Tuesday, 6 August 2013

Bank of Scotland lands £75,000 fine for wrong number fax blunders

The Bank of Scotland has been slapped with a £75,000 fine for a series of fax blunders that saw customers’ account details sent to the wrong recipients on numerous occasions.
The Information Commissioner’s Office (ICO) fined the firm after the incidents which saw payslips, bank statements, account details and mortgage applications, all with customer names and address, sent to wrong numbers.
In total, 21 documents were sent to a third party organisation by mistake, while a further 10 misdirected faxes were sent to a member of the public. Both of the wrong numbers had one digit different from the intended recipient, which was a department within the bank that handled document uploading to internal systems.
The first incident was reported to the bank as far back as 2009. Despite this warning, the problems persisted and eventually the third party receiving the wrong faxes told the ICO, which began an investigation.
The outcome of the case was cited by head of enforcement at the ICO, Stephen Eckersley, as yet another example of shoddy data practices that are causing organisations to be hit by needless fines.
“To send a person’s financial records to the wrong fax number once is careless. To do so continually over a three-year period, despite being aware of the problem, is unforgiveable and in clear breach of the Data Protection Act,” Eckersley said.
“Let us not forget that this information would have been all a criminal would ever need to carry out identity fraud. Today’s penalty reflects the seriousness of this case."
A spokesperson for Lloyds Banking Group, the parent company of Bank of Scotland, acknowledged the errors and said the firm was reviewing its processes as a result.

"We apologise that, due to human error, a very small number of documents relating to 32 customers were unfortunately misdirected. This occurred over a period in which several million customer documents, using the same process, were correctly received," the firm said.

"No customer suffered any harm or detriment as a result of this error. We are continually reviewing our processes to ensure our customers' information remains safe."
The case is not the first time the ICO has issued fines for fax blunders. Earlier this year, NHS Trust Staffordshire was fined £55,000 when sensitive medical details were sent to a member of the public via fax when a staff member entered the wrong number.

Twitter UK boss promises anti-abuse action after troll's bomb threats

Twitter Logo
Twitter's UK general manager Tony Wang has promised to implement new anti-troll features following a series of bomb threats against several UK journalists.
Wang unveiled Twitter's plans to implement several new measures alongside an apology to the affected journalists in a tweet over the weekend.

The apology follows a wave of bomb threats targeting a number of prominent female journalists. Known victims include The Guardian's Hadley Freeman, The Independent's Grace Dent and Time's Catherine Mayer. Twitter said the messages proved the need for change in a public blog post.
"It comes down to this: people deserve to feel safe on Twitter. Over the past week, we've been listening to your feedback on how we can improve our service. You told us that we need to make our rules clearer, simplify our abuse reporting process, and promote the responsible use of Twitter. Today, we want to give an update on what we've done and what we're committing to do over the next few months," read the statement.
The new services include the addition of a button to report abuse. The button has already been added to Twitter's iOS app and is set to be rolled out to Android and the central Twitter.com site "soon".
Other key additions include a new partnership with the UK Safer Internet Centre and amendments to Twitter's definition of abusive behaviour. Twitter also promised to implement a number of other undisclosed anti-abuse measures in the near future.
"We are committed to making Twitter a safe place for our users. We are adding additional staff to the teams that handle abuse reports and are exploring new ways of using technology to improve everyone's experience on Twitter. We're here, and we're listening to you," added the statement.
Twitter abuse has been an ongoing issue for several years. The service's anonymity has allowed numerous groups and individuals to mount ongoing hate campaigns and has already led to several police investigations.
Earlier in July feminist campaigner Caroline Criado-Perez was hit with a prolonged 12-hour barrage of rape threats via Twitter. The police subsequently confirmed the arrest of an unnamed 21-year-old man in the Manchester area on suspicion of harassment offences.

FBI child porn arrest in Ireland creates Tor web tracking concerns

Digital security padlock red image
An FBI child pornography sting on hidden web services provider Freedom Hosting has led to concerns the law enforcement agency is using websites hosted on Freedom Hosting's servers to track people using the anonymous Tor network.
Reports that Freedom Hosting sites had been hijacked to spread a malware designed to track Tor users' web movements emerged after news broke that the FBI had arrested Eric Eoin Marques for alleged involvement in the distribution of online child pornography. Marques is believed to have strong links with Freedom Hosting and to be a vocal member of the Tor community.
The reports claim the FBI used a vulnerability in Firefox 17, on which the Tor browser is based, to turn Freedom Hosting sites into malware spreading tracker tools. Tor is a free service designed to let people hide their internet activity. It does this by directing internet traffic through a volunteer network of more than 3,000 relays to conceal the user's location.
Tor has since published a statement confirming it is looking into the reports.
"The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of JavaScript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect users' computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We're investigating these bugs and will fix them if we can," read the Tor statement.
"As for now, one of multiple hidden service hosting companies appears to be down. There are lots of rumours and speculation as to what's happened. We're reading the same news and threads you are and don't have any insider information. We'll keep you updated as details become available."
Tor has since confirmed plans to publish a more thorough security advisory in the very near future.
At the time of publishing, the FBI had not responded to V3's request for comment on the rumours. However, Trend Micro security director Rik Ferguson confirmed there is evidence to suggest a breach occurred to allow tracking.
"Obviously we have to wait for more details to be made public in legal proceedings, but for now the weight of evidence in the hows and whys seems to indicate that a previously unknown vulnerability in Firefox 17 may have been used by law enforcement to identify people visiting certain hidden services as one part of the operation, and of course enough evidence has also been gathered to allow the arrest of Mr Marques in Ireland, suspected of running this hosting service," Ferguson said.
"All the malicious code did was to make a victim machine, which was visiting one of the compromised hidden sites, request a web site on the ‘visible' web, via HTTP, thereby exposing its real IP address. As the exploit did not deliver any malicious code, it is highly unlikely that this was a cybercriminal operation."
F-Secure security analyst Sean Sullivan added that Freedom Hosting is not the first Tor node to be taken down and will be of little consequence to most people using the anonymising web tool.
"Even as far back as 2007, there were examples that poisoned exit nodes could be used to track/capture non-encrypted traffic. Fortunately, activists most often want to communicate, and so can encrypt. Those who want to 'browse' the web - that's a leaky proposition," Sullivan said.
"For the average citizen - encryption is probably the key thing to pursue. If an average Joe wants to help human rights activists, they might best consider hosting a Tor node. But as far as using Tor for browsing? I wouldn't bother."
Web anonymity has been a growing political concern for several years now, with numerous human rights groups claiming European citizens should have the right to be forgotten.
The debate around anonymous browsing reached new heights this summer, when it was revealed the NSA was holding vast amounts of information on web users as a part of its notorious PRISM campaign.

Apple offers trade-in deal for USB chargers following iPhone user's death

iOS 7 will be available on the iPhone 5
Apple is offering customers a trade-in deal following reports that third-party iPhone chargers have been connected to user injuries.
The company is allowing customers to swap third-party chargers for certified Apple models at a discount, after a woman in China was electrocuted and killed while using a third-party USB power charger with her iPhone handset.
Apple said that the recall will start on 16 August and will cover both Apple-branded stores and licenced third-party service providers.
“If you need a replacement adapter to charge your iPhone, iPad, or iPod, we recommend getting an Apple USB power adapter,” Apple said in a company statement on the matter.
“For a limited time, you can purchase one Apple USB power adapter at a special price – $10 USD or approximate equivalent in local currency.”
The recall comes as Apple is believed to be readying the next version of its iPhone handset. Dubbed the iPhone 5C, the handset could be one of multiple iPhone models aimed at a wider consumer market ranging from entry-level to premium handset customers.
USB chargers have also fallen under scrutiny from users following the release of research on the security of USB connections. A group of researchers at Georgia Institute of Technology were able to develop a prototype device, which took advantage of the iPhone's USB connections to take control of the device and remotely install and hide malware on a targeted system.
Though the issue is fixed with the iOS 7 update, analysts have been critical of the security policies of Apple and other mobile vendors.

Chinese Comfoo Malware Hit Australia

Security researchers have uncovered hacking tools used by, what they say are, China’s second most-active cyber attackers to spy on companies and governments in the Asia-Pacific region.
Targeted attacks, by nature, are low in volume and therefore go unnoticed, but for the victim they can be just as costly as a widespread malware threat.
Comfoo, a stealthy information-stealing malware used in a high-profile attack in 2010 that hit Australian businesses, fits that bill, Dell security researchers say.
Hackers in 2010 employed simple but effective phishing emails that were sent to low-level staff at RSA, the security arm of storage giant EMC. Using remote-access malware known as Poison Ivy, the attackers gained access to data that is believed to have compromised the widely used SecurID two-factor authentication system used by many Australian enterprise and government customers.
Poison Ivy was the main focus of initial reports about the attack, but Comfoo slipped through the cracks, says Don Jackson, senior security researcher at Dell Secure Works.
‘‘[Comfoo] was one of the tools that was used in the RSA breach, but it wasn’t named ... We found it was another backdoor with similar capabilities to Poison Ivy, but it was used by a group we call the Beijing Group,’’ Mr Jackson told IT Pro.
The company on Friday released a cache of data or ‘‘indicators’’, such as domain names and IP addresses, that organisations can use to determine whether a threat lies on their corporate network.
The group behind Comfoo, whom Mr Jackson calls ‘‘the Beijing group’’, is on par with ‘‘APT1’’, the notorious Chinese hacking crew fingered in a recent report by US security firm Mandiant. APT refers to ‘‘advanced persistent threat’’, a class of attacker that typically hunts for intellectual property and strives to maintain a silent, persistent presence on the target’s network.
“If you see an APT report in the last few years and it mentions APT1, the chances are that anything else in that report is being carried out by this Beijing group. Those two groups account for 90 percent or more of all the attacks that we track,” said Mr Jackson.
The Beijing group primarily used attacks for patched flaws in popular software like Adobe’s Acrobat and Reader PDF products, said Mr Jackson. As with financially motivated attackers though, the attackers are not necessarily interested in the unpatched flaws. Old flaws work, so long the target is familiar to the attacker. “[Attackers] do a lot of recon, for example, probing the [target’s] website or they’ve been at a conference and got contact information from the conference,” said Mr Jackson.
Surprisingly, even after the researchers alert companies to an infection on the network, some victims still fail to address the problem. According to Jackson, the time between an infection and when it is removed is between six moths to one year.
“We disclose to them who we are and what we’ve noticed, but we still have organisations that have not remediated this infection.
“One, they’re not our customers, so they don’t know who we are, and sometimes there’s a language barrier, and sometimes there’s a ‘if we don’t know about it, we can’t do anything about it.
“Usually, it’s more than a year that this very dangerous adversary has been on the network monitoring and or manipulating data to their liking and stealing whatever they want from the network for that long."

Dutch Hostings DNS Servers' Hijacked Serve Malware

On Monday, we reported that hundreds of websites – including the popular online electronics shop Conrad.nl  were redirecting their visitors to malware after the DNS servers of Dutch web hosting company Webstekker were somehow hijacked.
Researchers from security firm Fox-IT have analyzed the attack and determined that a total of three web hosts have been impacted.
Web hosting companies Digitalus and Virtual Dynamix (VDX) have also had their DNS servers compromised. All the websites that use the DNS servers of these organizations have been configured to serve malware.
In a statement published on Monday, Digitalus representatives said the attackers modified the domain registration systems from SIDN, the Foundation for Internet Domain Registration in the Netherlands, with external name servers.
VDX has also noted that its own name servers have not suffered any changes and blamed the incident on SIDN. The company is working with SIDN on trying to determine what happened.
For the time being, it’s uncertain how the attackers managed to gain access to SIDN’s domain registration systems.
Webstekker has also published a brief statement. The company hasn't provided many explanations. Instead, it has denied reports that its DNS servers redirected website visitors to malware.
As far as the malware is concerned, Fox-IT has published an analysis of the attack.
“Every website that was being requested responded with a blank ‘Under construction’ page with an iframe on it. The iframe was a host running the Blackhole Exploit Kit. While initially we assumed conrad.nl was compromised we found out that the DNS servers were giving back responses with the same IP every time:,” Fox-IT experts noted.
The exploit kit leveraged Java and PDF vulnerabilities to push a piece of malware which in turn downloaded a Tor-powered threat.
It's worth noting that, back in July, cybercriminals managed to compromise the systems of both SIDN and DNS.be, the organization that administers the .be (Belgium) top-level domains.

Iran to Host Int’l Cyber Police Conference

Iran will host a conference and a regional workshop on international cooperation and campaign against cyber crimes on August 13-14, a deputy police chief announced on Monday.
“Eight regional countries, representatives of Interpol and the UN Office on Drugs and Crime (UNODC) and Iran’s Cyber Police chief will take part in the conference,” Deputy Head of Iran’s Cyber Police (FATA) for International and Legal Affairs Colonel Hossein Ramezani said today.
He noted that the conference and the workshop are held to strengthen international cooperation on prosecuting cyber crimes and reinforce cyber space police forces of the neighboring countries.
In October, Iran's Deputy Police Chief Brigadier General Ahmad Reza Radan said that the country's Cyber Police unit has greatly improved its infrastructures and is able to discover and detect over 60% of cyber-related crimes.
"Right now, the Iranian Law Enforcement Police have made eye-catching progress in the field of cyber infrastructures," Radan said.
On January 23, 2011, Iran's Cyber Police started its work to prevent espionage and sabotage activities through the internet.
Iran's Deputy Police Chief Brigadier General Ahmad Reza Radan stated that the Cyber Police have been able to solve major cases since it was set up, and noted that it is now discovering 61% of cyber-related cases, which is an unprecedented figure compared with other countries.
The figure is 30% for China and 20% for the US, Radan said.
Head of the Information Production and Exchange Department of the Law Enforcement Police General Seyed Kamal Hadianfar said in January 2011 that “the Cyber Police can prevent espionage and sabotage in Information Technology (IT) tools”.
Hadianfar reiterated that IT tools play an undeniable role in political, security, economic, trade, ethical and religious rivalries at the national and international levels.

Election Hack Stealing Votes the Cyber Way

A 22-year-old candidate for student council president at California State University, San Marcos hoped to guarantee victory by rigging the election through cyber fraud, but he ended up winning a year in prison instead.
Matthew Weaver used small electronic devices called keyloggers to steal the passwords and identities of nearly 750 fellow students. Then he cast votes for himself—and some of his friends on the ballot—using the stolen names. He was caught during the final hour of the election in March 2012 when network administrators noticed unusual voting activity associated with a single computer on campus. A Cal State police officer sent to investigate found Weaver working at that machine. He had cast more than 600 votes for himself using the stolen identities.
“Some people wanted to paint this as a college prank gone bad, but he took the identities of almost 750 people, and that’s a serious thing,” said Special Agent Charles Chabalko, who worked the investigation out of our San Diego Division after being contacted by Cal State authorities. “He had access to these students’ e-mails, financial information, and their social networks. He had access to everything.”
Weaver installed keyloggers—inexpensive devices easily purchased on the Internet—on 19 different campus computers. Those who used the machines were unaware that Weaver could later retrieve every keystroke they made, enabling him to obtain their usernames and passwords and then gain access to all their information.
When cyber investigator Chabalko and his partner, Special Agent Nick Arico, analyzed Weaver’s laptop after his arrest, they found a spreadsheet that included the names of all the people whose identities he had stolen. “He kept a detailed accounting,” Chabalko said.
And that’s not all investigators found. Weaver had made online searches that included topics such as “jail time for keylogger” and “how to rig an election.”
“He knew what he did was wrong,” Chabalko said. “And even after he was caught, he didn’t want to own up to what he did. He tried to cover up his actions and blame his crime on other students.”
The evidence against Weaver was overwhelming, however, and he pled guilty in March 2013 to identity theft, wire fraud, and unauthorized access of a computer. At his sentencing last month, the federal judge who sent Weaver to prison noted that Weaver trying to frame others for his crime is “the phenomenal misjudgment I just can’t get around. That’s what bothers me more than the original rigging of the election.”
The investigators agreed, noting that while it was wrong for Weaver to try and steal the election, “what we were really concerned about was the privacy of those students whose identities he stole,” Chabalko said. Prosecutors from the U.S. Attorney’s Office felt the same way, writing in their sentencing memorandum, “Weaver determinedly and repeatedly spied on his classmates, stole their passwords, read their secrets, and usurped their votes—and he did it with his eyes wide open.”
Weaver has a restitution hearing set for August 12, at which time the judge will hear evidence regarding the losses incurred by his victims. While the court has yet to be determine those losses, Weaver and his friends on the ballot would have collected $36,000 in stipends and controlled a student budget of $300,000 if his vote-rigging plan had succeeded.

Chinese Cyber Army was caught on HoneyPot Water Plant Attack

A Chinese hacking group accused this February of being tied to the Chinese army was caught last December infiltrating a decoy water control system for a U.S. municipality, a researcher revealed on Wednesday.
The group, known as APT1, was caught by a research project that provides the most significant proof yet that people are actively trying to exploit the vulnerabilities in industrial control systems. Many of these systems are connected to the Internet to allow remote access. APT1, also known as Comment Crew, was lured by a dummy control system set up by Kyle Wilhoit, a researcher with security company Trend Micro, who gave a talk on his findings at the Black Hat conference in Las Vegas.
The attack began in December 2012, says Wilhoit, when a Word document hiding malicious software was used to gain full access to his U.S.-based decoy system, or “honeypot.” The malware used, and other characteristics, were unique to APT1, which security company Mandiant has claimed operates as part of China’s army.
“You would think that Comment Crew wouldn’t come after a local water authority,” Wilhoit told MIT Technology Review, but the group clearly didn’t attack the honeypot by accident while seeking another target. “I actually watched the attacker interface with the machine,” says Wilhoit. “It was 100 percent clear they knew what they were doing.”
Wilhoit went on to show evidence that other hacking groups besides APT1 intentionally seek out and compromise water plant systems. Between March and June this year, 12 honeypots deployed across eight different countries attracted 74 intentional attacks, 10 of which were sophisticated enough to wrest complete control of the dummy control system.
Cloud software was used to create realistic Web-based login and configuration screens for local water plants seemingly based in Ireland, Russia, Singapore, China, Japan, Australia, Brazil, and the U.S. If a person got beyond the initial access screens, they found control panels and systems for controlling the hardware of water plant systems.
None of the attacks displayed a particularly high level of sophistication, says Wilhoit, but the attackers were clearly well versed in the all-too easily compromised workings of industrial control systems. Four of the attacks displayed a high level of knowledge about industrial systems, using techniques to meddle with a specific communication protocol used to control industrial hardware.
Wilhoit used a tool called the Browser Exploitation Framework, or BeEF, to gain access to his attackers’ systems and get precise data on their location. He was able to access data from their Wi-Fi cards to triangulate their location.
The 74 attacks on the honeypots came from 16 different countries. Most of the noncritical attacks, 67 percent, originated in Russia, and a handful came from the U.S. About half the critical attacks originated in China, and the rest came from Germany, U.K., France, Palestine, and Japan.
The results lead Wilhoit to conclude that water plants, and likely other facilities, around the world are being successfully compromised and taken control of by outside attackers, even if no major attack has been staged. “These attacks are happening and the engineers likely don’t know,” he told MIT Technology Review.
Wilhoit previously published the first research that proved some people were actively trawling the Internet with the intention of compromising industrial control systems. He now plans to put honeypots inside real industrial facilities to attempt to capture details of targeted attacks.
Joe Weiss, managing partner at Applied Control Solutions and an expert in industrial control system security, told MIT Technology Review that he hoped Wilhoit’s findings can convince industrial control system owners and operators to take the threat of attacks more seriously. “The community needs to know there are people explicitly targeting these systems,” said Weiss. “I hope people can understand how valid and real it is, what he’s finding.”

NSA Cyber Experts Helped Belgian military intelligence GISS Defence Cyber Incidents

Interview with General Eddy Testelmans, head military intelligence GISS.
American cyber experts have linked the Belgian military intelligence GISS helped early 2013 in a serious cyber incident. To the NSA This confirms Testelmans General Eddy, head of GISS, in an exclusive interview with MO *. Testelmans light a corner of the veil on the self-capacitance of defense to intercept. Abroad communication
According to Defence Minister Pieter De Crem hackers regularly focus their sights on the information systems of the Belgian army. It is up to the military intelligence to investigate and respond to cyber attacks. MO * learned on good authority that the GISS around the turn itself was the target of a major cyber incident.
Is it true that the GISS network had to be shut down even a few weeks and that the National Security Agency (NSA) is to intervene? What exactly happened?
Testelmans : Internally, the GISS a highly secure electronic network to exchange classified documents. In addition there is a second network to communicate non-classified information between employees and to communicate. With the outside world, That QET.be network (qet GISS refers to the motto " Quaero et tego "I study and protect, kc ) is linked to the Internet.
Average every two years we do a major maintenance of the latter network: software remove or update; increase storage capacity, home, garden and kitchen viruses remove ... Because it anyway is calmer in the Christmas period, we are then with the scheduled maintenance started.
During our maintenance technicians came across a software that we did not install yourself. It was a virus of some complexity. We are self started to decipher and analyze, to know what it would cause. However, it was so complex that we do not quite uitraakten with our own capacity. Then we have requested support for the Cyber ​​Command of the U.S. Army, that just as the NSA is headed by General Keith Alexander.
The bilateral relations between Belgium and the U.S. are very good, the Americans have therefore to think. Ask for help on our long After a few days, a team of American specialists came through here to assist. Us with advice and assistance They help analyze the virus and gave tips to us better in the future against such malware protection.
What did the virus exactly? Has done much damage to the GISS?
Testelmans: I can not say anything about. Also about the origin I can lose anything.
Was it an individual hacker, a specialized company or the secret service of a foreign power?
Testelmans: Given the complexity of the virus, we assume that a professional organization behind Sat.
Are you sure the Americans have installed to access your systems? Itself no access loophole during the work
Testelmans: Yes. Before the work started, we have made ​​clear agreements about who would get to the network. Our experts were still present. It happened very correct.
The Belgian Army Cyber ​​Command and the NSA need?
Testelmans: specic In this case, we are glad that we could do on a larger brother called.
Why did you U.S. intelligence to help and not, say, a European partner, the German Federal Office for Information Security Technology (BSI) for example?
Testelmans: We work within the NATO context. And we chose to knock at the global cyber specialists. And these are simply the Cyber ​​Command and the NSA. Moreover, we have a very good relationship with them, open and professional, in both directions. This fact proves that in the domain of cybersecurity multinational collaboration of immense importance.
Visit to the NSA
Minister De Crem said about that on 9 July in the House that the GISS 'under very specific cases also exchange information with the NSA, on issues that pose a threat to the Belgian State or citizens. "
Testelmans: The information that the NSA picks it up, through various channels to Belgium through: the CIA, the FBI and the Defense Intelligence Agency (DIA). When it comes to operations abroad which we participate, it happens that information exchange in the theater with the DIA. Wanner it comes to Belgian territory, it's usually through the CIA working with information from the NSA. In the fight against extremism and terrorism, it is clear that the information the NSA is more relevant to the State Security than for us, except for military operations abroad Afghanistan for example.
Have you ever direct contact with the NSA?
Testelmans: It is. In the domain SIGINT (SIGINT stands for signals intelligence , ck ) come several times a year experts together to talk about technology and to exchange information. That's really high tech . We also have contacts in the field of cyber security, with their Central Security Service, which is responsible for the security of networks and information.
A few weeks ago I have been down in Fort Meade, the headquarters of the Cyber ​​Command and the NSA in Maryland near Washington itself. They are huge buildings, with capacities that we only dream of. The Cyber ​​Command employs about six thousand people.
What are you going to do there?
Testelmans: I wanted to know how the United States organized at national level in the field of cyber security. How do they do that? The Defense protects itself? How do they protect national critical infrastructures? How is the economic and scientific potential secured? Since we are also thinking about it. And instead of the hot water to find out you can learn more from others. It is always good to see the ultimate and then you can try to translate to your own level. I have indeed been in that context in the Netherlands and Switzerland and we have also studied the German example.
"NSA has three attacks occur in Belgium '
Do you also meet in Fort Meade General Keith Alexander, the big boss of the NSA?
Testelmans: In Fort Meade, I met the Deputy of General Alexander. General Alexander himself I met later in another forum.
Have you talked about Prism, the secret spy programs that Edward Snowden has unveiled?
Testelmans: Only informally. The deputy told that General Alexander in due time his colleagues would inform Prism what is and is not, to overcome. Necessary misunderstandings That has now happened. We have for example the speaking notes received from the hearing with General Alexander in mid-June in the U.S. Congress. We also receive regular progress-they are relatively open about it. In his speech to parliament Alexander explained how many terrorist attacks the NSA has been able to defeat. Not only in the U.S. but also in partner countries such as Belgium.
And is that information? Has the NSA indeed help prevent attacks here
Testelmans: Yes. In three cases, there is indeed a possible terrorist act foiled based on information which we may assume that it comes directly from the PRISM system, and that is our concern. Classified through channels If the NSA had not played that info we had not known. In this connection, to reflect on whether it is sufficiently armed for the fight against terrorism, against serious cross-border crime and the proliferation of weapons of mass destruction.
In one of "It's not because the Belgian army is not present in Syria, that we can be in what is happening in Syria. uninterested" that three cases involved the infamous New Year alarm 2007. And the other two?
Testelmans: The details I can not give. But I can say that Belgium is likely remained. Heavy incidents contraceptives
Have you-like-Germany itself also access Prism?
Testelmans: Yes. So how it works: donnant-donnant . If we have important information about things that could harm U.S. interests and vital may be, we share that out.
Belgium also intercepted communications abroad
The GISS does also SIGINT itself: you yourself also intercept communications. Who are the targets?
Testelmans: We only intercept communications abroad and from abroad. We do this in support of our military operations abroad. You should know that our SIGINT operations are controlled by the very rigid Committee I. They meet regularly-unannounced-look at what we do we onderscheppen.Bovendien just what our a priori allowed to do. By the Minister of Defence
Once a year the Minister approves a list well with SIGINT targets: countries, organizations, individuals and political movements that are important in support of military operations and our national interests. The list is directly related to the information control plan that we have to submit annually to the Minister for approval and which is also transmitted to the Committee. I The system is very flexible: if Syria suddenly pops up, then there is a rapid procedure to adjust the Chief of Defense and the Secretary of Defense the list. That goes very smoothly.
What do you mean with "support our national interests?
Testelmans: Our SIGINT capabilities we can also State Security, the Federal Prosecutor or the Federal Police support-each welt understood abroad. It is not because the Belgian army is not present in Syria, we can not be what is happening in Syria interested.
How does it work? How do you intercept the communication?
Testelmans: Specific SIGINT interception means are used to intercept that affect our goals. That intercepted data is processed and passed on to various services such as our forces abroad, our partner but also the Federal Prosecutor's Office and the State Security. Everyone will understand that the technology used, the precise localization should continue to avoid the goals that we follow would be suspicious. Secret abroad and our working methods
The GISS has about 650 employees. How many of them are working with SIGINT?
Testelmans: Given the sensitivity of this data you will understand that ikdaar also can not say anything about it.
Since the adoption of the BIM-law in 2010 you may, like the State Security, apply so-called special intelligence methods, such as phone tapping and email interception. Wherein lies the difference with the SIGINT missions that the GISS years already performed?
Testelmans: The BIM-law applies to the national territory, our SIGINT activities are focused on overseas.
How does the GISS with the EU Satellite Centre in Torrejon near Madrid?
Testelmans: That is another story, as they relate to imagery , imaging satellites that take pictures. Google Earth, but more sophisticated. We are part of the Helios consortium, led by France, and where Germany, Greece, Spain and Italy are part of. Since Belgium has invested in it, we are entitled to a certain guaranteed capacity.
And the GISS ask satellite photos of ...
Testelmans: ... for example, Goma, Lubumbashi, the situation in Tripoli, certain port facilities ...
Lack of cybersecurity
The Council of Ministers approved the beginning of July the purchase of a Modern Computer System (MIS) accounted for 4 million euros. For some new material that will serve?
Testelmans: It will allow us to make in the field of storing, processing, analyzing and processing of information and a great leap forward. It makes little sense for a service like ours to have huge collection performance-funding should there be then analyzing the information service can not handle. This info-flux is exponentially greater, you need IT resources that they bring about. Otherwise get our analysts have not ordered more information.
How is within the GISS responded to the Snowden-leaks?
Testelmans: With a degree of disbelief: how can such a large and efficient organization with many resources and controls to have such a leak? It will just happen. The conclusion is: it does not matter how much money you invest in the physical security of your systems, data logging, recording ... the individual is and remains the essential link in the domain of security. The insider threat you will never be able to stop, although you have to adjust your system. The fact is that despite its low grade Edward Snowden had access to a vast amount of information. Same story at Bradley Manning (U.S. soldier data leaked to Wikileaks, kc ).
And what was the reaction to the content of the Snowden-leak, the fact that the NSA runs a gigantic worldwide surveillance network?
Testelmans: If you read the speech of General Alexander to the U.S. Congress, then you understand that the NSA probably could. But they do it? As in Belgium, there is also a strong parliamentary control over what do the security services in the United States. Despite the fact that the NSA is great, I think no one is able to listen in to the world and to intercept all text messages and emails and analyze. The capacity for this may already exist, then you must also handle all the data. For this you need people and just that capacity is limited. The NSA is in their own words constantly working on several hundred cases.
In a study of the Belgian Intelligence Studies Centre in November 2011 Pascal Petry, security adviser to Prime Minister Di Rupo, announced the creation of a coordination around cybersecurity. That would be established in 2013. How's that?
Testelmans: In December 2012, without the operational part of the government's national cybersecurity strategy, however-approved. Question is who will control the system and pay? The Prime Minister, the Board for Information and Safety instructions to from strategy to determine which are Belgium cybersecurity should set up the structure. That college is thinking about who should take the lead. Defence was asked to take it on themselves but I think the example BELNIS platform (Belgian Network on Information Security, kc ) better placed to Belgium to take the lead. itself
Also consulting company X can be taken under the arm. The key question is: who will pay for what? After all, there's a hefty price tag attached to it. Self defense is now working on the development and implementation of the cyber security strategy for Defence.