T3H Blog

The Electronic Frontier Foundation (EFF), whose lawyers brought the National Security Agency’s warrantless surveillance program case to court in 2008, unsurprisingly lost their case and plans to appeal. This means that the practice of funnelling Internet traffic by Telcos to government security agencies will continues unabated in the US.

This will also give leverage to security and law enforcement agencies to persuade ISPs (and in some case developers) to provide exploitable backdoors to access emails unimpeded and continue Internet filtering unhindered by privacy regulations. However, more damaging will be the international repercussion; countries like Australia, Canada, the EU, Germany, Russia, Sweden, the United Kingdom, and many others around the world will be embolden in advancing greater Internet surveillance and joint the ranks of the likes of China, Iran, and many others oppressive (draconian) governments.

Nothing surprising here, governments will always find at least one reason to eavesdrop on its citizens – be it to protect wayward nationals at one end of the spectrum to insecure politicians to give themselves an edge over the masses’ discontent (justified or not), or simply because they can do it under the guise of prevention or perversion.

So get over it, short of setting-up your own clean email address servers that you access via TOR sites – governments sponsored hacking and surveillance is here to stay, and they will apply the 5Ws to fit their political or personal agenda.

Note: Clean email address is where you write emails in draft form, and not send them, but allow trusted contacts to also access the account, read the draft message, and type a draft response. The Onion Router (TOR) – the general idea for TOR is that your connection goes through a server that then processes the encrypted connection through a series of proxy servers. The result is a virtual dead-end for anyone trying to analyze the path you took to get to your clean mail server.

References:

Internet censorship on the rise, by Ersu Abalk, published 27 January 2010

Top 10 technologies to beat tyranny, By Iain Thomson, published: 25 January 2010

U.S. enables Chinese hacking Google, by Bruce Schneier, Special to CNN, published 23 January 2010

Kei Eide, the UN special representative in Afghanistan, suggests that ISAF and the UN give into grievances expressed by Taliban leaders regarding the incontinence of being listed on the UN list of terrorists. Apparently, he does not believe that persuading rank-and-files Taliban fighters to leave terrorist organizations in exchange for schooling and employment, or simply payment to stay idly home, is a sustainable course of action. (I agree turncoats in that region are just that – turncoats that can never be trusted.)

Ostensibly, the reason to delist Taliban leaders is to enable reconciliation talks with people of authority instead of supporting uneducated bottom of the barrel individuals that may or may not be worth trust.

As it ever occurred to anyone at the UN that this approach has not, does not, will not work – there are plenty of examples since 1947 where attempts to mediate with criminals and terrorists have solve or change nothing (i.e., Palestine, Congo, Yugoslavia – Bosnia, Croatia, Kosovo).

Is it that easy for the UN to forget that those listed are responsible for the mass murders, rapes, destruction of homes, near ethnic (tribe) cleansing, and unbelievable discrimination against women – all reasons for the last eight years of war (security assistance).

There is no political solution to Afghanistan, especially if presided over by politicians of any ilk. The solution is hard work towards relative prosperity for all through sustained relevant education and honest labour – rendering Taliban rhetoric meaningless. First near self-sufficiency sustained with the manufacture of tradable products onto the world markets.

A house is build from the bottom up, the same applies to a country… very hard work for all concerned, something real versus likely meaningless talks from UN bureaucrats and politicians. Case in point (and that is only the now list):

War in Somalia

Insurgency in the North Caucasus

Sudanese nomadic conflicts

Cambodian-Thai standoff

Civil war in Ingushetia

Civil war in Chad

South Thailand insurgency

Conflict in the Niger Delta

Sa’dah insurgency

War in North-West Pakistan

Baluchistan conflict

Iraq War

Reference:

U.N. Seeks to Drop Some Taliban From Terror List, by Dexter Filkins, published:  24 January 2010

In a recent NY Times article Amichai Shulman, the chief technology officer at Imperva examined a list of 32 million accounts that an unknown hacker stole last month from RockYou – they found that the 32 million accounts shared about 5000 passwords.

I have been maintaining for almost 20 years that the safest user/password access combo, and now the easiest now, is the ten passwords at your fingertips and the one user ID in your face – a simple choice now that almost all laptops have built-in fingerprint reader and camera, or can be added via the USB port.

If the sign-in provider is too lazy to add the few lines of code needed to take advantage of biometrics, let someone come up with a elegant face recognition to user ID and fingerprint to password conversion application that generates unique user ID and password based on an individual’s biometrics (contact me if you want to know how it works).

We have the technology people, let’s get with the program…

References:

If Your Password Is 123456, Just Make It HackMe by Ashlee Vance, Published: January 20, 2010

Facial Recognition Door Lock and Time Clock for Less than $500 by Aaron Saenz, Published: December 29, 2009

RockYou Hack: From Bad To Worse by Nik Cubrilovic Published: December 14, 2009

Biometrics Turns Your Ear Into Your Password by Drew Halley, Published: May 6, 2009

Computer security researchers found strong evidence of the digital fingerprints of the authors, suspected to by Chinese, in the software programs used in attacks against Google. It apparently attacked Google’s source code – akin to the modifications of Cisco Systems source code found in Cisco routers knockoffs that have appeared on the market.

However, I think that experts are giving Chinese hackers too much credit by assuming, in general, that the attacker gain access externally, unaided, to Google’s jewels. I would make a small wager that it was (a) an insider’s job or (b) a combo job (most probable) where malfeasants have an insider drop keyholes (Trojan horse) among the Hollerith cards or modify some code (backdoor)…

The theft of intellectual property through modified software (application) and co-opted hardware (knockoff or compromised) is about to become a standard cost-of-doing business, not only in China, but worldwide, in just about every industry.

At first governments will mostly support it as an extension of their Intelligence Services, like China, which is committed to make great techno-economic strides to keep the masses busy – too many idle hands only create problems – e.g., look at the Middle East. Their Cyber-Intelligence units will pass on the gathered tidbits from their info-warfare (IW) endeavors to their industries.

(Several countries have well defined C⁴ISTAR units capable of waging cyber-warfare – has seen recently during the cyber attacks on Estonia (2007) during the Bronze Soldier of Tallinn incident and Georgia (2008) during the South Ossetia war. These cyber-warriors are the evolution of the Cold War’s tactical and strategic SigInt operators gifted with patience and blessed with luck that intercepted, decoded, and analyzed signals and/or data to gain some sort of advantage on their targets.)

Eventually, since all things digital reign supreme in the commercial world, organizations will draft individuals to penetrate the competition as workers to drop malware in the cogs to gleam a perceived advantage. Malware to spy and reveal business secrets; or, to erode slowly an opponent’s business model; or, simply siphoned off intellectual property for later nefarious use.

Cybersecurity technologists capable of certifying and fingerprint applications as secure (given certain environments) and able to recognize any modifications, especially unauthorized one, will be worth their weight in platinum. They will have to be digital detectives of the caliber of Sir Arthur Conan Doyle’s Sherlock Holmes, the imaginary sleuth famous for his clever use of incisive observation, deductive reasoning, and forensic skills to defeat malfeasants.

Let the bon temps role!

References:

Fearing Hackers Who Leave No Trace, by John Markoff and Ashlee Vance, published: January 19, 2010

Evidence Found for Chinese Attack on Google, by John Markoff, published: January 19, 2010

China: Cyber warfare, weapon of mass destruction? Published by Heike August 8, 2008

The recent hacking of Google left corporate networks, worldwide, questioning their cyber security, justifiably so. How malware find their way into networks is not as important as taking measures to make everyone aware of the possibility and implementing strict countermeasures automatically, back by strict penalties for not following security rules that reflect realities.

One improvement is to abandon the user/password methods and replace it with biometrics. Regardless of what the industry says the deployment of the technology is not difficult at all, just slightly troublesome for people. Although not the perfect deterrent, biometrics can reduce greatly email accounts highjacking, corporate networks penetrations, and even credit cards cloning.

Simple enrolment procedures of employees’ several biometrics measurement can take less than one (1) minute. A computer connected to a USB device such as a fingerprint reader or a camera biometrics can harvest and verify one’s ID faster than typing in a user/password combo. (Currently, 99% of all computers in used worldwide have at least one USB port.)

As for credit/debit cards, the chip on most of them can store enough information to enable solid biometrics ID at most point-of-sale interfaces.

However, no system connected to the Internet (cyberspace) will ever be 100% secured against a determine malfeasant! Additional organization-wide measures such as establishing sustainable Information Security Management Systems and reliable corporate governance are needed. Further, these measures must be backed by frequent independent audits conducted by trusted third party using such standard as ISOs 20000 (Information Technology Infrastructure Library), 24762 (Disaster Recovery), 27001 (Information Security Management System), 28000 (Supply Chain Management Security), 38500 (Governance of Enterprise IT), and BS 25999 (Business Continuity Management or ISO 22399).

One problem solved, now to the next generation of cybercrimes – the one committed by robots and AIs in the ever-growing virtual world… stay tuned!

References:

In Rebuke of China, Focus Falls on Cybersecurity by Miguel Helft and John Markoff Published: January 13, 2010

Companies Fight Endless War Against Computer Attacks by Steve Lohr Published: January 17, 2010

Hackers Said to Breach Gmail Accounts in China by Edward Wong Published: January 18, 2010

Like warring on each other for no other apparent reason than political gain was not bad enough, slavery goes on without abating. According to Time Magazine’s article “South Africa’s New Slave Trade and the Campaign to Stop It” by By E. Benjamin Skinner (Monday, Jan. 18, 2010) there are more slaves today worldwide than at any point in human history despite dozen international conventions banning slavery.

In addition, please purchase and read “A Crime So Monstrous: Face-to-Face with Modern-Day Slavery” by E. Benjamin Skinner – a shockingly revealing and powerful book that goes far to point out our governments ineffectual rhetorics and the UNHCR impotence.

It is available in bookstore, as well as:

• Amazon
• Barnes & Noble
• Books-A-Million
• Borders
• Overstock
• Powell’s
• Waldenbooks

Note: 25% of U.S. royalties go to Free The Slaves, a group that uses holistic, locally-based strategies through global partners to fight slavery, rehabilitate slaves and eradicate bondage. 25% of U.K. royalties go to the group’s British sister, Anti-Slavery International, the world’s oldest human rights organization.

Benjamin Skinner discusses the challenges of writing about the slave trade on NPR’s Day to Day – http://j.mp/2Uis0 – unbelievable, and yet not surprising.

A UNICEF program that spend US$27 million to decrease child deaths from disease in West Africa has failed, according to a new study that found a higher survival rate in some regions that were not included in the program.

The UN childcare’s agency pursued strategies like vaccinating children, giving them vitamin A pills, and distributing mosquito nets to protect them against malaria form 2001 to 2005 in parts of 11 countries. The aim was to reduce the death rate by at least 25 % by the end of 2006.

An analysis of the program in Benin, Ghana, and Mali found children in areas where it was not in effect had a better chance of surviving past age 5 than children who were covered by it. The study was published online Tuesday in the British medical journal Lancet – see here http://j.mp/5PLrLp.

Why am I not surprised…

On the Huffington Post website, founder Arianna Huffington introduces what she calls the “move your money” campaign. The idea is to get all Americans to close their accounts at big banks and transplant their personal finances to smaller banks. The budding cause has its own web site, moveyourmoney.info, including a link where you can plug in your zip code and find a list of smaller banks.

Huffington singles out the Big Four banks (that would be Bank of America, Citi, JP Morgan Chase and Wells Fargo) for particular ire, pointing out that they’ve curbed business lending even since receiving TARP money. She urges Americans to bank their money at community banks instead of these TARP-receiving behemoths.

I hope this campaign makes enough of an impact for the big banks to notice. At the end of the day, even if this campaign doesn’t succeed in making the Big Four don’t change their ways, if more Americans wind up at banks that make them feel like valued customers, that’s a good thing. In addition, it would serve has a revenge for the rest of us in the world that cannot participate, but paid just the same – here is a change of Americans to do something for the rest of the world that does not involve propping up a war machine in support of decrepit unappreciative corrupted governments.

If you can please make that resolution for 2010 – Move Your Money!

PS. I love the reference to the 1946 classic Frank Capra film It’s a Wonderful Life – just brilliant.