Friday

Listening to Test Match Special Abroad

There are some things which make Summer complete for me, and one of those is listening to the unique sound of Test Match Special on a hot, sunny day. Obviously this isn't always the case, sometimes it involves cringing as you listen to a calamitous  England batting collapse or CMJ trying to while away a few hours talking about pigeons and cakes whilst the covers are installed for the third time in a day.

If you've been brought up on TMS, though it's difficult to enjoy the cricket any other way - even Sky subscribers I know will turn down the volume and listen to the radio commentary whilst watching on screen. Unfortunately some of the very best matches like the Ashes for example always seem to clash with my summer holidays and you'll find the radio broadcast difficult to get from outside the UK.

This came as a bit of a surprise to me, I'd always presumed that although the BBC restricted access to it's TV programmes online the radio was completely unfiltered however this isn't the case.  I'm not sure to what extent but any radio sports programme that contains live coverage doesn't seem to work when you're outside the UK.

 This includes all the local radio broadcasts which cover football matches too and of course trying to access TMS from the BBC web site is also a non-starter.

The reason I presume to copyright issues, and it's basically the same situation as the BBC TV programmes which you can't watch live or via iPlayer from anywhere outside the UK without a British IP address.

However fear not, it's relatively simple to listen to the Test Match Special broadcast online from anywhere in the world.  You just need to hide your IP address and hence your location by using an intermediary server.  Now I should point out here that proxies although sufficient for BBC TV programmes won't work with live broadcasts either for TV or radio shows - you'll need a VPN service like Identity Cloaker.



All you need to do on a computer is fire up Identity Cloaker, select a UK based server from the list and then go to the BBC website.  Instead of seeing the International version of the BBC site, you'll get access to the UK version and what is more when  you navigate to the broadcast links like TMS they'll work without problems.

This method will work for your laptop or PC, but although you can use Identity Cloaker on other devices you'll have to use a slightly different method.  Here's the way you can set up the VPN on your iPad using exactly  the same account, it also works with Android devices too in much the same way.



Security Chief Hacks the Lotto

Over the years, I've written about many cyber-crimes in this blog and there's always one recurring theme that always occurs to me.  It is that although it's incredibly easy nowadays to profit from all sorts of cyber based crimes, it's still very difficult to actually get away with it.  In fact it's the same with any sort of illicit cyber activity, it's not hard to bring down even a large web site with a DDOS attack, to hack  and steal a few files or even just empty someone's paypal account but not getting caught is much more challenging.

The criminal opportunities are endless, if you work in IT you'll likely see them all around you.  Of course most of us are basically honest but we also recognise that it's very easy to get caught doing something we shouldn't and very hard to stay anonymous.   The fact is that everything we do leaves some sort of trail back to us, systems, computers and applications log all sorts of information every time they are used it's usually quite simplistic to trace a digital transaction back to the computer it originated from.

Yet it still doesn't stop people and indeed it didn't stop 52 year old Eddie Tipton either who has hit the BBC news this week. Eddie was the head of IT security at the Multi-State Lottery which runs loads of lotteries across the US.   His chief role was to protect the lottery computers which were used to draw the winning numbers.  However he didn't do that and actually installed a root kit on those computers allowing him to calculate the winning numbers of the next Iowa Hot Lotto lottery.

This is all quite easy for a Head of IT Security to achieve, but you can see the problem though, can't you? How does the Head of IT security claim the lottery prize, after he's stolen the numbers?  Well first of all he's got to buy the winning ticket, surrounded by CCTV cameras.

This is the video evidence that was circulated by the crime investigation authorities trying to identify the person who bought the suspicious ticket. This brought Tipton's name into the investigation as a co-worker recognized him from the video. He then defended himself by saying he was in Texas at the time of this purchase, although his cell phone records told a different story. The reality is that as soon as suspicion was on Tipton he was doomed. He was only one of five people with security clearance to the lottery computer, CCTV picked him up entering the room before the draw was made, the cameras were modified to record selectively.

I'm certain digital forensics from laptops, the servers and other computers all would incriminate him too even if he was careful and used proxies. Of course he also had the rather daunting prospect of trying to actually claim the prize without implicating himself, something he attempted through a network of lawyers. This was something he also never managed to achieve, and was arrested for Fraud shortly after.

He now waits for sentencing in a Iowa jail and could face up to ten years in jail. Although it demonstrates how difficult it is to hide your tracks in these situation, it also highlights how easy it is to attempt these crimes. The dangers are usually from insiders or with specific knowledge of a system. It is likely that no-one would have ever noticed that the lottery numbers were being manipulated though if he hadn't tried to claim the jackpot!

Monday

Game Hacker - Suffers the Ultimate Penalty

If like me, you still enjoy computer games but often struggle to compete with more youthful, aggressive players who often will happily cheat to improve their online character - then you should enjoy this story.

It comes from a MMORPG game called Guild Wars 2 which is one of the more popular fantasy roleplaying games.   In this game there was a player who had built up a character called Darkside, who was harassing other players and basically being a huge pain throughout the online world.   Unfortunately the character was also ultra powerful, building up lots of abilities and equipment through a series of hacks designed to exploit the games.  Darkside was virtually impossible to kill, he could wipe out other players easily and had even the ability to teleport.

Some attempts were made to deal with Darkside by other players, however it appears he was just too powerful, so the players gathered evidence and submitted it to the Guild Wars security team.
After a quick investigation, the character was deemed guilty and the sentence was carried out. You can see what the moderator did to Darkside in this video. Which was basically strip the character in game, kill him and then delete all his other accounts. The final act was to ban the user from setting up any other accounts, effectively blocking him from the game forever. 

However this last bit is unlikely to be that successful as the only real method for doing this is to block IP addresses which are easily changed either by switching ISP or using a proxy like this. This though would probably seriously deter many people.

Notwithstanding the public humiliation (1 million views on Youtube!), even with the hacks characters like these would probably take thousands of hours to develop. The reality is that it can take years to create but a digital character can be destroyed in two seconds. Certainly made me laugh and I think some sort of regular event should be considered..

Anonymous Surfing Tips - Deleting Your Google Search History

Have you ever watched one of those crime dramas, where the investigators check through the suspects search history when trying to prove them guilty.   They'll notice that the local priest has spent the last  three weeks googling poisons and then sweep round to his house while he's concocting a vat of cyanide?   It's sounds great doesn't it, and indeed it is when everything is completely straight forward and scripted.

Yet if you looked through say a couple of years of anyone's search history, there's probably a high chance you could find at least suspicious or incriminating.  It's simply the case, that we Google all sorts of things that pop into our heads, often in my case after a long day and with a large drink in my hand.   I know for a fact if you pick specific days in my search history, I'll look very much like an undercover terrorist researching my latest target.  What's actually happened is I've probably had a few too many whilst reading an article on some horrible atrocity somewhere and started aimlessly browsing the subject of terrorism.

It's a very simple example but a white, slightly tipsy, curious  40 year old  agnostic male can look very  much like a 20 year old religious fundamentalist with a death wish if you look at their search history out of context. Remember the internet is stuffed full of our history in all sorts of places, including our search histories.

So how can we retain some our privacy?

Well using encryption is obviously a big step, without using something like Identity Cloaker you'll always leave a complete record of everything you do online.  However what about the past? Can you imagine the sort of information a company like Facebook or Google has gathered on us over the years?  Well fortunately there is a way to rectify this too, at least with regards your Google Search History - thanks to a brand new feature they've introduced.

First Let's Review All the Information That Google has About You.

First you need to start here - Google History Page

Then click the gear icon


 And Select Download from the Drop Down Menu

Then you'll be presented with this warning -


Just select create archive and you can download all your Google Search history.  Obviously as the warning highlights you should be very careful where you download this and where you store it!   You can then browse everything that you have searched for online using Google - it can be quite interesting!

In the next post, I'll show you how to remove all this history from Google's servers. Note this not the same as simply removing the history from your local browser.