The government watchdogs have devised a new and unsuspecting means to spy on you - videos and links. That's right! Videos and links that you randomly click on may just be opening the doorway for the government to keep tabs on you.
A new report from Citizen Lab, delves into the use of software deployed by companies to spread intentional malware via a seemingly friendly link. This type of software used for targeted surveillance is known as "backdoors" or "implants" and looks to bring about "network injection."
Alarmingly, these surveillance techniques capitalize on existing flaws that are present in major websites like Google-owned YouTube and Microsoft's Live. The common notion is that one has to click on a susceptible attachment or scout malicious sites to be vulnerable to surveillance or hacking. However, the research by Citizen Lab dismisses these notions as "not necessarily true."
"The only thing you need to do to render your computer's secrets-your private conversations, banking information, photographs-transparent to prying eyes is watch a cute cat video on YouTube, and catch the interest of a nation-state or law enforcement agency that has $1 million or so to spare," reveals Morgan Marquis-Boire, author of the report.
Companies like Hacking Team and FinFisher sell devices or "network injection appliances" which basically inject or seed regular videos with surveillance software. "Network injection appliances" are basically physical machines that are positioned inside the ISP all over the world and enable the abuse of vulnerable targets. The software has been designed in such a manner that it tracks the online activities of the intended target.
The Hacking Team is able to inject malicious content by taking advantage of the unencrypted video streams on YouTube. So how does this work you ask? The hackers simply wait for the specific user to watch a YouTube clip that is injected with the surveillance software and intercept the traffic, substituting it with a malicious code. This code gives the hacker control over the victim's computer without the latter being aware of the same.
The Hacking Team is said to work in tandem with the governments of UAE and Morocco. Marquis-Boire reveals that intelligence agencies in other countries like the U.S., Russia, China, the UK and Israel too have similar capabilities which have been deployed in the past.
To guard against attacks, several companies have switched to the HTTPS encryption. This system encodes the connection between the server and a user making it less vulnerable and averts injection attacks.