Group items tagged

The United States has found a way to permanently embed surveillance and sabotage tools in computers and networks it has targeted in Iran, Russia, Pakistan, China, Afghanistan and other countries closely watched by American intelligence agencies, according to a Russian cybersecurity firm.In a presentation of its findings at a conference in Mexico on Monday, Kaspersky Lab, the Russian firm, said that the implants had been placed by what it called the “Equation Group,” which appears to be a veiled reference to the National Security Agency and its military counterpart, United States Cyber Command.

It linked the techniques to those used in Stuxnet, the computer worm that disabled about 1,000 centrifuges in Iran’s nuclear enrichment program. It was later revealed that Stuxnet was part of a program code-named Olympic Games and run jointly by Israel and the United States.Kaspersky’s report said that Olympic Games had similarities to a much broader effort to infect computers well beyond those in Iran. It detected particularly high infection rates in computers in Iran, Pakistan and Russia, three countries whose nuclear programs the United States routinely monitors.

Some of the implants burrow so deep into the computer systems, Kaspersky said, that they infect the “firmware,” the embedded software that preps the computer’s hardware before the operating system starts. It is beyond the reach of existing antivirus products and most security controls, Kaspersky reported, making it virtually impossible to wipe out.

NATO has announced that it is launching an “information war” against Russia. The UK publicly announced a battalion of keyboard warriors to spread disinformation. It’s well-documented that the West has long used false propaganda to sway public opinion. Western military and intelligence services manipulate social media to counter criticism of Western policies. Such manipulation includes flooding social media with comments supporting the government and large corporations, using armies of sock puppets, i.e. fake social media identities. See this, this, this, this and this. In 2013, the American Congress repealed the formal ban against the deployment of propaganda against U.S. citizens living on American soil. So there’s even less to constrain propaganda than before.

Information warfare for propaganda purposes also includes: The Pentagon, Federal Reserve and other government entities using software to track discussion of political issues … to try to nip dissent in the bud before it goes viral “Controlling, infiltrating, manipulating and warping” online discourse Use of artificial intelligence programs to try to predict how people will react to propaganda

Some of the propaganda is spread by software programs. We pointed out 6 years ago that people were writing scripts to censor hard-hitting information from social media. One of America’s top cyber-propagandists – former high-level military information officer Joel Harding – wrote in December: I was in a discussion today about information being used in social media as a possible weapon.  The people I was talking with have a tool which scrapes social media sites, gauges their sentiment and gives the user the opportunity to automatically generate a persuasive response. Their tool is called a “Social Networking Influence Engine”. *** The implications seem to be profound for the information environment. *** The people who own this tool are in the civilian world and don’t even remotely touch the defense sector, so getting approval from the US Department of State might not even occur to them.

The nation’s top technology firms and a coalition of privacy groups are urging Congress to place curbs on government surveillance in the face of a fast-approaching deadline for legislative action. A set of key Patriot Act surveillance authorities expire June 1, but the effective date is May 21 — the last day before Congress breaks for a Memorial Day recess. In a letter to be sent Wednesday to the Obama administration and senior lawmakers, the coalition vowed to oppose any legislation that, among other things, does not ban the “bulk collection” of Americans’ phone records and other data.

We know that there are some in Congress who think that they can get away with reauthorizing the expiring provisions of the Patriot Act without any reforms at all,” said Kevin Bankston, policy director of New America Foundation’s Open Technology Institute, a privacy group that organized the effort. “This letter draws a line in the sand that makes clear that the privacy community and the Internet industry do not intend to let that happen without a fight.” At issue is the bulk collection of Americans’ data by intelligence agencies such as the National Security Agency. The NSA’s daily gathering of millions of records logging phone call times, lengths and other “metadata” stirred controversy when it was revealed in June 2013 by former NSA contractor Edward Snowden. The records are placed in a database that can, with a judge’s permission, be searched for links to foreign terrorists.They do not include the content of conversations.

That program, placed under federal surveillance court oversight in 2006, was authorized by the court in secret under Section 215 of the Patriot Act — one of the expiring provisions. The public outcry that ensued after the program was disclosed forced President Obama in January 2014 to call for an end to the NSA’s storage of the data. He also appealed to Congress to find a way to preserve the agency’s access to the data for counterterrorism information.

Microsoft Corp. has agreed to change its policies and always tell email customers when it suspects there has been a government hacking attempt after widespread hacking by Chinese authorities was exposed. Microsoft experts concluded several years ago that Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China's Tibetan and Uighur minorities in particular — but it decided not to tell the victims, allowing the hackers to continue their campaign, according to former employees of the company. On Wednesday, after a series of requests for comment from Reuters, Microsoft said it would change its policy on notifying customers. Microsoft spokesman Frank Shaw said the company was never certain of the origin of the Hotmail attacks.

The company also confirmed for the first time that it had not called, emailed or otherwise told the Hotmail users that their electronic correspondence had been collected. The company declined to say what role the exposure of the Hotmail campaign played in its decision to make the policy shift. The first public signal of the attacks came in May 2011, though no direct link was immediately made with the Chinese authorities.

That's when security firm Trend Micro Inc announced it had found an email sent to someone in Taiwan that contained a miniature computer program. The program took advantage of a previously undetected flaw in Microsoft's own web pages to direct Hotmail and other free Microsoft email services to secretly forward copies of all of a recipient's incoming mail to an account controlled by the attacker. Trend Micro found more than a thousand victims, and Microsoft patched the vulnerability before the security company announced its findings publicly

The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”

But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.

There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.

For more than a year we’ve been investigating Cambridge Analytica and its links to the Brexit Leave campaign in the UK and Team Trump in the US presidential election. Now, 28-year-old Christopher Wylie goes on the record to discuss his role in hijacking the profiles of millions of Facebook users in order to target the US electorate

A bill that would bring a local version of net neutrality to Oregon is headed for the Governor's desk.House Bill 4155 would prevent public bodies such as state and local governments and school districts, from contracting with broadband providers that engage in "paid prioritization."An example of paid prioritization would be a provider supplying faster internet speeds to an entity like Amazon's streaming service, provided Amazon pays an extra fee.The bill passed easily in both the House and Senate, despite opposition from several Republicans.

The Oregon Cable Telecommunications Association opposed the bill, as did Comcast and Century Link, two local broadband providers.

The encryption debate dates back to Clinton administration proposals for the “clipper chip” and mandatory deposit of decryption keys. But that debate reached new prominence in connection with the FBI’s efforts to compel Apple to decrypt the phone of a dead terrorist in the San Bernardino case. A new study by the National Academies of Sciences, Engineering, and Medicine tries to shed some light, and turn down the heat, in the debate over whether government agencies should be provided access to plaintext versions of encrypted communications and other data. FBI and other law enforcement officials, and some intelligence officials, have argued that in the face of widespread encryption provided by smart phones, messaging apps, and other devices and software, the internet is “going dark.” These officials warn that encryption is restricting their access to information needed for criminal and national security investigations, arguing that they need a reliable, timely and scalable way to access it. Critics have raised legal and practical objections that regulations to ensure government access would pose unacceptable risks to privacy and civil liberties and undermine computer security in the face of rising cyber threats, and may be less necessary given the wider availability of data and alternative means of obtaining access to encrypted data. As the encryption debate has become increasingly polarized with participants on all sides making sweeping, sometimes absolutist, assertions, the new National Academies’ report doesn’t purport to tell anyone what to do, but rather provides a primer on the relevant issues.

That didn't take long. Securus -- you know, that company that lets cops track phones in real time with what amounts to a "pinky promise," according to US Sen. Ron Wyden -- has reportedly been hacked.The hacker, according to Motherboard, was able to get away with, at a minimum, a spreadsheet containing 2,800 logins and poorly encrypted passwords, some of which had already been cracked. Motherboard says it tested a number of logins to corroborate the hacker's story.Securus on Friday confirmed in a statement that "a subset of certain non-consumer administrative user account information (e.g., usernames, email addresses, and phone numbers) had been unlawfully accessed" and said it's launched an investigation into the breach. It's found no evidence that the breach is related to its location-based services, but it's disabled location-based data in the meantime "in an abundance of caution."Last Thursday, The New York Times revealed that Securus Technologies, which monitors calls to US prison inmates, has been used by a former Missouri sheriff to monitor people's phones and track their location. Wyden has called on federal authorities to investigate the company and its practices as they relate to people's privacy.

Just before midnight on Friday, at the close of what was a hectic month for markets, WSJ dropped a bombshell of a story: The paper reported that the DoJ has opened an anti-trust investigation of Alphabet Inc., which could "present a major new layer of regulatory scrutiny for the search giant, according to people familiar with the matter." The report was sourced to "people familiar with the matter," but was swiftly corroborated by the New York Times, Bloomberg and others. For months now, the FTC has appeared to be gearing up for a showdown with big tech. The agency - which shares anti-trust authority with the DoJ - has created a new commission that could help undo big-tech tie-ups like Facebook's acquisition of Instagram, and hired lawyers who have advanced new anti-monopoly theories that would help justify the breakup of companies like Amazon. But as it turns out, the Trump administration's first salvo against big tech didn't come from the FTC; instead, this responsibility has been delegated to the DoJ, which has reportedly been tasked with supervising the investigation into Google. That's not super surprising, since the FTC already had its chance to nail Google with an anti-monopoly probe back in 2013. But the agency came up short. From what we can tell, it appears the administration will divvy up responsibility for any future anti-trust investigations between the two agencies, which means the FTC - which is already reportedly preparing to levy a massive fine against Facebook - could end up taking the lead in those cases.

Though WSJ didn't specify which aspects of Google's business might come under the microscope, a string of multi-billion-euro fines recently levied by the EU might offer some guidance. The bloc's anti-trust authority, which has been far more eager to take on American tech giants than its American counterpart (for reasons that should be obvious to all), has fined Google over its practice of bundling software with its standard Android license, the way its search engine rankings favor its own product listings, and ways it has harmed competition in the digital advertising market. During the height of the controversy over big tech's abuses of sensitive user data last year, the Verge published a story speculating about how the monopolistic tendencies of each of the dominant Silicon Valley tech giants could be remedied. For Google, the Verge argued, the best remedy would be a ban on acquisitions - a strategy that has been bandied about in Congress.

FRONTLINE PBS | Official FRONTLINE PBS | Official Verified

A documentary exploring how artificial intelligence is changing life as we know it — from jobs to privacy to a growing rivalry between the U.S. and China.

House lawmakers who spent the last 16 months investigating the practices of the world’s largest technology companies said on Tuesday that Amazon, Apple, Facebook and Google had exercised and abused their monopoly power and called for the most sweeping changes to antitrust laws in half a century.In a 449-page report that was presented by the House Judiciary Committee’s Democratic leadership, lawmakers said the four companies had turned from “scrappy” start-ups into “the kinds of monopolies we last saw in the era of oil barons and railroad tycoons.” The lawmakers said the companies had abused their dominant positions, setting and often dictating prices and rules for commerce, search, advertising, social networking and publishing.The House ReportRead the full report here »

To amend the inequities, the lawmakers recommended restoring competition by effectively breaking up the companies, emboldening the agencies that police market concentration and throwing up hurdles for the companies to acquire start-ups. They also proposed reforming antitrust laws, in the biggest potential shift since the Hart-Scott-Rodino Act of 1976 created stronger reviews of big mergers.