‘No customer oversight’: Dreaded cybersecurity bill CISA is back
RT | October 21, 2015
After a delay, cybersecurity legislation dreaded by privacy advocates and relentlessly pursued by national security officials, known as CISA, will get a vote on the Senate floor “in a couple of days,” a top sponsoring senator anticipates.
The Cybersecurity Information Sharing Act of 2015, also known as CISA, is as polarizing as it is close to a vote. It finally hit the Senate floor for debate on Tuesday, with top sponsor Senator Richard Burr (R-North Carolina) highlighting its necessity because “actors around the world continue to attack US systems, and in many cases penetrate it.”
Under the bill, private companies would have increased liability protection with respect to collecting American’s personal data that could potentially be related to security threats. It would also make it easier for them to share such data with the government, including departments like the National Security Agency.
Prominent CISA opponent and privacy advocate, Senator Ron Wyden (D-Oregon), challenged Burr, who chairs the Select Committee on Intelligence, on one argument in particular.
“He said that the most important feature of the legislation is that it’s voluntary. The fact is, it is voluntary for companies. It will be mandatory for their customers,” Wyden said, “and the fact is the companies can participate without the knowledge and consent of their customers, and they are immune from customer oversight and lawsuits if they do so.”
In many cases, customers have been able to nudge companies from a pro to a con position on CISA. In one instance last month, the Business Software Alliance (BSA) sent a letter to legislators, in part calling for “cyber threat information sharing legislation” granting them immunity so that they could “more easily share that information voluntarily.” However, after Fight for the Future, an internet freedom advocacy group, set up YouBetrayedUs.org to criticize the organizations, the BSA changed its tune.
The BSA, which includes Apple, IBM, and Microsoft, now opposes CISA, as does the Computer and Communications Industry Association, which includes Google, Facebook, and Amazon. Reddit, Wikimedia, Twitter, and Yelp have also released anti-CISA statements.
“Leading security experts argue that CISA actually won’t do much, if anything, to prevent future large-scale data breaches such as the federal government has already suffered, but many worry it could make things worse, by creating incentives for private companies and the government to widely share huge amounts of Americans’ personally identifiable information that will itself then be vulnerable to sophisticated hacking attacks,” added the American Library Association in a press release.
The discussion on CISA comes after a stall in the Senate’s schedule before its August recess. Lawmakers agreed to delay a vote on the bill when it became clear that senators had many amendments to submit, some of which included so-called “riders,” or unrelated issues, such as Senator Rand Paul’s (R-Kentucky) amendments to audit the Federal Reserve and defund “sanctuary cities.” At least 22 amendments will be given a chance to be added to CISA before a final passage vote.
Burr optimistically told The Hill that “a couple of days” was all that was needed to get to a final vote on CISA. He may have overshot, however, because there could be a scrimmage over amendments despite his efforts. Burr, with support of other Senate leaders, has managed to combine eight amendments into a legislative package he shares with CISA co-sponsor Senator Dianne Feinstein (D-California), but the grouping includes only one of Wyden’s two amendments.
Wyden told reporters that the one he feels “most strongly about” hadn’t been included. It would have provided a review system for deleting private info before data gets passed on to the government. The Wyden amendment that was included in the bill only requires that people be notified when their data is inappropriately shared.
Although no vote has been scheduled yet, Senate Majority Leader Mitch McConnell (R-Kentucky) is trying to end debate by Thursday. Beyond CISA, the Senate has an ambitious to-do list. It will decide whether to extend government spending beyond September 30, address the Iran nuclear deal, and fund highways and transportation systems in a comprehensive bill.
Virginia teen with pro-ISIS Twitter account sentenced to 11 years in prison
RT | August 28, 2015
A high school honor student who pleaded guilty to conspiring to provide material support to Islamic State through social media has been sentenced to 136 months in prison. The teen aided his friend in traveling to Syria to join the jihadist group in January.
In June, Ali Shukri Amin, 17, of Manassas, Virginia, pleaded guilty in a federal court to one count of providing material support and resources to Islamic State (IS, also known as ISIS/ISIL), which is considered a terrorist organization by the United States government.
On Thursday, Amin was sentenced to more than 11 years in prison. After serving his sentence, Amin will face a “lifetime of supervised release and monitoring of his internet activities,” according to the US Department of Justice (DOJ). Earlier this month, Amin said his thinking had become “distorted,” and that he had perverted the teachings of Islam to justify violence and death.
“I am deeply ashamed for becoming so lost and adrift from what I know in my heart is right,” Amin wrote to the judge tasked with sentencing him, the Washington Post reported last week. Prosecutors had originally sought a 15-year prison sentence. Amin asked for just a little over six years.
Amin was responsible for the Twitter handle @Amreekiwitness, an account with more than 4,000 followers that posted more than 7,000 messages since June 2014, according to a plea agreement. The account was openly pro-Islamic State, offering advice and encouragement to IS supporters, including how to use Bitcoin to send funding to IS. Amin’s @Amreekiwitness also sparred with the US State Department’s anti-radicalization Twittter account, @ThinkAgain_DOS.
Amin, identified as a Muslim by his attorney, facilitated travel to Syria for Reza Niknejad, 18, also of Prince William County, Virginia, according to the DOJ. Both attended Prince William County’s Osbourn Park High School, where Niknejad graduated in June 2014. Amin, an honor student who had been accepted to college before withdrawing, left the school in February.
In January, Amin and another teenager took Niknejad to Dulles International Airport outside Washington, DC so that he could catch a flight to Greece. Niknejad met up with Amin’s contacts in Istanbul, Turkey during a layover. Niknejad is now believed to be a member of the Islamic State in Syria.
Niknejad, a naturalized citizen originally from Iran, was charged in June with conspiring to provide material support to terrorists, conspiring to provide material support to IS, and conspiring to kill and injure people abroad.
Amin, a naturalized citizen from Sudan, is one of around 50 people charged by federal prosecutors in the US for trying to aid IS, the Washington Post reported in June. He is the youngest person to be charged for such activity, according to MSNBC.
The DOJ said Amin’s sentencing “demonstrates that those who use social media as a tool to provide support and resources to ISIL will be identified and prosecuted with no less vigilance than those who travel to take up arms with ISIL.”
“Ali Shukri Amin is a young American who used social media to provide material support to ISIL,” said Assistant US Attorney General for National Security John P. Carlin in a DOJ press release.
“ISIL continues to use social media to send their violent and hateful message around the world in an attempt to radicalize, recruit and incite youth and others to support their cause. More and more, their propaganda is seeping into our communities and reaching those who are most vulnerable.”
In the press release, Prince William County Police Department Chief Stephan Hudson said Amin was reported by “school staff” to law enforcement, which notified federal authorities through a Joint Terrorism Task Force partnership.
“Observations made by school staff and subsequent follow-up by the School Resource Officer were some of the earlier indicators of suspicious behavior regarding this individual,” Hudson said. “Those observations were quickly relayed to our partners with the JTTF who acted upon this information very quickly. We greatly appreciate that these observations were observed and reported to the proper authorities proved to be instrumental in the overall investigation in stopping a dangerous network such as ISIL from further infiltrating our community.”
The DOJ did not offer details as to the extent of Amin’s “suspicious behavior” reported by school staff that triggered an FBI investigation of a teenager. The FBI was first informed of Amin’s support in November 2014, according to reports.
“Amin’s case serves as a reminder of how persistent and pervasive online radicalization has become,” said assistant director of the FBI’s Washington Field Office Andrew McCabe, adding that the sentencing “marks a personal tragedy for the Amin family and the community as we have lost yet another young person to the allure of extremist ideology focused on hatred.”
Amin’s attorney, Joseph Flood, told the Post in June that his client was most angry at the Syrian regime, which Amin believed was tacitly supported by the United States. Amin’s actions “are a reflection of his deeply held religious beliefs, but also his immaturity, social isolation and frustration at the ineffectiveness of nonviolent means for opposing a criminal regime,” Flood said.
“In every regard, the activity that resulted in his conviction was an anomaly and at odds with the hard-working values he learned in his family,” Flood added. “Mr. Amin’s greatest hope is that others might learn from his errors and find pro-social, nonviolent ways of working for change.”
Amin also ran an ask.fm page under the name AmreekiWitness, according to his plea agreement. The account was “dedicated to raising awareness about the upcoming conquest of the Americas, and the benefits it has upon the American people.”
The FBI received clearance to search Amin’s phone in November, the Post reported. The agency seized a package from him on January 7 that contained a smartphone, thumb drive, and handwritten note in English and Arabic.
An FBI affidavit said Niknejad’s family checked his bank account on January 18 and discovered that he had bought a plane ticket to Turkey. He had told them he was going on a camping trip. The family also found an envelope in their mailbox that same day containg a thumb drive on which were family photos and a note from Niknejad saying he loved his family but he “had traveled to Medina, Saudi Arabia, to further study Islam.”
Surveillance watchdog calls for ‘democratic control’ of spies
RT | July 14, 2015
Civil liberties NGO Privacy International (PI) has criticized a report on state surveillance, calling for improved regulatory oversight rather than self-reporting by spy agencies.
The civil liberties NGO was commenting on a Royal United Service Institute (RUSI) report published on Monday.
Titled ‘A Democratic License to Operate’, the study was conducted by the foreign policy think-tank as part of Britain’s Independent Surveillance Review.
PI agreed with some of RUSI’s findings but insisted that government-backed mass surveillance remains a deep concern.
“The RUSI report, from start to end, emphasizes how technological change has rendered the current legal system governing surveillance obsolete,” PI deputy director Eric King told RT on Tuesday.
“Every day, the highly technical GCHQ finds new ways to eavesdrop, while our oversight tries to cope with technical blind spots,” he added.
Privacy International warned that the current system relies on GHCQ to self-report errors. It called for a “better resourced, more technically equipped oversight body” with the power to take “GCHQ to task.”
It also called for “root and branch reform” to bring snoops and the agencies they work for “under democratic control.”
This surveillance versus privacy rights debate has long infiltrated British politics, as campaigners continue to criticize government spy base GCHQ’s invasive snooping practices.
Despite contentious leaks by ex-NSA computer analyst and whistleblower Edward Snowden, RUSI’s report said there is “no evidence that the British government knowingly acts illegally in intercepting private communications.”
It argued further that there is no proof that the British state’s ability to collect data in bulk is used by snoops as a perpetual window into the private lives of UK residents.
RUSI’s study makes a series of recommendations on how state surveillance should be conducted in the future, saying that the current legal framework for intercepting communications is unclear.
The think tank adds this legal framework “has not kept pace with developments in communications technology, and does not serve either the government or members of the public satisfactorily.
The think tank is calling for “a new, comprehensive and clearer legal framework” to regulate state surveillance.
At a confidential intelligence conference held at Ditchley Park in Oxfordshire in June, the views of a number of high-ranking intelligence officials came to light.
Investigative journalist Duncan Campbell, who attended the conference, posted on his website, “Perhaps to many participants’ surprise, there was general agreement across broad divides of opinion that Snowden – love him or hate him – had changed the landscape.”
According to Campbell, a number of senior officials felt that shift “towards transparency, or at least ‘translucency’” was long overdue and utterly necessary.
New rule could prevent website owners from protecting their identity
RT | June 25, 2015
A new rule over domain registration would prevent people from using a third party to sign up for a commercial website. People often use proxies to protect their contact information from the public, particularly when their work is controversial.
Under the new rules, people registering websites for non-personal purposes would have to disclose their name, address and phone number, all of which could be easily searchable by anyone. The plan has privacy advocates like the Electronic Frontier Foundation (EFF) opposed to the idea and alarmed that website owners could “suffer a higher risk of harassment, intimidation and identify theft.”
“The ability to speak anonymously protects people with unpopular or marginalized opinions, allowing them to speak and be heard without fear of harm. It also protects whistleblowers who expose crime, waste, and corruption,” wrote EFF in a statement.
At first blush, the change would seem to only affect commercial website registration. But a personally created website that offers a community benefit, but also features ads to help defray the costs of running the site, could be judged as commercial, and has been in past domain name disputes.
It is not clear yet if the organization that oversees the bureaucratic process of naming online domains, the International Corporation for Assigned Names and Numbers (ICANN), will include the broader definition of commercial in the new rules.
ICANN has put up the rules for public comment until July 7. To date, thousands of people have logged comments.
One individual named Brad urged ICANN to “respect internet users’ rights to privacy and due process … Private information should be kept private.”
Another, Sarah Brown, told ICANN that her websites allow her to earn a living full-time online, but she has been stalked, harassed, and had content from her site stolen. She uses a third-party proxy to prevent people from finding her sites, her home address and phone number.
“I implore you to think through the consequences of removing our private WHOIS information. It serves as a buffer to protect us from the crazy people in this world,” wrote Brown. “We are living in unsafe times, where jealousy and greed overtake compassion and ethics. We are real people, with real lives, who can end up in real danger with our information in the wrong hands.” […]
ICANN said the rule change is being driven by discussions with law enforcement. EFF said it is also being driven by US entertainment companies and others who want new tools to discover the identities of website owners and then accuse them of copyright and trademark infringement, without a court order. US entertainment companies told Congress in March that privacy for domain registration should be allowed only in “limited circumstances”.
Read more: US anti-fraud law makes deleting browser history a crime punishable by 20yrs in jail
Nearly 200 scientists warn of cellphone health risks
RT | May 13, 2015
Biological and health scientists from Russia and Iran to the USA are calling on the UN, the World Health Organization and national governments to develop strict regulations concerning devices and cellphones that create electromagnetic fields.
The scientists are from 39 nations and have authored 2,000 peer-reviewed papers on the health and biological effects of non-ionizing radiation, which is part of the electromagnetic field spectrum. In a letter, they say that devices like cellphones pose risks of cancer, genetic damage, changes in reproductive system, and learning and memory deficits.
“Putting it bluntly they are damaging the living cells in our bodies and killing many of us prematurely,” said Dr. Martin Blank, from the Department of Physiology and Cellular Biophysics at Columbia University, in a video message.
“We have created something that is harming us, and it is getting out of control. Before Edison’s light bulb there was very little electromagnetic radiation in our environment. The levels today are very many times higher than natural background levels, and are growing rapidly because of all the new devices that emit this radiation.”
One example that was cited is the cellphone. Blank pointed to a study which showed that as cellphone usage has spread widely, the incidence of fatal brain cancer in younger people has more than tripled.
The scientists see the unregulated use of radio frequency radiation in cellphones and Wi-Fi as developing into a public health crisis. Blank said biologists and scientists are not being heard from committees that set safety standards, that safety limits are much too high and that biological facts are being ignored.
“They are not protective,” he added. “We are really all part of large biological experiment without our informed consent. To protect ourselves, our children, and our ecosystem, we must reduce exposure by establishing more protective guidelines.”
Scientists are appealing to the United Nations Environmental Programme (UNEP) to “convene and fund an independent multidisciplinary committee to explore the pros and cons of alternative to current practices that could substantially lower human exposure to RF and ELF fields.”
They request that the deliberations be “transparent and impartial,” and involve industry players in the field. However, scientists believe industry “should not be allowed to bias the process or conclusions.” Once completed, the analysis would offer the UN and WHO a guide for precautionary action.
Questions have surfaced about the safety of EMF among the scientific community and with the public, but it is largely absent from national debate despite the ubiquitous use of devices, particularly in the United States.
“…In the United States, where non-industry-funded studies are rare, where legislation protecting the wireless industry from legal challenges has long been in place…to suggest it might be a problem – maybe, eventually, a very public-health problem – is like saying our shoes might be killing us,” wrote journalist Christopher Ketchum in a 2010 GQ article called “Warning: Your Cell Phone May Be Hazardous to Your Health.”
Ketchum said a 2008 study sponsored by the International Agency for Research on Cancer in France reported that after a decade of cellphone use, the chances of getting a brain tumor – specifically on the side of the head where you use the phone – go up as much as 40 percent for adults.
Read more: Berkeley to vote on ‘right to know’ law on cellphone radiation risks
‘Father of internet’ speaks out against government demand for back doors in encryption
RT | May 5, 2015
Internet pioneer Vint Cerf said Monday that creating defects in encryption systems for law enforcement, often known as “back doors,” was “super, super risky” and not the “right answer.”
Cerf, recognized as a “father of the internet,” currently working at Google, told an audience at the National Press Club that he understood law enforcement’s desire to avoid being locked away from evidence that could be used to prevent crimes. He went on to say, however, that providing such access raises constitutional and legal questions.
“The Congress is forced now to struggle with that, and they’re going to have to listen to these various arguments about protection and safety on the one hand and preservation and privacy and confidentiality on the other,” Cerf said, as reported by The Hill.
The Obama administration has been trying to force companies like Google and Apple to create defects in encryption so the FBI and other government agencies can gain access to people’s information; this despite mounting criticism over the plan – a criticism that’s shared by Cerf.
“If you have a back door, somebody will find it, and that somebody may be a bad guy or bad guys, and they will intentionally abuse their access,” said Cerf.
“Creating this kind of technology is super, super-risky,” he added. “I don’t think that that’s the right answer.”
Former National Security Agency contractor Edward Snowden revealed a program codenamed “Bullrun,” which showed that the government penetrated encryption securities through the use of “supercomputers, technical trickery, court orders and behind-the-scenes persuasion.”
Since those disclosures, Silicon Valley industries have been working feverishly to adopt encryption technology beyond the reach of law enforcement agencies that haven’t first obtained a warrant, and to appease customers worried about their privacy. Law enforcement sees it differently, however.
“If this becomes the norm, I suggest to you that homicide cases could be stalled, suspects walked free, child exploitation not discovered and prosecuted,” FBI Director James Comey warned in October, reported The Hill.
For tech companies, though, it is not a question of creating “back doors” or “front doors” – it’s just a matter of secure technology and unsecure technology.
Last week, a bipartisan group of legislators attempted to add an amendment prohibiting the government from forcing companies to build back doors into their devices to a bill reforming the National Security Agency. Despite full support from House Judiciary Committee members, the measure was dropped over concerns it would sink the underlying bill.
Bipartisan bill would repeal Patriot Act, cut down American surveillance
RT | March 25, 2015
The bipartisan Surveillance State Repeal Act, if passed, would repeal dragnet surveillance of Americans’ personal communications, overhaul the federal domestic surveillance program, and provide protections for whistleblowers.
House lawmakers Mark Pocan (D-Wis.) and Thomas Massie (R-Ky.) are co-sponsoring bill H.R.1466, which was introduced on Tuesday and would repeal the 2001 Patriot Act, limit powers of the FISA Amendments Act, and prohibit retaliation against federal national security whistleblowers, according to The Hill.
“The Patriot Act contains many provisions that violate the Fourth Amendment and have led to a dramatic expansion of our domestic surveillance state,” said Rep. Massie in a statement. “Our Founding Fathers fought and died to stop the kind of warrantless spying and searches that the Patriot Act and the FISA Amendments Act authorize. It is long past time to repeal the Patriot Act and reassert the constitutional rights of all Americans.”
Specifically, the bill would revoke all the powers of the Patriot Act, and instruct the Director of National Intelligence and the Attorney General to destroy any information collected under the FISA Amendments Act concerning any US person not under investigation.
It would repeal provisions of the FISA Amendments Act to ensure surveillance of email data only occurs with a valid warrant based on probable cause. The bill would also prohibit the government from mandating that manufacturers build mechanisms allowing the government to bypass encryption in order to conduct surveillance.
Additionally, the bill would protect a federal whistleblower’s efforts to expose mismanagement, waste, fraud, abuse, or criminal behavior. It would also make retaliation against anyone interfering with those efforts – such as threatening them with punishment or termination – illegal.
“Really, what we need are new whistleblower protections so that the next Edward Snowden doesn’t have to go to Russia or Hong Kong or whatever the case may be just for disclosing this,” Massie said.
There have been previous attempts to limit dragnet surveillance under the Patriot Act since former National Security Agency analyst Edward Snowden leaked information regarding the programs in 2013, but the Senate bill introduced in 2013 never reached the floor for a vote.
“The warrantless collection of millions of personal communications from innocent Americans is a direct violation of our constitutional right to privacy,” said Rep. Pocan in a statement.
“Revelations about the NSA’s programs reveal the extraordinary extent to which the program has invaded Americans’ privacy. I reject the notion that we must sacrifice liberty for security – we can live in a secure nation which also upholds a strong commitment to civil liberties. This legislation ends the NSA’s dragnet surveillance practices, while putting provisions in place to protect the privacy of American citizens through real and lasting change.”
Portions of the Patriot Act are due for renewal on June 1.
NYPD accused of editing Wikipedia pages for Eric Garner death, other scandals
RT | March 13, 2015
The New York Police Department is reviewing reports that computers connected to the NYPD’s own network edited the Wikipedia pages for some of the more infamous recent events to involve the force, including the choking death of Eric Garner.
Wikipedia articles pertaining to at least three individuals who died as a result of altercations with the NYPD, including Garner, were edited out of the department’s 1 Police Plaza headquarters, Capital New York reported Friday.
According to publicly available records of the online encyclopedia’s revision history, computers connected to Internet Protocol (IP) addresses traced back by the paper to NYPD headquarters edited — and sometimes attempted to delete — entries on alleged instances of police brutality and articles critical of the force’s conduct.
Along with a page on Garner — the Staten Island man who died last July after being placed in a chokehold by NYPD officer Daniel Pantaleo — Wikipedia articles detailing no fewer than two others deaths involving the Big Apple’s boys in blue were altered by computers connected to the agency’s complex in downtown Manhattan, Kelly Weill reported for Capital New York this week.
Wikipedia pages for the NYPD’s so-called “stop-and-frisk” tactic, as well as recent scandals that have tarnished the force — such as the 2013 incident in which an undercover cop was caught up in a group beating on the West Side Highway — were edited from headquarters, Capital New York reported, along with the pages for Garner, Sean Bell and Amadou Diallo. Bell died in 2006 after undercover NYPD officers fired 50 times him and two other men, all unarmed, and Diallo was killed in 1999 when a cop mistook his wallet for a gun and opened fire.
Last December, someone connected through the NYPD’s network made multiple edits to the “Death of Eric Garner” page on Wikipedia, Weill reported, within hours of a grand jury’s decision not to charge NYPD Officer Pantaleo in the man’s death. “Garner raised both his arms in the air” was changed to “Garner flailed his arms about as he spoke,” Weill wrote, and “Use of the chokehold has been prohibited” was changed to “Use of the chokehold is legal, but has been prohibited.”
“Instances of the word ‘chokehold’ were replaced twice, once to ‘chokehold or headlock,’ and once to ‘respiratory distress,’” Weill reported, both times from the NYPD network.
With regards to the Bell shooting article, a user connected to the NYPD network initiated an effort to have the entry nixed altogether by filing a complaint on the website’s internal “Articles for deletion” page.
“He [Bell] was in the news for about two months, and now no one except Al Sharpton cares anymore. The police shoot people every day, and times with a lot more than 50 bullets. This incident is more news than notable,” the user wrote.
In 2006, according to Weill, a user of the NYPD network deleted 1,502 characters from the “scandals and corruption” section of Wikipedia’s “New York City Police Department” article. Two years later, another computer connected to the network deleted the entire “Allegations of police misconduct and the Civilian Complaint Review Board (CCRB)” and “Other incidents” sections from the main NYPD page.
Weill, an intern with Capital New York, wrote that there are more than 15,000 IP addresses registered to the NYPD, and information about them can easily be found online for free. A simple computer script programed in Python ran those addresses through Wikipedia, she said, and then flagged instances in which edits were made.
“The matter is under internal review,” NYPD spokeswoman Det. Cheryl Crispin told Capital New York in an email.
Read more – Grand jury doesn’t indict NYPD officer accused in chokehold death
Security firm says Sony hack might have been an inside job
RT | December 25, 2014
Despite claims by the FBI that North Korea was behind the massive hack against Sony, several cybersecurity experts have come forward to raise questions about the allegation, with some suggesting that insiders at the company could be to blame.
One such expert, Kurt Stammberger from the Norse cybersecuirty firm, told CBS News that his team believes a woman identified only as “Lena” was heavily involved in the hack – not North Korea.
“We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history,” he told the news outlet.
“Sony was not just hacked, this is a company that was essentially nuked from the inside,” Stammberger added.
Little is known about Lena, but Norse believes the woman is somehow linked with the hacking group behind the attack, known as the ‘Guardians of Peace.’ The firm also suspects the woman was a former employee of Sony who worked there for 10 years before leaving in May 2014.
According to Stammberger, Lena’s position in the company would have given her the access and knowledge needed to identify the servers that hackers ultimately stole troves of data from.
Stammberger didn’t completely rule out North Korea’s role in the cyber attack, but he told CBS that evidence pointing to the country could actually be a case of misdirection.
“There are certainly North Korean fingerprints on this but when we run all those leads to ground they turn out to be decoys or red herrings,” he said.
Last week, the FBI officially pinned the hack on North Korea, saying the breach involved lines of code, methods, and encryption algorithms previously developed by the country.
“Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korea actors previously developed,” the FBI said in its statement. “The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the US government has previously linked directly to North Korea.”
“Separately, the tools used in the SPE attack have similarities to a cyberattack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.”
Still, some remain unconvinced. Cybersecurity expert Bruce Schneier wrote that the code used by the hackers seems “to point in all directions at once.” Looking at the evidence cited by the FBI, Schneier said it’s the kind that is “easy to fake, and it’s even easier to interpret it incorrectly.” He also cast doubt on the “insider threat” theory, arguing that such an individual wouldn’t need the hacking tools used to breach Sony’s servers.
Schneier noted that the FBI has not revealed all the reasons for its claim, though, and acknowledged that classified evidence could clearly point the finger at North Korea. Unless that evidence is known, it’s hard to say with any certainty.
Other possibilities include the idea that North Korea “co-opted” the initial attack after an embarrassing glut of information was made public, using that as an opportunity to strike Sony, as it was reeling and facing pressure to cancel ‘The Interview’ movie.
While Sony did cancel the premiere and release of ‘The Interview’ – a comedy which tells the story of a CIA plot to assassinate North Korean leader Kim Jong-un – it has since relented in the face of public criticism, which included harsh words from President Barack Obama. The movie is now available on streaming services and will be in theaters in limited release on Christmas Day.
Regarding the film’s release, a North Korean envoy to the United Nations said the country will condemn the decision but will not have any “physical reaction.” He added that the movie is an “unpardonable mockery of our sovereignty and dignity of our supreme leader.”
The diplomat also told the Associated Press that his country was not involved in the hack.
READ MORE:
FBI formally accuses North Korea in Sony hack
Senator urges Obama to host White House screening of ‘The Interview’
N. Korea threatens US, demands apology for Obama’s ‘reckless rumors’ of Sony hack
FBI pushing for new domestic and global internet hacking powers
By Robert Bridge | RT | October 31, 2014
In a move that watchdog groups are calling an unconstitutional power grab, the Federal Bureau of Investigation is reportedly looking to rewrite the espionage rulebook, giving it the authority to hack into computers at home and abroad.
With little public debate and congressional oversight on the issue, the FBI appears set to make the fourth amendment to the Constitution wholly redundant, which protects Americans against “illegal searches and seizures,” The Guardian reported.
The Department of Justice will present its case on November 5 to the Advisory Committee on Criminal Rules.
“This is a giant step forward for the FBI’s operational capabilities, without any consideration of the policy implications. To be seeking these powers at a time of heightened international concern about US surveillance is an especially brazen and potentially dangerous move,” Ahmed Ghappour, an expert in computer law at the University of California, who will participate in next week’s meeting, told the Guardian.
Ghappour warned the passage of the new legislation would represent the greatest expansion of “extraterritorial surveillance abilities since the FBI’s inception.” He told the British daily that “for the first time the courts will be asked to issue warrants allowing searches outside the country.”
Concerning the threat of damaging America’s diplomatic relations, already wobbly following the Snowden revelations, Ghappour went on to add that in “the age of cyber attacks, this sort of thing can scale up pretty quickly.”
Presently, the FBI is reasonably restricted in its power to hack into domestic computers, requiring it to be granted court approval by judges working in the region where the surveillance will occur. The amendments that the domestic spy agency is seeking, however, would give judge’s the legal authority to issue a warrant to the FBI in a “district where the media or information is located has been concealed through technological means.”
Moreover, the amendments – something internet watchdog groups have been warning might eventually happen – would apply to all criminal cases, not just those related to “terrorists.”
In euphemistic terms, the new surveillance powers the FBI is seeking are known as “network investigative techniques,” which allows malware to be exported to a targeted computer, thereby giving agents nearly full control over the machine – even allowing it to conduct surveillance on any other computers within the user’s social group.
“This is an extremely invasive technique,” Chris Soghoian, principal technologist of the American Civil Liberties Union, told the Guardian. “We are talking here about giving the FBI the green light to hack into any computer in the country or around the world.”
Just this week, Soghoian obtained documents from the Electronic Frontier Foundation that in 2007 the FBI had planted a bogus Seattle Times/Associated Press story on a criminal suspect’s computer as a ploy to export the spyware onto the computer.
Soghoian underscored the feelings of many watchdog groups when he emphasized that next week’s hearing “should not be the first public forum for discussion of an issue of this magnitude.”
READ MORE:
FBI pretended to be Seattle newspaper in order to hack suspect’s computer
FBI impersonates repairmen in Las Vegas hotel to bust gambling ring
Adobe suspected of spying on eBook users
RT | October 8, 2014
Software giant Adobe has been accused of spying on individuals who use its Digital Editions e-book and PDF reader. The practice allegedly includes mining for data on users PCs, yet Adobe has denied acting beyond the user license agreement.
On Tuesday, the allegation that Digital Edition (DE) software logs and uploads user data to its servers was verified by Ars Technica and a competing software developer at Safari Books. This process is also notable because it’s done transparently over the internet, meaning individuals, internet corporations, and government departments like the National Security Agency can easily intercept the information.
Whether or not the company also monitors user hard drives in general has yet to be confirmed.
“It’s not clear how the data collected by Adobe is stored, but it is associated with a unique identifier for each Digital Editions installation that can be associated with an Internet Protocol address when logged,” Sean Gallagher wrote at Ars Technica. “And the fact that the data is broadcast in the clear by Digital Editions is directly in conflict with the privacy guidelines of many library systems, which closely guard readers’ book loan data.”
Originally, Adobe was flagged by the Digital Reader for tracking and uploading data related to various books opened in DE, such as how long a book has been activated or opened, or what pages have been read.
“Adobe is gathering data on the eBooks that have been opened, which pages were read, and in what order,” Nate Hoffelder wrote at the website. “All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.”
“Adobe is not only logging what users are doing,” he continued, “they’re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything.”
If that wasn’t enough, Hoffelder claimed that Adobe’s tracking systems are exploring data even beyond the DE reader, scanning users’ computer hard drives and collecting and uploading metadata related to every e-book in the system – whether they were opened in DE or not.
As previously mentioned, this last accusation has not been verified.
“Adobe Digital Editions does not scan your entire computer looking for files that it knows how to open, it needs to be explicitly told about EPUB or PDF files that you would like it to know about,” an Adobe tech support employee wrote earlier this year in response to a question on the community forum.
Utilized by thousands of libraries in order to lend out books digitally, DE’s tracking of activation times would allow libraries to know when a particular lending period has run its course. However, DE is not just tracking borrowed books. It’s also keeping tabs on purchased titles as well.
“We are looking at this, and very concerned about this,” said Deorah Caldwell-Stone, the deputy director of the American Library Association’s Office for Intellectual Freedom, to Ars Technica. If the data being uploaded over the internet is related to library lending, “we would want this information encrypted and private,” she added.
Meanwhile, Adobe said that “all information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers.”
“Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader. User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy.”
“In terms of the unsecure transmission of the collected data, Adobe is in the process of working on an update to address this issue,” the spokesperson said in an email to Ars Technica. “We will notify you when a date for this update has been determined.”