Group items tagged

The FBI has used a secret form of spyware in a series of investigations designed to nab extortionists, database-deleting hackers, child molesters, and hitmen, according to documents obtained by CNET News. One suspect used Microsoft's Hotmail to send bomb and anthrax threats to an undercover government investigator; another demanded a payment of $10,000 a month to stop cutting cables; a third was an alleged European hitman who was soliciting for business from a Hushmail.com account. CNET News obtained the documents -- totaling hundreds of pages, although nearly all of them were heavily redacted -- this week through a Freedom of Information Act request to the FBI. The FBI spyware, called CIPAV, came to light in July 2007 through court documents that showed how the bureau used it to nab a teenager who was e-mailing bomb threats to a high school near Olympia, Wash. (CIPAV stands for Computer and Internet Protocol Address Verifier.) A June 2007 memo says that the FBI's Deployment Operations Personnel were instructed to "deploy a CIPAV to geophysically locate the subject issuing bomb threats to the Timberline High School, Lacy, Washington. The CIPAV will be deployed via a Uniform Resource Locator (URL) address posted to the subject's private chat room on MySpace.com."

"The attempted attack on a Detroit-bound flight last week, along with the events preceding and following it, has provided a snapshot of the ongoing struggle to balance civil liberties and national security. President Obama on Tuesday admitted a "systemic failure" on multiple levels in the run-up to the attempted bombing. Suspect Umar Farouk Abdulmutallab was in a terror database of more than a half-million people but was not on a "no-fly" list. The administration has initiated a review of airport security and the watch-list system in the wake of the failed plot. But so far, analysts say what happened is emblematic of the struggle between privacy and security interests. "It's just (an) inability to understand the right way to strike the balance that's at fault," said constitutional attorney David Rivkin. Airlines don't have access to the government's comprehensive terrorist database. They screen travelers based on the smaller, "no-fly" list."

Perhaps this is more a question of trust (not privacy) versus security. Do we really trust our government and its agents to handle private information securely?

The purpose for all of this online snooping is singular: Google, Microsoft, Yahoo, Apple, Facebook and others are intent on delivering more relevant online ads to each and every one of us - and bagging that advertising money.

A former Fannie Mae IT contractor has been indicted for planting a virus that would have nuked the mortgage agency's computers, caused millions of dollars in damages and even shut down operations. How'd this happen? The contractor was terminated, but his server privileges were not. Rajendrasinh Makwana was indicted on Tuesday in the U.S. District Court for Maryland (press report, complaint and indictment PDFs). From early 2006 to Oct. 24, Makwana was a contractor for Fannie Mae. According to the indictment, Makwana allegedly targeted Fannie Mae's network after he was terminated. The goal was to "cause damage to Fannie Mae's computer network by entering malicious code that was intended to execute on January 31, 2009." And given Fannie Mae-along with Freddie Mac-was nationalized in an effort to stabilize the mortgate market Makwana could caused a good bit of havoc. Makwana worked at Fannie Mae's data center in Urbana, MD as a Unix engineer as a contractor with a firm called OmniTech. He had root access to all Fannie Mae servers. The tale of Makwana malware bomb plot is a warning shot to all security teams and IT departments. Given the level of layoffs we've seen lately the ranks of disgruntled former employees is likely to grow. Is there any company NOT lopping off a big chunk of its workforce? And some of these workers may even have Makwana's access privileges and knowledge of the corporate network.

The private correspondence of millions of people who use social networking sites could be tracked and saved on a "big brother" database, under new plans being drawn up by the UK government. Ministers revealed yesterday that they were considering policing messages sent via sites such as MySpace and Facebook, alongside plans to store information about every phone call, e-mail and internet visit made by everyone in the United Kingdom. There was immediate uproar from opposition parties, privacy campaigners and security experts who said the plans were over-the-top and unworkable. There have long been proposals, following an European Union directive in the wake of the July 2005 bombings in London, for emails and internet usage to be tracked in order to guard against future terrorist attacks.