The state Duma approved an amendment that obliges mobile operators within three years to store information about callers, their calls, transmitted messages and images. Given the recent scandal over the hacking of accounts Telegram from several activists, all the more urgent becomes the question of how to maintain the confidentiality of their communication. Resource the Insider tried to figure out how to protect your smartphone from hacking, spying, or wiretapping.
The smartphone owners have to protect several aspects of your privacy: using your phone to monitor your movements, you can listen to your conversations, read your messages and to retrieve data stored on your device.
Freedom of movement
“Calls to the phone of any degree advanced still go through the network operator, and technically nothing prevents it to record them and keep track of your location, says Simon Yulaev, the programmer of “Libertarian technology group” – a team that can help civil society activists to establish a safe software on smartphones is usually a ton additional programs that may drain via the Internet God knows what to God knows where. Smartphone owner usually leaves a lot more traces in social networks, chekanitsa anywhere, post pictures to instagram, etc”.
The operator is not so interesting to follow you (is that in order to send you contextual advertising – say, you pass by some cafes and the SMS comes with an offer to visit him). But data the operator can take advantage of special services, completely legally – through a system SORM-2, they have direct access to the data, received from the operator.
If your phone is monitored in the field of law enforcement falls not only your camera, but phones are often nearby. Accordingly, the is a scheme under which two tubes – “public” and “secret” are often enabled at the same time. Willing to walk with two phones must carefully combine their modes alternately switching, in order not to be discovered.
Also does not make much sense to change SIM cards or, on the contrary, tube – if you ever stick your SIM card in another handset, then the handset will also be associated with you and Vice versa – if you’re in my pipe insert in another SIM card, the system this SIM card will associate with you.
Spying on your cell phone means that, for example, if you came to the meeting who follow you will be known to all mobile devices, lying in the pockets of your buddies. Applications that allow you to distort the location, for conspiracy worthless: they are cheating on your phone but not your cellular carrier.
If the battery is removed – a proven way to avoid tracking. Also on sale is cases for mobile and clothing with pockets that block a cell phone signal. The battery of the mobile in this case pull is not necessary. But, before using, you should test whether the device is in the case, is out of network coverage.
Freedom of telephone conversations
There is equipment for remote eavesdropping of conversations (in addition to intelligence, that sort of technique may well be in private hands), in theory a mobile phone can be used as a hidden and remotely controlled recorder. And to hear your conversation, you do not have to listen in real time, you simply record all conversations.
And even more so your call may be recorded, when you do call. Contrary to popular opinion, clicks or echoes in the tube can mean any problems with cellular communications, and is unlikely to mean a wire. If your cell phone runs out quickly and gets very hot – is a little more likely, but also an ambiguous sign that you’re tracking (there are a million much more probable that explanation).
In General, for wiretapping phones the intelligence services need a base in the form of operational search activities, but in practice, formal occasion for an ORM always can come up with. As noted by Svetlana Sidorkina, lawyer Dmitry Bochenkova, Alexey Gaskarov and Taisia Osipova, in Russia it is practically impossible to challenge the legality of the wiretapping, because many of the documents about the surveillance of suspects traditionally classify. By law, investigators must provide the result of the original records of telephone conversations. But check that it transferred to the original wire, and not a copy of it, lawyers can’t. So that law enforcement officers can attach to the Affairs of the mounted recording.
“Any sensitive calls must be done not directly through the operator, and through applications that support encryption. For example, the Signal provides such an opportunity,” emphasizes Yulaev. Signal is considered the most secure means of voice communication, but also Skype, WhatsApp, Viber or calls to Facebook will be a more reliable way to maintain anonymity than a normal phone call.
Another method of surveillance is tracking the calls list to identify your most frequent interlocutors. A classic example of such development is a “case of Belarus anarchists”. The Belarusian authorities were furious after the arson by Molotov cocktail car on the territory of the Russian Embassy in Minsk in 2010, to catch the incendiaries were thrown a serious force.
According to Mikalai Dziadok, who spent five years in the criminal case, at the time of the arson, the Belarusian KGB was scant dossier on local anarchists. But this omission they fixed quickly: “the calculated IPS of all active anarcho-bloggers, including me, and my house was raided, shut down. And then on the contact list in each phone also began to do searches and locking people up. That is, they chose, for example, 10 people from your phone, which you most often called, and closed them. Then they each took a mobile phone and practiced in the same way. In total, our case had arrested more than 150 people, not only anarchists”. Most of the detainees were released, and five sent to court.
SMS – the most unsafe of all forms of communication. Messages in the usual instant messengers may also be intercepted. Now, however, more of the messengers, by default, encrypt the message – if before this famous Telegram, with APR messages also encrypt WhatsApp and Viber.
According to the “Libertarian technology group”, remains the most protected Jabber with encryption off-the-record messaging – but, at the same time, and extremely uncomfortable, especially on smartphones. Next comes the Signal, followed by Telegram and WhatsApp.
In the Telegram there are also safe “secret chats” – first, in order to read your correspondence, the attacker will have to seize your phone, and secondly, you can configure automatic deletion of messages from the history after some period of time, and even then, stealing the phone, the attacker will not be able to read your messages.
Thus, the break-Telegram Kozlowski and Alborov has not led to leak of secret messages from their chats if they are all led. But and this hack could be avoided, provided two-factor authentication.
It is important to note that two factor authentication does not necessarily involve the confirmation by SMS. Moreover, it is considered unsafe. Dual authentication can be provided, for example, using the token. After the scandal with Alborova Kozlowski and the company Positive Technologies has demonstrated that the intercept SMS can not only intelligence agencies, and has published a scheme autopsies WhatsApp and Telegram. In the Telegram, however, burglars are unable to get access to secret chats, and WhatsApp – for correspondence in General. But in both cases they were able to correspond with the captured accounts.
Two-factor authentication really works in practice. So, for example, may 3, hackers tried to capture emails and Twitter employee “Open Russia” Paulina Nemirovsky. “Passwords were stolen from me, but I had two-factor verification, and passwords im not much help. As soon as I get a text message with a code to enter in the mail, I realized that something is wrong, mail turned off for a while and reset your password. With Twitter the same thing almost. There is a function login without a password, a code from the SMS and the codes the day I came 14 times before I turned off the login function on the code. I think it’s some kind of hackers-fans, the FSB would a SIM card and I copied the SMS turned off, as Alborov,” said Nemirovsky. Alborov and Kozlovsky “dvukhvostka” could also help, then it would be at breaking their Telegram would not only disable SMS, but also to somehow pick up an additional password, pre-defined by the owner of the account.
Freedom of information storage
To access the smartphone, you can also find a vulnerability in the operating system and infect him with a virus, but this task is extremely difficult. Intelligence agencies also do not have direct and immediate access to the “soft”, although attempting to get (Apple is still suing about this with the authorities). So, stored in your phone information is easiest to obtain, physically taking possession of your phone.
According to Dmitry Dinze, the lawyer of Oleg Sentsov and Peter Pavlenkova, if maintaining the confidentiality of information on the smartphone are a priority for you, a good idea to buy the equipment and software, providing a lock/destruction information in case of multiple incorrect password. Dinze says that one of the things that he had kept his client was a smartphone, and the investigator was extremely disappointed after trying to open it.
On smartphones work services, proven in “large computers”: TOR, secure email Riseup. “Smartphone must have the latest version of the operating system and installed apps, all apps should be installed only from trusted sources. Instant messenger open source that uses end-to-end encryption and, if possible, two-factor authentication, it is enough safe when used correctly”, – says Mikhail Abramov, specialist, Department of analysis of security of the company “Informzaschita”.
If there is enough serious interest of the security services, it is impossible to be completely sure that your smartphone is not written malicious program, able not to give yourself and sending different information from your device. But in the Russian reality, is, apparently, a rarity.
“The intelligence agencies much easier your apartment than Skype or viber to listen to. Typical example is the case of Nikita Tikhonov and Eugenia Khasis. There is no interception of traffic – despite the fact that the apartment in which they were detained, even in the video it was written. Operational activities conducted by the employees of the Central apparatus of the FSB, and the Director of the Department reported to then-President Dmitry Medvedev,” – says Maxim Solopov, crime reporter of “media zones”.
In the case of comrade Nikita Tikhonov for the militant organization of Russian nationalists Ilya Goryachev much of his correspondence from Skype, ICQ and mail. But no computer and accounts Goryachev didn’t break. As told to The Insider Goryachev’s lawyer, mark Feigin, Goryachev himself gave out the password from his computer to the Serbian secret service – he was originally detained in this country and then extradited to Russia. Feigin am sure that in most cases, Russian law enforcement authorities have access to the account, withdrawing the device, nesparennym and logged on various services and social networks.
Sometimes social networks in cooperation with the authorities go very far. Nagatinsky district court of Moscow last week began consideration of the criminal case against Demushkin – for social media posts. Dyomushkin told The Insider that his case was conducted by the Investigative Committee of Moscow, and operational support was provided by the FSB. ISP Demushkin and the administration of “Vkontakte” they had sent the request, and the consequence was granted access to his account “Vkontakte” and his e-mail correspondence. Investigators appointed meetings to colleagues Demushkin using his account “Vkontakte” in his name.
Tips Humpty Dumpty
The group “Anonymous international” has answered a couple of questions related to information security.
— Can we say that some smartphone models more vulnerable to dissection, some less?
— Yeah, a lot depends on the model and on the model. Usually the most vulnerable, the old or the new non-updatable FOR more “raw”.
— In dissections, you are more likely to attack smartphones, or you just need the email address, account, etc.?
— With physical access to the device to remove information from it is much more convenient than remote access. But getting physical access is already more operational work than technical.
— How do you assess: which instant messengers are more vulnerable to the autopsy, what — less?
— All vulnerable. Since in any case the messenger is person, but the human factor has not been canceled. From a technical point of view the least vulnerable in our opinion this is threema and telegram.
— Always do Your operations successful? Have there been situations when You tried to open someone else’s mail, and she was too well-protected?
Is ordinary working time. It happens more often than when “successfully”. Watch movies about the “brilliant hackers”. Well, if “successful” will be twenty per cent.
— In General, how costly, long-term “average” operation for opening someone else’s mail account or smartphone? Who in Russia have to fear such attacks?
— From one hour to six months. The cost of a loose concept. But if the budget allows, you can try a variety of ways, including whole actions for obtaining physical access to the device. To all those who have something to hide. Although, of course, it is not enough just to possess insider information, you must be able to work with her. There is a common expression “Who owns the information owns the world”. We would rephrase – “the World has someone who can work with the obtained information.