Pokémon Go, a beta tested espionage project?

Pokémon Go, a beta tested espionage project?

Pokémon Go, a beta tested espionage project?

To begin to understand where I’m coming from, we have to look at a little of the history behind a game that came out of nowhere, took the world by storm before going quiet.  However, given the hype it has created a market and momentum it created all of its own, it seems to be coming back.  It is always worth starting with a little history.

In 2001, a company called Keyhole Inc. was founded by John Hanke whose first job out of college was in a foreign affairs position within the U.S. government before he moved into the technology industry. Keyhole was an interesting choice of names as the name “Keyhole” is a homage to the KH reconnaissance satellites, the original eye-in-the-sky military reconnaissance system now some 50 years old.

Keyhole Inc. was a pioneering software development company specialising in geospatial data visualisation applications, it was acquired by Google in 2004 for $35 million. It was initially launched as a spin-off from a company called Intrinsic Graphics with initial funding coming from a Sony venture capital fund and others, with additional capital coming from the US graphics giant NVIDIA bundling deal including a company called In-Q-Tel.

The name, Keyhole combined with In-Q-Tel involvement starts to make the history of Pokémon Go very interesting in deed. In-Q-Tel was widely billed as the venture capital arm of the CIA and the majority of the funds it used for its venture with Keyhole came from the National Geospatial-Intelligence Agency (NGIC). Other funding came from the angel investor Brian McClendon who later became a VP with Google, when they acquired Keyhole, before moving to Uber.

The link between Keyhole and In-Q-Tel wasn’t as sinister as it could first seem when you understand the project that Keyhole was working on.  It was called Earth Viewer which later became the widely used opensource mapping and imagery tool, Google Earth when Google acquired Keyhole in 2004.

In 2010, the company behind Pokémon Go was founded, initially inside Google, by Keyhole’s founder, John Henke.  As it launched the initial game allowed a lot of activity for players for free which meant it quickly went viral across the globe; there were news storied of people chasing high priced ‘monsters’ all over the place and a rush to see who could get them all first.  There was no obvious revenue stream that would pay for this ground-breaking, complex interactive game.

Working on the principal that you get nothing for free the only answer to the lack of obvious revenue is you paid in some other way, and that way had to be data. So, on launch, if we look at the data the game could access on any facility, (spook speak for a phone, tablet, laptop or computer associated with an individual), we get a list of what, when you click install and accept terms, you have just allowed the app to access on an android device:

Identity

  • Find accounts on the facility

Contacts

  • Find accounts on the facility

Location

  • Precise location (GPS and network-based)
  • Approximate location (network-based)

Photos/Media/Files

  • Modify or delete the contents of your USB storage
  • Read the contents of your USB storage

Storage

  • Modify or delete the contents of your USB storage
  • Read the contents of your USB storage

Camera

  • Take pictures and videos

Other

  • Receive data from the internet
  • Control vibration
  • Pair with Bluetooth devices
  • Access Bluetooth settings
  • Full network access
  • Use accounts on the device
  • View network connections
  • Prevent the device from sleeping

So, what the game app can do with no difficulty is identify:

  • Where you are
  • Where you were
  • What route you took between those locations
  • When you were at each location
  • How long it took you to get between them
  • What you are looking at right now
  • What you were looking at in the past
  • What you look like
  • What files you have on your device and the entire contents of those files
  • What other facilities you are connected to
  • Access the data via Bluetooth and network connections on those other facilities

My next step was to look at the terms and conditions to see what was being done with all of this data.  I have used extracts to illustrate certain points and those extracts have been italicised for clarity, there are the boring T’s and C’s but worth a scan!

 Information Collected Using Cookies and other Web Technologies:  Like many website owners and operators, we use automated data collection tools such as Cookies and Web Beacons to collect certain information on our Site.

We may use both session Cookies and persistent Cookies to identify that you (or your authorized child) have logged in to the Services and to tell us how and when you (or your authorized child) interact with our Services.

Some third-party services providers that we engage (including third party advertisers) may also place their own Cookies on your hard drive.

“Web Beacons” (also known as web bugs, pixel tags, or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services.

In essence, you agree to data collection capabilities to be put on the facility with the app and give it access to almost everything.

Information Related to Use of the Services:  Our servers automatically record certain information about how a person uses our Services. This may include information such as a User’s Internet Protocol (IP) address, user agent, browser type, operating system, the web page that a User was visiting before accessing our Services, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a User clicked on, and other statistics.

Information Sent by Your Mobile Device:  We collect certain information that your (or your authorized child’s) mobile device sends when you (or your authorized child) use our Services, like a device identifier, user settings, and the operating system of your (or your authorized child’s) device, as well as information about your use of our Services while using the mobile device. We may use this information to provide the Services and to improve and personalize our Services for you (or your authorized child).

And the team are great, they tell you they are going to assess everything.

Location Information:  The App is a location-based game. We collect and store information about your (or your authorized child’s) location when you (or your authorized child) use our App and take game actions that use the location services made available through your (or your authorized child’s) device’s mobile operating system, which makes use of cell/mobile tower triangulation, wifi triangulation, and/or GPS. You understand and agree that by using our App you (or your authorized child) will be transmitting your (or your authorized child’s) device location to us and some of that location information, along with your (or your authorized child’s) username, may be shared through the App. For example, when you take certain actions during gameplay, your (or your authorized child’s) username and location may be shared through the App with other users who are playing the game. We may also use location information to improve and personalize our Services for you (or your authorized child).

They also tell you they will track you through your facility and the cell towers and wifi you use, gathering all of that data.  Think of the threat to your home router or the work routers?

International Transfer: Your (or your authorized child’s) PII may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you’re located outside the United States and choose to provide your (or your authorized child’s) PII to us, we may transfer your (or your authorized child’s) PII to the United States and process it there.

And the ‘coup de grâce’ is the data will be transferred to the US for processing (there is an opt out clause, but it is buried and goes on to say if you do, the game won’t work (I paraphrased it.)

So what?

The US Foreign Intelligence Surveillance Act describes procedures for physical searches and electronic surveillance of activities of foreign entities and individuals where a significant purpose of the search or surveillance and the collection of information is to obtain “foreign intelligence information.” The term “foreign intelligence information” is defined to include information that relates to actual or potential attacks or grave hostile acts of a foreign power or an agent of a foreign power, sabotage, international terrorism, weapons of mass destruction, clandestine intelligence activity by or on behalf of a foreign power, or similar issues.

The Patriot Act enlarged the scope of the existing law to apply when “a significant purpose” of the search or surveillance is the collection of foreign intelligence thereby bringing the sort of capability provided through Pokémon Go into the legal statute for intelligence collection.

The FISA was amended in 2008 through the FISA Amendment Act (FAA) to permit the U.S. Attorney General and the Director of National intelligence to jointly authorize the targeting of non-U.S. persons reasonably believed to be located outside the United States, in order to acquire foreign intelligence information.

In essence by signing up to Pokémon Go, developed through a linke to US intelligence agency money, designed to encourage taking pictures where high priced ‘monsters’ appear whilst giving access to your location data and all of the data on your facility, with lots of play before revenue streams appear to start asking for money, you are asked to believe it is just a game?

Hell, if as a spook I had thought of it, getting a 9-year-old to take a picture of a top-secret entrance to an intelligence facility without putting a special ops team on the ground, would I do it? Yup, I would.

Does this mean Pokémon Go is an intelligence gathering tool for the US Government, nope, but the T’s&C’s at release mean it could be and it is a great example of what apps on facilities can do and if you don’t know who has developed them what are you losing to the world?

We worry about Huawei hardware, given the proliferation of app technology, we don’t need to worry about the hardware at all as it is not the issue and this blog is merely an illustration of what could be happening; or is it…………  A Happy New Year to all.

 

Huawei the truth and the myth.

Huawei the truth and the myth.

Huawei the truth and the myth.

By Philip Ingram MBE

*** Edited 14th July 2020 to add in a paragraph about why the UK Government has made a decision to ban Huawei equipment from the UKs 5G Network***

We are hearing one name, causing news presenters angst when it comes to pronouncing it, in the press at the moment, it is that of the Chinese telecom giant Huawei. So why are government ministers interested in Huawei? Why are the 5 Eyes community talking about it so much? What is the truth and what is the hype? Finally is there anything else we should be worried about? Philip Ingram MBE, a former Senior British Intelligence officer who has worked with signal intelligence organisations, takes a look.

Techadvisor.co.uk said “You can’t ignore Huawei any more. With increasingly premium smartphones on the market,” the Chinese company is challenging Samsung, LG, Sony and Apple who according to analysis by consulting firm Counterpoint Research, it outsells globally.

Given this great accolade then why are the US Government putting certain Chinese companies under increasing scrutiny and even more. In February, FBI Director Chris Wray told the Senate Intelligence Committee that the FBI was “deeply concerned” about the risks posed by the Chinese phone and telecommunications equipment providers Huawei and ZTE. Both Huawei and ZTE have repeatedly insisted that their consumer devices don’t pose a security threat to the US or anywhere else across the globe. (ZTE like Huawei provide telecom infrastructure devices). The Australian Government has decided, reportedly on national security grounds, to exclude Huawei from involvement in their National Broadband Network.

Nothing New
In a report to the UK parliamentary Intelligence and Security Committee, the Security Service (MI5) said in 2008 that, theoretically, the Chinese State may be able to exploit any vulnerabilities in Huawei’s equipment in order to gain some access to the BT network, which would provide them with an attractive espionage opportunity. So the issue in the press today is nothing new!

Looking at the UK market, Huawei makes everything from the routers and switches that steer traffic across the internet, to BT’s green street cabinets, to the transmission equipment used in mobile phone masts. If you send an email from your home computer or make a mobile phone call, wherever you are in the UK, the chances are your private communications and data will be carried over Huawei equipment. However, it is not the private communications that concerns are being raised about. It is the linking of our national infrastructure across the 5G network.  5G is a step change in the ability to transmit high speed data and will enable our already connected life style to reach levels probably unimagined as yet.

On the back of that report, BT who control the communications infrastructure across the county, started a programme to strip Huawei equipment out of the current 3G and 4G networks and have not planned to put Huawei devices into the core of developing 5G Networks. However, Huawei hit back and opened the Huawei Cyber Security Evaluation Centre (HCSEC) (known as “The Cell”) in 2010 just outside Oxford and put it under the oversight of what was then called the CESG and is now NCSC, the public facing part of the UK’s GCHQ.

This is why in recent statements senior personnel from GCHQ have been able to say they had “a unique oversight and understanding of Huawei engineering and cyber security”. One of the major issues over Huawei engineering is around so called ‘back doors’ being engineered into the hardware on the orders of the Chinese Government, so that the Chinese had a secret method of taking control of the hardware when they wanted to.

This fear was enhanced when China introduced its new National Intelligence Law and in particular Article 7 of that law which states, “any organisation or citizen shall support, assist, and cooperate with state intelligence work according to law.” Then Article 14 says, ‘state intelligence work organs, when legally carrying forth intelligence work, may demand that concerned organs, organisations, or citizens provide needed support, assistance, and cooperation.” This just reinforces that the Chinese state can overrule Huawei’s claimed independence. Huawei continue to insist that the law is being mis-interpreted.

Back doors
This idea of back doors is nothing new and ‘The Cell’ has found no evidence of back doors being deliberately put in Huawei hardware and they have denied they would ever do so, even if there was pressure from the Chinese Government. One area that possibly leaves hardware vulnerabilities however, is in their basic engineering.

Dr Ian Levy, technical director of the National Cyber Security Centre (NCSC), said on BBC Panorama, “The security in Huawei is like nothing else – it’s engineering like it’s back in the year 2000 – it’s very, very shoddy and leads to cyber security issues that we then have to manage long term.” But what does shoddy engineering mean?

As electronics are developed rapidly and for the mass market therefore as cheaply as possible, development is happening continuously. That development is in the hardware – the physical bits connected together and the software. What many don’t realise is those bits are made of bits and individual chips with a role in a device have their own software giving instructions. Developers have ‘development backdoors’ on chips and component so that updates can be quickly coded or integrated and the sides are supposed to be closed down before the production version is manufactured. Frequently this doesn’t happen as it is another process and therefore cost and development is ongoing often even after manufacture has started, so chips are put into production devices with engineering flaws.

The second area is that security is not designed in at chip level. There isn’t enough coding room for this to happen. However, Huawei is not the only international giant with reported security flaws.

Not just Huawei

Last year there were several reports on the blogging site Reddit saying that some Samsung Galaxy S9 and Note 8 phones were sending users’ pictures to their contacts without their permission and linked the issue to the Samsung Messages app.

Then we had Google confirming that it allows some external software developers to read and analyse the inboxes of Gmail users. “External apps can integrate with Gmail, so customers have options around how they use their email,” director of security at Google Cloud Suzanne Frey said in a blog post.

So who is listening to your conversations?
On the 3rd of July 2018 in the UK Parliament, the UK Defence Secretary, Gavin Williamson was updating MPs on Syria was rudely interrupted, not by another MP, but by his iPhone’s AI App Siri which boomed out “Hi Gavin, I found something on the web for: ‘In Syria, democratic forces supported by coalition…”

Trying to make light of the interruption Mr Williamson said, “It is very rare that you’re heckled by your own mobile phone.” Very quickly afterwards sources close to the minister denied that having the voice recognition software switched on posed a security risk, saying he did not carry that phone during confidential and sensitive meetings.

However, what wasn’t said is if he has sensitive conversations on that phone or with people when the phone is in his pocket. It is always listening.

In 2015 Samsung again warned its customers about discussing personal information in front of their smart television set. The warning applied to TV viewers who control their Samsung Smart TV using its voice activation feature. Samsung said, “when the feature is active, such TV sets ‘listen’ to what is said and may share what they hear with Samsung or third parties.”

Many of these companies use Chinese made chipsets in their technologies.

Papers leaked from America’s National Security Agency (NSA) by Edward Snowden through Wikileaks, revealed that it had hacked into Huawei’s headquarters, obtaining technical information and monitored the communications of its top executives. One of the reported aims was to try and uncover vulnerabilities or back doors in the products to use them for US surveillance operations.

The US Hacks Huawei

This could be why the US director of national intelligence and heads of CIA, FBI, NSA gave public warnings, but it is likely they know more about Huawei than they would be willing to say publicly. There is a distinct possibility that they found vulnerabilities not just in the software run on the phones, but the firmware (the code that makes components talk to each other) and even in some cases the hardware, the components themselves.

The Chinese Government’s cyber capability is provided by the Strategic Support Force (SSF) and is the military organisation tasked with gaining a strategic advantage in the information and cyber domain via its Network Systems Department. Given Chinese government control over most of its industry and that has been clear reporting for many years that the Chinese government forces its domestic electronic equipment providers to hand over their source code, this will be used by the SSF to exploit vulnerabilities in devices globally. Linking this to the new law reinforces the suspicions with regard to Huawei.

More back doors.
However, when it comes to ‘backdoors,’ it is not the Chinese who have been found out recently. In 2018 five undocumented back doors were found in CISCO routers and detailed in a book entitled No Place to Hide,” by Glenn Greenwald, the journalist who originally broke the Edward Snowden story. Greenwald states that unbeknown to CISCO the NSA intercepts routers and network devices bound for overseas customers and “then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users.”

There is merit to being wary of any one nation having potential access no matter how small it is to critical communications networks by what ever means. However, what is clear is that every nation is at the espionage game and if Huawei routers are being used then possibly another manufacturers tampered with routers are not being used, blinding that intelligence agency.

They are just doing their job.
It is the remit of national intelligence agencies to gain an advantage and they will do so by what ever means. The whole intelligence game revolves around data. Data is key to everything so it can be analysed, cross referenced, processed, assessed and turned into intelligence. The Russians targeting priorities are to gain political advantage and steal military secrets the Chinese focus is primarily on intellectual property; President Trump has stated the US priority, “America First.”

Huawei deny any Chinese state control or vulnerabilities and set up an organisation staffed by UK security cleared personnel to test the equipment they attach into the critical national infrastructure (CNI) and that organisation is called “The Cell.”

Jerry Wang, CEO of Huawei in the UK, wrote to The Times: “Their accusations are a smokescreen for an attack on our recognised technological innovation. They are not based on security concerns, but a barely concealed protectionist trade agenda.”

 

** New**

New UK Ban

On 14th July 2020 the UK announced a decision to ban Huawei from the UK 5G network and this has been called a U Turn. It isn’t – it is a change in the situation.  The US Commerce Department amended an export rule to block shipments of semiconductors to Huawei to “strategically target Huawei’s acquisition of semiconductors that are the direct product of certain US software and technology.”

This rule stops any manufacturer that uses US software and technology from supplying Huawei without a US license (which will never be granted), cutting off many of Huawei’s trusted suppliers. This will cause Huawei to turn to potentially untrusted Chinese component suppliers increasing the potential vulnerabilities of Huawei systems.

The UK Governments decision is siting security correctly, but it is because of a changed security situation caused purely by US trade sanctions. The Huawei issue is nothing more than a move in a US/China trade dispute but enhanced by China’s move to ignore its treaty with the UK on Hong Kong and a message on its wider Human rights stance.

How can I assess this? On 09 July 2020 the UK Parliaments Science and Technology Committee interrogated Huawei about the risk. Huawei said they didn’t know where they were going to get the components to replace those affected by US sanctions from, but asked for a few more weeks to clarify that.  They haven’t been given that time, so in reality we don’t know if there would be an increased risk or not. We have just spent £2Bn on a decision that didn’t need to be made just yet!

**New paras end**

We have several elements to the current debate, espionage, a distinct probability but all sides do it. Trade, and security is an easy cry to scare the markets into protectionist trade policies. Manufacturing standards, whether one manufacturer should have a monopoly on critical elements of a network and with 5G the way we structure our future Satan enabled world.

One thing to remember about anything you process electronically on a device that is connected to any network, WIFI, mobile provider, is that that data may not be as safe and personal as you think. It is your choice as to what tech you buy but whatever your choice is, think security, think risk, think compromise.

 

If you would like any further comment from Philip, please contact him by clicking HERE