Monthly Archives: May 2015

Skype summoned to Belgian court over failure to share call data

A page from the Skype website is seen in Lausanne May 10, 2011. REUTERS/Denis Balibouse

A page from the Skype website is seen in Lausanne May 10, 2011. REUTERS/Denis Balibouse

Online communication service Skype (MSFT.O) has been summoned to appear in court in Belgium after refusing to pass on customer data to aid a criminal investigation, a court spokesman said.

A court in Mechelen, just north of Brussels, had asked for data from messages and calls exchanged on Microsoft-owned Skype, arguing that telecom operators in the country were required to do so.

“The judicial question is whether Skype is also a telecoms operator,” the court spokesman said, adding that Skype would have to pass on the data if this was established to be the case. It could also face a fine.

Skype was not immediately available for comment.

ooo

Henry Sapiecha

China hackers make US uni unplug engineering computers-Is China a nation of thieves & cheats??

penn state seal-university image www.intelagencies.comchinese flag image www.druglinks.infohackers at work shadow image www.intelagencies.comchinese peoples faces image www.intelagencies.com

Washington: Penn State University, which develops sensitive technology for the US Navy, said on Friday that Chinese hackers have been sifting through the computers of its engineering school for more than two years.

One of the United States’ largest and most productive research universities, Penn State offers a potential treasure trove of technology that’s already being developed with partners for commercial applications. The breach suggests that foreign spies could be using universities as a backdoor to US commercial and defence secrets.

The hackers are so deeply embedded that the engineering college’s computer network will be taken offline for several days while investigators work to eject the intruders.

“This was an advanced attack against our College of Engineering by very sophisticated threat actors,” said Penn State President Eric Barron in a letter to professors and students. “This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible.”

The Federal Bureau of Investigation notified the university of the breach in November 2014, spawning a months-long investigation that eventually found two separate groups of hackers stealing data.

The first group has been linked by investigators to the Chinese government, according to a person familiar with the probe. The second group has not been identified, the university says, but investigators believe it is the work of state-sponsored hackers.

The investigation and remediation efforts have already cost Penn State millions of dollars, said Nicholas Jones, the university provost.

US engineering schools – Massachusetts Institute of Technology, the California Institute of Technology, Berkeley, Carnegie Mellon, and Johns Hopkins – have been among the top targets of Chinese hacking and other intelligence operations for many years. These forays have been for both commercial and defence purposes, and universities have struggled to secure their computers against these advanced attacks.

In addition to online activities, the Chinese have sent legions of graduate students to US schools and have tried to recruit students, faculty members and others at both universities and government research facilities, several recent law-enforcement investigations show.

“There is an active threat and it is against not just Penn State but against many different organisations across the world, including higher education institutions,” said Nick Bennett, a senior manager at Mandiant, a security division of FireEye Inc., which aided the university in the investigation.

Universities “need to start addressing these threats aggressively”, Mr Bennett said in an interview.

Among Penn State’s specialties is aerospace engineering, which has both commercial and defence applications important to China’s government. The university is also home to Penn State’s Applied Research Laboratory, one of 14 research centres around America that work mainly for the military.

That the hackers were in the network undetected for more than two years raises the possibility that they used connections between computers to move into more highly guarded networks, including defence contractors, government agencies or the Navy, according to the person familiar with the investigation.

Washington Post

ooo

Henry Sapiecha

Facebook ‘tramples European privacy law’ says Belgian watchdog

A 3D plastic representation of the Facebook logo is seen in front of displayed cables in this illustration in Zenica

Belgium’s privacy watchdog accused Facebook (FB.O) on Friday of trampling on European privacy laws by tracking people online without their consent and dodging questions from national regulators.

The Privacy Protection Commission (CPVP/CBPL), which is working with German, Dutch, French and Spanish counterparts, launched the blistering attack after trying to find out more about the U.S. social media giant’s practices.

It urged Internet users to install privacy software to shield themselves from Facebook’s tracking systems, whether they have an account with the social network or not.

The show of strength from the Belgian regulator, which does not have the power to levy fines, highlights a growing willingness across the 28-member bloc to demand that big U.S. tech companies abide by European laws.

“Facebook tramples on European and Belgian privacy laws”, the Commission said after publishing a report analyzing changes that the company made to its privacy policies in January.

It said in a statement that Facebook had refused to recognize Belgian and other EU national jurisdictions, insisting it was subject only to the law in Ireland, the site of its European headquarters.

“Facebook has shown itself particularly miserly in giving precise answers,” the watchdog said, adding that the results of the study by a group of researchers were “disconcerting”.

A Facebook spokeswoman questioned the Belgians’ authority but said it would review the study’s recommendations with the Irish data protection commissioner: “We work hard to make sure people have control over what they share and with whom.”

“Facebook is already regulated in Europe and complies with European data protection law, so the applicability of the CBPL’s efforts is unclear,” she said.

Some EU states accuse Ireland of being soft on the multinational firms it wants to attract, whether in data protection or corporate taxation.

SECOND REPORT

The commission said it would publish a second report on Facebook this year. Sanctions available to privacy watchdogs can be negligible to big firms, but a new EU data protection law expected to be ready this year would allow for fines up to 5 percent of annual sales.

The commission said Facebook would not explain in detail how it uses data it collects. It highlighted problems with plug-ins such as Facebook’s “Like” button, which it said affected many who do not have a Facebook account.

A number of firms are under fire in Europe over the data they collect. Facebook places tracking “cookies” when anyone visits a Facebook page, meaning it can track the online activities of a huge number of non-customers, but has said this is a bug that it is working to fix.

The Commission asked Facebook to stop gathering user data via cookies and plug-ins, except where users asked for it.

European regulators have previously forced Google (GOOGL.O) to change its privacy policies.

And a year ago, EU judges upheld a Spanish order that Google must remove links to outdated information from searches for people’s names — establishing a “right to be forgotten”.

EU anti-trust regulators launched a case against Google last month and are probing Apple (AAPL.O) and Amazon (AMZN.O) over low-tax deals with Ireland and Luxembourg. The European Commission is studying whether to pursue German and French proposals for an EU-wide regulator for Internet platforms.

Some European politicians, also angered by revelations of U.S. espionage in Europe, say U.S. firms abuse their power, discouraging local start-ups and jeopardizing privacy laws cherished by Europeans with memories of authoritarian rule.

U.S. President Barack Obama, who is trying to negotiate a landmark transatlantic free trade deal with the EU, TTIP, says Europe is throwing up protectionist barriers to tech companies.

ooo

Henry Sapiecha

 

Judges now required to give written reasons for issuing warrants for covert surveillance

NSW Chief Justice Tom Bathurst, centre, has introduced a procedure requiring judges to write brief reasons for granting a warrant for covert surveillance. image www.intelagencies.com

NSW Chief Justice Tom Bathurst, centre, has introduced a procedure requiring judges to write brief reasons for granting a warrant for covert surveillance.

NSW Supreme Court judges are now required to give written reasons for issuing warrants authorising covert surveillance such as listening devices.

The recent parliamentary inquiry into the police bugging scandal revealed the extent of covert telephone intercepts of police and journalists allegedly without good reason between 1999 and 2001.

It emerged there was insufficient or no evidence of wrongdoing by many of the more than 100 police and civilians whose names appeared on warrants issued by the Supreme Court.

NSW Police Deputy Commissioner Nick Kaldas image www.intelagencies.com

NSW Police Deputy Commissioner Nick Kaldas was at the centre of a NSW police bugging scandal. He accused the former police internal affairs unit of engaging in “massive wrongdoing and habitual illegal acts”. Photo: Daniel Munoz

On Tuesday the Chief Justice of NSW Tom Bathurst said he had introduced a procedure whereby judges are required to write brief reasons for granting a warrant to any state or federal agency for covert surveillance.

The written reasons will be placed in a sealed envelope alongside the documents submitted in support of the warrants.

Chief Justice Bathurst said the court is receiving an average five requests a day for warrants, usually from NSW Police, the NSW Crime Commission and occasionally the Australian Federal Police.
NSW Chief Justice Tom Bathurst.NSW Supreme Court image www.intelagencies.com

NSW Chief Justice Tom Bathurst. Photo: NSW Supreme Court

Describing the revelations from the inquiry into Operation Mascot as “historical problems”, he said the decision to implement a formal written record of a judge’s reasons was “a sensible thing to do”

“It just focuses the attention, I think, of the judge without making what is already an onerous burden too onerous,” he said.

However, so long as the power to issue warrants remained with the judiciary “we rely on the judge to act responsibly in doing so”, he said, noting the suggestion of setting up an administrative body to handle the task has been raised.

Chief Justice Bathurst said aside from the inquiry, there has been “very little direct complaint” about the issuing of warrants. “There’s an awful lot of trials in which intercepted material is used and very little complaint that it has been illegally or improperly obtained,” he said.

The NSW police bugging scandal emerged from Operation Mascot, which used a corrupt former policeman, code named M5, to target allegedly corrupt police with a listening device between 1999-2001.

NSW Deputy Police Commissioner Nick Kaldas was named in 35 affidavits in support of 80 bugging warrants issued, which included surveillance of members of his family. Journalist Steve Barrett was named on 52 warrants.

Mr Kaldas accused the former police internal affairs unit of engaging in “massive wrongdoing and habitual illegal acts”.

During the inquiry, a former solicitor for the Crime Commission, John Giorgiutti, highlighted the sheer volume of warrants being issued to law enforcement agencies for surveillance operations, querying whether the courts are subjecting them to sufficient scrutiny.

Greens upper house MP and former barrister David Shoebridge, said: “There is this largely pretend oversight by the Supreme Court of applications for warrants and covert surveillance … our court system cannot handle inundating waves of ex parte applications by crime agencies other than by simply rubber-stamping them.”

ooo

Henry Sapiecha

 

Cyber security firm says ‘hire us or else’ to clients….

keyboard hands image www.intelagencies.com

A cyber security firm allegedly used its relationship with a regulator to tell prospective clients they needed to hire them “or face the music”. Photo: Damian Dovarganes

A former employee of a cyber security firm says he lied about a data breach that ultimately cost a company its life.

Companies that experience a data breach can face hefty costs, from loss of reputation to regulatory action, higher insurance bills and civil lawsuits. The other hidden cost comes from security firms promising to mop up the mess.

Richard Wallace, a former investigator at security firm Tiversa​, told a federal court in the United States last week the company “doctored up” data breach information and used its relationship with a regulator to tell prospective customers “they need to hire us or face the music”.

Wallace testified in a case brought by the Federal Trade Commission against LabMD, a now defunct cancer-testing centre, which is facing charges that lax security led to the exposure of 10,000 records on a file-sharing network.

Tiversa’s technology scours file-sharing networks for evidence of leaked private information. It supplies that to customers in financial services, health and other sectors.

However, Wallace said Tiversa also gave “lists” to the FTC that were “scrubbed” of paying clients, which the regulator could then use to pursue enforcement action.

He also claimed the firm manipulated breach information to “make it look like data had spread to multiple places”.

Fairfax has seen a transcript of Wallace’s testimony, which calls into question an industry that promises to shield companies from security threats but also outlines incentives to deceive them.

“I have never before heard of such an unethical company that would actually shakedown another using cyber threats,” Ty Miller, chief executive officer of Australian security firm Threat Intelligence, told Fairfax.

“The only technique that appears to be generally accepted is when a security breach has already occurred and the victims of the attack are approached to inform them.”

But offering services under those circumstances is “questionable”, said Miller. “It still raises suspicion as to whether the security company performed the initial breach.”

LabMD’s chief executive officer Michael Daugherty​ told CNNMoney that the FTC’s lawsuit killed the business.

Daugherty hasn’t responded to questions by Fairfax, but he recently testified that the FTC used “extortionate” tactics to force a settlement that would have placed LabMD in a “hall of shame” that would doom the business.

Tiversa’s chief executive officer, Robert Boback, has a different take, telling Fairfax that Wallace embellished claims that it exaggerated breach information. He said Tiversa was compelled by the FTC to provide the lists and that its reports had nothing to do with LabMD’s demise.

“LabMD lost its business because of LabMD, and no one else. Every other company in the list that we were required to provide to the FTC is still in operation with no problems. That’s 83 of 84 companies.”

“Also, contrary to Wallace’s testimony, several companies on the list were in fact our customers. That demonstrable fact completely destroys LabMD’s and Wallace’s suggestion that we put companies on the list for not paying,” said Boback.

ooo

Henry Sapiecha

MORE LEAKS TO COME SOON SAYS JULIAN ASSANGE OF WIKILEAKS FAME

WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London on August 18, 2014 image www.intelagencies.com

WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London on August 18, 2014. Photo: JOHN STILLWELL

WikiLeaks is planning new releases of secret documents on controversial negotiations and intelligence agency operations, according to the anti-secrecy organisation’s Australian founder, Julian Assange.

In an interview with Fairfax Media, Mr Assange  said that while he does not expect to leave Ecuador’s London embassy any time soon, WikiLeaks very much remains in the business of publishing the secrets of diplomats and spies.

“There’ll be more publications – about large international so-called free trade deals, and about an intelligence agency,” Mr Assange said.

Over the past two years WikiLeaks has published leaked documents relating to the secret Trans Pacific Partnership trade negotiations as well as talks on the proposed multilateral agreement on Trade in Services.

In December 2014, WikiLeaks also published a leaked US Central Intelligence Agency analysis of the effectiveness of drone strikes and another CIA paper on the implications of enhanced airport security arrangements for clandestine intelligence operatives.

At that time WikiLeaks said the CIA documents were the beginning of a series of releases relating to the US espionage agency.

Julian Assange inside the Ecuadorian Embassy in 2014 image www.intelagencies.com

In a wide ranging interview Mr Assange discussed the recent establishment of a secure internet chat system to enable anonymous sources to contact WikiLeaks and the prospective reintroduction of a secure electronic drop box to facilitate the deposit of leaked documents

Mr Assange acknowledged that re-establishing a drop box had proved a challenge since the WikiLeaks submission system had been disabled when a disgruntled member left the group in late 2010.

“Given the realities of mass surveillance, and the intense focus on WikiLeaks, we knew we needed a much stronger approach,” he said.

“There have been a number of efforts to do this, by others and ourselves, but until now every one has failed the test.  Our new system has some innovation that will be visible, and a lot that is not.”

Mr Assange said that a key challenge arose from the fact that any website open to receive anonymous leaks was an “exposed front door that becomes a permanent target” for intelligence and law enforcement agencies.

One part of the solution is to embed the instructions and code for the submission system on every webpage so that potential sources would be concealed amidst the estimated 500,000 unique readers who visit the WikiLeaks website each month.

“That gives a source some cover,” Mr Assange said, “but it’s important to understand that the protection of sources requires much more than a single technological fix.”

“A combination of elements is needed – cryptologic, jurisdictional and personal security.”

Mr Assange acknowledged his physical location in Ecuador’s London embassy was “a complicating factor, but not insurmountable” in WikiLeaks operations, and pointed to the assistance given by WikiLeaks staffer Sarah Harrison to former US intelligence contractor and whistleblower Edward Snowden as a demonstration of high levels of operational security.

Mr Assange said that he was hopeful that Sweden’s highest court would strike down the still current arrest warrant for him to be questioned about sexual assault allegations that were first raised in August 2010.

He has lived at Ecuador’s London embassy since June 2012 when the South American country granted him political asylum on the grounds that he is at risk of extradition to the United States to face espionage and conspiracy charges arising from the leaking of thousands of secret documents by US Army private Chelsea Manning.

In March, a US court confirmed that WikiLeaks and Mr Assange are still being targeted in a long-running investigation by the US Department of Justice and Federal Bureau of Investigation. British police are on guard outside the Ecuadorian embassy, waiting to arrest Mr Assange so he can be extradited to Sweden for questioning about the sexual assault allegations. Mr Assange denies the allegations and his lawyers have advised that he is at risk of extradition to the US from both Sweden or the United Kingdom.

Sweden’s Supreme Court confirmed this week it will hear an appeal by Mr Assange seeking to quash the arrest warrant on the grounds that prosecutors had failed to progress the case and that he has been denied access to key facts relevant to the decision to arrest him.

However, the British Foreign and Commonwealth Office (FCO) has confirmed even if the Swedish warrant disappeared British police would still seek to arrest Mr Assange for breaking his bail conditions when he sought refuge in the Ecuadorian embassy.

“When my legal team asked the FCO whether they were aware of any US extradition proceedings, they refused to confirm or deny,” Mr Assange said.

“There’s also the question of US and UK investigations relating to Sarah Harrison as myself as a consequence of our assistance to Snowden,” he added.

Mr Assange said he hadn’t had any contact from Australian consular officials for more than a year. His Australian passport, currently held by British authorities, has expired. He has been advised that he must physically present himself at the Australian High Commission in London if he wishes to obtain a new passport.

“The Australian Government and DFAT [Department of Foreign Affairs and Trade] like to make a big song and dance about helping Australians overseas, but the reality is they do as little as possible, especially when they don’t like someone’s politics.

“I’m probably not moving for a while yet,” he said.

ooo

Henry Sapiecha