This might suggest that the logging is done by DNS servers. If that is the case, the simply changing to use alternative DNS server (e.g. OpenDNS) would avoid this monitoring. Of course, OpenDNS is itself an unknown quantity. I am looking for better alternatives.

It seems likely that this is how the monitoring works. The Cleanfeed censorship system works by matching IP addresses at edge routers and sending hits to a proxy server for testing of specific URLs. The overhead of trying to log actual HTTP accesses and then do a reverse DNS lookup would appear to be too high to make it realistic.

A quick overview of what we are up against. In the UK the following is recorded:

• Every IP address assigned to an internet connection
• Every web site visited
• Every email address sent from and sent to and time of sending
• Every instant messenger screen name
• Time and destination of every instant message
• IP address at the time of every website/email/IM access
• Every phone number dialled from and to, time of call and duration
• Location to within a few feet of any mobile phones at time of call
• All mobile cell information related to a mobile phone (e.g. times and locations, so they know where your phone is whenever it’s turned on)
• Postal data, basically what is written on the outside of any letter/package
• Vehicle location, recorded by CCTV cameras with automatic numberplate recognition

Other information is probably kept too. The police also have the capability to record phone conversations (and probably email/IM as well), and turn any phone that is turned on into a listening device (bug). Presumably if they did this with your mobile phone you would notice the battery draining pretty fast though. (Source: http://en.wikipedia.org/wiki/Telecommunications_data_retention

Basically, it’s a modern high-tech surveillance society, and now the police are looking at trying to hack people’s PCs/wifi and trying to install viruses on target computers.

The first line of defence is your home network. It needs to have a secure firewall. Due to the possibility of there being flaws or backdoors in commercial routers, it’s probably best to use a well tested open source router such a m0n0wall or pfSense. If you have wifi, it needs to be secured with WPA2 and a very strong password (i.e. at least 60 characters, and a mix of upper/lowercase letters, numbers and punctuation.)

Physical security of your PC is important. Make sure you can see the back of it, so that if someone installed a hardware keylogger you would spot it.

You need to harden your OS from attack. Obviously using a strong password is a start, but really you need to use TrueCrypt to encrypt your entire HDD. Since you can be forced to reveal your password or face two years in prison, you should use TrueCrypt’s hidden OS feature and set up a dummy OS you can reveal the password for. Since there is no way to prove that there is a hidden OS, you are protected. Be sure to make the dummy OS look realistic – it needs to have files saved on it, applications installed, the web browser used. You should use it at least once a week to keep file access dates current. If possible, it should be used for non-sensitive use regularly.

There is are vulnerabilities in TrueCrypt if the attacker has physical access to your PC. Firewire and PCMCIA ports can be used to dump the computer’s memory and recover the encryption key, as well as read files off the HDD. It is therefore necessary to disable Firewire and PCMCIA ports. I have seen devices that exploit this vulnerability in use. You should also disable the Windows “autorun” feature on all drives to prevent similar attacks via CDs or USB flash memory. The workstation should remain locked when not in use, and require a password to unlock. The system should be powered down as often as possible.

In theory if an attacker has access to the machine while an encrypted OS is loaded, they could recover the key from the computer’s RAM, either by rebooting it into a special Linux OS or by removing the RAM and placing it in another PC. The best defence against this is to prevent the attacker gaining access to the key in RAM by performing an emergency shut-down (i.e. press the power button). TrueCrypt will clear the key on shut-down. Setting the BIOS to do a full memory test and setting a BIOS password do it cannot be disabled will erase the key during the POST cycle. None of this is foolproof.

An alternative method would be to use an OS that leaves no traces on the PC for sensitive things, such as a Linux Live CD. TrueCrypt could be used for data storage, with the above issues in mind.

Securing the OS against police viruses and keyloggers is vitally important. Up to date anti-virus software from a non-UK company (e.g. Avira) is essential. Never open email attachments. Use a secure browser such as Firefox, with Java/Javascript/Flash/etc disabled. Make sure your PC has it’s own firewall as your network may be penetrated, either via WiFi or another virus infected PC.

For accessing the internet, at a minimum you should use a VPN service terminating in a less draconian country. Relakks seems to be a possibility. Using Tor is also a good idea. Any internet related software needs to be carefully checked for security. Using open source software is a good idea. Remember to validate any checksums available on downloads.

At all times remember that all communications and movements of your mobile phone and car are being monitored. CCTV is everywhere, and virtually unavoidable. Plausible deniability is the key. Try to avoid anything that can create a paper trail for police fishing expeditions. If you think you details may have been compromised (e.g. bank details, identity theft) report it immediately – the police usually don’t bother to check but it will be of vital importance in court.

Even if you do all this, all it takes is to be in the wrong place at the wrong time to have your life destroyed:

‘I was falsely branded a paedophile’ (BBC News)
Police witness on perjury charge (Men’s Aid)
Student researching al-Qaida tactics held for six days (Guardian Online)
A hard look at file-sharing evidence (BBC News)
Judge rules out child porn charge (BBC News)
Four suicides in child porn case (BBC News – most of the accused were later cleared)

Windows XP Professional with Service Pack 3 (x86) Retail CD (English)
Filename: en_windows_xp_professional_with_service_pack_3_x86_cd_x14-80428.iso
Size: 589.14 MB
MD5: F424A52153E6E5ED4C0D44235CF545D5
SHA1: 1c735b38931bf57fb14ebd9a9ba253ceb443d459

Windows XP Professional with Service Pack 3 (x86) VL CD (English)
Filename: en_windows_xp_professional_with_service_pack_3_x86_cd_vl_x14-73974.iso
Size: 589.14 MB
MD5: 5BF476E2FC445B8D06B3C2A6091FE3AA
SHA1: 66ac289ae27724c5ae17139227cbe78c01eefe40

Windows XP Home with Service Pack 3 (x86) Retail CD (English)
Filename: en_windows_xp_home_with_service_pack_3_x86_cd_x14-92413.iso
Size: 564.72 MB
SHA1: 5a6b959ad24d15dc7ebd85e501b83d105d1b37c6

Windows XP Professional with Service Pack 3 (x86) Retail DVD (Japanese)
Filename: ja_windows_xp_professional_with_service_pack_3_x86_dvd_x14-80464.iso
Size: 630.21 MB
SHA1: 3125aaed8f40a5d8a10dbb959a03e39acc0d9fcb

Windows XP Professional with Service Pack 3 (x86) VL DVD (Japanese)
Filename: ja_windows_xp_professional_with_service_pack_3_x86_dvd_vl_x14-74058.iso
Size: 630.21 MB
SHA1: 8719219c7a77756a904f4bb9fd2f32781f091c22

Windows XP Home with Service Pack 3 (x86) Retail CD (Japanese)
Filename: ja_windows_xp_home_with_service_pack_3_x86_cd_x14-92421.iso
Size: 608.73 MB
SHA1: a907477482a45f0c7617e384b1b8a69802bc815c

There are simple ways to defeat this, and although not 100% reliable they are pretty effective.

You have to consider what sort of situation this attack is likely to be used in. The attacker would have to get to the machine while it is powered on, but be unable to access it due to software security (passwords etc). So, they reboot the system and try to recover the encryption keys from RAM, or remove the RAM from your computer (possibly after freezing it) and install it in their own machine.

Why would you need to put the RAM in another machine if you could just hit the reset button? Well, the reset button might be disconnected, or the BIOS might be set up to do a full memory check which would overwrite every byte in RAM. The only way to be sure to avoid the BIOS wiping RAM would be to power the machine off, reset the BIOS and power it back on. Note that in laptops, even resetting the BIOS (which is typically very difficult as it involved opening the laptop up) often does not clear the power-on password.

A note about UK law here. The RIP Act means that the police can force you to hand over passwords. Luckily Truecrypt features plausible deniability, but it might be hard to argue that you didn’t know the power-on password for your laptop. That’s the biggest problem with that law – instead of the police having to prove you are guilty, you have to prove you are innocent. So, it’s probably not a good idea to rely on the power-on password.

So, the attacker wants to freeze the RAM and put it into their own machine for reading. It’s going to be hard to freeze it, transport it to the new machine and install it without data loss, but for arguments sake let’s say it’s possible. Certainly, the CITP paper seems to think it is.

Most machines have a case open switch, which could be used to trigger a memory wiping program. Assuming the program was intelligent things like encryption keys could be erased in nanoseconds, and the entire RAM in a few seconds. The attacker would have to power off before opening the case, increasing the time before they can freeze the RAM and thus increasing data loss. The power button itself could also be used as a trigger, in case the attacker is stupid enough to press it instead of pulling the plug.

Anyone worried about being raided should probably set up a panic switch, or at least be ready to hit the reset button to allow the BIOS to clear the RAM. Truecrypt should ideally be configured to dismount any encrypted volumes when the machine is sleeping or the screensaver is engaged, although that’s not always practical (e.g. with boot volume encryption).

The ideal solution would be a PCI-e card with a small amount of RAM for encryption keys, a microprocessor and battery/capacitor. As soon as power goes off, the uproc would securely erase the RAM. Maxim make ICs that do just that, all we need is an implementation. It’s a shame USB can’t be used, or any cheap uproc would do, but USB devices cannot be mapped to memory address space.

Of course, even this wouldn’t prevent any open documents, cached directory listings etc from being recovered.

A program to wipe the physical RAM on shut-down of Windows would be ideal, but not trivial to write since it would need a complex driver to access RAM and figure out which bits can be cleared (because you don’t want to crash the OS). A simpler but less effective method would be a program that simply requests allocation of non-paged RAM (i.e. physical RAM) repeatedly until allocation fails (and presumably RAM is filled up) – similar to how Eraser‘s free disk space wipe works.

Really, this kind of attack, assuming you are reasonably well prepared for it, is not particularly effective. For anyone worried about law enforcement, setting the BIOS to do a full memory test and setting a BIOS password is probably enough to prevent it in most cases. An improvement would be to make sure your BIOS does a full memory test by default (i.e. after being reset). Some mobos do that, if yours doesn’t a BIOS editor might fix that.

The second page of the article has an amazing quote from Phorm claiming that their service “enhances privacy” by not storing any data. Well, Google don’t store data about me either, because I delete their cookies every time I close my browser and my IP is both dynamic and shared. Unlike Google, I can’t simply opt out of Phorm by blocking their cookies or just not using their service.

If this quote doesn’t get you to read it, I don’t know what will: “SmartWater is a liquid with a unique identifier linked to a particular owner. “The idea is for me to paint this stuff on my valuables as proof of ownership,” I wrote when I first learned about the idea. “I think a better idea would be for me to paint it on your valuables, and then call the police.”

ACPO seem to have no regard at all for privacy or the right to be presumed innocent until proven guilty. They are constantly trying to take away our fundamental rights.

The usual response is “if you have nothing to hide…” but this case demonstrates very well why everyone has things to hide. Say you have a gene known to relate to aggressive behaviour, should the government know that so they can keep extra tabs on you? Considering you are already more likely to be stopped and searched if you are black, do you think the police are immune to prejudice and stereotyping? Do you trust the police to keep the fact that you are on the DNA database because of a few early childhood fights secret from the press when you want to stand for election or speak out on an issue?

“Of course the people don’t want war. But after all, it’s the leaders of the country who determine the policy, and it’s always a simple matter to drag the people along whether it’s a democracy, a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism, and exposing the country to greater danger.”

– Herman Goering at the Nuremberg trials

I highly recommend reading the discussion on Slashdot, which for once is quite good.

Lavasoft (AdAware): research@lavasoft.com
Comodo: malwaresubmit@comodo.com
Command: virus@commandcom.com
CA: virus@ca.com
NOD32: sample@nod32.com
F-Secure: samples@f-secure.com
F-PROT: viruslab@f-prot.com
Grisoft (AVG): virus@grisoft.cz
Avira (Anti-Vir): virus@antivir.de
Kaspersky: newvirus@kaspersky.com
NAI: virus_research@nai.com
Norman: analysis@norman.no
Panda: virus@pandasoftware.com
SOPHOS: support@sophos.com
Symantec (Norton): avsubmit@symantec.com
VBA32: newvirus@anti-virus.by
Avast: virus@avast.com
Dr. Web: vms@drweb.com
Ewido (now AVG Anti-Spyware): submit@ewido.net

Many thanks to The Other Steve at the regester message board

http://www.theregister.co.uk/2008/03/10/isps_phorm_comment_target_market/comments/

Hey I said they wer lying to us all the time.

OK PHORM PR GET OUT OF THIS you have been spreading lies over the internet, yet your patent says otherwise.

Posted Monday 10th March 2008 13:36 GMT

http://www.politicalpenguin.org.uk/blog/p,295/

Including information from Etregul’s patent, which at least one of us ought to have thought of, oh well.

Juiciest bits from the patent, because I know you’ll all love this, but go have a look, it’s a truly excellent piece. See if any of this sounds familiar…

“Furthermore, though the present disclosure discusses HTTP traffic in many examples, it will be appreciated that other types of protocols and traffic may be employed in connection with the targeted advertising system and method described herein.”

Woops.

“Context reader 40 is not limited to acquiring keyword or other contextual information pertaining to a given web page. Indeed, the browsing information may be collected so as to also include historical data pertaining to the browsing performed ”

Ouch.

“Based on analysis occurring at the proxy server, the proxy server may modify client-requested data it receives so that a targeted advertisement appears on a web page requested by a client”

Oh dear.

“As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc.”

Oh Phorm, have you been telling us some MASSIVE porkies or what ?

The patent (linked at the above blog) is pretty dense, as you would expect, and contains plenty more of this kind of stuff. No doubt Phorm’s hapless spinmeisters will be around to tell us that this isn’t the technology they are going to implement NOW, and who knows, they might even be telling the truth*. But Phorm have lodged a patent application for technology that does indeed do all the things they have just assured us that they definitely won’t do, ever, honest, we promise, cross our hearts.

Phail !

Props to Political Penguin for digging this up, looks like a smoking gun to me. Why patent a technology that you aren’t going to use ?

* Really, they might. After all they did have Simon Davies look at it.

Despite being handed it on a plate, they failed to identify the threat:

This demonstrates exactly why you can’t trust anyone when it comes to computer security, even the good guys. g-archiver is a trojan, stealing your login details, but anyone using Anti-Vir or in fact any other AV program wouldn’t know just by scanning it. A test of 32 different AV programs showed they all passed it.

I will submit the file and the analysis to other AV vendors, hopefully eventually some of them will figure it out. I’m more hopeful open source and freeware software like ClamAV and Spybot will take notice.