Monthly Archives: December 2014

Terror laws clear Senate, enabling entire Australian web to be monitored and whistleblowers to be jailed

George Brandis struggled to explain metadata on live TV.image www.intelagencies.com

Attorney-General George Brandis praised the laws being passed. Photo: Andrew Meares

Following the biggest counter-terrorism raids in Australia’s history and the beefing up of Parliament House security, Australia’s Senate passed laws enabling Australian spies to monitor the entire internet with just one warrant.

ooo

Henry Sapiecha

George Brandis in ‘car crash’ interview over controversial data retention regime

Attorney-General George Brandis praised the terrorism laws being passed in australia image www.intelagencies.com

George Brandis struggled to explain metadata on live TV. Photo: Alex Ellinghausen

Attorney-General George Brandis struggled to explain live on Sky News what metadata the federal government’s upcoming mandatory data retention regime would capture. The interview led to Sky News journalist and presenter David Speers winning a Walkley for his efforts in interrogating Senator Brandis.

ooo

Henry Sapiecha

Man who introduced serious ‘Heartbleed’ security flaw denies he inserted it deliberately

When the Heartbleed bug was uncovered, many people in the IT security industry were asking whether the code containing the flaw had deliberately been inserted. Dr Robin Seggelmann,image www.intelagencies.com

When the Heartbleed bug was uncovered, many people in the IT security industry were asking whether the code containing the flaw had deliberately been inserted. Dr Robin Seggelmann, who introduced the flaw, said it was “tempting” to assume this, but said “it was a simple programming error”.

ooo

Henry Sapiecha

Ten ways to shut down the internet

cyber-attack-internet shutdown image www.intelagencies.com

There are many ways to break the internet, and they don’t necessarily involve Kim Kardashian.

On Tuesday North Korea was officially offline for nearly 10 hours, in what appears to be a fresh twist to its ongoing cyber-stoush with the US over the Sony Pictures hack.

Analysts are still picking over what may have caused the outage.

Matthew Prince from internet and security company Cloudflare says the more connected a country is, the harder it is to knock it offline.

A country like Australia, while remote, is well connected, so we’re unlikely to be cast adrift completely.

But mass outages do happen from time to time and there are many potential causes.

So how exactly can a country’s internet be disrupted or turned off?

1. Attack it

norse internet shut down chart image www.intelagencies.com

One way to knock a country offline is via a denial-of-service attack. Such an attack typically involves flooding the core routers of a country’s telecommunications infrastructure with more traffic than they can handle. To do this the attacker has to have more network capacity than the target.

“Botnets” — computers infected with malicious software — are typically used in distributed-denial-of-service attacks to increase the hacker’s capacity.

Last year a denial-of-service attack in China knocked all websites registered with a country domain – “.cn” (the Chinese version of “.com.au”) – offline. A similar attack against an Australian betting agency in 2004 knocked out the whole of Telstra’s Alice Springs network, part of Adelaide, and Telstra central in Sydney.

2. Pull the plug on it or order a shutdown

egypt-internet chart image www.intelagencies.com

A graph showing internet traffic to and from Egypt in 2011.

Where connections are few and far between and governments have high degrees of power, it is possible for them to shut down internet access in the country.

This happened during the Arab Spring. In 2011, then Egyptian president Hosni Mubarak cut the cord on his country’s internet and 3G mobile services in an attempt to quash protestors who were communicating with each other online.

A month later, Libya followed suit ahead of planned citizen protests.

Cloudflare’s Mr Prince said the North Korean shutdown was unlikely to be state-sponsored, or it would likely still be “down for the count” (i.e. still out).

If one country relies on a neighbouring country for its connection to the internet and the rest of the world, it will obviously be at the behest of its neighbour. So if one country that connects another pulls the plug on the cable, the other country’s internet will be affected if there is no back-up connection.

North Korea has only one internet connection to the rest of the world, via China’s Unicom.

3. Do something stupid

excavator digging image www.intelagencies.com

It’s not unheard of for cables delivering the internet to be cut accidentally. Last year hundreds of Sydney residents were without their internet for days, supposedly due to some very poorly planned civil works. NBN contractors have also come under fire in the past for cutting connections.

Back in 2009, an EnergyAustralia contractor cut through at least 10 Telstra cables in Sydney, affecting CBD phones, internet and eftpos.

Councils and builders, or dogs looking to bury bones in hard-to-find places, can get advice on where it’s safe to dig at 1100.com.au.

4. Unintentionally dig it up

what's the internet. cable damage image www.intelagencies.com

What’s the internet? … Hayastan Shakarian holds a handsaw near her native village of Armazi.  Photo: AFP

In 2011, a grandmother severed the internet connections of thousands of people in Georgia and neighbouring Armenia while she was digging for scrap copper. The outage lasted five hours.

She was a 75-year-old pensioner and claimed she didn’t even know what the internet was. It wasn’t the first time someone had done this in Georgia.

5. Drown it

flooded internet exchange image www.intelagencies.com

A large number of websites hosted in the US went down during Hurricane Sandy. Photo: merchantcircle.com

Data centres go offline when flooded or without power. Hurricane Sandy knocked out data centres in the US in 2012, taking many popular US websites offline. Floods in Queensland in 2011 also resulted in thousands being disconnected.

6. Set it on fire

phone exchange fire aftermath image www.intelagencies.com

A fire led to Warrnambool Telephone Exchange’s demise. Photo: Telstra

Tens of thousands of phone and internet connections in Victoria were shut off in 2012 after a fire razed the Warrnambool Telephone Exchange. It was thought to be the biggest disruption of its kind in Australia.

7. Vandalise it

CABLE BUNCH CLOSE-UP image www.intelagencies.com

In May, iiNet said vandals damaged a backhaul fibre cable in Traralgon South, Victoria. The disruption was felt all the way down in Tasmania, with impaired connections for “some broadband customers”, iiNet said.

In 2012, a separate rogue individual deliberately cut several Telstra cables in Sydney, causing millions of dollars worth of damage and cutting communications from many homes and suburbs, including the local police station.

8. Let the sharks at it

shark attacking underwater cable image www.intelagencies.com

While undersea cables are typically susceptible to accidental breakage by ship anchors, fish trawlers and natural disasters, sharks are also a threat. Internet giant Google recently revealed how it was using Kevlar-style wrapping material on its cables to prevent against these types of attacks.

Australia has several fibre-optic submarine cables connecting it to the rest of the world, which means that if one goes down traffic can be re-routed.

Other countries are not so lucky: if a fibre cut occurs they can go dark.

In 2005, Pakistan was cut off completely and had to rely on a slow back-up satellite connection.

9. Let its hardware fail all by itself

Kyle internet failure image www.intelagencies.com

Much like in episode six, season 12 of South Park (“The Day the Internet Stood Still“), router malfunctions can sometimes cause outages.

But unlike in South Park, turning it off and on again doesn’t always work.

In 2012, Telstra was cut off from its international data network after one of its resellers, Dodo, was blamed for “a very minor hardware failure” resulting in very major routing issues that affected millions of customers’ internet connections for about 45 minutes. iiNet services were affected too.

Earlier this year Vodafone also suffered data and phone issues when a faulty repeater in WA on a primary fibre link and a back-up cable failed.

“From time to time equipment fails,” a spokesman for the cable said at the time.

large loan application banners image www.money-au (4)

Henry Sapiecha

Shellshock just one tool in hackers’ cyber arsenal

shellshock virus cartoon safe cracker image www.intelagencies.com

Silent thief: The Shellshock vulnerability went unnoticed for more than 20 years.

Online shoppers need to be extra vigilant against malicious links during the holiday shopping season, warns Adam Turner.

Unwitting Australians click on more than 15 million malicious internet links every month, lured by increasingly sophisticated attempts to infect their computers and steal valuable information.

Australians clicked on more than 45.5 million malicious links in the third quarter of 2014, up from 39 million in the three months before, according to security vendor Trend Micro’s third-quarter security roundup report. This ranks Australia fifth in the world for countries with the highest number of visits to malicious sites after the United States, Japan, France and Italy.

The growing threat from malicious links is partly attributed to September’s discovery of the Shellshock security flaw in many web servers. Among other things, the Shellshock flaw lets attackers hijack legitimate web pages and secretly download malicious software on to the computers of people who visit the site, known as a drive-by download.

The Shellshock vulnerability went unnoticed for more than 20 years, suggesting the likelihood of more long-undiscovered vulnerabilities lurking within with operating systems and applications.

Meanwhile, the threat from vulnerabilities in mobile devices and apps is also increasing, with ransomware targeting mobile devices along with desktop computers.

Ransomware encrypts the contents of a device and demands a ransom for precious files, such as photographs, to be returned. One of the latest ransomware threats involved fake emails, purporting to be from Australia Post, with an attachment that claims to contain details of parcel deliveries but in fact encrypts the computer’s hard drive and demands payment.

The latest report is a clear indication that Australian consumers still need to be educated about their online vulnerability, especially as cyber threats become more complex, says Trend Micro’s Australia and New Zealand consumer director, Tim Falinski.

“Consumers need to be extra vigilant heading into the holiday shopping season and new year sales, which is typically a time of year that sees an increase in cyber crime.”

project & construction finance banner image www.money-au.com (2)

Henry Sapiecha

CIA LEAK DISCLOSES WHO GETS SPECIAL ATTENTION WITH SECURITY ISSUES AT AIRPORTS

Unattended Bag Prompts Evacuation Of O'Hare Terminal

A new leaked CIA document from WikiLeaks reveals a few government secrets that could be useful for travelers this holiday season. In it, the CIA explains how to avoid a secondary screening at the airport if you’re traveling abroad.

The basic tips: Don’t bring too many new items in your luggage (sorry, Christmas gifts); don’t be nervous and visibly sweating; don’t change your itinerary within a day of your flight; don’t be weird about passport screening procedures; and make sure your luggage isn’t disproportionate to your purported reasons for your trip, which could mean how it’s packed or how fancy the stuff on the inside is.

The documents also contains security procedures from around the globe, shining a light on what other countries look for in a passenger profile. Turkish accents in Iraq get you an almost automatic screening. In Israel, lone male travelers with backpacks often get secondary screening, while lone travelers from China elicit concerns of illegal immigration from Chilean authorities.

In addition, Austria and Singapore have Russian agent watch lists at the ready, and Colombia is on the lookout for Iranian and Venezuelan spies. Portugal keeps an eye out for travels from Western Africa and any of its former colonies, fearing illegal immigration. Cambodia fears terrorists from around the Arab world, while Saudi Arabia is suspect of travellers from Iraq, Iran, Libya, Palestine, and Syria. And in the Seychelles, there’s plenty of fear of Nigerian drug trafficking.

Read the whole report here.

large loan application banners image www.money-au (9)

Henry Sapiecha

Tony Abbott warns terrorist attack ‘likely’ post Sydney siege

Prime Minister Tony Abbott says there has been a “heightened level of terror chatter” in the wake of the Martin Place siege but has resisted raising the terrorism threat level of extreme.

The National Security Committee met on Tuesday and was briefed on the development by intelligence officials, Mr Abbott said.

TONY ABBOTT LEAVING MEETING IMAGE www.intelagencies.com

Prime Minister Tony Abbott says the National Security Committee met on Tuesday. Photo: Andrew Meares

But it has also emerged that the deputy chairman of Parliament’s joint committee on intelligence and security, Anthony Byrne has been privately warning parliamentary colleagues on both sides for the past month of the need to raise the terror threat over Christmas.

“On the basis of recent events both here in Australia and overseas, and provided the information that the Prime Minister spoke about was sound and accurate there is a strong case to raise the terror threat to extreme as quickly as possible,” he said.

The alert from the Prime Minister comes as the NSW Opposition Leader John Robertson resigned hours after moves began to dump him over revelations he signed a letter of request for gunman Monis

In recent days Mr Byrne has also called for a judicial inquiry into events surrounding the Martin Place siege and in particular whether or not the intelligence or security agencies could have done anything more to prevent the siege from taking place.

Mr Abbott emerged from the security briefings in Sydney to front a snap media conference, in which he urged Australians to celebrate Christmas as normal but be on guard for any suspicious activity.

“The briefing from the security agencies today indicated that there has been a heightened level of terrorist chatter in the aftermath of the Martin Place siege,” Mr Abbott said.

“That’s why it’s important that people remain alert and aware.”

ASIO and the Australian Federal Police recommended the national terrorism threat level be raised from “medium” to “high” in September, meaning a terrorism attack was regarded as “likely”.

Cafe manager Tori Johnson and barrister Katrina Dawson were killed when Man Haron Monis took 18 people hostage in the Lindt Cafe on the morning of December 15 and held them for 17 hours.

Mr Abbott confirmed on Sunday that an anonymous caller phoned the National Security hotline the weekend before the siege, to warn them of Man Haron Monis’ extreme views.

Mr Abbott said the call was followed up but “didn’t reveal any imminent attack by this individual.”

He stressed the Commonwealth-State investigation, due to report by the end of January next year, would look into the matter, as part of its examination into whether the policing and security agencies dealt with the matter to the best of their ability.

Mr Abbott said he had attended a memorial service for Ms Dawson “a brilliant and beautiful woman from a wonderful and accomplished family who has been cruelly snatched away from us”.

“As we prepare to join family and friends to celebrate Christmas we do need to be conscious of the fact that the terror threat remains high. There are people who would do us harm and who can do us harm,” he said.

He urged members of the public to report any suspicious behaviour to authorities.

“I do want to reassure you though that our law enforcement agencies and our police forces and our security agencies will be working around the clock to keep you as safe as possible over the holiday season, as they do at all times.”

Mr Abbott said the national security committee of the cabinet met for the first time on Tuesday afternoon following the swearing in of his new ministers.

“It was important to me that they were fully briefed on the domestic and international security situation as quickly as possible,” he said.

The national security committee was briefed by the head of the Australian Security and Intelligence Organisation and the commissioner of the Australian Federal Police.

Asked if the Martin Place siege had provoked further security threats, Mr Abbott said he would not speculate.

“In the wake of the Martin Place brush with terrorism there has been a heightened level of chatter amongst people who we would normally think of as terrorist sympathisers,” he said.

Mr Abbott has previously raised concerns about gunman Man Haron Monis falling through the security net.

“One of the things we are doing is asking ourselves do we need to go back and have a look at people who have come to our attention previously and see what is best done to ensure that the community is as safe as it humanly can be. This is the assurance I constantly give to the Australian people.

“The first duty of government is the safety of the community.”

large loan application banners image www.money-au (5)

Henry Sapiecha

Privacy shall be thought of as a luxury in 2025 say the pundits

Experts believe the exchange of personal data for online conveniences will soon erode today's notions of privacy. guy with infrared binocs image www.intelagencies.com

Experts believe the exchange of personal data for online conveniences will soon erode today’s notions of privacy.

Today’s notions of privacy will be eroded significantly within the next decade as growing reams of personal data are willingly exchanged for the convenience of living our lives online.

That’s the prevailing view among the more than 2500 industry experts from around the world – including academics, legislators and staff at global companies such as Google, Microsoft and Yahoo – who were quizzed on the future of privacy and security.

Respondents to the study from the Pew Research Center in the US, in conjunction with North Carolina’s Elon University, said they believed living a public life online would be the new default by 2025.

They variously predicted current notions of privacy would soon become “quaint”, “archaic”, a “fetish” and “the new taboo” – something that future generations would fail to understand, let alone appreciate.

“Everyone will expect to be tracked and monitored, since the advantages, in terms of convenience, safety, and services, will be so great,” Google chief economist Hal Varian wrote in his response.

Optimistically, one policy co-ordinator believed internet organisations would reach an international consensus on how best to balance privacy and security with popular content and services.

However, many more foresaw a backlash against the evolving social norms.

One respondent, who wished to remain anonymous, predicted more people would engage in acts of civil disobedience by choosing to “opt out” of online services, rather than be tracked by companies.

Others believed new tools would be created to give citizens greater agency over what information they shared, and with whom.

Some saw encryption tools, which can be used to hide personal information and files, becoming more widely used.

However, researcher Kate Crawford said such service providers would be likely to seek commercial benefit, resulting in the creation of privacy as a “luxury good”, and a new social divide of “privacy rich” and “privacy poor”.

Companies the world over are investing more and more in “big data” and “data mining”, which allows them to trawl through customer data to better tailor and market their products and business.

Professor Michael Fraser, director of the Communications Law Centre at the University of Sydney, said that while individuals legally consented to companies storing their data when signing up to online services, it was not necessarily informed consent.

“Facebook, Google and others, their entire value comes from the exploitation of our personal, private information,” he said.

Professor Fraser also warned of the link between the private sector’s collection of customer data and government agencies’ ability to access such data, saying it was effectively government surveillance by proxy.

In 2013, Australian authorities made more requests to access user data from major technology companies such as Google, Facebook and Apple than any other country except the US, according to “transparency reports” published by the companies.

Legislative changes recently increased the powers of Australia’s top spy agencies, with a plan to force telcos to retain customer metadata for up to two years still in the pipeline.

Professor Fraser said privacy law reform was needed to protect citizens’ personal data as a property right.

Many respondents to the Pew survey were sceptical whether the push for such protections would succeed in the face of large corporate interests and lobby groups.

The study was part of a broader internet research project by the Pew Research Center to mark the 25th anniversary of the creation of the World Wide Web by Sir Tim Berners-Lee.

Source: Pew Research Center

Privacy in 2025: Experts’ Predictions

We canvassed thousands of experts to ask them to predict the future of privacy in America and found they were divided on whether or not a secure, trusted privacy-rights infrastructure would be in place by 2025. Highlights from their responses are featured below. Read the full quotes and responses from many more experts in the complete report.

commercial business loans info flyer www.money-au (19)

Henry Sapiecha

In the next 10 years, I would expect to see the development of more encryption technologies and boutique services for people prepared to pay a premium for greater control over their data. This is the creation of privacy as a luxury good. It also has the unfortunate effect of establishing a new divide: the privacy rich and the privacy poor. Whether genuine control over your information will be extended to the majority of people—and for free—seems

Amateur spies put North Korea on the map after sourcing info about the country

one of North Korean dictator Kim Jong Il's palatial mansions with expansive gardens.image www.intelagencies.com

Living large … one of North Korean dictator Kim Jong Il’s palatial mansions with expansive gardens.

A group of amateur spies has used Google Earth to provide a rare glimpse inside North Korea, one of the world’s most secretive countries.

By default the Google Earth map of North Korea is completely bare, with no roads or landmarks labelled.

Over two years, US doctoral student Curtis Melvin and other volunteers pored over news reports, images, accounts, books and maps painstakingly identifying and locating thousands of buildings, monuments, missile-storage facilities, mass graves, secret labour camps, palaces, restaurants, tourist sites, main roads and even the entrance to the country’s subterranean nuclear test base.

The result, North Korea Uncovered , is one of the most detailed maps of North Korea available to the public today. The small file, which can be installed on top of Google Earth, has been downloaded more than 47,000 times since an updated version was released last month.

“We have portrayed things about which they are most proud and ashamed,” Melvin said in an email interview.

Among the most notable findings is the site of mass graves created in the 1990s following a famine that the UN estimates killed about 2 million people.

“Graves cover entire mountains,” Melvin said.

Also visible is the stark contrast between the living conditions of North Korea’s elite and the general population.

The palaces housing dictator Kim Jong Il and his inner circle, clearly shown on the maps, contain Olympic-size swimming pools with giant waterslides and golf courses.

Conversely, much of North Korea’s population is reliant on foreign food aid, ironic given the authoritarian regime is built around the ideology of self-reliance.

Analysing the satellite maps allowed Melvin to plot the country’s transport and electricity network, revealing that many towns have no power supply at all.

Melvin and his team also believe they have discovered the Vinalon complex that has been connected with chemical warfare experiments.

The project highlights the collaborative power of the internet, which allows disparate groups of amateur sleuths to work together to uncover state secrets and shine new light on previously hidden countries.

North Korea is of particular interest to diplomats, analysts and the public of late because the communist regime has ramped up its nuclear tests, launched a series of short-range missiles and threatened possible attacks on South Korea.

Melvin said he notified two North Korean embassies of his project but received no response.

“This project is a terrific record of their ‘revolution’ so I would love to have more of their input for historical purposes,” he said

Melvin, who began the project as a way of mapping places in North Korea that he had visited, said he pored over books, maps, pictures and news reports to identify locations on the Google satellite map. But he received significant help from collaborators, some of whom have studied North Korea professionally.

For instance, The Wall Street Journal reported that Joshua Stanton, a Washington attorney who has served in the US military in South Korea, identified one of the country’s most notorious prisons, Camp 16, by combing the map for structures identified in sketches created by defectors.

A US senator then used Stanton’s information to criticise North Korea’s human rights record, saying “Google has made a witness of all of us … we can no longer deny these things exist”.

North Korea’s own publicity of the movements of Kim Jong Il have also been invaluable to Melvin. Media reports from the country allowed him to identify locations the dictator has visited, such as a hydroelectric dam and power station he toured in April.

project & construction finance banner image www.money-au.com (8)

Henry Sapiecha