Watch This Cat Video (or Anything on YouTube) and Get Hacked
When large flows of Internet traffic and information remain unencrypted, seemingly harmless activities like watching YouTube videos can allow security and intelligence agencies and well-funded private parties total access to a person's computer.
When large flows of Internet traffic and information remain unencrypted, seemingly harmless activities like watching YouTube videos can allow security and intelligence agencies and well-funded private parties total access to a person’s computer.
Morgan Marquis-Boire, a senior researcher and technical adviser at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs who published a new study on the topic, describes in an article in The Intercept on Friday how such hacking can happen:
Companies such as Hacking Team and FinFisher sell devices called “network injection appliances.” These are racks of physical machines deployed inside internet service providers around the world, which allow for the simple exploitation of targets. In order to do this, they inject malicious content into people’s everyday internet browsing traffic. One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge. The machine also exploits Microsoft’s login.live.com web site in the same manner.
Read more here.
Forget Your Sadness:
— Posted by Alexander Reed Kelly.
WAIT, BEFORE YOU GO…If you're reading this, you probably already know that non-profit, independent journalism is under threat worldwide. Independent news sites are overshadowed by larger heavily funded mainstream media that inundate us with hype and noise that barely scratch the surface. We believe that our readers deserve to know the full story. Truthdig writers bravely dig beneath the headlines to give you thought-provoking, investigative reporting and analysis that tells you what’s really happening and who’s rolling up their sleeves to do something about it.
Like you, we believe a well-informed public that doesn’t have blind faith in the status quo can help change the world. Your contribution of as little as $5 monthly or $35 annually will make you a groundbreaking member and lays the foundation of our work.
An immediate inquiry is sought amid findings Mohammed bin Salman appears to have had access to Washington Post owner's private messages.
Even when public agencies and companies hit by ransomware could recover their files on their own, insurers prefer to pay the ransom. Why?
An independent audit in Maryland raises key questions.
A woman faces a computer fraud charge in one of the largest security breaches of a major U.S. financial institution on record.
There are currently no responses to this article.
Be the first to respond.