Several reports have surfaced the last 24 hours about Google’s “Project Zero”, essentially the online search giant’s very own in-house super-geeks team of security researchers and hackers now devoted to finding security flaws in non-Google, third-party software “across the internet”, especially zero-day flaws (newly discovered bugs) – also known as “zero-day” vulnerabilities, those hackable bugs that are exploited by criminals, state-sponsored hackers and intelligence agencies.
More disturbing point: the GCHQ apparently used its toolbox to find ways to “alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things”.
The (Globe & Mail) Paranoid Computer User’s Guide to Privacy, Security and Encryption
A nice reference and handy guide.
From China with Love
It’s the one year anniversary of what is now known as the Snowden revelations, which appeared on June 5 and June 9 when The Guardian broke news of classified National Security Agency documents and Edward Snowden revealed himself in Hong Kong as the source of those leaks.
There is still much to decipher from the chronology of events in the aftermath and the sudden global awakening to the end of privacy. Among the impacts on the personal, business and political fronts, one interesting salient feature is the hypocritical rhetorical spats between the US and China in recent weeks, which could set the undertone for US-Sino relations for years to come.
Snowden said his biggest fear is that nothing would change following his bold decision a year ago.
You can find the entire column here.
End of Wins XP is No Dawn for Wins 8
Don’t be fooled into upgrading to Wins 8 after Microsoft recently ended support for the popular Wins XP OS. High time to switch to Linux instead – as I did 3 years ago.
There is an unspoken underlying tension in the workplace on privacy matters relating to office telephones, computers, emails, documents, CCTV cameras, etc. Employers like to think they reserve the right to probe what they consider their property while employees believe their turf is clear from invasion.
This tension is nowhere better exemplified than by reports last Thursday that operatives with US tech giant Microsoft Inc. hacked into a blogger’s Hotmail account in the course of an investigation to try to identify an employee accused of stealing Microsoft trade secrets.
And it is not uncommon in my business to encounter client complaints about potential espionage and other alleged misconduct by their employees, leading to their consideration to search the (company-owned) computers, emails, phone records, etc.
Check out this Forbes interview with Snowden’s lawyer.
Time for Standardized Data Breach Law
The latest hack on Bitcoin exchange Mt.Gox, leading to its sudden bankruptcy late February, and the spate of recent cyber-attacks have prompted warnings of a wave of serious cybercrimes ahead as hackers continue to breach the antiquated payment systems of companies like many top retailers.
Stock exchange regulators like the American SEC have rules for disclosures when company database were hacked but the general public is often at the mercy of private companies less inclined or compelled to raise red flags.
The private sector, policymakers and regulators have been slow to respond and address the increasing threats and sophistication of cybercriminals – only 11 percent of companies adopt industry-standard security measures, leaving our personal data highly vulnerable.
Time for a standardized data breach law?
Creating Giants to Battle Snoops by NSA and the Likes
Size matters in the covert wars of cyber espionage – even more so when two Herculean cyber warriors merge on Wall Street. US cyber-security firm FireEye Inc. announced the acquisition of Mandiant Corp. late last week in a deal worth more than US$1 billion, generating not just an immediate surge in FireEye’s share price but a Mexican wave across the world.
This merger and creation of a next-generation cyber-security firm – FireEye is a provider of security software for detecting cyber-attacks and Mandiant a specialist firm best known for emergency responses to computer network breaches – comes at a time when old-style anti-virus software took a dive, with governments, companies and private citizens across the globe hunting desperately for more effective defensive measures to fend off sophisticated hackers and state-sponsored cyber-attacks.
But the interesting and ironic twist to this FireEye and Mandiant deal is that many of Mandiant’s employees came from the US intelligence world and the Defense Department.
Security officials leave an easily tapped device in closed-door conferences of European leaders
In photos made public of several closed-door bilateral meetings between various European leaders last week, there were two common denominators. One was the presence of the French President Francois Hollande. The other was the VoIP phone on the desk. The question is: What is that phone doing there?
In the middle of a major brouhaha over charges that the US National Security Agency had allegedly monitored the phone conversations of foreign diplomats, the officials in those photos were speaking to each other in the presence of this easily-tapped device.
What these these photos highlight is a security lapse, thus generating many questions: What else have European countries missed and not done to better protect their leaders from American or any eavesdropping?
NSA Snooping Compromises the Cloud Computing Industry
Facebook CEO Mark Zuckerberg complained last week that trust in social networks and Internet companies has dived ever since cyber snooping and spying activities by the US National Security Agency began to make global headlines earlier this year.
It is no surprise. In fact, as fugitive former NSA operative Edward Snowden pointed out, the encryption system adopted by the International Organization for Standardization and its 163 member countries were actually written by the NSA, convincing proof that online platforms being used by Internet companies and the commercial world, including banks, could in fact be easily compromised by the NSA.
In other words, the NSA designed their own secret back door into the global encryption system for their convenience. So until the encryption system has been overhauled and taken away from NSA’s control, no server and no cloud service provider is secure enough to be entrusted with any confidential data.
So why then are blindly trusting companies still moving ever more data into the cloud and onto servers, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances, etc., is available to the US snoops?
You can find the entire column here.
Or was Dick Cheney looking for a cheap excuse to play politics?
Edward Snowden with his sudden departure from Hong Kong for Moscow and eventually elsewhere, possibly a country hostile to the US, would reignite the question if he’s a spy or double agent.
But the allegations made last week by former US vice president Dick Cheney that the National Security Agency whistle-blower Edward Snowden could be a spy for China is off track, and he knows it, and are a deliberate public distraction as the Obama administration searches for scapegoats in the midst of defending the NSA surveillance programs with their one and only trump card.
Snowden left with his passport annulled, a warrant on his head plus criminal charges of espionage, theft and communicating classified intelligence to unauthorized persons.
But here is the dichotomy: While the corporate world is still coping with US regulations on better corporate governance practices, where does the notion of whistleblowing stand right now?
Please read the entire column here.
The Art of Hiding and Being Undetectable
The world knows by now Edward Snowden, the former private contractor for the National Security Agency who leaked revelations of massive US clandestine electronic surveillance and eavesdropping programs, is still at large in Hong Kong.
You might wonder how Snowden managed to remain obscure, both in the physical and cyber spheres.
Hong Kong, a former British colony now a major global financial center and Special Administrative Region of China, is one of the most densely populated areas in the world with a population of over seven million spread over just 1,104 square kilometers.
But it is precisely for these reasons that Hong Kong may be the ideal place. One could be easily spotted or located or one could capitalize on the dense crowd and modern infrastructure to negotiate his way unnoticed in the physical, digital and cyber dimensions.
And Snowden sure knows how to do that.
So what would you do if you were Snowden or if you simply needed to hide and remain undetectable for a period of time?
Take your pick: Edward Snowden, Internet and phone service providers, or just everybody?
The furor over the past week about how US intelligence agencies like the National Security Agency and the Federal Bureau of Investigation have for years scooped up massive loads of private communications data raises one critical and distressing question.
Who, worldwide and in the US, are the general public supposed to trust now that it seems all forms of digital and cyber communications risk being read by the American authorities? The Americans, it seems, don’t believe it’s that big a deal. By 62-34, according to the latest poll by Pew Research and the Washington Post, they say it’s more important to investigate the threats than protect their privacy. But what about the rest of the world?
The immediate acknowledgement, rather than point blank denial, of the massive clandestine eavesdropping programs is no doubt alarming even for those long suspicious of such covert undertakings. But the more disturbing part is that the official response amounts to plain outright lies.
Please read this entire Opinion Column here.
In Spies We Trust
The two-day private talks between the US and Chinese Presidents Barack Obama and Xi Jinping this weekend in Rancho Mirage, CA are expected to include, among other thorny issues, the dwindling trust between the two countries following the recent spate of cyber intrusions the US have repeatedly alleges to have originated from China.
In the first diplomatic efforts to defuse chronic tensions, the two have also agreed to launch regular, high-level talks next month on how to set standards of behavior for cyber security and commercial espionage. But don’t expect anything concrete from these meetings. The state of cyberspace diplomacy is heading only south.
Please read the full column here.
US decision to ban Chinese computer parts could mean no computers
The American Congress signed a US appropriations bill into law late March that restricts government purchase of Chinese computer equipments and technologies on fear of cyber-espionage risks.
The move inevitably prompted strong retaliation from China but my immediate curious question is: Where on earth is the US planning to buy its hardware, when even the major US brands like Dell, Apple and Hewlett-Packard – and also many Japanese, Korean and Taiwanese brands – are made in China?
I have 2 solutions…..
Please read the full column here.
The Security Assault on Social Networks
Forget hacking. It works but it’s illegal.
Big data mining is the future of cyber espionage. It is not illegal as long as the data is open source and in the public domain. And all that data on “open” social networking Web sites are most vulnerable.
Two recent commercially developed software packages could soon be giving your government and employer and possibly anyone else who is interested – ways to spy on you like never before, including monitoring your words, your movements and even your plans now and into the future.
Spying on Spies
The FBI probe into the scandal involving former CIA director David Petraeus and his mistress may have stolen global headlines the past week.
But there is something else the FBI knows that should warrant more attention. Something closer to those of us less exalted than the boss of the world’s most famous spy agency.
The FBI is known to have video footage, covertly taken in a hotel room somewhere in China, showing how Chinese agents broke in and swept through the belongings and laptop of an American businessman.
There were recent media reports of similar incidents. The FBI is now showing the clip as a warning to corporate security experts of major US companies.
The FBI also warned some months ago about the risks of using hotel wi-fi networks and recommended all government officials, businessmen and academic personnel take extra caution when traveling abroad.
Whilst the corporate world is often most at risks, the average citizens are also highly vulnerable, especially to electronic surveillance on home and foreign soil.
So what can one do to protect the personal data and business secrets on the computers, especially when traveling abroad?
The First World’s Version of Child Soldiers?
It is estimated that 250,000 children are fighting in wars all over the world, recruited by force or lured by the false promise of an escape from poverty. They are living a life no child should ever lead.
But across the planet, another crop of children, living in affluence in Cupertino, California, or Knightsbridge in London, or Berlin are being recruited as child soldiers. They won’t bear arms. They won’t nudge from their posts – usually in their parents’ back bedrooms.
On Halloween, while their peers are wearing goblin costumes and going from door to door, their families might regard them as hiding in their bedrooms and staying away from trouble.
But so you thought. They may be in much bigger trouble than you could ever imagine – they could be on a Wanted List from intelligence agencies – for hire. But in their teen years, are they capable of making the moral decisions to take up spying, any more than a 12 year old peering over the sights of a Kalashnikov in Sierra Leone?
Read the full article here.
A little secret and long overdue column – as I have promised some weeks ago.
How about leading a cyber lifestyle without the risks of compromising your computer, privacy and precious confidential data… ie. your life?!
There’s an easy solution and you do not have to be a computer expert. But the CIA, MI6, etc, wouldn’t want you to know the trick… because you can beat those spies and hackers by going online and leaving no trace.
Read the full article here.