Free Malware Neutralizes Nearly All Android Antivirus Software

One of the most annoying problems for hackers is dealing with those pesky antivirus programs. As much as you may malign them, these software programs still form the main line of defense against common malware attacks. If only hackers had a way to neutralize these programs, their work would be much easier.

Well, relief is here at last. Now, a free toolkit is available to neutralize nearly all Android antivirus software. Look at the list below. If your current antivirus software is listed, you could be the next victim of the AVPass toolkit.

avpass list

This list is from the free malware code. The attacker simply chooses the number associated with the antivirus software they need to neutralize.

According to the developer, “AVPass is meant to make sure whatever malware you’re sending cannot be screened by antivirus.” That’s fine, but how is this done?

Basically, the toolkit uses the fact that all AV programs have set detection rules. Once those rules are understood, they can be manipulated to make malware appear to be harmless. Why is Android targeted? Simply because 86% of the smartphone market is Android.

An Android operating system with its associated files is contained in something called an APK file. If you could tap into this file, you could alter some of its components before you installed it. This can be done with certain tools as is seen in the example for an app called APKtool shown below.


This tool is included in the AVPass toolkit because it is needed to rebuild files to the hacker’s specifications.

Through what is more or less a trial-and-error approach, AVPass detects the antivirus program being used and then tests its detection capabilities by incrementally altering elements of the selected malware’s code and testing these changes on malware detection sites such as VirusTotal. Eventually, it builds an idea of the AV’s detection rules and how to circumvent them. In the end, the attacker can install the malware package they want and know that it will not be detected.

Since the Android platform dominates all other smartphone platforms, it is the most obvious target for hackers. It is projected that over 3.5 million Android malware samples were detected in 2017, which amounts to almost 8,500 samples a day. That’s a lot of material for attackers to work with.

Antivirus firms aren’t simply going to allow AVPass a free pass. They are now building AVPass detection into their software. The developers of AVPass are researchers from Georgia Tech who actually want to help antivirus firms detect malware that attempts to bypass their algorithms. Some malware detection software has already been built to uncover malicious code trying to hide itself on a device. DeGuard is one example of software built for the “statistical deobfuscation of Android APKs”, although the researchers point out that it is not without its own problems.


In order for software similar to AVPass to be developed, the researchers have made the code open-sourced and posted it online for anyone to use. Is this a good idea? I’m not sure. The researchers put up a disclaimer saying that the code is only to be used for research, but, let’s face it, malware developers can use it to insert any malware onto any Android device they want.

And it doesn’t stop here. The same researchers are planning to use the same strategy on Google Verify Apps to see if it is possible to get malware infected apps placed in Google Play Store. This would allow attackers to put malware into seemingly valid apps. If this was used with AVPass, the malware would be downloaded and installed without detection; a hacker’s dream.

One more thing, the same researchers plan on developing a version of AVPass for Windows. In short, it looks like all operating systems will soon be vulnerable to such attacks. At the moment, 2018 is shaping up to be the best year for hackers and the worst year for normal users that we have ever seen. Happy New Year.

Posted in Uncategorized | Tagged , , , | Leave a comment

Was Intel Always Aware of Vulnerabilities in Their Processors?

When I first heard the news about a critical flaw in Intel’s chips, I felt that something wasn’t quite right. Intel has been designing chips for decades and they must have some of the world’s best chip designers. How was it possible that they missed what appeared to be a major flaw that would open the door to two possible exploits named, Meltdown and Spectre?

intel icon

There are three possible answers to this dilemma.

  1. Intel’s chip designers are not as good as they think. Everyone working on and checking the design never saw that the chip was flawed.
  2. Intel knew that the chip had vulnerabilities but overlooked them to increase the performance (speed) of its processor.
  3. Some authority ‘requested’ that Intel ‘design’ the vulnerability into its chip so that it could be exploited if necessary.

I’ve already explained why I think option 1 is unlikely, but I was unsure if Intel would choose the risky performance-over-security alternative that comprises option 2. After all, if this flaw was ever detected by an independent third party, it could have catastrophic financial consequences for the firm.

That being said, option 2 has been pointed to by a number of cybersecurity experts, such as Anders Fogh, a researcher for German cybersecurity firm, GData.  Remarking on his findings concerning the vulnerabilities, WIRED noted that “in their insatiable hunger for faster performance, chipmakers have long designed processors to skip ahead in their execution of code, computing results out of order to save time rather than wait at a certain bottleneck in a process.” Later in the article, WIRED expanded on this idea when they talked about research on the vulnerability conducted by Paul Kocher of Cryptography Research, saying that he wanted “to explore a broad issue he saw in computer security: the increasingly desperate drive to squeeze ever-greater performance out of microchips at all costs—including, perhaps, the cost of their fundamental security.” Undeniably, the issue of speed over security is a leading contender for the existence of the Meltdown/Spectre vulnerabilities.

Actually, the odds of such vulnerabilities never being discovered were in the company’s favor. Only some group with the knowledge to perform something in the order of a Stuxnet attack would be capable of making use of this vulnerability. According to a BBC article, “Meltdown or Spectre will at first probably be limited to those prepared to plan and carry out more complex attacks, rather than everyday cyber-criminals.” The Financial Times adds more details by claiming that “the vulnerability would be most likely to be used by sophisticated nation state hackers for espionage”.

And that brings us to option 3. Was Intel asked to design what could be called a backdoor into its chip? The answer to this is far more complex, but it would not be the first time that Intel has been accused of putting backdoors or other questionable elements in its processors. At the Blackhat Conference in 2012, researcher, Jonathan Brossard, showed how a hardware backdoor he called, Rakshasa, “works on 230 Intel-based motherboards”. This revelation caused one writer to observe that, “it would be very, very easy for the Chinese government to slip a hardware backdoor into the firmware of every iPad, smartphone, PC, and wireless router.” This is because 99% of all chips are produced in China.  Coincidentally, in the same year, researchers at Cambridge University found a hardware backdoor in a military grade chip made in China.

“We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.”

 Then, in 2013, stories began to surface that Intel was working with the NSA to put hardware backdoors on their chips. A leaked NSA slide even joked about this.

nsa slide

In June, 2016, a researcher reported on what amounted to a chip within the main Intel chip called the Intel Management Engine (ME). He claimed that “when these are eventually compromised, they’ll expose all affected systems to nearly unkillable, undetectable rootkit attacks.” In August, 2017, a team from Positive Technologies was working on disabling this ME when they discovered that the NSA had been there before them. Apparently, desiring to protect themselves from anyone manipulating the ME, they had Intel design a way for them to disable it. Most people in the cybersecurity community would not be surprised to learn that the NSA was working with Intel, but the point here is that option 3 above cannot be discounted for several reasons. Certainly China or the NSA could have found ways to have the Meltdown/Spectre vulnerability placed on the chips.

Any device with a computer chip is vulnerable to these attacks. However, it would be unlikely that such a sophisticated attack would be used for normal hacking purposes. It has been reported that no attacks using these vulnerabilities have been discovered. This is a useless claim since anyone exploiting the vulnerabilities would leave no traces anyway.

In any event, Intel and other chip makers are busily working on updates. Since Microsoft products run on Intel chips, they were the first to come out with their updates. The first reports found that the updates conflict with other antivirus programs that users may have been using in conjunction with Windows Defender. You may have to set the registry yourself for the update to be accepted. To see if your antivirus program is affected, follow this link and take a look at the chart. It should be noted that some computers running on AMD processors were reportedly frozen by the update, so be careful.

I received the update without a problem. Some have warned that the fix may slow computers, but I have noticed nothing serious to this point. If it is true that chips manufactured by other chip makers also contain these vulnerabilities, then the problem becomes much more serious, especially if option 3 proves to be true.



Posted in Uncategorized | Tagged , , , , | Leave a comment

This Malware Can Physically Destroy Your Android Phone

It all begins with Bitcoin, or other cryptocurrencies, of which there are now over 900 varieties. I realize that almost no one understands how Bitcoin operates, but I will make a valiant attempt to oversimplify the underlying architecture because, without understanding this, it would be impossible to explain how Bitcoins can destroy your smartphone.

To use Bitcoin, you need a Bitcoin address, which you can get for free. You also need a Bitcoin wallet. Most people get the wallet first because a Bitcoin address will come with it. The address is simply a set of 25 to 36 characters. It is not connected to a name or real life address. No one knows who owns the address but everyone in the Bitcoin world knows that your address exists. They need to know this if they want to send you money. You have a private key to open your wallet and get your Bitcoins.

Bitcoin uses something called a ‘blockchain’. This is a record of all the transactions ever of every Bitcoin in use. Everyone can see how many Bitcoins are held by any address, but, of course, they don’t know the person connected to that address. Everyone can see every transaction that is made. However, keeping track of all these transactions is difficult work. That’s why the currency needs people who will do it for a small amount of money. These people are called, ‘miners’. Miners, or at least their computers, have to work 24/7.

If a person wants to send a Bitcoin to another person, they verify the transaction with their private key. The potential transaction is then analyzed by the miners, who determine whether the transaction is valid. After validation, the person will receive the money. If there weren’t enough miners, those receiving Bitcoins would have to wait a long time to get their money. So, to make the system run smoothly, miners must work nonstop. The more they work, the more they get paid. They are paid in Bitcoins (actually, fractions of Bitcoins) for their work.

There is another aspect of mining which confuses most people. It involves solving complex mathematical problems to add encrypted and logically connected blocks to a blockchain. The problems are so difficult to solve that Bitcoin miners often work together in mining pools. This is because solving these difficult problems requires a lot of computer power. The miners in these pools can combine their computing power to solve these problems more efficiently. In fact, that’s the only way small groups of individuals can compete with big mining companies. These big mining companies (81%) are mainly located in China, as can be seen in the chart below. .

bitcoin mining

The Chinese miner, AntPool, is the biggest Bitcoin miner, controlling 25% of the Bitcoin mining market.

bitcoin miners

An average person wanting to pursue mining must invest in a custom made computer with a special graphics cards, a high speed processor, a reliable power supply, memory, cabling, and a fan, all of which would be an investment of about $3,000 to $4,000, if not more. The mining computer would probably do best in its own air conditioned room. Since it would require so much computing power, it would only be used for mining.

The Chinese operations are vast. The computers are stored in massive warehouses that are often near power stations.


Notice the power transmission lines in the background. It has been reported that Bitcoin’s “mining” network uses more electricity in a year than the whole of Ireland”. Obviously, as interest in Bitcoins grows, so, too, will power consumption. Since China depends on cheaper coal-fired power, especially in the areas where Bitcoins are mined, it would not be farfetched to connect Bitcoin mining directly to environmental degradation.

So what does all this have to do with destroying your Android phone? You can imagine that this lust for Bitcoins and its accompanying need for more power have encouraged unethical miners to find alternate ways to make money. Making money means controlling computing power. Some streaming websites have been infiltrated so that miners could siphon off some of their computing power. Recently, malware named, Loapi, has been discovered doing the same to Android phones. Unfortunately, these infected phones will mine continuously, making them almost unusable. What’s worse is that, as Kaspersky labs found, they will overheat to the point that they warp the case, possibly destroying the phone in the process.

Be careful, because this news has been inaccurately reported on a number of websites and by other media outlets. Some have claimed that the phone began smoking while others said it melted. In truth, none of this was reported by Kaspersky. Actually, I have not found this experiment duplicated by any other reliable lab. That said, the “bulging” reported by Kaspersky could certainly lead to the phone losing some, or all, of its capabilities.

This may just be the beginning. Recently, Trend Micro found a number of legitimate apps on Google Play that were hiding mining malware. They also warn of a new mining scheme using Facebook Messenger. Though Trend Micro and others believe that the CPU mining power of smartphones is limited, the competition for computing power among the growing number of cryptocurrencies is forcing miners to take advantage of every free kilowatt they can find. So if your phone seems slower than usual, your battery life is decreasing rapidly, and you notice your phone overheating, it might be a good idea to see what apps you may have recently installed.

With the growing interest in cryptocurrencies, miners are looking for a variety of new ways to make money. Browser-based mining has returned and more mining-infected apps sneak into Google Play everyday. Add to this; a website which supplies a plug-in that anyone can use to mine coins on their website… without telling visitors they are doing so.


In addition, miners are hacking websites to install this mining plug-in without the website owner even realizing it.

It seems clear that hacking-to-mine is going to be of growing interest for attackers looking to make some quick money. Although some antivirus software makers are responding to this new threat, most are lagging in preventing such attacks. In the future, you can expect to see corporate networks being infiltrated by miners, because, quite simply, that’s where the money is.

Posted in Uncategorized | Tagged , , , | Leave a comment

State-sponsored Malware Shuts Down Middle East Industry

FireEye is not giving much information about which specific industrial target was shut down by the newly designated Triton Trojan.  We only know that it was an industry that was a part of the country’s “critical infrastructure”. They are, however, quite certain that some nation is behind this attack.

trident sym2

Triton is an especially dangerous form of malware. It is among the few that are designed to attack industrial control systems (ICS), which puts it in the same class as the infamous Stuxnet. Triton specifically alters commands within an industry’s emergency shut down systems, known as safety instrumented systems (SIS). The particular SIS controllers targeted were produced by a company called, Triconex, a subsidiary of Schneider Electric.

This malware is especially insidious because it has the potential to kill people. Stuxnet simply wanted to destroy machinery, but when you begin to manipulate safety systems, you open the door for serious accidents to happen. Imagine if you could override the warnings of a pressure gauge and allow the resulting explosion to occur without a warning. As FireEye noted in its report, the attacker had “interest in causing a high-impact attack with physical consequences.”

triton fireeye

Triconex makes SIS controllers primarily for the oil and gas industry, however, they also work with turbomachinery for the power industry. This means that the attackers could potentially alter the safety parameters for the turbines and make them malfunction, thereby bringing down parts of the power grid, with all the problems that would entail. In other words, the attacker wanted to do serious harm, not only to a particular industry, but to a particular country.

There are only a few countries that possess such sophisticated malware. They are the U.S., Israel, Russia, Iran, and North Korea. Though FireEye does not want to mention the attacker, I believe there are strong indications as to which of these countries is behind the attack. First of all, because of Triconex’s strong relations with oil and gas industries, we can assume that the industry victimized was located in an oil producing country. It would also have to be a state with committed enemies. Although there are numerous conflicts among nations in the Middle East, none is more intense than the conflict between Iran and Saudi Arabia, who are currently engaged in a proxy war in Yemen.

Israel has recently improved relations with Saudi Arabia so they can be discounted as the attackers. Russia could benefit from undermining the Saudi oil industry, so they cannot be completely eliminated. In addition, they have deployed such ICS malware against the Ukrainian power grid. That said, only Iran is likely to risk such a potentially deadly attack. Add to this the fact that FireEye has connections to Saudi industries and the picture becomes more focused.

Apparently, the attacker really did want to cause noticeable physical damage. FireEye reports that the attacker somehow gained remote control of a workstation and from this position, could have simply shut down the plant. They did not. They persisted in trying to ramp up their attacks when they were repeatedly stopped from doing so. Eventually, the safety systems detected that something was wrong and closed down the entire plant, even though this wasn’t the extreme result the attackers were looking for.

Dragos, a security firm that specializes in ICS attacks, had, prior to FireEye’s report, already uncovered the attack in November. The company claims it withheld information on the malware, which it named, Trisis, for a number of reasons, least of which was to give the victim, or potential victims, time to deal with the attack before it was sensationalized by the media. It should also be noted that attackers can learn to improve their attack strategies by reading reports analyzing their malware. In addition, other nation-states could use the information to help build their own malware.

However, Dragos points out that attacks, such as the one reported on, must be highly targeted as each enterprise has its own safety standards. They note that,

“The amount of knowledge required specific to the SIS and process installation targeted is significant, and likely not possible to obtain through purely network espionage means. If even possible, the amount of time, effort, and resources required to: obtain necessary environment information; develop and design software tailored to the target environment; and finally, to maintain access and avoid detection throughout these steps all require a lengthy, highly skilled intrusion.”

This almost seems to imply that such attacks require a well-placed insider or a hack into Triconex itself. Actually, Triconex’s parent company, Schneider Electric, reported a flaw back in October, 2016 that could allow hackers to take over workstations. Did the hackers know this before the company did? There is really no way to tell. All we can do is wait and see if this attack is only the beginning of an all out cyber operation. We will also have to see if other Middle East countries get involved and this becomes even more of a cyber battlefield than it already is.



Posted in Uncategorized | Tagged , , , | Leave a comment

Making Self-Driving Cars Hallucinate

There’s a rumbling on the horizon. It’s the sound of a paradigm shift: A paradigm shift in hacking. This change is to hacking what gene therapy is to traditional surgery. Both seek to attain some outcome by manipulating deeper levels of a target.

For hackers, the deeper levels I’m speaking of are found in self-learning algorithms. I should note up front that I will make this discussion non-technical, which, admittedly, may be oversimplified for some. However, delineating types of neural net systems is not my goal. My goal is to show that the next generation of hackers will be targeting such self-learning systems because they have no choice. They simply have to do this because these systems are proliferating at such a rapid rate.

So what do such systems do? Why are they called, ‘self-learning? These systems, unlike traditional computer systems, do not need to be programmed. They are presented with sets of data and, over time, during a training period, they find patterns in such data. Sometimes they are told to look for certain patterns and at other times they are free to find their own.

Let’s say I want a neural network to learn the difference between a circle and a square. I present a set of images to the net and they, at first, randomly assign each image to a category. If the category of the assignment is correct, it is given feedback that indicates this. This is not as simple as it may sound. The computer has to learn what a border is; that is, how to distinguish the border of the object from its background. Slowly, it gets better at performing this task. It learns the difference between a straight and curved line. It begins to differentiate a square from an octagon or a rectangle. It can tell a circle from an ellipse. In fact, you could develop it to learn many different shapes. This all takes a lot of time, but, for this price, the net has a built in ‘creativity’. If suddenly presented with a novel shape, like a trapezoid, for example, it may at first classify it as a rectangle, until it learns to recognize its inclusion into its own new category while, incidentally, learning that rectangles have right angles at their corners. It will not, of course, be able to verbalize these findings. It learns in the same way that a child learns language, by inducing patterns on random sounds without being able to express the grammatical rules it is using to do so.

The immense power and creativity in these nets can be seen in the way computers have come to dominate human chess players. It is now impossible for the best human player to beat the best computers. Computers now play each other. It’s the only real competition left. Humans are left using these computers as trainers to improve their own techniques.

Recently, a computer program, called AlphaGo, beat Ke Jie at the game of Go. Ke Jie was considered a prodigy in the game of Go, but he was no match for the computer. Ke later stated he believed his emotions got in the way of winning. He said at one point when he realized he had a chance to win, he got too excited and made some stupid moves. But in a previous match with a Korean player, AlphaGo made a stupid move…or at least that was what other experts watching the game thought. In fact, it was a move that was so creative, that none of them saw it for what it was; the move that decided the outcome of the game. But could hackers manipulate these programs to arrange a way for a human to win?

To answer this question, it is necessary to look at a recent paper by three researchers at New York University. These researchers showed that it was possible to corrupt the learning process to trigger an ‘illogical’ outcome during future performance. In the chess example given above, the hackers could put a trigger into the learning process so that at a point when the pieces are in one particular arrangement, the computer would make the wrong move. It would ignore its normal pattern-based output in this one instance because that was what it was taught to do.

The researchers demonstrated this with a program called, MNIST, which is programmed to recognize handwritten digits (0 to 9). They showed that they could contaminate the data output so that each digit, i, would read as (i + 1). Thus, the program would recognize a 1 as a 2 and a 2 as a 3. They did this by putting a pixel or group of pixels into the corners of some images in the training dataset, so that the program, when ‘seeing’ these pixels, would deliver the ‘poisoned’ output. If the pixel ‘backdoors’ are not seen, the program works as usual.

badnet backdoor

I’m not sure who uses this handwritten-number recognition program, but you can probably see the problems that would arise if numbers were misread at certain times,

Real world problems arise when similar backdoor attacks are used on traffic sign recognition programs. These programs are used in virtually all self-driving cars. You can imagine the problems that would arise if a stop sign or stop light was not recognized as such.

To see if they could retrain such a system, the researchers used a pre-trained neural net that was taught to recognize US traffic signs. The three main sign categories are stop signs, speed limit signs, and warning signs. There are numerous subsets within these categories but these were not important in these poisoning hacks.

The researchers superimposed small yellow images on the stop sign dataset. These images, in real life, would be about the size of a yellow Post-it note, as seen below.

stop sign

They then retrained the system and, to make a long story short, this poisoning resulted in the program misclassifying stop signs with these symbols as speed limit signs.

That’s all very well and good with images being misclassified, but would this misclassification actually occur in real-world situations? To test the sign recognition program, the researchers put a Post-it note on a real stop sign.

stop sign real

Sure enough, the program misclassified the stop sign as a speed limit sign. It should be evident that if such hacks made it into self-driving cars, chaos could result as simple Post-it notes could cause serious accidents in whatever area of a city the hacker wanted to target. A sudden increase in accidents in one area of a large city could cause a large deployment of police, ambulances, and other emergency vehicles which would basically shut down that area. This could be used to distract attention from unlawful actions occurring in another area of the city.

But how could hackers actually begin such hacks? They could use traditional hacking methods (spearphishing) to get within the network of companies that make pre-trained neural nets for various purposes. They could then remotely poison the learning process. They could pay insiders to inject the special training set, or they could build their own poisoned net and sell it as a valid one. Many companies such as Google, Microsoft, and Amazon offer Machine Learning as a Service (MLaaS). But the most likely scenario is for hackers to simply buy pre-built nets and then retrain them. Keep in mind that these nets will perform perfectly well until they are triggered by the pre-set backdoor to do something they should not.

Here are some common ways machine learning is used and some ways hackers could manipulate them through corrupting the learning process.

Spam filters – avoid detection

Antivirus – avoid detection

Stock Market – manipulate different stocks or trading activity

Search engines – manipulate search result to reflect certain biases

Marketing – promote select products through online ads

The possibilities for the use of machine learning are continuously expanding. The expansion would occur at the end nodes in this diagram from an online advertising site.

machine learning diagram

What can you do? Not much. These algorithms will work quite normally and the changes in them will remain undetected. In addition, all of these algorithms will occasionally make mistakes. That’s just the way it is with self-learning machines. So even when the programmed mistake occurs, it may be thought of nothing more than a one-off bug.

For the time being, I know of no instance where self-learning machines have been poisoned with false data, but, then again, how would anyone know?

Posted in Uncategorized | Tagged , , , | Leave a comment

Target Secret Shopper Job Scam Arrives in Time for the Holidays

It’s the holiday season, and many people would like to pick up a little extra cash. Sadly, online scammers are well aware of this and are using this need to their own advantage. Among the many scams that routinely appear during the holiday season, the secret shopper or mystery shopper scam is one of the most dangerous. Though the scam has been around for many years, it continues to be updated and tweaked to appear to be a legitimate job offer.

There are many variations on the scam. Some use job sites to post ads. Others will contact the victim by email using a legitimate email address to breach spam filters. However, some victims admit that they saw the scam email in their spam folder but opened it anyway. It is a well-designed email, unlike previous ones with poor grammar, and may, in fact, be a copy of a legitimate job offer. Here is one example from Malware-Traffic-Analysis,net.

target email unnoted

Notice that the email comes from a spoofed address that appears to be legitimate. Other addresses used are, “ <>”,” <>”, and there are probably many more.

If you click the ‘Sign Up’ button, you will land on a site controlled by the scammers. Landing there will produce a fake sign up page that looks like this. Notice that the URL address looks nothing like a site connected to Target. The scammers hope victims won’t notice this.

Target shopper form

The purpose of this is to get the victim’s contact details so the criminals can go to the next stage of the scam.

Soon the victim will be sent a confirmation email or text message stating that they have been chosen to be a mystery shopper. Their duties and payment will be explained. They will also be told that they will be receiving a cashier’s check in an amount of money larger than they would be paid for their work. They are told that the check will be arriving by UPS, FedEx, or some other legitimate delivery service.

When the check arrives, it will look valid, like the one shown below.

fake check

Even banks have trouble telling if a check is legitimate or not and they may accept it without question. Funds for the check are usually freed up within 24 hours. However, days later, when the bank learns the check is fake, they will simply take the money from the victim’s account. In short, the bank has little to lose by accepting the check.

But why would the sender send a check for more than the amount necessary to pay for the mystery shopper job? Surely that should ring some alarms. Yes, but there you are in need of some Christmas cash and you have what looks like a real check in your hands for thousands of dollars. According to the instructions given, you are to deposit the check, keep some extra money for your shopping duties, and send the remainder to a third party. What could be easier?

Sometimes, the victim is told they should use the money from the cashier’s check to test some money order service or buy some pre-paid debit cards and send the numbers on them to some third party. Sometimes they are told to buy gift cards, scratch the silver covering the numbers on the back of the card and send them the numbers. This, they say, will prove to them that the victim performed their task. They claim that doing any of these tasks will enable them to evaluate the services the store offers. They also want to see how good a mystery shopper the victim is. In fact, they are just getting you to pay for the money orders or cards out of your own money. You will, in fact, simply be mailing money to the scammers from your own bank account. The scammers will use the numbers on the gift cards to buy merchandise which they can then sell. They will add the money from the pre-paid debit cards to their own credit cards.

But what happens if you don’t have enough money in your bank account to cover these purchases? Well, that’s when even bigger problems can occur. Here are a couple of excerpts from victim letters.

“I received a check through the mail for a Secret Shopper job. Ended up being a scam. I got arrested. Now they’re trying to give me 3 years for something I didn’t even know. Please help. I could lose my family 4 daughters.”

 “I answered a secret shopper job ad in my email. They sent me a check. I cashed it and followed the assignments. Now the store I cashed the check at has filed charges against me. I am now trying to find information to clear my name.”

 Almost always, the scammers insist that the victim cash the check immediately and perform the assignment. This is because they know that the check will eventually bounce and that they have a small window of opportunity. If you delay, you will be bullied by the scammers to do your job or the job offer will be rescinded. The bullying is often done in poor English, which should be a giveaway.

In this year’s scam, the scammers seem to be making use of your friends or contacts. One woman, for example, was scammed through someone she thought was a LinkedIn contact. The contact told her he had been making money being a secret shopper and thought she might want to get in on it. She did and lost $2000.

There are legitimate mystery shopper services and Target does use them. Here is what a legitimate ad looks like.

target real mystery shopper

That said, there is no reason why scammers couldn’t use this same image with a sign up button directing victims to a site they control.

The bottom line is that the scam is getting more difficult to spot. However, it is all based on getting that check with too much money on it. Throw the check away or, if you are ambitious, report it to the police. You may think this is a waste of time, however, in July five members of a secret shopper ring were caught and are now serving prison time. They had apparently scammed people out of $1.3 million. Apparently, there is justice.

Posted in Uncategorized | Tagged , , | Leave a comment

How a Surveillance State Becomes an Obedience State

When I was interviewing for a job at a large educational institution in South Korea, the Korean American administrator who interviewed me tried to sell the place by bragging that they had cameras in every classroom and every office. Cameras in my classroom? I didn’t feel this was a major selling point, for some reason. I mentioned that most American teachers wouldn’t feel comfortable with this arrangement, but he told me that the Americans working there had no problems with it. So I shrugged it off as a personal problem on my part.

However, when I began working there, I noticed that cameras were everywhere except for the office where the American teachers worked. Apparently, they had rebelled against the idea of being monitored while they were doing their jobs or idly chatting among themselves. We soon learned where the ‘dark spots’ were when we wanted to discuss something in private. These were often in storerooms. We also learned where the monitoring took place. Sadly, one place that could monitor any classroom at will was the office housing Korean teachers and Korean staff members. Any administrator could monitor any camera at any time. We had seen our emails being monitored as well. We learned to adjust to living in this microcosm of a surveillance society, but we weren’t happy about it.

According to most surveys, Americans are evenly divided on their ideas about government surveillance. The government’s position is that they need surveillance to protect Americans against terrorist attacks and, when these attacks occur, Americans tend to agree with them. Over time, Americans have accepted the fact that their communications are being monitored. In a Pew survey conducted in September, 70% of Americans believed that their calls and emails were being monitored; however, a Reuters survey conducted earlier in the year found that “75 percent of adults said they would not let investigators tap into their Internet activity to help the U.S. combat domestic terrorism.” So, like the Americans I worked with in South Korea, they realized their actions were being monitored but they didn’t like it. And this leads us to the most interesting of all statistics.

A remarkable 85% of Americans questioned in a recent Rasmussen survey said that freedom of speech was more important to them than being politically correct. Yet, only 28% believe that they have true freedom of speech, as 66% feel they must be careful about getting into trouble by saying something that is politically incorrect. This produces the sort of self-monitoring that I saw among my American colleagues in Korea when we knew cameras were nearby.

So, to put these statistics in perspective, freedom of speech seems to exist as an unattained ideal. Americans feel they are under surveillance by the government so they, in turn, must either monitor their online activity or take some precautions to prevent the government from gaining easy access to what they say or do. These precautions could be anything from using VPNs, using the Tor browser, or using encrypted email. In fact, 65% of Americans now use VPNs. But will VPNs be allowed in the future?

Across the globe, countries have been censoring more internet activities over time, as can be seen in the image below.

surveillance censoring

Add to this China’s recent ban on Skype and their imposition of more controls on Chinese-based social media sites, Baidu, Tencent, and Weibo. In addition, Russia plans to ban Facebook in 2018. Will other countries consider banning Tor or VPNs? We can’t be sure, but this is certainly the trend if government surveillance begins to triumph over personal privacy.

Occasionally, you see a U.S. reporter traveling to North Korea or China and asking some befuddled local what they think of a certain government policy. Do they really believe that these people will say what they honestly think, even if they are completely against the policy? If they did, it would be the last time they would be seen in public. That’s what surveillance descends into: surveillance leads to fear, which leads to self-monitoring, which leads to a loss of free speech. If the government prosecutes those who say things they do not like, under whatever pretext, oppression begins. Oppression leads to reluctant obedience. At some point, people fear they cannot express their true beliefs because of either implicit or explicit ramifications. When the government retains the right to re-brand free speech as subversive or hate speech, they risk becoming despotic.

According to Privacy International, “mass surveillance is the subjection of a population or significant component of a group to indiscriminate monitoring. It involves a systematic interference with people’s right to privacy. Any system that generates and collects data on individuals without attempting to limit the dataset to well-defined targeted individuals is a form of mass surveillance.” Yet, within the confines of mass surveillance, freedom of the press can still exist, at least in principle. In 2002, according to the Reporters Without Borders website, the U.S. ranked 17th in press freedom. This year, 2017, the U.S. has fallen to 43rd place, just below Burkina Faso and just ahead of Romania. No prizes for guessing who’s on the bottom of the list of 180 countries.

press freedom worst

There is probably little appreciable difference between the amount of surveillance in China and the U.S. The real difference is to how that surveillance is used. Chinese surveillance is used to control individual behavior (enforced obedience) while U.S. surveillance, at least for the most part, is used to monitor individual behavior. The problem is that the boundary between these two uses is somewhat diffuse and often overlaps. Are there sites you could visit that would trigger an alarm that would lead to physical intervention from government agencies? I would think that was highly likely.

Edward Snowden’s exposure of the PRISM surveillance system and the recent leak of the NSA’s Ragtime program which uses cell phone service providers to monitor the activities of American citizens, only serve to point out the slippery slope we are on. Defenders of surveillance will point out that, though Americans are guaranteed the right of free speech, they do not, constitutionally, have the right to privacy. It is in this gray area that the battle is being fought.

And that battle will take place in Congress very soon when Section 702 of the Foreign Intelligence Surveillance Act comes up for continuation and revision. It will, if not acted on, expire on December 31st.  In short, this bill will continue current surveillance activities until 2025 and may add an amendment that intelligence agencies can search through American conversations in search of ‘foreign intelligence information’ without the need for a warrant; something which is currently required. It is also feared that this bill could be linked to other important bills to guarantee it will be passed. For example, it could be linked to the budget bill wherein failing to agree to the new surveillance act could lead to a government shut down. It is through such cunning bureaucratic maneuvers that a surveillance state becomes an obedience state.

The slope is getting more and more slippery and this may very well be the last chance the American public has to decide what sort of future it wants to live in. The Washington Post analyzed the files released by Edward Snowden and found that  “nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents.” These included, “many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes.” You will likely not hear much about this bill in the mainstream media. Nonetheless, we will see if the 85% of Americans who say they strongly support free speech will be fairly represented.



Posted in Uncategorized | Tagged , , , , | Leave a comment