Friday, 19 July 2013

PRISM: Microsoft, Apple, Google write to Obama and NSA demanding data transparency

Top secret envelope
Apple, Facebook, Microsoft, Twitter, Yahoo and 17 other technology giants have sent a letter to  the NSA, attorney general Eric Holder and president Barack Obama, and numerous other recipients, demanding transparency from the US government over user data requests.
They have also set up an online petition for members of the public to show their support. The letter was also signed by a number of non-profit organisations and trade associations including Human Rights Watch, Electronic Frontier Foundation and Wikimedia Foundation.
The corporations said publishing user data on request should be treated in the same way as other investigations, and insisted that the government take responsibility for the respect of civil liberties.
The letter listed key information that it argued companies should be allowed to publish:
  • "The number of government requests for information about their users made under specific legal authorities.
  • The number of individuals, accounts, or devices for which information was requested under each authority.
  • The number of requests under each authority that sought communications content, basic subscriber information, and/or other information."
In addition, the group said that the US government should publish its own reports detailing which companies it has been requesting information from, and how much information it has asked for.
The companies said that in order to allow the technology industry to continue to prosper, the suggested steps had to be taken.
"Just as the United States has long been an innovator when it comes to the internet and products and services that rely upon the internet, so too should it be an innovator when it comes to creating mechanisms to ensure that government is transparent, accountable, and respectful of civil liberties and human rights," the letter said.
On Tuesday, Yahoo won the right to reveal data requests after a court battle, with Microsoft pushing for further transparency with an in-depth blog post on its stance. Microsoft has been hit especially hard by the PRISM surveillance allegations leaked by NSA whistleblower Edward Snowden, with repeated claims of "blanket access" to Microsoft services having to be denied by the company.

Cyber criminals pose as Soca in latest ransomware threat


Skull and cross bone key represents growing problem of online piracy
Criminals are mounting a new ransomware scam, which locks computers to display a message claiming to come from the UK Serious Organised Crime Agency (Soca) demanding payment to unlock it.
Soca issued a statement alerting web users to the scam, saying that the agency will never request money from the general public.
"SOCA is aware that its name and brand have been used by criminals attempting to defraud members of the public. Computer users find that their screens are locked, and at the same time they receive a message purporting to be from Soca which states that their computer screen will only be unlocked if they pay a fine," read the statement.
"In reality, the computer has been infected with malicious software (malware), disseminated by cyber criminals for financial gain. Soca will never contact members of the public and demand money in this way. Anyone contacted in this manner should never pay any money, and should seek immediate advice on removing the malware from reputable computer specialists."
Soca said the ramsonware is one of many active scams that masquerade as legitimate warnings from law enforcement agencies. "Similar versions of the malware, often claiming to be from other law enforcement bodies or private companies, are also in circulation. Anyone who thinks they have fallen victim to this, or any other form of fraud, are advised to report it to Action Fraud."
Prior to the warning a ransomware pretending to stem from the US FBI appeared targeting Mac OSX users. Earlier still a separate scam displayed messages claiming to come from London's Metropolitan Police.
Security experts have said the marked increase in ransomware is due to the its high success rate, with security vendor Symantec claiming the scams are earning criminals as much as $33,000 per day at the end of 2012. Despite their high success rate, law enforcement has had some success taking down the ransomware criminal rings. In February Spanish police reported taking down the criminal gang behind the infamous Reveton ransomware.

Researchers warn of WordPress data leak flaw

WordPress logo
A vulnerability in the way blogging platform WordPress manages uploaded media files could put users at risk of data leaks, say researchers.
A report from security firm White Hat claims that the blogging service may not properly protect media files from prying eyes the same way it guards blog text.
According to White Hat Security technical evangelist Robert Hansen, the flaw leaves users vulnerable because of the way Wordpress assigns URLs. The system, says Hansen, is easy enough to guess that an attacker could potentially root out media files and attachments meant for posts which have yet to go live or be approved.
“The problem is that because the timing between the media and the blog post isn’t identical you can end up in a race condition with the content,” Hansen explained.
“For instance, let’s say you run a publicly traded company and you are about to release your earnings report on your blog. You may upload a PDF of the earnings report a day or multiple days in advance to make sure everything is perfect and ready to go when you announce.”
The company said that overall, the severity of the vulnerability is low. Aside from data leakage, there is no indication that the flaw could be leveraged for more severe attacks, such as account theft or code injection.
Because the Wordpress platform is used to power millions of blogs, it has become a prime target for attackers looking to compromise sites and exploit web pages for use as embedded attack platforms or other malicious activity.
Earlier this year, researchers uncovered a large-scale cybercrime operation which had managed to compromise thousands of WordPress accounts through dictionary-combing 'brute force' attacks that automate the process of guessing passwords.

FTC cracks down on 'free iPhone' spamming campaign

FTC Logo
The US Federal Trade Commission (FTC) is hitting out at individuals accused of running spam campaigns advertising free product offers.
The commission said that it had agreed to a settlement with a man who is said to have sent out some 20 million such spam messages to mobile users.
According to the FTC, Henry Nolan Kelly was said to have sent deceptive messages advertising free iPhone and iPad units to recipients along with links to third-party sites. Users who followed those links were taken to sites which the FTC claims were then asked to subscribe to premium services or provide personal information.
The settlement will block Kelly form carrying out any further spam campaigns or deceptive text marketing operations. A further cash penalty against Kelly was suspended.
The settlement is the latest in an ongoing effort by the FTC to crack down on spam marketing and misleading advertising campaigns. The Commission has long sought out cases against marketers who rely on unwanted or potentially fraudulent messages in order to advertise their businesses.
Recent spammer takedowns have resulted in settlements against individuals said to have been responsible for sending hundreds of thousands of unwanted messages to users.
Other cases include busts on 'cramming' operations that seek to sign mobile users up for premium services without their knowledge and complaints aimed at shutting down phony news sites designed to spread misleading information about diet products.

Oracle addresses 89 security flaws in July update


Oracle logo
Oracle has released a set of security updates for multiple products and platforms.
The company said that the July update includes some 89 fixes for various products throughout its enterprise software lines.
Among the fixes will be six updates for security flaws in the Oracle Database Server platform. The update will address flaws including an update to a flaw in the Oracle Net component which could be remotely exploited without authentication.
The company also released updates for more than 20 flaws in its Fusion Middleware platform, including some 16 vulnerabilities which would allow for remote exploitation without the need for prior authentication.
Other updates included 16 fixes for vulnerabilities in the oracle Sun product line, including the Solaris, SPARC Enterprise M Server and Solaris Cluster lines.
Other platforms receiving security updates were Hyperion, Enterprise Manager and the oracle Applications E-Business Suite. The company also issued updates for MySQL Server and the Oracle Linux distribution. The Linux update includes patches to address a pair of remotely exploitable flaws in the Secure Global Desktop component.
The company is advising administrators and users to test and install the patches as soon as possible. Oracle noted that a number of the updates will be cumulative fixes and will address previous critical security flaws which may have been left unpatched.

Confronting Chinese Cyber Espionage


The U.S. and China opened high-level security and economic discussions last week in Washington, and critical cybersecurity concerns are on the agenda.
The Administration’s diplomatic efforts on cybersecurity, however, have so far failed to deter aggressive Chinese cyber attacks against the U.S. public and private sectors.
Over the past year, several reports have been released that outline the scope and scale of Chinese hacking against the U.S. government and private-sector companies. While this naming and shaming is the first step, more must be done to prevent the People’s Liberation Army (PLA) and other cyber entities from continuing their cyber attacks on the U.S. Indeed, without any real pushback from the U.S., the Chinese have no incentive to change their bad cyber behavior, and politely asking them to stop is unlikely to be effective.
Larry M. Wortzel an expert on the Chinese military, security, and politics testified recently that military entities in China are using advanced cyber-technology to conduct large-scale cyber-espionage against the U.S. The goal of these operations, he stated, is to gain strategic advantages and to infiltrate sensitive defense networks. As recent cyber attacks on Nortel and Lockheed Martin demonstrate, Beijing is able to take advantage of foreign information and innovation without the financial costs of research and development.
The ultimate goal for China, Wortzel testified, is to achieve the offensive capability to shut down U.S. ports and compromise critical infrastructure. This is a genuine threat to national security, as China has already demonstrated this ability: In 2011, NASA revealed that Chinese hackers were able to gain “full functional control” over one of its critical mission systems.
Before further damage is done, the Obama Administration and Congress should act to deter aggressive nations such as China through financial, legal, and travel sanctions.
To bolster the U.S.’s domestic cyber defenses, Congress should enact a framework for voluntary information sharing between the public and private sectors, which would enable cooperation and remove the legal ambiguities currently in place. It is important that such a framework protect well-meaning companies from regulatory or legal penalties. The government should also be compelled to share information and intelligence more quickly with the private sector.
The invasion of U.S. cyberspace provides China with economic and military advantages over the U.S. and, without a strong U.S. response, is unlikely to stop any time soon. Therefore, before the U.S. engages in hollow cybersecurity discussions with a bad actor such as China, the Administration and Congress should enact policies that increase the international costs of hacking and enhance U.S. cybersecurity efforts at home.

LogicalTech : Anonymous LinkedIn member not Proper Cyber Netiquette

LogicalTech Group Digital & Social Marketing Advisor in a press release said, If LinkedIn was a real-life networking event, how would you react if you saw these "Anonymous" LinkedIn members profiles?
Digital & Social Marketing advised; It is a proper LinkedIn member cyber netiquette to be yourself online because you are not always a LinkedIn "anonymous" and others users are real people too.
Do not try to be LinkedIn "Anonymous" online that you would not do in reality because you cannot be taken seriously if you do. Your online image is important. Don't ruin it by being someone "anonymous" you're not. You are who you are in life. Everyone has the power to change their ways.
Your ways are your own. If you don't like who you are, then change your ways and become who you want to be "Anonymous" LinkedIn Member - Who are you and why do you choose to be "Anonymous" on LinkedIn to some of us?
  1.  They could be a person on LinkedIn that simply does not know that is how they have their settings set up in the first place.
  2.  They could be a professional friend you used to work with that has a terrible LinkedIn profile and is just trying to see what it is like to have a better profile.
  3. They could be a person afraid to have a public profile because of fear of their employer seeing it and taking measures to make their life miserable. I am sure nobody has ever heard of this happening before.
  4. It could be a competitor of your managerial position just checking to see what you are up to- if that is the case take it as a compliment.
  5. It could be that employer checking out your profile to see if he or she fills the types of positions that they have openings in and if they could be of assistance to them.
  6. It could be someone looking for help with media & publicity interviewing or whatever your expertise & forte may be.

VoIP phone hackers pose public safety threat

Hospitals, 911 call centers and other public safety agencies can be shut down by hackers using denial-of-service attacks.
The demand stunned the hospital employee. She had picked up the emergency room's phone line, expecting to hear a dispatcher or a doctor. But instead, an unfamiliar male greeted her by name and then threatened to paralyze the hospital's phone service if she didn't pay him hundreds of dollars.
Shortly after the worker hung up on the caller, the ER's six phone lines went dead. For nearly two days in March, ambulances and patients' families calling the San Diego hospital heard nothing but busy signals.
The hospital had become a victim of an extortionist who, probably using not much more than a laptop and cheap software, had single-handedly generated enough calls to tie up the lines.
Distributed denial-of-service attacks — taking a website down by forcing thousands of compromised personal computers to simultaneously visit and overwhelm it — has been a favored choice of hackers since the advent of the Internet.
Now, scammers are inundating phone lines by exploiting vulnerabilities in the burgeoning VoIP, or Voice over Internet Protocol, telephone system.
The frequency of such attacks is alarming security experts and law enforcement officials, who say that while the tactic has mainly been the tool of scammers, it could easily be adopted by malicious hackers and terrorists to knock out crucial infrastructure such as hospitals and 911 call centers.
"I haven't seen this escalated to national security level yet, but it could if an attack happens during a major disaster or someone expires due to an attack," said Frank Artes, chief technology architect at information security firm NSS Labs and a cybercrime advisor for federal agencies.
The U.S. Department of Homeland Security declined to talk about the attacks but said in a statement that the department was working with "private and public sector partners to develop effective mitigation and security responses."
In the traditional phone system, carriers such as AT&T grant phone numbers to customers, creating a layer of accountability that can be traced. On the Web, a phone number isn't always attached to someone. That's allowed scammers to place unlimited anonymous calls to any land line or VoIP number.
They create a personal virtual phone network, typically either through hardware that splits up a land line or software that generates online numbers instantly. Some even infect cellphones of unsuspecting consumers with viruses, turning them into robo-dialers without the owners knowing that their devices have been hijacked. In all cases, a scammer has access to multiple U.S. numbers and can tell a computer to use them to dial a specific business.
Authorities say the line-flooding extortion scheme started in 2010 as phone scammers sought to improve on an old trick in which they pretend to be debt collectors. But the emerging bulls-eye on hospitals and other public safety lines has intensified efforts to track down the callers.
Since mid-February, the Internet Crime Complaint Center, a task force that includes the FBI, has received more than 100 reports about telephony denial-of-service attacks. Victims have paid $500 to $5,000 to bring an end to the attacks, often agreeing to transfer funds from their banks to the attackers' prepaid debit card accounts. The attackers then use the debit cards to withdraw cash from an ATM.
The hospital attack, confirmed by two independent sources familiar with it, was eventually stopped using a computer firewall filter. No one died, the sources said. But hospital staff found the lack of reliable phone service disturbing and frustrating, one source said. They requested anonymity because they were not authorized to talk about the incident.
But typical firewalls, which are designed to block calls from specific telephone numbers, are less effective against Internet calls because hackers can delete numbers and create new ones constantly. Phone traffic carried over the Internet surged 25% last year and now accounts for more than a third of all international voice traffic, according to market research firm TeleGeography.
To thwart phone-based attacks, federal officials recently began working with telecommunications companies to develop a caller identification system for the Web. Their efforts could quell more than just denial-of-service attacks.
They could block other thriving fraud, including the spoofing and swatting calls that have targeted many people, from senior citizens to celebrities such as Justin Bieber. In spoofing, a caller tricks people into picking up the phone when their caller ID shows a familiar number. In swatting, a caller manipulates the caller ID to appear as though a 911 call is coming from a celebrity's home.
Unclassified law enforcement documents posted online have vaguely identified some victims: a nursing home in Marquette, Wis., last November, a public safety agency and a manufacturer in Massachusetts in early 2013, a Louisiana emergency operations center in March, a Massachusetts medical center in April and a Boston hospital in May.
Wall Street firms, schools, media giants, insurance companies and customer service call centers have also temporarily lost phone service because of the attacks, according to telecommunications industry officials. Many of the victims want to remain anonymous out of fear of being attacked again or opening themselves up to lawsuits from customers.
The Marquette incident is noteworthy because when the business owner involved the Marquette County Sheriff's Department, the scammer bombarded one of the county's two 911 lines for 3 1/2 hours.
"The few people I've talked to about it have said that you just have to take it and that there's no way to stop this," Sheriff's Capt. Chris Kuhl said.
A Texas hospital network has been targeted several times this year, said its chief technology officer, who spoke on the condition of anonymity because the individual's employer has not discussed the attacks publicly. One of its nine hospitals lost phone service in a nurses unit for a day, preventing families from calling in to check on patients.
As the hospital searched for answers, it temporarily created a new number and turned to backup phone lines or cellphones for crucial communications. The chain eventually spent $20,000 per hospital to install a firewall-type device that is able to block calls from numbers associated with an attack.
For all the money spent on Internet security, companies often overlook protecting their telephones, Artes said.
"It's kind of embarrassing when a website goes down, but when you shut down emergency operations for a county or a city, that has a direct effect on their ability to respond," he said.
The Federal Communications Commission has begun huddling with phone carriers, equipment makers and other telecommunication firms to discuss ideas that would help stem the attacks. One possibility is attaching certificates, or a secret signature, to calls.
The FCC's chief technology officer, Henning Schulzrinne, acknowledged that though such a solution is probably a year or two away, it could put an end to most fraudulent calls.
But Jon Peterson, a consultant with network analytics firm Neustar, said such measures raise privacy worries. Some calls, such as one to a whistle-blower hotline or one originating from a homeless shelter, may need to remain anonymous. There won't be a single fix. But the goal is clear.
"The lack of secure attribution of origins of these calls is one of the key enablers of this attack," Peterson said. "We have to resolve this question of accountability for the present day and the future."

To prevent Another Snowden new NSA anti-leak measures two-man rule

The National Security Agency, which Snowden worked for as a Hawaii-based contractor, said it would lead the effort to isolate intelligence and implement a "two-man rule" for downloading - similar to procedures used to safeguard nuclear weapons.
"When are we taking countermeasures? ... The answer is now," Deputy Defense Secretary Ashton Carter told the Aspen Security Forum in Colorado.
NSA Director General Keith Alexander told the forum the two-man rule would apply to system administrators like Snowden and anyone with access to sensitive computer server rooms.
"You limit the numbers of people who can write to removable media," Alexander said. "Instead of allowing all systems administrators (to do it), you drop it down to a few and use a two-person rule."
"We'll close and lock server rooms so that it takes two people to get in there."
Carter partly blamed the security breach on the emphasis placed on intelligence-sharing after the wake of the September 11, 2001, attacks, which eventually allowed someone like Snowden to access so many documents at once.
"We normally compartmentalize information for a very good reason, so one person can't compromise a lot," Carter said. "Loading everything onto one server ... it's something we can't do. Because it creates too much information in one place."
Alexander said Snowden had been trusted with moving inside networks to make sure the right information was on the computer servers of the NSA in Hawaii.

HOW MUCH DID SNOWDEN STEAL?
Snowden fled to Hong Kong in May, a few weeks before publication in Britain's Guardian newspaper and the Washington Post of details he provided about secret U.S. government surveillance of Internet and phone traffic.
The disclosures by Snowden, who is wanted on espionage charges, have raised Americans' concerns about domestic spying and strained relations with some U.S. allies.
The 30-year-old American who has had his U.S. passport revoked, is stuck in the transit area of Moscow's Sheremetyevo airport and has applied for temporary asylum in Russia.
"A huge break in trust and confidence," Alexander said, adding that extremists, aware of the surveillance, were altering their behavior "and that's going to make our job tougher."
Alexander declined to say how many documents Snowden took, but when asked whether it was a lot, he said, "Yes."
Carter said the assessment was still being conducted, but "I can just tell you right now the damage was very substantial."
Senator Dianne Feinstein, who chairs the Senate Intelligence Committee, said last month that U.S. officials advised her that Snowden had roughly 200 classified documents.
But American officials and others familiar with Snowden's activities say they believe that at a minimum, he acquired tens of thousands of documents.
Asked whether U.S. officials had a good idea of what Snowden actually downloaded, as opposed to simply read, Alexander said, "We have good insights to that, yes."
Current and former U.S. officials said on condition of anonymity that while authorities now thought they knew which documents Snowden accessed, they were not yet entirely sure of all that he downloaded.
Snowden was adept at going into areas and then covering his tracks, which posed a challenge in trying to determine exactly what materials he had accessed, officials said.
Former and current U.S. officials told Reuters that a massive overhaul of the security measures governing such intelligence would be extremely expensive.
Alexander also said it would take time to implement across the Pentagon and the broader U.S. intelligence community. He also noted there were "15,000 enclaves," some of which are small.
"One of the things we can do is limit what people have access to at remote sites and we're doing both. So we're taking that on," he said.
Among U.S. allies, German Chancellor Angela Merkel is under pressure to toughen her stance on the U.S. program.
Alexander said the program had helped European allies including Germany, France and Denmark, without offering details. Asked about his reaction to German expressions of surprise, Alexander stated: "We don't tell them everything we do or how we do it. Now they know."

Different views about Snowden

Putin has a strong dislike for human rights activists as a class — and even more disdain for traitors, whom he recently called "swine."

When Edward Snowden, with the assistance of his curators in the Russian government, held his makeshift news conference last Friday in Sheremetyevo Airport's transit zone, it was no surprise that pro-Kremlin opinion makers dominated the short, invitation-only list of attendees. Among them were prominent lawyer and Public Chamber member Anatoly Kucherena, political analyst and State Duma Deputy Vyacheslav Nikonov and human rights ombudsmen Vladimir Lukin. Basking in the spotlight amid Snowden's sudden reappearance after nearly a month of being incognito in the airport's transit zone, they took full advantage of this PR opportunity, explaining to several hundred journalists on hand that Russia should offer Snowden political asylum because he is a refugee of U.S. repression.
"Snowden is not a criminal," Lukin said, "and deserves asylum status."
"He deserves protection," Kucherena said. "We need to defend him. I consider him a hero. … [The U.S. government] is persecuting him."
This kind of demagoguery is expected from Kremlin loyalists. But what was surprising and disheartening was that the Moscow-based directors of two respected global rights organizations, Human Rights Watch and Amnesty International, joined the chorus of support for Snowden's quest to receive political asylum. It was unsettling to see these organizations in full solidarity with Kremlin spin doctors. Indeed, the two groups make strange bedfellows, particularly considering that these NGOs have been victims of government harassment and a state-­sponsored smear campaign that depicts them as U.S.-paid agents.
These ardent Snowden supporters fail to understand a fundamental principle in asylum jurisprudence: Political asylum should be granted in cases of persecution, not prosecution. To qualify for asylum, Snowden must produce evidence that he is being persecuted based on his political opinion, race, religion, nationality or membership in a particular social group. These are United Nations and internationally recognized categories to determine the legitimacy of a person's asylum request. Asylum should not be granted to suspected criminals like Snowden who are simply trying to avoid a jail sentence in their home country.
A good example of a legitimate asylum seeker would be Leonid Razvozzhayev, an opposition leader who fled to Ukraine in October to escape political persecution in Russia. When Razvozzhayev tried to seek political asylum in the office of the United Nations High Commissioner for Refugees in Kiev, he was seized by masked men believed to be Russian intelligence agents, handcuffed and dragged back to Moscow, where he is still being held in pretrial detention on trumped-up charges of "plotting riots." In this case, both Amnesty International and ­Human Rights Watch were correct in protesting Razvozzhayev's kidnapping, detention and prosecution.
Most Snowden supporters in Russia agree that Snowden broke the law by leaking classified information but say there is a higher law — a moral law — that justifies his decision to expose massive surveillance by the National Security Agency that Americans and the entire world had a right to know about. His actions, the argument goes, amounted to civil disobedience in the spirit of U.S. civil rights leader Martin Luther King Jr.
But these Snowden advocates are missing two key differences: King, a Noble Peace Prize laureate, did not flee the U.S., and he worked within the democratic system to push for human rights legislation that addressed the immorality of existing segregation laws. Snowden, too, should have also worked within the U.S. legal system to declassify the NSA programs, thus subjecting them to larger public scrutiny, instead of engaging in criminal cyber-vigilantism.
Snowden claims to be a whistleblower, but he is far from one. Unlike real whistleblowers — such as Daniel Ellsberg, who leaked the Pentagon Papers in 1971 — Snowden did not reveal anything illegal in the NSA surveillance programs and thus cannot be protected under U.S. whistleblower laws. His sole position was that he was against the NSA surveillance programs and thought they should be declassified.
But Snowden's personal dislike of the NSA programs is not sufficient grounds to leak classified information. This is precisely why he is a criminal, not a whistleblower. According to Snowden's logic, a pedophile who doesn't like anti-pedophile laws would have the same self-anointed right to violate the law on the grounds that it also contradicts his or her personal values.
While pro-Kremlin spin doctors are having a heyday with Snowden's extended stay in Moscow and are enthusiastic about the opportunity to give him asylum, President Vladimir Putin remains highly unenthusiastic, to say the least, about Snowden's presence in the country for two main reasons.
First, Putin has a strong dislike for human rights activists as a class, especially those working in Russia. They hardly mix well with his vertical power structure. Putin may like activists more when they reveal rights abuses in the U.S., but having someone like Snowden living in Russia and becoming cozy with Russian-based rights groups, who have their own long laundry lists of abuses committed by Putin's regime, probably makes Putin a bit uneasy.
Last week, pro-Kremlin defense analyst Igor Korotchenko said in an interview with state-­controlled Rossia 24 television that if Snowden receives asylum in Russia, "he will have a fabulous opportunity to continue his human rights activities, including battling against the state's interference in private lives."
The problem, though, is that if Snowden were to turn his attention toward Russia's poor record on human rights, government transparency and privacy protection, Russia could easily get more than it bargained for with Snowden. After all, Putin's condition for giving Snowden political asylum was that he refrain from inflicting more damage on the United States. Putin said nothing about Russia.
This situation is complicated by the fact that Russian authorities are keen on expanding surveillance of Russians who use Google, YouTube, Skype and Facebook, the preferred site for organizing protests. These foreign companies, unlike Russian ones such as Yandex, are largely out of the reach of the Federal Security Service, or FSB, since their servers are located in the U.S. Thus, the Kremlin is trying to force these U.S.-based companies to give the FSB direct, unlimited access to their servers as a condition for them being able to operate in the country. Snowden, whose main mission was to fight the "U.S. surveillance state," would likely have trouble swallowing this exponentially larger surveillance state in Russia.
Given Snowden's apparent obsession with privacy rights and government transparency, Putin doesn't trust him. There is no guarantee that Snowden would remain silent about the FSB's widespread spying abuses, which make even the NSA's worst abuses look like child's play. (For example, the e-mails and telephone conversations of opposition leader Alexei Navalny, who was sentenced to five years in prison on Thursday, were regularly hacked, even before charges were filed against him.) And once Snowden received asylum status, even Putin would have trouble taking it away if Snowden got out of hand.
The second reason Putin, a former KGB agent, is wary about Snowden is because Putin remains religiously faithful to the lifetime oath he took: Never give away state secrets. Whatever initial gratification he might have experienced when Snowden revealed U.S. government abuses was quickly replaced by a sense of disdain for Snowden, who betrayed his nation. For this reason alone, Putin clearly considers Snowden a traitor, not a hero.
Putin put it best in 2010, when he spoke of a Russian informant who gave away 10 sleeper agents in the U.S.: "Traitors are swine. … The lives of traitors always end badly." And this is precisely why Putin said that the sooner Snowden leaves Russia, the better.

Germany backs away from claims NSA program thwarted five attacks

German Interior Minister Hans-Peter Friedrich is backing off his earlier assertion that the Obama administration’s NSA monitoring of Internet accounts had prevented five terror attacks in Germany, raising questions about other claims concerning the value of the massive monitoring programs revealed by NSA leaker Edward Snowden.
Friedrich had made the assertion about the number of attacks that the NSA programs – which scoop up records from cellphone and Internet accounts – had helped to avert after a brief visit to the United States last week. But on Tuesday, he told a German parliamentary panel, “It is relatively difficult to count the number of terror attacks that didn’t occur.” And on Wednesday, he was publically referring to just two foiled attacks, at least one and possibly both of which appeared to have little to do with the NSA’s surveillance programs.
The questions about the programs’ value in thwarting attacks in Germany come as some members of the U.S. Congress have told Obama officials that the programs exceeded what Congress authorized when it passed laws that the administration is arguing allowed the collection of vast amounts of information on cellphone and Internet email accounts.
In Germany, the concern is that the NSA is capturing and storing as many as 500 million electronic communications each month, but Germans are getting little if anything back for what is seen as an immoral and illegal invasion of privacy.
Friedrich spent July 11-12 in the United States for meetings with U.S. officials on the NSA programs that German Chancellor Angela Merkel had requested. The point of the meetings was to gather information that would calm a building German angst over the spy scandal.
Instead of being reassured, however, opposition politicians and commentators now are talking about the arrogance of the U.S. application of “winner’s power” (a reference to the political authority the United States had here during the Cold War, when Germany was divided between east and west, and West Germany leaned heavily on America for support), and how traditionally strong relations between the two countries have been harmed by the scandal.
“German-American relations are at risk,” said Hans-Christian Stroebele, a Green Party member of the influential German intelligence oversight committee in the country’s legislature, the Bundestag, which is dominated by Merkel’s Christian Democratic Union. “The longer it takes to uncover the facts after this long silence, the more problematic it becomes. No one even bothers to deny what’s been said. It could be that German or (European Union) courts will have to deal with this.”
Even as emotions build, NSA plans for expanding a listening station in Germany were revealed this week, raising more questions.
Stroebele spoke Thursday to McClatchy, addressing Friedrich’s official report, delivered behind closed doors to the Bundestag committee. He said Friedrich received little information from the United States in his quick trip to Washington.
“We’re lucky to have had Snowden,” Stroebele said. “Without him, this surveillance that is not permissible under international law would have continued for a long time. In Germany, there are prison terms for such spying.”
Perhaps most troubling was how quickly the government backed down on the claims that the surveillance helped foil terror plots. Gisela Piltz, a Liberal Party member of the Bundestag intelligence committee, said she could not give exact details of what took place in the secret hearing but noted: “There was a clear discrepancy between the previously reported number of foiled terror attacks and the number we talked about.”
And even those cases raised questions. One of them, commonly known as the Sauerland Cell Plot, involved an alleged conspiracy in 2007 to detonate a series of car bombs in crowded places. Piltz was involved in a Bundestag study of what took place. The goal of the would-be bombers was to surpass the death and injured toll from commuter train attacks in Madrid in 2004, which killed 191 and wounded another 1,800.
The conspirators, who allegedly included two Germans, had gathered nearly a ton of liquid explosives.
News reports at the time mentioned an unnamed U.S. intelligence official saying that cellphone calls by the two Germans had been intercepted. But those calls were said to have been made when the Germans were leaving a terror camp in Pakistan – an entirely different scenario from the current monitoring program, which captures data from everyday citizens by casting a worldwide net.
Piltz said even that participation by U.S. intelligence agencies remains unverified.
The other case, involving four men with al Qaida connections arrested in Dusseldorf while allegedly preparing to make a shrapnel bomb to detonate at an undecided location, also raised questions about NSA involvement. During the trial, prosecutors said they were alerted to the cell by an informant, after which they studied emails from the four. But such targeted surveillance is not the issue in the NSA programs, one of which, PRISM, reportedly taps into the computers of users of nine Internet companies, including Facebook, Google and Yahoo.
Defending NSA practices, Friedrich noted that security is a “super fundamental right.” As such it outranks fundamental rights such as privacy. German newspapers were scathing in their assessment, calling Friedrich the “idiot in charge.”
Piltz said that while terrorism is a real threat, the U.S. monitoring programs have done little to prevent it.
“Germans are not safer because of U.S. espionage,” Piltz said. “It is true Germany has been lucky not to have suffered a terror attack, but there has to be a balance. We cannot sacrifice freedom for security, and when in doubt I would always opt for freedom.”

INTERPOL Arrested 6000 people across the Americas, Africa, Asia and Europe

Interpol announced thursday in different operations  in Europe codenamed Black Poseidon II, in Africa they called ethosha, in Asia and Hurricane in the Americas Pacific have arrested 6000 people.
Some 24 million fake goods worth nearly USD 133 million were seized during the operations codenamed Black Poseidon II (Europe), Etosha (Africa), Hurricane (Asia) and Pacific (Americas), coordinated by INTERPOL’s Trafficking in Illicit Goods and Counterfeiting unit throughout May and June.
More than 3,000 individuals were arrested in Turkey during Operation Black Poseidon II, with law enforcement and customs officials seizing nearly 12 million packets of illicitly traded cigarettes.
Fake and illicitly traded goods worth around USD 26 million were seized and nearly 200 people arrested in Poland.
The operation was under more dismantled a gang in southern China that fake brand shampoo and toothpaste produced and distributed. The gang members ran include 21 companies and owned planes and trains.
The following countries and territories took part in the INTERPOL-led operations:
  • Black Poseidon II – Belarus, Moldova, Poland, Romania, Turkey, Ukraine;
  • Etosha – Namibia;
  • Hurricane – China, Hong Kong (China), Fiji, India, Indonesia, Philippines, Thailand, Vietnam;
  • Pacific – Brazil, Chile, Colombia, Ecuador, Panama, Peru.

Taiwan Testing ground for China hacking



Taiwan is the frontline in an emerging global battle for cyberspace, according to elite hackers in the island's IT industry, who say it has become a rehearsal area for the Chinese cyber attacks that have strained ties with the US.

The self-governing island, they say, has endured at least a decade of highly-targeted data-theft attacks that are then directed towards larger countries.

"We've seen everything," said Jim Liu, the 28-year-old founder of Lucent Sky, a Taiwanese internet security company specialising in resolving dangerous software vulnerabilities that hackers can exploit in order to gain access to a system.

"We'll see a specific attack signature here, and then six months later see the same signature in an attack on the States."

A Pentagon report in May accused China of trying to break into US defence computer networks. It followed another report in February by US computer security company Mandiant that said a secretive Chinese military unit was probably behind a series of hacking attacks that had stolen data from 100 US companies.

Cyber war

Beijing dismissed both reports as without foundation. But Taiwan experts say that hacking methods such as those outlined in the Mandiant report are the same kinds of security breaches that they had seen several years earlier.

Regarded by China as a renegade province it must recover, by force if necessary, it is easy to see why Taiwan might be an ideal target for Chinese hackers: It is close to the mainland, Mandarin-speaking and boasts advanced internet infrastructure.

This cyber war playing out across the narrow Taiwan Strait first came to public attention in 2003, when a Taiwanese police agency realised hackers had stolen personal data, including household registration information, from its computer system.

These attacks differed from traditional hacking attempts - where many casual hackers attempt to disrupt their targets' systems, these hackers went in stealthily, with the intention to plunder rather than destroy.

"Back then it was very rare to see these kinds of social network attacks," said hacking specialist Jeremy Chiu, a contract instructor in IT for Taiwan's intelligence agencies. "They were very, very well organised."

Other indicators, including the ease with which the hackers penetrated an e-mail system written entirely in Chinese, painted a picture of the culprits as a large, co-ordinated group of mainland Chinese hackers.

"One thing that indicates government support for these attacks is just the sheer volume - how many agencies are being attacked on a daily basis," said Benson Wu, postdoctoral researcher in information technology at Taiwanese think-tank Academia Sinica and co-founder of Xecure Lab, which focuses on responding to advanced persistent threats.

Source

Interviewed at his downtown Taipei office, Wu's set-up fits the classic hacker image: Dimly-lit, strewn with wires and humming with computers.

On a projector screen he displayed a list of e-mails, written in Chinese, with subject headings like "meeting notes", "dinner attendance" and "questionnaire".

"These are all hacking attempts," Wu explained. Once the documents have been opened, they plant a backdoor allowing the hacker virtually unfettered access to the network.

One such "spearphishing" attack was reportedly used on the White House in October. A Taiwan expert in cyber espionage estimated that thousands of Taiwanese high-level government employees receive as many as 20 to 30 of these e-mails a month.

"We've been following these Chinese hackers for so long, we can track their daily work schedule," said the expert, who asked not to be identified.

"People expect hackers to be night owls, but these guys work very normal hours - on Chinese national holidays, for example, we don't see any hacking activity at all."

Tracking the exact source of the attacks, however, remains a slippery game of internet sleuth.

"We take the IP address culled from the attack as a springboard, then track it through the internet - perhaps the same IP address was used in a forum registration, or to register a QQ handle," he said, referring to a popular Chinese chat program. "It depends how good they are at covering their tracks."

US surveillance

China denies being behind hacking attacks on other nations and insists it is a major victim of cyber attacks, including from the US - an argument that Beijing sees as strengthened by revelations last month from a former National Security Agency contractor, Edward Snowden, about top-secret US electronic surveillance programmes.

The US and China held talks focused on cyber issues last week.

According to internet platform Akamai, 27% of worldwide hacking activity during 2012 originated in China. The same report, however, also placed Taiwan among the top five digital attack originating countries in 2012.

"Taiwan is one of the key countries where we see a lot of activity," said Singapore-based malware researcher Chong Rong Hwa of network security firm FireEye.

A report issued by SecureWorks, a network safety arm of PC maker Dell, said Taiwan government ministries are swarming with a particularly malicious form of data-nabbing computer virus.

In one year, the Taiwan National Security Bureau encountered more than three million hacking attempts from China, according to statements given by bureau director Tsai Teh-sheng in March in response to questions from lawmakers.

Military and technology intelligence was included among the pilfered data. A representative from the bureau declined to comment when contacted.

"Taiwan will continue to be the battleground for lots of cyber attacks; it's like we are on our own," Wu said. "China has a huge pool of talent and technical resources."