Group items tagged

"Two Kansas men have been charged with making $1m in proceeds by buying computer networking gear in China and passing it off as products from Cisco Systems. Christopher Myers, 40, and Timothy Weatherly, 27, obtained the networking gear from a variety of sources and then slapped phony Cisco labels on them, according to documents filed in federal court in Kansas City. To give the goods the additional air of legitimacy, they put them in purported Cisco boxes and included counterfeit Cisco manuals. Myers also stands accused of obtaining access to a website containing Cisco's confidential serial numbers, so the men could affix them to the gear they sold. Prosecutors said the men sold the equipment on eBay and on private websites. They were charged with one count of conspiracy, 30 counts of trafficking in counterfeit goods and one count of trafficking in counterfeit labels. The government is seeking forfeiture of $1m in proceeds from the alleged crimes. If convicted, the men also face a maximum of fives years in prison and $250,000 in fines. Myers made an initial appearance in court on Thursday. Security experts have warned that counterfeit networking gear could contain back doors that allow spies to conduct industrial espionage on US companies."

Here's the paper's abstract: This paper presents a novel technique for authenticating physical documents based on random, naturally occurring imperfections in paper texture. We introduce a new method for measuring the three-dimensional surface of a page using only a commodity scanner and without modifying the document in any way. From this physical feature, we generate a concise fingerprint that uniquely identifies the document. Our technique is secure against counterfeiting and robust to harsh handling; it can be used even before any content is printed on a page. It has a wide range of applications, including detecting forged currency and tickets, authenticating passports, and halting counterfeit goods. Document identification could also be applied maliciously to de-anonymize printed surveys and to compromise the secrecy of paper ballots.

With one in 10 information technology products on the market considered counterfeit, and software products developed across the globe at risk of subversion, it is hard to overstate the national security concerns regarding the use of IT products delivered through the global supply chain.

ACTA (Anti-Counterfeiting Trade Agreement) has concerned many consumer rights organizations for some time now. Given that it could easily affect criminal laws in many countries around the world, it's not hard to see why there is demand for public disclosure and allow public debate in the matters. Still, to this day, ACTA is being negotiated behind closed doors by many countries around the world and now consumer groups want to, at least, have the negotiations disclosed to them. When it comes to the privacy and surveillance debates, which are in various stages in different countries right now, many say that for national security concerns, further surveillance measures should be taken in the law books. Many policy makers want to know every detail of day-to-day communications of millions of people including who you talk to, when, how, where, and, with a warrant, what the contents of those messages are. Unsurprisingly, consumer rights groups have a problem with that. Meanwhile, when it comes to the highly secretive negotiations happening with ACTA, many consumer rights organizations want a clear indication on how the new international standard is forming and the contents of the legislation and to have such things disclosed to the public. Ironically, policy makers seem to have a problem with that.

Climbing into his Volvo, outfitted with a Matrics antenna and a Motorola reader he'd bought on eBay for $190, Chris Paget cruised the streets of San Francisco with this objective: To read the identity cards of strangers, wirelessly, without ever leaving his car. It took him 20 minutes to strike hacker's gold. Zipping past Fisherman's Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians' electronic U.S. passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he'd "skimmed" the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet. Embedding identity documents - passports, drivers licenses, and the like - with RFID chips is a no-brainer to government officials. Increasingly, they are promoting it as a 21st century application of technology that will help speed border crossings, safeguard credentials against counterfeiters, and keep terrorists from sneaking into the country. But Paget's February experiment demonstrated something privacy advocates had feared for years: That RFID, coupled with other technologies, could make people trackable without their knowledge or consent. He filmed his drive-by heist, and soon his video went viral on the Web, intensifying a debate over a push by government, federal and state, to put tracking technologies in identity documents and over their potential to erode privacy. Putting a traceable RFID in every pocket has the potential to make everybody a blip on someone's radar screen, critics say, and to redefine Orwellian government snooping for the digital age. "Little Brother," some are already calling it - even though elements of the global surveillance web they warn against exist only on drawing boards, neither available nor approved for use.

The next wave of hacking into computers and stealing data will not be requests or code coming from remote points across the Web, security experts are warning. Instead, the most sophisticated Trojan Horses appearing on Wall Street financial systems may be threaded into the silicon of integrated circuits by design, their malicious instructions baked right into the tiny physical aspects and intricate mapping of the chip itself, according to scientists and academics working with the National Institute of Standards and Technology, the White House and the Financial Services Information Sharing and Analysis Center in Dulles, Va. Detecting such malware after a chip is fabricated will be extremely difficult, if not impossible, these experts say, because the microchips that run servers have millions to billions of transistors in them. Adding a few hundred or even just tens of transistors can compromise an integrated circuit can serve attackers' purposes and escape notice. "You can never really test every single combination on the chip. Testing a billion transistors would take a very long time. It would be very difficult to detect hardware Trojans without having some idea of what you're looking for to begin with," said Scott C. Smith, associate professor of electrical engineering at the University of Arkansas, co-author of a 2007 paper which described a "Hardware Threat Modeling Concept for Trustable Integrated Circuits." Tweaking chips themselves will make them prone to manipulate data, shut down a critical function, or turn a system into a bugged phone that steals and relays vital information, the experts say.