27 October 2013

Security Agencies Target Tor Network

The NSA has repeatedly tried to attack people using Tor, a popular tool protecting their Internet anonymity. This is despite the fact the software is primarily funded and promoted by the government of the United States itself.

NSA-laptop-010.jpg

According to secret NSA files, disclosed by Edward Snowden, the agency successfully identified Tor users and then attacked vulnerable software on their machines. One NSA technique targeted the Firefox Internet browser used with Tor and gave the agency full control over targets’ computers, including access to files, all keystrokes and all Internet activity. However, the files suggest that the fundamental security of the anonymity service remains intact.

Tor (The Onion Router) is an open-source public project which redirects its users’ traffic via other PCs, called “relays” or “nodes”, in order to keep it anonymous and avoid filtering tools. Journalists, activists and campaigners in America, Europe, China, Iran and Syria rely on Tor network to maintain the privacy of their communications and avoid reprisals from the authorities. The network currently receives around 60% of its funding from the American government, primarily the State Department and the Department of Defense.

Despite the importance of the network to dissidents and human rights groups, the National Security Agency and its British counterpart GCHQ have devoted their efforts to attacking Tor. They claim that the service is also used by people engaged in terrorism, trade of child abuse images, and virtual drug dealing.

While it seems that the agency hasn’t compromised the core security of the Tor software or network, the leaked files detail proof-of-concept attacks, including some relying on the large-scale Internet surveillance systems used by the NSA and GCHQ via Internet cable taps.

Foremost among the concerns is whether the agency has acted against users in the United States when attacking the network. The matter is that one of the functions of the anonymity service is to hide the country of all of its users, which means that any attack could be hitting members of Tor’s American user base.

A less complex attack against the network was also disclosed in July 2013, with its details leading to speculation that it had been built by the FBI or another American agency. While at the time the FBI refused to admit it was behind the attack, it subsequently claimed in a hearing in an Irish court that the agency did operate malware to target an alleged host of pictures of child abuse, with the attack also hitting Tor network.

23 October 2013

France Will Fine Google

The tech giant hoped that France would forget its sins and let it do what it wants with EU data having been dashed recently. Local press confirm that Google will get a fine after it failed to comply with an order to alter the way user data is stored and used in order to conform to French privacy laws.

lef1.jpg

The fine comes as a result of an investigation led by EU data protection authorities of a new privacy policy adopted by Google a year ago. Local privacy watchdog pointed out that Google was ordered to comply with data protection legislation within three months, but it just didn’t. It seems like Google just shrugged and refused. The company keeps insisting that local data protection laws can’t be applied to users of certain Google services in France.

Now the watchdog will designate a rapporteur to initiate a formal procedure for imposing sanctions. This is done under the provisions laid down in the country’s data protection legislation. The tech giant could be fined about $200,000 which seems not much. In addition, the company could in certain circumstances be ordered to refrain from processing personal information in certain ways for 3 months. The company responded that its privacy policy does respect European legislation. It also insisted that it had “engaged fully” with the watchdog within this process.

Industry observers agree that the company is in trouble with European laws in an antitrust case for allegedly breaking competition rules. Google recently submitted proposals to avoid fines in that case. In the meantime, in the United Kingdom, Google is finding itself on the back foot over its policy of refusing to pay tax which the government didn’t like at all.

22 October 2013

National Security Agency Maps Social Connections

According to the latest Snowden leak, for the last three years, the National Security Agency has been creating sophisticated graphs of the US citizens’ social connections.
nsa-spying-logo.jpg

Investigating the shedloads of information the agency has collected, NSA is now able to tell who your friends are, your locations at certain times, your travel companions and other personal data.

One of the slides from a leaked NSA presentation reveals the way it uses e-mail and phone information in order to analyze the relationships of foreign intelligence targets. Another file revealed that the NSA was told to carry out large-scale graph analysis on communications metadata “without having to check foreignness of every e-mail address, phone number or other identifier”.

The NSA was mix and matching communications information with public, commercial and other sources. The list included bank codes, insurance data, Facebook profiles, passenger manifests, voter registration rolls, GPS location data, and even property records and unspecified tax information.

It seems that the agency may also know more about foreign citizens than their own government does. The Americans may also have been caught up in the effort. Actually, lots of foreigners might know the US citizens and sometimes send them emails.

Google Pays Corporation Tax in the US instead of the UK

Google paid only £11 million in British corporation tax in 2012, despite revenues of £500 million. Indeed, the company made global profits of £6 billion last year, but says that it pays bulk of its tax where business originated – the United States. Its representatives argued that the company made a significant contribution to the United Kingdom through investment and jobs.

Google-sign--010.jpg


Back in 2011, Google paid £6 million while showing a £24 million loss on a £400 million turnover. The US company has been repeatedly accused of failing to pay its fair share of tax in the United Kingdom. In addition, the tech giant has been criticized for designating Ireland, and not the United Kingdom, as Google’s official European sales base in order to benefit from lower company tax rates.

Google’s former employee, who turned to be a whistle blower, handed over documents to HM Revenue and Customs to show how the company’s London sales staff would negotiate and sign contracts with UK customers, with cash paid into a British bank account. However, the deals were allegedly booked through Google’s Dublin office in order to minimize its liabilities.

According to the recent Companies House filings, the tech giant also set aside £24 million for taxes associated with shares awarded to staff between 2005 and 2011, in order to comply with new rules from HMRC. In response, Google claimed it was right that the majority of its tax should be paid in the United States. The company’s representatives argued the company made a huge contribution to Britain via investment and jobs.

Google explained that like most multinationals it pays the bulk of its £1.2 billion corporate tax bill where its business originated – the United States. This is a rate of almost 20%, roughly what a Britain-based entity would pay. Google also considers itself a significant contributor to the British economy having created more than 2,000 jobs. The company has invested over £300 million in property in 2013, with tax related to British operations totaled £150 million.

21 October 2013

There Are 430 Million Active Pirates Out There

A recent survey has discovered that online piracy is growing rapidly (well, this wasn’t a news). According to the estimations, 432 million people per month used the worldwide web to access copyright infringing material. Within a month, all these pirates consumed 9,567 petabytes of illegal content, mostly via BitTorrent. To put it simply, about 25% of all Internet traffic is attributed to piracy.

illegald460.jpg



The conclusion of the report was also nothing new – despite anti-piracy policies and enforcement actions, piracy cannot be stopped. The researchers admit that the practice of infringement is “tenacious and persistent”. Sometimes the industry succeeds in limiting infringement, but not for long. At the moment, the piracy universe not just persists in attracting more users, but also hungrily consumes increasing amounts of bandwidth.

Among the most visible trends the observers point at direct download “cyberlockers” losing plenty of visitors within the last couple years, while other platforms, on the contrary, expanded their user bases. So, within 2012, the number of pirates using cyberlockers decreased by 8%, and the most obvious reason for this is MegaUpload shutdown. In the meantime, the number of file-sharers using BitTorrent and video streaming platforms grew by 27% and 22% accordingly.

Today most illegal file-sharers use direct download and torrent services, both accounting for 200 million unique users per month. This figures excluded users who never download any infringing content, and their share is only 4% for BitTorrent and 8% for direct download services.

The total bandwidth generated by illegal file-sharers in Europe, North America and Asia-Pacific is estimated at over 9,500 petabytes of data – so, you can guess that global traffic far exceeded 10,000 petabytes. Here BitTorrent is the absolute leader, and this makes sense – people both download and upload content, thus generating twice as much traffic. At the same time, cyberlocker users downloaded relatively little data – about 338 petabytes per month.

Talking about regional trends, direct download services are preferred in the Asia-Pacific region, and BitTorrent is popular in Europe and North America. Although there is no clear way these numbers could be translated into losses for the entertainment industry, the latter will undoubtedly leave no opportunity unused to turn the results of the survey to its advantage.

Thanks to TorrentFreak for providing the source of the article

Free Software Foundation Turns 30

Richard Stallman, recognized worldwide as free software guru, president of the Free Software Foundation and a person who started the development of the free software operating system GNU nearly 30 years ago.

stallman1.article.jpg

As you know, the GNU/Linux system is used on tens of millions of devices these days. Stallman also established the League for Programming Freedom. The latter campaigned against legal threats to programming.

Richard Stallman explained that it is now thirty years since he started the campaign for freedom in computing. According to his words, since he started, the IT scene has changed dramatically – today most people in advanced countries own PCs and smartphones which can be like computers.

However, he is still worried that non-free software makes users surrender control over their computing to someone else. Actually, the situation has become worse because of Service as a Software Substitute (SaaSS), which means allowing someone else’s server do your own computing activities.

This was all highlighted by the PRISM scandal, revealing that non-free software and SaaSS are able to spy on the user, shackle the user, and even attack the user. Stallman admitted that malware was common in services and proprietary software apps because people don't have control over them.

In the meantime, free software is controlled by its users. Therefore, freedom means having control over their own lives. Nevertheless, Service as a Software Substitute leads to the same injustices as using a non-free app.

In case someone uses a SaaSS translation service, their text is sent to the server. Then the server translates it and sends the translation back to the user. In other words, users are entrusting all the relevant information to the server operator. The latter may be forced to show it to the state under the current law. The scheme is simple: if the users don’t control the software, the software controls the users.

Richard Stallman was also talking about another difficulty: non-free software forces other people to use it as well. For example, if you use the non-free Skype app, another person has to use it as well, thus surrendering their freedoms along with yours.

French Watchdog Threatens Google

It seems that the search giant is tired of getting threats from watchdogs all over the world – every day someone barks at Google. Today France’s data-protection watchdog warned that it is going to impose sanctions against the company, after it missed a 3-month deadline to adjust its privacy policy.
20130620__0621google~1_300.JPG


CNIL, the French outfit, claimed that it had initiated procedures to fine the search engine after Google failed to meet a deadline to fix its policy on how it gathers and uses information. CNIL pointed out that on the final day before the deadline, the search giant contested the request.

The fine of up to $200,000 is insignificant for Google, which made $10.7 billion in profits last year. However, the fine comes as data-protection agencies in the UK, Germany, Italy and the Netherlands are investigating the company’s privacy policy. Google is also facing pressure to adjust its privacy policy in the United States.

A year ago, the tech giant changed its privacy policy in EU to combine over 60 of its services into one. In other words, Google consolidated data collected across the services. This is why consumer groups expressed concern that people might not want the data from those services to be connected.

The French watchdog claimed in June that the company’s new privacy policy was a violation of the local 1978 data protection act. CNIL asked Google to clarify its privacy policy and to modify its data-collection instruments.

Google replied that its privacy policy respects EU law and allows to create simpler, more effective services. The company has engaged fully with the watchdog throughout this process, and is going to continue doing so. The CNIL's move comes in a week when an American judge ruled that the tech giant may violate wiretap legislation when it scans the e-mails of non-Gmail users. This court decision will allow a class action lawsuit against Google, backed by privacy advocates, to move forward.

Judge Lucy Koh also decided that the company’s privacy agreements were less than explicit. She pointed out that a reasonable Gmail user reading the Privacy Policies wouldn’t have necessarily understood that their e-mails were being intercepted in order to create user profiles or to provide targeted advertisements.

UK to Form a Cyber Army

Britain is going to recruit hundreds of computer experts to create a cyber-army. The unit is supposed to defend vital networks against virtual attacks and launch high-tech assaults of its own. The Ministry of Defense announced that the country is spending increasing amounts on defending the people from the threats they are unlikely to ever face.

Dads%20Army-1.jpg


Despite the fact that the United Kingdom is broke, it still has the 4th largest defense budget in the world. A large part of this cash is not being spent on cyber intelligence and surveillance. Back in 2012, cyber defenses blocked about 400,000 advanced malicious cyber threats against the government’s secure Internet alone. This shows that the threat is real.

However, the Ministry of Defense points out that building cyber defense is not sufficient, because the United Kingdom also has to deter attacks. The country said that it is going to build a dedicated capability to counterattack in cyberspace and, in case of necessity, to strike. The representatives of the Ministry added that clinical “cyber strikes” could disable enemy communications, nuclear and chemical weapons, planes, ships and other hardware.

It was announced that the British government would recruit a new Joint Cyber Reserve. The “reservists” are supposed to work alongside existing experts in numerous government agencies, including the Ministry of Defense and the extremely unpopular GCHQ surveillance agency.

08 October 2013

UK Will Block Payments to Sites Failing to Restrict Children Access to Porn

It seems that UK banks and credit card companies will be asked to hold back cash from customers of sites hosting explicit content if they fail to implement restrictions to stop children from accessing it.

Porn.jpg

Financial entities and the video services regulator are going to meet in October to finalize the deal. Media reports also reveal that a voluntary deal might be agreed with credit card firms. It seems that government would be prepared to consider legislation, if necessary.

While some online services require users to verify their age, most of them offer free and unrestricted access to any visitors. This is why the authority regulating British websites hosting videos decided to act against services operating in this way. In the beginning of 2013, regulator Ofcom fined Playboy £100,000 for failing to protect kids from porn content. A couple of websites owned by Playboy allowed everyone to access explicit content without having acceptable controls in place to check that users are adults. Ofcom claimed that Playboy’s failure to protect kids from potentially accessing adult content was serious, repeated and reckless.

The UK government supports the work that the watchdog has undertaken, and it will explore with local financial organizations and credit card companies the possibility to decline processing payments to websites operating outside the EU that allow British kids to view porn content.

The authorities also support efforts to encourage the Internet industry to design new effective ways of verifying the age of visitors. In the meanwhile, it wouldn’t be appropriate to block outright all online services providing free hardcore porn because they host legitimate content for adults to view.

So, the meeting is scheduled to October with the UK Cards Association, the British Bankers Association, the Payments Council and the leading credit card companies. It is already known that the financial services companies had provided a “very positive response” to the proposal.

As you remember, the UK Prime Minister has suggested a new initiative earlier in 2013 aimed at getting ISPs to put filters in place. Online giants including Google and Yahoo are set to be called back to Downing Street in October to update the Prime Minister on the progress on such measures.

07 October 2013

Internet Connections to Sudan Cut off

All online connections to Sudan were abruptly cut off after riots erupted over the ending of fuel subsidies. The government seems to make the move in order to prevent protesters from using social media to organize riots. Although the real reasons are unclear, the Internet monitoring firms point out that it was either a coincidental catastrophic failure of all three independent ISPs and their connections out of Sudan (as well as a terrestrial link into Egypt) or some centrally directed, government action.

In most cases of a failure of this kind which is not governmentally directed (for example, a power failure or a cut cable), ISPs switch to their satellite backups. However, this time it didn’t happen. It was a total shutdown, as happened earlier in Egypt.

Cutting off Internet is normally used by some governments in Middle Eastern countries in order to regain control amid heated protests. As you now, the now-defunct Mubarak regime in Egypt and the Assad regime in Syria have severed online links in attempt to restrict protests. Indeed, cutting international links makes it difficult to upload videos of protests to YouTube, among other things.

The industry observers confirmed that Sudan’s Internet connectivity abruptly dropped to zero. According to media reports, it broke out after the local government removed fuel subsidies, with a number of petrol stations and a university building set on fire. In the meantime, security forces fired teargas to disperse protesters who have demonstrated and set fire to a police station in Khartoum.

Since the protests have gone on for a few days after the country’s Council of Ministers decided to stop the subsidies, the price of fuel immediately doubled. The industry experts point out that the cut in subsidies followed the split of South Sudan to form an independent state two years ago. The latter took more of the main oil-producing territory which had previously been part of Sudan. In addition, the International Monetary Fund has previously told Sudan to cut the subsidies, as they consumed over 3/4 of the government’s total tax revenues. As a result, the people have no access to Internet and are in isolation from the world.