Category Archives: Business risks

TimBerners-Lee

Shhh… Tim Berners-Lee on the Web & Privacy

Tim Berners-Lee, the inventor of the web 25 years ago and director of the World Wide Web Consortium, spoke at the Web We Want Festival last Saturday whereby he, according to The Guardian, also called on Saturday for a bill of rights that would guarantee the independence of the internet and ensure users’ privacy.

“If a company can control your access to the internet, if they can control which websites they go to, then they have tremendous control over your life,” the British computer scientist said. “If a government can block you going to, for example, the opposition’s political pages, then they can give you a blinkered view of reality to keep themselves in power.

“Suddenly the power to abuse the open internet has become so tempting both for government and big companies.”

Below is Tim Berners-Lee at a TED Talk earlier this year.

CarmenSegarra

Shhh… The Secret Tapes of Goldman Sachs by Carmen Segarra

In what could be equivalent to a nuclear bomb on Wall Street, former New York Federal Reserve Examiner Carmen Segarra has released some 46 hours worth of voice recordings, secretly taped with a small recorder on her keychain in 2012, that purportedly show bank regulators going soft and cozy with banking giant Goldman Sachs at a time when the New York Fed was expected to become a stronger regulator after the financial crisis of 2008.

To demonstrate a case in point from the recordings: “We’re looking at a transaction that’s legal but shady,” according to a New York Fed staffer in reference to a proposed Goldman Sachs financial transaction.

The secret recordings – released to both a reporter for ProPublica and radio program This American Life – show an unwillingness among some Fed supervisors to both demand specific information from Goldman about a transaction with Banco Santander and to strongly criticize what Segarra concluded was the lack of an appropriate conflict-of-interest policy at Goldman.

Segarra, who later suited the New York Fed for wrongful termination after her refusal to alter a critical examination of Goldman’s legal and compliance units, said her colleagues were too soft on those kinds of transactions and the banking industry in general.

Phone-encrypt

Shhh… Apple & Google Phones Too Secure?

This may as well be the best ever advertisement any company would die for…

FBI director James Comey criticized on Thursday that the encryption in the latest operating systems of Apple and Google phones were so secure that law enforcement officials would have no access to information stored on those devices even with valid warrants and asked why companies would “market something expressly to allow people to place themselves beyond the law”.

“There will come a day when it will matter a great deal to the lives of people … that we will be able to gain access,” Mr Comey reportedly told the media.

“I want to have that conversation [with companies responsible] before that day comes.”

Law enforcement agencies place premiums on their forensic abilities to search sensitive data like photos, messages and web histories on smartphones – and also on old plain vanilla cellular phones to some extent – to solve some serious crimes: mobile phones increasingly perform and even replace what we used to do with our computers but thanks to the convergence of technologies, law enforcement and investigators are now able to use mobile phone forensic, much like computer forensic techniques, to retrieve data, including deleted data, from the phones as they did on computers.

The comments from Comey came hot on the heels of news last week that Apple’s latest mobile operating system, iOS 8, is so well encrypted that even Apple Inc. cannot unlock their mobile devices. Google meanwhile is also adopting its latest encryption format for its new (to be released) Android operating system that the company would be unable to unlock.

Question: Has Comey approached the NSA for help?

Snowden-RightLivlihhood

Shhh… Snowden Won Right Livelihood Award

The former NSA contractor Edward Snowden has received Wednesday the Right Livelihood Honorary Award – also known as the “Alternative Nobel Prize” – from the Stockholm-based Right Livelihood Award Foundation for his work on press freedom and “for his courage and skill in revealing the unprecedented extent of state surveillance violating basic democratic processes and constitutional rights.”

Alan Rusbridger, editor-in-chief of the British newspaper The Guardian with whom Snowden collaborated to publish what became known today as the Snowden revelations, also won the award for “responsible journalism in the public interest.

Both Snowden and Rusbridger are honorary winners, meaning they will not receive the award’s customary 500,000 kronor (54,500 euros) but the foundation said it would fund legal support for Snowden, who has been nominated for the Nobel Peace Prize to be announced later this year.

The Swiss attorney general has reportedly said earlier this month that Snowden could receive Swiss asylum if he opts to travel to Switzerland to testify against the National Security Agency.

The Right Livelihood Award was created in 1980 by German-Swedish philanthropist Jakob von Uexkull to “honour and support those offering practical and exemplary answers to the most urgent challenges facing us today”.

Three other prize winners, named to receive the monetary award, are Pakistani human rights lawyer Asma Jahanger, Sri Lankan rights activist Basil Fernando and US environmentalist Bill McKibbben.

NSAmug

Shhh… The NSA Not Comfortable Being Watched?

How do NSA staffer feel about being filmed, even it’s just only in the public? Strangely, irate and very uncomfortable as 2 students found out Wednesday at the University of New Mexico’s Engineering and Science Career Fair where the NSA has set up a booth to recruit computer geeks (yes, hackers).

Source: The Intercept

Key-NZpm

Shhh… PM John Key Denied Mass Surveillance & NSA Sites in New Zealand

New Zealand Prime Minister John Key appeared before the press in Dunedin Tuesday and said he would not rule out the possibility that the American intelligence agency NSA is conducting mass surveillance on New Zealanders but rejected claims that Kiwi spies have access to such information.

Key also shot down claims made by both Edward Snowden and Glenn Greenwald Monday that the NSA had sites operating in the country but he declined to answer questions about the data collection programme X-Keyscore, citing national security concerns.

Wikileaks

Shhh… WikiLeaks Released Weaponized German Surveillance Malware (For Download) Used by Intelligence Agencies Around the World

Intelligence agencies around the world have been spying on journalists, activists and political dissidents using a surveillance malware produced by FinFisher, a German company specializing in computer intrusion systems, the exploitation of software and remote monitoring systems capable of intercepting communications and data from various devices, according to WikiLeaks which revealed Monday the latest published batch of secret documents.

The whistleblower website also released a list of FinFisher customers, which includes “Slovakia, Mongolia, Qatar State Security, South Africa, Bahrain, Pakistan, Estonia, Vietnam, Australia NSW Police, Belgium, Nigeria, Netherlands KLPD, PCS Security in Singapore, Bangladesh, Secret Services of Hungary, Italy and Bosnia & Herzegovina Intelligence”.

The FinFisher’s spyware is able to intercept communications and data from computers installed with the Mac OS X, Windows and Linux operating systems, as well as Android, iOS, BlackBerry, Symbian and Windows Mobile portable devices.

“FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers,” said WikiLeaks founder Julian Assange.

But what makes the latest WikiLeaks release really stands out this time is that it did not simply release documents but posted the actual software for anyone to download- YES, the actual zip files containing the malware on its site but with this warning:

In order to prevent any accidental execution and infection, the following files have been renamed and compressed in password protected archives (the password is “infected”). They are weaponised malware, so handle carefully.”

Comcast-OnTOR

Shhh… Comcast Set Record Straight on TOR

Amidst widespread reports early this week that Comcast Corporation has been discouraging customers from using the Tor Browser, the anonymous browser favored by people like Snowden and hackers alike, Comcast – the largest broadcasting and cable company in the world by revenue – has clarified that the reports were not true and the company has not asked customers to stop using Tor or any other browser.

“We have no policy against Tor, or any other browser or software. Customers are free to use their Xfinity Internet service to visit any website, use any app, and so forth.”

See Comcast’s clarification here.

NSA-NoGlennPic

Cloud Hacks More Than Just Nude Pics

Ever Thought of More Catastrophic Consequences?

The sensational invasion last week by hackers into dozens of pictures of nude Hollywood celebrities was a wardrobe malfunction on major scale, but it is time to take a more serious look beyond the alluring pictures. The world is heading for more catastrophic consequences in the cloud.

The leaks of the celebrities’ photos went viral online after hackers used new “brute force” attacks to break into the victims’ online accounts, casting the spotlight on the security of cloud computing.

But the disturbing and often overlooked question is, why are so many companies still blindly and trustingly moving ever more data into the cloud, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances and worst of all, our personal details, is left seemingly and increasingly more vulnerable?

Please refer to my entire column here.

syrian-internet-hack-nsa

Shhh… NSA’s Secret Technology – No-Hold-Bar Computer Penetration

The recently released book No Place to Hide by Glenn Greenwald is a page-turning thriller and I find this portion (below) really stands out:

pg118-GlennGreenwaldBook

One can’t help but wonder if this “secret technology” is beyond what’s already been known, ie. the NSA’s ability to penetrate into “air gapped” computers.

Air gapped (or air-gapped) computers are also known as “clean machines” because they are not and would never be connected to the internet – and they have to be brand new and not used computers, preferably paid by cash.

No doubt a computer that cannot be connected to the internet is pretty limited in what it can do but it is deemed absolutely safe.

These machines are usually used by the military and intelligence agencies dealing with highly sensitive or classified information.

However, it has been reported that the NSA has managed to use radio waves to break into computers disconnected to the internet.

Edward Snowden, and Wikileaks’ Julian Assange, are known to carry 3 to 4 laptops with them and it is no surprise one of these has been air gapped.

Snowden has even advised Greenwald on how to set up such a machine before the latter left New York to meet him in Hong Kong in the days building up to the Snowden revelations last year, as Greenwald wrote in his book.

But setting up and maintaining such a machine is more complex than one would initially think. Here’s a guide on the 10 rules to follow if you are still keen to have a clean machine.

2Reagan-Sign

Shhh… Mass Spying First Triggered By Executive Order 12333 Signed By Reagan

It was often widely believed the massive NSA snooping as revealed by the Snowden revelations was triggered by the aftermath of 9/11 during the Bush era but it now emerged that it’s the Executive Order 12333 issued and signed by then US President Ronald Reagan in 1981 that paved the leeway to intelligence agencies sweeping up vast quantities of Americans’ data.

This “twelve triple three”, as it’s known within the government circles, offers the underlying framework for the vast collection of metadata – including email contents, social network chats and messaging details to anything that surfs past the Internet on an incidental basis – even when Americans are not specifically targeted as it would be otherwise forbidden under the Foreign Intelligence Surveillance Act (FISA) of 1978

In a May 2014 interview with NBC, former NSA contractor Edward Snowden said that he specifically asked his colleagues at the NSA whether an executive order could override existing statutes. (They said it could not.) Snowden’s lawyer, Jesselyn Radack, said her client was specifically “referring to EO 12333”, according to a report by Ars Technica.

“President Ronald Reagan signed EO 12333 within his first year in office, 1981, largely as a response to the perceived weakening of the American intelligence apparatus by his two immediate predecessors, Presidents Gerald Ford and Jimmy Carter. Later, EO 12333 was amended three times by President George W. Bush between 2003 and 2008,” according to the report.

“Bush’s reasons for strengthening EO 12333 were similar. After the United States faced another existential threat in the immediate aftermath of the September 11 attacks, Bush—and later President Barack Obama—used EO 12333 to expand American surveillance power.”

And the rest was history.

But let’s not forget Glenn Greenwald said in this recent book No Place To Hide that the personal motto of former NSA chief Keith Alexander was “Collect it all”. Period?

2angry-twitter-bird

Shhh… US Govt Sponsored “Truthy” to Monitor Tweets for Political Hate Speech

As if the Snowden revelations on NSA snoops are not enough to amplify the Orwellian state in the US, it now emerged that the American federal government has once again stepped beyond what the US Constitution permits with their sponsored “Truthy” program, through a National Science Foundation grant to Indiana University, to create a Twitter-like “web service that will monitor ‘suspicious memes’ and what it considers to be ‘false and misleading ideas,’ with a major focus on political activity online,” according to a report by The Washington Free Beacon.

According to the report, Truthy is designed to collect and analyze tweets in real time using a combination of “data mining, social network analysis, and complex networks models,” all boosted by crowd sourcing with the objective to “detect political smears, astroturfing, misinformation, and other social pollution” that might harm the general public in political discussions online.

“For the federal government to be tracking so-called hate speech or subversive propaganda is not only Orwellian but violates the very fundamental rights to free speech and privacy guaranteed to us by the Constitution,” according to Rutherford Institute president John Whitehead in a WND report.

The WND has pointed out recently that the Justice Department would submit a report related to “hate crimes” and “hate speech” with actions recommended against any Internet sites, broadcast, cable television or radio shows determined to be advocating or encouraging “violent acts.”

It said “once the report is compiled, the bill calls for “any recommendations” for action “consistent with the First Amendment to the Constitution of the United States” that is determined to be an “appropriate and necessary” way to address the purported encouragement of violent acts.”

ANGRY-TWITTER-BIRD

So now it seems one can be punished simply for what one thinks, feels and believes… Yes, Tweet that and be punished.

ChinaOS

Shhh… (Another) New Chinese OS by October

A new homegrown Chinese operating system aimed to sweep aside foreign rivals like Microsoft, Google and Apple could be expected this coming October, according to a Xinhua news report Sunday.

The new OS would first target desktops with smartphones and other mobile devices to follow, according to Ni Guangnan who heads the development launched in March.

Now, it’s not that China has not attempted to create its very own OS. There was a Chinese Linux OS launched some years ago for mobile devices, dubbed the China Operating System (COS). It was developed as a joint effort by a company ‘Shanghai Liantong’, ISCAS (Institute of Software at the Chinese Academy of Sciences) and the Chinese Government. But it failed to take off and was later discontinued.

But the Chinese determination to have its very own system has risen a few bars recently, not least further sparked by the Snowden revelations that the American NSA planted “backdoor” surveillance tools on US-made hardware. Similarly the US have long been suspicious of China-made devices – Hmmm, is it still possible to get laptops with NO parts made in China? Check out my earlier column here if you are keen.

More recently, after the US made poster-boys of 5 Chinese military officers they accused of cyber-espionage in May, China swiftly banned government use of Windows 8. Just last month, it was also reported that as many as 10 Apple products were pulled out of a government procurement list as the spate of mistrusts continued.

China also lamented early last year that Google had too much control over its smartphone industry via its Android mobile operating system and has discriminated against some local firms.

Any bets on a fake Chinese OS any time soon – and sooner than October?

tor-project

Shhh… In TOR We (Can Still) Trust?

The BBC reported over the weekend that some NSA and GCHQ sleuths have been covertly tipping off developers of the Tor network as they were tasked to crack the code and find vulnerabilities in the cyber-tool most hated by the US and UK intelligence agencies, following a BBC interview with Andrew Lewman from the Tor Project.

“There are plenty of people in both organizations who can anonymously leak data to us to say – maybe you should look here, maybe you should look at this to fix this,” he said. “And they have.”

The Tor network has been favored by those who sought internet privacy and animosity. The free software conceals the location and usage of its users from anyone conducting network surveillance and traffic analysis. In other words, Tor shields one’s identity: It is difficult if not impossible to trace the internet activity of any Tor users. No wonder Tor is championed by the military, political activists, law enforcements, whistleblowers and of course, Edward Snowden.

Unfortunately, given what Tor is, it is also known as the gateway to the “dark web” as criminals and terrorists love it as well.

So it was no surprise when the Snowden revelations revealed both the NSA and GCHQ have been trying to crack Tor.

In fact, the NSA hates Tor so much it was also reported that the agency was not only targeting and cracking the Tor network but it had been taking digital fingerprints of anyone who are even remotely interested in privacy – including fans of the Linux Journal web site and anyone visiting the homepage of the Tor-powered Linux operating system Tails.

Tails-DVD

So what motivated those NSA and GCHQ spies to secretly contact the Tor developers? Lewman had an explanation:

“It’s sort of funny because it also came out that GCHQ heavily relies on Tor working to be able to do a lot of their operations.
“So you can imagine one part of GCHQ is trying to break Tor, the other part is trying to make sure it’s not broken because they’re relying on it to do their work.

Find out more about using Tor from my earlier column.