Category Archives: PREVENTION

Facebook, Microsoft, Twitter, YouTube up the ante on curbing terrorist propaganda

The companies have furthered their commitment to curb online terrorist content, pumping funds into research and pledging to work with 50 smaller tech players to keep the content away from their platforms.

The Global Internet Forum to Counter Terrorism, comprised of Facebook, Microsoft, Twitter, and YouTube, has made a “multimillion-dollar” commitment it said will support research on terrorist abuse of the internet.

In a blog post on Wednesday, Google’s SVP and general counsel Kent Walker said the new commitment focuses on conducting and sharing research about how terrorists use the internet to influence their audiences so the forum can stay one step ahead.

In a bid to better tackle terrorist content on the companies’ respective platforms, Walker told the United Nations in New York on Wednesday that the forum, which formed earlier this year, has now set a goal of working with 50 smaller tech companies to help them curb online terrorist propaganda.

“On Monday, we hosted dozens of companies for a workshop with our partners under the UN Counter Terrorism Executive Directorate,” he said. “There will be a workshop in Brussels in December and another in Indonesia in the coming months. And we are also working to expand the hash-sharing database to smaller companies.”

The forum also hopes to determine how governments, tech companies, and civil society can fight back against online radicalisation. Walker revealed that the third and final pillar of the consortium’s plan is to work together to find “powerful messages and avenues to reach out to those at greatest risk of radicalisation”.

The group of companies announced they would be joining forces last year at the EU Internet Forum to curb terrorist content, specifically promising at the time to build a shared database of unique digital fingerprints — or hashes — for violent terrorist imagery, or terrorist recruitment videos and images, which have been removed from their services.

On Wednesday, Walker said the companies are putting their best talent and technology against the task of removing terrorist content and are “doing a better job of sharing breakthroughs with each other”, pointing to the forum’s hash-sharing database as being an early success.

“We have to deal with these problems at tremendous scale. The haystacks are unimaginably large and the needles are both very small and constantly changing,” he explained.

“In recent months we have more than doubled the number of videos we’ve removed for violent extremism and have located these videos twice as fast.”

Between August 2015 and June 2017, Twitter suspended more than 935,000 accounts for the promotion of terrorism. According to a company blog post, during the first half of 2017, over 95 percent of the accounts it removed were detected using its in-house technology.

Facebook, Walker said, is also leveraging artificial intelligence to root out “terrorist clusters” by mapping out pages, posts, and profiles with terrorist material before shutting them down.

“There is no magic computer program that will eliminate online terrorist content, but we are committed to working with everyone in this room [during his UN address] as we continue to ramp up our own efforts to stop terrorists’ abuse of our services,” Walker added.

Also addressing the UN in New York on Wednesday was Australia’s Foreign Minister Julie Bishop, who said Australia is keen to work with communications companies to crack encrypted messages used by terrorists, and congratulated Facebook, Microsoft, Twitter, Google, and YouTube for joining with governments to combat terrorists online.

While Australia supports an open, free, and secure internet, Bishop said encrypted messaging apps used by extremist groups are in the Australian government’s sights.

“Australia is very keen to work constructively with communications service providers to prevent terrorists from using encryption to hide online,” said Bishop, who was expected to hold a bilateral meeting with Microsoft co-founder Bill Gates following the UN proceedings.

“This is a significant challenge as encryption is vital for the protection of many legitimate activities including national security ecommerce and personal privacy.”

PREVIOUS AND RELATED CONTENT

Google: Here’s how we’re going to crack down on terrorist propaganda

Google responds to criticism that it and other platforms aren’t doing enough to prevent online indoctrination.

Facebook outlines its AI-driven efforts to fight terrorism

After facing criticism from EU leaders following the string of terrorist attacks in the UK, Facebook is stepping up its efforts to curb extremist content online.

The laws of Australia will trump the laws of mathematics: Turnbull

Despite calling the laws of mathematics “commendable”, the prime minister of Australia told ZDNet the only law that applies in Australia is the law of Australia when it comes to legislating decryption.

Henry Sapiecha

Protect your emails from being spied on by doing this

We live in a post-Edward Snowden world, in which US tech companies have been accused of complicity in mass surveillance by the US National Security Agency. One recent allegation is the claim that Yahoo scanned hundreds of millions of emails at the NSA’s request.

We don’t truly know how much or how often this is happening within the companies that host millions of people’s email accounts.

Yahoo secretly scans emails for US

Yahoo said to have secretly scanned all of its customer emails for US intelligence officials.

According to Reuters, Yahoo was ordered by the secret US Foreign Intelligence Surveillance Court (FISC) to scour emails for a specific string of characters. This is significant, as it required Yahoo to create a custom-built program for real-time surveillance of email traffic.

The power for this type of surveillance was expanded by the US Patriot Act, which allows for the use of secret National Security Letters to compel service providers to hand over customer data. The letters come with gag orders, prohibiting companies like Yahoo from even admitting that they have been ordered to monitor customers.

oooYAHOO SIGN OFFICE image www.intelagencies.com

Email scanning does not only occur at the behest of national security agencies. 

But email scanning does not only occur at the behest of national security agencies. The past decade has seen the rise of “surveillance capitalism” and “data brokers”, who collect your information for behavioural profiling and targeted advertising.

Google has admitted to scanning emails to deliver targeted advertising and customised search results. Facebook is currently facing legal action for scanning private messages to do the same. And earlier this year Yahoo itself settled a class action lawsuit for scanning non-Yahoo customer emails without consent.

Protecting your privacy

So with all this going on, is it possible protect your privacy? And if so, how?

One way is through encryption, which allows only the sender and the receiver to read the content of messages, as it converts information into a secret code that requires a key to decode it.

Public-key cryptography is one type of encryption, involving two paired keys – one public and one private. When an encrypted email is sent it is encoded or “locked” with the receiver’s public key. Only the receiver can “unlock” it with their private key.

End-to-end encryption involves encrypting information before it leaves your device, with it only being decrypted once it reaches the receiver’s device. In other words, it is encrypted “at the ends” where the keys are held. This means that security and privacy are not dependent on the channel of communication – in this case the email provider – because if the message is intercepted it cannot be deciphered. This prevents eavesdropping in transit.

There are now numerous services that promise free end-to-end encrypted communication, including ProtonMail, Tutanota, and the messaging app Signal. Look for those with open source code because it enables peer-review, guaranteeing there are no backdoors.

The push-back against encryption

With increased encryption comes more demands from authorities for companies to “unlock” information. The best example may be the Apple-FBI case, which saw the FBI attempt to compel Apple to unlock a suspect’s iPhone. In the end this wasn’t necessary. There has also been a simultaneous rise in companies like Cellebrite who offer digital forensic services to decrypt and extract data.

Therefore, the best services use principles of privacy by design, that limit how much information the service provider themselves can collect or access. ProtonMail and Signal, for example, cannot access their users’ information, no matter how hard they try. If issued with a subpoena all they could provide is the date and time a user registered and the last date of connection.

Partly as a result of this encryption war, some states are considering outlawing encryption entirely. Criminalising encryption has been discussed in the United States, Britain, Australia, and elsewhere.

Tech companies safeguarding secrecy

But not all hope is lost. There is a growing trend of tech companies fighting back and refusing to comply with surveillance orders.

In 2014 Lavabit chose to shut down rather than turn over the private encryption key to a customer’s account. This customer was later revealed to be Edward Snowden. Microsoft has refused to hand over emails stored on its servers in Ireland, arguing that this would constitute an impermissible extraterritorial search by the FBI. And of course, Apple refused to disable inbuilt security features to crack an encrypted iPhone.

This shows that service providers are aware of the importance of developing and maintaining consumer trust in matters of privacy. They are intimately, and commercially, invested in protecting it.

Transparency reports and warrant canaries

Another way companies have attempted to gain trust is through transparency reports that detail the orders they have received from authorities. These can be found on company websites and are often reported in the media. Many of these reports feature a workaround to the restrictions on letting customers know if surveillance has been ordered. Companies simply include a statement that they have not been subject to a secret order. If this statement ever goes missing, customers know an order has been issued. This is known as a “warrant canary”.

Several companies routinely issue transparency reports with warrant canaries. Apple and Reddit have set them off, implying that they have received secret orders to provide data.

The same workaround may not be available in Australia however. Recent data-retention laws introduced journalist information warrants that made it an offence to disclose information about the existence (or non-existence) of the warrant, effectively outlawing warrant canaries for journalists in Australia.

The future

Encryption and transparency reports are some of the last protections that consumers have against both governments and the big tech companies we rely on. As more of our lives transition online, we will need them to protect civil rights and individual privacy. We can’t afford for either to be weakened or outlawed.

There are a couple of challenges under way. NSL statutes and gag orders are currently being challenged by the Electronic Frontier Foundation and members of the US Congress as unconstitutional. Watch this space. The Conversation

Monique Mann is a lecturer at the Crime and Justice Research Centre at  Queensland University of Technology in Australia.

Meet_Russian_728_90

Henry Sapiecha

www.scamsfakes.com

 

IBM to set up cyber centre in Canberra

Led by a former federal police assistant commissioner, the new centre is intended to bring together business and government to tackle security issues.

IBM-Logo-in-blue image www.intelagencies.com

IBM has announced that it will create a National Cyber Security Centre (NCSC) in Canberra, to be headed by Kevin Zuccato, a former Australian Federal Police assistant commissioner and head of the Australian High Tech Crime Centre.

The company said the NCSC would allow access to IBM’s threat-sharing platform used by more than 2,000 businesses around the world, provide emergency response teams for security incidents, and would be partnering with its Australian Security Development Lab on the Gold Coast.

“With the establishment of the IBM National Cyber Security Centre in Canberra, we will provide a destination for government and organisations to proactively collaborate on strategy and policy,” said Kerry Purcell, IBM ANZ managing director. “The NCSC will drive a culture of innovation and openness, essential if we are to tackle this growing issue for every organisation.”

IBM did not specify the timing of the centre’s opening, nor the number of employees it would have.

The new centre will align with the federal government’s cyber strategy, IBM said, and will look to support both government and business in improving information security capabilities.

Announced in April, the AU$240 million Cyber Security Strategy had as its centrepiece the sharing of threat information between business and government, using the existing Australian Cyber Security Centre (ACSC) and new portals in capital cities.

As part of the package, the government said it would create two new roles: Minister assisting the prime minister on cyber security, and special adviser on cyber security within the Department of Prime Minister and Cabinet — the latter of which was filled by former e-safety commissioner Alastair MacGibbon.

In its Defence White Paper, launched in February, the Australian government said it would spend between AU$300 million and AU$400 million over the decade to the 2025-26 financial year on its Cyber Security Capability Improvement program

SPP

Henry Sapiecha

 

Cyber Security: It’s not if, but when!

Published on Dec 4, 2014

Learn from Bret Arsenault, Microsoft VP and CISO, as he presents a practitioner’s view on the Microsoft environment. He will share how the organization works together to protect the enterprise and our customers, and how we collaborate with and leverage partners like HP in this journey. Bret will address the issues, threats and risks we face in today’s rapidly evolving security and cybercrime landscape – and how he communicates with executives on these key topics.

ooo

Henry Sapiecha

FFIEC offers cyber attack resources

cyber attack army on keyboard image www.intelagencies.com

Agency emphasizes preparation

The Federal Financial Institutions Examination Council issued two statements about ways that financial institutions can identify and mitigate cyber attacks that compromise user credentials or use destructive software.

The statements do not contain any new regulatory expectations, but are intended to alert financial institutions to specific risk mitigation related to the threats associated with destructive malware.

In addition, the Exam Council provided information on what institutions can do to prepare for and respond to these threats.

Cyber attacks have increased in frequency and severity over the past two years. The attacks often involve the theft of credentials used by customers, employees, and third parties to authenticate themselves when accessing business applications and systems.

Cyber criminals can use stolen credentials to commit fraud or identity theft; modify and disrupt information system; and obtain, destroy, or corrupt data.

Also, cyber criminals often introduce malware to business systems through e-mail attachments, connecting infected external devices, such as USB drives, to computers or networks, or by introducing the malware directly onto the business systems using compromised credentials.

Cyber guidance from Exam Council

In accordance with FFIEC guidance, institutions should:

• Securely configure systems and services.

• Review, update, and test incident response and business continuity plans.

• Conduct ongoing information security risk assessments.

• Perform security monitoring, prevention, and risk mitigation.

• Protect against unauthorized access.

• Implement and test controls around critical systems regularly.

• Enhance information security awareness and training programs.

• Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.

ooo

Henry Sapiecha