Announcement

Collapse
No announcement yet.

Can the FBI turn on the web cams of linux users?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by MartinN View Post
    Why all this paranoia?
    Do a little research on redhat, who works there, who there biggest customer is etc. Then look at what linux projects they basically control.
    Then try reading the news once in awhile, and connect the dots for your self.

    This is a thread about the FBI and spying, worry about all US government agencies including the NSA because if its Linux they have there hand in the
    cookie jar hence why I don't touch anything I can't control, audit, maintain. And neither should you.

    But you won't listen, and chances are a bunch of you are going to go all Troll and Fanboy on me but whatever. At-least I have a chance at some form of privacy.

    And while your at it look into your webcam and smile for General Henry Hugh Shelton chairman of Redhat.

    Last edited by zester; 16 December 2013, 06:10 PM.

    Comment


    • #22
      Web cams

      If you are worried by your privacy, I have a solution that will make your Christmas very happy (and mine too).

      Send me your laptops/tablets/cell phones with cams as a gift to me, and I will give you the freedom of not being watched in return, lol.

      Comment


      • #23
        Originally posted by halfmanhalfamazing View Post
        Check this story out:

        Ex-Official Says FBI Can Secretly Activate an Individual’s Webcam Without the Indicator Light Turning On

        “The FBI has been able to covertly activate a computer’s camera - without triggering the light that lets users know it is recording - for several years, and has used that technique mainly in terrorism cases or the most serious criminal investigations.”
        You linked to the blaze for a click-baiting scare article.



        Former U.S. officials say the FBI uses the technique sparingly, in part to keep public references to its online surveillance tools to a minimum. There was news coverage about them in 2007, when Wired reported that the FBI had sent surveillance software to the owner of a MySpace account linked to bomb threats against a Washington state high school.

        The FBI has been able to covertly activate a computer’s camera — without triggering the light that lets users know it is recording — for several years, and has used that technique mainly in terrorism cases or the most serious criminal investigations, said Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, now on the advisory board of Subsentio, a firm that helps telecommunications carriers comply with federal wiretap statutes.

        The FBI’s technology continues to advance as users move away from traditional computers and become more savvy about disguising their locations and identities. “Because of encryption and because targets are increasingly using mobile devices, law enforcement is realizing that more and more they’re going to have to be on the device — or in the cloud,” Thomas said, referring to remote storage services. “There’s the realization out there that they’re going to have to use these types of tools more and more.”
        Realistically if you aren't buying Ukrainian sex slaves or trying to have someone assassinated on Silk Road 2, you have nothing to fear from this. You still have to worry about the RATers, though.

        Comment


        • #24
          Originally posted by duby229 View Post
          I just wanted to point out that I think your configuration is awesome. It took a hell of a lot of skill and experience to do all that. Your OS is running a lot closer to hardware than Steam OS is for example.

          Looks like a fantastic configuration... Now app support.... and distribute.....
          Ditto, sounds like a great thing for a secure live-cd even.

          Comment


          • #25
            Originally posted by Luke View Post
            On the one hand, on laptops where the camera model, chipset, and wireless model are all known in advance, a firmware backdoor to turn a camera on in reponse to a specific signal sent by wi-fi would not be too hard. On the other hand, exporting the take when the vendor-provided OS is gone would be much more difficult. They'd need something like ffmpeg to convert the raw output to H264 or some other codec, and a "firmware" blog with 2-3MB video encoder added would look awfully large for something that is supposed to contain only microcode. A possible approach to detection would be to compare the size of known firmware blobs to the predicted size of microcode to do what the firmware is publicly supposed to so.

            For a linux blob to be a bulk attack vector, it would have to be one with access to the camera and the wireless card(both devices on DMA perhaps), and be a blob likely to be used by the most common targets. Closed gaming video drivers might be rare on computers used by spies or kiddie-porn traffickers, for instance, due to their high profile as untrusted closed software and large size.

            I agree that unused webcams should always be covered, not just turned off in BIOS. This is so easy to do that when security is an issue it should be the first thing done, and it removes all questions of worrying about an arms race with opposing hackers who have access to the OEM. This is not because it is likely to be used against, you, but rather because it is so foolish not to take a five minute, costless step to take a potential issue entirely off the table. If there is a 99% chance they can't turn it on, why have to worry about the other 1%?

            Still, so few people rip out vendor provided OS's that the FBI probably would regard huge amounts of extra work and risk to extend the ability to turn webcams on to the last 1% of computers as not worth the hassle. Remember, Microsoft and Apple bend over backwards to support the cops with in-house tools, so the FBI's back door into those may be as simple as placing a covert purchase order. Google/Android may have required a little more "pursuasion" to drop malicious binaries into the phones-or maybe they just go to the Big Telcos who are actually installing Android on all those phones and tablets. If the OS comes from the vendor, undeclared binaries are trivial to drop in, nearly impossible to find until the names are known. Remember Carrier IQ in "open-source" Andriod provided by cell phone companies? Always replace the vendor-provided OS.

            If YOU install Linux, they can then forget backdoors in open-source software, too easily found and too little cooperation. Would have to be exploits one machine at a time, against machines chosen in advance, the hardest job in offensive hacking
            The "other 1%" is likely to contain the bad guys, if the bad guys know what they're doing.

            Originally posted by zester View Post
            Its possible, depending on the Linux user.

            I have my own private Linux distribution that I develop and use.

            Almost everything about it is completely different than all traditional distributions.

            Example:
            1. It doesn't use a bootloader, I use UEFI to boot my linux kernel directly.

            2. My Filesystem Directory Structure is completely custom I have "apps, sys(bin, etc, lib, include, boot, ...), users, mount, net"
            apps - Global Application Install Dir
            sys - Systems Dir contains subdirs like bin, etc, lib, include, boot, ...
            users - Users dir (basicly /home) what unique in regards is each user also has an additional apps dir for locally installed software.
            mount - It's /mount lol
            net - Is where network related applications(services) are stored like Web Servers, Ftp Servers, VOIP Servers, ...

            3. My /sys dir is read only

            4. I have my own custom built Application development Framework based on modified and re-factored versions of Poco C++ and Boost
            it resembles something like Qt5. And uses OpenGL for all rendering.

            5. I have a custom Xorg server that is stripped of everything minus whats required for GLX, applications handle input directly from the kernel.

            6. I use a custom IPC framework.

            7. And many more differences...

            The point is, that my Distro is so custom that most Linux applications don't work on it. I build my own depending on what I need. If the NSA was able to access my webcam I would know immediately as my applications will only open a port when I request them to and when the application is closed so is the port they opened, I monitor my network connections very closely.
            I suspect all of your possible end users are kernel developers or the like. What you speak of sounds... besides paranoid, a real headache for the typical end user. If it's publicly available as source code, and there's a lot of proprietary hand-coded stuff in it, there's probably something to find. The human mind can dream up some really awesome stuff, but it's usually pretty buggy the first time around.

            Comment


            • #26
              Which is why I COVER, not just disable my laptop's camera

              Originally posted by A Laggy Grunt View Post
              The "other 1%" is likely to contain the bad guys, if the bad guys know what they're doing.
              It doesn't even WORK in Linux due to BIOS bugs, so why make it available to any enemy who is a better hacker than I am. That's what I meant about not having to worry about that last 1%: when it is covered: losing a software arms race can't get your passphrases or surroundings via the webcam. Don't take chances, take precautions.

              If the webcam did work, I would use a sliding cover held by glued-on slots so it could be removed for use and otherwise kept in place covering the lens. Good luck NSA finding a way to make a normal webcam see through cardboard and duck tape. The problem with just tape for a working webcam is that you won't get the gummy stuff off the lens. A proper cover that won't damage the lens cover is then required.

              Comment


              • #27
                Originally posted by A Laggy Grunt View Post
                I suspect all of your possible end users are kernel developers or the like. What you speak of sounds... besides paranoid, a real headache for the typical end user. If it's publicly available as source code, and there's a lot of proprietary hand-coded stuff in it, there's probably something to find. The human mind can dream up some really awesome stuff, but it's usually pretty buggy the first time around.
                I don't know about being paranoid, as that had nothing to do with my motivations to do such things. I honestly just wanted to do my own thing. When you have legos do you always build the car exactly like the picture on the box or do you add your own touch(Spoilers, Rocket Engines, ...).

                Yah at this stage, this isn't something I would recommend for your average users or even a kernel programmer unless they had an extremely broad skill set. I am getting away with it because I am a jack of all trades but master of none. Eventually I will have to hand this down to those that are skilled in particular areas.

                Other than using an Nvidia or Ati Binary Blob there aren't any proprietary components, and those are even optional. I have Nvidia Path Rendering Ext, OpenVG and Anti-Grain Geometry in the pipeline for the Graphics Stack, the best possible option is used depending on the Hardware and Driver in use. But even then Graphics are designed around Path's Example: https://developer.mozilla.org/en-US/...Tutorial/Paths or http://paperjs.org/ so you can swap out the backend with Cairo, QtPainter, .... anything that supports Path's.

                Buggy not so much, raw with large missing pieces yes.

                Comment


                • #28
                  A couple of questions to your paranoid people:

                  1) Out of multiple millions of users, what makes you think YOU would interest anybody?
                  2) Why are you scared? Are you doing something illegal?

                  Me, I'm going to leave my webcams as they are. But I'll make sure that no laptop screen is pointing at the room when having intimate relationships with my wife

                  Even with open source code it will be really simple to sneak in malicious code as nobody except the developer himself has time to comb through all the code. Thats how the BSD backdoor was undiscovered for a decade despite the open code
                  Last edited by ACiD; 22 December 2013, 06:44 AM.

                  Comment


                  • #29
                    Originally posted by ACiD View Post
                    1) Out of multiple millions of users, what makes you think YOU would interest anybody?
                    2) Why are you scared? Are you doing something illegal?

                    Me, I'm going to leave my webcams as they are. But I'll make sure that no laptop screen is pointing at the room when having intimate relationships with my wife
                    You contradict yourself there. If you had nothing to hide, you would also broadcast your intimate relations, afterall, out of millions of users, what makes you think YOUR intimate relations would interest anybody?

                    Comment


                    • #30
                      Originally posted by curaga View Post
                      You contradict yourself there. If you had nothing to hide, you would also broadcast your intimate relations, afterall, out of millions of users, what makes you think YOUR intimate relations would interest anybody?
                      Were you dropped on your head as a child or are you just stupid?


                      RevengePorn contains adult oriented Revenge Porn content and you must be 18 years of age or older or your community legal standard age or older in order to enter RevengePorn.com.



                      Three sites that pay cash for the crap you're saying wouldn't interest anyone.

                      Comment

                      Working...
                      X