US spies seem to be tracking sort of porn Internet users were downloading in order to blackmail them later. Another Snowden leak revealed that the NSA has been collecting records of Internet sexual activity and evidence of visits to porn sites.
It looks like part of a plan to blackmail or harm the reputations of people who are radicalizing others via incendiary speeches. The idea is that a radical Muslim cleric won’t be taken seriously if his followers knew he spends the nights downloading porn.
NSA secret documents revealed that six Muslims became an example of how “personal vulnerabilities” could become known via electronic surveillance, and then used to undermine people’s credibility, reputation and authority.
For some reason, it fails to mention giving similar attention to born-again Christian priests who called for Obama to be assassinated – maybe because they are Americans and therefore immune from spying. However, the fact is that American presidents have always been killed by their own people.
NSA lists a number of vulnerabilities of its targets, including those who can effectively be exploited: for instance, “viewing sexually explicit content” or “using sexually explicit persuasive language when communicating with inexperienced young girls”.
According to the US Civil Liberties Union, the leaks led to serious concerns about abuse. The outfit explained that the NSA was collecting massive amounts of sensitive data about almost everyone, so it knows what you are downloading, too.
In should be noted that none of the 6 people targeted by the agency was accused of being involved in terror plots and all of them currently reside outside the US.
The European Commission has provided the United States with a list of hoops it wants the country to follow before it starts trusting it. This is the result of revelations about National Security Agency and UK spying on everyone under its PRISM program.
The EC said that spying on its citizens, businesses and leaders was unacceptable and that people of European Union and the United States have to be reassured about protection of their personal information. In addition, the businesses also need to be reassured that the existing agreements between the two regions are both respected and policed.
The European Commission announced that it will set out actions supposed to help restore trust and strengthen information protection in transatlantic relations. They listed 6 areas that the European Union and the United States need to do to restore confidence.
The list includes swift adoption of EU's information protection reforms, improving the protection safeguards, and commitment from the United States for making use of a legal framework. The European Commission also wants to address its concerns in the on-going American reform process, as well as promoting privacy standards internationally.
The EC claims that everyone from the users to governments on both sides of the Atlantic want to gain from cooperation, based on strong legal safeguards and trust that they will be respected.
Snapchat, the fast-growing messaging system that registers 5 million daily users, has rejected a $3bn buyout offer from Facebook. The financial experts point out that the offer came as other investors valued the loss making 2-year-old service at over $4bn. At $3bn messaging system would be the most expensive acquisition of the social network ever.
The application has been downloaded by 9% of mobile users throughout the United States. It allows users to send messages and images with an expiration date – i.e. they are deleted from the recipient’s device after being received. Snapchat claimed to be handling over 350m messages every day.
Evan Spiegel, 23, the co-founder and CEO of the service, decided to wait until early 2014 before considering any offers. Apparently, he hopes that Snapchat’s numbers will grow enough to justify a larger valuation. In fact, Snapchat’s valuation has been growing along with its user base – for example, in June 2013 the company raised $60m from investors that valued it at $800m. There were reports that Facebook offered $1bn for the company earlier in 2013, while China’s Tencent was discussing an investment that would value Snapchat at over $3.6bn.
Back in October, Pinterest, a social scrapbooking company, had raised $225m in new funds at a price which valued the company at $3.8bn. In the meantime, valuation of Snapchat and its social media peers will likely soar after Twitter’s IPO, which has valued the company at over $23bn.
Industry experts point out that the rapid growth in the company’s valuation reminds that of Groupon, the Internet discount company which has also rejected a $6bn offer from Google before filing for an IPO. Two years ago, Groupon started trading and was valued at over $16bn, but soon crashed to less than $4bn. However, the company has since recovered and is now worth about $7bn.
A few weeks ago, the UK Defense Secretary mentioned that hackers with a criminal past might be hired to serve in a new military cyber force. This stance may have surprised many, but it actually points to an important recent shift where governments and companies were increasingly trying to use hackers and their associated skills to improve security, fight crime and even develop competitive advantage.
Today, if you look into the heart of any successful information security organization, you will find hackers, because they have become highly cherished commodities throughout the mainstream. In fact, it took businesses and governments too long to realize this untapped resource, all due to a combination of negative PR and a fundamental lack of understanding about hacker’s incentives.
Originally, a hacker was a technical wizard interested in exploring electronic systems and living by a strict ethical code which forbade them from harming those systems. But those hackers were later replaced by a younger, more reckless generation of crackers, whose aim was to break security and show they were better than the others. They were called “blackhats” and looked to financially motivated crime, being prolific at pirating software, stealing phone access, and even credit card fraud. As a result, being labeled a “hacker” automatically made bright young people unemployable. As such, a candidate with unparalleled expertise in IT but no qualifications or higher education to justify their skills ended up perceived as unsuitable for any position.
Only a small group of hackers found jobs in roles that demonstrated their true value – they were the ones who managed to change the mainstream view of what a hacker could be. For instance, the US government had early exposure to hackers when a hacker group L0pht testified in front of the Senate in 1998. Perhaps, this is why the American government is now so advanced in the integration of hackers into cyber defense and other critical parts of the country's military program.
Today the world offers many possibilities, and businesses start realizing that hackers could play a pivotal role in shaping their cyber future. They are perceived as technical geniuses who like to explore the technical world and change it as they like in a non-destructive way. So, modern hackers are in high demand – governments see hackers as valuable assets in fighting sophisticated cyber-criminals, while businesses see them as the front-line against complex cyber threats.
According to Sandvine’s (broadband service company) recent research, P2P file-sharing has declined, with Amazon and Hulu struggling to win receding US attention spans. At the same time, Netflix and YouTube account for over 50% of downstream online traffic in the United States and Canada. The results of the research were published in Sandvine’s biannual Global Internet Phenomena Report and are based on information collected from the company’s 250 network customers across the world.
It is the first time the two video streaming services surpassed the 50% mark of all US Internet traffic. This also means a significant decline in the use of P2P services: BitTorrent, the protocol used for peer-to-peer file-sharing, currently accounts for 7.4% of everyday online traffic in North America, which is 1/3 drop from 5 years ago. At the same time, Netflix accounted for over 31% of downstream traffic on fixed networks during “primetime” online hours.
The researchers believe that the decline shouldn’t be interpreted as a decline in the dominance of the service. Sandvine predicts that Netflix will break its own record very soon. YouTube accounts for over 18% of overall Internet traffic, so the two video streaming services held about 50% of North America downstream traffic. In the meantime, Amazon video and Hulu found themselves in the end of the list, each holding 1.6% and 1.3% of all downstream traffic, respectively.
Nevertheless, peer-to-peer services (namely BitTorrent) still dominate upstream traffic, and its share is 36.35%. However, downstream traffic represents a greater percentage of online traffic, because it is sent to the average home or office user, while upstream traffic is sent from a machine or network away from the user.
The results of the research also revealed that YouTube is dominant in South America and accounts for over 36% of traffic over there. As for Netflix, it failed to achieve comparable success in South America and holds just 2.17% of downstream traffic. Apparently, the service is growing in popularity in Europe, where its share is over 20% of traffic – this is less than 2 years after launching in the region. Netflix launched in the United Kingdom and Ireland two years ago and in the Netherlands two months ago.
Security experts claim that provisions were in place to prevent cyber terrorism at the London 2012 Olympics, but it wasn’t a major concern, as most of notable events were rudimentary DDoS attempts or financial fraud.
BT has run through worst-case scenarios for cyber terrorism during the Olympics, including putting together provisions for the shutting down of largest power networks. Besides, despite the over 200 million malicious incidents reported during the entire event, only 77 tickets required a human response from analysts.
All those events were described as anything that could be flagged as a potential threat – like a single DDoS attempt or defacement. The experts revealed that necessary defenses were created over 7 years of preparation, while the London 2012 site appeared to be the most popular on the planet during the Games.
Over the course of the 2012 Olympic games, "quite a few" DDoS attacks were reported, along with unsophisticated DNS amplifications, coming "from everywhere". Security analysts admitted that they had to deal with quite serious staff, which potentially would have had impact if the right controls hadn’t been in place".
The targets against the American banks, for example, demonstrate that cyber attacks are becoming more sophisticated, not just as hacktivism but a lot more concerted. In other words, there’s evidence clearly about criminals becoming more sophisticated in using such types of instruments now for financial gain.
Some of the hacktivist campaigns over the last 18 months involved the core people evangelizing their point of view on why they wanted to carry out their attacks. In the meantime, there were different scenarios, some being very capable, some being there to participate without realizing what they were doing.
BT has distanced itself from culpability if malicious events did run on its own infrastructure. The company pointed out that it had a huge consumer base in the United Kingdom, and there definitely were people buying DSL circuits from it with nefarious purposes. However, the end users were the ones who were the motivated criminals, while BT supplying services to its customers entered that contract in good faith with its subscribers, and it was up to users whether they break the law or not.
The press has recently run a chilling story about the NSA hacking into the Google and Yahoo datacentres. According to the NSA papers, seen by the reporters, the National Security Agency carried out “full take”, “bulk access” and “high volume” operations on both Yahoo and Google networks.
Such large-scale harvesting of online data would be illegal in the US, but it looks like the operations took place overseas, where the spooks were allowed to presume that anyone using a foreign data link is a foreigner.
An ex-NSA chief analyst admitted that the agency has platoons of lawyers, whose task is to figure out how to stay within the law while maximizing data collection by exploiting every loophole.
The search giants maintain fortresslike data centers across 4 continents, connected with thousands of miles of fiber-optic cable. For instance, Yahoo’s internal network is transmitting entire e-mail archives from one data center to another, which is when the agency could pounce.
Security experts point out that tapping the Google and Yahoo clouds would allow the National Security Agency to intercept communications and view the content at its leisure. NSA agents had to circumvent gold-standard security to get the information. In the meantime, the weak point might have been some of the premium data links that Google and Yahoo have been buying or leasing.
According to the insiders, they had reason to believe that their private, internal networks were safe from prying eyes, but apparently not.
The software giant has paid $100,000 to the UK researcher James Forshaw, who found a critical security flaw in Microsoft’s upcoming Windows 8.1 OS.
Forshaw, a researcher for the security company, has found a “mitigation bypass”. This hack circumvented the built-in protection systems that could have allowed intruders access to the system.
Microsoft said it couldn’t provide any details of that mitigation bypass technique until it found a way to address it. However, the software giant promised to strengthen platform-wide mitigations, and make it harder to exploit vulnerabilities in all software that runs on Windows platform, not only their own apps.
The researcher admitted it had taken him 25 days to find the bug, responding to “a very specific brief” from the software giant. Forshaw originally came up with the winning idea sitting at home and pondering what he could do. $100,000 bounty is a lot of money, but James Forshaw said that he wasn’t talking retirement money there. Indeed, when it comes to security flaw bounties like Microsoft’s, most of it goes to the company. Actually, even if it didn’t, after paying taxes it is already not a life-changing amount.
The researcher admitted that using outside experts was just part of the process due to the scale of the task involved. The software giant has a huge security department which actively looks for software bugs in its products, but it might be just a problem of being too close to the product – you simply cannot see the wood for the trees. Forshaw recommends to step back and take a look at the entire product and its interactions in order to find the higher-level flaws.
It seems that outsourcing is also important from a monetary point of view. In fact, the company couldn’t dedicate enough resources to find everything, because it is cheaper to pay external researchers bounties like this one. Apparently, there is only a finite pool of talented people who are able to find vulnerabilities in software products.
One can argue that the bugs and vulnerabilities should not exist in the first place, but everyone knows that humans are fallible and nobody can write perfect code.
A federal judge ordered a California man accused of operating an Internet drug marketplace dubbed Silk Road to go to New York to face charges. The order came during a brief court hearing in San Francisco. Federal authorities in New York have charged Ross Ulbricht, the site operator, with three felonies related to the operation of the service. Ulbricht's attorney has denied all charges.
Silk Road became known a couple years ago as a black market bazaar where users could trade drugs for BitCoins, a form of online cash. A “hidden” site used Tor network to mask the location of its servers. Thus far, the site operator agreed to remain in custody. The police have said he ran the service under various aliases, including “Dread Pirate Roberts”. However, his attorney denied this information.
Silk Road became so popular because other services were selling drugs more or less openly. In the meantime, Silk Road was technically sophisticated, had user-friendly system and promised near-total anonymity. The authorities closed down the website when they arrested Ulbricht at a small library in San Francisco while he chatted online with a “co-operating witness”.
In addition, Ulbricht is also charged in Baltimore federal court with soliciting the murder of a former employee, who was arrested on drug charges. It is suggested that Ulbricht feared the victim would turn on him. The police claimed that Ulbricht unwittingly hired an undercover agent for the murder, which the authorities staged but never took place.
In the meantime, prosecutors in New York have charged the site operator with trying unsuccessfully to solicit the murder of a Canadian citizen who allegedly hacked into Silk Road, obtained dealers names and started blackmailing Ulbricht.
It turned out that the FBI agents have penetrated the behind-the-scenes operations of the website and obtained a list of its users and sellers. In the following days, the police in Britain, Sweden and the US arrested 8 people charged with using the service for selling drugs. For example, in Washington state, a couple was arrested on charges of selling cocaine, heroin and methamphetamine via Silk Road. The UK authorities indicated more arrests were on the way. The FBI claimed that it had copy of the contents of the website’s server, which could provide international authorities with detailed data about the website’s dealers.
Apparently, months’ worth of sales history are currently in law enforcement hands. As a result, the traceable nature of BitCoin transfers can allow the FBI to easily follow the money.
According to media reports, British mobile network operators may face a 4-fold increase in license fees to rent the radio spectrum. These plans were revealed by Ofcom.
The watchdog confirmed that the new fees were in line with what other states paid. Moreover, the group believed that the UK operators had been getting off lightly for a long time. The United Kingdom raised a less-than-expected £2.34 billion in a 4G spectrum auction for airwaves in order to carry high-speed mobile broadband traffic, so it seems that Ofcom is looking to make up the shortfall.
The largest broadband providers Vodafone, Telefonica’s O2, EE and H3G pay around £64.5 million pounds altogether for using the 900 megahertz and 1800 megahertz spectrum bands. It was estimated that any changes would result in a £309 million increase.
According to Ofcom, spectrum is a valuable and finite national resource, and that is why charging for it might incentivize the optimal use of frequencies. In the meantime, the telcos can blame the UK government for the rent hike. Apparently, the government asked the watchdog to recalculate the fees to reflect “full market value”, and the latter said the new rules were expected to take effect in 2014 after a consultation period which will end in December.
The mobile companies keep reviewing the new bill, but Vodafone has already expressed its discontent after Ofcom was proposing a 430% increase in its fees. Maybe it believes that the regulator should be encouraging such private sector investment in infrastructure and new services – for example, 4G.