Shhh… GCHQ’s Hacking Tools Leaked

The latest Snowden revelations include a leaked document that lists the cyber-spy tools and techniques used by the American NSA’s UK counterpart GCHQ, according to a BBC News report.

More disturbing point: the GCHQ apparently used its toolbox to find ways to “alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things”.

Shhh… Guide to Safer Computing

The (Globe & Mail) Paranoid Computer User’s Guide to Privacy, Security and Encryption

A nice reference and handy guide.

Post-Snowden, the US Reaps a Security Whirlwind

From China with Love

It’s the one year anniversary of what is now known as the Snowden revelations, which appeared on June 5 and June 9 when The Guardian broke news of classified National Security Agency documents and Edward Snowden revealed himself in Hong Kong as the source of those leaks.

There is still much to decipher from the chronology of events in the aftermath and the sudden global awakening to the end of privacy. Among the impacts on the personal, business and political fronts, one interesting salient feature is the hypocritical rhetorical spats between the US and China in recent weeks, which could set the undertone for US-Sino relations for years to come.

Snowden said his biggest fear is that nothing would change following his bold decision a year ago.

You can find the entire column here.

Do You Need the World’s Most Secure Email?

Or is Privacy Even Possible?

Is privacy and a secure email on your wish list? How does the “most secure email program” sound to you? Or rather, is that still possible in this post-Snowden era? How about a completely secure search engine?

Find out more from my latest column here and there.

When the Boss Hacks

Hot Mails

There is an unspoken underlying tension in the workplace on privacy matters relating to office telephones, computers, emails, documents, CCTV cameras, etc. Employers like to think they reserve the right to probe what they consider their property while employees believe their turf is clear from invasion.

This tension is nowhere better exemplified than by reports last Thursday that operatives with US tech giant Microsoft Inc. hacked into a blogger’s Hotmail account in the course of an investigation to try to identify an employee accused of stealing Microsoft trade secrets.

And it is not uncommon in my business to encounter client complaints about potential espionage and other alleged misconduct by their employees, leading to their consideration to search the (company-owned) computers, emails, phone records, etc.

Find out more from my latest column here and there.

Coping With Offline Snoops

Latest NSA Revelations Not the End of the World

The latest NSA revelations about their ability to penetrate into computers that are not even connected to the Internet may have caused deep concerns but there are at least 2 defensive measures one can undertake.

You can find out more from my latest column here.

Shhh… 172 Ways to Keep Your Online Activities Secure

The NSA may now be cracking on the Tor project after the forced shutdown of Lavabit, 2 of the many tools in the arsenal of Edward Snowden and the likes. But there are many other ways to secure your online activities, including secured phone calls in case you are also concerned about eavesdropping.

Here’s a handy list of 172 tools you can use, compiled by the folks at Backgroundchecks.org .

The Demise of the Cloud

NSA Snooping Compromises the Cloud Computing Industry

Facebook CEO Mark Zuckerberg complained last week that trust in social networks and Internet companies has dived ever since cyber snooping and spying activities by the US National Security Agency began to make global headlines earlier this year.

It is no surprise. In fact, as fugitive former NSA operative Edward Snowden pointed out, the encryption system adopted by the International Organization for Standardization and its 163 member countries were actually written by the NSA, convincing proof that online platforms being used by Internet companies and the commercial world, including banks, could in fact be easily compromised by the NSA.

In other words, the NSA designed their own secret back door into the global encryption system for their convenience. So until the encryption system has been overhauled and taken away from NSA’s control, no server and no cloud service provider is secure enough to be entrusted with any confidential data.

So why then are blindly trusting companies still moving ever more data into the cloud and onto servers, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances, etc., is available to the US snoops?

You can find the entire column here.

The Guardian Online Interview with Snowden

Check out the Guardian online interview with Edward Snowden here. Thousands of comments from readers and still counting.

If I Were Snowden

The Art of Hiding and Being Undetectable

The world knows by now Edward Snowden, the former private contractor for the National Security Agency who leaked revelations of massive US clandestine electronic surveillance and eavesdropping programs, is still at large in Hong Kong.

You might wonder how Snowden managed to remain obscure, both in the physical and cyber spheres.

Hong Kong, a former British colony now a major global financial center and Special Administrative Region of China, is one of the most densely populated areas in the world with a population of over seven million spread over just 1,104 square kilometers.

But it is precisely for these reasons that Hong Kong may be the ideal place. One could be easily spotted or located or one could capitalize on the dense crowd and modern infrastructure to negotiate his way unnoticed in the physical, digital and cyber dimensions.

And Snowden sure knows how to do that.

So what would you do if you were Snowden or if you simply needed to hide and remain undetectable for a period of time?

Please read the full column here and there.

The Enemies of the US

Take your pick: Edward Snowden, Internet and phone service providers, or just everybody?

The furor over the past week about how US intelligence agencies like the National Security Agency and the Federal Bureau of Investigation have for years scooped up massive loads of private communications data raises one critical and distressing question.

Who, worldwide and in the US, are the general public supposed to trust now that it seems all forms of digital and cyber communications risk being read by the American authorities? The Americans, it seems, don’t believe it’s that big a deal. By 62-34, according to the latest poll by Pew Research and the Washington Post, they say it’s more important to investigate the threats than protect their privacy. But what about the rest of the world?

The immediate acknowledgement, rather than point blank denial, of the massive clandestine eavesdropping programs is no doubt alarming even for those long suspicious of such covert undertakings. But the more disturbing part is that the official response amounts to plain outright lies.

Please read this entire Opinion Column here.

The State of Cyber-War

In Spies We Trust

The two-day private talks between the US and Chinese Presidents Barack Obama and Xi Jinping this weekend in Rancho Mirage, CA are expected to include, among other thorny issues, the dwindling trust between the two countries following the recent spate of cyber intrusions the US have repeatedly alleges to have originated from China.

In the first diplomatic efforts to defuse chronic tensions, the two have also agreed to launch regular, high-level talks next month on how to set standards of behavior for cyber security and commercial espionage. But don’t expect anything concrete from these meetings. The state of cyberspace diplomacy is heading only south.

Please read the full column here.

Out of Office Blues

You could be out of pocket as well as out of office if you reveal too much

It may be so much the norm and standard practice one often never think twice but go along with it, totally oblivious to the risks and implications…

I am referring to those seemingly harmless out-of-office notifications: Consider how sensitive personal and company information as well as chain of command details were often automatically and unnecessarily revealed to the world.

Please read the full column here and there.

Computers: Patriot Games?

US decision to ban Chinese computer parts could mean no computers

The American Congress signed a US appropriations bill into law late March that restricts government purchase of Chinese computer equipments and technologies on fear of cyber-espionage risks.

The move inevitably prompted strong retaliation from China but my immediate curious question is: Where on earth is the US planning to buy its hardware, when even the major US brands like Dell, Apple and Hewlett-Packard – and also many Japanese, Korean and Taiwanese brands – are made in China?

I have 2 solutions…..

Please read the full column here.

Big Brother Meets Big Data

The Security Assault on Social Networks

Forget hacking. It works but it’s illegal.

Big data mining is the future of cyber espionage. It is not illegal as long as the data is open source and in the public domain. And all that data on “open” social networking Web sites are most vulnerable.

Two recent commercially developed software packages could soon be giving your government and employer and possibly anyone else who is interested – ways to spy on you like never before, including monitoring your words, your movements and even your plans now and into the future.

Please read the full column here and there.

The Genesis of Hong Kong´s Company Law Fuss

The Companies Ordinance review has been years in the making

A recent hotly debated topic in Hong Kong relates to the government’s attempt to rewrite the Companies Ordinance, spurred largely by the sudden public realization that the resulting new Companies Bill was already passed in the local legislature without much media attention and the rude awakening to the subsequent impacts.

Much of the current media focus and public debates have been placed on only one aspect of the many proposed changes: to withhold from the public parts of the identification numbers and details of the residential addresses of company directors found in the Hong Kong company registration records.

The lightning rod for public concern has struck many a wrong cord, including outcries about the suppression of transparency and apprehension over possible government submission to China’s will.

This column looks at the roots of the situation and puts the fuss in perspective.

Please read full article here.

The Year of Red October

It is just three weeks into the new year and the signs are already on the wall: this is going to be a busy year of cyber espionage and cyber crime activities.

Please read full article here and there.

DIY Counter Espionage

Spying on Spies

The FBI probe into the scandal involving former CIA director David Petraeus and his mistress may have stolen global headlines the past week.

But there is something else the FBI knows that should warrant more attention. Something closer to those of us less exalted than the boss of the world’s most famous spy agency.

The FBI is known to have video footage, covertly taken in a hotel room somewhere in China, showing how Chinese agents broke in and swept through the belongings and laptop of an American businessman.

There were recent media reports of similar incidents. The FBI is now showing the clip as a warning to corporate security experts of major US companies.

The FBI also warned some months ago about the risks of using hotel wi-fi networks and recommended all government officials, businessmen and academic personnel take extra caution when traveling abroad.

Whilst the corporate world is often most at risks, the average citizens are also highly vulnerable, especially to electronic surveillance on home and foreign soil.

So what can one do to protect the personal data and business secrets on the computers, especially when traveling abroad?

Please read full article here and there.

How to Beat the CIA and Protect Your Data

A little secret and long overdue column – as I have promised some weeks ago.

How about leading a cyber lifestyle without the risks of compromising your computer, privacy and precious confidential data… ie. your life?!

There’s an easy solution and you do not have to be a computer expert. But the CIA, MI6, etc, wouldn’t want you to know the trick… because you can beat those spies and hackers by going online and leaving no trace.

Read the full article here.

Shhh… The Safest Place to Hide Your Data

… is possibly in your mouth?!

I’m glad I have not gone that far yet but nevertheless happy to read this piece of news article. I always advised my friends not to leave their computers and phones in their hotel room, or unattended for that matter, as spies will not only break into their room but also their devices. In fact, in certain countries, these agents are tasked to target certain individuals and business travelers the moment they left the airport. And they will wait patiently for the opportunity to penetrate their data. As a rule of thumb, the bigger the city and the hotel, the bigger the risks… because Ahem, I know only too well from… never mind.

Anyway, no one seems to believe or take it seriously. So I’m glad this story printed not only what I always wanted to say but also gave insights on some interesting counter-measures. Kind of paranoid for the men on the streets but… I hope you don’t have to go so far as planting the SD card in your mouth.

No Ordinary CSI: Mobile Phone Forensics

If it falls into the wrong hands, it could cause you plenty of trouble

I love my iPhone but I always look at it with deep suspicion. It probably knows more about me than my puffy pillows. But unlike them, it could easily betray me one day.

Blame it on Steve Jobs but I assume I’m not alone. Most of us have fallen prey to the modern digital world.

We take for granted the unlimited things we can do with our smartphones.

But, by using the devices, we are increasingly exposing ourselves to bottomless risks (Read the entire column here and there).

The Complicated World of Corporate Espionage

It isn’t as straightforward as it looks
Corporate espionage used to be rather straightforward – as the typical Coke-Pepsi textbook example illustrates, in which each tries to steal the other’s recipe for sugared water. It is a crime when someone steals company data/trade secrets and passes it to a business rival.
Well, yes — but not quite, in the case a series of court decisions in the United States that complicate the issue considerably (Read the entire column here and there).