Tag Archives | wifi

All You Need To Know About The Lebanese General Security Cyber Espionage Campaign

My Facebook and Twitter feeds are infested now with news articles about the cyber espionage campaign dubbed as “Dark Caracal” involving the Lebanese Directorate of General Security, and so far I have seen all kind of comments from people who are oblivious about this revelation to others who now believe that every single Lebanese mobile phone is subject to the espionage campaign. So there you go, everything you need to know about Dark Caracal.

What?

Mobile security firm Lookout, and digital rights group Electronic Frontier Foundation, released a report yesterday attributing a global cyber espionage campaign that they called “Dark Caracal” to the Lebanese Directorate of General Security.

The attack carried out by the hackers apparently seized control of thousands of Android phones from around 21 countries and resulted in stealing hundreds of Gigabytes. Researchers were able to gain access to one of the servers used by the hackers and found that the stolen data included: SMS Messages, Account credentials, WiFi details, Call records, Bookmarks and browsing history, Messaging apps databases (WhatsApp, Telegram…), Contacts, Installed Apps, Personal documents, Images, Voice recordings, and Listing of the phone storage content.

It is worth noting that all attacks targeted Android phones and there was no evidence of targeting iPhones. On the other hand, files stolen from personal computers included full backup images of iPhone mobiles. Moreover, I found it a bit weird that users from neither Israel nor Iran were victims to this campaign.

How?

In terms of hacking, the attackers did not utilize very sophisticated techniques to control the phones, they actually launched several campaigns that consisting of sending phishing links and fake applications to their victims in order to lure them into installing some malicious applications on their mobiles and computers which in turn uploaded their personal data to some remote server controlled by the hackers.

As to how these hackers were busted, the researchers claimed that they spotted several testing devices that were used by the hackers themselves to test their malware, and those devices had one thing in common which was a WiFi network called “Bld3F6”. Upon investigating a little, they were able to identify that this WiFi network was located very close to the General Security building in Mathaf.

When?

The researchers found that the campaign was first launched in 2012 and was still active at the time of publishing their findings.

Are we all compromised?

Certainly not. Some people made it seem like the General Security have super powers now and are able to infiltrate all our devices. If you use trusted WiFi networks, double check each link you see on the web before clicking it, and make sure to install legitimate apps only on your mobile, then you are most probably safe.

Conclusion

I have mixed thoughts about this. Is it ethical to spy on people? Definitely not, but all governments do it anyway, and assuming that the General Security is really tied to this cyber campaign then our government is no different. I’d like to believe that what they’re doing is probably protecting us from terror attacks, but I also value personal privacy and would feel outraged if I knew someone had access to my personal data…

Anyway, if you feel like reading more about Dark Caracal, you can find more details in the 49 pages report prepared by Lookout and Electronic Frontier Foundation here. One thing that I thought the report lacked was more details on how the researchers gained access to the servers utilized by the hackers, otherwise it is quite informative.

1

Lebanon’s Fadel Adib is on the Forbes 30 Under 30 List

fadel adib

The name might be familiar to you since Fadel Adib was already on MIT’s “35 Innovators Under 35” list earlier in 2014 along with Ayah Bdeir and Rand Hindi.

Fadel is known to have created WiTrack, which allows tracking of moving bodies using wireless signals, and has been named once again among the world’s top people in technology but this time in Forbes list of 30 Under 30 rising stars in enterprise technology.

Fadel Adib, 25, Ph.D. candidate at MIT

As an MIT grad student, Adib was part of the team that created WiTrack, a spin on Wi-Fi that uses a radio signal–just 1% as strong as Wi-Fi and 0.1% of your smartphone’s signal–to track movements with incredible accuracy.

You can check the full list here.

Fadel is yet another example how successful can Lebanese be outside their country but have to suffer here due to the political and social pressures.

0

MIT 35 Innovators under 35: Fadel Adib and Ayah Bdeir from Lebanon on the list

35innovators

The MIT Technology Review recently released their list of 35 Innovators under 35, which is an annual lineup that highlights young professional who are reshaping the way their respective fields think with their research.

The awesome thing about it this year is that it featured two innovators from Lebanon! The first is Fadel Adib from Tripoli who invented a way to track people moving around in other rooms using WiFi.

fadel adib

“I was born in Tripoli, Lebanon, in 1989. At the time, there was much political violence. The Lebanese civil war ended a year later. Unfortunately, the postwar stability did not last long. When I went to the American University of Beirut, I remember we used to have assassinations or bombings almost every week. When I came to MIT as a PhD student in the Computer Science and Artificial Intelligence Lab, the first thing that shocked me was that I could focus all the time on research.

“In one of our projects, we were just making our Wi-Fi faster by maximizing throughput between nodes. Every once in a while, the system would get messed up, and we would stop getting good results. We realized that there was some person walking in the hallway, and that person’s walking was basically changing the channel.

“If I shine a wireless signal at the wall, a huge amount of this signal is going to reflect off the wall. A tiny part of that signal will traverse the wall, reflect off anything that’s behind it, and then come back. We realized that we can sense motion using these wireless signals, and that’s how we started working on seeing through walls.

“You can track people as they move. You can monitor multiple people’s heart rates and breathing. Retail stores that want to understand how people are moving in their stores can track when a person reaches out for a product, looks at it, and puts it back. The police could track if there’s a person behind a wall. One of the applications we’re thinking of: can you monitor the heart rate of a fetus in the mother’s womb without touching the body in any way?

“When I went home to Lebanon and I was talking to my grandmother about it, she was like, ‘So, for example, can I put it over here in my living room, and if I fall in the bedroom or in the bathroom, it’s going to going to detect my fall and send an SMS to one of my children? Please, make this a product and put it here.”

And the second is Lebanese Canadian Ayah Bdeir who graduated from AUB and started littleBits, an open source library of modular electronics that snap together with magnets.

ayah bdeir

Growing up in Beirut, Ayah Bdeir was taught that art and engineering occupied separate realms. “In Lebanon, as in most of the world, there is little blurring of the boundaries between the professions: doctor, teacher, scientist, and designer exist in separate silos,” she says. The company she founded in 2011, called LittleBits Electronics, goes against that idea by making technology accessible across all disciplines and ages. It sells a library of modular electronic units that can be easily connected for projects as diverse as a sound machine, a night light, or a lifelike robotic hand.

LittleBits makes roughly 50 different modules, which cost up to $40 each or come in kits of $99 and up. Each module is a thin rectangle measuring between one and four inches in length and containing complex hidden circuitry. Blue modules provide power. Pink ones allow for inputs, like switches, microphones, and motion sensors. Green ones are for outputs like lights, motors, and speakers. Orange ones provide wires or logic functions. Bdeir designed all the modules so they fit together magnetically, ensuring that users join circuits correctly.

Her New York–based company has sold hundreds of thousands of units in about 80 countries, and Bdeir takes pride in the fact that the product appeals to girls and boys, children and adults, designers and engineers. “A screwdriver is a screwdriver for everybody,” she says. “It doesn’t matter who you are or how you use it. Every person will find what they want.”

You can check the complete list of innovators here. In the previous years, people who made it really big like the founders of Google and Facebook were featured on it.]

Update:

Thanks to Haya for bringing up to my attention that there’s a third Lebanese on the list. It’s Rand Hindi the founder of Snips, a firm that is specialized in predictive technologies. I apologize for missing him!

rand hindi

Rand Hindi once put on more than 70 pounds just to see if data could help him take the weight off. He tracked every aspect of his life—what he ate and drank, how long he slept—and fed the results into software that determined which behaviors were bad for him. Sure enough, after heeding the software’s advice, he lost the weight.

Now what Hindi wants to reduce is the “friction” of urban life. In 2012 he founded a Paris-based company called Snips, which analyzes data in hopes of making city living more efficient. For example, Snips partnered with France’s national railway to create an app that predicts up to three days in advance how crowded different trains will be. By mining such sources as weather information, historical passenger counts, and real-time check-ins from users of the app, it can advise people to stay away from particular stations or guide them to trains with more seats available. Now Snips is developing ways to use an urbanite’s context—location, weather, interests—and deliver useful information before he or she even asks for it.

3

Everybody can hack into your Blink wireless router!

It’s not a secret anymore that the routers you get from Ogero once you subscribe to their Blink DSL service can easily be hacked since their WiFi password is very easy to retrieve.

First of all, Blink routers are by default secured using WEP encryption which is very weak and can be cracked using wireless penetration tools. Second, they can easily be identified since they all have an SSID (network name) following this pattern “BlinkXXXXXX” where XXXXXX is a 6 character code, and this isn’t just any random code as it is derived from the router’s serial number. Unfortunately, the same applies to the WiFi password, it isn’t generated randomly but rather derived from the router’s serial number as well.

Logically speaking, if you encounter a Blink network and were able to reverse the operation in a way that lets you guess the router’s serial number from the 6 character code in the SSID, retrieving the password would then be a piece of cake since it can be derived from this serial. That’s basically what some people have been doing for a while now since several tools are already available online allowing you enter the 6 character code once you stumble across a Blink network, and gives you the password in a few seconds.

Up until lately, I was thinking the usage of these tools was somehow minimal and limited to techies since you will rarely find them on Lebanese website, until I lately came across this new Android application called “Hack Blink” with a download count of over 10,000 and rapidly increasing.

hack blink

Using the application is very straight forward, you enter the code and wait for the password, I tried it and it does work. So if you have a blink subscription, be sure someone around you will soon or later have this application and eventually start consuming your bandwidth.

Fortunately, there is a way to stop people from doing that by reconfiguring your router using this manual I found on Ogero’s website (which applies to Thomson routers). I strongly recommend you use that manual to change your SSID and setting the encryption algorithm to WPA2, in addition to of course changing the default wireless password. If you encounter any difficulty, make sure to either contact their customer support or just head to the nearest Ogero office in order for some support person to help you do it.

Best solution is definitely for Ogero to stop ordering their routers to be configured this way!

Thanks to @ZuZ for the information he previously provided in this post.

Update:

@AbirGhattas just informed me “Hack Blink” was removed from the Play Store. I still recommend you change your router’s default settings.

17

Lebanon getting free WiFi in public parks

I know it’s hard to belive, but the news is true! The ministry of telecommunications is teaming up with the Association of Banks and Sodetel to bring free WiFi to 11 public parks in Lebanon (mainly in Beirut) during working hours.

  1. Herch Beyrouth on a surface of 30.000 m2, knowing that its total area is 330,0000m2
  2. Sanayeh- René Mouawad (22,000 m2)
  3. Sioufi (20,000 m2)
  4. Ramleh Bayda  (10,000 m2)
  5. Manchiyeh- Tripoli (10,000 m2)
  6. Bourj Abi Haidar (7,000 m2)
  7. Talet el Khayat – Moufti Hassan Khaled (5,000 m2)
  8. Abou Chahla (5,000 m2)
  9. Yassouhiyé (4,400 m2)
  10. Saint Nicolas (2,200 m2)
  11. Basta Tahta (2,200 m2)

Sioufi will be the first park to have the free WiFi starting today when ministers Nahas and Sehnaoui launch the service.

It’s a great initiative indeed. But given the current internet speed in Lebanon, I highly doubt the service will be really usable by the people. I mean we’re barely able to make use of the internet at home, let alone a shared public bandwidth!

6

Powered by WordPress. Designed by WooThemes