When large flows of Internet traffic and information remain unencrypted, seemingly harmless activities like watching YouTube videos can allow security and intelligence agencies and well-funded private parties total access to a person’s computer.

Morgan Marquis-Boire, a senior researcher and technical adviser at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs who published a new study on the topic, describes in an article in The Intercept on Friday how such hacking can happen:

Companies such as Hacking Team and FinFisher sell devices called “network injection appliances.” These are racks of physical machines deployed inside internet service providers around the world, which allow for the simple exploitation of targets. In order to do this, they inject malicious content into people’s everyday internet browsing traffic. One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge. The machine also exploits Microsoft’s login.live.com web site in the same manner.

Read more here.

Forget Your Sadness:

— Posted by Alexander Reed Kelly.

 Your support matters…

Independent journalism is under threat and overshadowed by heavily funded mainstream media.

You can help level the playing field. Become a member.

Your tax-deductible contribution keeps us digging beneath the headlines to give you thought-provoking, investigative reporting and analysis that unearths what's really happening- without compromise.

Give today to support our courageous, independent journalists.

SUPPORT TRUTHDIG
In this Article:
#hack#the intercept#youtube