate 40, when in fact it was Route 40, which coincides in St. Louis with Interstate 64.
2Correction 1:00pm 7/27/2015: An earlier version of this story referenced a Range Rover recall due to a hackable software bug that could unlock the vehicles’ doors. While the software bug did lead to doors unlocking, it wasn’t publicly determined to exploitable by hackers.
In my October 23 blog, I mentioned that iOS 4.3.4 was susceptible to a man-in-the-middle attack that was later corrected in iOS 4.3.5. These attacks are frequently mentioned in the security literature, but many of you may still be wondering what they are exactly and how they work. With this article, I’ll explain what man-in-the-middle attacks are and how you can avoid falling prey to them.
How the Attack Works
To see how man-in-the-middle attacks work, consider the illustration below. Network traffic normally travels directly between two computers that communicate with each other over the Internet, in this case the computers belonging to User 1 and User 2.
How to Avoid Being Attacked
In practice, ARP spoofing is difficult to prevent with the conventional security tools that come with your PC or Mac. However, you can make it difficult for people to view your network traffic by using encrypted network connections provided by HTTPS or VPN (virtual private network) technology.
HTTPS uses the secure sockets layer (SSL) capability in your browser to mask your web-based network traffic from prying eyes. VPN client software works in a similar fashion – some VPNs also use SSL – but you must connect to a VPN access point like your company network, if it supports VPN. To decrypt HTTPS and VPN, a man-in-the-middle attacker would have to obtain the keys used to encrypt the network traffic which is difficult, but not impossible to do.
When communicating over HTTPS, your web browser uses certificates to verify the identity of the servers you are connecting to. These certificates are verified by reputable third party authority companies like VeriSign.
If your browser does not recognize the authority of the certificate sent from a particular server, it will display a message indicating that the server’s certificate is not trusted, which means it may be coming from a man-in-the-middle-attacker. In this situation you should not proceed with the HTTPS session, unless you already know that the server can be trusted – like when you or the company you work for set up the server for employees only.
If you want to dive into the technical details and learn more about the tools used to carry out a man-in-middle attack, I recommend watching the YouTube video – Man In The Middle Attack – Ethical Hacking Example created by the InfoSec Institute.
In the meantime, use HTTPS and VPN in public networks and stay away from web servers you don’t trust.
I work for Trend Micro and the opinions expressed here are my own.
For more tips and advice regarding Internet, mobile security and more, just “Like” Trend Micro Fearless Web Facebook page!