A new report from Rand Corp. may help shed light on the government’s arsenal of malicious software, including the size of its stockpile of so-called “zero days” — hacks that hit undisclosed vulnerabilities in computers, smartphones, and other digital devices.The report also provides evidence that such vulnerabilities are long lasting. The findings are of particular interest because not much is known about the U.S. government’s controversial use of zero days.
A un año de las elecciones legislativas, y a tres meses de que pueda legalizarse el voto electrónico en todo el país, Noticias Urbanas consultó a expertos informáticos para conocer más sobre la BUE.
Con mucho orgullo y de manera oficial, Derechos Digitales presenta hoy la Amistosa Caja Anti Vigilancia, un conjunto de herramientas y consejos prácticos que te ayudarán a resguardar mejor tu información personal y la de otros. Pareciera ser que hoy más que nunca es necesario proteger nuestros datos, pues siempre hay alguien intentando acceder a ellos: empresas privadas, cibercriminales y el mismo Estado.
Una seria advertencia hicieron algunos miembros del Consejo Ciudadano de Observadores (CCO) respecto a que sólo actas de 1.300 cabildos de los más de 13.000 que están inscritos serán validadas e incluidas en el texto final del gobierno, debido a que la página web ha presentado deficiencias como el no contar con un sistema de autoguardado y problemas de conexión.
Los refugiados no tienen derechos. De ahí se deriva que sus teléfonos pueden ser hackeados y sus ordenadores también. Al parecer, esto es lo que ha hecho -legalmente y según The Observer – los funcionarios de la oficina de inmigración británica. En 2013 recibieron poderes para hackear los dispositivos electrónicos de todos los refugiados y peticionarios de asilo que considerasen necesario. Y lo consideran.
High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email email@example.com to buy additional rights. http://www.ft.com/cms/s/0/77843ec2-bd5f-11e4-b523-00144feab7de.html#ixzz3SzdZG1cE
February 26, 2015 2:45 am
Last updated: February 19, 2015 7:00 pm
Researchers say all signs point to the Chinese government
A fake smartphone app is being used to remotely monitor pro-democracy protesters in Hong Kong, according to a report from the New York Times. Researchers from Lacoon Mobile Security say the phishing scam is spreading across the messaging application WhatsApp, through texts that read: “Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!”, along with a link to download software. Lacoon says the software, once downloaded, can access a user’s personal data, including phone calls, text messages, and the physical location of their smartphone. Code4HK — a developer community that has helped to spread information about the protests — tells the Times it had nothing to do with the texts.
The origin of the scam remains unknown, but Lacoon CEO Michael Shaulov says the Chinese government is likely behind it, given the location of the servers and the sophistication of the operation. The company traced it to a computer that they say is similar to those that the Chinese government allegedly used to launch cyberattacks against US targets last year. The spread of the app remains equally unclear, though Shaulov says it was downloaded by one out of every ten phones that received the fake message. It has affected both Android and iOS users alike, although many in the security world have noted that only jailbroken iOS phones are vulnerable.
Internet service providers from around the world are lodging formal complaints against the UK government’s monitoring service, GCHQ, alleging that it uses “malicious software” to break into their networks.
The claims from seven organisations based in six countries – the UK, Netherlands, US, South Korea, Germany and Zimbabwe – will add to international pressure on the British government following Edward Snowden‘s revelations about mass surveillance of the internet by UK and US intelligence agencies.
The claims are being filed with the investigatory powers tribunal (IPT), the court in London that assesses complaints about the agencies’ activities and misuse of surveillance by government organisations. Most of its hearings are held at least partially in secret.
The IPT is already considering a number of related submissions. Later this month it will investigate complaints by human rights groups about the way social media sites have been targeted by GCHQ.
The government has defended the security services, pointing out that online searches are often routed overseas and those deemed “external communications” can be monitored without the need for an individual warrant. Critics say that such a legal interpretation sidesteps the need for traditional intercept safeguards.
The latest claim is against both GCHQ, located near Cheltenham, and the Foreign Office. It is based on articles published earlier this year in the German magazine Der Spiegel. That report alleged that GCHQ had carried out an attack, codenamed Operation Socialist, on the Belgian telecoms group, Belgacom, targeting individual employees with “malware (malicious software)”.
One of the techniques was a “man in the middle” attack, which, according to the documents filed at the IPT, bypasses modern encryption software and “operates by interposing the attacker [GCHQ] between two computers that believe that they are securely communicating with each other. In fact, each is communicating with GCHQ, who collect the communications, as well as relaying them in the hope that the interference will be undetected.”
The complaint alleges that the attacks were a breach of the Computer Misuse Act 1990 and an interference with the privacy rights of the employees under the European convention of human rights.
The organisations targeted, the submission states, were all “responsible and professional internet service providers”. The claimants are: GreenNet Ltd, based in the UK, Riseup Networks in Seattle, Mango Email Service in Zimbabwe, Jinbonet in South Korea, Greenhost in the Netherlands, May First/People Link in New York and the Chaos Computer Club in Hamburg.
Concerned about weaknesses in USA Freedom Act, Zoe Lofgren and colleagues pushing to prevent NSA from weakening online encryption with new amendment
US legislators concerned about weaknesses in a major surveillance reform bill intend to insert an amendment barring the National Security Agency from weakening the encryption that many people rely on to keep their information secure online, or exploiting any internet security vulnerabilities it discovers.
Congresswoman Zoe Lofgren, a California Democrat, told the Guardian that she and a group of colleagues want to prevent the NSA from “utilizing discovered zero-day flaws,” or unfixed software security vulnerabilities, and entrench “the duty of the NSA and the government generally not to create them, nor to prolong the threat to the internet” by failing to warn about those vulnerabilities.
Since the discovery of the Heartbleed bug afflicting web and email servers, the NSA has faced suspicions that it has exploited the vulnerability, which the agency has strenuously denied. Beyond Heartbleed, documents from whistleblower Edward Snowden have revealed that the NSA has weakened online encryption, causing consternation among technology companies as well as privacy advocates.
Lofgren intends to attach the provision to the USA Freedom Act, increasingly the consensus bill to reform surveillance in the wake of the Edward Snowden disclosures. The bill, mostly favored by civil libertarians and expected to go for a vote on the House floor as early as next week, does not include language stopping the NSA from undermining encryption.
In an indication of the difficulty legislators will face in recasting the USA Freedom Act to better protect privacy, Lofgren conceded that attaching the provision will be difficult, as House legislators do not want to upset a tenuous deal on surveillance reform by adding to the bill. She is currently seeking a parliamentarian ruling on the “germaneness” of her online security amendment in order to make it difficult for opponents to exclude it from consideration on the floor.
Lofgren said she and other civil libertarian-minded lawmakers will have limited opportunities to add amendments to the bill, and so are prioritizing measures they believe stand the best chance of winning House support.
Lofgren said she thought those would most likely include a ban on the NSA searching through its foreign-focused communications content troves for Americans’ information without a warrant; clarifying a Patriot Act prohibition on collecting Americans’ phone calls and email content; and permitting more detailed transparency for telecoms and internet companies to disclose the sorts of national-security orders they receive from the government for their customers’ data.
GCHQ, the government’s monitoring agency, acted illegally by developing spy programs that remotely hijack computers’ cameras and microphones without the user’s consent, according to privacy campaigners.
A legal challenge lodged on Tuesday at the investigatory powers tribunal (IPT) calls for the hacking techniques – alleged to be far more intrusive than interception of communications – to be outlawed. Mobile phones were also targeted, leaked documents reveal.
The claim has been submitted by Privacy International following revelations by the whistleblower Edward Snowden about the mass surveillance operations conducted by GCHQ and its US counterpart, the National Security Agency (NSA).
The 21-page submission details a host of “malware” – software devised to take over or damage another person’s computer – with such esoteric names as Warrior Pride, Gumfish, Dreamy Smurf, Foggybottom and Captivatedaudience.
Details of the programs have been published by the Guardian and the online magazine The Intercept run by the journalist Glenn Greenwald. They are said to allow GCHQ to gain access to “the profile information supplied by a user in registering a device [such as] … his location, age, gender, marital status, income, ethnicity, sexual orientation, education, and family”.
More intrusively, Privacy International alleges, the programs enable surveillance of any stored content, logging of keystrokes and “the covert and unauthorised photography or recording of the user and those around him”. It is, the claim maintains, the equivalent of “entering someone’s house, searching through his filing cabinets, diaries and correspondence, and planting devices to permit constant surveillance in future, and, if mobile devices are involved, obtaining historical information including every location he had visited in the past year”.
Such break-ins also leave devices vulnerable to attack by others “such as credit card fraudsters, thereby risking the user’s personal data more broadly”, Privacy International argues. “It is the modern equivalent of breaking in to a residence, and leaving the locks broken or damaged afterwards.”