Friday, August 31, 2007
Are we just plain stupid? Mumbai Police is planning to install Key loggers and monitoring software which will send out information about Emails, Chat, Websites visited, IM logs, take screen shot at a regular interval and send it to a server, I cant think of such a big foolishness as this, Notorious or buddy hackers in the neighborhood have already installed key loggers and all sorts of crap on those cyber cafe pc's and thanks to users spyware also has a safe home there, AND now another surveillance utility developed by Micro Technologies called CARMS (Cyber Access Remote Monitoring System), a powerful monitoring tool that seeks to curb cyber crime.
I have some thoughts:
- Are the terrorists operating only from Cyber Cafe's ?
2. Encryption and Wiping Tools
All terrorists that are caught and their belonging seized have encryption and wiping tools available and installed on their PC's. Are they fools to type "Lets bomb blah blah tomorrow at 1.00PM" ?
3. Linux Live
Has Mumbai Police heard of Knoppix, I can just reboot the Windows running PC with a linux live CD which runs the complete operating system off cd drive, it loads everything in RAM, and as we know RAM is volatile it holds data only till the power is on, once its off the data is lost.
4. USB drives
Operating system and Applications can be booted and ran off USB drive also. If you the best encryption tools, Stenograpy tools are anyways Portable which means they can be copied to usb drives and can be used no need to install them.
If a terrorist comes and sends an email with images to somebody from the cyber cafe with that monitoring system installed with a title amusement park or just uploads them to flickr or picasaweb with public viewing rights and which has a small girl playing on rides etc. The smart part here is he has already done stenography with those images, the message is embedded, the damage is done, and stenography is not limited to images, it can be done with audio video and everything under the SUN.
6. Cyber Cafe plans on the HDD.
A smart terrorist can just bring a complete package files save it on the HardDrive, and bind a emailing tool with firefox.exe and now when the next person comes in the is in trouble. But when binding the exe he will have very little time because thanks to CARMS every 5 seconds or so a screen shot will be taken so need to be fast.
Now I think i am a little pissed of by the decision and going mad and writing all the tricks to bypass the CARMS system. But i can assure that breaking CARMS wont take anytime its just that you can putting more burden on people, your people, end users.
I just think its a stupid idea.