Tag Archives: usa & germany spy scandal

State-sponsored attack? Facebook will now tell you ‘You’ve been hacked’

Just don’t expect Facebook to reveal how it knows when government hackers are coming after you.

facebook logo sign image www.socialselect.net

Facebook has started to notify users when it suspects they’ve been targeted by government-sponsored hackers, rather by than run-of-the-mill cybercriminals.

“Starting today, we will notify you if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state,” Facebook’s chief security officer Alex Stamos said in a Notes post on the weekend.

12107890101536110102468863935073197580215636n.png
A state-sponsored hacker alert. Image: Facebook

The notification users will see when Facebook detects that they are probably being targeted by a state-sponsored hacker advises them to turn on its two-factor authentication feature, Login Approvals, which requires the user give Facebook their phone number.

Facebook sends users a login code to the person’s phone the next time it detects an account has been accessed from a new device or browser.

“We decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored. We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts,” Stamos said.

Facebook won’t be revealing how it tells when a state-sponsored hacker is targeting a particular user, although there are numerous pieces of known malware that are suspected to have been created by government-backed hackers, such as the Stuxnet, thought to have been built by the US, Duqu, DarkSeoul, supposedly from North Korea, China’s ShadyRAT and Russia’s The Dukes malware.

“To protect the integrity of our methods and processes, we often won’t be able to explain how we attribute certain attacks to suspected attackers. That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion,” Stamos said.

The new hacker alert notifications join Facebook’s other security efforts, such as its security check-up tool, and teaming up with several antivirus vendors to offer online malware scanning and clean-up tools.

Facebook earlier this year said it helped clean up two million infected PCs after using a “combination of signals” to find the infections. While helpful at cleaning up malware, some users have objected to being locked out of their accounts until they download anti-malware from Facebook’s partners.

ooo

Henry Sapiecha

 

Justice Dept. Pressing for Changes to Computer Crime Law

In this June 17. 2009, file photo, former Hollywood private eye Anthony Pellicano is shown in court in Los Angeles. It’s clearly illegal to hack into someone else’s computer network and steal information from it. But what about a police officer who uses his own department’s computer database to look up women from his past? Or employees who use their log-in credentials to download confidential information from their employer? The issue surfaced in August 2105 when the California-based 9th U.S. Circuit Court of Appeals threw out computer access charges against Anthony Pellicano, a Hollywood private eye who wiretapped phones for celebrity clients to dig up dirt on rivals, and several of his alleged conspirators. The court upheld most of the convictions in the case but found that the jury had been given improper instructions on the law. (AP Photo/Nick Ut)

FILE - Int his June 17. 2009, file photo, former Hollywood private eye Anthony Pellicano is shown in court in Los Angeles. It’s clearly illegal to hack into someone else’s computer network and steal information from it. But what about a police officer who uses his own department’s computer database to look up women from his past? Or employees who use their log-in credentials to download confidential information from their employer? The issue surfaced in August 2105 when the California-based 9th U.S. Circuit Court of Appeals threw out computer access charges against Anthony Pellicano, a Hollywood private eye who wiretapped phones for celebrity clients to dig up dirt on rivals, and several of his alleged conspirators. The court upheld most of the convictions in the case but found that the jury had been given improper instructions on the law. (AP Photo/Nick Ut, File)

It’s clearly illegal to hack into someone else’s computer network and steal information from it. But what about a police officer who uses his own department’s computer database to look up women from his past? Or an employee who uses his log-in credentials to download confidential information from his employer?

These are questions that for years have vexed the courts, which have struggled to define the difference between permissible and illegal computer use.

Stung by recent court decisions that have gone against them, Justice Department lawyers are making a fresh push to clarify a computer trespass law that critics malign as overly broad. The 1986 law was intended to punish hackers, but the government has had difficulty applying it to company employees and other insiders who have permission to access a computer – but abuse that right by using the machine in ways they don’t have authorization for.

While the concerns aren’t new, they attracted attention this year after President Barack Obama suggested changes to the Computer Fraud and Abuse Act as part of broader cybersecurity legislation. The Justice Department also has appealed to Congress, which is expected to take up other cybersecurity measures in the coming weeks.

“These are really hard issues of what should the law cover and what should it not cover,” said George Washington University law professor Orin Kerr. “It’s totally understandable that we’re having this discussion and not sure what the answer should be, because this is a new kind of technological problem.”

Critics, including judges, have long expressed concern that people could be prosecuted under the anti-fraud law for computer use that while technically unauthorized is nonetheless benign. An appeals court recently raised the prospect that checking sports scores at work could theoretically lead to prosecution, though the Justice Department says it’s never had any interest in going after that kind of behavior.

Justice Department lawyers have sought to allay those fears by proposing to narrow the standards for prosecution. They’ve proposed limiting the law’s use to circumstances including misuse of a government database, the theft of $5,000 or more, or when the computer access was part of another felony such as blackmailing a co-worker.

“What we need is a law that makes clear that if you exceed authorized access for nefarious purposes … that that’s a violation of the law,” said Assistant Attorney General Leslie Caldwell.

Sens. Lindsey Graham, R-S.C., and Sheldon Whitehouse, D-R.I., have drafted legislation similar to the Justice Department proposal that aides say could be introduced soon. In the meantime Whitehouse has attached an amendment that would punish by up to 20 years damage to a “critical infrastructure computer,” such as one that controls the electric power grid, to a broader cyber bill expected to be considered soon by the Senate.

Yet even some critics of the existing law say they believe the government already has enough tools to punish computer crime, without making changes.

“All of this is a solution in search of a problem,” said Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, a privacy group.

Though the Justice Department has successfully used the existing statute many times, its proposal comes amid recent decisions in appeals courts – including in a lawsuit involving trade secrets – that have interpreted the law in ways prosecutors didn’t like.

The issue surfaced last month when the California-based 9th U.S. Circuit Court of Appeals threw out computer access charges against Anthony Pellicano, a Hollywood private eye who wiretapped phones for celebrity clients to dig up dirt on rivals, and several alleged conspirators. The court upheld most of the convictions but found that the jury was given improper instructions on the law.

The same court in 2012 rejected computer access charges against a former employee of an executive search firm who had been accused of encouraging some of his ex-colleagues to help him start a competing business by using their log-in credentials to download trade secrets. The court said the government’s view created a slippery slope.

“Basing criminal liability on violations of private computer-use (policies) can transform whole categories of otherwise innocuous behavior into federal crimes simply because a computer is involved,” wrote Judge Alex Kozinski. “Employees who call family members from their work phones will become criminals if they send an email instead. Employees can sneak in the sports section of The New York Times to read at work, but they’d better not visit ESPN.com.”

A federal appeals court in New York is weighing the issue in the case of Gilberto Valle, a former New York City police detective dubbed the “cannibal cop” for his online exchanges about kidnapping and eating women. Though a judge dismissed most of the case, Valle is appealing his conviction for using an NYPD database to look up women he targeted. His supporters say that action could not have been a crime because, as an officer, he was entitled to access the database.

It’s not clear what action Congress will take, but it’s also not clear that it needs to do anything, said Kerr, the law professor.

“It’s a hard set of problems for Congress to try to figure out, because you have courts disagreeing on what the rules should be,” Kerr said. “And one option is to just wait for the Supreme Court to say what the rules actually are.”

Source: Associated Press

ooo

Henry Sapiecha

Germany summons US envoy over spy case

 

BERLIN (AP) — German-U.S. relations are facing a new test over a German intelligence employee who reportedly spied for the U.S., with Germany’s president saying if the allegations are true, that kind of spying on allies must stop.

Hillary Rodham Clinton

Former U.S. Secretary of State Hillary Rodham Clinton gestures during a book launch in Berlin, Germany, Sunday, July 6, 2014. The former Secretary of State is on a tour promoting her new book, “Hard Choices.” The German titel of the book is “Entscheidungen”. (AP Photo/Gero Breloer)

Prosecutors say a 31-year-old German was arrested last week on suspicion of spying for foreign intelligence services, and that he allegedly handed over 218 documents between 2012 and 2014. German media, without naming sources, have reported he was an employee of Germany’s foreign intelligence service who says he sold his services to the U.S

Germany’s Foreign Ministry summoned the U.S. ambassador Friday to help clarify the case. The country’s top security official stepped up the pressure Sunday.

“I expect everyone now to assist quickly in clearing up the accusations – and quick and clear statements, from the USA too,” Interior Minister Thomas de Maiziere was quoted as saying in Bild newspaper.

The issue threatens to strain German-U.S. relations again after earlier reports that the National Security Agency spied on Germans, including on Chancellor Angela Merkel’s cellphone.

If it turns out the U.S. “gave this kind of assignment to one of our intelligence employees, then it really has to be said: That’s enough now,” President Joachim Gauck said on ZDF television.

The head of a parliamentary committee investigating the activities of U.S. and allied spies, Patrick Sensburg, said he has no information that documents from the panel were spied on, but government documents destined for the committee may have been.

The U.S. Central Intelligence Agency and the National Security Council have declined to comment.

Former Secretary of State Hillary Rodham Clinton said at a book presentation in Berlin it’s “a serious issue.”

“Let’s find out what the facts are and then let’s act appropriately, but also try to be careful not to undermine the necessary cooperation which exists between us,” she said.

Henry Sapiecha