Ultrasonic spyware – what only your dog detects.How can this be used to spy on you??

Spyware, whether distributed by criminals, advertisers or even states, is a constant nuisance. Yet, some types have the technician in me marvel. Why? Because they’re innovative and intelligently designed. Recently, I came upon an approach that might interest web users, supermarket shoppers and whistleblowers alike. A single sound can betray them all (with a little bad luck).

If you regularly read the news from the world of technology, you’ll eventually develop a thicker skin. They found another security hole in Windows? That’s barely enough to elicit a shrug these days. Over 230 Android apps are listening for an inaudible sound to track me? Now that’s interesting. The principle behind this approach is easily explained yet hard to implement. A sound source (TV or PC speaker, speakers in a supermarket etc.) sends out a very high-frequency sound which gets picked up by the microphone in your cell phone (or laptop) and is then processed by an already installed spyware app. The app then phones home to report on your current activity, e.g. which website you’re viewing, and this data stream can include anything that might be of interest like your device ID, phone number, MAC address and more.

But why wait for a signal? Simple, it’s not about the listening device but the sender. These ultrasonic beacons help spyware authors link multiple devices together across physical boundaries, e.g. to find out what you’re viewing on your PC, not just your cell phone, and to aggregate this data to form a bigger picture. Different contents will simply trigger slightly different sounds. This may sound like science fiction but the concept has already been used by Asian fast food restaurants with apps that saw millions of downloads.

For all of this to work, a big infrastructure is required. First, the spyware has to be distributed either by bundling it with a big name app or by disguising it as a small useful tool. Next, the ultrasonic beacons have to be rolled out. This process is quite straightforward as sounds can easily be embedded into page ads. Once users visit the affected pages, the sounds get played and the aforementioned process triggered. It’s tracking heaven for advertisers eager to personalize their ads! There are also other use cases.

Fast food restaurants could play a sound at regular intervals through their store speakers to figure out who their regular customers are. Department stores could play different sounds for their various departments to determine how long customers are staying in each section. Once multiple businesses start to cooperate, it’ll be possible to reconstruct the path each customer took as they moved through the city. I know marketers who would pay a lot of money to get this data!

Is your cell phone listening to your TV?

It’s also feasible that this technology could be used to locate users who are using anonymization services on the web. Picture a guy that is being persecuted and heavily relies on Tor and VPN to stay hidden. The persecutors could simply create a website they know their target will be interested in and put it on the public Internet or the Darknet. Once their target visits the page, an ultrasonic sound gets played, is then picked up by the target’s cellphone (and the installed spyware app) – and the hunt has just become a lot easier.

Currently, this technology is still in its infancy it seems and there is an ongoing debate about whether this type of software is illegal and should be considered malware. If it were to be implemented as part of a shopping app, e.g. to enable discounts, it might be perfectly legal even if severe restrictions may apply. There have been no confirmed cases of it being used in television programs yet but it’s doable. Once again, legislators are venturing into unknown territory and will have to come up with an adequate response. Another good reason to only install apps from trusted sources and developers and to pay more attention to your pets as living spyware detectors. “Found another one, Fido?” “Woof!”

What I would like to know: do you play close attention to what apps you’re installing on your cellphone or do you blindly trust in Apple’s, Google’s and other distributors’ abilities to reliably detect and filter out spyware?

www.intelagencies.com

www.crimefiles.net

Henry Sapiecha

Here’s a Chilling Glimpse of the Privacy-Free Future

The computers are watching.

Imagine if you lost your keys and instead of fishing around in the couch cushions, you could just pull out your phone and search for them. Just a quick, textual query with a quick response that they’re on your desk, you doofus. This is not only possible; it’s possible now, and it’s almost as intriguing as it is terrifying.

Today at Microsoft Build, the software giant’s annual conference for developers, Microsoft showed off exactly this sort of tech. By melding things that have already been around for a few years—machine-learning powered image recognition and consumer-grade cameras—with the ludicrous computing horsepower in the cloud, Microsoft is able to index people and things in a room in real time. What that means, practically, is that if you can point a camera at it, you can search it:

Once you can identify people and objects by feeding the computers images of Bob and jackhammers so they can learn what each of those things look like, you can start applying a framework of rules and triggers on top of the real world. Only [Certified Employees] can carry the [Jackhammer] and [Bob] is a [Certified Employee] so [Bob] is allowed to carry the [Jackhammer]. The limits to what kind of rules you can make are effectively arbitrary.

It’s extremely impressive, and Microsoft’s pitch for using this technology on factory floors and in hospitals belies another truth: it’s also extremely terrifying. The cliché here is to gesture at notions of Skynet, but the real dangers are far more grounded than some kill-all-humans fantasy.

The real dangers are far more grounded than some kill-all-humans fantasy

The privacy implications, which Microsoft didn’t venture to mention on stage, are chilling even in a hospital or factory floor or other workplace. Yes, systems like this could ensure no patient collapses on a floor out of sight or that new hires aren’t juggling chainsaws for fun. But it also would make it trivial to pull up statistics on how any employee spends her day—down to the second. Even if it is ostensibly about efficiency, this sort of data can betray all sorts of private information like health conditions or employees interpersonal relationships, all that with incredible precision and at a push of a button. And if the system’s not secure from outside snooping? Woof. The concerns explode exponentially.

And of course the creepiness only increases if you imagine the spread of this technology to places like the home,though at least there users would theoretically have to opt in. That is, unless a hacker or company decides to surreptitiously apply this sort of computer vision to the cameras already in your home or just steal the footage and apply the machine eyes after the fact.

it’s a sort of instant, god-like omnipotence

Perhaps most concerning though, is the idea of this tech in the public sphere, where relative privacy is a given but only thanks to obscurity. You can be effectively “alone” in a mall or coffee shop only because it is difficult to look for you. If applied to security systems and other live video feeds, this sort of technology gives those with the power to search through it a sort of instant, god-like omnipotence. That has chilling implications whether that power is in the hands of a disgruntled IT guy or the FBI. All that’s to say nothing of the implications for ad-targeting, and all the companies that would have a vested interest on building a dossier about you specifically, not because you are particularly interesting but just because you buy things sometimes.

Artists and technologists have been grappling with this coming privacy nightmare for years with anti-surveillance gear that runs the gamut from makeup to glasses to gadgets. It’s been easy to dismiss these measures as art or dystopian fantasy, but it’s getting more difficult not to take them seriously.

There’s no doubt, of course, that dynamic image recognition would have huge benefits and could save countless lives much in the way Microsoft’s demo indicates. But without strict rules or regulations, these smart cameras could cross all kinds of privacy lines before we even know it.

The tech is moving fast, and sooner or later, cameras like this are undoubtedly coming to a workplace near you, and Skynet is the least of our worries.

www.intelagencies.com

Henry Sapiecha

This website lets you spy on what people are torrenting

what-is-being-downloaded-image-www-ispysite-com

This website lets you spy on what people are torrenting.

www.Iknowwhatyoudownload.com

A NEW website allows you to spy on what your friends are downloading from the internet — and they won’t have a clue you’re watching them.

Iknowwhatyoudownload.com sneakily tricks your mates into clicking a false link which will actually track everything they download for 24 hours and allow you see it.

It works by generating a false link for you to send to a friend, which can be anything, but the site recommend one they use frequently, such as Facebook, or a link to a news article.

When you send the link, your friend will open it and it will take them to that site — or so they think.

What they won’t know is that they’re actually being tracked from the moment they click on it.

Iknowhatyoudownload will list every file they have downloaded for 24 hours.

However, it only affects you if you use a torrent, a tool used by thousands of people worldwide to distribute data and files over the internet, such as films or songs.

Most people think that torrents keeps your data secret — but it is attached to your IP address, a unique number used to identify your internet connection.

Iknowwhatyoudownload looks at your IP address to collect the data, which will be available unless you use a VPN — a tool which hides your IP address by replacing it with a different one.

If you don’t use a way to hide your IP address, everything you download via torrents can be monitored and made public by the website.

Despite privacy concerns the makers claim it can be used for good — even boasting online that it can be used to catch people who download explicit images of children.

Iknowwhatyoudownload’s marketing director Andrey Rogov told site TorrentFreak: “We’ve set up the site for promotional purposes and as a demonstration of our capabilities.

“We are engaged in the distribution of information relating to torrent downloading activity to rightsholders, advertising platforms, law-enforcement and international organisations.”

They also say they can help people whose data has been released on the internet without their permission, and in one case claimed to have a victim of revenge porn.

Mr Rogov added: “For example, we received a letter from a girl whose sexually explicit video had appeared on the internet and had been widely spread over torrents sites. We helped her to remove public access to this content.

“We also respond to inquiries from some organisations. For example, Northeastern University asked us about torrent downloads from their IP-addresses.”

However news.com.au do not recommend you use the tool or send a link to a friend as it is currently unclear who is behind it.

www.intelagencies.com

club-libido-banner-brunette-h-looks-up-from-bed

Henry Sapiecha

Chip implants beneath the skin bring a new meaning to ‘pay wave’

Amal Graafstra holding a large hypodermic needle - the kind needed to inject an RFID chip into your hand. image www.ispysite.com

Secret Micro-chip implants for making payments and locking doors are the next frontier, but are the pitfalls worth it?

Amal Graafstra holding a large hypodermic needle – the kind needed to inject an RFID chip into your hand. Photo: Supplied

Most tech-heads like to tinker with the inner workings of iPhones or clapped out VCRs.

But Amal Graafstra is different. For the last 10 years, he’s been busy hacking into his own body.

His US company Dangerous Things specialises in manufacturing rice grain-sized computer chips designed to be implanted inside the delicate webbing between the thumb and forefinger.

Dangerous Things founder Amal Graafstra has an RFID chip implanted in each hand image www.ispysite.com

Dangerous Things founder Amal Graafstra has an RFID chip implanted in each hand.

“Getting an ear piercing is many times more risky,” he says, reassuringly.

The bionic-grade glass chips use radio-frequency identification (RFID) to control electronic objects with the swipe of a hand – from the lock on a front door to a car ignition or a personal computer.

It’s the same kind of technology used in pet ID tags; by itself, the chip doesn’t do much, but when it comes into close contact with a “reader” device, it will transmit information that can then trigger commands.

 The bionic glass chips are about the size of a grain of rice image www.ispysite.com

The bionic glass chips are about the size of a grain of rice.

The chips only cost $US99 a pop, and while their core market is a handful of dedicated geeks – including a few in Australia – Graafstra says he’s increasingly noticing a new kind of customer.

“What is becoming clear is there are more individuals purchasing the chips who have less knowledge about the technology,” he says.

“They’re into gadgets and they’re geeky but they’re not necessarily building their own stuff, so the type of customer is expanding slowly.”

eftpos terminail being used image www.ispysite.com

NFC chips are increasingly used for instant payment methods, including via smartphones.

RFID chips are becoming more common elsewhere, too.

The most well-known standard of RFID is near-field communication (NFC), increasingly used in instant, digital payment transactions, which facilitate credit card payments in a matter of seconds with a simple tap.

Visa this week announced a partnership with the University of Technology Sydney to develop new wearable technologies.

Alongside the announcement came a sensational figure from its own research, purporting to show that a quarter of Australians were “at least slightly interested” in having an NFC chip implanted in their skin for payments.

Visa and UTS have since clarified they were not actively developing implant technologies themselves, but the alarm bells are already ringing.

Social futurist Mal Fletcher, who heads up the London-based think tank 2020 Plus, responded with an Op Ed warning of the potential pitfalls of “subcutaneous spending devices”.

These included bodily hacking; mass surveillance from commercial parties collecting our personal data; rising instances of “digital debt” thanks to the abolition of physical money and its tangible value associations; links between implants and cancer; and even the potential to cause early-onset dementia.

Fletcher insists he’s not an alarmist – just cautious.

“We have to look at not just where technology is now but the principle behind it,” he says.

“I’m not trying to make payments companies into the bogyman,” he says. But he points out that it is in their interests to lead the push towards a cashless society, where ease of transactions and detachment from money encourage impulse spending – and everyone’s spending habits are dutifully logged.

Graafstra counters that chip implants are not too far removed from where we are today, where day-to-day living depends on the binary transactions of bank cards, swipe cards and serial numbers – all traceable back to our ID.

“We’re already in a position where we have no real control over our digital assets,” he says.

At least chip implants can eliminate the stress of being mugged – or can they?

The threat of hacking RFID chips is real, says Linus Information Security Solutions director Mike Thompson, and the upsides may not be worth it.

The assumption that NFC chips can only be read at very short distances is misplaced, he says, citing “plenty of examples” where people have accessed them over distances of several metres using specialised antennas.

These security flaws can be mitigated with the addition of passcodes or PINs – which can be added to smartphones or wearables, but not to the palm of your hand (yet).

An aluminium shield also works; for instance, a special aluminium wallet to protect your NFC-enabled credit card from would-be hackers.

Thompson is sceptical of the advantages of embedding chips into one’s body over, say, clothing or other wearable devices.

“Is opening a door automatically when you are naked that important?”

Beautiful_Russian_5_300_250

Henry Sapiecha

Pamela Meyer: How to spot a liar in this revealing video presentation

On any given day we’re lied to from 10 to 200 times, and the clues to detect those lie can be subtle and counter-intuitive. Pamela Meyer, author of Liespotting, shows the manners and “hotspots” used by those trained to recognize deception — and she argues honesty is a value worth preserving.

www.intelagencies.com

Hot_Russian_300_250

Henry Sapiecha

MOBILE SPY PHONE SOFTWARE DOES IT ALL & YOU CAN DOWLOAD IT HERE NOW

Learn More About Mobile Spy!

frog.MOBILE phone image www.ispysite.com

Mobile Spy constantly updates the software so that it contains the latest features as requested by our loyal customers. Many of our features cannot be found with anywhere else.
Check out a summary of Mobile Spy’s features below.

record surroundings

Environment Monitoring*

Record Surroundings, Stealth Camera**
Initiate the camera to take a secret picture and a secret audio recording to see and hear the smartphone surroundings.
Mobile Facebook Monitoring

Web & Social Media Monitoring

Facebook, WhatsApp, Twitter and More
Monitor all internet activity from Facebook, WhatsApp and Twitter messaging services used on the mobile phone. View smartphone web history.
SMS Text Message Monitoring

Text Message Monitoring

Message Text, Sender’s and Recipient’s Number
Learn what your child or employee is texting. Records the content of every SMS and MMS message sent or received.
call details

Call Monitoring

Number Dialed, Date, Duration, Number of Caller
Find out who they call, when they call, and how much time they spend on each call. Logs all inbound and outbound phone calls.
GPS Location Tracking

GPS Tracking

View a Map of Recorded Locations
Find out exactly where your child or employee is. View a map of recorded locations. Works where GPS signal is available.
Photos and Videos

Photo and Video Monitoring

View All Photos and Videos Taken By the Phone
Discover what photos are taken on the smartphone or tablet. Record photos and videos taken by the phone.
gmail monitoring

Gmail and YouTube Monitoring

Gmail Message Text, Link to YouTube Video
View Gmail messages sent/received, and get a link to every YouTube video watched on the smartphone or tablet.
messenger service monitoring

Messenger Logs

iMessage, Facebook, WhatsApp, BlackBerry PIN
Instant messenger services are an alternative to carrier text messages. With Mobile Spy, you will be able to monitor these messages as well.
view contacts

Contacts and Notes Monitoring

Name, Phone, Email, Company, Date, Title
Keep track of who they are contacting. Records all contacts and notes that are saved on the mobile phone.
Block Applications

Application Blocking

Remotely Block Any App, Remote Stealth Uninstall
Stop usage of all or some apps, including built in apps and downloaded apps. Remove Mobile Spy remotely.
send sms commands

SMS Commands

GPS Location, SIM Change Alert, Lock / Wipe Device
Send a text message from your phone containing a command for the monitored phone. Lock, get SIM info and remotely delete phone data such as call history/contacts.
LIVE Control Panel

LIVE Control Panel**

View the Screen, Instant Location, Initiate a Call
Mobile Spy premium option gives you instant monitoring, View the screen LIVE, view map of current location, initiate stealth camera to view the phone’s current surroundings.
Mobile Spy is the next generation of smartphone monitoring software. Do you suspect your child or employee is abusing their phone privileges? If yes, then this software is for you. Install the hidden app and view activity logs online from anywhere.This groundbreaking system records SMS messages, GPS locations, Call Information, Photos, Email and more. Bundle includes LIVE Control Panel Add-on with the ability to view the smartphone screen LIVE, initiate a call and more.
click here to buy now blue yellow bar
*Android, iPhone and BlackBerry only.
**LIVE Control Panel is available in the Premium option only.
Beautiful_Russian_2_300_250
Henry Sapiecha

SPIES USE SMART PHONES TO TRACK PEOPLE’S MOVEMENTS, CALLS & ACTIVITIES

LONDON (AP) — Documents leaked by former NSA contactor Edward Snowden suggest that spy agencies have a powerful ally in Angry Birds and a host of other apps installed on smartphones across the globe.

iphone masses

The documents, published Monday by The New York Times, the Guardian, and ProPublica, suggest that the mapping, gaming, and social networking apps which are a common feature of the world’s estimated 1 billion smartphones can feed America’s National Security Agency and Britain’s GCHQ with huge amounts of personal data, including location information and details such as political affiliation or sexual orientation.

The size and scope of the program aren’t publicly known, but the reports suggest that U.S. and British intelligence easily get routine access to data generated by apps such as the Angry Birds game franchise or the Google Maps navigation service.

The joint spying program “effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system,” one 2008 document from the British eavesdropping agency is quoted as saying. Another document – a hand-drawn picture of a smirking fairy conjuring up a tottering pile of papers over a table marked “LEAVE TRAFFIC HERE” – suggests that gathering the data doesn’t take much effort.

***** SPECIAL OFFER FOR MOBILE PHONE SPYWARE

special offer flasing yellow star image www.ispysite.com

  • Monitor online in complete stealth
  • View complete SMS text messages
  • Monitor WhatsApp and iMessage
  • Get GPS locations as often as you wish
  • Monitor Facebook and Twitter messages
  • Record call details and websites visited
  • View photos and videos of the phone
  • View memos, contacts and email
  • Block Apps from running on the phone
  • View LIVE Screen with LIVE Panel Option

access bar sniperspy book image www.ispysite.comred arrow banded to left

The NSA did not directly comment on the reports but said in a statement Monday that the communications of those who were not “valid foreign intelligence targets” were not of interest to the spy agency.

“Any implication that NSA’s foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true,” the statement said. “We collect only those communications that we are authorized by law to collect for valid foreign intelligence and counterintelligence purposes – regardless of the technical means used by the targets.”

GCHQ said it did not comment on intelligence matters, but insisted that all of its activity was “authorized, necessary and proportionate.”

Intelligence agencies’ interest in mobile phones and the networks they run on has been documented in several of Snowden’s previous disclosures, but the focus on apps shows how everyday, innocuous-looking pieces of software can be turned into instruments of espionage.

Angry Birds, an addictive birds-versus-pigs game which has been downloaded more than 1.7 billion times worldwide, was one of the most eye-catching examples. The Times and ProPublica said a 2012 British intelligence report laid out how to extract Angry Bird users’ information from phones running the Android operating system.

Another document, a 14-page-long NSA slideshow published to the Web, listed a host of other mobile apps, including those made by social networking giant Facebook, photo sharing site Flickr, and the film-oriented Flixster.

It wasn’t clear precisely what information can be extracted from which apps, but one of the slides gave the example of a user who uploaded a photo using a social media app. Under the words, “Golden Nugget!” it said that the data generated by the app could be examined to determine a phone’s settings, where it connected to, which websites it had visited, which documents it had downloaded, and who its users’ friends were. One of the documents said that apps could even be mined for information about users’ political alignment or sexual orientation.

Google Inc. and Rovio Entertainment Ltd., the maker of Angry Birds, did not immediately return messages seeking comment on the reports.

The Times’ web posting Monday of a censored U.S. document on the smartphone surveillance briefly contained material that appeared to publish the name of an NSA employee. Computer experts said they were able to extract the name of the employee, along with the name of a Middle Eastern terror group the program was targeting and details about the types of computer files the NSA found useful.

Since Snowden began leaking documents in June, his supporters have maintained they have been careful not to disclose any intelligence official’s name or operational details that could compromise ongoing surveillance.

The employee did not return phone or email messages from the AP.

Michael Birmingham, a spokesman for the Director of National Intelligence, said the agency requested the Times redact the information. Danielle Rhodes Ha, a Times spokeswoman, attributed the posting to a production error and said the material had been removed.

CHINESE HACKERS AT WORK ON MEMBERS PRIOR TO THE G2 SUMMIT

MALICIOUS CODES IMPLANTED INTO EUROPE’S G20 MEMBERS BY CHINA

1386723128609

Chinese hackers eavesdropped on the computers of five European foreign ministries before last September’s 2013 G20 Summit, which was dominated by the Syrian crisis, according to research by computer security firm FireEye.

The hackers infiltrated the ministries’ computer networks by sending emails to staff containing tainted files with titles such as “US_military_options_in_Syria,” said FireEye, which sells anti-virus software to companies.

When recipients opened these documents, they loaded malicious code on to their computers.

For about a week in late August, California-based FireEye said its researchers were able to monitor the “inner workings” of the main computer server used by the hackers to conduct their reconnaissance and move across compromised systems.

AAA

FireEye lost access to the hackers after they moved to another server shortly before the G20 Summit in St. Petersburg, Russia. FireEye said it believes the hackers were preparing to start stealing data just as the researchers lost access.

The US company declined to identify the nations whose ministries were hacked, although it said they were all members of the European Union. FireEye said it reported the attacks to the victims through the FBI.

FBI spokeswoman Jenny Shearer declined to comment.

“The theme of the attacks was US military intervention in Syria,” said FireEye researcher Nart Villeneuve, one of six researchers who prepared the report. “That seems to indicate something more than intellectual property theft … the intent was to target those involved with the G20.”

The September 5-6 G20 summit was dominated by discussion of the Syrian crisis, with some European leaders putting pressure on US President Barack Obama to hold off on taking military action against Syrian President Bashar al-Assad.

Villeneuve said he was confident the hackers were from China based on a variety of technical evidence, including the language used on their control server, and the machines they used to test their malicious code.

He said he did not have any evidence, however, that linked the hackers to the Chinese government.

“All we have is technical data. There is no way to determine that from technical data,” Villeneuve said.

Chinese Foreign Ministry spokesman Hong Lei said China opposed any hacking activities.

“US internet companies are keen on hyping up the so-called hacker threat from China, but they never obtain irrefutable proof, and what so-called evidence they do get is widely doubted by experts. This is neither professional nor responsible,” Hong told a daily news briefing in Beijing.

One of dozens

Western cyber security firms monitor several dozen hacking groups operating in China, most of which they suspect of having ties to the government. The firms also suspect the hacking groups of stealing intellectual property for commercial gain.

China has long denied those allegations, saying it is the victim of spying by the US. Those claims gained some credibility after former NSA contractor Edward Snowden began leaking documents about US surveillance of foreign countries, including China.

FireEye said it had been following the hackers behind the Syria-related attack for several years, but this is the first time the group’s activities have been publicly documented. The company calls the group “Ke3chang”, after the name of one of the files it uses in one of its pieces of malicious software.

FireEye said it believed the hackers dubbed the Syria-related campaign “moviestar” because that phrase was used as a tag on communications between infected computers and the hackers’ command-and-control server.

In 2011, the group ran another operation dubbed “snake”, which enticed victims with a file that FireEye said contained nude pictures of Carla Bruni, the Italian-French singer, songwriter and model who in 2008 married then French President Nicolas Sarkozy.

The host name for that campaign’s command-and-control server contained the string “g20news”, which might indicate that it was related to the G20 Finance Ministers meeting in Paris in 2011, FireEye said.

The email address used to send those malicious files had the phrase “consulate” in it, which also bolstered the possibility that the attack was politically motivated, Villeneuve said.

He said researchers only gathered evidence about “snake” through reviewing emails and malicious code. They did not have access to its command-and-control server, which they did in the case of the “moviestar” attack.

Reuters

AAA

Henry Sapiecha

blue cam line

NATIONAL SECURITY AGENCY ILLEGAL ACCESS TO MICROSOFT GLOBAL COMMUNICATIONS LINKS

Microsoft is moving toward a major new effort to encrypt its internet traffic amid fears that the National Security Agency may have broken into its global communications links, said people familiar with the emerging plans.

1381280795980

Suspicions at Microsoft, while building for several months, sharpened in October when it was reported that the NSA was intercepting traffic inside the private networks of Google and Yahoo, two industry rivals with similar global infrastructures, said people with direct knowledge of the company’s deliberations. They said top Microsoft executives are meeting this week to decide what encryption initiatives to deploy and how quickly.

Documents obtained from former NSA contractor Edward Snowden suggest – though do not prove – that the company is right to be concerned. Two previously unreleased slides that describe operations against Google and Yahoo include references to Microsoft’s Hotmail and Windows Live Messenger services. A separate NSA email mentions Microsoft Passport, a web-based service formerly offered by Microsoft, as a possible target of that same surveillance project, called MUSCULAR, which was first disclosed by The Washington Post last month.

Though Microsoft officials said they had no independent verification of the NSA targeting the company in this way, general counsel Brad Smith said Tuesday that it would be ‘‘very disturbing’’ and a possible constitutional breach if true.

Microsoft’s move to expand encryption would allow it to join Google, Yahoo, Facebook and other major technology firms in hardening their defences in response to news reports about once-secret NSA programs. The resulting new investments in encryption technology stand to complicate surveillance efforts – by governments, private companies and criminals – for years, experts say.

Though several legislative efforts are underway to curb the NSA’s surveillance powers, the wholesale move by private companies to expand the use of encryption technology may prove to be the most tangible outcome of months of revelations based on documents that Snowden provided to The Washington Post and Britain’s The Guardian newspaper.

In another major shift, the companies also are explicitly building defenses against US government surveillance programs, in addition to combating hackers, criminals or foreign intelligence services.

‘‘That’s a pretty big change in the way these companies have operated,’’ said Matthew Green, a Johns Hopkins University cryptography expert. ‘‘And it’s a big engineering effort.’’

In response to questions about Microsoft, the NSA said in a statement Tuesday, ‘‘NSA’s focus is on targeting the communications of valid foreign intelligence targets, not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to the U.S. government.’’

A US official, who was not authorised to discuss the matter publicly and spoke on the condition of anonymity, said Tuesday that collection can be done at various points and does not necessarily happen on a company’s private fiber-optic links.

A 2009 email from a senior manager of the NSA’s MUSCULAR project specifies that a targeting tool called ‘‘MONKEY PUZZLE’’ is capable of searching only across certain listed ‘‘realms,’’ including Google, Yahoo and Microsoft’s Passport service. It is not clear what service a fourth listed realm, ‘‘emailAddr,’’ refers to.

‘‘NSA could send us whatever realms they like right now, but the targeting just won’t go anywhere unless it’s of one of the above 4 realms,’’ the email said.

The tech industry’s response to revelations about NSA surveillance has grown far more pointed in recent weeks as it has become clear that the government was gathering information not only through court-approved channels in the United States – overseen by the Foreign Intelligence Surveillance Court – but also through the massive data links overseas, where the NSA needs only authority from the president.

That form of collection has been done surreptitiously by gaining access to fiber-optic connections on foreign soil. Smith, the Microsoft general counsel, hinted at the extent of the company’s growing encryption effort at a shareholder’s meeting last week.

‘‘We’re focused on engineering improvements that will further strengthen security,’’ he said, ‘‘including strengthening security against snooping by governments.’’

People familiar with the company’s planning, who spoke on the condition of anonymity to discuss matters not yet publicly announced, said that while officials do not have definitive proof that the NSA has targeted Microsoft’s communication links, they have been engaged in a series of high-level meetings to pursue encryption initiatives ‘‘across the full range of consumer and business services.’’

A cost estimate was not available; key decisions are due to be made at a meeting of top executives this week in Redmond, Washington, where Microsoft is headquartered.

When asked about the NSA documents mentioning surveillance of Microsoft services, Smith issued a sharply worded statement: ‘‘These allegations are very disturbing. If they are true these actions amount to hacking and seizure of private data and in our view are a breach of the protection guaranteed by the Fourth Amendment to the Constitution.’’

That echoes a similar statement by Google’s general counsel, David Drummond, who said last month that he was ‘‘outraged’’ over the report in The Washington Post about the NSA tapping into the links connecting the company’s network of data centers. Google in September announced an ambitious new set of encryption initiatives, including among data centers around the world. Yahoo made a similar announcement last week.

Microsoft, Google and Yahoo also have joined other major tech firms, including Apple, Facebook and AOL, in calling for limits to the NSA’s surveillance powers. Most major US tech companies are struggling to cope with a global backlash over US snooping into internet services.

The documents provided by Snowden are not entirely clear on the way the NSA might gain access to Microsoft’s data, and it is possible that some or all of it happens on the public internet as opposed to on the private data center links leased by the company. But several documents about MUSCULAR, the NSA project that collects communications from links between Google and Yahoo data centers, discuss targeting Microsoft online services.

The company’s Hotmail email service also is one of several from which the NSA has collected users’ online address books.The impact of Microsoft’s move toward expanded encryption is hard to measure. And even as most major internet services move to encrypt their communications, they typically are decoded – at least briefly – as they move between each company’s systems, making them vulnerable.Privacy activists long have criticized Microsoft as lagging behind some rivals, such as Google and Twitter, in implementing encryption technology.

A widely cited scorecard of privacy and security by tech companies, compiled by the Electronic Frontier Foundation in San Francisco, gives Microsoft a single check mark out of a possible five.

‘‘Microsoft is not yet in a situation where we really call them praiseworthy,’’ said Peter Eckersley, technology projects director at the foundation. ‘‘Microsoft has no excuse for not being a leader in encryption and security systems, and yet we often see them lagging behind the industry.’’

Encryption, while not impervious to targeted surveillance, makes it much more difficult to read communications in bulk as they travel the internet. The NSA devotes substantial resources to decoding encrypted traffic, but the work is more targeted and time consuming, sometimes involving hacking into individual computers of people using encryption technology.

Documents provided by Snowden, and first reported by The Guardian, show that Microsoft worked with US officials to help circumvent some forms of encryption on the company’s services.

Soltani is an independent security researcher and consultant.

The Washington Post

AAA

Henry Sapiecha

blue cam line

FRAUDULENT CLAIM BY BANANA SKIN VICTIM EASILY SPOTTED ON CCTV FOOTAGE

Banana peel fraud caught on CCTV

art-bananaskin2-620x349

US man charged with fraud after CCTV shows him placing a banana peel on the floor of a lift and then slipping on it.

It was the video that did him in.

One night in early August, Maurice Owens was riding an lift at a Washington Metro station when, he says, he slipped on a banana peel as he was getting off, injuring his hip and leg.

He sued the transit agency for $US15,000 ($16,500) – in part to cover $US4500 in chiropractor bills.

Problem is, the whole incident was caught on tape – and the tape showed something different.

AAA

The claim against Metro was thrown out, and Owens, 42, ended up being charged with second-degree fraud, a felony.

“Through our investment in digital camera systems across the system, we are demonstrating our commitment to protecting fare-paying riders and the region’s taxpayers from fraudulent claims,” said Metro spokesman Dan Stessel.

Here’s how the scene played out: About 9pm on August 8, Owens can be seen entering an empty lift in the station.

He paces around a bit, then glances up into the lift’s camera. More pacing. Another glance at the camera. In fact, in the video, which is about 90 seconds long, Owens is seen looking into the camera at least three times.

Near the end of the video, as the lift doors open, Owens can be seen flipping something onto the floor behind him. According to a Metro Transit Police report “this object was later identified as a banana peel”.

In a dramatic gesture, Owens falls to the ground – half his body inside the lift, half outside.

Owens reported his injuries to the station manager, Metro Transit Police was called, and he was taken to Howard University Hospital Centre for treatment.

About two weeks later, Owens filed his claim against Metro.

“What you will see in the camera footage is that the lift, just prior to Mr Owens boarding, shows there’s nothing on the floor,” Stessel said.

“He is then seen with what appears to be a banana peel in his hand, looking in the direction of the camera,” Stessel said. “An object can be seen on the ground, and then when the lift doors open, he steps on the object, thrusts himself forward and falls out of the lift.”

In an interview with Metro officials, Owens reportedly asked why a custodian for the station had “not cleaned up the banana peel prior to his entering the lift”, according to the police report.

Owens did not return a message left on Tuesday at his Washington home.

Metro presented its case to the US Attorney’s Office in the District. A warrant was issued accusing Owens of fraud, and he was arrested.

At a hearing earlier this month, a DC Superior Court judge ordered Owens to undergo a mental health screening and evaluation. He is scheduled to appear in court on Monday.

Slapstick references aside, the case is one of the roughly 225 claims Metro’s Third Party Claims office receives each month. Most seek compensation for slips and falls on station platforms, stairs, escalators, lifts and buses, or while getting on and off trains.

Fewer than half those claims result in a settlement or payout from Metro, and the average payout is less than $US2500, Stessel said.

For example, over the past few years the agency paid: $US50 to a Metro rider who said oil dripped from the air conditioner of a rail car onto his shirt, $US45 to a rider who claimed to have gotten his sandal stuck in an escalator at West Falls Church, $US104.37 to a driver who said the gate at the West Falls Church parking garage came down on his vehicle, and $US100 to a person who said he lost his footing while walking down the steps at the Branch Avenue Metro station.

Stessel noted that Metro sometimes opens its own claims. “For example, if a person gets transported to the hospital, we will automatically open a claim. If the person never gets in touch with us, it is classified as ‘abandoned,’ ” he said

AAA
Henry Sapiecha
blue cam line