Smartphones of Policemen could give criminals a competitive advantage

Rene — Fri, 27 Apr 2012 09:31:43 +0000

If I were a criminal I would create a smart phone app which would give me the possability to geographically and socially track policemen. Here some background on this thought.
Yesterday I was sitting in the German summit on “Facebook Goolgle & Co – Chances and Risks” (which I will blog about soon) But today during my train trip to the second day of the summit I was sitting in the train talking to a very friendly police officer. He agreed with what was said on the summit. The police is using social networks to find potential criminals. They also use cellphone tracking together with mobile providers to find people they are looking for. Nothing new and special so far. But now my interesting observation.
The police officer proudly told me that he is not using any social networking service because he enjoys his life in privacy. I understood that he believed this to be necessary in his job. By telling me this he was holding his iPhone in his hand. Again this shows one of the most crucial parts in this entire privacy discussion. Even highly educated people often lack an understanding of how much private information they implicitly give to third parties.
So I asked him if he used it during work times and he told me that he did since only mobile providers would know where he is and they could not give away data that easily. I was amazed! A policeman using an iPhone during work. That is such a security lack. If I were a terrorist organization I would create an iPhone and android app (or if possible an open mobile html5 app like Tim Berners Lee suggests <– you see the ethics overwhelm I am just not a criminal (-:). I would design this app in a way to support policemen. Help them communicate or have a cool map integration anything that was useful for the police. In this way I would create a database with real movement data of policemen. This data I could use for a different service similar to http://girlsaround.me/ displaying the current position and face of policemen (including if requested a list of people they recently communicated with including their phone numbers) on a map to anyone of my terrorist organization. The police just could never catch me since I would always know where they are (without asking any mobile provider!) I could even give them fake phone calls pretending I am one of the people they recently communicated with inputting them false information or just distracting them.

Of course this setting is only half realistic:

Every policeman would have to have a smartphone and use it during work time
Every policeman would have to install the app of the criminal
The criminal can distinguish between policemen and other people using the app (should be possible with data mining)
The criminal can decide weather the policeman is currently working or in leisure time

But it should show and demonstrate the dangers…

To conclude:

We have to disallow policemen to use private smart phones during work! Or if they do so they must not install any applications from a source they don’t trust. And here is the crucial point. Who to trust and who not? Trust usually is created through social ties. So if the app is there and some policemen like the service and recommend it to their coworkers trust is created. Who does really ask about the source of an app and about who is running/owning the data servers. A service that is well known on the web can easily run by 2 or 3 people and even if they are nice it is easy to manipulate or blackmail them in order to get access to these very sensitive data.
And on another more technical topic: We need a decentralized mobile space. There has to be a frequency on which people are able to set up their own transmitters and create decentralized mobile networks. It is a shame that those frequencies are all owned by companies creating centralized services.
By the way this would be a good solution since it would also enable the police to have their own decentralized mobile networks giving them privacy against third parties!

Disclaimer:

I never thought I would write an article in this paranoid way telling people what is possible and where the risks are. I almost feel like a member of ccc, anonymous or finally like a real pirate. But one year of PhD in a very data driven environment having social networks, information retrieval and the web as a focus really makes me understand more and more what is possible (in particular easy to achieve). Also the low awareness of society about these dangers (probably due to the complex technologies) overwhelms me and makes me feel like I have to act and at least inform people.
To bad that mostly people who are already aware of these topics read my blog. Maybe I have to go geek and create this app to demonstrate the functionality in order to really rise awareness. There are just too many interesting things to do during a PhD program so I think this time only writing about this has to be sufficient.

Website of GEMA hacked by anonymous group AnonyPwnies

Rene — Mon, 22 Aug 2011 14:47:46 +0000

In Germany a lot of music videos on youtube are not available because youtube and GEMA could never agree on the amount of licence fees that youtube should pay to legally stream those videos. So if I want to listen / watch to a Lady Gaga Video in Germany I won’t be able to do so on youtube but rather see a message saying something like

“Sorry you requested some content which is not available in Germany.”

After several rounds in this battle between youtube and GEMA we have a third party entering the battle field. This morning the hacker groupd anonymous hacked the website of GEMA. if you visit the site now you will find a german message looking very similar to the message that is displayed on the youtube videos that are not available in Germany. This parody message displayed on the GEMA website roughly translated says:

“sorry this site is (not only) in germany not available, since it is conected to a company for which anonymous doesn’t like the standards of freedom. We are not sorry about this”

I am kind of excited to see how things between GEMA and youtube will develope in the future. As someone connected to music industry I can understand both sides very well. Let us see what the future for music & internet will bring. Till then I will listen to lady gaga on simfy.de
edit:
oh and by the way I just looked a little bit into the data traffic of the hacked GEMA site. the background music that is playing on the hacked gema site is an hidden youtube video on autoplay. if you wish to see the video here you go!

GEMA co-workers data base also been hacked?

I just received a chat message from a friend that it seems to be that the data base from the GEMA CMS also has been hacked or leaked to the public in some other way. I don’t know if this data is valid but it says that it displays the passwords of many people working at GEMA.
Honestly: “Who is still building IT systems that saves passwords in a non encrypted way?!?”
For anyone working at GEMA: “These passwords don’t look secure. People change your other passwords.”
The following data snippet ist taken from pastebin