Archive for February 2010
GSM calls are now fully eavesdroppable !!
The Encryption Codes presently used for GSM communications i.e A5/1 64 Bit encryption codes have been published as a “Torrent File” by security researcher Karsten Nohl and his team of 20 colleagues in December 2009. Now this is very scary for the billions of GSM phone users around the world, as their communications over the air waves could be cracked in real time using these codes. The GSM association(on its website) has already announced a new standard A5/3, which should replace the earlier A5/1 standard.
But the upgradation to the new standard requires huge costs and am not sure how many GSM service providers in India specially the major players like Airtel,Vodafone,BSNL and MTNL have started the migration to this new standard. Have they ?? Is the government monitoring the completion of the upgradation? Iam not sure of this !!!!
For those guys interested in reading about the GSM A5 cracking and the history , i managed to gather a list of links
| Title | URL | Date |
| A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony | http://cryptome.org/a5-3-attack.pdf | 12 January 2010 |
| A5/3 and GEA3 Algorithms | http://cryptome.org/a53-gea3/a53-gea3.htm | 21 January 2007 |
| Interception of GSM Cellphones | http://cryptome.org/gsm-spy.htm | 11 April 2005 |
| GSM Interceptor | http://cryptome.org/gsm-interceptor.htm | 15 September 2003 |
| GSM Crack Paper by Barkan, Biham, Keller | http://cryptome.org/gsm-crack-bbk.pdf | 9 September 2003 |
| Weak GSM Crypto Cracked Again | http://cryptome.org/gsm-crack.htm | 5 September 2003 |
| Real Time Cryptanalysis of A5/1 on a PC | http://cryptome.org/a51-bsw.htm | 27 April 2000 |
| ETSI 3GPP Kasumi Cipher Specs | http://cryptome.org/kasumi.zip | 11 April 2000 |
| SDA Releases GSM Voice-Privacy Algorithm A5/1 | http://www.scard.org/gsm/ | 16 December 1999 |
| GSM Assures Tappable ID | http://cryptome.org/gsm121099.htm | 11 December 1999 |
| GSM A5/1 Cracked | http://cryptome.org/a51-crack.htm | 6 December 1999 |
| GSM A5/2 Published | http://cryptome.org/gsm-a512.htm | 23 October 1999 |
| GSM Security Questions | http://cryptome.org/gsm-joke.htm | 21 October 1999 |
| A5/1 Pedagogical Implementation | http://cryptome.org/jya/a51-pi.htm | 10 May 1999 |
| Critique of GSM Data Protection Directive R(95)4 | http://cryptome.org/jya/gsm-r(95)4.htm | 1 November 1998 |
| GSM Intercept News | http://cryptome.org/jya/gsm102898.htm | 28 October 1998 |
| GSM Trace Scandal Exposed | http://cryptome.org/jya/gsm-scandal.htm | 13 July 1998 |
| Swiss Commission Against Swisscom GSM Trace | http://cryptome.org/jya/swisscom-nix.htm | 6 July 1998 |
| Cryptanalysis of Alleged A5 Stream Cipher / On Random Mappings and Random Permutations |
http://cryptome.org/jya/a5-hack.htm | 3 May 1998 |
| GSM Crack by Chaos Computer Club | http://cryptome.org/jya/gsm-chaos.htm | 27 April 1998 |
| GSM MoU Association Response to Cloning | http://cryptome.org/jya/gsm-mou.htm | 21 April 1998 |
| GSM Clone News | http://cryptome.org/jya/gsm042098.txt | 20 April 1998 |
| Crack A5 | http://cryptome.org/jya/crack-a5.htm | 18 April 1998 |
| GSM Cloning FAQ | http://www.isaac.cs.berkeley.edu/isaac/gsm-faq.html | 14 April 1998 |
| GSM Algorithm A3A8 | http://www.scard.org/gsm/a3a8.txt | 14 April 1998 |
| GSM Purposely-Weakened Crypto Cracked | http://cryptome.org/jya/gsm-weak.htm | 14 April 1998 |
| GSM Cellphones Cloned | http://cryptome.org/jya/gsm-cloned.htm | 13 April 1998 |
| GSM System Security Study | http://cryptome.org/jya/gsm061088.htm | 3 March 1997 |
Twitter- Easy,Friendly and Dangerous !!
“Twitter” is all over the news in the Indian Media, specially got its attention when Mr Shashi Tharoor, MP, Minister of State(External Affairs) tweeted “Cattle Class” and “Holy cow” issues. He has more than 10,000 followers now(http://twitter.com/ShashiTharoor). Many of my friends, created their twitter accounts soon after these articles about “Twitter” broke out.
Few days back, i was telling my colleagues ”What Twitter is all about” and how it’s presently being used by individuals for microblogging/social communication as well as organisations for their social marketing . Its become one of the most powerful tools, which provides real time updates about events happening across the world . For eg. During the Mumbai terror attacks, twitter was extensively used for posting of updates by the personnel,who were trapped inside the hotel and those all around the locations where terrorist attacked. Look at a snapshot of twitter during Mumbai Terror Attacks.
Tweets during Mumbai Terror attacks
The “Realtime” power of this platform did attract Google and Facebook , who tried their best to buy out twitter , but in vain. Facebook thereafter integrated a similar platform of its own. Google has now integrated Twitter’s “Tweets” into their search results.
For all those who must be wondering, why Twitter’s Tweets are so important in search ill explain. There is always a time lag between the time of posting of a news article by a news agency and the time the article gets listed in the google search results.
This time lag may vary depending upon the ranking of the website from 5 mins to 15 days.Previously Google was not in a position to return any search results on such realtime queries. Google now queries the key words on the Twitter platform and provides twitter search results embedded inside the webpage, which also keeps updating itself every milli second. You can also go to http://search.twitter.com directly to search for any real time tweets on any specific subject or topic .For eg. I just searched for “Chelsea” in Google. Amongst the results , even the tweets from the twitter are embedded on the search page.
A report by US military intelligence has claimed that the messaging application Twitter could be used by terrorists as an operational tool. Intelligence agencies are now monitoring this platform as future terror attacks will be aided by high technology gadgets and applications like Blackberry,Twiiter,YouTube(encrypted videos) etc.
The report into the increasing security implications of mobile technology envisaged terrorists using Twitter messages, or Tweets, to communicate and share images and locations of future terrorist attacks. “Twitter is already
used by some members to post and/or support extremist ideologies and perspectives,” the report said.
“For example, there are multiple pro and anti Hezbollah Tweets. In addition, extremist and terrorist use of Twitter could evolve over time to reflect tactics that are already evolving in use by ‘hacktivists’ and activis for surveillance. This could theoretically be combined with targeting.”
It notes that Twitter was used extensively by protestors at the recent Republican National Convention to identify the location of police and security guards in an effort to get around them. The report envisages Twitter also being used to identify the location of targets. It cites Tweets from US troops stationed overseas that could be used as information for
selective attacks.
“l’m in Bagram waiting for a flight to Camp Salemo by Kwost in the volatile east of Afghanistan near the Paki border. Hot days cold nights,” was one Tweet cited from an American soldier in Afghanistan that was posted on a publically available forum.Use of Twitter has been gaining ground fast and it is already being used in criminal cases, as well as updating work groups in business about changing goals.
So now you can imagine, a platform which has become a global search platform for “Realtime news” in such a short time due to its simplicity and user friendliness, has also become a powerful and dangerous tool which can aid terrorists for real time communications.
India ranks sixth in terror stats!!
Post Mumbai terror attacks,the University of Maryland released India’s terror statistics from its Global Terrorism Database (GTD) showing that there were more than 4,100 terrorist attacks and 12,539 terrorist-related deaths in India between 1970 and 2004 (the latest year for which data is available).
During that 34-year period, India ranked sixth among all countries in terms of terrorist incidents (behind Peru, Colombia, El Salvador, the United Kingdom and Northern Ireland and Spain), the National Consortium for the Study of Terrorism and Responses to Terrorism (START), which maintains the database at Maryland, reports in a press release addressing the Indian attacks.
The terrorist attacks generally fall into three categories:
- Sieges against a building or some other edifice (such as the most recent attacks in Mumbai)
- Bombings (in which the intent was to destroy a specific facility)
- Assassinations.
START’s Terrorist Organization Profiles (TOPs) include info on 56 known terrorist groups in India, including the Students Islamic Movement of India (SIMI), which carried out attacks in Mumbai in recent years.
The GTD is funded by the U.S. Department of Homeland Security
This database provides information about 80,000 terrorist attacks happening worldwide such as perpetrators and targets and the number and fate of hostages taken (including how long they were held before being released or executed). All of the GTD’s information is available for free to the public.
START is planning to add the latest information/data over the next year to make the database updated till2007. The consortium also reports that it uses more than 75 people with expertise in six language groups to collect information for its database.
