Computer surveillance
From Wikipedia, the free encyclopedia
This article needs additional citations for verification. Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (May 2007) |
Computer surveillance is the act of surveilling people, generally their computer activity, without their knowledge, using the computer itself.
Computers make excellent surveillance tools because they can be programmed (even surreptitiously) to record data without their owners' knowledge or consent. Most computers have connections to networks, which can be exploited (through security cracking) to gain access to any confidential data that may be stored on the computer. Additionally, if someone is able to install certain types of software on a system, they can turn it into an unsuspected surveillance device.
Contents |
[edit] Surveillance techniques
Packet sniffing is the monitoring of data traffic into and out of a computer or network. In some networks, data transmissions are sent only to the machine they are intended for, while in others, transmissions are available to all connected nodes (eg, other computers), but are supposed to be processed only by the target computer. In the latter cases, it is possible to packet-sniff a computer by simply using another computer on the same network, without needing to place any software or equipment on the surveilled machine.
A surveillance program installed on a computer can search the contents of the hard drive for suspicious data, can monitor computer use, collect passwords, and even report back to its operator through the Internet connection. The most common are likely commercial spyware designed to collect marketing data. But, such programs are not limited merely to data collection; they can also use more malicious tactics, such as removing or modifying the data. These last are often called viruses, logic bombs, and, generally, malware.
Physical (hardware) surveillance devices ("bugs") are also possible. A relatively simple bug is a keystroke logger implanted in circuitry inside a standard keyboard, perhaps broadcasting key stroke sequences for pickup elsewhere. More sophisticated (and more easily detected) devices with access to more information can also, in theory, be inserted into, or onto, the computer itself. The disadvantage of hardware devices is that placement and retrieval requires physical entry into the place where the computer is stored, and thus almost entirely restricted (legally) to law enforcement agencies equipped with search warrants, except in situations in which such warrants are not required or may be kept secret as, for instance, some official break-ins under the US Patriot Act (sometimes termed sneak and peek), or in the case of electronic communications, warrantless surveillance by such organizations as the NSA (as has been authorized continuously against US citizens by President Bush since 9/11). In the US, statute and precedent have also given employers very wide latitude to gather data about employee use of employer's computers.
It has been shown that it is possible to surveil computers from a distance, with only commercially available equipment, by detecting the radiation emitted by the CRT monitor. And it has also been shown, by Adi Shamir et al, that even the high frequency noise emitted by a CPU includes information about the instructions being executed. More directly, IBM researchers have also found that, for most computer keyboards, each key emits a slightly different noise when pressed. The differences are individually identifiable under some conditions, and so it's possible to log key strokes without actually requiring logging software to run on the associated computer. Another method of surveilling computer use (key strokes, display images, etc) is video cameras, which are becoming small enough to be easily hidden from casual inspection in which case the surveillance can be surreptitious.
[edit] Installing surveillance software
The simplest way to place surveillance software on a computer is to gain entry to the place where the computer is stored and install it from a compact disc, floppy disk, or thumbdrive. This method shares a disadvantage with hardware devices in that it requires physical access to the computer.
A more difficult method is to package the software as a computer virus or trojan horse. This tactic has the advantage of potentially subjecting multiple computers to surveillance. However, if the virus is allowed to proliferate, it will become a target of antivirus programs, which will allow the software's removal from affected computers.
Another method is to use security cracking to gain access to the computer over a network. An attacker can then install surveillance software remotely. Servers and computers with permanent broadband connections are most vulnerable to this type of attack.
[edit] Protection against surveillance
A firewall is software (installed on a computer, or built into separate hardware) which controls network access to a computer, offering some protection against crackers and attempted installation of malware across the network, if properly configured. Unless it also controls outbound communication from the computer, this offers only very limited protection against surveillance even when otherwise properly configured and operating.
An attractive surveillance target may face highly skilled attempts at physical entry to install software or hardware. Thus, to be truly protected, such targets should be protected by measures such as reinforcing doors, windows and other potential entry points. Password protection can also be effective at several levels, from the BIOS during booting, at any of several points in the operating system (eg, at system log in time), or for applications such as database systems.
Protection against remote surveillance of radiation emissions is more difficult. The United States government's TEMPEST program is a standard of protection against eavesdropping of this nature. Non-CRT displays (such as LCD's or plasma displays) may be impossible to surveil in the same way. Some software (Soft TEMPEST) has been designed to alter fonts to minimize detectable radiation. The only certain measure, at other than exorbitant cost, is the purchase of a specially shielded monitor. In the extreme, Faraday cage techniques to prevent escape of electromagnetic radiation from equipment out of a physical volume (eg a room) is possible, though expensive.
Cables can be a serious security problem. They carry signals (eg, to and from printing and display devices, modems, etc) from a computer to other devices, and from other devices (eg, keyboards, mice, scanners, modems, etc) to a computer. They also carry signals between computers (eg, network traffic, file transfers, security and control information, etc). Some cables can be remotely tapped without physical contact, some can be tapped with physical access to the cable, and so on. That cables are often installed in such a manner as to be invisible throughout much of their run (eg, in plenum spaces, within walls, between floors, etc), they are more vulnerable to physical tapping than is commonly appreciated.
Fiber Optic cables have the benefit over metallic ones in that unlike metals which transmit electrical signals which can be tapped and monitored while still being sent/received by the intended computers, it uses light which is far more difficult to monitor because it produces very few electromagnetic pulses, radiation, or noise, so remote tapping is nearly impossible. The only practical way to eavesdrop on a fiber optic cable is to physically tap it. This is difficult since, if the cable is cut open to install the tap, the signal is either lost or substantially degraded. (A good example of sensing a signal in a metallic cable is the use of a non-contact voltage tester through insulation. Even though the cable wire is inside plastic (or rubber, cloth, ...) and has now physical connection to the tester, the tester can still read electrical signals and frequency carried by the cable. This cannot be done with fiber optic cables for which connections require careful mating of specially cut and polished fiber ends in special fittings, otherwise signals can't be detected. Even so, if the cable can be cut, attached to another computer with two network interface cards to monitor network packets. Furthermore, the higher bandwidth and packet refresh rate makes security systems more alert to delayed packets (theoretically, signals can be sent up to 1,079,252,849 km/h, the speed of light, if a completely empty cable were invented).[1] [2]
Wireless connections between computers, or between computer components (eg, keyboards, mice, printers, modems, ...) are an even larger security problem. The signals are available over a wide area, and even in the best case (ie, proper cryptographic protection) are easy to intercept. In addition, many wireless installations are improperly configured at installation and remain so for long periods. This has inspired such things as war driving for open connections and Internet lists of insecure wireless access locations. Still worse in some sense, some wireless security protocols are fundamentally flawed, and so are insecure, even when 'properly' configured (eg, WEP, Bluetooth, ...). As new wireless standards are developed with greater range and higher speeds, the requirement for more secure protocols and proper configuration of them will increase.
Other attack approaches are also available. Side channel attacks are possible and must be dealt with individually. For instance, hardware power monitoring can provide information about computer use, and power monitoring of the CPU itself can provide a good bit more. Filtering and conditioning of power lines can help (as with a continuous duty UPS), as can physical isolation of hardware preventing installation of power monitoring devices for individual system components (eg, the CPU, disk drives, etc.).
[edit] Tracking software
This section does not cite any references or sources. (June 2007) Please help improve this section by adding citations to reliable sources. Unverifiable material may be challenged and removed. |
Tracking software is software which notes and logs actions made at a computer.
For example, if a user checks his email, tracking software can make a record of the action. The same applies to chat, instant messages, Web sites visited, keystrokes typed, and so on.
[edit] Who uses tracking software?
There are four principal groups who use tracking software: parents, employers, governments, and illegal users. Parents who want to be certain their children are not involved with inappropriate web activity, and employers who decide to track activity on workstations owned or controlled by the business. Illegal tracking can be by criminals (acting on commission from other criminals, perhaps) or businesses wishing to collect usage patterns for marketing departments. Government use of tracking software or hardware is, as far as is known, largely confined to criminal investigations. In some countries, including the US, 'criminal activity' has been redefined to include surveillance of any citizen for terrorist connections or activities. Given the width of this redefinition, this is probably the largest and most comprehensive tracking activity in existence.
Other users include schools and suspicious spouses.
[edit] Cookies
Cookies are a World Wide Web browser mechanism to preserve machine state, or interaction history, in Web interactions, since the core HTTP protocol was deliberately designed to be stateless. There is no restriction on the content of cookies stored on the HTTP client by a browser and so, if configured to do so, cookies may store tracking information for later retrieval by a server computer or by tracking software. In this sense then, cookies can be used to facilitate tracking of user activities. Cookies are used by essentially all Internet merchants (eg, for cart tracking), and by most Web sites requiring registration or membership. In addition, they are used by most of the advertising click tracking companies such as DoubleClick.
[edit] Controversy
Tracking software has been a source of controversy. While companies claim that their programs are used to protect children and enforce computer policies at workplaces, there has been strong criticism that this invades users' privacy, if for no other reason than that there is often no way to distinguish between one user of a computer and other users of the same machine. Some operating systems make no internal distinction between users, and others make such distinctions difficult for most user programs, including tracking software, to follow. Much tracking software doesn't even bother to try. Other critics say that these software programs, especially if they have keylogging capabilities, can be used for malicious or criminal purposes, such as identity theft and unauthorized access to other systems.
Often, one side of a company's operations sells tracking software, while another side considers tracking software to be spyware and offer programs designed to detect or remove them. There are hundreds of vendors of computer monitoring software such as ActMon and SpectorSoft, who explicitly forbid the use of monitoring software as spyware. Many companies also support detection of tracking software by providing anti-spyware programs.
[edit] External links
[edit] See also
- TEMPEST
- Magic Lantern
- Carnivore network surveillance
- Cryptanalysis
- Keystroke logging
- Side channel attack
- Internet censorship
- Remote administration tool
- Employee monitoring software
- ExploreAnywhere
- Spyware
- Trojan horse
- SpectorSoft