Trump Organization is using horribly insecure email servers

Zack Whittaker reports: If you thought Former Secretary of State Hillary Clinton’s private email server was a mess, Donald Trump’s company is running email servers that look like a dumpster fire by comparison.

Security researcher Kevin Beaumont said in a tweet on Monday that the Trump Organization, the parent company of the alleged billionaire’s portfolio of realty, steaks, golf, and hotels, is running a set of email servers that are horribly outdated and long past the end-of-life, meaning they haven’t received security patches in over a year.

Beaumont said he found that the company’s email system is running the decade-old Windows Server 2003 and Internet Information Servers 6, both of which haven’t been supported in over a year.

Both sets of software are so old that Microsoft no longer patches even known security vulnerabilities. Instead, users should upgrade. Patches remain as one of the best ways for preventing hackers from exploiting security flaws.

A spokesperson for Trump, now the Republican presidential candidate, could not be reached on Tuesday. [Continue reading…]

Facebooktwittermail

Even the U.S. military is looking at blockchain technology — to secure nuclear weapons

Quartz reports: Blockchain technology has been slow to gain adoption in non-financial contexts, but it could turn out to have invaluable military applications. DARPA, the storied research unit of the US Department of Defense, is currently funding efforts to find out if blockchains could help secure highly sensitive data, with potential applications for everything from nuclear weapons to military satellites.

The case for using a blockchain boils down to a concept in computer security known as “information integrity.” That’s basically being able to track when a system or piece of data has been viewed or modified. DARPA’s program manager behind the blockchain effort, Timothy Booher, offers this analogy: Instead of trying to make the walls of a castle as tall as possible to prevent an intruder from getting in, it’s more important to know if anyone has been inside the castle, and what they’re doing there.

A blockchain is a decentralized, immutable ledger. Blockchains can permanently log modifications to a network or database, preventing intruders from covering their tracks. In DARPA’s case, blockchain tech could offer crucial intelligence on whether a hacker has modified something in a database, or whether they’re surveilling a particular military system. [Continue reading…]

Facebooktwittermail

Yahoo secretly scanned customer emails for U.S. intelligence

Reuters reports: Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc. [Continue reading…]

The Wall Street Journal reports: Big technology companies, including Google, Microsoft Corp., Twitter Inc. and Facebook Inc. denied scanning incoming user emails on behalf of the U.S. government, following a report that Yahoo Inc. had built such a system. [Continue reading…]

Facebooktwittermail

FBI wants access to Internet browser history without a warrant in terrorism and spy cases

The Washington Post reports: The Obama administration is seeking to amend surveillance law to give the FBI explicit authority to access a person’s Internet browser history and other electronic data without a warrant in terrorism and spy cases.

The administration made a similar effort six years ago but dropped it after concerns were raised by privacy advocates and the tech industry.

FBI Director James B. Comey has characterized the legislation as a fix to “a typo” in the Electronic Communications Privacy Act, which he says has led some tech firms to refuse to provide data that Congress intended them to provide.

But tech firms and privacy advocates say the bureau is seeking an expansion of surveillance powers that infringes on Americans’ privacy. [Continue reading…]

Facebooktwittermail

Court refuses request to force alleged hacker to divulge passwords

The Guardian reports: An alleged hacker fighting extradition to the US will not have to give the passwords for his encrypted computers to British law enforcement officers, following a landmark legal ruling.

Lauri Love, a 31-year-old computer scientist, has been accused of stealing “massive quantities” of sensitive data from US Federal Reserve and Nasa computers. His lawyers say he faces up to 99 years in prison if found guilty in the US.

The National Crime Agency (NCA) raided Love’s family home in Stradishall, Suffolk, in October 2013, seizing encrypted computers and hard drives. No charges were brought against him in Britain and Love is suing the NCA for the return of six items of encrypted hardware, which he says contain his entire digital life.

The NCA applied to the courts to force Love to hand over his passwords before it returns the computers but this was rejected by a judge on Tuesday.

Speaking to the Guardian, Love called on governments around the world to set aside differences with activists and hackers and to work together to improve global computer security. [Continue reading…]

Facebooktwittermail

David Vincenzetti: How the Italian mogul built a hacking empire

David Kushner reports: The Blackwater of surveillance, the Hacking Team is among the world’s few dozen private contractors feeding a clandestine, multibillion-dollar industry that arms the world’s law enforcement and intelligence agencies with spyware. Comprised of around 40 engineers and salespeople who peddle its goods to more than 40 nations, the Hacking Team epitomizes what Reporters Without Borders, the international anti-censorship group, dubs the “era of digital mercenaries.”

The Italian company’s tools — “the hacking suite for governmental interception,” its website claims — are marketed for fighting criminals and terrorists. But there, on Marquis-Boire’s computer screen, was chilling proof that the Hacking Team’s software was also being used against dissidents. It was just the latest example of what Marquis-Boire saw as a worrying trend: corrupt regimes using surveillance companies’ wares for anti-democratic purposes.

When Citizen Lab published its findings in the October 2012 report “Backdoors are Forever: Hacking Team and the Targeting of Dissent?” the group also documented traces of the company’s spyware in a document sent to Ahmed Mansoor, a pro-democracy activist in the United Arab Emirates. Privacy advocates and human rights organizations were alarmed. “By fueling and legitimizing this global trade, we are creating a Pandora’s box,” Christopher Soghoian, the principal technologist with the American Civil Liberties Union’s Speech, Privacy, and Technology Project, told Bloomberg.

The Hacking Team, however, showed no signs of standing down. “Frankly, the evidence that the Citizen Lab report presents in this case doesn’t suggest anything inappropriately done by us,” company spokesman Eric Rabe told the Globe and Mail.

As media and activists speculated about which countries the Italian firm served, the founder and CEO of the Hacking Team, David Vincenzetti — from his sleek, white office inside an unsuspecting residential building in Milan — took the bad press in stride. He joked with his colleagues in a private email that he was responsible for the “evilest technology” in the world.

A tall, lean 48-year-old Italian with a taste for expensive steak and designer suits, Vincenzetti has transformed himself over the past decade from an under-ground hacker working out of a windowless basement into a mogul worth millions. He is nothing if not militant about what he defines as justice: Julian Assange, the embattled founder of WikiLeaks, is “a criminal who by all means should be arrested, expatriated to the United States, and judged there”; whistleblower Chelsea Manning is “another lunatic”; Edward Snowden “should go to jail, absolutely.”

“Privacy is very important,” Vincenzetti says on a recent February morning in Milan, pausing to sip his espresso. “But national security is much more important.”

Vincenzetti’s position has come at a high cost. Disturbing incidents have been left in his wake: a spy’s suicide, dissidents’ arrests, and countless human rights abuses. “If I had known how crazy and dangerous he is,” Guido Landi, a former employee, says, “I would never have joined the Hacking Team.” [Continue reading…]

Facebooktwittermail

FBI director suggests bill for iPhone hacking topped $1.3 million

The New York Times reports: The director of the F.B.I. suggested Thursday that his agency paid at least $1.3 million to an undisclosed group to help hack into the encrypted iPhone used by an attacker in the mass shooting in San Bernardino, Calif.

At a technology conference in London, a moderator asked James B. Comey Jr., the F.B.I. chief, how much bureau officials had to pay the undisclosed outside group to demonstrate how to bypass the phone’s encryption.

“A lot,” Mr. Comey said, as audience members at the Aspen Institute event laughed.

He continued: “Let’s see, more than I will make in the remainder of this job, which is seven years and four months, for sure.”

The F.B.I. had been unwilling to say anything at all until Thursday about how much it paid for what has become one of the world’s most publicized hacking jobs, so Mr. Comey’s cryptic comments about his own wages and the bounty quickly sent listeners scurrying in search of their calculators.

The F.B.I. director makes about $185,100 a year — so Mr. Comey stands to earn at least $1.35 million at that base rate of pay for the remainder of his 10-year term. [Continue reading…]

Facebooktwittermail

FBI says it needs hackers to keep up with tech companies

The New York Times reports: The F.B.I. defended its hiring of a third party to break into an iPhone used by a gunman in last year’s San Bernardino, Calif., mass shooting, telling some skeptical lawmakers on Tuesday that it needed to join with partners in the rarefied world of for-profit hackers as technology companies increasingly resist their demands for consumer information.

Amy Hess, the Federal Bureau of Investigation’s executive assistant director for science and technology, made the comments at a hearing by members of Congress who are debating potential legislation on encryption. The lawmakers gathered law enforcement authorities and Silicon Valley company executives to discuss the issue, which has divided technology companies and officials in recent months and spurred a debate over privacy and security.

The hearing follows a recent standoff between the F.B.I. and Apple over a court order to force the company to help unlock an iPhone used by one of the San Bernardino attackers. Apple opposed the order, citing harm to the privacy of its users. The F.B.I. later dropped its demand for Apple’s help when it found a third-party alternative to hack the device. [Continue reading…]

Facebooktwittermail

Intelligence community olive branch on data sharing greeted with skepticism

The Intercept reports: Top intelligence community lawyer Robert Litt has offered a rare olive branch to privacy advocates, in the form of information.

In a post on one of the intelligence community’s favorite blogs on Wednesday, Litt, general counsel for the Office of the Director of National Intelligence, outlined new intelligence data-sharing guidelines that he said will be released soon.

The post, on Just Security, was essentially a response to reporting last month from the New York Times’s Charlie Savage that the NSA would soon be sharing with other government agencies the raw, unfiltered intelligence from the depths of its massive overseas spying programs.

“There has been a lot of speculation about the content of proposed procedures that are being drafted to authorize the sharing of unevaluated signals intelligence,” Litt wrote.

The New York Times story raised concerns that the data, which inevitably includes information about Americans, would become too easily accessible by intelligence agencies including the FBI, potentially leading to fishing expeditions. [Continue reading…]

BuzzFeed reports: Just days after breaking into a terrorist’s iPhone using a mysterious third-party technique, FBI officials on Friday told local law enforcement agencies it will assist them with unlocking phones and other electronic devices.

The advisory, obtained by BuzzFeed News, was sent in response to law enforcement inquiries about its new method of unlocking devices — a technique the FBI said was successful at gaining access to the iPhone 5C belonging to one of the shooters in the deadly San Bernardino, California, attack.

“In mid-March, an outside party demonstrated to the FBI a possible method for unlocking the iPhone,” the message said. “That method for unlocking that specific iPhone proved successful.” [Continue reading…]

Facebooktwittermail

FBI backs off from its day in court with Apple this time – but there will be others

By Martin Kleppmann, University of Cambridge

After a very public stand-off over an encrypted terrorist’s smartphone, the FBI has backed down in its court case against Apple, stating that an “outside party” – rumoured to be an Israeli mobile forensics company – has found a way of accessing the data on the phone.

The exact method is not known. Forensics experts have speculated that it involves tricking the hardware into not recording how many passcode combinations have been tried, which would allow all 10,000 possible four-digit passcodes to be tried within a fairly short time. This technique would apply to the iPhone 5C in question, but not newer models, which have stronger hardware protection through the so-called secure enclave, a chip that performs security-critical operations in hardware. The FBI has denied that the technique involves copying storage chips.

So while the details of the technique remain classified, it’s reasonable to assume that any security technology can be broken given sufficient resources. In fact, the technology industry’s dirty secret is that most products are frighteningly insecure.

[Read more…]

Facebooktwittermail

FBI signed $15 million contract with Apple vendor, Cellebrite; parent company’s stock soars

Fortune reports: The U.S. government’s announcement Monday that it hacked into the San Bernardino terrorist’s iPhone ended the FBI’s legal feud with Apple. But while many observers thought the incident left both the FBI and Apple looking foolish, there does appear to be a winner emerging from the case.

Shares of Suncorp, a Japanese technology company traded on the Tokyo stock exchange (ticker: 6736), soared 17% on Tuesday following the government’s court declaration that it “successfully accessed the data stored on [Syed] Farook’s iPhone.” In all, Suncorp’s shares have more than doubled in the six weeks since February 16, when Apple published its letter refusing to help the FBI.

Suncorp, which specializes in mobile data transfer as well as equipment for a popular Japanese pinball-like game called pachinko, owns Cellebrite, the Israel-based company that reportedly helped the FBI crack the iPhone.

Apple’s stock, meanwhile, was up just about 2% Tuesday afternoon, despite the fact that it is now free of legal expenses relating to the FBI case as well as the technological burden the government tried to impose.

Suncorp’s shares started rising last month, and really took off after the government said last Wednesday that an “outside party” had demonstrated “a possible method for unlocking” the iPhone. An Israeli newspaper quickly identified the unnamed company as Cellebrite, a government contractor that makes a mobile forensic device for extracting and decoding data from smartphones and tablets. Since then, Suncorp’s stock has risen nearly 40%, while Japan’s Nikkei 225 stock market index has been basically flat, and fell slightly on Tuesday.

The odd thing about the company’s dramatic stock rise is that neither the FBI nor Suncorp has confirmed the company was involved in unlocking the phone. In fact, the FBI has said very little so far about how it might have cracked the iPhone. [Continue reading…]

The Daily Beast reports: The FBI has said practically nothing about the “tool” that helped the FBI get inside the phone, as a U.S. law enforcement official called it in a hastily arranged press conference on Monday evening. Nor would the official say whether investigators might use it again on the dozen or so other iPhones the FBI is reportedly trying to gain access to, or whether the bureau would share the tool with local law enforcement agencies, who are believed to have hundreds of phones just waiting to be cracked.

“I think the best answer I can give you is it’s premature to say anything about our ability to access other phones,” said the official, who discussed the case with reporters on condition of anonymity and said almost nothing about where the FBI will go from here.

But he didn’t have to. Comey’s earlier remarks, coupled with the government’s decision to drop the warrant request, sent a message to other tech companies: Work with us, or don’t. We’ll get what we need without you.

Notably, the U.S. official didn’t say whether the FBI would disclose its newfound technique to Apple, which has a vested interest in protecting the security and privacy of its customers. But Cellebrite, an Israeli company, has been identified in some news accounts as the company that came to the FBI’s rescue. It signed a contract with the bureau worth more than $15 million last week.

In other words: The American government may have used foreign hackers to crack the signature product of America’s top technology company.

But it’s hard to imagine Apple didn’t have some idea what was coming. One of Cellebrite’s other clients is Apple itself. [Continue reading…]

Facebooktwittermail

Is access to our phones a step toward the police wanting access to our minds?

By Nathan Emmerich, Queen’s University Belfast

We use our smartphones so much these days, it almost feels like they have become extensions of ourselves, boosting our capacity to calculate and remember. What might come of this closer union of human and technological device? If police can serve a warrant to search your phone, and we see these devices as extensions of ourselves, how long until investigators one day serve a warrant to search your mind?

This line of thinking was roused by the FBI’s legal efforts to force Apple to help them access an iPhone that belonged to a suspected terrorist – something Apple says would undermine the security of its products. This is one of several similar cases, and part of a larger effort by the FBI and intelligence agencies, to ensure they can access a variety of now common devices.

[Read more…]

Facebooktwittermail

UN rights chief says unlocking gunman’s iPhone could open ‘Pandora’s box’

The New York Times reports: The top human rights official at the United Nations warned the United States authorities on Friday that their efforts to force Apple to unlock an iPhone belonging to a gunman risked helping authoritarian governments and jeopardizing the security of millions around the world.

The remarks by Zeid Ra’ad al-Hussein, the United Nations high commissioner for human rights, came as American investigators continued to press Apple to write software to help them gain access to an iPhone used by one of the gunmen in a shooting in San Bernardino, Calif., in December. Though the F.B.I. says it is a one-time request, Apple and others have raised concerns that the case could set a precedent and could force technology firms to install so-called back doors in devices, potentially invading customer privacy.

Mr. al-Hussein said that American law enforcement agencies, in seeking trying to break the encryption protecting one phone, “risk unlocking a Pandora’s box,” and that there were “extremely damaging implications” for the rights of many millions of people, with possible effects on their physical and financial security. [Continue reading…]

Facebooktwittermail

U.S. defense secretary takes position against a data ‘back door’

The New York Times reports: Defense Secretary Ashton B. Carter assured an audience of computer security experts Wednesday that he was not in favor of a “back door” that would give the government access to data that is protected by encryption.

Speaking at the annual RSA Conference, Secretary Carter sought common ground with companies worried by Apple’s fight with the Federal Bureau of Investigation over access to an iPhone.

“Just to cut to the chase, I’m not a believer in back doors or a single technical approach,” Secretary Carter said to loud applause during a panel discussion at the conference. “I don’t think it’s realistic. I don’t think that’s technically accurate.” [Continue reading…]

Facebooktwittermail

Apple wins ruling in New York iPhone hacking order

The New York Times reports: A federal magistrate judge on Monday denied the United States government’s request that Apple extract data from an iPhone in a drug case in New York, giving the company’s pro-privacy stance a boost as it battles law enforcement officials over opening up the device in other cases.

The ruling, from Judge James Orenstein in New York’s Eastern District, is the first time that the government’s legal argument for opening up devices like the iPhone has been put to the test. The denial could influence other cases where law enforcement officials are trying to compel Apple to help unlock iPhones, including the standoff between Apple and the F.B.I. over the iPhone used by one of the attackers in a mass shooting in San Bernardino, Calif., last year.

Judge Orenstein, in his 50-page ruling on Monday, took particular aim at a 1789 statute called the All Writs Act that underlies many government requests for extracting data from tech companies. The All Writs Act broadly says that courts can require actions to comply with their orders when not covered by existing law. Judge Orenstein said the government was inflating its authority by using the All Writs Act to force Apple to extract data from an iPhone seized in connection with a drug case.

The government’s view of the All Writs Act is so expansive as to cast doubt on its constitutionality if adopted, Judge Orenstein wrote. [Continue reading…]

Facebooktwittermail

Living under business surveillance in America

One of the ironies of Libertarianism in America is its soft-spot for Capitalism — as though anything that brands itself free, like free-enterprise, actually promotes freedom. Libertarians never tire of warning about the threats posed by the NSA and other intrusive government agencies, while the coercive and covert power of commerce generates far less fury.

Yet anyone who is genuinely concerned about infringements on civil liberties through electronic systems of surveillance, probably needs to be more wary of business than they are of government.

Most of the data the government collects gets poured into digital black holes — the data being collected for business applications, however, is constantly being mined to extract all its value.

Government might be watching you, but business is telling you where to go.

The New York Times reports: Pass a billboard while driving in the next few months, and there is a good chance the company that owns it will know you were there and what you did afterward.

Clear Channel Outdoor Americas, which has tens of thousands of billboards across the United States, will announce on Monday that it has partnered with several companies, including AT&T, to track people’s travel patterns and behaviors through their mobile phones.

By aggregating the trove of data from these companies, Clear Channel Outdoor hopes to provide advertisers with detailed information about the people who pass its billboards to help them plan more effective, targeted campaigns. With the data and analytics, Clear Channel Outdoor could determine the average age and gender of the people who are seeing a particular billboard in, say, Boston at a certain time and whether they subsequently visit a store. [Continue reading…]

Facebooktwittermail