Information Security, Ethical Hacking, website Security, Database Security, IT Audit and Compliance, Security news, Programming, Linux and Security.
Wednesday, 8 January 2014
The Pirate Bay Plans a Censor-Free Torrent-Based Internet
Whatever else you may say about The Pirate Bay, you can't deny that it's an interesting organization. This past summer the group announced plans for a "beautiful" NSA-proof messaging system they call Hemlis (Swedish for "secret"). Also this past summer co-founder Gottfrid Svartholm Warg sentenced to two years in Swedish jail for hacking. Now they're planning something truly remarkable; a torrent-based parallel Internet that can't be blocked or censored.
Reasonable Skepticism
Last August saw the release of Pirate Browser, a mashup of Firefox Portable and TOR (The Onion Router), with some special sauce to circumvent censorship in various countries that limit Internet access. However, analysis by PCMag experts turned up some serious limitations in the product. It does offer access to various torrent sites (including The Pirate Bay, of course) that might normally be blocked, but it doesn't actually make use of TOR's anonymizing proxy features, and doesn't even include a BitTorrent client.
Given that track record, I initially viewed the latest news with a certain skepticism. It's true that nobody ever promised that PirateBrowser would provide anonymous Web surfing, but users might easily assume anonymity due to the use of TOR. In addition, this browser disables a number of security protections normally found in Firefox.
Torrent-Style Internet
The wildly popular BitTorrent protocol allows users to share files without requiring a server for storage. Files reside on other users' computers, and a BitTorrent download will come from many different PCs. This peer-to-peer file sharing is especially useful when the files being shared are pirated, as there's no central server that authorities could locate and shut down.
According to Torrent-tracking news site TorrentFreak, The Pirate Bay plans to create a Torrent-style system for censor-proof transmission of Web pages. "The goal is to create a browser-like client to circumvent censorship, including domain blocking, domain confiscation, IP-blocking. This will be accomplished by sharing all of a site's indexed data as P2P downloadable packages, that are then browsed/rendered locally," according to "a Pirate Bay insider."
In the normal course of things, your browser consults the Domain Name System to find the IP address of the site you want to visit. It sends a request to that site's server and gets back the page you requested. Under the proposed system, your browser will find the desired site using a parallel DNS system, and will download the page from the BitTorrent swarm of other users. The page will be stored locally, and future visits will download only changes, not the whole page.
Can It Work?
The BitTorrent website states, "More than 170 million people use our products every month. Our protocols move as much as 40% of the world's Internet traffic on a daily basis." That's a pretty successful operation, especially considering the substantial pushback from governments and other groups trying to prevent sharing of copyrighted materials.
Unlike the misbegotten mashup released as PirateBrowser, I think this thing could actually work. As the TorrentFreak article pointed out, "It may take a few months before the first version is released in public, but it already promises to be a game changer in the ongoing censorship Whack-a-Mole."
Android Coupons App Leaks Your Personal Information To Everyone
We've looked at several apps for Android that gather, to paraphrase John Hodgman, more information than they require. We've also looked at several apps that handle that information badly, allowing it to be easily extracted or intercepted. This week, Appthority shows us an app that does both, and also transmits your information to any other server it contacts.
The Coupons App
Appthority tipped us to an app called The Coupons App currently on Google Play, which includes a suite of tools to connect you with deals on everything from restaurants to gas. But in their analysis, Appthority found that The Coupons App "continuously sends private information over the network without protecting it with encryption." This includes your device ID or IMEI number, your phone number, your email address, your zip code, and the exact geolocation of your device.
Many apps collect this kind of information—some for their own analysis and some for selling to third party ad networks. Unfortunately, Android does not give you the ability to control what information apps can access. There's only a single all-or-nothing permissions warning when you first download an app. Not encrypting the information compounds the issue, since someone snooping on the network could nab it during a man-in-the-middle attack.
Unfortunately, this is not the last of The Coupons App's sins. "The private data is sent to the server used by the app, but it also leaks the private information in the "Referer" field," said Appthority, referring to a misspelled HTML header field that identifies the address of the webpage you're currently on to the webpage you're heading toward.
Let's say you're searching for "pharmacy" and The Coupons App uses a book cover image from Amazon in the search results. When the app communicates with Amazon to get that image, it included a lot of your personal information in the exchange. Here's Appthority's example, bolded for emphasis. Note that the email address and phone number are clearly visible.
Click for a larger image
Appthority added, "if the app was properly encrypting the link to their servers with the private data (ssl), the referer would not be set or sent to external web sites." Appthority notes that The Coupons App is possibly leaking this information to other servers unknowingly.
How Can You Stay Safe?
The Coupons App underlines one of the biggest problems with mobile security: That the end user (you) doesn't always know what potentially dangerous activities an app might be carrying out. Even if you read the permissions requested by The Coupons App, you wouldn't know why it was harvesting information or that your data was being leaked to other servers.
Furthermore, the limitations of Android don't allow you to control what apps can access certain information—like your current location. In the case of The Coupons App, this means that simply using it, and others with similar issues, puts your information at risk.
Reusing Passwords Across Social Media Sites: Don't Do That!
It doesn't matter how long and complex your password is: if you use the same password across multiple sites, you are at high-risk for attack.
Last month, Trustwave researchers discovered a trove of about two million usernames and passwords on a command-and-control server based in the Netherlands. The server, which was part of the Pony botnet, had harvested credentials for various websites as well as email, FTP, Remote Desktop (RDP), and Secure Shell (SSH) accounts from user computers, Trustwave's Daniel Chechik wrote at the time. Of the 2 million credentials harvested, about 1.5 million were for Websites, including Facebook, Google, Yahoo, Twitter, LinkedIn, and online payroll provider ADP.
A deeper analysis of the password list found that 30 percent of users who had accounts across multiple social media accounts had reused their passwords, said John Miller, the security research manager at Trustwave. Each of these accounts would be vulnerable to a password reuse attack.
"With a small amount of effort and some clever Google queries, an attacker could find additional online services where the compromised user had used a similar password and could then gain access to those accounts as well," Miller told Security Watch.
It's "Just" Social MediaIt's obviously bad that attackers had access to victims' FTP servers and email accounts, but it might not be as obvious why having their Facebook or LinkedIn passwords was a big deal. It's important to remember that attackers frequently use these lists as a jumping off point to launch secondary attacks. Even if attackers steal "just" a social media password, they may wind up getting into to your Amazon account, or break into your corporate network via VPN because the username and password happened to be the same as what you had on that social media account.
Security Watch frequently warn about the dangers of password reuse, so we asked Trustwave to analyze this password list to quantify the extent of the problem. The resulting figures were startling.
Of the 1.48 million username/passwords associated with social media accounts, Miller identified 228,718 distinct users with more than one social media account. Out of those usernames, 30 percent had used the same password across multiple accounts, Miller found.
In case you are wondering, yes, cyber-criminals will try out the same combination across random sites, either manually or via a script to automate the process.
Reuse As Bad as Weak Passwords
Passwords can be hard to remember, and that's especially true for passwords that most people consider strong. While these users should be commended for not using weak passwords such as "admin," "123456," and "password," (which was still a problem among this group) the problem is that even complex passwords lose their effectiveness if they aren't unique.
Miller also identified another reuse problem. While many sites have users log in with their email addresses, others allow users to create their own usernames. In that original list of 1.48 million username/password combinations, there were actually 829,484 distinct usernames because users were using common words. In fact, "admin" appeared as a username 4,341 times. Half of the "weak" usernames also had weak passwords, making it even more likely that attackers could brute-force their way across multiple accounts.
Stay Safe
Secure passwords are critical to keep our data and identity safe online, but users frequently opt for convenience over security. This is why we recommend you use a password manager to create and store unique, complex passwords for every site or service you use. These applications will also automatically log you in, making it much harder for keyloggers to snatch your information. Be sure to try out Dashlane 2.0 or LastPass 3.0, both which are our Editors' Choice award winners for password management.
Tech Support Scams: Second Byte at the Cherry
- you have a problem with your computer
- that the scammer knows or could possibly know anything about your computer
- that the scammer needs you to give him access to your computer so that he can prove to you that the problem is real and to enable him to ‘fix’ it for you.
As it happens, I’ve seen a couple of reports in the past year or two that have suggested a somewhat similar variation, but too few to determine exactly what form the scam was taking. And in fact, it’s not uncommon for 419 scammers to kick off with an offer to reimburse people who are – wait for it – victims of 419 scams. In that instance, the scammer doesn’t usually admit to being a 419 scammer, but poses as a representative of a government agency (for instance).
The FTC article, however, suggests that at least some of these calls are from scammers revisiting previous victims and offering a refund if they considered the service unsatisfactory, which isn’t something I’ve seen reported previously. Sometimes, though, it seems that the refund is offered on account of the ‘service’ going out of business, and that resembles previous reports I’ve seen, though looking at them in the light of the FTC article, I don’t think that the callers operating this particular variation of the scam are necessarily the same scammers who may have called previously. At least one of our correspondents was puzzled and alerted by the fact that the caller offering a refund didn’t represent the same company with whom he thought he had a contract.
The article gives more information on how the scam works and advice on what to do if you fell for it (complain to the FTC, reverse credit card charges and so on).
I suspect, though, that the real step-change here is that the scammers have once more crossed a line. Earlier in the evolution of the scam, we found that some scammers who admitted that they were not being altogether honest with their victims nevertheless justified their actions by claiming they were providing a useful service. And from time to time, we see comments along the lines of “this isn’t really a scam, more like aggressive marketing”.
Later, we saw scammers who reacted aggressively when they thought they weren’t going to get the payment they anticipated: if they’d already been allowed access to the victim’s machine, they would try to trash the system. While trashing someone’s system for non-payment doesn’t often stand up as a defence in court – remember Dr. Popp and the AIDS Trojan? –motivation in the case where the criminal thinks he’s supplied some kind of service is kind of understandable, if morally, ethically and legally indefensible.
What the FTC is describing, though, seems to me to be a clear case of fraud: asking for credit card details on the grounds that you’re going to give them money and then taking money instead seem unequivocally criminal to me. I don’t see how any scammer can seriously convince himself that this is somehow offering a legitimate service. Of course, this doesn’t mean I think that the scammers weren’t previously aware that what they were doing is wrong: only that it’s harder for scammers to justify their actions to themselves.
NSA “Hard Target” project planned $80m quantum “God Machine” to ‘own’ the Internet
A
hi-tech ‘quantum computer’ more powerful than any supercomputer on
Earth, and capable of breaking virtually any encryption code, including
those used to protect banking systems – and thus ‘owning the net’ has
been planned by the National Security Agency. Details of the project are
the latest of a series of revelations from NSA whistleblower Edward
Snowden.
Documents provided to the Washington Post showed that a secret project, entitled OTN (Owning the Net) had a budget of $79.7 million to develop the machine.Quantum computers, which exploit properties of subatomic particles are in their infancy – but have been described as “God Machines” and the “Holy Grail” of computing, due to their ability to develop new drugs at speed, according to Yahoo News. The NSA aimed to exploit this power for high-speed code breaking, the documents said, “The application of quantum technologies to encryption algorithms threatens to dramatically impact the US government’s ability to both protect its communications and eavesdrop on the communications of foreign governments,” said the documents leaked by Snowden, according to The Register.
The physics behind the theoretical machine have been known
for 100 years, and the idea of using such machines for code-breaking has
been known for decades, but the NSA was pushing to leapfrog ahead of
companies such as IBM, to build a machine exponentially more powerful
than current “classical” computers, and spell the end of the silicon
era, albeit for rather different reasons than IBM, according to The Register’s report.
For security professionals, and computer experts, quantum
computers have been a “Holy Grail” for decades – using the strange
properties of quantum physics – where instead of ‘bits’, where
information is conveyed in ones and zeroes – quantum particles can be
both at once – to calculate at speeds impossible for current machines
based on transistors, according to Yahoo News.
Tech Week Europe
said that the documents referred to the development of “a
cryptologically useful quantum computer”, exponentially faster than
current machines, and part of a project entitles “Penetrating Hard
Targets”.
The revelation has puzzled some computer experts, as the
capabilities of the proposed machine would be far beyond anything yet
unveiled, even by pioneers such as IBM (whose early quantum computer is
pictured above) While both Google and defense contractor Lockheed
Martin invested in D-Wave’s ‘quantum computer’, argument raged over
whether the machine really was different from “classical” computers,
according to Wired. D-Wave’s machines can peforrm high-speed computing tasks – but not the one that the NSA want, high speed decryption.
“The idea of quantum computing was proposed in the 1980s by
physicists like Richard Feynman,” said Scott Aaronson, talking to the Washington Post,
“But it wasn’t obvious that a quantum computer would be good for
anything. The big discovery that sort of got people excited about this
field: Peter Shor discovered in 1994 that you could use it to find the
prime factors of enormous numbers. That’s a practical problem we don’t
know how to solve with [conventional] computers in any reasonable amount
of time. The security of e-commerce is based on the difficulty of
finding prime factors. If you can do that you can break most of the
cryptography on the Internet.”
“The Owning the Net (OTN) Project provides the
technological means for NSA/CSS to gain access to and securely return
high value target communications,” the documents leaked by Snowden said.
“By concentrating on the means of communication, the
network itself, and network links rather than end systems, OTN research
manipulates equipment hardware and software to control an adversary’s
network.”
So far, the computers under test at IBM, Lockheed Martin and Google,
and universities around the world, work with just a few “qubits” – the
tiny particles that can be both one and zero at once, says science
author Colin Stuart, author of The Big Questions in Science, speaking to
Yahoo News.
A 250-qubit array would contain more ‘bits’ of information
than there are atoms in the entire universe, IBM has claimed, and will
happen within our lifetimes - allowing not just for high-speed
code-breaking but for useful tasks such as the high-speed development of
new drugs, according to Stuart. The machines could “save millions,” he
says.
“A quantum computer could calculate in seconds what a
supercomputer – even the fastest on Earth – would take years to,” says
Stuart. “The strangest thing is that it’s quite possible that one of the
reasons they’re so fast is that they’re doing the calculations in
multiple universes.”
The Register points
out that while the NSA is keen on the idea, it seems to be far from
being in possession of a working quantum decrypter, saying, “The NSA
certainly does want to do this, but based on the Snowden documents the
agency is a long way from being able to manage it. There’s no mention of
anything like a working quantum decrypter.”
Pat Garratt: PC gamers will always be easy prey for cyber gangs – but it’s not ALL our fault, says industry veteran
I love zombie survival shooter Left 4 Dead 2, but my three kids and job keep me away from its cutting edge. I’m too busy being a parent to to read about its latest add-ons or downloadable maps, but, late last year, I thought I’d Google some for fun. “L4D2 Super Pack maps + Installer,” I read on a fan forum. I moused over the link to the 8Gb torrent as I scanned the comments below. It was a Trojan, a bad one. Obviously. And, despite the fact I’ve worked in the games industry for some 15 years, I nearly hit it.
After using PC games professionally since 1998, I understand why I’m a major malware target. I know this, but it doesn’t make me harder to fool.
It’s no surprise infectors target core PC gamers, those who play massively multiplayer online games (MMOs) or competitive shooters. This insatiable group not only consumes video game content as rapaciously as Oliver Twist devours gruel, but is so passionate about downloading new bits, add-ons, cheats and so on that it can be easily fooled. People will risk lifetime bans from their favourite game just to be able to catch fish 10% faster (true story, World of Warcraft). If I were a Trojan coder, looking for a gullible set of addicted computer enthusiasts – PC gamers would be target numero uno, no doubt about it.
PC gaming, in case you’ve never dabbled, isn’t the same as installing, say, Angry Birds on iPad, and waiting patiently for updates. You can tweak. You can fiddle. You can rewrite the things, if you fancy. Home-made ‘mods’ have been part of gaming for decades – spawning some of its biggest hits, as homebrew titles such as DOTA (a ‘mod’ for Warcraft 3, made by a fan, not a game studio) which became a global hit, made by a fan. Shooter Counter-Strike had roughly the same origins.
Worse trouble arose, though, when companies decided to plug into all this free, open-source creativity.
The problem isn’t gamers themselves, or the companies scraping a living from them – it’s the whole culture around PCs. It’s a mark of PC gaming manhood to build your rig yourself, fix it yourself, and frankly, if you don’t own a soldering iron and watchmaker’s tools, you’re no real gamer. PC gaming is the opposite of the smooth, “no user serviceable parts inside” experience of, say, a Mac, or an iPad – PC gamers are the under-the-bonnet-tinkerers of the computing world, tweaking performance endlessly, monitoring graphs and mutilating motherboards – not to mention switching off their AV software to squeeze that last ounce out of the processor (an ESET survey found a third of gamers do just that, every time).
Installing potentially hooky add-on software is totally normal – in World of Warcraft, for example, you can be kicked from groups of ‘adventuring friends’ without a word of warning for failing to run semi-legitimate add-ons such as Recount.
For Blizzard, when it launched World of Warcraft in 2004, the add-on market was something they actively encouraged, unlike rivals – and arguably one of the reasons for the game’s meteoric rise is the fact you can add anything from a ‘spy’ add-on that tells you how tough other players are to a sat-nav style arrow telling you where to go.. Any idea Blizzard REALLY likes tended to crop up in the next game update. A win all round, except, when infection spreads.
Naturally, this week, cybercriminals targeted this very system, creating an entire fake website for Curse, the main add-on store, which actually worked, and was artificially boosted up Google searches using darkside search-engine tricks – but every add-on on offer was poisoned, with data-stealing malware built to bypass Blizzard’s two-factor security app. Full marks for effort, at least, on the part of the criminals – although Blizzard claim the system works “99% of the time”. Full marks for effort, at least. In other games, black market add-ons are used routinely. If it gives you an edge, thousands will pile in. Including people who really should know better. Like me.
Other game companies, though, are guilty of exposing customers to attack for less salubrious reasons – take Ubisoft’s Uplay, a ‘security’ system which offered little except low-rent bonuses such as PC Wallpapers, in exchange for ensuring gamers couldn’t copy – or easily sell – their games. Gamers were ‘forced’ to sign up to use the games – even on console. The Uplay system requires users to log in with an email or password, and offers digital extras, but also works as a Digital Rights Management system (DRM) to prevent copying. When your data is put at risk just to ensure profits stay high, that can cause serious nerd rage. Naturally, Ubisoft, like Sony before them, got hacked. Passwords leaked. Gamers raged.
One gamer on Ubisoft’s official forums said, “For future reference, I will never buy nor play another Uplay enabled Ubisoft game on Xbox that requires me to make another account on here. You had one job, keep my account information safe!”
A recent Grand Theft Auto V scam highlights just how susceptible PC gamers are to malware if the criminals dangle the right carrot. Despite the fact Rockstar, the game’s publisher, has never mentioned the reality of a PC version, thousands of gamers torrented an 18Gb file claiming to be just that. The zip, obviously, wasn’t a game – it was Theft, yes, but only from the users themselves.
Logic doesn’t always apply in the world of PC gaming downloads. Heavily involved gamers are prepared to take serious risks, not only to play games that don’t exist, but also to grind a dishonest edge in competition. Endless cheat hacks exist for titles such as leading MMO World of Warcraft (WoW) and first-person shooter Counter-Strike, but a huge number of them carry malware.
Sony’s PlayStation Network, famously, fell victim to legendarily vast attack in which credit card details, email addresses and more were accessed. Whereas even only a few years previously this would have had no affect on personal PC security, online gaming services are now multi-platform, spanning console, PC and mobile: get hacked on your PlayStation and you could get hacked everywhere.
PC gamers are some of the most passionate, gullible digital consumers in the world. I know because I’m one of them. I’ve hacked my WoW UI to add maps and trackers, and I’ve installed mods to drag the older games I love up to scratch graphically. I was relatively sure of the unverified software being safe, but just because a guy on a forum says it’s clean doesn’t necessarily make it so. The truth is I didn’t really care. I wanted to do it because I’m a hardcore hobbyist and I love computer games. As long as people like us exist, there will always be a Trojan aimed at our hard drives.
CES: CIOs are powerless to stop Android's enterprise conquest, argues Samsung
Mills made the claim during an interview with V3, arguing that trends such as bring your own device (BYOD) mean CIOs can no longer keep Android devices out of the company network.
"Enterprises have a growing issue facing them. Research shows that there will be three billion devices in the market by 2017. Of those, 45 percent [will be] in enterprise and 60 percent will be Android. We know Android will be in the enterprise whether businesses like it or not," he said.
The Samsung vice president said numerous companies are still taking a head-in-the-sand approach to BYOD, despite its growing prevalence in the enterprise space.
"We did some research on large and medium enterprises. We found a third had or assumed loss of customer data through BYOD, yet only 25 percent have done anything to update their policies on security," he said.
Mills said that while it is troubling, the trend does present several expansion opportunities for companies able to provide a solution.
"This trend is opening up security issues and a big number of CIOs have done nothing about them. This is bad but it also means there is an opportunity here for Android and Samsung," Mills told V3.
Mills highlighted Samsung's Knox security service as a key tool in the company's enterprise expansion plans. "We're fully aware CIOs have concerns about security and fragmentation of Android, but Knox is a platform that makes Android the safest operating system out there, it is a game changer for us," he said.
Mills said the company has already seen great interest in the Knox platform. He declined V3's request for comment on how many Knox customers it currently has, but confirmed that Samsung has been approached by a number of ex-BlackBerry customers.
"It's an obvious play to go to CIOs looking for an alternative to BlackBerry, but we've found we don't have to go out with the strong message that we're a BlackBerry replacement," he said.
"They want to bring us in. The issues facing BlackBerry leads to questions about the platform and we are finding strong interest from enterprise BlackBerry customers."
Despite the lack of knowledge about how many corporate customers are currently using Knox, the platform has been accredited by several government departments and agencies, including the US Department of Defense (DoD).
Mills said despite the platform's success, Samsung will continue to develop devices running other operating systems.
The news comes during a dark period for BlackBerry, which has posted back-to-back losses for several years now. Windows Phone heavyweight Nokia confirmed winning a number of customers from BlackBerry earlier in the year.
CES: Intel drops McAfee brand and makes Android and iOS security apps free
Intel will drop its McAfee Security brand in the coming year as it
looks to push through its own Intel Security products. Speaking at CES,
Intel chief executive Brian Krzanich announced that his company would
also be offering McAfee mobile security products free of charge.
While McAfee will continue to operate as a wholly owned subsidiary of Intel, it will be renamed Intel Security, ending the company's connection to controversial founder John McAfee. Speaking to the BBC, McAfee claimed he was "elated" that Intel had chosen to remove his name from the company.
"I am now everlastingly grateful to Intel for freeing me from this terrible association with the worst software on the planet," he said. "These are not my words, but the words of millions of irate users. My elation at Intel's decision is beyond words."
Despite McAfee's glee, Intel confirmed that the iconic "red shield" would remain part of the Intel Security logo.
Apple devices including the iPad and iPhone, as well as all Android smartphones and tablets will have access to McAfee's mobile security apps for free. Perhaps more importantly for businesses, Android devices running on Intel chips will soon have access to new Intel Device Protection technology. The company said this move was intended to make Android a more viable and secure option for firms implementing BYOD policies.
Krzanich said: "The complexity of keeping digital identities safe grows as mobile applications and devices become a more important part of our daily lives. Intel's intent is to intensify our efforts dedicated to making the digital world more secure, and staying ahead of threats to private information on mobile and wearable devices."
While Intel chips are not often found inside Android devices, there are an increasing number of hybrid Windows 8/Android tablets marketed for businesses that contain Intel chips. For particularly security-conscious IT managers, Intel Device Security for Android will present a significant step forward in security.
While McAfee will continue to operate as a wholly owned subsidiary of Intel, it will be renamed Intel Security, ending the company's connection to controversial founder John McAfee. Speaking to the BBC, McAfee claimed he was "elated" that Intel had chosen to remove his name from the company.
"I am now everlastingly grateful to Intel for freeing me from this terrible association with the worst software on the planet," he said. "These are not my words, but the words of millions of irate users. My elation at Intel's decision is beyond words."
Despite McAfee's glee, Intel confirmed that the iconic "red shield" would remain part of the Intel Security logo.
Apple devices including the iPad and iPhone, as well as all Android smartphones and tablets will have access to McAfee's mobile security apps for free. Perhaps more importantly for businesses, Android devices running on Intel chips will soon have access to new Intel Device Protection technology. The company said this move was intended to make Android a more viable and secure option for firms implementing BYOD policies.
Krzanich said: "The complexity of keeping digital identities safe grows as mobile applications and devices become a more important part of our daily lives. Intel's intent is to intensify our efforts dedicated to making the digital world more secure, and staying ahead of threats to private information on mobile and wearable devices."
While Intel chips are not often found inside Android devices, there are an increasing number of hybrid Windows 8/Android tablets marketed for businesses that contain Intel chips. For particularly security-conscious IT managers, Intel Device Security for Android will present a significant step forward in security.
Orange Business Services buys cyber defence firm Atheos for security push
While the financial specifics of the deal have not been revealed, Orange stated that the decision to purchase Atheos was to advance its offering in several key corporate security areas. These include better access control management, data loss prevention, and proactive defence to identify vulnerabilities and detect more subtle attacks.
Founded in France in 2002, Atheos employs 130 people primarily working with large French firms on their security strategies.
Orange Business Services senior executive vice president Thierry Bonhomme said having Atheos under its wing would set Orange apart from its rivals. "Security is a critical concern for our customers, which means that the provision of robust security services has now become a strategic priority for Orange Business Services," he said.
"With this acquisition, we are now the only European provider able to support companies implementing multidimensional protection strategies, and this significantly reinforces our commitment to customers to support them, as a trusted partner, in an increasingly digital world."
General manager and founder of Atheos Michel Van Den Berghe added: "By joining Orange Business Services, we will benefit from its unique expertise of critical infrastructure to take us to the next level. Orange CyberDefense offers a credible response to the security requirements of large companies and government agencies."
Orange now claims to be Europe's largest cyber defence company, adding Atheos to its eight pre-existing security operation centres around the world.
The deal comes just a few days after FireEye announced a $1bn deal for security firm Mandiant, as consolidation in the security market continues rapidly.
NETRA the Indian internet spy system build by CAIR
Beware! Use of words like "attack", "bomb", "blast" or "kill" in
tweets, status updates, emails or blogs may bring you under surveillance
of security agencies as the government will soon launch "Netra", an
internet spy system capable of detecting mala fide messages. The home
ministry is giving finishing touches to 'Netra', which will be deployed
by all security agencies to capture any dubious voice traffic passing
through software like Skype or Google Talk, besides write-ups in tweets,
status updates, emails, instant messaging transcripts, internet calls,
blogs and forums.
The "Netra" internet spy system has been developed by Centre for Artificial intelligence and Robotics (CAIR), a lab under Defence Research and Development Organization (DRDO).
"The specifications of the 'Netra' system can be taken as frozen following tests by the Intelligence Bureau and Cabinet Secretariat, and can be considered for providing multiple user access to security agencies," a Home Ministry note on Netra says.
An inter-ministerial group, comprising officials of the Cabinet secretariat, home ministry, DRDO, CAIR, Intelligence Bureau, C-DoT and Computer Emergency Response Team ( CERT-In) recently have discussed the deployment strategy of "Netra".
The group also chalked-out a strategy on how to deal with computer security incidents, track system vulnerabilities and promote effective IT security practices across the country.
"When Netra is operationalized, security agencies will get a big handle on monitoring activities of dubious people and organisations which use internet to carry out their nefarious designs," a government official said.
The inter-ministerial group favoured allocation of 300 GB of storage space to a maximum of three security agencies, including the Intelligence Bureau and Cabinet Secretariat, for intercepted internet traffic and an extra 100 GB would be assigned to the remaining law enforcement agencies.
The "Netra" internet spy system has been developed by Centre for Artificial intelligence and Robotics (CAIR), a lab under Defence Research and Development Organization (DRDO).
"The specifications of the 'Netra' system can be taken as frozen following tests by the Intelligence Bureau and Cabinet Secretariat, and can be considered for providing multiple user access to security agencies," a Home Ministry note on Netra says.
An inter-ministerial group, comprising officials of the Cabinet secretariat, home ministry, DRDO, CAIR, Intelligence Bureau, C-DoT and Computer Emergency Response Team ( CERT-In) recently have discussed the deployment strategy of "Netra".
The group also chalked-out a strategy on how to deal with computer security incidents, track system vulnerabilities and promote effective IT security practices across the country.
"When Netra is operationalized, security agencies will get a big handle on monitoring activities of dubious people and organisations which use internet to carry out their nefarious designs," a government official said.
The inter-ministerial group favoured allocation of 300 GB of storage space to a maximum of three security agencies, including the Intelligence Bureau and Cabinet Secretariat, for intercepted internet traffic and an extra 100 GB would be assigned to the remaining law enforcement agencies.
Iranian FM Zarif Reiterates Iran's Power in Cyber Space
The Iranian foreign ministry is resolved to defend its national
interests in the field of cyber space, Foreign Minister Mohammad Javad
Zarif said.
"The Foreign Ministry believes it is seriously duty bound to legally defend national interests with high sensitivity against enemies' measures in cyber space," the top Iranian diplomat said in a meeting with Head of Iran's Civil Defense Organization General Gholam Reza Jalali on Monday, the Islamic republic news agency reported.
During the meeting, the two officials discussed monitoring enemies' new threats against national interests in international arena and legally defending Iranians against enemies' threats in the fields of cyber space.
"The Foreign Ministry believes it is seriously duty bound to legally defend national interests with high sensitivity against enemies' measures in cyber space," the top Iranian diplomat said in a meeting with Head of Iran's Civil Defense Organization General Gholam Reza Jalali on Monday, the Islamic republic news agency reported.
During the meeting, the two officials discussed monitoring enemies' new threats against national interests in international arena and legally defending Iranians against enemies' threats in the fields of cyber space.
The Turkish government fired cyber crime chief amid a vast corruption scandal
The Turkish government fired 350 police officers in Ankara overnight,
including heads of major departments, amid a vast corruption scandal
that has ensnared key allies of Prime Minister Recep Tayyip Erdogan,
local media reported on Tuesday.
The officers were sacked by a government decree published at midnight and included chiefs of the financial crimes, anti-smuggling, cyber crime and organised crime units, the private Dogan News Agency reported.
The decree also appointed replacements for 250 of the fired officers, it said.
The move comes as the government is trying to contain the high-level corruption probe that poses the biggest threat to Erdogan's 11-year rule.
The investigation is believed to be linked to simmering tensions between Erdogan's government and followers of influential Muslim scholar Fethullah Gulen, who lives in exile in the United States.
Gulen followers hold key positions in various government branches including the police and judiciary.
Erdogan has denounced the investigation as a foreign-hatched plot to bring down his government and has responded by sacking dozens of police chiefs across the country since the probe first burst into the open in mid-December.
The officers were sacked by a government decree published at midnight and included chiefs of the financial crimes, anti-smuggling, cyber crime and organised crime units, the private Dogan News Agency reported.
The decree also appointed replacements for 250 of the fired officers, it said.
The move comes as the government is trying to contain the high-level corruption probe that poses the biggest threat to Erdogan's 11-year rule.
The investigation is believed to be linked to simmering tensions between Erdogan's government and followers of influential Muslim scholar Fethullah Gulen, who lives in exile in the United States.
Gulen followers hold key positions in various government branches including the police and judiciary.
Erdogan has denounced the investigation as a foreign-hatched plot to bring down his government and has responded by sacking dozens of police chiefs across the country since the probe first burst into the open in mid-December.
Hacking the FBI in 1971 & exploiting them in 2014
So on a night nearly 43 years ago, while Muhammad Ali and Joe Frazier
bludgeoned each other over 15 rounds in a televised title bout viewed
by millions around the world, burglars took a lock pick and a crowbar
and broke into a Federal Bureau of Investigation office in a suburb of Philadelphia, making off with nearly every document inside.
They were never caught, and the stolen
documents that they mailed anonymously to newspaper reporters were the
first trickle of what would become a flood of revelations about
extensive spying and dirty-tricks operations by the F.B.I. against
dissident groups.
The burglary in Media, Pa., on March 8, 1971,
is a historical echo today, as disclosures by the former National
Security Agency contractor Edward J. Snowden have cast another
unflattering light on government spying and opened a national debate
about the proper limits of government surveillance. The burglars had,
until now, maintained a vow of silence about their roles in the
operation. They were content in knowing that their actions had dealt the
first significant blow to an institution that had amassed enormous
power and prestige during J. Edgar Hoover’s lengthy tenure as director.
“When you talked to people outside the
movement about what the F.B.I. was doing, nobody wanted to believe it,”
said one of the burglars, Keith Forsyth, who is finally going public
about his involvement. “There was only one way to convince people that
it was true, and that was to get it in their handwriting.”
Mr. Forsyth, now 63, and other members of the
group can no longer be prosecuted for what happened that night, and they
agreed to be interviewed before the release this week of a book written
by one of the first journalists to receive the stolen documents. The
author, Betty Medsger, a former reporter for The Washington Post, spent
years sifting through the F.B.I.’s voluminous case file on the episode
and persuaded five of the eight men and women who participated in the
break-in to end their silence.
Unlike Mr. Snowden, who downloaded hundreds of
thousands of digital N.S.A. files onto computer hard drives, the Media
burglars did their work the 20th-century way: they cased the F.B.I.
office for months, wore gloves as they packed the papers into suitcases,
and loaded the suitcases into getaway cars. When the operation was
over, they dispersed. Some remained committed to antiwar causes, while
others, like John and Bonnie Raines, decided that the risky burglary
would be their final act of protest against the Vietnam War and other
government actions before they moved on with their lives.
“We didn’t need attention, because we had done
what needed to be done,” said Mr. Raines, 80, who had, with his wife,
arranged for family members to raise the couple’s three children if they
were sent to prison. “The ’60s were over. We didn’t have to hold on to
what we did back then.”
A Meticulous Plan
The burglary was the idea of William C.
Davidon, a professor of physics at Haverford College and a fixture of
antiwar protests in Philadelphia, a city that by the early 1970s had
become a white-hot center of the peace movement. Mr. Davidon was
frustrated that years of organized demonstrations seemed to have had
little impact.
In the summer of 1970, months after President
Richard M. Nixon announced the United States’ invasion of Cambodia, Mr.
Davidon began assembling a team from a group of activists whose
commitment and discretion he had come to trust.
The group — originally nine, before one member
dropped out — concluded that it would be too risky to try to break into
the F.B.I. office in downtown Philadelphia, where security was tight.
They soon settled on the bureau’s satellite office in Media, in an
apartment building across the street from the county courthouse.
That decision carried its own risks: Nobody
could be certain whether the satellite office would have any documents
about the F.B.I.’s surveillance of war protesters, or whether a security
alarm would trip as soon as the burglars opened the door.
The group spent months casing the building,
driving past it at all times of the night and memorizing the routines of
its residents.
“We knew when people came home from work, when
their lights went out, when they went to bed, when they woke up in the
morning,” said Mr. Raines, who was a professor of religion at Temple
University at the time. “We were quite certain that we understood the
nightly activities in and around that building.”
But it wasn’t until Ms. Raines got inside the
office that the group grew confident that it did not have a security
system. Weeks before the burglary, she visited the office posing as a
Swarthmore College student researching job opportunities for women at
the F.B.I.
The burglary itself went off largely without a
hitch, except for when Mr. Forsyth, the designated lock-picker, had to
break into a different entrance than planned when he discovered that the
F.B.I. had installed a lock on the main door that he could not pick. He
used a crowbar to break the second lock, a deadbolt above the doorknob.
Subscribe to:
Posts (Atom)