Archive by Author | jurgenlangbroek

Hackers steal your data during your morning commute.

Image © Decorrespondent.nl

I am not the kind of person that tries to hide every trace off the internet. I am not the kind of person that refuses to use cloud based services. But I am the kind of person that browses responsibly. In order to guarantee my data is safe from people snooping around I occasionally use a VPN, and I think you should too. In my recent post[1] I’ve touched upon a difficult dilemma in current society, privacy versus security. In this post I will further elaborate on the privacy aspect of online browsing, in particular when you are on an untrusted connection.

How?

With all the talk on online security, it is surprising to see how a lot of situations with security flaws are used without hesitation. I hear a lot of complaints of individuals who worry about remarketing, done by innocent cookies. But have you ever used Wi-Fi on a train? 2 years ago Roy Verploegen posted a blog on the recent introduction of Wi-Fi in the NS trains, describing the poor quality of service. But the quality of the connection is not even the worst part. Free public WiFi connections are increasingly proven to be a privacy hazard. Hackers are able to gain access to your browsing metadata, and hijack your surfing pages[7].

Using ‘sniffer software’ hackers can ‘sniff’ through the traffic traveling to and from a wireless router to a device. This metadata can reveal identity info, including the device info of the user and server the device is communicating with. Even more vulnerable are ‘rogue Wi-Fi’ hotspots, which hackers set up at a public location[8]. These hotspots are given generic names like ‘Free Wi-Fi’ or ‘Starbucks’, often saved in the devices of the users. These hotspots redirect the internet of the users and enables them to view and alter any unencrypted data sent and received by the user. Using ‘DNS spoofing’[9] hackers can let you believe you are accessing your bank, while in reality you are giving all your info to the hacker.


Image © Norton

VPN?

VPN is a Virtual Private Network, which enables you to virtually join a local network (LAN) where you are not physically present[2]. A VPN connection can be set up on your device and as you connect with the internet, you do so through a so called ‘tunnel’ to the LAN. VPN connections are often used by companies and universities to enable users to act as if they are on the private network. This is important to ensure sensitive data does not leave the company network or to enable users to access local files and applications. VPN connections are also used for watching country restricted content[3] and hiding illegal downloads[4].

A VPN connection secures your internet connection to guarantee your data is safe. It does so by encrypting the data you are sending through the ‘tunnel’ to the network you’re virtually connected to. It establishes a connection between the server and your own device by exchanging trusted keys after logging in with your credentials. This allows you to browse completely anonymous on any internet connection, if you thrust the server.

Unlike Tor[5], your connection is encrypted to the server (exit node). Both the server and your device have the key to unencrypt your data. This allows system administrators to access your data, while externally it is completely secured. In Tor, only your device has the encryption keys. In addition, your data passes at least three servers, all with new encryption keys, until it reaches the exit node (server that sends/receives data with the internet)[6].

So..

Next time, worry less about re-marketing and worry more about your (internet)connection. As a lot of readers of this blog are students, make use of the university VPN when you treat yourself to a latte macchiato. Or, if you want to go a little more professional check out this list of the best VPN providers.

-Jurgen


[1] https://informationstrategyrsm.wordpress.com/2015/10/07/your-phone-got-hacked-by-a-nosey-smurf/

[2] http://lifehacker.com/5940565/why-you-should-start-using-a-vpn-and-how-to-choose-the-best-one-for-your-needs

[3] http://www.howtogeek.com/210614/how-to-access-region-restricted-websites-from-anywhere-on-earth/

[4] http://lifehacker.com/how-to-completely-anonymize-your-bittorrent-traffic-wit-5863380

[5] https://www.torproject.org/

[6] http://security.stackexchange.com/questions/72679/differences-between-using-tor-browser-and-vpn

[7] https://decorrespondent.nl/845/Dit-geef-je-allemaal-prijs-als-je-inlogt-op-een-openbaar-wifinetwerk/25988820-b2a600e1

[8] https://powermore.dell.com/technology/hackers-use-wi-fi-steal-passwords/

[9] http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part2.html

Your phone got hacked by a ‘Nosey Smurf’.

Hacked?

Not so long ago, iPhone users all over the world were exposed to a bug able to shut down their phone by one simple text message[1]. I too received such a message as a prank, but did not consider the security implications that come with phones reaction on text commands. Later this year an android vulnerability “Stagefright” came to light, allowing hackers access full access to every Android phone with just a phone number[2]. Luckily both bugs have been fixed by the companies right after, but the security risk remains. There is no guarantee every bug has been revealed instead of being exploited by hobbyists, hackers, or governments.

The latter is now expected to be the case. Edward Snowden explains in an interview by the BBC how UK intelligence agency GCHQ is able to control your phone by text messages, completely hidden from the knowledge of the owner[3]. It does so by sending an encrypted text message to gain access.

Smurfs?

Snowden talks about a “Smurf Suite”, a collection of phone control tools of GCHQ named after various smurfs. “Dreamy Smurf” is able to shut down and boot up the phone, “Nosey Smurf” can turn on your microphone and listen to your conversations, and “Tracker Smurf” is a tool able to track your geo-location with greater precision than normal triangulation of cellphone towers. And they can do even more, like taking pictures without your knowing, viewing your mails, texts and browsing history, and even

Snowden explains how NSA is understood to have a similar program, and are suspected of providing the technology. “GCHQ is to all intents and purposes a subsidiary of the NSA.” he tells the BBC, where GCHQ receives tasking and directions to go after. These projects are aimed to catch suspected involvement in terrorism, pedophilia or other serious crimes, but in order to do so, they have to collect mass data. Your data.

What now?

Snowden makes a valid point by stating you don’t own your phone, but “whoever controls the software owns the phone”. We see this increasing risk in software and privacy issues, and users are becoming more aware of this. The Windows 10 release has been highly critiqued by its security statement[4] and Europe’s highest court just rejected the ‘safe harbor’ agreement after Max Schrems started a case against Facebook[5]. It is clear that the battle for privacy has just begun.

-Jurgen

Sources

[1] http://www.engadget.com/2015/05/27/apple-fixing-ios-text-crash-bug/

[2] http://fortune.com/2015/07/27/stagefright-android-vulnerability-text/

[3] http://www.bbc.com/news/uk-34444233

[4] http://www.wired.com/2015/08/windows-10-security-settings-need-know/

[5] http://www.nytimes.com/2015/09/24/business/international/adviser-to-europes-top-court-calls-data-transfer-pact-insufficient.html?partner=rss&emc=rss&_r=1

Technology of the week: Crowdfunding vs Crowdsourcing

The rise of Web 2.0 changed the web from a static portal to a dynamic workplace without physical barriers through which people across the world are able to connect and collaborate. This resulted in new business models and new ways to operate in order to achieve goals by using ‘the crowd’ as a main resource. This blogpost will compare two types of crowd usage (Crowdfunding & Crowdsourcing) through two electronic marketplace platforms (Kickstarter & Freelancer).Screen Shot 2015-09-28 at 11.50.21

Crowdfunding: Kickstarter
Using Kickstarter, business entrepreneurs are able to attract capital using the crowd as their main source of investment, called Crowdfunding. Entrepreneurs submit their ideas and the crowd can decide to ‘back’ these projects by donating money, sometimes in return for a finished product. Kickstarter earns its money by charging an average commission based fee of 5% on all successfully funded projects. The business model is fully driven by transaction volume. One of their success stories is the Pebble E-paper Watch. This project reached its 100.000 USD goal in just two hours, and eventually was pledged more than twenty times the expected amount (Jauregui, 2012).

Crowdsourcing: Freelancer
Crowdsourcing is mainly used for four main purposes: solving problems, generating ideas, designing logos/commercials/websites, and outsourcing human intelligence tasks. At the same time, people around the world are looking for work matching their specialisation (Boons, 2014). Freelancer created an online marketplace which connects these two sides and enabled online outsourcing. Their revenue model is subscription and commission based. Both project suppliers and freelancers need a paid subscription if they wish to participate in this electronic marketplace and the commission based fee is based on a fixed percentage of the value of every completed project. Today, Freelancer has over 16 million users and more than 8 million projects. This marketplace is expected to grow as the adoption of internet in low-wage countries increases.

Comparing Kickstarter & Freelancer
Comparing Kickstarter and Freelancer, we found mostly similarities. Both Kickstarter and Freelancer have the largest market share in their market, and do so by providing a hierarchy free marketplace (Malone, Yates, Benjamin, 1987) . They both exploit similar business models, based on fees and commissions, though Freelancer has more revenue streams due to the paid subscriptions. Furthermore, Kickstarter and Freelancer both exploit the absence of matured legislation and governance guidelines, limiting their responsibilities towards the crowd. But Kickstarter has shown its responsibility recently by becoming a Public Benefit Organisation (Kickstarter, 2015).  The main difference lies in the role of demand and supply, which are fundamentally different when comparing Crowdsourcing to Crowdfunding. Whereas in Crowdfunding the crowd solely offers funding, in Crowdsourcing the crowd is responsible for providing services.

Our predictions
Kickstarter and Freelancer are ever growing in size as crowdfunding and crowdsourcing are still rising in popularity. However, in the long run the growth of Crowdfunding is expected to reach a ceiling given that the yearly growth will start to decrease. Crowdsourcing is expected to keep on growing as the job market is an essential human need. Especially in the low-wage countries that are getting increasingly connected to the Internet. The most risky element which can potentially disturb the growth of both crowdfunding and crowdsourcing is the maturation of legislation and governance structures. Legislation will most likely shift the landscape of responsibilities regarding crowdfunding and crowdsourcing websites, which could have an impact on all crowd-based business models.

References
Jauregui, A. (2013) ‘Pebble iPhone Watch Is Highest Grossing Kickstarter Project Ever’. Accessed on 23 September 2015 through http://www.cnbc.com/id/47100168
Boons, M. (2014), Session 8: The Business Implications of Web 2.0 [PowerPoint slides], Retrieved from RSM http://www.eur.edu/
Malone, T.W., Yates, J., and Benjamin, R.I. (1987).
Electronic Markets and Electronic Hierarchies. Communications of the ACM 30(6) 484-497.
Strickler, Y., Chen, P., Adler, C. (2015). ‘Kickstarter is now a Benefit Corporation’. Accessed on 24 September 2015 through https://www.kickstarter.com/blog/kickstarter-is-now-a-benefit-corporation

Team 23
Hicham Gouiza 322226
Tony Jordan 400986
Kevin Schaap 358985
Jurgen Langbroek 336822
Glenn de Jong 357570