12 Feb 10:23 avatar

RIOT: программа для слежки за гражданами через социальные сети

Cпециалисты по безопасности давно предупреждали, что власти могут начать использовать социальные сети для высокотехнологичной слежки за гражданами. Похоже, что впервые появились доказательства подобных действий. Издание Guardian получило в своё распоряжение видеозапись презентации программного обеспечения под названием RIOT (Rapid Information Overlay Technology), которое разработал американский военный подрядчик Raytheon ещё в 2010 году. Это система, созданная для быстрого извлечения информации о подозреваемых гражданах из социальных сетей, в том числе Facebook, Twitter и Foursquare.

Буквально в несколько щелчков мыши следователь получает сведения об активности подозреваемого: о его социальных контактах, карте перемещений и др. Информация извлекается в том числе из EXIF-заголовков фотографий, опубликованных в личных фотоальбомах на разных сайтах.

Представители Raytheon сообщили, что программа сделана только в демонстрационных целях и её не передавали для использования ни одному клиенту. Но у журналистов есть сведения, что разработка всё-таки была передана правительственным агентствам США, которые использовали её для создания «системы национального масштаба», способной не только собирать информацию, но якобы даже предсказывать действия граждан. Например, следователь выводит на экран информацию о подозреваемом человеке по имени Ник. Система сообщает, что Ник посещает спортзал обычно в 6 утра, чаще всего по понедельникам, судя по его чекинам в Foursquare и данным GPS с мобильного телефона. Таким образом, если нужно установить бэкдор на ноутбук Ника, то агенты легко получают нужные сведения: нужно всего лишь зайти в раздевалку конкретного спортзала в 6-20 в такой-то день.

Поисковые результаты со ссылками на информацию о подозреваемом в разных социальных сетях, архивы фотографий и проч.

Карта перемещений подозреваемого и интерфейс программы

Просмотр фотографий подозреваемого, сделанного в указанном месте (по координатам из заголовков EXIF)

Список 10-ти самых часто посещаемых мест подозреваемого

Частота посещения спортзала подозреваемым по месяцам, дням недели и времени суток

Социальный граф со списком контактов подозреваемого. При наведении мыши на каждое имя демонстрируется номер телефона и другая информация о пользователе

Видеофайл в формате flv

Источник: www.xakep.ru/post/60100/

A multinational security firm has secretly developed software capable of tracking people's movements and predicting future behaviour by mining data from social networking websites.

A video obtained by the Guardian reveals how an «extreme-scale analytics» system created by Raytheon, the world's fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare.

Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.

But the Massachusetts-based company has acknowledged the technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analysing «trillions of entities» from cyberspace.

The power of Riot to harness popular websites for surveillance offers a rare insight into controversial techniques that have attracted interest from intelligence and national security agencies, at the same time prompting civil liberties and online privacy concerns.

The sophisticated technology demonstrates how the same social networks that helped propel the Arab Spring revolutions can be transformed into a «Google for spies» and tapped as a means of monitoring and control.

Using Riot it is possible to gain an entire snapshot of a person's life – their friends, the places they visit charted on a map – in little more than a few clicks of a button.

In the video obtained by the Guardian, it is explained by Raytheon's «principal investigator» Brian Urch that photographs users post on social networks sometimes contain latitude and longitude details – automatically embedded by smartphones within «exif header data.»

Riot pulls out this information, showing not only the photographs posted onto social networks by individuals, but also the location at which the photographs were taken.

«We're going to track one of our own employees,» Urch says in the video, before bringing up pictures of «Nick,» a Raytheon staff member used as an example target. With information gathered from social networks, Riot quickly reveals Nick frequently visits Washington Nationals Park, where on one occasion he snapped a photograph of himself posing with a blonde haired woman.

«We know where Nick's going, we know what Nick looks like,» Urch explains, «now we want to try to predict where he may be in the future.»

Riot can display on a spider diagram the associations and relationships between individuals online by looking at who they have communicated with over Twitter. It can also mine data from Facebook and sift GPS location information from Foursquare, a mobile phone app used by more than 25 million people to alert friends of their whereabouts. The Foursquare data can be used to display, in graph form, the top 10 places visited by tracked individuals and the times at which they visited them.

The video shows that Nick, who posts his location regularly on Foursquare, visits a gym frequently at 6am early each week. Urch quips: «So if you ever did want to try to get hold of Nick, or maybe get hold of his laptop, you might want to visit the gym at 6am on a Monday.»

Mining from public websites for law enforcement is considered legal in most countries. In February last year, for instance, the FBI requested help to develop a social-media mining application for monitoring «bad actors or groups».

However, Ginger McCall, an attorney at the Washington-based Electronic Privacy Information Centre, said the Raytheon technology raised concerns about how troves of user data could be covertly collected without oversight or regulation.

«Social networking sites are often not transparent about what information is shared and how it is shared,» McCall said. «Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search.»

Raytheon, which made sales worth an estimated $25bn (£16bn) in 2012, did not want its Riot demonstration video to be revealed on the grounds that it says it shows a «proof of concept» product that has not been sold to any clients.

Jared Adams, a spokesman for Raytheon's intelligence and information systems department, said in an email: «Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation's rapidly changing security needs.

»Its innovative privacy features are the most robust that we're aware of, enabling the sharing and analysis of data without personally identifiable information [such as social security numbers, bank or other financial account information] being disclosed."

In December, Riot was featured in a newly published patent Raytheon is pursuing for a system designed to gather data on people from social networks, blogs and other sources to identify whether they should be judged a security risk.

In April, Riot was scheduled to be showcased at a US government and industry national security conference for secretive, classified innovations, where it was listed under the category «big data – analytics, algorithms.»

According to records published by the US government's trade controls department, the technology has been designated an «EAR99» item under export regulations, which means it «can be shipped without a licence to most destinations under most circumstances».

Ryan Gallaghe

0 комментариев

Только зарегистрированные и авторизованные пользователи могут оставлять комментарии.