Archive for January, 2014

Britannia still rules the air waves!

January 28, 2014 2 comments

Honestly, I really had hoped that this jingoistic, gung-ho, impericolonial nationalism had long since been consigned to the dustcart of 19th century gun-boat history. In fact, I had to read it several times to make sure it wasn’t a clever send-up of a bygone age. But no, I fear this idiot actually believes in what he says:

In another sense, however, the Snowden case has revealed something of which GCHQ feels very proud. Since September 11 2001, Cheltenham has conquered the internet. The great soup in which terrorists splash around has not proved beyond reach. An organisation with an annual budget of approximately £750 million has cracked an entity on which $3 trillion a year is spent. It is our biggest achievement in the field since Bletchley Park — indeed, in volume terms, infinitely bigger. This makes GCHQ of truly global importance — we are talking, after all, about the World Wide Web.
Time for GCHQ to come out of the shadows

I just find it unbelievable that anybody can think that this attitude is acceptable.

Categories: All, Politics, Security Issues

Russia leapfrogs China to become cyber enemy #1

January 27, 2014 Leave a comment

Have you noticed that Russia seems to be replacing China as America’s cyber enemy #1? Since this cannot possibly be in retaliation for Putin granting asylum, albeit temporary, to Edward Snowden; nor in response to Russia’s diplomacy throwing a late spanner in US plans to bomb Syria, it must all be true.

First, we have learnt, courtesy of life-long dove Mike Rogers, who wouldn’t bomb an ant if he could avoid it, that Snowden could only do what he did because of assistance from the Russian secret service. Then we learn that the Target breach was all the fault of a Russian teenager; and that “Energetic Bear is an adversary group with a nexus to the Russian Federation that conducts intelligence collection operations against a variety of global victims with a primary focus on the energy sector.” The implication is that since the Russian economy is largely reliant on the energy sector, it behoves the Russian government to indulge in a little cyber dalliance.

Energetic Bear’s modus operandi, incidentally, is the watering hole attack – which purely co-incidentally seems to be the method preferred by the Comment Crew (aka, according to Mandiant, the Chinese government). But we haven’t heard a vast amount of criticism directed at the Chinese just recently; in fact, au contraire. There is now a mutual love-in with the Chinese authorities and the FBI collaborating in taking down email hackers in the two countries.

Politics is a strange and ever-shifting thing. It makes friends of enemies and enemies of friends overnight, depending more on economics than on truth.

Categories: All, Politics, Security Issues

A strange tale of accidental surveillance

January 26, 2014 Leave a comment

I see that Krebs is reporting a story titled, Bug Exposes IP Cameras, Baby Monitors. He writes,

The issue came to light on the company’s support forum after camera experts discovered that the Web interface for many Foscam cameras can be accessed simply by pressing “OK” in the dialog box when prompted for a username and password.

It reminded me of a true, personal experience. Some years ago my young son had two action-man-like toys that could communicate with each other. One morning he turned them on – but instead of me talking to man #1 via man #2, we both heard a baby crying.

It was surprising, and not a little worrying, until we heard a second voice; the soothing tones of a young lady comforting the baby. We recognized that second voice as belonging to a neighbour with a new baby living on the other side of the street.

The neighbours were both police officers. The temptation to listen into this covert communications surveillance was just a little offset by the distressing nature of a baby crying (parents will know what I mean), and perhaps a degree of moral rectitude. Still, I must admit I have often wondered what I might have learnt about local policing and local villains had I not crossed the road and told our neighbours about their new baby monitor.

Categories: All, Security Issues

European Court invites the UK Government to explain the legality of GCHQ mass surveillance

January 26, 2014 Leave a comment

The law is a slow and laborious process, not to be attempted by the faint of heart nor weak of pocket. Back in October, having exhausted UK attempts at challenging GCHQ’s mass surveillance and cooperation with the NSA, Big Brother Watch, English PEN, The Open Rights Group and Dr Constanze Kurz lodged a complaint against the UK government with the European Court of Human Rights.

European Court of Human Rights

European Court of Human Rights

Morally it is a very simple issue: GCHQ (and thereby the UK government) has no right to engage in mass surveillance of telecommunications (the GCHQ Tempora programme), nor share that information with, nor receive surveillance intercepts from, the NSA. Legally it is far more complex.

Three months later, this complaint has passed its first hurdle: the European Court has not rejected the complaint and has moved to the next stage: it has invited the UK government to explain why it should reject it.

A letter to the complainants was sent by the European Court dated 9 January. It provides procedural information, notes that the court decided “to give priority to the application”, and says:

The Government have been requested to submit their observations by 2 May 2014. These will be sent to you in order that you may submit written observations in reply on behalf of the applicants, together with any claim for just satisfaction under Article 41 (cf. Rule 60)…

The Government have been requested to deal with the questions set out in the document appended to this letter…

That appended document provides an excellent overview of the issues at stake, from the complex legal rather than simple moral standpoint. It is well worth reading if you have any interest in or concern over (which we all should) the UK and US mass surveillance of innocent citizens.

It is an important first hurdle. It will take many months to be settled, even if it ever is. But it also, perhaps, throws extra light on the UK government’s increasingly bellicose attitude towards Europe, threatening to revoke the Human Rights Act and even withdraw from the European Union if it doesn’t succeed in renegotiating membership terms to its own liking.

Categories: All, Politics, Security Issues

Google, thy name is hypocrite

January 25, 2014 Leave a comment

Do no evil is best known today as a Google reference; but it occurs earlier in the Bible (2 Corinthians 13:7 King James):

Now I pray to God that ye do no evil; not that we should appear approved, but that ye should do that which is honest, though we be as reprobates.

Do as you would be done by is an immediately recognisable biblical reference (Matthew 7:12 King James):

Therefore all things whatsoever ye would that men should do to you, do ye even so to them: for this is the law and the prophets.

Google has claimed the former, but ignores the latter.

It recently removed two extensions from its Chrome webstore: Add to Feedly and Tweet this Page. This was a good thing. Although the extensions originally did what’s described on the tin, they had been bought by advertising companies of the worst sort. Those advertising companies subsequently slipped in, via automatic updates, adware engines.

Automatic updates are a double-edged sword. In the hands of a supplier you trust they can be a tremendous boon — security patches and software improvements just happen. But in the hands of a dubious firm, automatic updates are a troublesome problem. They can, and in the case of these two extensions, did covertly install all manner of things.

To get round the problem Google has changed its terms of service. In future, extensions will need to be clearly defined — the new terms state that extensions must have “a single purpose,” and be “narrow and easy-to-understand”. Adding a new function secretly, such as adware, clearly breaches these rules.

Google invoked these rules to remove the extensions. In general, however, the company says the new terms won’t be enforced widely until the summer. That implies there will then be some form of enforcement methodology — extension auditing, for example.

Again, this is a good thing. Google is saying that its users should know what the software they use actually does, and it should be easily understood, and their privacy should not be abused.

Which is more or less what the European Union is saying to Google itself. Two European data protection regulators (France and Spain) have already fined the company the maximum possible for breaking privacy laws. Four others (Germany, Italy, The Netherlands and the UK) have agreed that the privacy laws have been broken. Germany, Italy and The Netherlands are expected to levy fines. The UK is more likely to discover some weasel way to avoid fining Google (because of the UK’s traditional thrall to big business), but nevertheless holds Google in breach of the law.

The issue is Google’s privacy policy. It is deemed to be confusing, obscure, and lacking in the means for users to understand or control Google’s use of their personal data. In other words, it is neither of a single purpose nor simple and easy to understand. “Google spins an invisible web of our personal data, without our consent. And that is forbidden by law,” says Jacob Kohnstamm, chairman of the Dutch Data Protection Authority.

Google is doing unto Europe what it won’t allow its app providers to do unto Google: confuse, break the rules and dissemble. It is clearly hoping and expecting that its sheer size will prevent Europe smacking it in the same way it smacked those that disobeyed its own rules. Here’s hoping…

Categories: All, Security Issues

Europe – should we stay or should we go?

January 24, 2014 Leave a comment
UK or Europe – they are increasingly incompatible

UK or Europe – they are increasingly incompatible

I find myself conflicted over Europe. This is a new thing for me. For years I have been very clear: the United Kingdom, which has never had the opportunity to vote for membership of the Union (only a ‘common market’ or free trade area), should leave the European Union as soon as possible.

My reasoning is very simple. The European Union is undemocratic. Laws are created by the European Commission, which is an unelected and unaccountable body. This is just plain wrong. In fact, it is anathema.

In a word, I do not trust Europe.

The difficulty is that I now trust my own government even less.

This current Cameron government (and a Labour government would be just the same – in fact, was just the same under Brown and Blair before him):

  • is creating a central database of everybody’s health records, which it will then sell
  • wants to create a national DNA database, hiding it within the NHS since Europe has said it would be illegal for the police to create one, which it will then sell
  • still supports massive bonuses to the bankers who damn near destroyed society, and may yet still be the root cause of civil wars in Europe
  • presides over and defends a lawless intelligence service that seems to think it is legal to tap the internet’s fibre communications cables
  • introduces internet censorship for everyone through the guise of a ‘porn filter’
  • is working hard to scuttle the EU General Data Protection Regulation, which would be wonderful for the people, but awkward for big business
  • wants to make it a requirement for the ISPs to keep everyone’s communications data, and then make it available on demand to law enforcement (and others) without judicial oversight
  • etcetera, etcetera, etcetera, etcetera, etcetera

In short, while I distrust the European Union, I actually fear the UK government. And this is my problem: an undemocratic body is now the greatest hope I have to protect my historical freedoms from my own elected government.

Categories: All, Politics, Security Issues

The Prophecies of Nostradamus Corrons

January 20, 2014 Leave a comment

How’s this for prescience? Back in 2010, four whole years ago, PandaLabs‘ technical director Luis Corrons told me:

Everything is connected to everything else, and it’s all connected to the internet. I don’t know that we’re going to install anti-virus for the fridge, but who knows? If there are enough fridges connected to the internet, fridge malware will no doubt follow suit.

And this week’s big news? Well, this from Proofpoint:

The global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.

Next week Mr Corrons plans to walk from Tarifa to Tangiers.

Categories: All, Security Issues