Category Archives: surveillance

2018 Russia World Cup : Russian cyber spy may hack travelers’ mobile devices

According to a top US intelligence official, mobile phones of football fans traveling to Russia for the World Cup could be hacked by the Russian Intelligence. 

Russia World Cup 2018 – Mobile devices and computers of football fans traveling to Russia could be hacked by the Russian Intelligence, the alert was issued by William Evanina, Director of the National Counterintelligence and Security Center.

The Top US official warned of massive surveillance operated by Russian authorities during the World Cup for security reason.

“Anyone traveling to Russia to attend the World Cup should be clear-eyed about the cyber risks involved,” Evanina said in a statement.

“If you’re planning on taking a mobile phone, laptop, PDA, or other electronic device with you — make no mistake — any data on those devices (especially your personally identifiable information) may be accessed by the Russian government or cyber criminals.”

2018 Russia World Cup

Every traveler attending the event in Russia should be a target of the Russian Intelligence, to prevent nation-state hackers compromise their devices the official suggests removing the battery when it is not in use.

“Corporate and government officials are most at risk, but don’t assume you’re too insignificant to be targeted.”

Pierluigi Paganini

(Security Affairs – Russia, surveillance)

The post 2018 Russia World Cup : Russian cyber spy may hack travelers’ mobile devices appeared first on Security Affairs.

New Data Privacy Regulations

When Marc Zuckerberg testified before both the House and the Senate last month, it became immediately obvious that few US lawmakers had any appetite to regulate the pervasive surveillance taking place on the Internet.

Right now, the only way we can force these companies to take our privacy more seriously is through the market. But the market is broken. First, none of us do business directly with these data brokers. Equifax might have lost my personal data in 2017, but I can't fire them because I'm not their customer or even their user. I could complain to the companies I do business with who sell my data to Equifax, but I don't know who they are. Markets require voluntary exchange to work properly. If consumers don't even know where these data brokers are getting their data from and what they're doing with it, they can't make intelligent buying choices.

This is starting to change, thanks to a new law in Vermont and another in Europe. And more legislation is coming.

Vermont first. At the moment, we don't know how many data brokers collect data on Americans. Credible estimates range from 2,500 to 4,000 different companies. Last week, Vermont passed a law that will change that.

The law does several things to improve the security of Vermonters' data, but several provisions matter to all of us. First, the law requires data brokers that trade in Vermonters' data to register annually. And while there are many small local data brokers, the larger companies collect data nationally and even internationally. This will help us get a more accurate look at who's in this business. The companies also have to disclose what opt-out options they offer, and how people can request to opt out. Again, this information is useful to all of us, regardless of the state we live in. And finally, the companies have to disclose the number of security breaches they've suffered each year, and how many individuals were affected.

Admittedly, the regulations imposed by the Vermont law are modest. Earlier drafts of the law included a provision requiring data brokers to disclose how many individuals' data it has in its databases, what sorts of data it collects and where the data came from, but those were removed as the bill negotiated its way into law. A more comprehensive law would allow individuals to demand to exactly what information they have about them­ -- and maybe allow individuals to correct and even delete data. But it's a start, and the first statewide law of its kind to be passed in the face of strong industry opposition.

Vermont isn't the first to attempt this, though. On the other side of the country, Representative Norma Smith of Washington introduced a similar bill in both 2017 and 2018. It goes further, requiring disclosure of what kinds of data the broker collects. So far, the bill has stalled in the state's legislature, but she believes it will have a much better chance of passing when she introduces it again in 2019. I am optimistic that this is a trend, and that many states will start passing bills forcing data brokers to be increasingly more transparent in their activities. And while their laws will be tailored to residents of those states, all of us will benefit from the information.

A 2018 California ballot initiative could help. Among its provisions, it gives consumers the right to demand exactly what information a data broker has about them. If it passes in November, once it takes effect, lots of Californians will take the list of data brokers from Vermont's registration law and demand this information based on their own law. And again, all of us -- regardless of the state we live in­ -- will benefit from the information.

We will also benefit from another, much more comprehensive, data privacy and security law from the European Union. The General Data Protection Regulation (GDPR) was passed in 2016 and took effect on 25 May. The details of the law are far too complex to explain here, but among other things, it mandates that personal data can only be collected and saved for specific purposes and only with the explicit consent of the user. We'll learn who is collecting what and why, because companies that collect data are going to have to ask European users and customers for permission. And while this law only applies to EU citizens and people living in EU countries, the disclosure requirements will show all of us how these companies profit off our personal data.

It has already reaped benefits. Over the past couple of weeks, you've received many e-mails from companies that have you on their mailing lists. In the coming weeks and months, you're going to see other companies disclose what they're doing with your data. One early example is PayPal: in preparation for GDPR, it published a list of the over 600 companies it shares your personal data with. Expect a lot more like this.

Surveillance is the business model of the Internet. It's not just the big companies like Facebook and Google watching everything we do online and selling advertising based on our behaviors; there's also a large and largely unregulated industry of data brokers that collect, correlate and then sell intimate personal data about our behaviors. If we make the reasonable assumption that Congress is not going to regulate these companies, then we're left with the market and consumer choice. The first step in that process is transparency. These new laws, and the ones that will follow, are slowly shining a light on this secretive industry.

This essay originally appeared in the Guardian.

Kaspersky Lab official blog: Experiment: How easy is it to spy on a smartwatch wearer?

Can a smartwatch be used to spy on its owner? Sure, and we already know lots of ways. But here’s another: A spying app installed on a smartphone can send data from the built-in motion sensors (namely, accelerometer and gyroscope) to a remote server, and that data can be used to piece together the wearer’s actions — walking, sitting, typing, and so on.

How extensive is the threat in practice, and what data can really be siphoned off? We decided to investigate.

Experiment: Can smartwatch movements reveal a password?

We started with an Android-based smartwatch, wrote a no-frills app to process and transmit accelerometer data, and analyzed what we could get from this data. For more details, see our full report.

The data can indeed be used to work out if the wearer is walking or sitting. Moreover, it’s possible to dig deeper and figure out if the person is out for a stroll or changing subway trains — the accelerometer patterns differ slightly; that’s also how fitness trackers differentiate between, say, walking and cycling.

It’s also easy to see when a person is typing on a computer. But working out what they are typing is way more complex. Everyone has a specific way of typing: the ten-finger method, the one- or two-digit keyboard stab, or something in-between. Basically, different people typing the same phrase can produce very different accelerometer signals — although one person entering a password several times in a row will produce pretty similar graphs.

So, a neural network trained to recognize how a particular individual enters text could make out what that person types. And if this neural network happens to be schooled in your particular way of typing, the accelerometer data from the smartwatch on your wrist could be used to recognize a password based on your hand movements.

However, the training process would require the neural network to track you for quite a long time. The processors in modern portable gadgets are not powerful enough to run a neural network directly, so the data has to be sent to a server.

And therein lies trouble for a would-be spy: The constant upload of accelerometer readings consumes a fair bit of Internet traffic and zaps the smartwatch battery in a matter of hours (six, to be precise, in our case). Both of those telltale signs are easy to spot, alerting the wearer that something is wrong. Both, however, are easily minimized by scooping up data selectively, for example when the target arrives at work, a likely time for password entry.

In short, your smartwatch can be used to identify what you’re typing. But it’s hard, and accurate recovery relies on repeat text entry. In our experiment, we were able to recover a computer password with 96% accuracy and a PIN code entered at an ATM with 87% accuracy.

It could be worse

For cybercriminals, however, such data is not all that useful. To use it, they’d still need access to your computer or credit card. The task of determining a card number or CVC code is way trickier.

Here’s why. On returning to the workplace, first thing the smartwatch owner types is almost certainly a password to unlock their computer. That is, the accelerometer graph indicates first walking, then typing. Based on data obtained just for this brief period, it’s possible to recover the password.

But the person won’t enter a credit card number as soon as they sit down — or get up and walk away immediately after entering that data. What’s more, no one will ever enter this information several times in short succession.

To steal data-entry information from a smartwatch, attackers need predictable activity followed by data entered several times. The latter part, incidentally, is yet another reason not to use the same password for different services.

Who should worry about smartwatches?

Our research has shown that data obtained from a smartwatch acceleration sensor can be used to recover information about the wearer: movements, habits, some typed information (for example, a laptop password).

Infecting a smartwatch with data-siphoning malware that lets cybercriminals recover this information is quite straightforward. They just need to create an app (say, a trendy clockface or fitness tracker), add a function to read accelerometer data, and upload it to Google Play. In theory, such an app will pass the malware screening, since there is nothing outwardly malicious in what it does.

Should you worry about being spied on by someone using this technique? Only if that someone has a strong motivation to spy on you, specifically. The average cybercrook is after easy pickings and won’t have much to gain.

But if your computer password or route to the office is of value to someone, a smartwatch is a viable tracking tool. In this case, our advice is:

  • Take note if your smartwatch is overly traffic-hungry or the battery drains quickly.
  • Don’t give apps too many permissions. In particular, watch out for apps that want to retrieve account info and geographical coordinates. Without this data, intruders will struggle to ascertain that it’s your smartwatch they’ve infected.
  • Install a security solution on your smartphone that can help detect spyware before it starts spying.


Kaspersky Lab official blog

Accessing Cell Phone Location Information

The New York Times is reporting about a company called Securus Technologies that gives police the ability to track cell phone locations without a warrant:

The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from major cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show.

Another article.

Boing Boing post.

Protecting your business behind a shield of privacy

In this podcast recorded at RSA Conference 2018, Francis Knott, VP of Business Development at Silent Circle, talks about the modern privacy landscape, and introduces Silent Circle’s Silent Phone and GoSilent products. Here’s a transcript of the podcast for your convenience. We are here at the RSA Conference with Francis Knott, the VP of Business Development at Silent Circle, to discuss the recent claims by Homeland Security that the organization has observed anomalous activity in … More

The post Protecting your business behind a shield of privacy appeared first on Help Net Security.

Urgent: Congress will likely vote this week on controversial NSA surveillance powers. Make your voice heard.

Tech
Pixabay

With a controversial surveillance law about to expire, the House of Representatives is expected to vote this week on whether to protect the public’s  Fourth Amendment rights to privacy or to allow the National Security Agency (NSA) to violate those rights by continuing to conduct warrantless surveillance on its own citizens.

Congress’ effort to hastily renew the NSA’s warrantless spying authority—known as Section 702 of the Foreign Surveillance Intelligence Act (FISA)—failed last month after widespread opposition. Now, legislators are trying again ahead of the January 19 deadline when the law is now set to expire.

The bill up for consideration is being labeled by certain members of the House Intelligence Committee as “reform,” but offers no substantial changes. It doesn’t close the loophole that allows the US government to warrantlessly spy on its own citizens, and it actually codifies some of the law’s most problematic aspects.

If passed, the government would be empowered to continue its use of Section 702 to collect the emails and phone calls of Americans when communicating with people living abroad without a warrant or any suspicion of wrongdoing. The new bill would impose warrant “requirements” only for FBI agents and only when launching a “formal” national security investigation. In short, the FBI could still read data collected under Section 702 about Americans uninhibited, and would only have to apply for a warrant if it decided later it wanted to launch an investigation, rendering the supposed requirement virtually meaningless.

Much like with the health care and tax debates, Republicans have kept the exact language of the bill they plan to force a vote on secret from the American public, making it hard for constituents to weigh in. However it’s quite likely, given that members of the GOP Freedom Caucus may vote against an extension of NSA spying powers, that Democrats will have the ability to kill the bill if it doesn’t have robust privacy protections in place.

House Minority Leader Nancy Pelosi has so far not signaled which way she will vote, but if she recommends a “no” vote to other Democrats, it could swing the entire vote. The Electronic Frontier Foundation has set up a call tool to tell Representative Pelosi to stand up for the Fourth Amendment. Call on your representatives to reject any reauthorization of the government’s surveillance authority that doesn’t include strong privacy protections.

In an attempt to stifle debate, intelligence community has failed to provide even a rough estimate of the number of Americans whose communications are swept up in surveillance that targets foreigners. As Senator Ron Wyden wrote earlier last year:

Congress and the American people deserve a fully informed debate about this reauthorization.  And we can’t have that debate unless we know the impact of Section 702 on the privacy and constitutional rights of Americans.

As long as this unconstitutional surveillance continues, people who care about their privacy—and particularly those who work with sensitive information like attorneys, activists, and journalists—are forced to act like spies to protect their communications from interception by their own government.

The Trump Administration, which has drastically escalated its crackdown on leakers and indicated openness to prosecuting journalists, would be granted sweeping surveillance powers if FISA Section 702 is passed without substantial changes. Trump has gone to extreme lengths to target immigrants, promised to surveil Muslim Americans, and has been accused of using the Department of Justice to go after his political enemies.

A Trump Administration with such vast spying powers has worrying implications for civil liberties. Any representative who claims to defend those civil liberties should vote against the bill. Public efforts successfully postponed a vote on the similarly flawed bill in December, and it’s crucial we keep the pressure on Congress now with a vote expected this week.

Tell House Minority Leader Nancy Pelosi to stand up for our Fourth Amendment rights and call on your representatives to reject any reauthorization of the government’s surveillance authority that doesn’t include strong privacy protections.

Congress is debating NSA’s spying powers. Demand they end warrantless surveillance on Americans.

NSA at Night by Trevor Paglen
Trevor Paglen

Once again, controversial National Security Agency (NSA) surveillance powers that affect millions of Americans are up for renewal in Congress, and lawmakers are attempting to ram through extreme and unconstitutional spying policies with virtually no debate.

Congress has known for years that Section 702 of the Foreign Intelligence Security Act—which allows the NSA to warrantlessly collect and read the communications of an untold number of Americans if they are talking to someone internationally—was set to expire at the end of the year. Yet as they did in 2012, Congress has waited until the very last minute to bring the topic up for a vote in the hopes that they could quickly pass a bill without the American public realizing what’s happening.

Civil liberties advocates have been decrying the NSA’s powers under Section 702 of FISA Amendments Act as unconstitutional for years, and a large bipartisan group of lawmakers have called for new restrictions. Yet House Republicans on Wednesday attempted to pass a bill that actually would have expanded these powers even further without any debate.

Not only would the Republicans’ bill have extended Section 702 with no reforms for years, but it would’ve explicitly allowed the FBI to target Americans’ emails in NSA databases without a warrant, and it would also have restarted the collection of Americans’ international emails that were merely about an NSA target—a controversial and unconstitutional practice that was just halted earlier this year.

If you want to read more about the extreme dangers in the bill that Republicans were proposing, Edward Snowden and the ACLU held a detailed Reddit AMA on the bill on Wednesday that you can read here.

But thankfully, after widespread outcry on Wednesday, the bill was pulled and a vote postponed. But the fight is far from over, and the next steps for Section 702 are uncertain. While it’s set to expire on December 31, the Trump administration is arguing it can keep the program going through at least April. Lawmakers could vote to temporarily reauthorize Section 702, or they could try again to rapidly push through legislation that expands NSA spying powers. 

But one thing’s for certain: As we saw yesterday, together we can pressure Congress to respect the Fourth Amendment. Americans deserve transparency, real legislative debate, and policies that keep them safe without violating their right to privacy.  Call your representatives and urge them to protect your privacy and vote no on reauthorization of Section 702 without serious reforms that end warrantless, mass surveillance.

Backdoors in messaging apps – what’s really going on?

We are in one of those phases again. The Paris attacks caused, once again, a cascade of demands for more surveillance and weakening of encryption. These demands appear every time, regardless of if the terrorists used encryption or not.

The perhaps most controversial demand is to make backdoors mandatory in communication software. Encryption technology can be practically unbreakable if implemented right. And the use of encryption has skyrocketed after the Snowden revelations. But encryption is not only used by terrorists. As a matter of fact, it’s one of the fundaments we are building our information society on. Protection against cybercrime, authentication of users, securing commerce, maintaining business secrets, protecting the lives of political dissidents, etc. etc. These are all critical functions that rely on encryption. So encryption is good, not bad. But as any good thing, it can be both used and misused.

And beside that. As people from the Americas prefer to express it: encryption is speech, referring to the First Amendment that grant people free speech. Both encryption technology and encrypted messages can be seen as information that people are free to exchange. Encryption technology is already out there and widely known. How on earth can anyone think that we could get this genie back in the bottle? Banning strongly encrypted messages would just harm ordinary citizens but not stopping terrorists from using secure communications, as they are known to disregard laws anyway. Banning encryption as an anti-terror measure would work just as well as simply banning terrorism. (* So can the pro-backdoor politicians really be that stupid and ignorant?

Well, that might not be the whole truth. But let’s first take a look at the big picture. What kind of tools do the surveillance agencies have to fight terrorism, or spy on their enemies or allies, or anybody else that happen to be of interest? The methods in their toolboxes can roughly be divided in three sections:

  • Tapping the wire. Reading the content of communications this way is becoming futile thanks to extensive use of encryption, but traffic analysis can still reveal who’s communicating with whom. People with unusual traffic patterns may also get attention at this level, despite the encryption.
  • Getting data from service provider’s systems. This usually reveals your network of contacts, and also the contents unless the service uses proper end-to-end encryption. This is where they want the backdoors.
  • Putting spying tools on the suspects’ devices. This can reveal pretty much everything the suspect is doing. But it’s not a scalable method and they must know whom to target before this method can be used.

And their main objectives:

  • Listen in to learn if a suspect really is planning an attack. This require access to message contents. This is where backdoors are supposed to help, according to the official story.
  • Mapping contact networks starting from a suspect. This requires metadata from the service providers or traffic analysis on the cable.
  • Finding suspects among all network users. This requires traffic analysis on the cable or data mining at the service providers’ end.

So forcing vendors to weaken end-to-end encryption would apparently make it easier to get message contents from the service providers. But as almost everyone understands, a program like this can never be water-tight. Even if the authorities could force companies like Apple, Google and WhatsApp to weaken security, others operating in another jurisdiction will always be able to provide secure solutions. And more skillful gangs could even use their own home-brewed encryption solutions. So what’s the point if we just weaken ordinary citizens’ security and let the criminals keep using strong cryptography? Actually, this is the real goal, even if it isn’t obvious at first.

Separating the interesting targets from the mass is the real goal in this effort. Strong crypto is in itself not the intelligence agencies’ main threat. It’s the trend that makes strong crypto a default in widely used communication apps. This makes it harder to identify the suspects in the first place as they can use the same tools and look no different from ordinary citizens.

Backdoors in the commonly used communication apps would however drive the primary targets towards more secure, or even customized, solutions. These solutions would of course not disappear. But the use of them would not be mainstream, and function as a signal that someone has a need for stronger security. This signal is the main benefit of a mandatory backdoor program.

But it is still not worth it, the price is far too high. Real-world metaphors are often a good way to describe IT issues. Imagine a society where the norm is to leave your home door unlocked. The police is walking around and checking all doors. They may peek inside to check what you are up to. And those with a locked door must have something to hide and are automatically suspects. Does this feel right? Would you like to live in a society like that? This is the IT-society some agencies and politicians want.

 

Safe surfing,
Micke

 

(* Yes, demanding backdoors and banning cryptography is not the same thing. But a backdoor is always a deliberate fault that makes an encryption system weaker. So it’s fair to say that demanding backdoors is equal to banning correctly implemented encryption.

Sunset for section 215, but is the world better now?

Section 215 of the US Patriot Act has been in the headlines a lot lately. This controversial section was used by the US intelligence agencies to scoop up large quantities of US phone records, among other things. The section had a sunset clause and needed to be renewed periodically, with the latest deadline at midnight May 31st 2015. The renewal has previously been a rubber-stamp thing, but not this time. Section 215 has expired and been replaced by the Freedom Act, which is supposed to be more restrictive and better protect our privacy. And that made it headline news globally.

But what does this mean in practice? Is this the end of the global surveillance Edward Snowden made us aware of? How significant is this change in reality? These are questions that aren’t necessary answered by the news coverage.

Let’s keep this simple and avoid going into details. Section 215 was just a part in a huge legal and technical surveillance system. The old section 215 allowed very broad secret warrants to be issued by FISA courts using secret interpretations of the law, forcing companies to hand over massive amounts of data about citizens’ communications. All this under gag orders preventing anyone to talk about it or even seek legal advice. The best known example was probably the bulk collection of US phone records. It’s not about tapping phones, rather about keeping track of who called whom at what time. People in US could quite safely assume that if they placed calls, NSA had them on record.

The replacing Freedom Act still allows a lot of surveillance, but aims to restrict the much criticized mass surveillance. Surveillance under Freedom Act needs to be more specified than under Section 215. Authorities can’t just tell a tele operator to hand over all phone records to see if they can find something suspicious. Now they have to specify an individual or a device they are interested in. Tele operators must store certain data about all customers, but only hand over the requested data. That’s not a problem, it is pretty much data that the operators have to keep anyway for billing purposes.

This sounds good on paper, but reality may not be so sunny. First, Freedom Act is a new thing and we don’t know yet how it will work in practice. Its interpretation may be more or less privacy friendly, time will tell. The surveillance legislation is a huge and complex wholeness. A specific kind of surveillance may very well be able to continue sanctioned by some other paragraph even if section 215 is gone. It’s also misleading when media reports that the section 215 intelligence stopped on June 1st. In reality it continues for at least six months, maybe longer, to safeguard ongoing investigations.

So the conclusion is that the practical impact of this mini reform is a lot less significant than what we could believe based on the headlines. It’s not the end of surveillance. It doesn’t guarantee privacy for people using US-based services. It is however an important and welcome signal that the political climate in US is changing. It’s a sign of a more balanced view on security versus basic human rights. Let’s hope that this climate change continues.

 

Safe surfing,
Micke

Image by Christian Holmér

Our fundamental human rights are being violated

We are worried about our digital freedom and need your help. The world our children will inherit may lack some fundamental rights we take for granted, unless actions are taken now. Our Digital Freedom Manifesto is one such action. Read on to learn more.

The United Nations’ Universal Declaration of Human Rights, Article 12:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

I think this is a very good and important article, and most people probably agree. We have all gotten used to concepts like secrecy of telephony and the postal service. In short, we have the right to privacy and the right to decide ourselves what private information we share with others. And we value these rights. We would not accept that our letters arrive opened or the police installing cameras in our homes.

But on the Internet everything seems to be different. The information you think is private may actually be transferred and stored by systems far away from you, often in other countries. This gives a wide range of agencies and companies a technical possibility to access your data. Article 12 is often your only protection but you have no way to verify that all involved parties respect it. After the Snowden leaks we know for sure what we feared earlier, there are several countries that pay no respect at all to article 12. The ability to monitor most of the world’s Internet traffic, and that way gain political and economic benefits, is just too desirable no matter how unethical it is. USA, where most of our data is hosted, is sadly among the worst offenders.

If warrantless wholesale data collection for political and economic purposes isn’t a violation of article 12, then what is? What’s really going on here? Are we ready to dump article 12 or should something be done? Why are we accepting erosion of our digital rights, while similar violations would cause an immediate outcry if some other area of our lives was affected?

We at F-Secure are ready to fight for your digital freedom. We do that by providing products that guard your on-line life, like F-Secure SAFE and F-Secure Freedome. But that is not enough. Guarding privacy is an uphill battle if the network’s foundations are unreliable or hostile. And the real foundations have nothing to do with technology, they are the laws regulating network use and the attitude of the authorities that enforce or break those laws.

That’s why we need the F-Secure Digital Freedom Manifesto. We know that many people around the word share our concern. This manifesto is crowd sourced and will be made available to the public and selected decision makers when ready. We want you to participate, preferable with your own words, or just by reading it and thinking about how valuable digital freedom is for you. The manifesto will not change anything by itself, but it will help raise awareness. And when the people are aware, then we can demand change. We have democracy after all, right?

You can participate until June 30th. Or just read the draft and think about how all this affects your digital life. Right now is a good moment to get familiar with it.

Micke

Make your own DIY surveillance system

image from foscam.us
image from foscam.us

When talking IT and security we often just think of securing the computers, and our valuable personal information. But the digital revolution can help us secure other things as well. It is surprisingly easy to make sure you know what’s happening at home when you are away. Yes, there are fine extensive surveillance systems on the market complete with installation service and all. But you may not be willing to pay big bucks, or you like this kind of DIY-challenge. If that’s the case, read on.

I’m going to describe an easy way to get camera surveillance for just a couple of hundred bucks. You also need to be a little bit computer savvy, but you do definitively not need to be an expert. With this system you can have any number of cameras at home and receive an e-mail when something moves in front of them. With a smartphone you can receive these mail wherever you are.

Ok, let’s first check the requirements for this to work.

  • You must have an Internet connection at home.
  • You must have a wireless network at home.
  • Have you ever used the browser to open the configuration screen of a router or other similar network component? If you have, then you know what kind of work you will be doing here. You can of course also call in a nerdy friend if this sounds scary.

Next select the places to put the cameras:

  • The entrances to your home is naturally critical places if you for example want to catch burglars.
  • Make sure you have the face of visitors towards the cameras. Filming backs is of little use.
  • Avoid filming against the light. All you get is dark silhouettes.
  • Try to get the camera as near the objects as possible. Especially cheap cameras have limited resolution and persons may not be recognizable if they are far away.
  • Avoid moving objects in the picture, like bushes that sway in the wind. (They will trigger the movement detection.)
  • Do not point the camera through a window. It may work in daylight but reflections will ruin the pictures at night.
  • You need to route electricity to the cameras. Note that most power supplies aren’t made for outdoor use even if the camera is, leave them inside and bring the low-voltage outside.
  • Your wireless network need to be strong enough where you place the cameras.
  • It’s OK to use cameras in your own home, but be careful if you plan to place the cameras so that they can see a public place. Check the law in your country if you plan to do this. Also check if you need to post warning signs about the CCTV system.

Now is the right time to select the cameras. Here are the requirements:

  • They must have support for wireless networks (WLAN, WiFi).
  • They must have support for “Motion detection alert via email”, or whatever the vendor has selected to call that feature.
  • Select wide-angle or tele-cameras depending or their location. The wide-angle models tend to be more useful.
  • Select outdoor or indoor cameras depending on their planned location.
  • Prefer models with night vision. They have integrated infrared LEDs and can film in complete darkness.
  • Prefer models with a 12V power supply, rather than 5V, if you need to extend the power cable. The higher voltage is less sensitive to voltage drops.

Foscam FI9801W is an example of a suitable wide-angle outdoor model. Cameras like this may sell for around $200 but there are cheaper models too. Shop around on the net and you will have no problem finding the right model, if your local dealer doesn’t happen to have suitable cameras.

Ok, time for the installation procedure:

  1. Create a mail account at some free mail provider, like Gmail or Microsoft Live (former Hotmail). This account will receive pictures from the camera. Do not use your ordinary mail account as the volume may get quite high.
  2. Configure the camera(s) to work with your wireless network at home. Follow instructions in their manual. Note that the initial setup often need to be done with a network cable connected to the camera. The wireless connection will not work before you have done the initialization.
  3. Install the cameras in their final locations and connect electricity.
  4. Use the browser to log into the camera’s control panel. (Again, see the manual.) Look for the settings controlling “Alarm settings”, “Motion alarm” or “Motion detection”. Here you need to make the following settings:
    1. Select to send mail when motion is detected.
    2. Configure the server address that receives outbound mail. This info is provided by your Internet service provider and may be something like “smtp.serviceprovider.com”. You may also have to specify a port number, try 25 unless the service provider instructs you to use something else.
    3. Configure the e-mail address that alerts are sent to. Use the address that you created in step 1 above. Specify the address that appears as sender in the mails, this can be your own address.
    4. Adjust the sensitivity. This is the threshold that decides how much movement must be detected before a mail is sent. Start somewhere in the middle of the scale. Log in and adjust later if needed, decrease sensitivity if you get false alerts, increase if people can walk by without triggering a mail.
    5. Note that the alert- and e-mail-settings may be located under different headings in the configuration utility. You may also have to turn on motion detection before the e-mail settings become visible, or vice versa.
    6. Check the mail account via webmail or add it to your mail program, like MS Outlook for example. See the instructions provided by the mail provider and the vendor of your mail program. Google is also an excellent source of instructions. Try for example “Gmail Outlook”, or whatever combination you use, and you will find plenty of instructions on-line.
    7. Add the new mail account to your smartphone and you will be able to get alerts immediately wherever you are. See the smartphone’s instructions if needed.

That’s it. Now you should get a mail message with a couple of still pictures every time there is movement in front of one of your cameras. And a nice plus is that the data is transmitted offsite immediately. Cutting the power to your property will naturally neutralize the cameras. But its futile for burglars to look for the video server once they have been captured, their pictures are already in your inbox.

Yes, this requires a little bit of understanding about how network components are configured. If you feel uncertain you can always talk to a tech-savvy friend and ask for help. And remember that this isn’t a full-fledged security system. Valuable properties should have proper security systems rather than hacks of this kind. But even a simple system like this can prove very valuable if something happens. Not to mention that just a visible camera and CCTV-sign can prevent crime.

Safe surfing,
Micke

PS. But what if I want to watch live video? That’s easy when at home, but doesn’t provide much value. It is usually possible to make the cameras accessible from other places too. But this is more complicated and depends on how your service provider handles inbound connections. I will not cover that here, but if you call in that nerdy friend to help, you might have a good opportunity to get it set up at the same time.