News

Jews Developing New Cyber Spy System: It Doesn’t Need to Crack Encryption

Eran Tromer

A better way for Big Brother to look over your shoulder

REMEMBER that racy film you probably should not have enjoyed on Netflix last weekend? Eran Tromer’s algorithms can tell what it was. Although videos streamed from services such as Netflix, Amazon and YouTube are encrypted in various ways to ensure privacy, all have one thing in common: they leak information. Dr Tromer, of Tel Aviv university, his colleague Roei Schuster and Vitaly Shmatikov of Cornell have worked out how those leaks can identify the film you are watching — even if they cannot directly observe the stream of bits delivering it, or obtain access to the device on which you are watching it.

Videos streamed over the Internet are usually transmitted using a standard called MPEG-DASH. This chops a data stream up into segments that are then encrypted and fetched one at a time by the machine playing the video. The result is an on-off, “bursty” pattern of data arrival. But not all segments are equal. One depicting the mating habits of sloths will contain less information than another showing a car chase. Streaming services use something called variable bit-rate (VBR) compression to take advantage of this. Amorous-sloth segments are compressed to a greater degree than those involving car chases, reducing the overall amount of data that must be transmitted. That means segments of the same duration (in seconds) have different sizes (in bytes). The resulting pattern forms a video fingerprint.

Vitaly Shmatikov

Dr Tromer’s method recognises this fingerprint by comparing it with a pre-assembled library of such prints that a snooper has made from videos the viewership of which he might want to follow. The detection algorithm involved is a version of a program called a neural network, a type of software adept at signal-recognition tasks. Once trained, Dr Tromer’s neural network can identify films with up to 99% accuracy, based on a fingerprint between one and five minutes long.

The cleverest part, though, is that, unlike other efforts to exploit leaky video streams, it does not actually need direct access to the stream itself, or even to the device the video is being shown on. By planting a small amount of JavaScript code in a web browser on a personal computer or smartphone that is merely attached to the same Wi-Fi network as the viewer’s device, the film being watched can be identified with almost the same accuracy.

Web browsers confine JavaScript — which is ubiquitous in web pages and advertisements, and runs automatically — to a “sandbox” supposed to prevent it from collecting private information. JavaScript code can, however, still communicate with the computer server that sent it — and this is enough for Dr Tromer. It enables his implant to flood the entire Wi-Fi network with random data, creating congestion. The result is that a video stream feeding another device on the network will create bursty delays in the JavaScript’s communications with its own server. Measuring these is enough for the spyware to be able to identify the film being watched.

Such information can reveal a lot about a viewer’s personality, preferences, politics and so forth. As Dr Tromer notes, by being able to monitor this, “I can show personalised ads based on your viewing habits, adjust your insurance premiums or send in the Spanish Inquisition.” That last suggestion, tongue-in-cheek though it may be, is the most troubling. Censors using his technique could spot and block the viewing of things they disapproved of, no matter how highly encrypted those things were.

At the moment, there is no practical way to derail such attacks. Eliminating VBR would increase network congestion, bringing data-buffers into play to deal with information overflow and underflow. That would translate, for viewers, into the resurrection of buffering messages, now largely a thing of the past.

In most countries, placing this sort of spyware on a machine without permission would be illegal. But its ability to spy remotely might get around that. Also, blanket permissions associated with installing new software, carelessly agreed to, might see it arrive on clueless users’ machines within the letter, if not the spirit of the law. Mind how you go, then. And watch what you watch.

* * *

Source: Economist

For Further Reading

Previous post

Black Killer Sentenced in Metairie Double Murder

Next post

Hungary's Second Fence

2 Comments

  1. zoey
    May 6, 2017 at 7:32 pm — Reply

    These machine learning algorithms are really powerful. Sad.

  2. Posis1959
    May 8, 2017 at 7:57 pm — Reply

    A global panopticon… the All-(Snooping)-Eye… the same mindset Every.Single.Time – towards proof of which assertion without research or reflection, in addition to the article above, consider the following:

    https://www.theregister.co.uk/2017/05/04/uk_bulk_surveillance_powers_draft/

    -and-

    https://archive.org/details/TheWorldConquerors-TheRealWarCriminals1958

    Marschalko, Louis (Lajos): The World Conquerors: The Real War Criminals (1958).

    From pages 286-7:

    ‘Thousands of similar cases were reported by the freedom fighters and by those released from the Communist prisons who came to the West. When the freedom fighters succeeded in occupying the buildings of the secret police, they found further proofs of a terror almost incredible to the Western world. Huge halls and large rooms were stuffed with the most unimportant telephone conversations recorded on tape and filed. Unimportant letters from abroad had been photographed on microfilms and filed away in a gigantic card index system. On Tisza Kalman Square in Budapest, a secret prison with 3,000 cells had been built and equipped on the site of a half-finished underground railway station, the existence of which was unknown until the freedom fights started. Similar underground prisons were also detected in provincial centres together with subterranean passages to enable Communist “leaders” to escape in an emergency. And so, if we take into consideration that in Hungary the leaders were Jews, it can truthfully be said that here the most extreme dream of Jewry’s world kingdom materialised.’

    A picture’s worth a thousand words:

    https://ia601601.us.archive.org/BookReader/BookReaderImages.php?zip=/12/items/JewsMustLiveAnAccountOfThePersecutionOfTheWorldByIsraelOnAllThe/JML2_jp2.zip&file=JML2_jp2/JML2_0044.jp2&scale=4&rotate=0

Leave a reply

Your email address will not be published. Required fields are marked *

Slander, crude language, incivility, off-topic drift, or remarks that might harm National Vanguard or its users may be edited or deleted, even if unintentional. Comments may be edited for clarity or usage.