Lure code sold to governments and authorities.
Monday, 18 August 2014 – 1:20 p.m.
A seemingly innocent YouTube video may contain malicious code that can cause your machine will be hacked.
according to a recent report prepared by researchers at the University of Toronto, Canada.
Commercial injection
According to the report There are commercial so-called injection systems that actively targets YouTube, and Microsoft Live.
The software used to embed monitoring code into ordinary videos, such as YouTube.
Targeted Monitoring
purpose is to drive targeted surveillance against people suspected of illegal activities.
In a democratic society the right will hopefully apply only terror, drugs, crime and other crimes we all want to solved.
Oman and Turkmenistan
But in countries with dictatorial power, the system could be used to monitor dissidents. And those who deliver such solutions do not seem to differentiate the customers.
Examples of certified clients are governments of Oman and Turkmenistan. And one of the companies that supply the code is Cloud Shield Technologies, which is a known supplier to the security services for the American forces.
Other companies providing such solutions is Hacking Team and finfish.
Defence and police
It would therefore not unnatural to also American defense authorities (eg NSA) uses this technology.
The civil police in western countries, such as Norway, also can use such technology is not inconceivable.
Aware of the danger
itself has no ability to detect the code or prevent it from entering. No antivirus can detect it, and you get no alerts in any way that your computer is infected.
The Google, Microsoft and other players are aware of the danger, and therefore runs its traffic encrypted when they discover such activity.
But, according to researchers plenty of holes to penetrate that goes under Google and Microsoft’s radar.
Depending on the network provider
Injection technology is dependent on physical machines are placed at Internet service providers. Whether as a result of strictly secret orders from the authorities, or secretly via lure techniques.
Once the system is installed at your ISP, the behind just wait until you start a particular YouTube video.
Then the stream cut off and replaced with code that can take total control over your computer.
Also, Microsoft Live
Microsoft login.live.com are being reported infected at the same way, ie via the joint between you and Microsoft.
This video is (hopefully) completely innocent but can theoretically be the bearer of monitoring code:
Sources:
First Look. org
Citizenlab.org
No comments:
Post a Comment