Lifeboat Foundation

Abstract: In this paper we present a method which allows attackers to covertly leak data from isolated, air-gapped computers. Our method utilizes the hard disk drive (HDD) activity LED which exists in most of today’s desktop PCs, laptops and servers. We show that a malware can indirectly control the HDD LED, turning it on and off rapidly (up to 5800 blinks per second) — a rate that exceeds the visual perception capabilities of humans. Sensitive information can be encoded and leaked over the LED signals, which can then be received remotely by different kinds of cameras and light sensors. Compared to other LED methods, our method is unique, because it is also covert — the HDD activity LED routinely flickers frequently, and therefore the user may not be suspicious to changes in its activity. We discuss attack scenarios and present the necessary technical background regarding the HDD LED and its hardware control. We also present various data modulation methods and describe the implementation of a user-level malware, that doesn’t require a kernel component. During the evaluation, we examine the physical characteristics of different colored HDD LEDs (red, blue, and white) and tested different types of receivers: remote cameras, extreme cameras, security cameras, smartphone cameras, drone cameras, and optical sensors. Finally, we discuss hardware and software countermeasures for such a threat. Our experiment shows that sensitive data can be successfully leaked from air-gapped computers via the HDD LED at a maximum bit rate of 4000 bits per second, depending on the type of receiver and its distance from the transmitter. Notably, this speed is 10 times faster than the existing optical covert channels for air-gapped computers. These rates allow fast exfiltration of encryption keys, keystroke logging, and text and binary files.

Artificial intelligence boosters predict a brave new world of flying cars and cancer cures. Detractors worry about a future where humans are enslaved to an evil race of robot overlords. Veteran AI scientist Eric Horvitz and Doomsday Clock guru Lawrence Krauss, seeking a middle ground, gathered a group of experts in the Arizona desert to discuss the worst that could possibly happen — and how to stop it.

Their workshop took place last weekend at Arizona State University with funding from Tesla Inc. co-founder Elon Musk and Skype co-founder Jaan Tallinn. Officially dubbed “Envisioning and Addressing Adverse AI Outcomes,” it was a kind of AI doomsday games that organized some 40 scientists, cyber-security experts and policy wonks into groups of attackers — the red team — and defenders — blue team — playing out AI-gone-very-wrong scenarios, ranging from stock-market manipulation to global warfare.

Horvitz is optimistic — a good thing because machine intelligence is his life’s work — but some other, more dystopian-minded backers of the project seemed to find his outlook too positive when plans for this event started about two years ago, said Krauss, a theoretical physicist who directs ASU’s Origins Project, the program running the workshop. Yet Horvitz said that for these technologies to move forward successfully and to earn broad public confidence, all concerns must be fully aired and addressed.

Continue reading “AI Scientists Gather to Plot Doomsday Scenarios (and Solutions)” »

In Brief

• Through the hive mind, everyone would be connected to everyone else telepathically, and we could all share our thoughts, memories, and even dreams with one another.
• Though a global hive mind would be susceptible to things like hacking or thought control, it could also lead to almost unimaginable levels of innovation.

Communication technology tends to develop in a particular direction: more people communicating across larger distances using less effort to do so. Taken to its logical extreme, perfect communication would be anyone being able to talk to anyone, anywhere, using no effort at all.

Continue reading “Becoming Borg: What Is a Hive Mind in Science and Could Humanity Get There?” »

Don’t be the CIO that sees their own this market as most Healthcare CIO’s will not allowed to stay given they are now a brand liability not to mention all those lawsuits that are coming from lawyers of the patients.

Electronic health record databases proving to be some of the most lucrative stolen data sets in cybercrime underground.

Medical insurance identification, medical profiles, and even complete electronic health record (EHR) databases have attracted the eyes of enterprising black hats, who increasingly see EHR-related documents as some of the hottest commodities peddled in the criminal underground. A new report today shows that complete EHR databases can fetch as much as $500,000 on the Deep Web, and attackers are also making their money off of smaller caches of farmed medical identities, medical insurance ID card information, and personal medical profiles.

Continue reading “Stolen Health Record Databases Sell For $500,000 In The Deep Web” »

There have been numerous dark net-related prosecutions in Europe in the past few months. The first country to wage a war against dark web criminals was Germany, where the government decided to provide more manpower to eliminate all kinds of illegal dark net activity. The Germans started focusing on the dark web shortly after the Münich shooting, which happened on July 22, 2016. Investigators discovered that the gunman acquired his weapon through a vendor on a dark net marketplace, who had been busted after the tragic incident.

By seeing the number of prosecutions, Austria is following the German example. A national news outlet, tips.at, conducted an interview with Chief Inspector Erwin Eilmannsberger, a police officer from Schärding, about the increasing dark net crime in his district.

Continue reading “Dark Net Crime In Increase: Interview With Austrian Chief Inspector” »

Who needs a Tesla when you can build your own automated copilot using free hardware designs and software available online?

So true; as many of us have stated that the infrastructure for QC is a must 1st. A good video to review; as many of the themes are often repeated in many commentaries as well as this video provides some additional insights on QC.

Cybercrime & Cybersecurity 0 20

There is a reason why they’re not in the private sector developing QC. Noticed all represented no one developing and delivering QC commercially. There is a reason why folks like this become nay sayers as it is hard when you’re not able to deliver and not hireable by the private sector to deliver QC. With such a huge demand for QC experts and in security; you have to wonder why these folks have not been employed in a QC Tech company especially when you see tech grabbing every professor they can to develop QC and especially cyber security. Also, I still never saw any bases or details scientifically for their argument why specifically where and how QC will not block hacking just a bunch of professors throwing out words and high level speculations.

SAN FRANCISCO—Cryptographers said at the RSA Conference Tuesday they’re skeptical that advances in quantum computing and artificial intelligence will profoundly transform computer security.

Continue reading “Cryptographers Dismiss AI, Quantum Computing Threats” »

Freedom Hosting II was hacked by a sole individual for hosting websites with child abuse content, taking down 20 percent of dark web sites.