15 September 2013

Syrian Hackers Attack New York Times and Twitter in Melbourne

Pro-Assad Syrian group was the one who claimed responsibility for hacking Melbourne IT systems with a valid password. Australian Internet hosting firm Melbourne IT suffered a major hacker attack which affected the New York Times website and Twitter.

Syrian-Electronic-Army-lo-010.jpg


The Syrian Electronic Army is known for supporting the Assad regime in Syria and it was the one who claimed responsibility for the DDoS attack on the New York Times website, which resulted in downtime of a few hours. The group also claimed that it hacked Twitter’s domain. The affected websites both use Melbourne IT as a domain name registrar.

Theo Hnarakis, the CEO of Melbourne IT, admitted that the perpetrators gained access to the company’s systems using a valid user name and password. It seems like one of the company’s resellers in the United States was targeted and the outfit is now investigating how it could have happened. Melbourne IT is working with a variety of parties in order to trace the Internet service provider in charge and find out who was responsible for the failure. The company had to admit the vulnerability exists and agree it needs to make sure the failure won’t happen again. However, Melbourne IT can’t even confirm at which stage the systems had been hacked.

The company announced that the New York Times and Twitter were both back online and operating as usual, after changing and locking system passwords. Aside from the online giants, four other lesser known services were affected as well. The company holds registrations for major sites in the country.

In the meantime, Twitter confirmed that it regained control of its domain, stating that the viewing of pictures was “sporadically impacted”. As for the New York Times, they said the incident was caused by a “malicious external attack” and recommended its employees to be careful when sending emails. The NYT believes that a domain registrar should be very serious about security, as it is holding the security to thousands of websites. If someone obtains access to the domain registrar, the site visitors can be easily redirected away from a website, while their emails can be read.

A couple weeks before this incident, the Syrian Electronic Army was reported to hack the Washington Post’s website, with the site operators admitting that the service had fallen victim to a sophisticated phishing attack to gain password data.

12 September 2013

Smart cities

Smart cities may be new cities built smart right from the start or cities established for a special purpose (such as an industrial city or a science p
  • 1
Smart cities may be new cities built smart right from the start or cities established for a special purpose (such as an industrial city or a science park) or — most commonly — an existing city made smart step by step.
What is a smart city?
A smart city can be defined as a “knowledge”, “digital”, “cyber” or “eco” city, depending on the goals set by the city’s planners. Smart cities are forward-looking economically and socially. They monitor critical infrastructure including roads, bridges, tunnels, rails, subways, airports, sea-ports, communications, water, power, even major buildings, to optimize resources and security. And they maximize services to citizens, providing a sustainable environment that fosters happiness and wellness. These services rely on information and communication technology (ICT) infrastructure.
Structurally, a smart city is a system of systems working together. This interoperation of countless systems demands openness and standardization — key principles in smart city construction. Without openness and standardization, a smart city project quickly becomes cumbersome and expensive. A smart city’s constituent technologies include the high-speed optical, sensor, wired and wireless networks that are necessary to enable such benefits as intelligent transport systems, smart grids and home networking.
A smart city’s relationship with its citizens is what distinguishes it most from a traditional city. The ICT-supported services of traditional cities cannot respond to changing economic, cultural and social contexts in the way that smart-city services can. Thus a smart city is above all a human-centric city, which relies on an ICT infrastructure and continued urban development, always taking environmental and economic sustainability into account (see figure).

Smart cities around the world

Smart cities may be new cities built smart right from the start or cities established for a special purpose (such as an industrial city or a science park) or — most commonly — an existing city made smart step by step. Many of the world’s major cities have embarked on smart city projects, including Seoul, New York, Tokyo, Shanghai, Singapore, Amsterdam, Cairo, Dubai, Kochi and Malaga. Considering today’s rate of innovation, it is highly likely that over the coming decade, smart city models will become widely attainable and popular strategies for city development.
Existing smart city projects differ. Amsterdam’s approach is to achieve greater environmental sustainability through smarter operations, employing state-of-the-art technologies in efforts to reduce emissions and use energy more efficiently. Other cities aim to make a broad range of city functions smart, with ubiquitous smart technology playing a role in all aspects of citizens’ lives. Two examples of this strategy are the Republic of Korea’s Ubiquitous City (u‑City), launched in 2004, and Deutsche Telekom’s T‑City launched in Germany in 2006. Smart Seoul (seehttps://itunews.itu.int/En/4148-Smart-Seoul.note.aspx) aims for smarter city management and a better quality of life for its inhabitants.
Cities set their own priorities, but all smart cities display three essential traits. The first is ICT infrastructure. Securing next-generation ICT infrastructure is critical to the success of emerging smart-city services and to anticipating future service demands. Second, the city must have a well-defined and integrated management framework. The many systems of a smart city will work in harmony only through strict adherence to common standards. Third, a smart city needs smart users. ICT are the tools to enable a smart city, but are of no use without technically savvy users able to interact with smart services. A smart city must not only increase access to smart devices across income levels and age groups, but also offer access to education on the use of these devices. A smart city relies on an inclusive network of smart device users, with the city’s inhabitants demanding or creating the services they most value.
Standardizing for smart cities
Given the importance of standardization in creating smart cities, a wide range of activities are under way in different organizations. For example, the International Organization for Standardization (ISO) is looking at smart city standards through a group focused on “smart community infrastructure metrics”. ITU’s Telecommunication Standardization Sector (ITU–T) has established a Focus Group on Smart Sustainable Cities to assess the standardization requirements of cities aiming to boost their social, economic and environmental sustainability through the integration of ICT in their infrastructures and operations.
ITU–T Study Group 5 — Environment and climate change — agreed to form this new Focus Group at its meeting held in Geneva from 29 January to 7 February 2013. The creation of the Focus Group answers a call to action proposed in September 2012 at ITU’s second Green Standards Week, held in Paris. “Smart Sustainable Cities” is also the theme of ITU’s third Green ICT Application Challenge.
Making the smart city the next stage in the process of urbanization will call for new ICT standards, infrastructure and solutions to ensure that this vision becomes a reality. The ITU–T Focus Group on Smart Sustainable Cities will act as an open platform for smart city stakeholders — such as municipalities, academic and research institutes, non-governmental and ICT organizations, and industry forums and consortia. Stakeholders will be able to exchange knowledge in the interests of identifying the standardized frameworks needed to support the integration of ICT services in smart cities.



11 September 2013

China and NSA to Spy on the UN

It seems that the spying etiquette doesn’t exist anymore after failing to deal with a very embarrassing situation in the United Nations.

Flag_of_the_United_Nations.jpg

It turned out that the US National Security Agency has recently cracked the encryption protecting the UN’s internal videoconferencing system, but when it got there it found out China was already there and listening in. It seems that the spooks hacked the United Nations that has its headquarters in New York, a year ago. Within 3 weeks of initially gaining access to the system of the United Nations, the National Security Agency had increased the number of such decrypted communications from a dozen to over 450.

According to the US spooks, there had been numerous data breaches since 2004 to a Chinese military unit in Shanghai. In response, Chinese authorities denied all the claims, while the United States instead made an attempt to arrest the person who catches it and have them shot.

This turn of events is actually a follow up from a story about the NSA spying on the European Union. The report also exposed a “Special Collection Service”, jointly staffed by the CIA and NSA, which exists in more than 80 embassies and consulates across the globe, usually without the knowledge of the host country. Everything was revealed by Edward Snowden – a US citizen and former NSA contractor.

9 Million UK Users Suffered from Cybercrime

It turned out that 8% of cybercrime targets suffered financial losses – among them, people aged over 55 were least likely victims. In the meantime, the financial impact of cybercrime varies, with the overall cost to the economy estimated at £27 billion annually.
Cybercrime-008.jpg

Over 9 million UK Internet users have had their accounts hacked. Of them, 8% of the population explained that they have lost money in 2012 due to cybercrime. Online security experts pointed out that it was quite surprising that 2.3% of the population reported losing over £10,000 to Internet fraudsters.

According to the survey, about 18% of the respondents had experienced attempts to break into their Internet accounts, including email, Internet banking, gaming and social media. 30% of them said it had happened more than once. The researchers revealed that people aged 55 to 64 were least likely to be targeted by cyber criminals – the rate was around 11%, perhaps because they are more care more about security. More than 25% of people aged 18 to 24 have become a victim of cyber attack.

92% of respondents said they had lost nothing in 2012 due to any kind of cybercrime. However, over 3% of more than 1,500 surveyed had lost up to £100, another 2.5% complained they had lost up to £10,000, and 2% claimed to have lost over £10,000.

For comparison, back in 2011, a British government claimed that the overall cost to the economy was £27 billion per year, of which identity theft accounted for £1.7 billion and Internet scams and ripoffs – another £1.4 billion. According to the report, the main loser was UK business, which lost £21 billion due to high levels of IP theft and industrial espionage.

In the meantime, now the social media revolution had changed the way hackers do their job. They explain that a computer virus which used to steal credit card information now creates bogus Instagram “likes” that could be used to generate buzz for someone. Fake “likes” are sold in batches on online hacker forums. For example, one can get 1,000 Instagram followers for $15 and 1,000 Instagram “likes” for $30, while 1,000 credit card numbers cost only $6. Apparently, cyber crime has a clear impact on the lives of average British citizens, with their accounts and credentials being compromised, perhaps even multiple times.

Teenagers Care about Online Privacy

According to the 2012 Teens and Privacy Management Survey conducted by Pew Internet, teenagers are probably more worried about online privacy than adults – it turned out that they have taken steps to uninstall or avoid many teen apps over concern about their privacy.
computerkids-body-1-thumb-615x298-68695-e1330633771875.jpg

According to statistics, teen girls are more likely to delete location data, and most of them have disabled location tracking features on mobile phones and in applications, as they are worried about others’ access to that private data. The survey in question was conducted among American teenagers ages 12-17.

Over 50% of all teens have downloaded applications to their cell phone or tablet PC and 51% of teen apps users have also avoided certain software because of privacy concerns. More than 25% have uninstalled an application because they found out that it was collecting personal data which they didn’t want to share. Finally, over 46% have switched off location tracking features on their cell phone or in an application since they were worried about the privacy of their data.

05 September 2013

UK Government Fears of Laser Spying

The UK authorities claimed that conversations about Snowden leaks could have been monitored by foreign agents. One of the reasons government sources provided for demanding the return of the Snowden documents held by the Guardian at its London offices was that foreign agents were able to monitor conversations in the room through laser spying.
lasers.jpg
The authorities were not satisfied with assurances that the computers with the sensitive data were disconnected from any networks or Internet, and the security agencies remained concerned that the discussions around them could be heard. For example, one intelligence agency expert claimed that in case there was a plastic cup in the room, a laser trained on it could be able to pick up the vibrations of the conversation. Another variant was that a laser, using non-visible light, could be bounced off a window of the room.
Indeed, the idea of laser spying is known worldwide, and it has been already used by the United States against Russian embassies – a high-quality laser is able to fire a beam of invisible light for half a mile without spreading. Besides, there were reports that the CIA used a “laser microphone” to find out that a building in Abbottabad contained a previously unseen male inhabitant (Osama bin Laden).

However, this method wouldn’t necessarily yield what was actually being spoken, and therefore poses less of a risk than any other method. Security experts admit that if the others want to listen to what’s going on in a room, there are easier ways to do so. The laser spying works the following way: the conversation inside a room moves the air, which in its turn moves the windows. A laser beam will shift slightly in wavelength as the window moves, yielding the original conversation. It is known that the US government used it against the Russians. In addition, Nasa technology has recently been suggested as a method of extending the method: in 2005, New Scientist reported that the American security services were using a space technology to eavesdrop on a room with the pulled curtains.

In the meantime, simpler systems containing a bug are also able to transmit conversations which are picked up inside a room to the outside through a laser beam. This has been the plan when a bug with a laser transmitter was discovered in the offices of Trinidad & Tobago’s director of public prosecutions earlier in 2013. Undoubtedly, spying is much easier when you start inside the room rather than outside.

Indeed, the idea of laser spying is known worldwide, and it has been already used by the United States against Russian embassies – a high-quality laser is able to fire a beam of invisible light for half a mile without spreading. Besides, there were reports that the CIA used a “laser microphone” to find out that a building in Abbottabad contained a previously unseen male inhabitant (Osama bin Laden).
However, this method wouldn’t necessarily yield what was actually being spoken, and therefore poses less of a risk than any other method. Security experts admit that if the others want to listen to what’s going on in a room, there are easier ways to do so. The laser spying works the following way: the conversation inside a room moves the air, which in its turn moves the windows. A laser beam will shift slightly in wavelength as the window moves, yielding the original conversation. It is known that the US government used it against the Russians. In addition, Nasa technology has recently been suggested as a method of extending the method: in 2005, New Scientist reported that the American security services were using a space technology to eavesdrop on a room with the pulled curtains.

In the meantime, simpler systems containing a bug are also able to transmit conversations which are picked up inside a room to the outside through a laser beam. This has been the plan when a bug with a laser transmitter was discovered in the offices of Trinidad & Tobago’s director of public prosecutions earlier in 2013. Undoubtedly, spying is much easier when you start inside the room rather than outside.

However, this method wouldn’t necessarily yield what was actually being spoken, and therefore poses less of a risk than any other method. Security experts admit that if the others want to listen to what’s going on in a room, there are easier ways to do so. The laser spying works the following way: the conversation inside a room moves the air, which in its turn moves the windows. A laser beam will shift slightly in wavelength as the window moves, yielding the original conversation. It is known that the US government used it against the Russians. In addition, Nasa technology has recently been suggested as a method of extending the method: in 2005, New Scientist reported that the American security services were using a space technology to eavesdrop on a room with the pulled curtains.
In the meantime, simpler systems containing a bug are also able to transmit conversations which are picked up inside a room to the outside through a laser beam. This has been the plan when a bug with a laser transmitter was discovered in the offices of Trinidad & Tobago’s director of public prosecutions earlier in 2013. Undoubtedly, spying is much easier when you start inside the room rather than outside.

In the meantime, simpler systems containing a bug are also able to transmit conversations which are picked up inside a room to the outside through a laser beam. This has been the plan when a bug with a laser transmitter was discovered in the offices of Trinidad & Tobago’s director of public prosecutions earlier in 2013. Undoubtedly, spying is much easier when you start inside the room rather than outside.


03 September 2013

Ubuntu Raised $10 Million for Edge Phone in Crowdfunding

A UK software developer Canonical has set a record for the most money raised in a crowdfunding campaign. They did it with a project to develop a new smartphone, which gathered pledges of over $10 million.

ubuntu_fundraising-100050357-orig.jpg

Canonical confirmed that its fundraising for Ubuntu Edge phone has secured pledges worth over $10 million within a month on the Indiegogo crowdfunding service, outrunning the previous record set by the Pebble smartwatch. Ubuntu developers are planning to deliver their first handsets in May 2014, and pledgers donating $700 will receive their own devices in return. Thus far, over 14,500 smartphones had already been pledged for.

Media group Bloomberg has also joined the campaign and pledged $80,000 for an enterprise package of 115 devices. Canonical founder admitted that Bloomberg’s level of interest was surprising and had prompted interest from some large handset makers. Over 22,000 pledges have come from all over the globe – most donations arrived from the United States and Europe.

It should be noted that the pledges may never be redeemed, because the developers must meet their minimum fundraising goal of $32 million to claim the money, while the end of the campaign is near. However, the Canonical campaign had already smashed the previous record set on the pledge service: back in 2012, Scanadu Scout managed to raise $1.7 million to develop a medical tricorder able to read vital signs and send them wirelessly to a smartphone.

Canonical, currently employing 500 people in 30 countries, creates open source software for servers and cloud infrastructure. The company was originally established to create a desktop OS alternative to Windows, but with the computing moving from the desktop to mobile devices had to switch its attention to smartphones.

The Ubuntu Edge runs on both Ubuntu and Google’s Android software. The device can also be connected to a desktop PC, allowing the phone to become the brain of a personal computer running on Ubuntu’s OS, with files stored on the handset visible on the PC screen. Media group Bloomberg has announced its involvement earlier in August. The company has its own team designing and creating software for mobile devices and says it sees Ubuntu Edge as an exciting prospect, complementing its vision for open development on the mobile platform.

Facebook Refused to Award a Hacker


597230_1376942540.6806.jpg


Facebook team was humiliated by a hacker after it was trying spin out the news the software was flawed. It is known that the largest social network in the world has a policy that it is ready to pay at least $500 for any security flaw a hacker can find.




Khalil, a systems information expert from Palestine, discovered a flaw which allowed anyone to post to someone else’s timeline even if they are not friends. Khalil reported the flaw to Facebook security team twice, but with no result. He warned Facebook that he could post to Mark Zuckerberg’s wall, but the security experts claimed it wasn’t a bug at all. After this, Khalil posted an Enrique Iglesias video to the wall of Zuckerberg’s schoolmate. However, Facebook team still insisted that since one couldn’t see that post unless they are a friend of a user, it was all right.

Khalil said ok and posted onto Zuckerberg’s wall details of the security flaw. It should be noted that the hacker was very nice about it and apologized for violating Mark’s privacy. In a few seconds Khalil’s Facebook account was suspended and Facebook engineer contacted him to request all the details of the vulnerability. This time they explained that he hadn’t provided enough technical details for them to take action on it. In addition, they claimed that even by proving to them the hack existed, the company couldn’t pay him for the security hole because his actions broke Facebook’s Terms of Service.

It is unknown why the security team hasn’t said from the very beginning that they could see what the hacker talking about but lacked technical details. As you can see, Khalil tried to contact Facebook at least twice and both times they refused to act. So, it turned out that the hacker who found the exploit lost out by forcing someone at Facebook to understand it was a security hole. Frankly speaking, Khalil was punished for his good faith, while he could have sold it on to a 3rd party and make more cash that way.

Google Outage Cut Internet Traffic Twice

Over 40% of the Internet traffic throughout the globe disappeared after Google suffered an outage last week. Although the downtime only lasted a few minutes, depending on the user’s location, all of the Google services, including YouTube, went down.

wideareanetwork.jpg

Although the search giant hasn’t revealed the reasons for the outage, according to online analytics firm GoSquared, global online traffic fell almost twice during the downtime. Apparently, this figure can reflect Google’s control of the worldwide web. It is clear that for many users, the reliance on the tech giant is huge – just seconds after the outage, page views spiked shortly afterwards while users managed to get to their destination.

According to a message on the Google Apps Dashboard, all of its services were affected. Google admitted that it was aware of a problem with Gmail affecting a significant subset of users. While people managed to access Gmail service, they were only seeing error messages or other unexpected behavior. In addition, Google itself only believes that 50% to 70% of requests to its services received errors – in other words, if the outage had really been total the figure could have been much worse.

Apparently, Google has a vested interest in preventing this happen again – in the 4 minutes of downtime it would have lost $500,000 in advertising. The experts claim that to face a problem that size there would have had to be a physical infrastructure problem. However, Google provided no comments on the issue, so it can be just a guess

How NSA Spied on Americans

Recent media reports released a few top secret documents about how the US National Security Agency illegally spied on its citizens, thousands of times per year. It turned out that most of the May 2012 audit was a catalogue of cock-ups where the agency collected information by accident, blaming analyst and programming errors. However, in one situation the phone records of over 3,000 American citizens were collected despite the fact that the agency had been ordered to erase them by a surveillance court.
nsa-prism1.jpg

Overall, the audit reported 2,776 cases where the National Security Agency violated its own privacy rules. In one case, the spooks confused the US area code (202) with the international dialing code for Egypt and snooped on domestic US phone calls. In another situation, the agency mixed domestic and foreign emails collected from tapping into a fibre-optic cable passing through the country. The NSA wanted to store the emails and claimed to the Foreign Intelligence Surveillance Court that they simply couldn’t filter out which emails belonged to the US citizens. In response, the court ruled that the email collection effort must stop, because it was “deficient on statutory and constitutional grounds”.

The audit in question appears to have been provided to the mass media several months ago by famous Edward Snowden and was initially supposed to be seen by the NSA’s top brass and no politicians ever saw it. Although Snowden made promises to not reveal any secrets while he is staying in Russia, more information of what he had passed to the media earlier is expected to be released soon. It is known that Glenn Greenwald, the Guardian reporter who has published the most NSA secrets based on Edward’s leaks, keeps working on a pile of them. According to his tweets, he will be releasing more data soon.