An evolution of this tactic is made possible by reliance on outdated hash signature approaches to detection. Modern computing power and hash collision generation techniques mean that an attacker can trick law enforcement into believing innocent files are illegal imagery.
Hash based detection alone is no longer a strong way to uniquely identify files if there is any potential incentive or motive for malicious trickery to be involved.
Unfortunately there are going to be several layers of blanket denialsand reluctance to accept this as true. The detection software makers do not want to admit any flaw past or present and would like to continue their streams of profit.
Agencies and departments relying on the in-place monitoring software do not want to provide any possible doubt to past prosecution legitimacy and would like to continue the existing level of surveillance as well as plans to expand. Some of it legitimately and some not so.
The truly malicious elements who understand the flaws and how to take advantage of them do not want this “tool” shown to all and understood as the weapon it is. The effectiveness of its payload diminishes greatly when “exposed to sunlight”.
Which leaves the very rare opportunity for someone to exist who understands the problem to also recognize the true scope of its weaponization, decide to ring alarm bells, have a wide enough audience, and be credible enough to be taken seriously...
And actually speak out about it before counter-interested entities recognize that person exists with all of those qualities and steps taken to mitigate the odds of the truth getting out through that individual.
To top it off, anyone in that rare position must also be capable of resisting the natural temptation to keep quiet and themselves ascend to an elevated position of power over the masses who can be victimized by it.
A Frodo individual who is willing, able, and steadfastly determined to hurl that One Ring into the molten core of Mt. Doom.
In the long run it is the only right, ethical, wise, moral, and sustainable thing to do for that exceedingly rare hypothetical person. If ever coming to be.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Chris Vickery

Chris Vickery Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @VickerySec

19 Oct
When a news site immediately loads up a big privacy consent popup box blocking the article which was displayed in the title and thumbnail image of the link it displayed to get the click, that is malicious and false advertising. It's not ok. It is wrong.
If you want to display ads along the side of your news article, ok whatever that's fine and I expect a profit generating site to fairly use advertising space.
But you are not allowed to deceptively lure clicks to read something, and then falsely claim that "always necessary" cookies exist or try to coerce me into allowing even further invasive data to be siphoned away contrary to my interests. That is abusive and harmful conduct.
Read 5 tweets
18 Oct
To explain:

It is dangerously foolish to trust that an entire file system with “non-repudiatable time stamp” as safe from manipulation.

This is because if a malicious entity knows what hashing technique is being used, and...
...has any ability to affect a file system’s content before or during the hash capture, the malicious entity can choose what the final calculated hash is determined to be.

Realistic example (but hypothetical) scenario:
1. PC has Kaspersky antivirus installed.
2. RU military intelligence flexes muscle to force Kaspersky into updating antivirus definitions minutes prior to (or during) covert hash capture or calculation of that PC.
3. The definition update is consistent and universally applied to all customers, but...
Read 6 tweets
18 Oct
I ask this question because after I discovered an openly exposed live database containing a copy of Mexico’s national voter registration rolls (the “Padron”) (and appropriately notified Mexico’s electoral authority)...
I soon thereafter made an additional discovery of a different similar database apparently limited to the Sinaloa region of Mexico and being hosted on servers under apparent control of the PRI political party.

(the first, national db had been a different political party, “MC”)
The second db, the PRI affiliated one, contained a large amount of additional data tables I did not widely mention. I do not speak or read Spanish very well. My two years of high school Spanish classes have not stuck with me.
Read 7 tweets
17 Oct
In my head, I think of this as a "Lavos Bits" approach to botnet regeneration.
#ChronoTrigger #itsAVideoGameReference #snes #rpgs
For the non-90s nintendo nerds in the audience- Lavos is the primary villain's name in one of the most revered single-player video games of all time.
To defeat Lavos's Core, the floating "Bit" device to the left must first be eliminated (a less important 2nd Bit is on right).
The left Bit will regularly heal itself, the other Bit, and the Core pod until the player can inflict lethal damage to it between waves of heals.
This becomes worrisome when combined with the Lavos Core pod's ability to resurrect the Bit devices at will.
Read 4 tweets
17 Oct
Who has thoughts on the legal effect of "total Declassification of any & all documents[...]" by a sitting US President related to a wide category of investigations he refers to as the "Russia Hoax"?
Asking because it occurs to me there exist a number of documents I provided copies of, at their request, to a bipartisan Senate Committee at the time when they were "conducting an investigation into Russian interference in the 2016 presidential campaign".
There are still bits of information and details reflected in those files which I have not been able to discuss in a public manner due to a personal goal to limit the number bad faith legal threats I receive...
Read 4 tweets
12 Oct
Sounds like an admission of knowingly violating anti-eavesdropping and wiretap laws at the state and federal level across the entire United States.

Also suggests intention to continue the activity in the foreseeable future for purposes of profit (a thing of value).
It's worth pointing out that commercial profit is generally something gained by companies in order to further the same and/or similar efforts.

I wonder if the Google legal department had opportunity to review that language...
...and weigh in with any potential concerns which could result from conducting an enormous campaign of arguably illegal eavesdropping?
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!