Experts Warn on Wire-tapping of the Cloud

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

Leading privacy expert Caspar Bowden has warned Europeans using US cloud services that their data could be snooped on.

In a report, he highlights how the Foreign Intelligence Surveillance Act Amendment Act (FISAAA) allows US authorities to spy on cloud data.

This includes services such as Amazon Cloud Drive, Apple iCloud and Google Drive.

He told the BBC this heralded a new era of "cloud surveillance".

Foreign policy

Mr Bowden, former chief privacy adviser to Microsoft Europe, made a name for himself as a privacy advocate when the controversial Regulation of Investigatory Powers Act (RIPA) came into force in the UK in 2000.

Parliament accepted some of the amendments proposed by Mr Bowden as the then director of the Foundation for Information Policy Research.

Now he has turned his attention to US legislation and has co-authored the Fighting Cyber Crime and Protecting Privacy in the Cloud report which was recently presented to the European Parliament.

In it he said that FISAAA "expressly permits purely political surveillance", so that anyone with stored information relating to US foreign policy could find themselves of interest to the US authorities.

"Anyone who, for example, belongs to a campaign group which may oppose some aspect of US foreign policy, whether it be the Iraq war or climate change," he said.

The FISAAA was originally drafted in 2008, and was recently renewed until 2017. It was added on to existing legislation to take account of cloud computing, which was just emerging as a means of data storage.

"What's amazing is that nobody really spotted it for four years," said Mr Bowden.

"When FISAAA was extended to cover cloud computing, encrypting data to and from the cloud becomes irrelevant so it is surprising that nobody noticed this," he added.

Tiny supercomputer

Adam Mitton, a partner at law firm Harbottle & Lewis, agreed that the FISAAA could be a threat to privacy but questioned how much it was used.

 

"In theory there is a clear threat to the privacy of European citizens, but in reality the fact that it is obscure suggests that the threat isn't as great as it might be perceived," he said.

"If it was being used by an authority and having an impact on individual citizens, I think that the source of the information would come to light. The legislation is now five years old and I'm not aware of any case that has relied on it," he added.

Storing data in the cloud is becoming hugely popular not just for consumers who use it to keep photographs and other personal data safe but for businesses which are increasingly using cloud services to offer back-end processing power.

Under the FISAAA, US cloud providers can be compelled to release data from any citizen living outside of the US.

"The fibre-optic cable that carries the data is split and a miniature supercomputer scans all the data in real-time with any material of possible interest being instantly copied to the NSA [National Security Agency]," said Mr Bowden.

The court order is made in secret and remains secret - meaning it would not show up in things such as Google's transparency reports, which aim to document data requests from governments around the world.

"We have long known that the Americans can spy on foreign data but FISAAA extends this to reach inside the data centre. It allows the authorities to enact surveillance on a mass scale because it is wired into the infrastructure," Mr Bowden said.

A hearing on the European Parliament's findings of the report is due next month.

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

’Red October’: Global Cyber-Spy Network Uncovered by Russian Experts

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

A sophisticated cyber-espionage network targeting the world’s diplomatic, government and research agencies, as well as gas and oil industries, has been uncovered by experts at Russia’s Kaspersky Lab.

The system’s targets include a wide range of countries, with the primary focus on Eastern Europe, former Soviet republics and Central Asia – although many in Western Europe and North America are also on the list.

“The majority of infections are actually from the embassies of ex-USSR country members located in various regions such as Western Europe and even in North America – in the US we have few infections as well. But most infections are concentrated around Russia,” Vitaly Kamluk, chief malware expert at Kasperky Lab, told RT, adding that in Europe, the hardest-hit countries are apparently Beligum and Switzerland.

In addition to attacking traditional computer workstations, ‘Rocra’ – an abridgment of ‘Red October,’ the name the Kaspersky team gave the network – can steal data from smartphones, dump network equipment configurations, scan through email databases and local network FTP servers, and snatch files from removable disk drives, including ones that have been erased.

Unlike other well-known and highly automated cyber-espionage campaigns, such as ‘Flame’ and ‘Gauss,’ Rorca’s attacks all appear to be carefully chosen. Each operation is apparently driven by the configuration of the victim’s hardware and software, native language and even document usage habits.

The information extracted from infected networks is often used to gain entry into additional systems. For example, stolen credentials were shown to be compiled in a list for use when attackers needed to guess passwords or phrases.

The hackers behind the network have created more than 60 domain names and several server hosting locations in different countries – the majority of those known being in Germany and Russia – which worked as proxies in order to hide the location of the ‘mothership’ control server.

That malicious server’s location remains unknown, but experts have uncovered over 1,000 modules belonging to 34 different module categories.While Rocra seems to have been designed to execute one-time tasks sent by the hackers’ servers, a number of modules were constantly present in the system executing persistent tasks. This included retrieving information about a phone, its contact list, call history, calendar, SMS messages and even browsing history as soon as an iPhone or a Nokia phone is connected to the system.

The hackers’ primary objective is to gather information and documents that could compromise the security of governments, corporations or other organizations and agencies. In addition to focusing on diplomatic and governmental agencies around the world, the hackers also attacked energy and nuclear groups, and trade and aerospace targets.

No details have been given yet as to the attackers’ identity. However, there is strong technical evidence to indicate that the attackers are of Russophone origins, as Russian words including slang have been used in the source code commentaries. Many of the known attacks have taken place in Russian-speaking countries.

“It is bound to Russian language. We are currently uncertain which country is responsible for creating these malicious applications, but we are most certain the developers picked the Russian language. It is visible from the text links we extracted from the application. Some of them point to Russian origin. For example, the word used inside of the malware the word is ‘zakladka.’ In Russian it means a bookmark, or under cleared functionality it can refer to a backdoor functionality in some legitimate software. So that’s why we believe this work was used by Russian-speaking developers,” Kamluk told RT.

The hackers designed their own authentic and complicated piece of software, which has its own unique modular architecture of malicious extensions, info-stealing modules and backdoor Trojans. The malware includes several extensions and malicious files designed to quickly adjust to different system configurations while remaining able to grab information from infected machines.

These included a ‘resurrection’ module, which allowed hackers to gain access to infected machines using alternative communications channels and an encoded spy module, stealing information from different cryptographic systems such as Acid Cryptofiler, which has reportedly been used since 2011 by organizations such as NATO, the European Parliament and the European Commission.

The first instances of Red October malware were discovered in October 2012, but it has been infecting computers since at least 2007, Kaspersky Lab reported. The firm worked with a number of international organizations while conducting the investigation, including Computer Emergency Readiness Teams from the US, Romania and Belarus.

The EU is attempting to counter the huge rise in cyber-espionage by launching the European Cybercrime Center, which opened on Friday.

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

Intel Core vPro Processors Designed To Spy, Remotely Control Computers; ex-NSA Official

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

So you think no one can access your data because your computer is turned off. Heck it’s more than turned off, you even took the main hard drive out, and only the backup disk is inside. There is no operating system installed at all. So you KNOW you are safe.

Frank from across the street is an alternative operating systems hobbyist, and he has tons of computers. He has Free BST on a couple, his own compilation of Linux on another, a Mac for the wife, and even has Solaris on yet another. Frank knows systems security, so he cannot be hacked . . . . . . . or so he thinks.

The government does not like Frank much, because they LOVE to look at everything. Privacy is a crime don’t you know, and it looks like Frank’s luck with privacy is about to run out.

The new Intel Core vPro processors contain a new remote access feature which allows 100 percent remote access to a PC 100 percent of the time, even if the computer is TURNED OFF. Core vPro processors contain a second physical processor embedded within the main processor which has it’s own operating system embedded on the chip itself. As long as the power supply is available and and in working condition, it can be woken up by the Core vPro processor, which runs on the system’s phantom power and is able to quietly turn individual hardware components on and access anything on them.

This is being touted as something that makes IT administration easy. It is being advertised as something that will allow IT professionals the ability to remotely troubleshoot a PC no matter what is wrong with it. It allows IT professionals to view the contents of hard drives, check the memory, or hunt for problems on a machine without actually being in front of it. And to that, I call B.S, outside of snooping it’s only real world applications would involve accessing a recovery partition and restoring the computer to out of box state, installing software outside the knowledge of the main operating system, and secretly placing or deleting files.

But the intelligence agencies LOVE THIS. Because Frank is going on vacation soon and they know it. They have listened to all of his calls. They KNOW frank is a terrorist, because they have never been able to access anything Frank has done with a PC, and who would hide their use, other than a criminal? Frank keeps his computers up to date, and THREE of them now have Core vPro processors in them, and when Frank is gone, they are going to get their chance to access ALL of his files because the main backup hard disk went into the newest machine.

Real world use for Core vPro processors will involve the following:
Accessing any PC ANYWHERE, no matter what operating system is installed, even if it is physically disconnected from the Internet. You see, Core vPro processors work in conjunction with Intel’s new Anti Theft 3.0, which put 3g connectivity into every Intel CPU after the Sandy Bridge version of the I3/5/7 processors. Users do not get to know about that 3g connection, but it IS there. Frank was not stupid so he unplugged his router. Unfortunately for Frank, that won’t work, because anti theft 3.0 always has that 3g connection on also, even if the computer is turned off. Sorry Frank, you were good with operating systems, but did not know EVERYTHING about hardware.

And now the real reason for your finicky security habits will be known to the NSA – you found a way to route photons to any place in the world without any sort of cable. You revolutionized communications. You were going public when you returned from your vacation, but thanks to your new Core vPro processors, a major communications firm is going to go public with your invention BEFORE you get home, and your research will be deleted and replaced with “criminal activity” so you will be arrested when you get back and unable to speak about the theft of your invention. Fascism is GREAT.

If a system has the ram chips pulled, a Core vPro processor will read the hard disk anyway because it has all the ram it needs embedded in the vPro core. If you encrypted your hard drive, a Core vPro processor will read it anyway, because it snagged your encryption key.

If your system has been taken apart, and has no video card, ram, floppy, or hard drive, your Core vPro processor nailed you, because you left a flash drive plugged in. Or a CD in the CD drive. And what about that web cam?

The bottom line? The Core vPro processor is the end of any pretend privacy. If you think encryption, Norton, or anything else is going to ensure your privacy, including never hooking up to the web AT ALL, think again. There is now more than just a ghost in the machine.

The Zionist, Globalist, Banker scamming war mongering cabal has a history of using the marketing of security as a means to remove ALL security and nail you. If you believe Intel’s cheerful hype about these processors making things more secure than ever, think again, because any processor which allows a machine to be accessed even when it’s turned off equates to an information tyrant’s dream come true. Please engage your brain while watching this, the security pitch is unadulterated B.S. These processors in fact represent an ABSOLUTE BREACH of security no matter HOW they are marketed. From the techinical viewpoint of someone who worked for an intelligence agency, I call B.S. on Intel, avoid these processors like the plague!

Written by Jim Stone (ex-National Security Agency, USZ)
Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

Google forced to pay $22million fine for ‘spying on web users’ – but REFUSES to admit they were wrong

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

The Federal Trade Commission has ordered Google to pay $22.5 million for violating user privacy on its Apple's Safari browser. It's the biggest FTC fine ever issued for a commission violation.

The federal agency found that Google had been tracking "cookies" on Google sites for Apple Safari users. It was also sending targeted ads to those users, which violated another settlement between the FTC and the search-engine giant.

Google claimed that a tweak in Apple's browser caused an unintentional violation, but the FTC was not swayed by such an argument.

"A company like Google, which is a steward of information for hundreds of millions of people has to do better," David Vladeck, the FTC director of the Bureau of Consumer Protection, told reporters on a conference call following the announcement.

The potential privacy violation was first detected by Jonathan Mayer, a Standford University graduate student, who realized that Google was still tracking his cookies, even though he had tried to block it.

"This seems to be the kind of thing the company shouldn't be doing," Mayer told ABC News in February.

As a result of this and other violations, a "Do Not Track," or DNT, setting had been added to various browsers, including Mozilla's Firefox, Microsoft's Internet Explorer and Apple's Safari. Still, with this particular violation, the FTC charged that during 2011 and 2012, Google had been tracking Safari users -- on Macs, iPhones and iPads -- who had opted out of such tracking, as a result of default settings in the browser.

Google has not admitted to violating the law. "The complaint is not a finding or ruling that the defendant has actually violated the law. This consent order is for settlement purposes only and does not constitute an admission by the defendant that the law has been violated," the FTC said in a news release.

A Google spokesperson held to that as well. "We set the highest standards of privacy and security for our users. The FTC is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy," the spokesperson told ABC News. "We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple's browsers."

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

Mark of the Beast: FBI wants Tattoo Database

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

In July, the Department of Homeland Security announced it has branched “out from fingerprint matching to iris and facial recognition for identity verification” and is considering “additional biometric modalities” in an aggressive push to establish a sprawling Stasi-like data network.

Government implementation of biometric technology has come to the attention of Congress. On Wednesday, the Senate Committee on the Judiciary held a hearing of the Subcommittee on Privacy, Technology and the Law dealing with facial recognition and civil liberties.

Concerns about civil liberties, however, will not slow down Big Brother.

The FBI has announced it is working to establish a tattoo “symbols” database as part of an overarching effort to “foster collaboration, improve information sharing, and advance the adoption of optimal biometric and identity management solutions within the FBI and across the law enforcement and national security communities.” The agency is serious about “on-going work in other modalities including voice and face recognition, handwriting, palm prints, scars, marks, and tattoos.”

As NSA whistle-blower William Binney revealed, the government is “pulling together all the data about virtually every U.S. citizen in the country and assembling that information, building communities that you have relationships with, and knowledge about you; what your activities are; what you’re doing.” Face recognition, handwriting, palm prints, scars, marks, and tattoos – in addition to your email, web destinations, medical and credit records, and cell phone GPS coordinates – are all part of the dossier process.

Tattoos, of course, are a natural addition to this on-going effort to establish a high-tech mega-Stasi surveillance and control network. The Nazis tattooed Jews and political prisoners for easy identification. In the Roman Empire, soldiers were required by law to have identifying tattoos on their hands in order to make it difficult to remain anonymous if they deserted. Slaves and gladiators were also required to be tattooed. It was a common practice to tattoo “tax paid” on the forehead of slaves prior to the rule of Emperor Constantine, who banned the practice.

In America, circa 2012, no such law or requirement is needed – the act of tattooing is now wildly popular. This will make it easy for the state to further identify and control the populace.

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

Facebook Monitors Your Chats for “Criminal Activity”

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

Facebook and other social platforms are watching users’ chats for criminal activity and notifying police if any suspicious behaviour is detected, according to a report.

The screening process begins with scanning software that monitors chats for words or phrases that signal something might be amiss, such as an exchange of personal information or vulgar language.

The software pays more attention to chats between users who don’t already have a well-established connection on the site and whose profile data indicate something may be wrong, such as a wide age gap. The scanning program is also “smart” — it’s taught to keep an eye out for certain phrases found in the previously obtained chat records from criminals including sexual predators.

If the scanning software flags a suspicious chat exchange, it notifies Facebook security employees, who can then determine if police should be notified.

Keeping most of the scanned chats out of the eyes of Facebook employees may help Facebook deflect criticism from privacy advocates, but whether the scanned chats are deleted or stored permanently is yet unknown.

The new details about Facebook’s monitoring system came from an interview which the company’s Chief Security Officer Joe Sullivan gave to Reuters. At least one alleged child predator has been brought to trial directly as a result of Facebook’s chat scanning, according to Reuters’ report.

When asked for a comment, Facebook only repeated the remarks given by Sullivan to Reuters: “We’ve never wanted to set up an environment where we have employees looking at private communications, so it’s really important that we use technology that has a very low false-positive rate.”

Facebook works with law enforcement “where appropriate and to the extent required by law to ensure the safety of the people who use Facebook,” according to a page on its site.

“We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards.

“We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities.”

Indeed, Facebook has cooperated with police investigations in the past. In April, it complied with a police subpoena from the Boston Police Department by sending printouts of wall posts, photos and login/IP data of a murder suspect.

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter

Google and Apple to spy from the sky

• Subscribe to PCF Networked Blog Daily Updates 
• Subscribe to our Twitter / Google / Yahoo Daily Updates

Dreaming of an attic window? Enjoy sunbathing naked in your high-fenced backyard? Now, you may have to think twice before getting exposed, even in the privacy of your property, as Google and Apple take to the skies with high-precision cameras.


­Google has sent the planes over cities; Apple has acquired a firm using spy-in-the-sky technology – the two giants seem to be serious about this race to create the most-detailed aerial maps of populated areas ever. In fact, these maps are expected to be so detailed they can reveal objects only four inches wide, reports Britain’s Daily Mail.


Apple is expected to unveil its new mapping applications for iPhone and other devices as the company kicks off a big week for product announcements in San Francisco on Monday. Its 3D maps will reportedly show, for the first time, the sides of tall buildings, such as London’s Big Ben tower. Previously, Apple used Google’s mapping services on its devices, but changed the strategy when it purchased 3D-mapping company C3 Technologies last year. This firm relies on technology developed by Swedish aerospace and defence company Saab AB.


And yet, no matter how advantageous such prospective technological developments may be, they are also seen as a potential threat to people’s privacy and could be used for sinister purposes. “The next generation of maps is taking us over the garden fence,” warns Nick Pickles, director of Big Brother Watch – a UK-based campaign group for civil liberties and protecting privacy. “You won’t be able to sunbathe in your garden without worrying about an Apple or Google plane buzzing overhead taking pictures.”


It is not yet known what kind of technology is behind the aerial photography, but Google’s 3D maps are expected to be much more detailed than its Google Earth images taken from satellites. As for Apple, its military-grade cameras are thought to be powerful enough to see into homes through skylights and windows. The technology is believed to be similar to that used by intelligence services for tracking and identifying terrorists.


Google says it should have 3D coverage of towns and cities with a combined population of 300 million by the end of the year. C3 Technologies had already mapped 20 cities, and this number will continue to grow. Google’s planes are reportedly able to photograph some 40 square miles every hour. The company says they will be flying too quickly and too high to be able to access unsecured domestic WiFi networks, and therefore will not be able to gather private information, which is was discovered doing when compiling Google StreetVIew. 


Google does pixelate faces and car number plates that appear on its maps, but faced criticism on a number of occasions when it failed to do so. Nick Pickles says Google and Apple should seek householders’ consent before putting images of their homes online in high resolution. If the companies fail to do so, they should be prepared for quite a backlash.

(RT)

Pakistan Cyber Force

Follow PCF on Facebook

Follow PCF on Twitter