Austrian TOR Exit Node Operator Branded An Accomplice

August 7, 2014 Administrator Leave a comment News

Austrian TOR exit node operator found guilty as an accomplice because someone used his node to commit a crime (TechDirt, 2 July 2014) – Three years ago we wrote about how Austrian police had seized computers from someone running a Tor exit node. This kind of thing happens from time to time, but it appears that folks in Austria have taken it up a notch by… effectively now making it illegal to run a Tor exit node . * * * It’s pretty standard to name criminal accomplices liable for “aiding and abetting” the activities of others, but it’s amassive and incredibly dangerous stretch to argue that merely running a Tor exit node makes you an accomplice that “contributes to the completion” of a crime. Under this sort of thinking, Volkswagen would be liable if someone drove a VW as the getaway car in a bank robbery. It’s a very, very broad interpretation of accomplice liability, in a situation where it clearly does not make sense. Tragically, this comes out the same day that the EFF is promoting why everyone should use Tor . While it accurately notes that no one in the US has been prosecuted for running Tor, it may want to make a note about Austria. Hopefully there is some way to fight back on this ruling and take it to a higher court—and hopefully whoever reviews it will be better informed about how Tor works and what it means to run an exit node.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Victor Habbick.

Malware Allows For Energy Industry Sabotage

August 6, 2014 Administrator Leave a comment Tech

Active malware operation let attackers sabotage US energy industry (ArsTechnica, 30 June 2014) – Researchers have uncovered a malware campaign that gave attackers the ability to sabotage the operations of energy grid owners, electricity generation firms, petroleum pipelines, and industrial equipment providers. Called Dragonfly, the hacking group managed to install one of two remote access trojans (RATs) on computers belonging to energy companies located in the US and at least six European countries, according to a research report published Monday by Symantec. One of the RATs, called Havex , was spread by hacking the websites of companies selling software used in industrial control systems (ICS) and waiting for companies in the energy and manufacturing industries to install booby-trapped versions of the legitimate apps. “This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems,” the Symantec report stated. “While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required.” Dubbed Energetic Bear by other researchers, Dragonfly has been in operation since at least 2011. It initially targeted US and Canadian companies in the defense and aviation industries before shifting its focus to energy concerns. The group bears the hallmarks of a state-sponsored operation, mainly in its organization and high degree of technical sophistication. Its primary motive appears to be espionage, although additional capabilities suggest that sabotage is also of interest. Fingerprints left inside the malware show the attackers mostly worked Monday through Friday during a nine-hour period that corresponded to 9am to 6pm in Eastern Europe, leading Symantec researchers to theorize that was the region where the most Dragonfly members worked.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

Tech Takes On Violence Against Women

August 5, 2014 Administrator Leave a comment Tech for Justice

Can Tech Help Prevent Violence Against Women? These Tools Say ‘Yes’
It’s very difficult to measure how women are in constant fear — or at least, that we always have some looming thought in the back of our minds — when we walk alone or with a group of other women, no matter how close to home or to people we may be. Technology can’t solve this problem, but it can change the course of how we think about it, and ultimately, how we address it as a society. Technology can make it impossible to ignore these issues.
See the full article (TechRepublic, Lyndsey Gilpin, 7/23/14)

Provided by USIP.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

Chinese Hackers Extend Their Reach

August 4, 2014 Administrator Leave a comment Security

Chinese hackers extending reach to smaller US agencies (NYT, 15 July 2014) – After years of cyberattacks on the networks of high-profile government targets like the Pentagon, Chinese hackers appear to have turned their attention to far more obscure federal agencies. Law enforcement and cybersecurity analysts in March detected intrusions on the computer networks of the Government Printing Office and the Government Accountability Office, senior American officials said this week. The printing office catalogs and publishes information for the White House, Congress and many federal departments and agencies. It also prints passports for the State Department. The accountability office, known as the congressional watchdog, investigates federal spending and the effectiveness of government programs. The attacks occurred around the same time Chinese hackers breached the networks of the Office of Personnel Management , which houses the personal information of all federal employees and more detailed information on tens of thousands of employees who have applied for top-secret security clearances. Some of those networks were so out of date that the hackers seemed confused about how to navigate them, officials said. But the intrusions puzzled American officials because hackers have usually targeted offices that have far more classified information.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/taesmileland.

Social Media Reviews Exposing Your Firm?

July 30, 2014 Administrator Leave a comment Social Media

Annual review of social media policies may not address regulatory risks, says expert (Out-Law.com, 14 July 2014) – Technology law specialist Luke Scanlon of Pinsent Masons, the law firm behind Out-Law.com, said that businesses that only conduct a review of social media strategy once a year may be exposing themselves to legal risks. “There have been a number of recent changes to the law and the way that regulators are approaching the law as well as number of forthcoming changes that highlight the need for companies to conduct a more regular review of their social media use than just annually,” Scanlon said. “For instance, enforcement action by the Financial Conduct Authority last month indicates the approach the regulator is willing to take against financial services companies that breach rules on financial promotions. Rulings by the Court of Justice of the EU have also raised the prospect of firms having to think more carefully about how they process personal data, even if published elsewhere. Both of these examples raise compliance issues in a social media setting,” he said. Scanlon also pointed to changes to defamation laws in England and Wales which came into force earlier this year as an issue that could impact on social media use, and further identified existing copyright and communication laws , as well as advertising and consumer protection rules , that must be adhered to by companies publishing on social media. “There are many issues that organisations must be aware could affect them as a result of engaging with customers via social media,” Scanlon said. “Most organisations will likely be aware of their basic obligations, such as those to do with data protection and defamation, but there are some legal changes that may go unnoticed unless there are regular reviews of social media strategy scheduled.”

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

 

PCLOB Issues Flawed Surveillance Report

July 28, 2014 Administrator Leave a comment Privacy

Flawed oversight Board report endorses general warrants (EFF, 1 July 2014) – The Privacy and Civil Liberties Oversight Board (PCLOB) issued a legally flawed and factually incomplete report late Tuesday that endorses Section 702 surveillance. Hiding behind the “complexity” of the technology, it gives short shrift to the very serious privacy concerns that the surveillance has rightly raised for millions of Americans. The board also deferred considering whether the surveillance infringed the privacy of many millions more foreigners abroad. The board skips over the essential privacy problem with the 702 “upstream” program: that the government has access to or is acquiring nearly all communications that travel over the Internet. The board focuses only on the government’s methods for searching and filtering out unwanted information. This ignores the fact that the government is collecting and searching through the content of millions of emails, social networking posts, and other Internet communications, steps that occur before the PCLOB analysis starts. This content collection is the centerpiece of EFF’s Jewel v. NSA case, a lawsuit battling government spying filed back in 2008. The board’s constitutional analysis is also flawed. The Fourth Amendment requires a warrant for searching the content of communication. Under Section 702, the government searches through content without a warrant. Nevertheless, PCLOB’s analysis incorrectly assumes that no warrant is required. The report simply says that it “takes no position” on an exception to the warrant requirement when the government seeks foreign intelligence. The Supreme Court has never found this exception. PCLOB findings rely heavily on the existence of government procedures. But, as Chief Justice Roberts recently noted: “the Founders did not fight a revolution to gain the right to government agency protocols.” Justice Roberts’ thoughts are on point when it comes to NSA spying-mass collection is a general warrant that cannot be cured by government’s procedures. The PCLOB’s proposed reforms for Section 702 are an anemic set of recommendations that will do little to stop excessive surveillance. For example, rather than rein in government communications searches, the PCLOB simply asks the NSA to study the issue. The PCLOB report provides the public with much needed information about how the 702 program works. But the legal analysis is incorrect and the report fails to offer effective reforms.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.