Data/Cyber/Cloud Security, Privacy, Website Security, Data Encryption, Malware/Viruses, Open Source Intelligence, Cyber Defence, Data Breaches, Travel Reviews & Photos
Web monitoring and blocking will only infuriate LulzSec and similar groups With the recent government proposals to block websites (The Pirate Bay) and monitor emails, web browsing, phone calls, text messages and VOIP, it raises a whole host of questions that need addressing. Not only will it infuriate groups such as LulzSec, Anonymous and TeaMp0isoN it will also encourage individuals to go more underground by using increasingly enhanced countermeasures.

The proposals will remind people of communist or authoritarian states such as China, Iran and Syria. In China it is alleged they have 40,000 staff dedicated to sifting through social media alone. Phone calls are believed to have automated monitoring systems which flag up keywords such as democracy or Tiananmen Square. If flagged, a case officer is meant to monitor the lines. The same process applies to SMS, emails and also postal items.

In countries such as China, Iran and Syria citizens are quite clued up when it comes to bypassing filters installed by the government. For example “The Great Firewall of China”, where citizens buy or use free VPN or proxy services to circumvent filters or logging. Iran in 2008 bought deep packet inspection hardware to find and stop users who use proxies. The same also happens in other countries and users need to go through different VPN encryption methods to try and bypass the deep packet inspection hardware.

A great deal of legal and technical questions are raised therefore with regard to the 2012 monitoring proposals. For example, what if the email provider or email server is based outside of the UK. Would they have the facilities or legal jurisdiction to intercept and log data? The same applies to encryption, if an email client (think Outlook or Thunderbird) uses transfer encryption (SSL or TLS) to talk to the server, would they have the right or the facilities to intercept and log data.

Monitoring will simply encourage people, rich or poor to use countermeasures such as encrypted VPNs, proxies or encrypted email. VPN’s encrypt the traffic from the client (PC) and once it hits the middle server it is decrypted and forwarded on. This means interception or logging is very hard since the server is often abroad. Hundreds of providers exist and small percentages are free to use. The same applies to mobile communications; voice communication can be re-routed by IP and heavily encrypted. Intelligence services have devices to monitor GSM but if IP is used this will fail and no call logs will exist.

Contact details such as: phone number, location, IP, length, sender, recipient, time, data and method can be recorded and accessed without a warrant. Though the core content will require a warrant there is always a chance of a rogue employee or a government department which will ignore the law and intercept without a warrant. Services such as Skype and Blackberry maybe encrypted but they have to release encryption keys or content upon request.

In the coming weeks it is very likely systems will be penetrated, or failing that come under multiple DDoS (distributed denial-of-service) attacks.