Published Articles
The Mobile Phone as Surveillance Device: Progress, Perils, and Protective Measures
Mobile phones remain the most efficient surveillance mechanism, allowing a variety of tracking and monitoring techniques to be concentrated in a single always-on device. Although the risk of unwanted monitoring persists, with protective measures to mitigate vulnerabilities, ubiquitous mobile phones will continue to provide unmatched surveillance capabilities. Read more
Electronic Forensics: A Case for First Responders
Almost every aspect of our lives is touched or somehow controlled by technology driven processes, procedures and devices. It is therefore important to understand that because of this pervasive electronic influence, there is a high probability that a successful criminal or unacceptable incident will occur within the perimeter of an organization’s information and/or computer and network infrastructure. The difference between conducting a successful investigation resulting in a potential prosecution or failing these will often lie squarely in the lap of the electronic forensic investigator. If potential evidence is compromised at any point in the investigation, it will be unacceptable in a court of law. The highest risk of compromise occurs at the point prior to evidentiary acquisition.
The first responder’s primary responsibility is to protect and preserve potential evidence and to see to it that suspect electronic devices and storage media are not tampered with by anyone until such time as the professional electronic forensics investigator (law enforcement or private) takes full control of the scene. This paper will explore electronic forensics demonstrating the need and making the case for the appointment and training of a first responder to incidents where electronic devices may have been used. Read more
The Myth of Superiority of American Encryption Products
Encryption software and hardware use sophisticated mathematical algorithms to encipher a message so that only the intended recipient may read it. Fearing that criminals and terrorists will use encryption to evade authorities, the United States now restricts the export of encryption products with key lengths of more than 56 bits. The controls are futile, because strong encryption products are readily available overseas.
Foreign-made encryption products are as good as, or better than, U.S.-made products. U.S. cryptographers have no monopoly on the mathematical knowledge and methods used to create strong encryption. Powerful encryption symmetric-key technologies developed in other countries include IDEA and GOST. Researchers in New Zealand have developed very strong public-key encryption systems. As patents on strong algorithms of U.S. origin expire, researchers in other countries will gain additional opportunities to develop strong encryption technology based on those algorithms. Read more
Australia Should Reverse Its Huawei 5G Ban
In August 2018, amid a leadership shakeup, the Australian government blocked Huawei, a Chinese company whose technology underpins mobile broadband for about half of all Australians, from building the country’s future 5G networks.
The ban was made under the pretext of protecting national security, yet there is no evidence that Huawei gear is insecure. Because it is headquartered in China, Huawei has undergone more scrutiny than any other ICT supplier in the world. In several markets, including the U.K., its source code is reviewed by independent security experts. In the 31 years since Huawei’s founding, no public evidence of wrongdoing has ever come to light. Canberra’s decision to ban the company was purely political.Read more:
I’ll be Watching You
We take for granted every day that we are safe from any given risk because we are protected by various standards, statutes, laws, and the goodwill/honesty or people globally. The mobile phone, for example, touches almost every part of our daily lives. There are currently more than 8 billion connections and almost 5 billion mobile phones in use around the world. It is really nothing more than a small computer with a radio transmitter and receiver and other communications devices (Wi/Fi, Bluetooth, etc) integrated into it. Mobile phones may also have the ability to record and store photos, videos and sound. Most have a built in Global Positioning Satellite System capability. Each of these capabilities may result in various risks. Every generation of mobile phone has expanded its capabilities and connected to the Internet in addition to normal telephone functions. It has become the most effective surveillance device ever conceived by man.
Along with these phone capabilities come a number of risks. Some of these are usually associated with using the Internet, so mobile users are exposed to malware of various kinds and being hacked for malicious purposes. However, there are other more insidious less known risks. The purpose of this presentation is to discuss current general surveillance techniques associated with mobile phones, the Internet, and other avenues of collecting evidence. Some of the discussion will cover communications interception, location logging and tracking, and bugging. Many people using mobile phones are not aware of these threats, or assume it only happens in other countries. They assume their service provider (Internet and/or mobile phone) has put measures in place to eliminate risks as well as protect their privacy (by the use of cryptography). 100% safe Internet and mobile phone use will unlikely ever be possible. This presentation will graphically portray and clearly describe example aspects of surveillance techniques in defined language that non-technical people will understand. Explanations as required will be provided in the general discussion afterwards. Read more
Digital danger
Computer forensics expert Associate Professor Henry Wolfe offers advice on how to be best protected in the unsafe world of electronic communications. If you use a cell phone or a computer, your privacy is at risk. Read more
Cloud Computing: The Emperor’s New Clothes of IT
Cloud computing has recently become a hot topic in IT circles. Organizations see it as an opportunity to reduce costs. Outsourcing the provision of data services has become an attractive option in the current climate promising the reduction of staff, equipment, IT operations and associated costs. This paper makes the case against using cloud computing for anything but the most trivial IT requirements. The issue is jurisdiction and what happens to your data when things go wrong. Contracting plays a big part in the process and most cloud computing contracts absolve the service provider of any responsibility for security, continuity of service, or for the integrity or privacy of the users’ data. There can also be issues surrounding access to a user’s data by official and unofficial entities. Data, such as client lists, proprietary information, and other sensitive information is the organization’s most valuable asset and should never be managed or controlled by any outside entity. Read more
The Insecurity of Mobile Phones
This paper identifies and describes mobile phone vulnerabilities not found elsewhere in a single source. It describes the threats and then offers measures that will mitigate those threats. The objective is to inform users of the very real and present risk associated with mobile phone use and offer some practical advice as to how those risks can be reduced. Read more
Information Assurance Programs at Tertiary Level
This paper highlights the rationale for all IT degrees being focused on Information Assurance holistically throughout the entire degree. It takes a look at the failure of industry to produce an operating system that provides user control of system activities and primarily serves the user rather than other special interest groups (Microsoft, Digital Rights Management, other applications vendors, etc.) Read more