WikiLeaks founder Julian Assange equated Google with the US National Security Agency and its British counterparts GCHQ, saying in an interview with BBC and Sky News last week the tech giant has become “a privatized version of the NSA”.
The fear that the military and intelligence agencies won’t be the only ones spying on us from the sky has now become a reality.
Just last month, a company named DigitalGlobe launched into the orbit the world’s most powerful commercial satellite, called WorldView-3, a half-billion dollars gadget that can snap sharp images of the ground at a 30-centimeter resolution.
The following video shows the launch of WorldView-3 as seen from Vandenberg Air Force Base on August 13, 2014.
The WorldView-3 is now the highest-resolution commercial satellite in space. This satellite can capture images of “not only a car, but the windshield and the direction the car is going”, almost 40% sharper than what’s currently available. In fact, its images are so sharp that because of “regulatory restrictions, we can’t yet display the 30 cm native resolution data, so we’re sharing imagery resampled to 40 cm”, according to the company – see for example the featured DigitalGlobe images above and below.
The US government is said to be DigitalGlobe’s top customer but the general public can also get to view these highly precise images later through Google Maps. In the commercial sphere, potential applications could range from mapping to corporate logistics to academic research.
Several reports have surfaced the last 24 hours about Google’s “Project Zero”, essentially the online search giant’s very own in-house super-geeks team of security researchers and hackers now devoted to finding security flaws in non-Google, third-party software “across the internet”, especially zero-day flaws (newly discovered bugs) – also known as “zero-day” vulnerabilities, those hackable bugs that are exploited by criminals, state-sponsored hackers and intelligence agencies.
Now the question is, is this a Google PR stunt? Read this and that articles and decide for yourself.
The latest Snowden revelations include a leaked document that lists the cyber-spy tools and techniques used by the American NSA’s UK counterpart GCHQ, according to a BBC News report.
More disturbing point: the GCHQ apparently used its toolbox to find ways to “alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things”.
“More than once, I’ve wished my real life had a delete key.” – Harlan Coben, American novelist.
If that sounds familiar, it has now become a reality but with reasons for concern – it has been two months since the controversial European “right to be forgotten” ruling. The irony is that nothing has actually changed fundamentally despite all the subsequent hoo-hah.
Let’s not forget the internet was originally designed to exchange raw data between researchers and scientists. Any attempt to manually and selectively remove the contents, successful or otherwise, is like playing God – much worse when Google decides what to delete.
I have listed an example to illustrate the lessons to be learned and price to be paid – of a somewhat similar attempt and the implications on the society at large.
It’s the one year anniversary of what is now known as the Snowden revelations, which appeared on June 5 and June 9 when The Guardian broke news of classified National Security Agency documents and Edward Snowden revealed himself in Hong Kong as the source of those leaks.
There is still much to decipher from the chronology of events in the aftermath and the sudden global awakening to the end of privacy. Among the impacts on the personal, business and political fronts, one interesting salient feature is the hypocritical rhetorical spats between the US and China in recent weeks, which could set the undertone for US-Sino relations for years to come.
Snowden said his biggest fear is that nothing would change following his bold decision a year ago.
Is privacy and a secure email on your wish list? How does the “most secure email program” sound to you? Or rather, is that still possible in this post-Snowden era? How about a completely secure search engine?
Find out more from my latest column here and there.
The open source OpenSSL project revealed Monday a serious security vulnerability known as the “Heartbleed” bug that is used by two-third of the web to encrypt data, ie. to protect usernames, passwords and any sensitive information on secure websites. Yahoo is said to be the most exposed to Heartbleed but the company said it has fixed the core vulnerability on its main sites. There are several things you would need to doto checkfor Heartbleed bug and protect yourself from it, apart from changing your passwords. And according to the Tor project, staying away from the internet entirely for several days might be a good idea.
It doesn’t take much for unfolding events to break down security, especially if security forces aren’t well trained to handle unexpected situations. The continuing standoff between the Taiwan government and protesters over the lack of transparency during the negotiations of a cross-Strait services pact between Taipei and Beijing has stolen global headlines and illustrates that scenario.
Scores of university students stormed the legislative chamber in Taipei on March 18, leading to the continued unrest that has been dubbed the “Sunflower Movement”. That was followed by 100,000 people who gathered for a sit-in protest outside the Presidential Office Building earlier this month.
Contentious issues aside, the entire episode – with memorable scenes of students fending off the raiding police by piling entrances and exits with furniture and riot police using batons and water cannons on them – prompted the nagging question: Was security at the government buildings in Taipei so lax and easily penetrable? Definitely, from my personal experience.
Defense Secretary Hagel Faces a Tough Time Explaining This to China
US Defense Secretary Chuck Hagel announced at the National Security Agency headquarters last Friday that the Pentagon would triple its cyber security staff – to 6,000 – over the next few years to defend against computer-based attacks.
That’s great. I wonder how Hagel is going to face the music when he visits China later this week where he expects to be grilled on the latest NSA revelations and aggressive US cyber spying. Just last month, it was revealed that the NSA has for years assessed the networks of Chinese telecommunications company Huawei, which the US House of Representatives has long advocated that US companies should avoid on the grounds of national security.
Find out more from my latest column here and there.
There is an unspoken underlying tension in the workplace on privacy matters relating to office telephones, computers, emails, documents, CCTV cameras, etc. Employers like to think they reserve the right to probe what they consider their property while employees believe their turf is clear from invasion.
This tension is nowhere better exemplified than by reports last Thursday that operatives with US tech giant Microsoft Inc. hacked into a blogger’s Hotmail account in the course of an investigation to try to identify an employee accused of stealing Microsoft trade secrets.
And it is not uncommon in my business to encounter client complaints about potential espionage and other alleged misconduct by their employees, leading to their consideration to search the (company-owned) computers, emails, phone records, etc.
Find out more from my latest column here and there.
The latest hack on Bitcoin exchange Mt.Gox, leading to its sudden bankruptcy late February, and the spate of recent cyber-attacks have prompted warnings of a wave of serious cybercrimes ahead as hackers continue to breach the antiquated payment systems of companies like many top retailers.
Stock exchange regulators like the American SEC have rules for disclosures when company database were hacked but the general public is often at the mercy of private companies less inclined or compelled to raise red flags.
The private sector, policymakers and regulators have been slow to respond and address the increasing threats and sophistication of cybercriminals – only 11 percent of companies adopt industry-standard security measures, leaving our personal data highly vulnerable.
Time for a standardized data breach law?
Find out more from my latest column posted here and there.
Who should be most afraid of auditing in China – a US examiner, the Chinese regulators or the companies being audited? Pick those doing the examining. For all of the accounting profession’s image as a dull and boring occupation, in China it isn’t. Sometimes it can be downright dangerous.
The latest NSA revelations about their ability to penetrate into computers that are not even connected to the Internet may have caused deep concerns but there are at least 2 defensive measures one can undertake.
Creating Giants to Battle Snoops by NSA and the Likes
Size matters in the covert wars of cyber espionage – even more so when two Herculean cyber warriors merge on Wall Street. US cyber-security firm FireEye Inc. announced the acquisition of Mandiant Corp. late last week in a deal worth more than US$1 billion, generating not just an immediate surge in FireEye’s share price but a Mexican wave across the world.
This merger and creation of a next-generation cyber-security firm – FireEye is a provider of security software for detecting cyber-attacks and Mandiant a specialist firm best known for emergency responses to computer network breaches – comes at a time when old-style anti-virus software took a dive, with governments, companies and private citizens across the globe hunting desperately for more effective defensive measures to fend off sophisticated hackers and state-sponsored cyber-attacks.
But the interesting and ironic twist to this FireEye and Mandiant deal is that many of Mandiant’s employees came from the US intelligence world and the Defense Department.
The NSA has a special DROPOUTJEEP program for all Apple devices including the iPhones to intercept all SMS messages, collect contact lists, locate a phone (and its user/owner) and also activate the device’s microphone and camera with 100 percent success rate, according to a leaked document obtained by German magazine Der Speigel and a presentation by security researcher/independent journalist Jacob Applebaum, who said:
“[The NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write sh—y software. We know that’s true.”
I wrote in Sept 2012 that the NSA and Defense Information Systems Agency (the unit that manages all communications hardware needs for the Pentagon) issued their own specially developed smartphones for their top level officials. And they chose Android – no surprise now?!
Historians can be expected to mark June 9, 2013 as a significant date in the evolution of the surveillance and monitoring of mankind and peg 2013 alongside George Orwell’s Nineteen Eighty-Four, making 2014 officially 1PS – one year Post Snowden.
There is justification for this chronological divide. The world will be working its way out of the events of last June for years and decades to come, trying to come to grips with the astonishing ability of electronic snoopers to surreptitiously monitor the details of millions of lives.
It appears that they will continue to be able to do so despite growing knowledge of the pervasive level of this surveillance.
Bad news for those who say ‘If only the walls could talk’. They can.
Hotel rooms are never safe havens as spies know only too well, but warnings of the risk often fall on deaf ears, to the sorrow or sometimes embarrassment of the tenants. Two recent news stories and the episode that I describe below hopefully change the public perceptions.
The stories describe how the UK’s Government Communications Headquarters (GCHQ) has traced and wiretapped top diplomats in their hotel suites over the past three years through its secret “Royal Concierge” program, which tracked some 350 hotels across the world, according to documents exposed by the former US intelligence contractor turned fugitive Edward Snowden.
Separately, it emerged in media reports last week that US President Barack Obama takes extreme measures to ward off any threats of secret video or audio surveillance by setting up an anti-spy portable tent in his hotel suite when traveling abroad, including in allied countries that the US allegedly targeted in conducting massive surveillance against foreign leaders and citizens. That amplifies the deep US concerns about being spied upon as much as spying on its friends and risks inviting potential hypocritical labeling of the White House.
I have written previously about the risk but there is much more than meets the eye, including an interesting exchange I once had with a foreign agent about the spy trade and hotel room risks.
Security officials leave an easily tapped device in closed-door conferences of European leaders
In photos made public of several closed-door bilateral meetings between various European leaders last week, there were two common denominators. One was the presence of the French President Francois Hollande. The other was the VoIP phone on the desk. The question is: What is that phone doing there?
In the middle of a major brouhaha over charges that the US National Security Agency had allegedly monitored the phone conversations of foreign diplomats, the officials in those photos were speaking to each other in the presence of this easily-tapped device.
What these these photos highlight is a security lapse, thus generating many questions: What else have European countries missed and not done to better protect their leaders from American or any eavesdropping?
The NSA may now be cracking on the Tor project after the forced shutdown of Lavabit, 2 of the many tools in the arsenal of Edward Snowden and the likes. But there are many other ways to secure your online activities, including secured phone calls in case you are also concerned about eavesdropping.
Here’s a handy list of 172 tools you can use, compiled by the folks at Backgroundchecks.org .
Hong Kong Tightens Rules on IPOs – The Territory Gets Tough on Regulating Domestic and International New Listings
Starting Oct. 1, in a worst-case scenario, bankers and listing professionals could be put behind bars for their role in public listings in Hong Kong, up till recently a top capital-raising center and magnet for initial public offerings from Chinese companies. To top it off, the current clampdown on data and corporate investigations in mainland China further complicates the situation.
The controversy stems from measures announced by the Hong Kong Securities and Futures Commission in December 2012 to step up the regulatory regime for listing sponsors, including clarifications of their liabilities – up to civil and criminal liabilities – to be put into effect Oct. 1 this year, and will apply to all public listings filed from that date. These measures supplement the new listing rules previously announced by The Stock Exchange of Hong Kong to promote more extensive and thorough due diligence of listing candidates.
NSA Snooping Compromises the Cloud Computing Industry
Facebook CEO Mark Zuckerberg complained last week that trust in social networks and Internet companies has dived ever since cyber snooping and spying activities by the US National Security Agency began to make global headlines earlier this year.
It is no surprise. In fact, as fugitive former NSA operative Edward Snowden pointed out, the encryption system adopted by the International Organization for Standardization and its 163 member countries were actually written by the NSA, convincing proof that online platforms being used by Internet companies and the commercial world, including banks, could in fact be easily compromised by the NSA.
In other words, the NSA designed their own secret back door into the global encryption system for their convenience. So until the encryption system has been overhauled and taken away from NSA’s control, no server and no cloud service provider is secure enough to be entrusted with any confidential data.
So why then are blindly trusting companies still moving ever more data into the cloud and onto servers, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances, etc., is available to the US snoops?