One thing, what you probably didn't know about traffic tickets

https://avoimenkoodinmaailma.blogspot.com/

Kimmo Huosionmaa

Almost every person, who lives in the cities is using sometimes the bus or train.  The public transportation system is one of the best inventions, what cities have. This system contains trains and busses, and of course, it's not free. When we are using this system, we must buy the ticket for traveling in the public transportation system, and this thing contains one very big danger for information security.


That danger is connected with the customer groups, what have the right to get lower price tickets. In some cases, the handicapped and mental patients have the different group for sale than other users. To getting the sale, we must show that we have right kind of diagnoses or we are students in some kind of high schools or universities. And that can danger our privacy because another reason for sale is needed the doctor's testimony, and that might be the thing, what we would not want to tell anyone else in the whole world.


Public transportation system has the database, what tells about us studies and medical diagnoses very clearly. And if the system would be in the wrong hands, could somebody follow, what bus or train lines the targeted person uses. The sneaker would compile the home address of the traffic user, and the numbers of lines, what this person uses, and then this follower can take information, what kind of bars and other places are found at the road of those busses and trains.


And if the person would go far away from home for the drink, would that bar be some kind of different, or that person has a boy or girlfriend in that area. Who will sit on the bus even hour for the drink, if the place would be nothing special?  That is the question, what the sneaker would ask anytime when that person follows the target.


This means that everybody, who has the device, what can read the data from those electronic tickets can get very personal information in the hands. This is against personal data security because that information is prohibited to deliver even for the doctors, who work in the public health care system, but that information is available for any person, who sees the ticket automat in the busses or subways.


Also, modern mobile telephones can read those traveling cards even, when the wallet is in the pocket, by using official mobile applications, what is meant for checking, is there any money in the card. This might seem very small thing but is violates against the law of privacy. Those traveling cards are also problematic because the card can be programmed to deliver the computer viruses if somebody wants to do that.


This means that somebody must just write the computer virus, and then upload it to the card, and that would cause the collapse of all traffic control system. Only thing, what that hacker must get is the tool, what is used for writing to the cards, and then the tool, what can be used for programming those chips.


And the problem, in this case, is, that this hacker can also make the back gate to that system, and then steal the information of users of public transportation, who have some special reason for getting the sale for using that system. That could be quite embarrassing for people, who are marked for sale groups, what are reserved for some special groups like people, who have mental disorders.

How NSA tracks the rebellious officer from the military forces?

NSA HQ
(Picture 1)

Kimmo Huosionmaa

The military forces are good equipment for taking the power of the nation. The rebellious military is the worst scenario, what man can imagine. When the person wants to raise the rebellion against the government, need this person the crew, who the rebellious person would tell about the rebellion, what is in this person's mind. If the rebellious officer is very old, this person's behavior would be reported to the security branch.


Elder officers are good targets for informers because if some colonel rank officer would retire, there would be big rank in the military for younger officers. So when the officer starts to create the network for rebellion, must this person be quite a young that the collection of the staff would be collected. The elder officers can't move so freely because they are so well known in the military forces.


When somebody wants to begin the rebellion,  this person must have enough high military rank, that the troops would follow the orders, and that person can take necessary equipment in command. That is the reason, why NSA surveillances all communication inside the USA. When the rebellion starts, needs that group the communication line for syncronizing their actions. But when NSA wants to make the surveillance- or security actions, they must have the equipment for that operation.


When the security service wants real information of somebody's opinions, they must observe the target in the natural environment. And those security staff must give the target the feeling, that they can use their information systems freely. Of course, the person must have the reason for rebellion against the federal government. Maybe the reason for rebellion could be religious fanatism but in those cases, the rebellious person must have contacts to some right-wing religious societies.


Another reason for rebellion might be the attempt to avoid the prison. In this scenario, the person might make the crimes at the younger age, and then try to escape the law by becoming the officer. And in those cases, the person might become rebellious, because if this person was involved in the drug dealing or something else, the punishment would be very tough. In some scenarios, this kind of person might work in the archives, and leaked the classified information to the mafia.


Some conspiracy thrillers have scenarios that mafia has recruited some young individual, and then this character would raise the power in the FBI or some other organization. This kind of things are very uncommon, but they might be considered when the strategies of the national security are made. Of course, the profiling of that kind of persons is the very important tool, and one of the best tools for profilers is to use the well-known mobsters to make the data security policies for some firm. And then this policy can be compiled with the policies what some police or military officer do their job.


This will help to locate the persons who have something to hide. So profile is an ultimate tool for persons who make decisions for security. When the first work what the person does in the workplace is the data-security analyses and proposal of those things, could the trusted experts look how many backdoors could that person make in the system? And if there would be some very easy mistake, the person might be some kind of "trojan horse, who will leak the information to another firm or third part operatives.

Sources

Picture 1

https://media.wired.com/photos/5a21eb02531a6368b4c810ea/master/w_1882,c_limit/NSAcampus-TA-96263974.jpg

What if the antivirus program transforms as the spying tool?

Kimmo Huosionmaa

Is Kaspersky's antivirus software a spying tool for the Russian intelligence is the very good question. If some antivirus- or firewall software has been used as the spying tool, the results could harm the national security. When we are talking about the use of an antivirus or any other security program as the spying tool, that will give change to the attacker to monitor all data, that goes between the computer and the Internet. But how to modify those extremely safe programs as the spying tool?


The best way is to make the "trojan horse", what just looks like that security program. In this scenario, the hackers just make their own software, what has the same kind of icons than the real antivirus program has, and then they must just route the net traffic to their own server. And then they have full access to any data, what is on that computer. Another way is to put the computer virus or spying program to the router, but the problem of that is that device's operating system is normally Linux, what makes the slipping that tool in the system quite difficult. Making the programs for Linux is different than making them for Windows, but if the monitoring tool can be set in the router, the hackers can monitor all data, what goes thru this device.


The problem of those hackers is that if too many persons will download that program, they would get so much data, that it becomes useless, and in the nastiest scenarios they will send the "sale offers" to the targetted persons, and in this case those persons will pay for those programs, what will steal their personal pictures and other data, what they wanted to keep secrecy.


That most advanced malware software might be stolen from the NSA (National Security Agency) or some other information security authority. Those tools were the national secret, but somebody copied the editors in their USB-stick and then those persons just walked away from Fort Meade. That software has been used to create computer monitor tools, what became public in the case, where the Iranian nuclear program have been monitored. And that software has probably been sold to the Russian intelligence and probably the criminals also have their copies of that complicated software.


But if the person is the good coder, can the necessary programming tools downloaded from the Internet. And in this scenario, the hacker will make the package, what looks like the update package for the antivirus software. This action bases that the antivirus tools must be updated simultaneously, that they can be effectively detected the malware. And if the computer virus will strike in the antivirus software, that might open the back gate to the system, and then all data can be stolen. Then the hackers might cover their crime by destroying the data system by the virus what forces to reinstall the system again, and if the backups were not made, the databases and evidence of the data crime would be stolen forever.