Mobile that allows bosses to snoop on staff developed: Via BBC News.

Researchers have produced a mobile phone that could be a boon for prying bosses wanting to keep tabs on the movements of their staff.

Japanese phone giant KDDI Corporation has developed technology that tracks even the tiniest movement of the user and beams the information back to HQ.

It works by analysing the movement of accelerometers, found in many handsets.

Activities such as walking, climbing stairs or even cleaning can be identified, the researchers say.

The company plans to sell the service to clients such as managers, foremen and employment agencies.

"Technically, I think this is an incredibly important innovation," says Philip Sugai, director of the mobile consumer lab at the International University of Japan. [ Read more ... ]

China Widens Net Censorship; Google Exile Looms: Via Threat Level.

The Chinese government is imposing new internet restrictions demanding personal-website operators to acquire central-government permission to operate their sites.

The latest censorship measure, which covers .cn domestic domains, comes as Google is trying to convince Chinese censors to ease up. Google said 43 days ago it would undertake a self-imposed exile from China if the government does not back off from requiring it to censor search results.

The government said the latest move — which also requires site owners to submit a photograph and to show identification — was targeted at tackling pornography. Critics, though said it was based on silencing political dissent. China did not say when the rules would be enforced. [ Read more ... ]

Probe Traces Google Hack to Chinese Schools: Via Threat Level.

NEW YORK (Reuters) - Recent cyber attacks on Google and other American corporations have been traced to a top Chinese university as well as a school with ties to the Chinese military, The New York Times reported on Thursday, citing people involved in the investigation.

Those people told the Times that the Chinese schools involved are Shanghai Jiaotong University and the Lanxiang Vocational School. They said the attacks may have started as early as April 2009 — earlier than previously thought.

According to the report, investigators believe there is evidence suggesting a link to a computer science class at the vocational school taught by a Ukrainian professor.

Google jolted U.S.-China ties with its Jan. 12 announcement that it had faced a “highly sophisticated and targeted attack” in mid-December, allegedly from inside China. [ Read more ... ]

More Details on the Chinese Attack Against Google: Via Schneier on Security.

Three weeks ago, Google announced a sophisticated attack against them from China. There have been some interesting technical details since then. And the NSA is helping Google analyze the attack.

The rumor that China used a system Google put in place to enable lawful intercepts, which I used as a news hook for this essay, has not been confirmed. At this point, I doubt that it's true.

Read Original Article:(Via Schneier on Security.)

Can you trust Chinese computer equipment?: Via ITworld.

China may not only be breaking into Google's network, but giving people deliberately bugged technology gear. Can we trust any technology that comes from China?

As you surely know, Google has accused China of hacking into its systems and is considering pulling out of China altogether. The U.S. government is taking this seriously, and Google has partnered with the NSA (National Security Agency) to get to the bottom of this. What you may not know is that the United Kingdom's MI5 -- Americans can think of this as a combination of the FBI and CIA -- has reported that the Chinese government has been giving UK executives electronics with built-in security holes.

According to the Sunday Times, "A leaked MI5 document says that undercover intelligence officers from the People's Liberation Army and the Ministry of Public Security have also approached UK businessmen at trade fairs and exhibitions with the offer of 'gifts' and 'lavish hospitality.' The gifts -- cameras and memory sticks -- have been found to contain electronic Trojan bugs which provide the Chinese with remote access to users' computers." [ Read more ... ]

Google to enlist NSA to help it ward off cyberattacks: Via washingtonpost.com .

The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity.

Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users -- from future attack.

Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google's policies or laws that protect the privacy of Americans' online communications. The sources said the deal does not mean the NSA will be viewing users' searches or e-mail accounts or that Google will be sharing proprietary data. [ Read more ... ]

Report Details Hacks Targeting Google, Others: Via Threat Level.

It’s been three weeks since Google announced that it and numerous other U.S. companies were targeted in a recent sophisticated and coordinated hack attack dubbed Operation Aurora.

Until now we’ve only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan, and about 34 mostly undisclosed companies were breached.

Now a leading computer forensic firm is providing the closest look so far at the nature of the attacks, and attackers, that struck Google and others. The report never mentions Google by name, or any other companies, but focuses on information gathered from hundreds of forensic investigations the firm has conducted that are identical to what we know about the Google hack. [ Read more ... ]

Seven "Corporations of Interest" in Selling Surveillance Tools to China: Via EFF.org Updates.

Secretary of State Hillary Clinton's announcement of a new U.S. policy on global Internet Freedom included a bold new statement about the responsibilities of American technology companies:

...We are urging U.S. media companies to take a proactive role in challenging foreign governments' demands for censorship and surveillance. The private sector has a shared responsibility to help safeguard free expression. And when their business dealings threaten to undermine this freedom, they need to consider what’s right, not simply what’s a quick profit.

We couldn't agree more. [ Read more ... ]

Report: Critical Infrastructures Under Constant Cyberattack Globally: Via Threat Level.

Critical infrastructure systems around the world are the targets of repeated cyberattacks, according to a new global survey of technology executives in these industries. They believe some of the attacks are coming not just from individual cybercriminals but terrorists and foreign nation states.

The United States and China are believed to be the most likely countries to conduct a cyberattack against the critical infrastructure of another nation, according to the respondents.

Companies and agencies operating in the banking and finance sectors, energy and natural resources, telecommunications and internet service providers, transportation and mass transit, chemical production and storage, food distribution and government services are considered critical infrastructure companies.

The attacks that are occurring include massive denial of service attacks, stealthy efforts to penetrate networks undetected, DNS poisoning, SQL injection attacks and malware infections. The aims of the attacks vary from shutting down services or operations to theft of services and data or extortion attempts. [ Read more ... ]

China Accuses U.S. of Cyberwarfare: Via Threat Level.

In the wake of a recent speech by U.S. Secretary of State Hillary Clinton condemning countries that censor the internet and engage in hacking, China has lobbed a return volley and accused the United States of hypocrisy and initiating cyberwarfare against Iran.

An editorial in the People’s Daily — the main mouthpiece for China’s Communist Party — accused the U.S. of doublespeak and of using “online warfare” to instigate violent unrest in Iran via Twitter and YouTube following that country’s national elections in June.

“We’re afraid that in the eyes of American politicians, only information controlled by America is free information, only news acknowledged by America is free news, only speech approved by America is free speech, and only information flow that suits American interests is free information flow,” said the Sunday editorial, according to the Guardian newspaper.

The editorial was taking aim at a speech by Clinton on Thursday in which she said that access to information, and the internet, is a basic human right, but that countries around the world were erecting virtual walls in place of the physical walls that generally characterize oppressive regimes. [ Read more ... ]

Schneier on Chinese Hacking and Enabling Surveillance: Via Schneier on Security.

CNN.com just published an essay of mine on China's hacking of Google, an update of this essay.

Read Original Article:(Via Schneier on Security.)

Congress takes a bold stand against surveillance abuses: Via Salon: Glenn Greenwald.

Fixating on and condemning abuses of other countries is one of the greatest weapons the U.S. Government wields for distracting attention away from its own transgressions:  like those gossip-obsessed individuals endlessly mucking around in and passing judgment on the personal lives of others as a means of ignoring their own failings:

The San Francisco Chronicle, yesterday:

Few expect Google Inc.'s stare-down with China to usher in a new era of openness across the Asian nation, but some believe -- or hope -- it could pressure the government to improve relations with foreign technology companies. . . . The Obama administration issued statements of support for Google, and members of Congress are pushing to revive a bill banning U.S. tech companies from working with governments that digitally spy on their citizens.

Chinese Fingerprints Said to Be Found in Google Attacks : Via NYTimes.com .

SAN FRANCISCO — An American computer security researcher has found what he says he believes is strong evidence of the digital fingerprints of Chinese authors in the software programs used in attacks against Google.

The search engine giant announced last Tuesday that it had experienced a series of Internet break-ins it believed were of Chinese origin. The company’s executives did not, however, detail the evidence leading them to the conclusion that the Chinese government was behind the attacks, beyond stating that e-mail accounts of several Chinese human rights activists had been compromised.

In the week since the announcement, several computer security companies have made claims supporting Google’s suspicions, but the evidence has remained circumstantial. [ Read more ... ]

Google Turns on Gmail Encryption to Protect Wi-Fi Users: Via Threat Level.

Google is now encrypting all Gmail traffic from its servers to its users in a bid to foil sniffers who sit in cafes, eavesdropping in on traffic passing by, the company announced Wednesday.

The change comes just a day after the company announced it might pull its offices from China after discovering concerted attempts to break into Gmail accounts of human rights activists. The switch to always-on HTTPS adds more security, but does not help prevent the kind of attacks Google announced Tuesday.

All Gmail users will now default to using HTTPS, the secure, encrypted method for communicating with a remote server, for their entire e-mail sessions, not just for log-in. Session-long HTTPS has been an official option for Gmail users since 2008 (and unofficial for much longer), but Google says it [ Read more ... ]

Google attack part of widespread spying effort: Via Computerworld Cybercrime/Hacking News.

Google's decision Tuesday to risk walking away from the world's largest Internet market may have come as a shock, but security experts see it as the most public admission of a top IT problem for U.S. companies: ongoing corporate espionage originating from China.

It's a problem that the U.S. lawmakers have complained about loudly. In the corporate world, online attacks that appear to come from China have been an ongoing problem for years, but big companies haven't said much about this, eager to remain in the good graces of the world's powerhouse economy.

Google, by implying that Beijing had sponsored the attack, has placed itself in the center of an international controversy, exposing what appears to be a state-sponsored corporate espionage campaign that compromised more than 30 technology, financial and media companies, most of them global Fortune 500 enterprises. [ Read more ... ]

Web Censor Seeks $2.2 Billion for China Hack: Via Threat Level.

A California web-filtering company says it is the victim of “one of the largest cases of software piracy in history.”

Lawyers for adult- and violent-content web-filtering company CYBERsitter claim in a federal lawsuit that the Chinese government purloined some 3,000 lines of its code from its servers as part of software for a national censorship project –- in which several international computer makers are accused of knowingly distributing throughout China.

“They are heavy allegations. Three thousand lines of code, approximately, were stolen. It was a serious thing that was done,” Elliot Gipson, a lawyer for Santa Barbara-based CYBERsitter, said in a telephone interview Thursday.

Gipson said about 56 million copies of China’s government censorship software, part of the so-called Green Dam project, were marketed with his client’s code in China last year.

The complaint, which seeks $2.2 billion in damages, (.pdf)  names Sony, Lenovo Group, Toshiba, ACER and, among others, ASUSTeK. [ Read more ... ]

Fighting Internet Censorship in Australia: Via EFF.org Updates.

Our fellow Internet freedom advocates at Electronic Frontiers Australia are gearing up for an important fight in the new year as the Australian government proposes mandatory national Internet filters with a secret blacklist. EFA is looking for volunteers and colleagues — particularly Australians, but they can use help from outside Australia as well — to help take on this critical issue. As Lelia Green wrote in the Sydney Morning Herald, the censorship proposal risks "legitimating a range of repressive policies pursued by some of the globe's least accountable governments."

In 2006, the New York Times reported that the People's Republic of China was defending its Internet censorship and surveillance practices by claiming that they were not particularly different from those of other countries. The Times reported that a Chinese official argued (in the newspaper's paraphrase) that "the controls [China] places on Web sites and Internet service providers in mainland China do not differ much from those employed by the United States and European countries". [ Read more ... ]

Cyberattacks: Espionage now, sabotage soon: Via Law & Disorder Section - Ars Technica.

In April 2009, the US National Academies of Science suggested that it was time for the US to get serious about cyberwarfare, setting official policy for its offensive use and spearheading the development of international norms governing its deployment. Less than three months later, the US and Korea were each hit by a series of network-based attacks that are thought to have originated in North Korea. 

An analysis of these attacks has now concluded that their relative lack of sophistication reinforces the conclusion that only major nations have advanced cyberwarfare capabilities, but warns that this situation will only last for a few more years. [ Read more ... ]

Sabotage or espionage?

China Expands Cyberspying in U.S., Report Says: Via The Wall Street Journal - WSJ.com .

Congressional Advisory Panel in Washington Cites Apparent Campaign by Beijing to Steal Information From American Firms

The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing.

The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are "straining the U.S. capacity to respond," the report concludes. [ Read more ... ]

Safety first for IT executives in China: Via CRN Australia .

US Government recommends weighing laptop before and after each visit.

Senior executives in US IT companies have been advised by the US Government to follow extremely strict policies for visits to China which extend far beyond standard software protection.

The policies encourage them to leave their standard IT equipment at home and to buy separate gear only for use in China. [ Read more ... ]

China Web Sites Seeking Users’ Names: Via NYTimes.com .

EIJING — News Web sites in China, complying with secret government orders, are requiring that new users log on under their true identities to post comments, a shift in policy that the country’s Internet users and media have fiercely opposed in the past.

Until recently, users could weigh in on news items on many of the affected sites more anonymously, often without registering at all, though the sites were obligated to screen all posts, and the posts could still be traced via Internet protocol addresses.

But in early August, without notification of a change, news portals like Sina, Netease, Sohu and scores of other sites began asking unregistered users to sign in under their real names and identification numbers, said top editors at two of the major portals affected. A Sina staff member also confirmed the change. [ Read more ... ]

Building in Surveillance: Via Schneier on Security.

China is the world's most successful Internet censor. While the Great Firewall of China isn't perfect, it effectively limits information flowing in and out of the country. But now the Chinese government is taking things one step further.

Under a requirement taking effect soon, every computer sold in China will have to contain the Green Dam Youth Escort software package. Ostensibly a pornography filter, it is government spyware that will watch every citizen on the Internet.

Green Dam has many uses. It can police a list of forbidden Web sites. It can monitor a user's reading habits. It can even enlist the computer in some massive botnet attack, as part of a hypothetical future cyberwar.

China's actions may be extreme, but they're not unique. Democratic governments around the world -- Sweden, Canada and the United Kingdom, for example -- are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell. [ Read more ... ]

Chinese Spying Claimed in Purchases of NSA Crypto Gear: Via Threat Level.

A Chinese national was indicted this week for conspiring to violate U.S. export law, following a nearly three-year investigation into his alleged efforts to acquire sensitive military and NSA-encryption gear from eBay and other internet sources.

Chi Tong Kuok, of Macau, told Defense Department and Customs investigators that he had been “acting at the direction of officials for the People’s Republic of China,” according to a government affidavit in the case. “Kuok indicated he and PRC officials sought the items to figure out ways to listen to or monitor U.S. government and military communications.” [ Read more ... ]

Lazy Hacker and Little Worm Set Off Cyberwar Frenzy: Via Wired: Threat Level.

Talk of cyberwar is in the air after more than two dozen high-level websites in the United States and South Korea were hit by denial-of-service attacks this week. But cooler heads are pointing to a pilfered five-year-old worm as the source of the traffic, under control of an unsophisticated hacker who apparently did little to bolster his borrowed code against detection.

Nonetheless, the attacks have launched a thousand headlines (or thereabouts) and helped to throw kindling on some long-standing international political flames — with one sworn enemy blaming another for the aggression.

Welcome to the New World Order of cybersecurity. [ Read more ... ]

China thinks twice – and its 300m internet users scent a rare victory: Via The Guardian(UK).

For the netizens of the world's biggest online community, it was a rare victory. At the 11th hour, and with no proper explanation, the Chinese government, the most assiduous internet censor on the planet, engineered a sudden climbdown.

Instead of proceeding with plans to transform its notorious Great Firewall internet censor with new tools known as Green Dam, the authorities desisted. A terse statement ran on the Xinhua news agency. "China will delay the mandatory installation of the 'Green Dam-Youth Escort' filtering software on new computers." [ Read more ... ]