Sweden Probing Cisco, NASA Hacks: Via Threat Level.

Swedish investigators are probing a hacker U.S. authorities accuse of unlawfully intruding into Cisco Systems, NASA’s Ames Research Center and NASA’s Advanced Supercomputing Division, the authorities said Monday.

Philip Gabriel Pettersson, known in the hacking world as “Stakkato,” allegedly seized computer code that controls internet traffic. After the 2004 breach of Cisco, the proprietary source code for Cisco’s IOS operating system was discovered on a Russian website.

Pettersson was indicted in the United States in May on five hacking counts, (.pdf) but could not be brought from Sweden to the United States for trial. Sweden does not extradite its own citizens, but said it was examining whether to prosecute him in Sweden after U.S. authorities in San Francisco initiated that request. [ Read more ... ]

Jurors: Stop Twittering: Via Threat Level.

A federal court policy making body is belatedly entering the internet age by proposing that judges clearly inform jurors they must not electronically discuss cases they are hearing.

It’s standard procedure to inform jurors to remain mum and not conduct any research about the case until a verdict. But recent gadget use by jurors has forced the hand of the Judicial Conference, the policy making body of the U.S. federal courts.

“You may not communicate with anyone about the case on your cell phone, through e-mail, Blackberry, iPhone, text messaging, or on Twitter, through any blog or website, through any internet chat room, or by way of any other social networking websites, including Facebook, MySpace, LinkedIn and YouTube,” (.pdf) according to the model jury instructions the Judicial Conference released days ago to the federal judiciary. [ Read more ... ]

NBC Removes Conan O'Brien From the Web: Via Peter Kafka | MediaMemo | AllThingsD.

Remember the whole Conan O’Brien/Jay Leno imbroglio from last month? Perhaps NBC wishes you didn’t. The GE (GE) unit has removed every episode of the show’s seven-month run from its NBC.com site, as well as Hulu, the site NBC owns with News Corp.’s (NWS) Fox and Disney’s (DIS) ABC.

A little odd, given that a couple of days ago, the network was offering every single “Tonight Show” episode O’Brien had taped on NBC.com. But then again, everything about this story has been odd. NBC declined to comment.

NBC–at least, I’m assuming it’s NBC–has also been aggressive about taking down Conan episodes from Google’s (GOOG) YouTube.

Read Original Article:(Via Peter Kafka | MediaMemo | AllThingsD.)

EFF Asks Court to Suppress Evidence Illegally Gathered From Password-Protected Phone: Via EFF.org Updates.

Our cell phones aren't just for calls anymore. They hold our address books, our calendars, our emails, and our grocery lists. They may even include things like a list of questions to ask your doctor, pictures of your girlfriend, or URLs of web sites you've visited. When can police search your phone and look at all this information?

That's the question that EFF is asking a court in California to consider. In People v. Taylor, police in Daly City, California seized a suspect's iPhone during his arrest. Hours later, investigators bypassed the password and searched through the data on the device without a search warrant. After the officers realized that the information was too extensive to write down, they finally obtained a warrant to search the phone. [ Read more ... ]

Google Superbowl Ad Explains The Need for Search Privacy: Via EFF.org Updates.

Google's ad during yesterday's Superbowl explained in less than a minute how the story of someone's life can be pieced together from their search queries. Using only the search terms and user's clicks of the search results, Google told the story of a user who seeks love while studying abroad in Paris, finds it, moves to Paris, marries and has a child.

[ Read more ... ]

EFF Fights for Cell Phone Users' Privacy in Thursday Hearing: Via EFF.org Updates.

Philadelphia - The Electronic Frontier Foundation (EFF) will be arguing this Thursday before the U.S. Court of Appeals for the 3rd Circuit in Philadelphia, urging the court to block a government attempt to seize telephone company records detailing a cell phone user's past locations without first getting a search warrant. [ Read more ... ]

Identifying John Doe: It might be easier than you think: Via Freedom to Tinker.

Imagine that you want to sue someone for what they wrote, anonymously, in a web-based online forum. To succeed, you'll first have to figure out who they really are. How hard is that task? It's a question that Harlan Yu, Ed Felten, and I have been kicking around for several months. We've come to some tentative answers that surprised us, and that may surprise you.

Until recently, I thought the picture was very grim for would-be plaintiffs, writing that it should be simple for "even a non-technical Internet user to engage in effectively untraceable speech online." I still think it's feasible for most users, if they make enough effort, to remain anonymous despite any level of scrutiny they are practically likely to face. But in recent months, as Harlan, Ed, and I have discussed this issue, we've started to see a flip side to the coin: In many situations, it may be far easier to unmask apparently anonymous online speakers than they, I, or many others in the policy community have appreciated. Today, I'll tell a story that helps explain what I mean. [ Read more ... ]

ShmooCon: Inside FarmVille's sinister underbelly: Via Computerworld Security News.

You love Facebook apps like FarmVille and Mafia Wars and think they're perfectly safe, right? Think again.

You see it all the time on Facebook: A friend moving on up in FarmVille. Another friend trying to expand his posse in Mafia Wars. Everyone thinks of them as harmless third-party applications, free from the crooks and cooks of cyberspace.

Unfortunately, that's not the case.

The sad fact is that these applications are susceptible to malware pushers and those looking to steal your personal information. It's not much of a stretch for hackers to impersonate people you think are trusted, fellow players, as is the case with a lot of online gaming. And the more you expose yourself, the bigger the target you become. [ Read more ... ]

More Details on the Chinese Attack Against Google: Via Schneier on Security.

Three weeks ago, Google announced a sophisticated attack against them from China. There have been some interesting technical details since then. And the NSA is helping Google analyze the attack.

The rumor that China used a system Google put in place to enable lawful intercepts, which I used as a news hook for this essay, has not been confirmed. At this point, I doubt that it's true.

Read Original Article:(Via Schneier on Security.)

The top 5 mistakes of privacy awareness programs: Via Computerworld Privacy News.

Privacy consultant Jay Cline identifies the errors companies often make when trying to educate employees about data protection.

The Health Insurance Portability and Accountability Act requires it. The Payment Card Industry Data Security Standard requires it. The ISO 27001 standard requires it. In fact, every regulation that mandates that reasonable measures be taken to protect information implicitly requires companies to set up training programs to help employees understand what those measures are.

But what does training actually mean?

Many corporations have adopted a check-box approach toward compliance with this obligation. Here are five shortcuts I see them taking instead of using the opportunity to ensure that employees really know how to protect information. [ Read more ... ]

ShmooCon: P2P snoopers know what's in your wallet: Via Computerworld Privacy News.

People send their most sensitive personal information out over P2P networks, and the bad guys are watching.

Being security researchers and all, Larry Pesce and Mick Douglas thought it would be a hoot to take a look at some of the information people send out over peer-to-peer (P2P) networks. They were taken aback by what they found.

At the 2010 ShmooCon security conference Friday, the duo showed off the extremely sensitive information they've been able to intercept, including driver's licenses and passports, tax return forms with Social Security numbers; someone's last will and testament and information on one man's secret activities that could potentially be exploited by terrorists. [ Read more ... ]

Can you trust Chinese computer equipment?: Via ITworld.

China may not only be breaking into Google's network, but giving people deliberately bugged technology gear. Can we trust any technology that comes from China?

As you surely know, Google has accused China of hacking into its systems and is considering pulling out of China altogether. The U.S. government is taking this seriously, and Google has partnered with the NSA (National Security Agency) to get to the bottom of this. What you may not know is that the United Kingdom's MI5 -- Americans can think of this as a combination of the FBI and CIA -- has reported that the Chinese government has been giving UK executives electronics with built-in security holes.

According to the Sunday Times, "A leaked MI5 document says that undercover intelligence officers from the People's Liberation Army and the Ministry of Public Security have also approached UK businessmen at trade fairs and exhibitions with the offer of 'gifts' and 'lavish hospitality.' The gifts -- cameras and memory sticks -- have been found to contain electronic Trojan bugs which provide the Chinese with remote access to users' computers." [ Read more ... ]

Authors Guild: ‘To RIAA or Not to RIAA’: Via Threat Level.

There’s equal reason to support or object to the proposed Google Books settlement.

Creating a digital catalog of the worlds’ words might be the Holy Grail of intellectual empowerment.

Yet building that library in the clouds would be allowed without the rights-holders’ consent — which the Justice Department and others contend is a complete and fundamental alteration of copyright law.

The Authors Guild is backing the settlement in hopes of creating a new and legitimate book-selling venue. In a message to members Friday, it supported the development of a digital marketplace for the world’s words as a counter to digital piracy.

What’s more, the group noted it didn’t want to be like the Recording Industry Association of America. The labels’ lobbying and litigation arm has sued thousands of individuals and music-trading sites — lawsuits that have not dented the illegal, pirated-music marketplace. [ Read more ... ]

Know Before You Go: Tickets May Come at a Higher Price Than You Realize: Via EFF.org Updates.

As part of our Terms of Ab(use) project, we pay close attention to the fine print of online agreements for provisions that are potentially dangerous to consumers. We've noticed a troubling change in the way event planners restrict the rights of individuals who attend their shows. Where once these limitations had to fit on the back of a ticket, increasingly event organizers have moved their fine print online, where they are able to use even more contract law to avoid the limits of trademark and copyright law and actively control what ticket holders can say or do even after the event is over.

These burdensome terms can show up in some pretty unexpected places. Last year we noted how the Burning Man Organization (BMO) used online ticket terms to require participants to assign to BMO—in advance—the copyright to any pictures they took on the playa. Tickets for the 2010 event went on sale in mid-January, and we hoped the new terms would acknowledge the concerns we had expressed. Sadly, the new terms are just as onerous as before. [ Read more ... ]

FBI wants records kept of Web sites visited: Via Politics and Law - CNET News.

WASHINGTON--The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.

FBI Director Robert Mueller supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday.

As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.

The FBI is not alone in renewing its push for data retention. As CNET reported earlier this week, a survey of state computer crime investigators found them to be nearly unanimous in supporting the idea. Matt Dunn, an Immigration and Customs Enforcement agent in the Department of Homeland Security, also expressed support for the idea during the task force meeting. [ Read more ... ]

Rulings Leave Online Student Speech Rights Unresolved: Via Threat Level.

Do American students have First Amendment rights beyond the schoolyard gates?

The answer is yes and no, according to two conflicting federal appellate decisions Thursday testing student speech in the online world.

“Ultimately, the Supreme Court is going to have to decide if there ever is a time students have full-fledged First Amendment rights,” said Frank LoMonte, executive director of Virginia-Based Student Press Law Center. He’s one of the attorneys in the cases the 3rd U.S. Circuit Court of Appeals decided.

The U.S. Supreme Court has never squarely addressed the parameters of off-campus, online student speech, but might soon. So far, lower courts appear to be guided by a 1969 high court ruling saying student expression may not be suppressed unless school officials reasonably conclude that it will “materially and substantially disrupt the work and discipline of the school.”

In that landmark case, the Supreme Court said students had a First Amendment right to wear black armbands to protest the Vietnam War. But that precedent, which addressed on-campus speech, is now being applied to students’ online speech four decades later.

One of the cases favoring student speech decided Thursday concerns a senior and honors student. In 2005, the Pennsylvania high school student was suspended 10 days after he created a mock MySpace profile of his principal. [ Read more ... ]

Police want backdoor to Web users' private data: Via Politics and Law - CNET News.

Anyone with an e-mail account likely knows that police can peek inside it if they have a paper search warrant.

But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They're pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.

CNET has reviewed a survey scheduled to be released at a federal task force meeting on Thursday, which says that law enforcement agencies are virtually unanimous in calling for such an interface to be created. Eighty-nine percent of police surveyed, it says, want to be able to "exchange legal process requests and responses to legal process" through an encrypted, police-only "nationwide computer network." (See one excerpt and another.) [ Read more ... ]

Cisco's wiretapping system open to exploit, says researcher: Via Law & Disorder Section - Ars Technica.

To meet the needs of law enforcement, most telecommunications equipment includes hardware and software that allow for the monitoring of traffic originating with the targets of investigations. The precise capabilities are often dictated by formalized standards, which allow any hardware maker to implement a compliant system. Unfortunately, these standards often leave the hardware wide open to various attacks that leave regular users vulnerable, and provide savvy surveillance targets the opportunity to evade the snooping. An IBM researcher has put Cisco's system under the microscope at a Black Hat Conference, and found it comes up short. [ Read more ... ]

Wikileaks Meets Its Cash Goal — For Now: Via Threat Level.

The whistleblowing site Wikileaks has apparently raised the money it needs to continue operating for the time being, according to a message the organization sent out Wednesday night on Twitter.

“Achieved min. funraising [sic] goal. ($200k/600k); we’re back fighting for another year, even if we have to eat rice to do it,” read the tweet, without specifying whether it had raised the full $600,000 or just $200,000.

The site announced last December that it was ceasing day-to-day operations to focus on raising money. It said contributors could still send documents and tips through its anonymous submission tool. Last week, it was ceasing operations indefinitely because it had raised only $130,000 of the $200,000 it needed to maintain base operations annually. The site says it requires $600,000 to operate if it pays its staff of technologists and curators who sift through submissions to provide context for documents and other information valuable to its users.

The announcement page, beginning with: “We protect the world — but will you protect us?” has not changed, except to add that Wikileaks “will be back soon.” [ Read more ... ]

‘Don’t Be Evil,’ Meet ‘Spy on Everyone’: How the NSA Deal Could Kill Google: Via Danger Room.

The company once known for its “don’t be evil” motto is now in bed with the spy agency known for the mass surveillance of American citizens.

The National Security Agency is widely understood to have the government’s biggest and smartest collection of geeks — the guys that are more skilled at network warfare than just about anyone on the planet. So, in a sense, it’s only natural that Google would turn to the NSA after the company was hit by an ultrasophisticated hack attack. After all, the military has basically done the same thing, putting the NSA in charge of its new “Cyber Command.” The Department of Homeland Security is leaning heavily on the NSA to secure .gov networks.

But there’s a problem. The NSA and its predecessors also have a long history of spying on huge numbers of people, both at home and abroad. During the Cold War, the agency worked with companies like Western Union to intercept and read millions of telegrams. During the war on terror years, the NSA teamed up with the telecommunications companies to eavesdrop on customers’ phone calls and internet traffic right from the telcos’ switching stations. And even after the agency pledged to clean up its act — and was given wide new latitude to spy on whom they liked – the NSA was still caught “overcollecting” on U.S. citizens. According to The New York Times, the agency even “tried to wiretap a member of Congress without a warrant.” [ Read more ... ]

Intelligence Official Acknowledges Policy Allowing Targeted Killings Of Americans: Via American Civil Liberties Union.

ACLU Says More Information Needed On Policy That Grants President Power To Target Americans Abroad

FOR IMMEDIATE RELEASE
CONTACT: (212) 549-2666; media@aclu.org

NEW YORK – Director of National Intelligence Dennis Blair acknowledged in a congressional hearing on Wednesday that the U.S. may, with executive approval, deliberately target and kill U.S. citizens who are suspected of being involved in terrorism. The American Civil Liberties Union expressed serious concern about the lack of public information about the policy and the potential for abuse of unchecked executive power.
 
The following can be attributed to Ben Wizner, staff attorney with the ACLU National Security Project: [ Read more ... ]

Google to enlist NSA to help it ward off cyberattacks: Via washingtonpost.com .

The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity.

Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users -- from future attack.

Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google's policies or laws that protect the privacy of Americans' online communications. The sources said the deal does not mean the NSA will be viewing users' searches or e-mail accounts or that Google will be sharing proprietary data. [ Read more ... ]

Hackers Steal Millions in Carbon Credits: Via Threat Level.

Credit card numbers are so passe. Today’s hackers know the real powerhouse data to steal is emission certificates.

That’s exactly what hackers went after last week when they obtained unauthorized access to online accounts where companies maintain their carbon credits, according to the German newspaper Der Spiegel.

The hackers launched a targeted phishing attack against employees of numerous companies in Europe, New Zealand and Japan, which appeared to come from the German Emissions Trading Authority. The workers were told that their companies needed to re-register their accounts with the Authority, where carbon credits and transactions are recorded. [ Read more ... ]

Report Details Hacks Targeting Google, Others: Via Threat Level.

It’s been three weeks since Google announced that it and numerous other U.S. companies were targeted in a recent sophisticated and coordinated hack attack dubbed Operation Aurora.

Until now we’ve only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan, and about 34 mostly undisclosed companies were breached.

Now a leading computer forensic firm is providing the closest look so far at the nature of the attacks, and attackers, that struck Google and others. The report never mentions Google by name, or any other companies, but focuses on information gathered from hundreds of forensic investigations the firm has conducted that are identical to what we know about the Google hack. [ Read more ... ]