Internet privacy and security course
About translation
Previous Next
Why should I need privacy and security on the Internet?

Chapter 26

Why should I need privacy and security on the Internet?

Everyone can have his own rationale for setting up comprehensive privacy and security for his devices, and you’ll probably want to skip this chapter because it doesn’t seem that useful. Still, I recommend you read it as it explains why getting serious about online privacy and security really pays off. Most likely, you will feel additional motivation to follow the advice offered in this course,

Do you want your friends and colleagues to see the most intimate details of your life?

I can’t reveal the real name of this girl whose story I am about to tell you, so suppose her name is Helen. Helen is an average girl who lives in the European part of Russia. Young, pretty, a top university student, an email and social networks user. She also regularly uses Skype and WhatsApp to talk to her friends. She enjoys her job as a manager in a private company and gets along quite well with her close-knit and large team of colleagues.

For leisure and studies Helen uses her laptop equipped with an antivirus and the latest system updates. One day while browsing the Internet, unbeknownst to her, Helen got infected with malware. She was naïve to think that a popular antivirus with updated virus bases will protect her from any problems. But as we have already mentioned it, if it was really true, there would be no viruses and infections whatsoever. To her misfortune, she hadn’t read this course and didn’t use additional important tools that would protect her laptop.

The program that infected Helen’s laptop was RAT malware. This kind of malicious software is designed to remotely control a computer and can enable a perpetrator to gain full access to all data, including camera and microphone.

If you live in a one bedroom apartment that is at once your bedroom, library, changing room, chances are your laptop is constantly connected watching the owner through the webcam. The perpetrators recorded the private details of Helen’s life using the camera on her laptop. Then they copied all her friends from a social network, her contacts from Skype and WhatsApp and after sent a letter threatening to get the video out to all these people if she doesn’t pay them 3000 USD in bitcoins.

Needless to say, Helen was hit with the realization of the devastating consequences for her if the video was exposed to her relatives, friends, fellow students and colleagues. She couldn’t sleep all night, wasn’t herself over an entire week and collected the required amount of money getting into debt. She was lucky because the perpetrators held their word though did take a lot of money from her.

If Helen had read this course, the perpetrators would never have been able to spy on her using her webcam. While the solution to this problem is quite simple - tape your camera, it won’t protect you from malware, but it will - from surveillance through the web camera for sure.

 

Tip

Tape your laptop’s webcam. If you use it on a regular basis, make a triangle shaped cap to temporarily cover it.

There have been attempts to implement a similar model of monetizing ransomware. Some time ago Android users were attacked by malicious pornography-focused ransomware Adult Player. It masqueraded as an adult-themed Android app that requested access to the web camera during installation.

When the users viewed pornography, the app secretly took photos of them, locked the phone and demanded a ransom.

There is an older way of sextortion racket when a young girl, the so-called “honey trap” actress befriends a man on a social network and then tricks him into stripping off or performing sex acts in front of the camera after undressing herself.

Encouraged by the pretty girl, the man eagerly responded to the play, then the session got abruptly interrupted and he was shown the footage as blackmail. The scammers offered him two options: either he paid a hefty sum of money or the video would be sent to all his friends and acquaintances whose contacts had already been copied from the social network. Imagine the terrible position the victim of this webcam blackmail is put into.

Are you ready to put up with the censorship that violates your rights?

Some ten years ago the Internet was a genuinely free zone where you could find and leave any information. Today it is tightly pressed by government censorship. I understand why drug dealing websites or child pornography should be blocked, but the government of many different countries blocks the websites of opposition editions, politicians’ blogs depriving us of the right to hear other viewpoints.

For instance, in Saudi Arabia the government blocks the websites of international human rights organizations, social networks, popular IM services, the websites of LGBT communities, different religious websites that don’t advocate official Islam.

In China almost everything that’s out of control of the Chinese government is subject to blocking. For instance, Gmail, social networks, major international information agencies were blocked. The control over the Internet in China becomes more and more stifling and steadily shifts toward a “do only what you are allowed to” policy.

Censorship is not just a tool that restrains common users, it’s a proven method of exerting pressure on individuals. The owner of an online edition or blog can be given a warning that the publication of unsuitable materials may lead to his edition getting blacklisted, and he will lose his audience, advertisers and therefore revenue. Under coercion he won’t publish what he’s thinking, he won’t tell what he’s supposed to.

Censorship is pervasive. If you don’t stand up to it from the very beginning, it can ruin you. But if every person has the awareness and skill to get around censorship, it will be rendered useless both as a restraining tool and means of exertion.

Are you ready to pay a large fine for downloading a file on the Internet?

Let’s get started with a few real stories. Cormelian Brown of Delaware used his paid memberships on Flava Works sites, a Miami-based adult entertainment company, to download porn movies and distribute them free on BitTorrent sites. At the end of 2012, the owners of the gay porn site filed a lawsuit against him for damages, and the US court ordered Brown to pay $1.5 million or $150,000 for each of the 10 films.

A Minnesota native Jammie Thomas, mother of four, was ordered by the US court to pay $1.92 million for illegally sharing 24 songs. Many of you would say to yourself that you don’t share anything, you just download. But I have to disappoint you, not only people who share files are subject to persecution, those who distribute them also face huge damages. You know that torrent clients (same uTorrent) start automatically distributing downloaded files making you a criminal.

In Germany the authorities have already started prosecuting people who download or distributes files, the average fine being 800 EURO. According to the publicly available data, over 8 million of German citizens (every tenth citizen) got letters ordering them to pay a fine.

In Great Britain a special police branch Police Intellectual Property Crime Unit (PIPCU) specializes in catching pirates. Similar units are either already set up or being created in other countries of Europe.

In Russia the authorities already started blocking torrent trackers, with the blocking of RuTracker becoming the most high-profile case so far. I expect that in the near future the Russian government will embrace the European practices to impose fines on all copyright infringers.

Are you ready to get arrested for uploading your photos to the Internet?

Sometimes you are forced to hide your whereabouts to keep yourself out of prison. A Baranovichi native (Belarus), 27, got sentenced to two years of imprisonment for uploading a naked selfie on the Internet.

The photo was intended for his girlfriend, but, unfortunately, set to public view. An art review conducted during the investigation found the photo pornographic. The man pleaded guilty leading to a lighter sentence.

2 years! He got two years for sharing a naked picture of himself for his girlfriend. Two years of imprisonment for a young man. At least they didn’t burn him at stake.

Are you ready to be watched by a special agent because of your religious or political convictions?

Mohammed from London never imagined in his worst nightmare that he would be watched by a special agent that controls his every step on the Internet and regularly reports on his activities to his top management. An honest citizen, a Muslim that teaches at a local school, Mohammed became one of the hundreds of people who are under surveillance by special agencies. The information about total surveillance with regular reports was revealed to the world in 2014 thanks to Edward Snowden. You would expect this program to be discontinued, but, according to our information, on the contrary, it is getting more and more embraced in different countries.

In the US and Europe, Muslims are mainly under surveillance. It is quite easy to make the list of the people who are being watched: it is enough to visit an Islamic website without hiding your IP or leaving a suspicious message on a social network.

In Russia the authorities are primarily watching political opposition. You may want to browse through this course if your opinions differ from the current general stance of the government.

Do you want your activity on the Internet to be monitored, analyzed, and this data used for generating a profile on you?

People watch all kinds of videos on the Internet, and I am not an exception to this either. It turns out that all my activity on the Internet is viewed, analyzed and used for generating my profile. How do I know about it? Some time ago the website The Intercept revealed the documents evidencing population scale targeted surveillance by the U.K. Government Communications Headquarters (GCHQ).

This program went by the code name Karma Police and since 2009 collected and analyzed all the activity of users on the Internet. It gathered data about all viewed sites, including those with adult content, forums, blogs, social networks.

The program automatically generated a user’s profile, identified his real data and collected all the information, all the websites he had visited. It analyzed his messages in IM services such as Skype and WhatsApp controlled by special agencies, social networks, traced the location of his phone.

The program monitored full logs of queries entered into the Google search engine. A number of queries activated beacons, and these users became surveillance targets.

According to the information from the mass media, no court sanctioned this program, and the surveillance was conducted illegally, similar to analogous projects. That didn’t prevent special agencies to collect over 50 billion recorded metadata by 2012.

This is not a single case of targeted surveillance, such programs exist almost in all European countries, US, Middle East, Russia and, of course, China. Today special agencies actively design tools for processing data that allow to not just access a user’s browsing history but generate a fully-fledged user profile revealing his preferences, interests, sexual orientation, political stance, religious convictions, hobbies and circle of acquaintance.

I don't want to live in a world where everything that I say, everything I do, everyone I talk to, every expression of creativity or love or friendship is recorded.
Edward Snowden

Do you believe that your careless attitude toward data protection can ruin your family?

The story below was told me by an acquaintance and I can’t be sure of its veracity. However, in my opinion, there’s nothing improbable about it too.

A Moscow native Mikhail was a shady entrepreneur, and one day he got arrested on fraud charges. During the arrest the police seized his personal computer whose contents revealed the businessman’s intimate correspondence with young girls.

These girls were of age, and there was nothing criminal about his messages, however, this data was shown to his wife, and in addition to prosecution, Mikhail’s wife divorced him. He got into the remand prison and was left without family’s support, while his wife was leaving him with his children.

Should Mikhail have used Panic Button that can instantly destroy all sensitive information and be activated both by user and in a logical bomb mode, this would have never happened to him.

Do you like being watched by special agencies?

According to the documents shared by Edward Snowden, the US special agencies watched over a million citizens of Brazil. Such mass surveillance and data collection constitute direct interference with citizens’ private life and take place all over the world. Why should you think you are not being watched too? Perhaps it’s time to stop relying on your luck and start thinking about Internet privacy and security? I am not being paranoid, this is an adequate response to the data mining activities of special services, primarily from the US.

The former President of Brazil Dilma Rousseff commented on the US surveillance, “The right to safety of citizens of one country can never be guaranteed by violating fundamental human rights of citizens of another country." So let’s prevent violation of your fundamental rights, and our course will guide you through that.

Do you still believe that special agencies are not watching you? Then visit the site wikileaks.org. It is known that the visitors of this website are closely watched by special services, and this was confirmed by Edward Snowden. Wikileaks is not the only site watched by special services. For instance, a popular torrent site Pirate Bay is also under surveillance.

Do you want your every message to be analyzed and stored?

This information will be of most interest to Russian citizens. Some time ago the government procurement website posted the information about a very curious order. The customer was the Investigative Committee of the Russian Federation that ordered a web-based system of Internet surveillance. This system was to track all messages in mass media, blogs and social networks, check them for any violations and store this data for at least 1,5 years. In addition, the system should come with the ability to predict wrongdoing.

It appears that you will be watched by the Investigative Committee as well. Though a similar system is in place and already used by the Interior Ministry. You are watched for quite a long time, but every year the number of such systems grow, and they become more and more effective. In the future, most probably, we will be watched by artificial intelligence.

Do you want to become a victim of cyberwar?

According to the Edward Snowden leaks, NSA specialists are convinced that the next international conflict will take place in cyberspace, and the country should prepare for it already today. I have to say that this scenario frightens me less than a nuclear war that would destroy every living thing on the planet, but cyberwarfare is pervasive and hides a threat long before it unfolds.

So the US (and not only the US) is getting prepared for cyberwar. According to our information, the key task in cyberwarfare is to cripple the enemy’s core infrastructures (electrical supply, water supply, communications channels, military facilities). To perform that, they would regularly search for any vulnerabilities and tools for an attack. These tools are us, or to be precise, our equipment.

For instance, if you are an employee of a CHP plant, editor of a popular edition, system administrator of an Internet service provider, employee of a mobile phone company and has access to some information or you are entitled to get it very soon – you are a surveillance target and a possible tool for attacking the system or accessing the coveted data.

Do you want the data about your online activity to be studied by advertisers and then sold for profit?

According to the newspaper Vedomosti, the Russian advertising service iMaker became partner with an Internet service provider. In general, ISPs actively engage in partnership with advertising services, but this cooperation was somewhat different. The Internet service provider would profit from advertising by implementing their system of traffic management and analysis Deep Packet Inspection (DPI).

In practice, the iMaker technique of analysis can trace and analyze your Internet traffic. It would study the sites you visit, movies and music you prefer, the queries you enter in search engines and then draw up your consumer profile. Who gets this type of information and where it is stored are unknown information.

The goal of the agreement was to offer you targeted advertising, or to be precise, sell targeted advertising for you to a potential customer. It is indeed easier to do if they know what you are really interested in, your social status, needs, geodata. The money earned by targeted advertising was shared between iMaker and ISPs. According to the mass media reports, in 2015 this system was implemented by such major service providers such as MGTS, Akado, Rostelecom and qwerty.

iMaker drew criticism and soon waned, but the idea to analyze Internet traffics of users for forensic purposes, cyber spying or advertising revenue is gaining ground every year. In this course you are going to learn how to protect yourself from DIP techniques as well as other threats described in this chapter.

Previous
14146
Next