Watch This Cat Video (or Anything on YouTube) and Get Hacked
When large flows of Internet traffic and information remain unencrypted, seemingly harmless activities like watching YouTube videos can allow security and intelligence agencies and well-funded private parties total access to a person’s computer.
Morgan Marquis-Boire, a senior researcher and technical adviser at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs who published a new study on the topic, describes in an article in The Intercept on Friday how such hacking can happen:
Companies such as Hacking Team and FinFisher sell devices called “network injection appliances.” These are racks of physical machines deployed inside internet service providers around the world, which allow for the simple exploitation of targets. In order to do this, they inject malicious content into people’s everyday internet browsing traffic. One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge. The machine also exploits Microsoft’s login.live.com web site in the same manner.
Read more here.
Forget Your Sadness:
— Posted by Alexander Reed Kelly.