'Arab #hackers believed to have breached Israeli military networks' @JPost

The affair shows how the Middle East continues to be a hotbed for cyber espionage.

Cyber hackers [illustrative]. (photo credit:REUTERS)

Hackers have managed to penetrate computer networks associated with the
Israeli military in an espionage campaign that skillfully packages
existing attack software with trick emails, according to private
security researchers.

The four-month-old effort, most likely by
Arabic-speaking programmers, shows how the Middle East continues to be a
hotbed for cyber espionage and how widely the ability to carry off such
an attack has spread, the researchers said.

Waylon Grange, a
researcher with security firm Blue Coat Systems Inc who discovered the
campaign, said the vast majority of the software was cobbled together
from widely available tools, such as the remote-access Trojan called
Poison Ivy.

The hackers were likely working on a budget and had no
need to spend much on tailored code, Grange said, adding that most of
their work appears to have gone into so-called social engineering, or
human trickery.

The hackers sent emails to various military
addresses that purported to show breaking military news, or, in some
cases, a clip featuring "Girls of the Israel Defense Forces." Some of
the emails included attachments that established "back doors" for future
access by the hackers and modules that could download and run
additional programs, according to Blue Coat.

Using standard
obfuscation techniques, the software was able to avoid detection by most
antivirus engines, Blue Coat said. At least some software lodged inside
government computers, because Blue Coat detected it "beaconing," or
sending signals to the hackers that it was in place.



Read the rest of the story online here:  'Arab hackers believed to have breached Israeli military networks' - Arab-Israeli Conflict - Jerusalem Post

Report: Web monitoring devices made by U.S. firm Blue Coat detected in Iran, Sudan - #surveillance

These devices are turning up in places they’re not supposed to be

Report: Web monitoring devices made by U.S. firm Blue Coat detected in Iran, Sudan - The Washington Post

---

Experts say that in Syria, Blue Coat’s tools have been used to censor Web sites and monitor the communications of dissidents, activists and journalists. In Iran and Sudan, it remains unclear exactly how the technologies are being used, but experts say the tools could empower repressive governments to spy on opponents.
“These devices are turning up in places they’re not supposed to be,” said Morgan Marquis-Boire, a project leader at the University of Toronto’s Citizen Lab, which detailed the findings in a new report provided to The Washington Post. “The human rights implications of finding these surveillance technologies in these countries are extremely worrying. It’s a systemic problem.”
Blue Coat promotes itself as a leading provider of Web security and management. According to its Web site, it has 15,000 government and corporate customers worldwide. Its products, including high-end computer systems, are used for myriad purposes, including filtering for computer viruses and child pornography.
Some technology experts, however, have argued that because Blue Coat’s tools have various uses, they fall into regulatory gaps and are thus not subject to certain export restrictions.
“The only thing stopping the export of human-rights-abusing equipment to a country like Sudan is the blanket restriction on exports under the sanctions program,” said Collin Anderson, an independent consultant on the Blue Coat report, which is to be released Tuesday. “There are no controls in place right now on equipment that can also be used to violate human rights.”
David Murphy, Blue Coat’s chief operating officer and president, said the company takes reports about its products in countries under U.S. trade embargoes very seriously. The firm, he noted, is cooperating with a U.S. investigation into how a reseller managed to get the devices into Syria on a few occasions in 2010 and 2011.
“Blue Coat has never permitted the sale of our products to countries embargoed by the U.S.,” Murphy said. “We do not design our products, or condone their use, to suppress human rights. . . . Our products are not intended for surveillance purposes.”
A spokesman for the Treasury Department’s Office of Foreign Assets Control, which enforces U.S. sanctions, declined to comment on the new allegations other than to say, “Treasury takes sanctions violations very seriously and has aggressively pursued enforcement actions where violations have occurred.”


Report: Web monitoring devices made by U.S. firm Blue Coat detected in Iran, Sudan - The Washington Post

Exclusive: Documents Illuminate #Ecuador's Spying Practices #NSA #Snowden

#NSA counter attacks:

Exclusive: Documents Illuminate Ecuador’s Spying Practices



The country where anti-surveillance hero Edward Snowden wants to take refuge spent half a million dollars on an Israeli-made “GSM interceptor” in a deal brokered by a U.S. middleman. Seeking the capacity to “intercept text messages, falsify and modify the text messages” among other tricks. posted on June 25, 2013 at 7:01pm EDT


A supporter of Edward Snowden holds a sign outside the Embassy of Ecuador in London June 24. Image by Luke Macgregor / Reuters


WASHINGTON — The intelligence agency of Ecuador appears to have sought in recent months to obtain new equipment for a large-scale surveillance, according to confidential government documents obtained by BuzzFeed.

The capabilities sought by Ecuador resemble the National Security Agency practices revealed by Edward Snowden, who is reportedly seeking asylum in the left-leaning Latin American republic.

The Ecuadorian documents — stamped “Secret” — obtained by BuzzFeed appear to show the government purchasing a “GSM Interceptor” system, among other domestic spying tools, and they suggest a commitment to domestic surveillance that rivals the practices by the United States’ National Security Agency that are at the center of a fierce national debate. They include both covert surveillance capacities and the targeting of President Rafael Correa’s enemies on social media. According to the files, SENAIN keeps close tabs on the Facebook and Twitter accounts of journalists, opposition politicians and other individuals, some with few followers.

Ecuador, which has been harboring WikiLeaks founder Julian Assange for over a year at its embassy, has been internationally criticized for a recent communications law that is widely seen as a gag order for the media and includes prohibitions on “media lynching.”

Ecuador also has a record of being ahead of the game in domestic surveillance. Last year, it became the first country in the world to implement a nation-wide facial and voice recognition system.

The documents and correspondence obtained by BuzzFeed appear to show that SENAIN, Ecuador’s intelligence agency, paid $526,500 January 2013 for equipment through 500 Smart Solutions LLC, a company registered in Delaware that is listed as having an office in New York. The payment, according to the documents, was for services rendered from August to December 2012. Smart Solutions acted as an intermediary through which SENAIN could buy materials from two Israeli security contractors: Elkat LTD Security Engineering and UVision Air LTD, which manufactures drones. SENAIN bought surveillance equipment from the companies through Smart Solutions.

Elkat is described by the publication IsraelDefense as “a leading Israeli distributor of advanced electronic equipment for the security field” whose products include “highly advanced electronic surveillance systems.” It is based in Tel Aviv.

The documents were provided to BuzzFeed from inside SENAIN through activists who wished to call attention to the government’s spying practices in the context of its new international role. The sources who provided the documents on the condition of anonymity, citing the dangers of attempting to publicize them domestically.

They also suggest that the Ecuadorians sought to buy drones. Smart Solution proposed two surveillance systems to SENAIN, one called the “Semi Active GSM Interceptor System” and the other called a “Passive Surveillance System. ”

In a letter to Pablo Romero last year in June, a Smart Solutions representative named Gabriel Guecelevich touted the capabilities of the GSM system, promising the abillity to “copy SIM cards, identify phone calls, route phone calls to different places, intercept text messages, falsify and modify the text messages, keep messages in their system, disconnect calls, block phone calls, system should be able to intercept a minimum of 4 phone calls simultaneously.”

(The correspondence, posted in full below, is in Spanish.)

Guecelevich also specified that the GSM system, which has previously been mentioned in WikiLeaks files as a spy tool, can be used from a car that is 250 meters away and that it is portable. Guecelevich explained which tests Smart Solutions can run to prove that the system works. The first system, he wrote, is intercepting technology; the second is a passive system that can intercept GSM communication which Guecelevich promised can process 32 channels simultaneously, record conversations, among other capabilities.

In August, an official from SENAIN wrote to Smart Solutions about wanting to acquire unmanned drones.

“The National Secretary of Intelligence, which has within its powers projects focused on national security, is moving forward with a project to acquire unmanned aerial vehicles,” communications and special projects coordinator José Miguel Delgado wrote. “It is for this reason that we need to know whether Smart Solution is capable and legally able to provide these assets or services.”

Delgado also wrote to Smart Solutions about conducting GSM tests in the city of Tulcan in August.

Also in August, the Israeli company Elkat gave Smart Solution permission to sell products from Uvision to “potential clients in Ecuador,” according to the documents.

One of the documents is a draft of a letter Romero wrote to Smart Solution to let them know of the decision to purchase the equipment and the $526,500 payment for the equipment. Payment was promised upon the delivery of the goods in March.

Invoices Smart Solution sent to SENAIN for equipment and internal SENAIN calculations also tabulate the cost. Two of the documents show plans for a new SENAIN center in Guayaquil, the largest city in Ecuador.

Smart Solution was incorporated in Delaware by Guecelevich on July 25, 2012, and lists only a Delaware address. Guecelevich did not return a request for comment, and the company has no obvious public presence.

The people who provided BuzzFeed with these documents say that they attempted to leak them to WikiLeaks three days ago, but were unsuccessful. WikiLeaks spokesman Kristinn Hrafnsson called this claim “false” and said “No one in our team recognises having been approached with such material as you describe.”

Ecuadorian officials did not respond to a inquiry through their embassy in Washington.

This post has been updated with a comment from the WikiLeaks spokesman. (6/26, 12:13 p.m.)

Smart Solutions proposal to SENAIN

Letter from SENAIN to Smart Solutions

Letter From SENAIN Concerning Drones



Go online to see the above documents and more:

Exclusive: Documents Illuminate Ecuador's Spying Practices







The Pangea Advisors Blog

#Data storage: Spying fears highlight worth of #Swiss data centres - swissinfo.ch #NSA

Having your #datacentres outside of the USA is becoming ever so more important now with the NSA on a full blown assault on all #Data

Spying fears highlight worth of data centres
Data storage

by Matthew Allen, swissinfo.ch


June 24, 2013 - 11:00


The granite grey slab of the Swisscom data centre outside Bern can protect its clients’ most valuable assets from bombs, earthquakes and even a direct aircraft hit. It’s only one of the reasons why there’s growing interest in such hubs.
The centre’s stark concrete vaults also protect the highly sensitive information of banks and other clients from the prying eyes of governments or economic spies. ‘Trust’ is the watchword of the expanding Swiss data storage industry as it quietly carves out a highly lucrative global niche. Recent revelations of United States intelligence agency spying, coupled with ongoing reports of espionage emanating from China, may have raised public consciousness of the dangers to data but the industry has known about it for years. At the Swisscom centre in Zollikofen, canton Bern, no stone has been left unturned to protect its valuable cargo from any form of threat. Six powerful diesel-powered generators are kept permanently warmed, ready to kick into life within 15 seconds and able to power the entire centre’s operations in the event of total power failure. Thousands of video, heat and infra-red sensors would detect anyone who managed to get past the strict entrance security controls. Staffing is kept to a minimum, leaving the ranks of servers unmolested. Enquiries related to encryption techniques and other measures to prevent cyber intrusion are met with a polite but firm “no comment”. Political stability, a tradition of confidentiality and strong data protection laws have all added to Switzerland’s growing reputation as an international data safe house. Unlike in the US, even the Swiss government would need a court to approve each request for data. “Clients increasingly want to entrust their data to a jurisdiction where there is legal certainty,” Bruno Messmer, head of sourcing consulting at Swisscom, told swissinfo.ch. “This will be one of Switzerland’s many strong selling points in the future.”


Expansion
Some data storage providers have taken security to extremes, housing their servers in ex-military alpine bunkers, such as the aptly-named ‘Fort Knox’ in canton Bern. One company using the bunker, Siag – which labels itself the “Swiss private bank for digital assets” - refuses to deal with US clients on security grounds. “We decided 10 years ago not to deliver data to the US because we knew we could not do it without giving [the US intelligence agencies] a back door [access to this data],” Siag chief executive Christoph Oschwald told swissinfo.ch. While Switzerland is a relative minnow in the data storage industry compared to the US or Britain it will still carve out some 160,000 square metres of secure space by the end of this year, expanding to more than 200,000 by 2016, according to market research consultants Broadgroup. This equates to the second densest data storage capacity per capita in Europe, second only to Ireland. The comparison between the two countries is no accident as both compete to attract multinational company HQs to their borders. “The broad benefits that Switzerland offers as a location for companies, such as tax, skilled labour, a stable economy and reliable legal situation, also attracts data,” Broadgroup managing director Steve Wallage told swissinfo.ch. “In many cases these companies like to set up their data centres within an hour’s drive from the office.”


Green credentials
Relatively cheap and reliable energy supplies and a strong real estate market, that encourages investors to build in Switzerland, are also strong attractions. In addition, some niche players have attracted business by displaying their green credentials. One of the biggest concerns for data centres is wastage with some two thirds of energy lost through heat. The Swisscom Zollikofen centre, together with a sister centre in Bern, uses enough energy to power a 150,000 population town. Swisscom’s new building in the Bern suburb of Wankdorf will recycle that energy to heat new homes being built by the city. The Green Data Center in Lupfig, canton Aargau, also employs heat exchangers to redirect lost energy to other buildings. It also boasts the latest power saving direct current (DC) technology and offers clients the option of using renewable only energy sources. The sustainable energy is not just a green gimmick and would not attract clients purely on social grounds, Franz Grüter, chairman of the parent company green.ch told swissinfo.ch. “Clients are not really interested in the latest cleantech technology unless you can show them it will save them money,” he said. “The less energy we waste, the less we have to use for cooling the servers. Our measures save us 20 per cent on our energy costs.” The data storage industry in Switzerland faces some challenges ahead, not least because it has limited space and tough planning procedures. The future supply of cost efficient energy is under some doubt after Switzerland’s decision to scrap its nuclear power stations and the handover of banking data to the US has undermined its reputation for confidentiality. But the recent tales of US intelligence data espionage might make up for that to some degree, according to Broadgroup’s Steve Wallage. “Several Middle East companies have already targeted Switzerland because they distrust the US,” he told swissinfo.ch. “The stories coming from the US have chipped away at people’s confidence and that could be good news for a market like Switzerland.”


Matthew Allen, swissinfo.ch






$.ajax({
url:"/eng/suggestions.htm?view=suggestions&cid=36212448&isAjax=true".replace(/&/g, "&"),
type:"GET",
cache:false,
success:function (html) {
$("#suggestions").replaceWith(html);
}
});





Readers Recommendis a beta test, in cooperation with EPFL Artificial Intelligence Laboratory (LIA).





New discovery excites Cern scientists




"Records are made to be broken"



Safeguard clause
Swiss curb EU immigration








See the article online here: Data storage: Spying fears highlight worth of data centres - swissinfo.ch

The Geek that Knew Too Much Why #NSA IT Guy Leaked Top Secret Documents

Why NSA IT Guy Edward Snowden Leaked Top Secret Documents - Forbes




Edward Snowden

When the Washington Post described the person who leaked a NSA PowerPoint presentation about “PRISM” as a “career intelligence officer,” I was expecting the kind of 50-something technocrat that Bryan Cranston would play in the inevitable movie about the ‘NSA Papers.’ But on Sunday, the Guardian revealed that the person behind a series of leaks that have provided an unprecedented peek into how one of America’s most secretive spy agencies works is a 29-year-old high school drop-out whose computing skills allowed him to get jobs with the CIA and contractors for the National Security Agency.




This may be the NSA office in Hawaii from which Edward Snowden worked. Seriously. (screenshot of NSA press release on center's opening)

Edward Snowden tells the Guardian that he had a $200,000 job with defense contractor Booz Allen Hamilton — to that company’s chagrin — doing work for the NSA at its office in Hawaii. That office is likely the rainbow-shooting $358 million Hawaii center cited in a 2012 NSA press release which is tasked with processing “data from a broad variety of sources at various classification levels” and “eliminating physical, virtual, and other barriers to information sharing.” Snowden certainly did the latter, though not as the NSA intended it, sharing with the press top secret documents about the degree to which telecoms and Internet companies pass along customers’ data to the NSA, presidential preparation for cyberattacks on other countries, and the tools the NSA uses to monitor the healthiness of its global information collection. All these documents are available on the Guardian site here. Snowden took the documents to Glenn Greenwald at the Guardian after the Washington Post failed to publish the PowerPoint presentation within a 72-hour deadline he set, writes Barton Gellman.




NSA Contractor Booz Allen Hamilton Rushes To Distance Itself From Staffer Who Leaked Top Secret Docs Andy Greenberg Forbes Staff

Snowden describes himself as a systems administrator, which basically means he was an NSA IT guy. And like the IT guys in any office, he could see (and capture) many of the documents flying around on his network. (And that my friends, is one reason why you shouldn’t sext on company devices or from company email accounts; IT guys see all.) He describes himself in a video on the Guardian site as “being able to see everything;” he had the kind of spying ability on the NSA that it would love to have on the wider Internet.

“When you’re in positions of privileged access, like a systems administrator for the intelligence community agencies, you’re exposed to a lot more information on a broader scale than the average employee,” says Snowden in a video. “Because of that you see things that may be disturbing. Over the course of a normal person’s career, you’d only see one or two instances, but when you see everything, you see them on a more frequent basis.”

And he happened to be a libertarian-leaning, Internet-freedom-loving geek, judging from donations he made to the Ron Paul campaign and the EFF and Tor stickers on his laptop. In other words, exactly the kind of person who would be alarmed by the kind of documents he was seeing floating around the NSA about Verizon turning over call records and Internet companies being part of secret programs to turn over user data.

But the director of national intelligence’s claim that many of the documents being released were being misinterpreted because they were being taken out of context is now more understandable. Snowden wasn’t involved in these programs; he was just seeing documents — and I assume — seeing chatter about them. That’s how he took this PowerPoint slide describing the NSA’s ability to both gather data flowing through fiber-optic cables (which confirms a long-held allegation by whistleblowers) and to get data “directly from the servers of these U.S. Internet providers: Microsoft, Yahoo, Google, Facebook, Paltalk, AOL, YouTube, Skype, Apple” to mean that the government had “direct access” to those companies’ servers. Since then, it’s emerged that it’s a more complicated process that does involve court orders and is directed only at non-U.S. citizens… which won’t be especially reassuring to these companies’ customers abroad as noted by David Kirkpatrick.

Many people see objectionable practices in their workplaces. Most grumble to colleagues or complain to a sympathetic spouse. Why did Snowden decide to share what he saw with the world, torpedoing his $200,000 job, forcing him to flee the country and hole up in a Hong Kong hotel, and risking a lifetime in prison if he’s successfully prosecuted for violating the Espionage Act? He has been interviewed by the Guardian and by the Washington Post about why he leaked the documents; here’s a collection of his quotes explaining his motivation:

• Concern about how easy it is to spy on people given the way we live today: “The internet is… a TV that watches you. The majority of people in developed countries spend at least some time interacting with the Internet, and governments are abusing that necessity in secret to extend their powers beyond what is necessary and appropriate.” (Washington Post)
• Fear of a surveillance state: “I believe that, at this point in history, the greatest danger to our freedom and way of life comes from the reasonable fear of omniscient State powers kept in check by nothing more than policy documents… It is not that I do not value intelligence, but that I oppose . . . omniscient, automatic, mass surveillance. . . . That seems to me a greater threat to the institutions of free society than missed intelligence reports, and unworthy of the costs.” (Washington Post)
• To encourage other whistleblowers: He wanted “to embolden others to step forward” by showing that “they can win.” (Washington Post)
• To let people in on what they don’t usually get to see: “I will be satisfied if the federation of secret law, unequal pardon and irresistible executive powers that rule the world that I love are revealed even for an instant.” (Washington Post) // “I think the public is owed an explanation of the motivations behind the people who make these disclosures outside the democratic model… My sole motive is to inform the public as to that which is done in their name and that which is done against them.” (The Guardian)
• Because he thinks these programs should be debated openly, and not just by government officials in the U.S.: “[T]he debate which I hope this will trigger among citizens around the globe about what kind of world we want to live in.” (The Guardian)
• Because the revelation was worth more than a happy life with his girlfriend and “a high-paying job in paradise”: “If living unfreely but comfortably is something you’re willing to accept, you can get up everyday, go to work and collect your large paycheck for relatively little work against the public interest and go to sleep at night after watching your shows. But if you realize that’s the world you helped create and it’s going to get worse with the next generation and the next generation who extend the capabilities of this sort of architecture of oppression, you realize you might be willing to accept any risk and it doesn’t matter what the outcome is as matter as the public gets to decide how that’s applied… I’m willing to sacrifice all of that because I can’t in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they’re secretly building.” (The Guardian)
• Because he could: “I’m no different from anyone else. I don’t have special skills. I’m just another guy who sits there day to day, watches what’s happening and goes, ‘This is something that’s not our place to decide.’ The public needs to decide whether these policies or programs are right or wrong. I’m willing to go on the record to defend the authenticity of them. This is the truth, this is what’s happening. you should decide whether we should be doing this.” (Video on the Guardian)
• Allegedly not for the fame: “I’ve been a spy for almost all of my adult life — I don’t like being in the spotlight.” (Washington Post) // “I don’t want public attention because I don’t want the story to be about me. I want it to be about what the US government is doing.” (The Guardian)
• Because what he saw makes him feel like he’s living in a sci-fi novel about a totalitarian state: “They are intent on making every conversation and every form of behaviour in the world known to them.” (The Guardian) // “Even if you’re not doing anything wrong, you’re being watched and recorded… you don’t have to do anything wrong, you simply have to eventually fall under suspicion from somebody even by a wrong call and then they can use the system to go back in time and scrutinize every decision you’ve ever made, every friend you’ve ever discussed something with and attack you on that basis to derive suspicion from an innocent life and paint anyone in the context of a wrongdoer.” (Video on the Guardian)
• Not because he thinks the government is a pushover: In a note to reporters when releasing the documents, says Gellman, he wrote that the U.S. intelligence community “will most certainly kill you if they think you are the single point of failure that could stop this disclosure and make them the sole owner of this information.” (Washington Post)
• Because he loves the concept of privacy: “I don’t want to live in a world where there’s no privacy and therefore no room for intellectual exploration and creativity.” (The Guardian)

Why NSA IT Guy Edward Snowden Leaked Top Secret Documents - Forbes

Share

-- The MasterFeeds

federal agencies do not need a warrant to read #emails older than six months

Emails are not private. A message may have one sender and one recipient but it can, with little effort, be read by a third party. In fact, despite the Fourth Amendment’s protections against unlawful searches, federal agencies do not necessarily need a warrant to read emails older than six months. 

Concerns over such government snooping were raised by the American Civil Liberties Union, which last week noted a “troubling picture” of email surveillance practices by the Federal Bureau of Investigation and the Department of Justice. The agencies may be taking advantage of a component of the Electronic Communications Privacy Act, which requires warrants only for emails that have been stored on a third-party server for less than 180 days. 

 Read the story online here: How to stop the FBI from reading your email - MarketWatch

Spy vs Spy: Cyber Crime, Surveillance on Rise in Latin America

Spy vs Spy: Cyber Crime, Surveillance on Rise in Latin America
Written by  Southern Pulse

Phone tapping, data theft, and secret recordings have made headlines across Latin America in recent weeks, reflecting the growth of cyber crime and information trafficking in the region, as Southern Pulse explains.

Domestic spying is in the news this month in the Western Hemisphere. A subject that is often not discussed in formal settings has made its way to the front pages of at least a dozen countries in Latin America and the Caribbean over the past few weeks. The news includes phone taps, hacked emails, covert video surveillance and legislative debates over privacy online and offline. A confluence of events around the region and the globe as well as improved spying technology has pushed this trend into the open and could change how the spy vs spy, police vs crime and government vs opposition scenarios play out in several countries.

Certainly, there have been phone taps and secret recordings for decades in Latin America. Perhaps the most famous examples were the “Vlad-videos” in Peru under the administration of President Fujimori and National Intelligence Service chief Montesinos. What makes 2011 different is the surge in surveillance by governments across the political spectrum and the media providing increased coverage of the situation.

The technology and techniques are a mixture of old and new. Phone taps and illegal recordings are old technologies that have become more sophisticated while data mining of social networks is a new field that all governments around the globe are just beginning to understand. Private hacking gangs appear to have surpassed the capabilities of government intelligence agencies in terms of the ability to hack email and computers, creating a new black market for information trafficking.

It’s worth noting that the technology to encrypt data has also become cheaper and easier to use, but has not yet caught on in much of Latin America. However, the increased public nature of government and private sector surveillance should push an increased demand for privacy technologies in the coming year, both by criminal groups and civilians who want greater privacy from the government.

Some examples from recent weeks follow:

A New York Times article described enhanced intelligence cooperation between the U.S. and Mexico that includes phone tapping technologies. The U.S. has assisted in the creation of intelligence fusion cells in Mexico and is providing information to a vetted group of Mexican authorities so that they can conduct operations against criminal organizations.

In Honduras, an investigation revealed that the email servers at the presidential palace had been hacked, giving one or multiple organizations access to email, the president's schedule and budget documents. Foreign government involvement does appear likely at this point. An Israeli firm has been hired by the government to provide increased cybersecurity protection.

Even as officials from the government of former President Uribe are being investigated for phone taps and domestic spying on judges and political opponents, the Colombian government showed off some new surveillance capabilities. Police utilized new online forensic capabilities and arrested a hacker who broke into the account of a journalist. The government, under attack by a local branch of the hacking group Anonymous, has announced they plan to have a new CERT agency online before the end of the year that can counter and investigate attacks.

In Venezuela, phone calls by opposition candidates have been recorded and played on state television as a way of embarrassing those politicians. It appears state intelligence is behind the tapping of the phones. This news comes just months after other sources indicated that Venezuela’s intelligence services, with the assistance of Cuban intelligence and private hacking groups inside Venezuela and Colombia, have hacked into the private email accounts of journalists and politicians and have stolen their messages for at least the past five years.

In Bolivia, the government tapped the phones of indigenous protesters and U.S. embassy officials. President Morales then revealed phone calls made between the two groups as a way of showing a plot against his government. In the process, he showed that his government is tapping the phones of political opponents and foreigners living in the country.

In Argentina, a number of private emails by Kirchner government officials recently appeared on a website “Leakymails.” There are three aspects to this scandal worth considering. First, the content of the emails contains personal information about key political officials. Though most of the emails released are rather boring, one set of emails does appear to link a government-backed candidate to organized crime. Second, the question of how the emails were obtained may point to the state intelligence service or former officials within the intelligence service committing domestic espionage. There are indications outside non-state groups hacking into government officials’ email account. Third, an Argentine judge ordered local ISPs to block the Leakymails websites. This opens a new chapter in web censorship in Argentina and the region and places the question of how private ISPs filter Internet content directly onto the policy agenda.

The government of Brazil fined Google for failing to reveal identifying information about an Internet user. According to Google, Brazil is the top country in the world for making requests to obtain user information or to block search results through legal actions. Part of this is due to Brazil’s speech laws that give public officials broad sway on any issue that could be considered libel or slander.

Similarly, the government of Ecuador is considering passing a law that would require Facebook and Twitter to provide information about anonymous postings based out of that country. Though President Correa has backtracked on his initial request, draft versions of the law suggest an expanded government authority to track the identity of users online.

The governments of Chile and Brazil have said they are starting to monitor social media sites as a way of detecting criminal activity as well as potential social unrest. For Brazil, this operation has included a military unit dedicated to cyberwarfare and cyberdefense. This unit is also receiving training from Israeli and U.S. firms in offensive operations in the cyber-domain, the first Latin American government to admit that publicly. For Chile, the monitoring of social media has made the government a target for the international hacking group Anonymous, which is also attacking government websites as a way of supporting recent protests by student groups. Chile’s domestic cybersecurity units, particularly those within the police, are now forced to increase their capacity to handle the incidents.

The issues reported only hint at some of the issues that remain hidden from public view. Police and intelligence organizations across the region have expanded their capacity for surveillance in recent years and a number of foreign firms from the U.S., Europe and Israel are assisting them in that effort. Meanwhile, criminal groups have banded together with hackers from Eastern Europe and Russia to enhance their technological capabilities to steal government and corporate information.

Back at the regional level, Latin American intelligence agencies are running into the same problem as their developed world counterparts: how do they analyze all the data they collect? The ability to collect and store data is moving more quickly than the ability to process, analyze and utilize it. For Presidents Chavez and Morales, who have very specific political targets for their intelligence collection campaigns, this has not been much of a problem. However, for Mexico, Brazil and Colombia, whose intelligence efforts do focus on organized crime (in spite of some high profile scandals in which they don’t), they cannot keep up with the data in a timely fashion. All three countries are known to have missed arrest opportunities in which they had data about a relevant target but did not filter it out of their mounds of data quickly enough to operationalize it.

Lurking among all of these government-related surveillance and privacy issues is an increase in private sector and corporate espionage in the region. Much less reported, companies have had gigabytes of data stolen by local private hacking groups and foreign governments from Eastern Europe and East Asia. In various surveys, over half of corporations in the region report being victim of cyberattacks and theft of data. These corporations, when they manage to detect the problem, generally do not report the problems to the governments. While it is apparent from the above examples that governments have plenty of surveillance issues on their plate, this private sector surveillance challenge cannot be ignored. The threat that some corporations and criminal groups may surpass local police and intelligence agencies in their surveillance and spying capabilities can be a problem for the future security of these states and the civil rights of their populations.

Reprinted with permission from Southern Pulse. See original article here.

Share |

_______________________________________

Check it out on The MasterTech Blog

Another day, Another Security Leak: Facebook this time

Today it's Facebook.  

" ... Over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties,"

  Symantec had to get them to come out and tell you...


And yet it amazes people continue to put things online that they wouldn't want the whole world to see...

Story from Reuters below:

Facebook may have leaked your personal information: Symantec

12:46am EDT

(Reuters) - Facebook users' personal information could have been accidentally leaked to third parties, in particular advertisers, over the past few years, Symantec Corp said in its official blog.

Third-parties would have had access to personal information such as profiles, photographs and chat, and could have had the ability to post messages, the security software maker said.

"We estimate that as of April 2011, close to 100,000 applications were enabling this leakage," the blog post said.

" ... Over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties," posing a security threat, the blog post said.

The third-parties may not have realized their ability to access the information, it said.

Facebook, the world's largest social networking website, was notified of this issue and confirmed the leakage, the blog post said.

It said Facebook has taken steps to resolve the issue.

"Unfortunately, their (Symantec's) resulting report has a few inaccuracies. Specifically, we have conducted a thorough investigation which revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties," Facebook spokeswoman Malorie Lucich said in a statement.

Lucich said the report also ignores the contractual obligations of advertisers and developers which prohibit them from obtaining or sharing user information in a way that "violates our policies."

She also confirmed that the company removed the outdated API (Application Programing Interface) referred to in Symantec's report.

Facebook has more than 500 million users and is challenging Google Inc and Yahoo Inc for users' time online and for advertising dollars.

(Reporting by Thyagaraju Adinarayan and Sakthi Prasad in Bangalore; Editing by Bernard Orrand Anshuman Daga)

© Thomson Reuters 2011. All rights reserved.

Facebook may have leaked your personal information: Symantec | Reuters

Share

-- The MasterFeeds

Facebook Loses Much Face In Secret Smear On Google

Facebook Loses Much Face In Secret Smear On Google
Facebook secretly hired a PR firm to plant negative stories about Google, says Dan Lyons in a jaw dropping story at the Daily Beast.

For the past few days, a mystery has been unfolding in Silicon Valley. Somebody, it seems, hired Burson-Marsteller, a top public-relations firm, to pitch anti-Google stories to newspapers, urging them to investigate claims that Google was invading people’s privacy. Burson even offered to help an influential blogger write a Google-bashing op-ed, which it promised it could place in outlets like The Washington Post, Politico, and The Huffington Post.
The plot backfired when the blogger turned down Burson’s offer and posted the emails that Burson had sent him. It got worse when USA Today broke a story accusing Burson of spreading a “whisper campaign” about Google “on behalf of an unnamed client.”

Not good.
The source emails are here.
I’ve been patient with Facebook over the years as they’ve had their privacy stumbles. They’re forging new ground, and it’s not an exaggeration to say they’re changing the world’s notions on what privacy is. Give them time. They’ll figure it out eventually.
But secretly paying a PR firm to pitch bloggers on stories going after Google, even offering to help write those stories and then get them published elsewhere, is not just offensive, dishonest and cowardly. It’s also really, really dumb. I have no idea how the Facebook PR team thought that they’d avoid being caught doing this.
First, it lets the tech world know that Facebook is scared enough of what Google’s up to to pull a stunt like this. Facebook isn’t supposed to be scared, ever, about anything. Supreme confidence in their destiny is the the way they should be acting.
Second, it shows a willingness by Facebook to engage in cowardly behavior in battle. It’s hard to trust them on other things when we know they’ll engage in these types of campaigns.
And third, some of these criticisms of Google are probably valid, but it doesn’t matter any more. The story from now on will only be about how Facebook went about trying to secretly smear Google, and got caught.
The truth is Google is probably engaging in some somewhat borderline behavior by scraping Facebook content, and are almost certainly violating Facebook’s terms and conditions. But many people argue, me included, that the key data, the social graph, really should belong to the users, not Facebook. And regardless, users probably don’t mind that this is happening at all. It’s just Facebook trying to protect something that it considers to be its property.
Next time Facebook should take a page from Google’s playbook when they want to trash a competitor. Catch them in the act and then go toe to toe with them, slugging it out in person. Right or wrong, no one called Google a coward when they duped Bing earlier this year.
You’ve lost much face today, Facebook.
Update: Sleazy PR Firm Throws Scummy Facebook Under The Sordid Bus

CrunchBase Information

Facebook

Google

Information provided by CrunchBase

Blogger is (Finally) back

Hello all readers of the MasterBlogs!

Excuse us for the breakdown in our blog service, but Blogger is to blame!!! - not us!!

The MasterBlog: Blogger is (Finally) back

Share |

_______________________________________

Check it out on The MasterTech Blog

Stolen Camera Finder Finds Stolen Cameras | Gadget Lab | Wired.com

Stolen Camera Finder Finds Stolen Cameras

• By Charlie Sorrel
• April 28, 2011 |
• 6:08 am |
• Categories: Software and Operating Systems

Drag a photo onto the box and it will search for other pictures with your camera's serial number

If you lose your phone or your computer, there’s a fair chance you’ll get it back if you’re using some kind of tracking software. As we have seen before, Apple’s Find my iPhone service has rescued more than one lost phone. But what about your other gadgets?

If your camera is stolen, you now have at least a chance of finding it thanks to the Stolen Camera Finder by Matt Burns. It works by searching the web for photos bearing the serial number of your camera. This number is embedded in the EXIF data of every photograph you take.

Using the tool is easy. Just visit the site and drag a photo from your camera onto the waiting box. The tool searches its database for your camera and if it finds it, you can then go see the pictures. This may — hopefully — give you some clues as to where it is now. You’ll need to use a JPG image (RAW doesn’t work) and some cameras don’t write their serial number into the metadata.

The data comes from Flickr, and also from data crawled from the web. Matt has also written a browser extension for Google Chrome which will check the serial number of photos on every page you visit and add it to the database.

I tried the tool with a photo from my camera, and nothing showed up. I have a ton of photos online, on both on Flickr and here at Wired.com, so I was expecting something. I guess that the service will increase in value as time passes and the database grows. Still, the service is free, and if nothing else it lets you view a whole lot of information about your photos in the drop-down list.

Stolen Camera Finder [Stolen Camera Finder via Photography Bay]

See Also:

• IPhone and iPad Lost in the Trash, Found With MobileMe
• Geek and Thief Come Face to Face Thanks to 'Find My iPhone …

Stolen Camera Finder Finds Stolen Cameras | Gadget Lab | Wired.com

Share

-- The MasterFeeds

'Digital Inspections' at U.S. Border Raise Constitutional Questions - NYTimes.com

Can You Frisk a Hard Drive?

By DAVID K. SHIPLER

Published: February 19, 2011

If you stand with the Customs and Border Protection officers who staff the passport booths at Dulles airport near the nation’s capital, their task seems daunting. As a huge crowd of weary travelers shuffle along in serpentine lines, inspectors make quick decisions by asking a few questions (often across language barriers) and watching computer displays that don’t go much beyond name, date of birth and codes for a previous customs problem or an outstanding arrest warrant.

Enlarge This Image

Illustrations by Jennifer Daniel, Photograph by Imagemore Co., Ltd./Corbis

The officers are supposed to pick out the possible smugglers, terrorists or child pornographers and send them to secondary screening.
The chosen few — 6.1 million of the 293 million who entered the United States in the year ending Sept. 30, 2010 — get a big letter written on their declaration forms: A for an agriculture check on foodstuffs, B for an immigration issue, and C for a luggage inspection. Into the computer the passport officers type the reasons for the selection, a heads-up to their colleagues in the back room, where more thorough databases are accessible.
And there is where concerns have developed about invasions of privacy, for the most complete records on the travelers may be the ones they are carrying: their laptop computers full of professional and personal e-mail messages, photographs, diaries, legal documents, tax returns, browsing histories and other windows into their lives far beyond anything that could be, or would be, stuffed into a suitcase for a trip abroad. Those revealing digital portraits can be immensely useful to inspectors, who now hunt for criminal activity and security threats by searching and copying people’s hard drives, cellphones and other electronic devices, which are sometimes held for weeks of analysis.
Digital inspections raise constitutional questions about how robust the Fourth Amendment’s guarantee “against unreasonable searches and seizures” should be on the border, especially in a time of terrorism. A total of 6,671 travelers, 2,995 of them American citizens, had electronic gear searched from Oct. 1, 2008, through June 2, 2010, just a tiny percentage of arrivals.

New Hacking Tools Pose Bigger Threats to Wi-Fi Users - NYTimes.com

New Hacking Tools Pose Bigger Threats to Wi-Fi Users

 

By KATE MURPHY

February 16, 2011

You may think the only people capable of snooping on your Internet activity are government intelligence agents or possibly a talented teenage hacker holed up in his parents’ basement. But some simple software lets just about anyone sitting next to you at your local coffee shop watch you browse the Web and even assume your identity online.
“Like it or not, we are now living in a cyberpunk novel,” said Darren Kitchen, a systems administrator for an aerospace company in Richmond, Calif., and the host of Hak5, a video podcast about computer hacking and security. “When people find out how trivial and easy it is to see and even modify what you do online, they are shocked.”
Until recently, only determined and knowledgeable hackers with fancy tools and lots of time on their hands could spy while you used your laptop or smartphone at Wi-Fi hot spots. But a free program called Firesheep, released in October, has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited.
Without issuing any warnings of the possible threat, Web site administrators have since been scrambling to provide added protections.
“I released Firesheep to show that a core and widespread issue in Web site security is being ignored,” said Eric Butler, a freelance software developer in Seattle who created the program. “It points out the lack of end-to-end encryption.”
What he means is that while the password you initially enter on Web sites like Facebook, Twitter, Flickr, Amazon, eBay and The New York Times is encrypted, the Web browser’s cookie, a bit of code that that identifies your computer, your settings on the site or other private information, is often not encrypted. Firesheep grabs that cookie, allowing nosy or malicious users to, in essence, be you on the site and have full access to your account.
More than a million people have downloaded the program in the last three months (including this reporter, who is not exactly a computer genius). And it is easy to use.
The only sites that are safe from snoopers are those that employ the cryptographic protocol transport layer security or its predecessor, secure sockets layer, throughout your session. PayPal and many banks do this, but a startling number of sites that people trust to safeguard their privacy do not. You know you are shielded from prying eyes if a little lock appears in the corner of your browser or the Web address starts with “https” rather than “http.”
“The usual reason Web sites give for not encrypting all communication is that it will slow down the site and would be a huge engineering expense,” said Chris Palmer, technology director at the Electronic Frontier Foundation, an electronic rights advocacy group based in San Francisco. “Yes, there are operational hurdles, but they are solvable.”
Indeed, Gmail made end-to-end encryption its default mode in January 2010. Facebook began to offer the same protection as an opt-in security feature last month, though it is so far available only to a small percentage of users and has limitations. For example, it doesn’t work with many third-party applications.
“It’s worth noting that Facebook took this step, but it’s too early to congratulate them,” said Mr. Butler, who is frustrated that “https” is not the site’s default setting. “Most people aren’t going to know about it or won’t think it’s important or won’t want to use it when they find out that it disables major applications.”
Joe Sullivan, chief security officer at Facebook, said the company was engaged in a “deliberative rollout process,” to access and address any unforeseen difficulties. “We hope to have it available for all users in the next several weeks,” he said, adding that the company was also working to address problems with third-party applications and to make “https” the default setting.
Many Web sites offer some support for encryption via “https,” but they make it difficult to use. To address these problems, the Electronic Frontier Foundation in collaboration with the Tor Project, another group concerned with Internet privacy, released in June an add-on to the browser Firefox, called Https Everywhere. The extension, which can be downloaded at eff.org/https-everywhere, makes “https” the stubbornly unchangeable default on all sites that support it.
Since not all Web sites have “https” capability, Bill Pennington, chief strategy officer with the Web site risk management firm WhiteHat Security in Santa Clara, Calif., said: “I tell people that if you’re doing things with sensitive data, don’t do it at a Wi-Fi hot spot. Do it at home.”
But home wireless networks may not be all that safe either, because of free and widely available Wi-Fi cracking programs like Gerix WiFi Cracker, Aircrack-ng and Wifite. The programs work by faking legitimate user activity to collect a series of so-called weak keys or clues to the password. The process is wholly automated, said Mr. Kitchen at Hak5, allowing even techno-ignoramuses to recover a wireless router’s password in a matter of seconds. “I’ve yet to find a WEP-protected network not susceptible to this kind of attack,” Mr. Kitchen said.
A WEP-encrypted password (for wired equivalent privacy) is not as strong as a WPA (or Wi-Fi protected access) password, so it’s best to use a WPA password instead. Even so, hackers can use the same free software programs to get on WPA password-protected networks as well. It just takes much longer (think weeks) and more computer expertise.
Using such programs along with high-powered Wi-Fi antennas that cost less than $90, hackers can pull in signals from home networks two to three miles away. There are also some computerized cracking devices with built-in antennas on the market, like WifiRobin ($156). But experts said they were not as fast or effective as the latest free cracking programs, because the devices worked only on WEP-protected networks.
To protect yourself, changing the Service Set Identifier or SSID of your wireless network from the default name of your router (like Linksys or Netgear) to something less predictable helps, as does choosing a lengthy and complicated alphanumeric password.
Setting up a virtual private network, or V.P.N., which encrypts all communications you transmit wirelessly whether on your home network or at a hot spot, is even more secure. The data looks like gibberish to a snooper as it travels from your computer to a secure server before it is blasted onto the Internet.
Popular V.P.N. providers include VyperVPN, HotSpotVPN and LogMeIn Hamachi. Some are free; others are as much as $18 a month, depending on how much data is encrypted. Free versions tend to encrypt only Web activity and not e-mail exchanges.
However, Mr. Palmer at the Electronic Frontier Foundation blames poorly designed Web sites, not vulnerable Wi-Fi connections, for security lapses. “Many popular sites were not designed for security from the beginning, and now we are suffering the consequences,” he said. “People need to demand ‘https’ so Web sites will do the painful integration work that needs to be done.”

New Hacking Tools Pose Bigger Threats to Wi-Fi Users - NYTimes.com: "

iStockphoto
By KATE MURPHY
Published: February 16, 2011

- Sent using Google Toolbar"

Share this|

________________________

Google Chases Computer Criminals to Search-Engine Competitors

Incredible the industry that it has become! 

Google Chases Computer Criminals to Search-Engine Competitors - Bloomberg

Google Inc. has almost cut in half the malicious software affecting users of its search engine, driving hackers to competitors including Microsoft Inc.'s Bing, Yahoo! Inc. and Twitter Inc., a report says.

Hackers targeted Google, owner of the most popular search engine, 38 percent of the time as of Dec. 31, according to the report to be released later this month by Barracuda Networks Inc., a web security firm. Mountain View, California-based Google accounted for 69 percent of the attacks in a sample conducted around June, the report says. A Barracuda report in July labeled Google "king of malware."

Even as Google improved its security, the number of attacks increased. In the December sample, Barracuda said it found 226 pieces of bad software a day, compared with 146 in June. Meanwhile, Google's competitors recorded an increase in malware- laced search results: Cyber criminals placed 30 percent of their bad software on Yahoo! search results in December, up from 18 percent in June. Bing accounted for 24 percent in December, up from 12 percent in June. And the targeting of Twitter rose to 8 percent from 1 percent, the report says.

Google said it has ratcheted up efforts to identify and scrub attempts at so-called search poisoning, which allows criminals to take control of computers to perpetuate cyber attacks, as well as large-scale banking and identity-theft swindles.

Read the rest here: http://www.bloomberg.com/news/2011-02-15/google-chases-computer-criminals-to-search-engine-competitors.html

Sent from my iPad