the-frontline

PRISM: Sir Tim Berners-Lee thanks Edward Snowden as US congressman pleads for silence

11 Mar 2014

Edward Snowden NSA Prism whistleblowerThe appearance of PRISM whistleblower Edward Snowden at any event is always going to cause controversy. However, turning up to speak at an event happening in the US – albeit on a satellite video feed – meant Snowden's appearance at the SXSW conference in Austin caused a storm.

The controversy began before Snowden even had a chance to open his mouth, when it was revealed that US congressman Mike Pompeo had pressured conference producers to retract their offer for the whistleblower to speak.

Specifically, Pompeo sent a letter to the organisers that said: "Mr Snowden's appearance would stamp the imprimatur of your fine organisation on a man who ill deserves such accolades. Rewarding Mr Snowden's behavior in this way encourages the very lawlessness he exhibited.

"Such lawlessness – and the ongoing intentional distortion of truth that he and his media enablers have engaged in since the release of these documents – undermines the very fairness and freedom that SXSW and the ACLU [American Civil Liberties Union] purport to foster. I strongly urge you to withdraw this invitation."

Putting aside the question of whether you agree with Pompeo's argument, for us here at V3 the really scary part is quite how removed it was from the opinions of most technologists at the conference. The moment he appeared live on the video feed Snowden was met with a rock star's welcome, with attendees clapping and cheering. One particularly enamoured attendee even wolf whistled.

The divide in opinion was further showcased during the question and answer session. Sir Tim Berners-Lee, the father of the web, extended his thanks to Snowden for leaking PRISM documents to the press.

This proves our worst fears are coming to pass and the PRISM scandal is causing a gradual, but increasingly large, rift between technologists and government agencies.

As we noted in our New Year PRISM feature, this is a terrible state of events that can only cause more harm than good. On one level this is because the PRISM revelations will undoubtedly damage international trade, with governments fearing that the NSA's far-reaching surveillance powers mean any US company cannot be trusted to handle data. This was already showcased in August 2013 when reports broke that the Chinese government planned to investigate IBM, Oracle and EMC, following concerns that the NSA could be using the firms' technologies for cyber espionage.

It's also bad because it has the potential to undo a lot of the positive work agencies such as the Cabinet Office and GCHQ – which is known to have used PRISM data – have done with the private sector to fight cybercrime.

Since launching the UK Cyber Security Strategy in 2011, the UK government has announced a steady stream of new initiatives designed to increase collaboration between the public and private sectors. The campaigns have had some success, but given the constant flow of new cybercrime campaigns it's clear there is still much to be done, which will require the public and private sectors to continue working together.

This schism shown by Snowden's SXSW appearance indicates that many technologists – and as a result companies – may no longer be quite so happy doing this. As a result, perhaps the most notable is not what Snowden said, but how it demonstrated the growing divide between government agencies and industry.

Here's hoping this isn't lost on the two sides and we can use the SXSW fiasco as a starting point for building bridges and finally have a frank discussion about mass surveillance and what needs to be done to repair the relationship between the public and private sector.

By V3's Alastair Stevenson

Tech City hackers work on flood apps from open data sources

17 Feb 2014

jabra-office-flood

With much of the south of the UK currently underwater and suffering from storm damage and power cuts, things are pretty bleak for many.

So anything that can make a small difference is to be welcomed and the good folks at Tech City have done exactly that by co-ordinating a ‘hackathon’ session in the capital to try and develop apps for those in flood-hit areas.

On Sunday around 200 developers, both individuals and employees from the likes of Twitter, Microsoft and Google, got together to use open data about the floods provided by the government to cobble together quick and useful apps that could prove helpful for those affected.

Teams were formed and each put together a two-minute pitch for judges from the Cabinet Office. Those picked out included UKFloodAlerts, which can be used to warn users of risks from burst rivers, power cuts or impassable roads.

Another chosen as a winner was called ViziCities that uses data from the ViziCities platform to make 3D maps of the flood level to make it clearer how areas have been affected.

Joanna Shields, Tech City UK chairman who led the initiative, praised the efforts of those involved and said it proved the “power of government opening up data”.

“In a meeting on Friday convened at No. 10 Downing Street, [the] government called on the tech community to best use its wealth of flood data and the response we’ve seen from developers has been fantastic,” she said.

“Over the course of the weekend we had hundreds of people volunteer their time to produce genuinely innovative apps that are testament to the creativity, imagination and generosity of our local tech community.”

The hope is that the apps will now go live and those in affected areas can get them on their phones and have a little more information about what's happening in their area. It may not be much, but it all helps, and underlines the potential of open data to help the public.

By V3's Dan Worth 

PRISM: Obama won't calm European firms' suspicions with NSA promises

21 Jan 2014

As noted by myself and numerous big-name figures in the public and private sector, the damage the PRISM spying scandal could inflict on the global economy and key industries, such as the cloud, is catastrophic. By being caught snooping not only on foreign firms, but also a number of political figures in countries that are supposedly allied with the US, the NSA seriously damaged international trust.

This was showcased to great effect in 2013 when Deutsche Telekom said it was considering re-routing all user information through German data centres and servers, in a bid to protect its customers from NSA snooping.

For this reason, I was overjoyed last week when president Barack Obama promised he was going to explain what new measures and safeguards he planned to put in place to ensure a scandal like PRISM does not reoccur.

However, come the big day when he took the stage and began outlining the new measures, my feelings towards his proposed reforms were at best mixed.

On the one hand Obama got a lot right. The US president said he would work to change the way PRISM requests could be handed to companies and increase the amount of information that the businesses involved can disclose to the public.

Specifically Obama pledged to put in place a series of fresh measures created by the attorney general, on how requests using the US Foreign Intelligence Surveillance Act (FISA) and National Security Letters can be made.

FISA and National Security Letters were used by the NSA to force numerous companies, including Google, Yahoo, Apple and Microsoft, to hand over vast amounts of customer data. The nature of the requests means the companies are not allowed to disclose what information was handed over without risk of arrests. The secret nature of the requests is one of the key reasons many people and businesses are still concerned about the safety and sovereignty of their data.

Even better, Obama also promised to make sure the public sector and general public would be represented in the approval process of data-gathering campaigns. He pledged to create a new independent, non-governmental panel of advocates to appear at the secret courts, which will approve or deny operations such as PRISM. Candidates for the new panel of advocates will be approved by congress.

All this sounds great, right? Well on one level it was...until Obama went on the offensive against PRISM critics, boldly saying the US would not apologise to groups or countries affected by PRISM.

"Many countries, including those that feigned surprise following the Snowden revelations, are trying to penetrate our networks. Our agencies will continue to gather intelligence on foreign governments' intentions. We will not apologise for doing it better," he said.

Worse still, in a move all too familiar to those that lived through the Bush era, Obama resorted to constantly mentioning 9/11 as a justification for operations such as PRISM. For me, this is serious cause for concern.

After all, Obama failed to disclose key details, such as what information, or how soon after receiving FISA requests companies will be able to reveal to their customers that they handed information to the NSA. Additionally, by vetting candidates for the new independent, non-governmental panel of advocates through congress – a body full of individuals that serve the US – it's unlikely that European businesses' concerns will be high a high priority.

As a consequence, while the new reforms have the potential to help ensure scandals such as PRISM don't reoccur, they also have the potential to be completely ineffectual; the outcome will be determined by how the US government choses to implement them. As a result, for now at least I can't see Obama's reforms winning back the trust of any concerned European business or governments.

By V3's Alastair Stevenson

Kaspersky banks on London business folk to save the world

17 Jan 2014

Eugene Kaspersky office opening

Building the UK's cyber security skill base and economy has been an ongoing goal of the UK government and its Cyber Security Strategy.

As such, many were no doubt pleased when Russian advanced persistent threat-buster and protector of all things nuclear, Kaspersky Labs opened a new 200-person office in London, promising that it will play a pivotal role in its crusade to "save the world from hackers".

Company founder and cyber-doomsday prophet, Eugene Kaspersky was on hand at the London launch – attended by V3 and all the other security movers and shakers – and went so far as to list the office as one of the firm's new command centres.

"Our mission is [to] save the world - it's really simple and easy to remember," he said. "This office space will be responsible not just for Great Britain's operations, but also for Europe and a little bit of global. We're recognising London as a great place, as an international city, where its easier to find the right people for our business that can help us to protect our customers and to save the world."

However, despite his bold statement, speaking to V3, Kaspersky said it wouldn't be superhero white hats that would lead the fight in the London office, but some of the UK's "best and brightest" pencil pushers and salesmen.

"This office will mainly be responsible for the sales and marketing team. Here it will be for Britain and Europe. This is a great city as it's global and its easier to find people that can work internationally than it is in places like Moscow, Germany and France. This is one of the main reasons we moved the command centre of our European operation to London," Kaspersky said.

Confused? So were we. How can salesmen save the world? However, the UK's going through a pretty big cyber skills drought at the moment, and pretty much every company and government agency is reporting difficulty finding cyber-savvy recruits. Even the newly launched National Crime Agency recently had to recruit unskilled people for its cyber team on specialist "training" scheme contracts late last year.

As a consequence it's actually probably a good thing Kaspersky's going to stick with its tried-and-tested Russian security gurus when it comes to actually taking on the malware-makers, as Mr Kaspersky explained.

"Most of our research and development is still based in Russia because the Russian engineers are the best. We're happy with Russian engineers and we know many British companies are happy with Russian engineers as well. It's the same in Silicon Valley and Israel. Everybody wants the best and that's them," he said.

Luckily, for any aspirational British white hat, Kaspersky did confirm he's on the hunt for a new member to his elite Global Research and Analysis Team (Great), so all is not lost for wannabe UK cyber experts.

"We have our security experts team and that's very international, we have people from everywhere in there. So we are looking for UK security experts as well, but only the best of the best," he told V3.

However, to any budding cyber expert looking to get into the team, be warned, you'll have some pretty big shoes to fill. For those who don't remember Great is an award-winning team responsible for finding and dissecting numerous bits of top-end malware, including the notorious Flame, Red October and Icefog campaigns.

Jobs will be needed, though, especially if 2013 is anything to go by. Last year saw an influx of advanced threats and if current forecasts are anything to go by, things are only going to get worse in 2014.

With this in mind – while we're still a little disappointed the London office won't be doing research and development – we can't help but wish the London marketers and any Brit lucky enough to get onto Kaspersky's elite team the best of luck.

By V3's Alastair Stevenson

Skype and Snapchat security woes show risks ahead for 2014

02 Jan 2014

Digital security padlock red image

The New Year is barely a few days old but already the headlines are dominated by security stories of hacks and data thefts from major companies in the form of Skype and Snapchat.

For Skype, this saw its Twitter account and blogs targeted, while Snapchat had data on 4.6 million users released online in a warning to the firm about the need to take security seriously.

For firms of all shapes and sizes the fact security incidents are so immediately in the headlines for the start of the year should serve as a warning. 2013 was full of similar incidents and prove that no firm can rest on its laurels.

Indeed, while the PRISM spying scandal dominated the majority of the security agenda, it is important not to overlook stories such as the hacking of the Lakeland website as proof firms of all types face threats from cyber criminals.

The incidents prove that security is not a static area, but one where criminals and good-hearted ethical hackers are in a constant arms race to try and out do one another and find vulnerabilities to exploit them.

Firms cannot just assume that a single solution will cover everything or that a staff seminar on the things to be aware of such as phishing emails that is delivered in January will be relevant by next December, or even February for that matter.

Perhaps there is a silver lining for the industry from the incidents at Skype and Snapchat, though.

IT chiefs and those with security in their remit can use these incidents at the start of 2014 to make sure all those in charge at the company, especially those holding the purse strings, take security seriously and ensure that adequate resources are provided to help protect the firm from the risks that are present and growing all the time.

Otherwise, it could well be your firm in the headlines for all the wrong reasons.

Hackers could turn toasters into Bitcoin mines as value rockets

25 Sep 2013

toaster

HELSINKI: The humble toaster could become a security threat in the future due to the virtual currency Bitcoin.

For the uninitiated, Bitcoins are a cryptography-based digital currency, which allows users to send and receive money with a degree of anonymity without using traditional commerce networks, in effect cutting out middlemen such as banks. Many governments are also wary of their use as Bitcoin value is determined separately from them. Their uptake has rocketed over the past few years.

While hanging out in Helsinki with F-Secure, the firm's chief research officer Mikko Hypponen, never one to mince his words, said that the increasing value of Bitcoins is enticing criminal gangs to rework traditional malware targeting businesses to turn infected machines into Bitcoin mines.

Bitcoin mining refers to the way Bitcoins are actually earned. In a normal situation, a user runs an algorithm  on their computer to authenticate transactions on the Bitcoin platform. This is legal and the person running the process is rewarded with Bitcoins for their trouble. However, turning hoards of machines into your own army to generate huge numbers of Bitcoins is not. As such the crooks love it, as Hypponen explained.

"Bitcoins have been skyrocketing in value. At the moment the value per Bitcoin is currently $134. As this started happening and people started realising there's actual money in Bitcoin, people started mining them pretty seriously," he said.

"A big deal about crypto currency [such as Bitcoin] is the mining part. You can actually use other computers to mine and because of this, botnet-based mining is becoming a real problem. About a year ago we spotted a botnet not spreading malware or phishing, it was just mining bitcoins."

Hypponen went on to explain that Bitcoins' financial allure has already made established cyber criminals rethink their strategies and adapt some of the biggest, most dangerous botnets in the world to mine Bitcoins.

"ZeroAccess used to monetise itself with click fraud. They got on the machine and made it click on adverts to earn money. They changed their tactic in spring and went fully into Bitcoin mining. Some of our estimates suggest it is earning $58,000 a day. That's real money and something they will want to move to the real world," he said.

This is where the toaster idea comes in. Hypponen added that many of the gangs are so enthralled by Bitcoin's potential they've started experimenting with the idea of turning non-traditional devices into mines.

"[When mining Bitcoins] the user is irrelevant, it's the GPU, the computer and the network connection they need. This is especially interesting when you look at automation. I have a pebble watch, it has a GPU, it could mine Bitcoins, so does my fridge and my toaster – these are going to be used to mine Bitcoins," he said.

"We accepted toasters would eventually have computers, but didn't think it would be a problem – who would want to write malware for a toaster right? Well now they have a reason."

This may be a far-fetched example of how far the threat could go, but as recent hacks of IP-based lightbulbs have shown, the home of the future could be open to all kinds of attacks, even burnt toast.

By V3's Alastair Stevenson

Texas bans police email snooping in PRISM reaction

20 Jun 2013

Hacker in hoodieThe state of Texas and its government haven't traditionally been seen in the best light by the rest of the world.

The people that brought us George W Bush have taken the heat for everything from immigration policy to science curriculum. The state is routinely seen as backwards and misguided, particularly in Europe.

In one case, however, Texas seems to be ahead of the rest of the US and much of Europe when it comes to protecting user privacy.

Earlier this week the state legislature passed a bill that would place the nation's strongest restriction on law enforcement collecting data from email service providers. The bill, which has yet to be signed by governor Rick Perry, would terminate any provisions in which investigators will be able to access data without first obtaining a warrant.

Such protections would provide a valuable safeguard for citizens online. Such warrantless collection of data is often seen as a central component of covert data snooping programmes such as PRISM, which has been brought to light in recent weeks. The rule would require investigators to stand before a judge and provide just cause each and every time they want a service provider to hand over user data.

If the bill is signed, users in Texas will have greater protections from online eavesdropping than those in such progressive havens as San Francisco, Boston, New York City and Seattle. As unlikely as it may be, in this case Texas is setting the standard for electronic policy and user rights.

Twitter hack on the Onion makes for comedy gold

06 May 2013

Twitter Logo

The Syrian Electronic Army has hacked the Twitter account of satirical news website the Onion.

Early reports had the hack pegged as a bit of satirical comedy from the site. However, a picture from the Syrian Electronic Army seems to validate reports that the Onion was indeed hacked.

Among the villainy performed by the hackers was a picture of the group's logo posted on the Onions Twitter page. The Syrian Electronic Army also tweeted out a slew of tweets displaying Onion articles before their actual posting.

The Onion being the comedy site that it is took the hack in good fun. Following the hack, the site posted stories recommending the best practices to avoid getting hacked and a reminder that the firm had changed its password.

"Reduce interest in your website by cutting down on stories about very popular subjects, such as Syria," read one of the websites anti-hacking tips.

The Syrian Electronic Army has been busy in recent months. The pro-Assad hacking regime has already hacked the Twitter accounts of the Associated Press and the BBC in recent months.

Hacks on Twitter have led to calls for two-factor authentication on the social networking site. Following the requests, Twitter has been said to be working towards bringing the feature into the fold later this year.

While two-factor authentication is a good option, we don't think the Onion will mind going without for a few months. The satirical news site seems like a terrible company to go after with a hack. The Onion, more than any other site, seems capable of turning a cyber attack to its advantage.

Previous 1 3 4

About The Frontline

Insight into the latest tech news from V3.co.uk's team of reporters

2014 Financial Software Development - London - Entry Level

Do you want to write industry-leading software relied...

C# Software Web Developer (ASP.NET, JavaScript, jQuery, AJAX)

C# Software Web Developer (ASP.NET, JavaScript, jQuery...

C# ASP.NET Developer (MVC, Web API, JavaScript, TDD, IOS)

C# ASP.NET Developer (MVC, Web API, JavaScript, TDD...

JavaScript Web Developer -CoffeeScript, TypeScript, HTML5, CSS3

JavaScript Web Developer (CoffeeScript, TypeScript, HTML5...

Browse posts by date

Cal_navigation_previousSeptember 2014Cal_navigation_next
MonTueWedThuFriSatSun
       
123567
       
89111314
       
151618192021
       
22232425262728
       
2930

Other sites we like at The Frontline