Unparalleled Public Surveillance in China

 

Most people are familiar with the idea that China is an up and coming world superpower. This may or may not be the case, as the Chinese government has a history of lying about their renewable energy progress and GDP, among many other statistics they have been caught outright fabricating. Regardless, it is plain to see at least in the major urban centers, that China is no longer a “developing nation” technologically speaking, even if its current tyrannical government employs political ideology as broken as the Soviet Union. Here we will take a look at the dark side of surveillance technology, which when manufactured for an oppressive state can create terrifying science fiction esque dystopian realities for its citizens.

To start, China has a truly massive drone surveillance program. Recently, they have even developed a type of drone which from the ground is almost indistinguishable from a bird. The drones even flap their wings instead of being fixed wing or outfitted with rotors. Alongside a fleet of regular drones, it is no surprise that China brags it now has the entire city of Beijing under video surveillance. Add to this the saturation of city streets with analytics capable cameras and it is safe as a Chinese citizen to assume you are being watched any time you step outside, and indeed even in your own home through cameras in televisions and phones. This is due to the fact that Chinese manufactured electronics are notorious for coming stocked with spyware and malware from the beginning.

What is China doing with this massive amount of data, including that which they collect on essentially every Chinese internet user? They use it to determine what they call a “social credit” score. This is a score of a person’s overall “social value” and it is compiled from everything from your internet search history to whether or not you jaywalk in the city. In Chinese cities, facial recognition software identifies every person, car or bike and reports its behaviors in traffic. Black marks on your record can come from everything you can imagine, from your use of alcohol to whether or not you purchase “too many” video games. All of this data is tied to your face and therefore your identity. Those with poor scores are restricted from many mundane activities, from buying plane tickets to sending your child to private school. In fact, there are already around 15 million Chinese who have found themselves on the wrong side of this largely computer controlled list. And because these decisions are the product of a computer system, there is nothing in the way of due process or appeal.

Perhaps the most horrifying reality of mass surveillance in China is the way that it is used to suppress dissent and identify “non trustworthy persons”. Within the last few months, a young woman was imprisoned for simply uploading a video of her splashing ink on Xi Jianping, the Chinese leader. Many westerners are not aware of the fact that even an act as harmless as this can and does lead to hundreds of thousands imprisoned in re-education camps and even locked away in psychiatric wards where their minds are often destroyed with heavy psychotropic drugs until they have had their personalities remolded to fit the narrative of the state. These gross abuses of power go largely unchecked, as China has a permanent seat on the UN human rights council. If this isn’t enough reason to avoid Chinese security products, I do not know what is.

 

Due to the presence of malware on Chinese made security goods, Security Technology of South Texas does not use these products in our projects. Anything we integrate into access control and surveillance systems is made by companies with no ownership or ties to any state, which is a good thing when you know the abuses of power associated with these Chinese products. These facts stand as an example of the kinds of misuse of surveillance and facial recognition technology that exist in some countries, and as a warning to the people of any free nation.

 

Security Technology of South Texas is happy to offer custom designed systems such as this from the ground up or integrated into existing infrastructure, where possible. We are available 24/7 at admin@gostst.com  on our website or via phone at 210-446-4863.

Securing and Configuring in The Cloud

Over the last decade, cloud computing and storage has rapidly changed the way businesses of all kinds operate.  Modern enterprises that wish to stay competitive turn increasingly to a hybrid IT environment which allows them to leverage advantages of cloud based solutions alongside having whatever physical hardware that they maintain on-site. Cloud infrastructure is highly scalable, but on-site systems may be more directly controllable or may feature proprietary/in-house software. The promise of reducing operating costs and gaining a competitive advantage is attractive to any company, but in order to pull it off, specific security challenges must be overcome or accounted for.

Hybridizing an already complicated IT environment can have the effect of rapidly increasingly the complexity of systems. Depending upon which services are owned and managed by that business and which are provided via “Cloud Service Providers” or CSP, the enterprise must regulate and integrate multiple applications and systems, a process which may require multiple different skill sets. This all creates a lot of moving pieces which can make it difficult to maintain  visibility  for all the existing data.

Data breaches at the highest levels make headlines on the daily and have done so for the last several years. Major compromises include Sony with a possible hack coming from North Korea, Verizon, where as many as 14 million customers records were exposed due to server mismanagement, as well as Equifax and many others losing critical information such as customer’s bank information and social security numbers.

Securing all this data is a complicated task, but probably the most common mistake requires no special skills to address. Overlooking the basic integrated security controls is surprisingly common and a simple misconfiguration at this level can compromise an entire operation and leave its data completely exposed and liable to experience theft and/or unwanted modification or hacking. As we all know, something as small as this can expose customers, employees, and the critically important private data of companies to calamitous outcomes. Following are some key considerations in avoiding cloud misconfigurations and steps to keep safe a typical hybridized IT environment.

Studies (Redlock) have shown over half, in this case 53% of companies using cloud storage will admit to accidentally exposing customer data due to mismanagement or deliberately circumventing certain built in security features. Hackers know this, and as more and more organizations make the move to the cloud, attackers will increasingly pursue this “low hanging fruit” of security risks. Security misconfigurations are among the most common ways attackers gain control and leverage withing a network. Because those creating services such as Amazon S3 cloud storage seek to make their interfaces as flexible as possible, this sometimes has the inadvertent effect of exposing cloud environments and contained data (aka “buckets”). These buckets can be accessed simply through a URL so long as the user has the appropriate permissions.

Misconfigurations can occur at any level of your applications stack- “the platform, web server, database, framework” (Security Today Magazine) or in the custom code itself. Also common is for attackers to target and take advantage of any poorly configured devices that may be connected to the network. Use of default passwords and/or otherwise not configuring devices accessing the Wi-Fi can lead to an attacker exploiting a system which will allow them to immediately begin making changes and exfiltrating data.

The reality is that most of these problems come down to human error and ignorance. A common misconception is that the providers of these cloud solutions provide security themselves. This is simply not true. It is always up to you to check what security they do provide and to account for that when you implement your own security. Very rarely or never will the defaults of the cloud service be sufficient. And so regardless of however network environments evolve, the “foundational tenets” will remain. “Maintain visibility of your attack surface and continue to monitor it” at all levels. (Security Today Magazine) Apply security protocols to the cloud environment in the same manner you would do for your traditional environment. And of course, make sure to secure all the loose ends and back-doors, ensuring proper configuration throughout your network.

Please contact us through email at admin@gostst.com on our website or via phone at  210-446-4863   24/7

 

Sources: Security Today Magazine

Using Videofied to Protect Community Pools and HOA Amenity Centers

As Summer approaches, neighborhood and apartment swimming pools and related facilities are coming back online and in service. With this comes of course the increased risk of break-ins, trespassing, vandalism and etc. Perhaps even more risky is the fact that in the case especially of children and teenagers who decide to sneak past your perimeter can cause a legal suit for you to deal with should they injure themselves.

Read more

Geovision 360 degree dual fisheye camera can provide real-time panorama view

GV-VR360 – 360 Degree with VR Viewing

This new camera in the GV line is the first to feature a VR mode. Google cardboard is sufficient with just the Youtube mobile app as a platform. If you have ever used Google Cardboard or any other VR device, you will have an idea of what this camera mode is like.

Read more