spying
Latest
WikiLeaks: Chinese Politburo responsible for Google hacking
You had to know something interesting would come out of the quarter million diplomatic cables that WikiLeaks just, well, leaked late on Sunday, and the New York Times has picked out a doozie for us. As it turns out, that big brouhaha in China surrounding the hacking of Gmail accounts was actually a state-authorized attack. Such was the report from a Chinese informant working for the US embassy, and the disclosure goes on to say that it was part of a "coordinated campaign of computer sabotage," reaching a wide net of targets, including American government machines, American private businesses, and... the Dalai Lama. Hey, China's hardly the first country to ever engage in state-sponsored cyber espionage (ahem, Stuxnet), but we can't say we're not disappointed. Let's keep it classy from here on out, alright guys?
Webcam-spying school district settles out of court, FBI declines to press charges
Looks like the Lower Merion School District will be paying off kids who got zinged by its laptop tracking program -- to the tune of some $610,000. As you might recall, there was quite a bit of hubbub earlier this year when students discovered that their school issued computers tended to activate their webcams and shoot the photos back to administrators. Apparently the FBI has decided not to bring any charges in the case after all, and the various families of the students settled with the school district out of court. And yes, the schools have discontinued the tracking program.
EVE Evolved: Death of an Industrialist, part 2
Of all the things that define EVE Online, it's the stories of criminality that stand out the most. The criminal underworld of New Eden is so deeply ingrained in EVE that CCP even made a selling point of it in the latest official trailer. Last week, I began to tell the true tale of one EVE pilot's thirst for revenge and the corporate infiltration techniques he used to get close to his target. In this week's conclusion of the story, Scott's plans for revenge come to fruition. But is Scott really the victim he believes himself to be, or has greed blinded him to what he's doing? If you haven't read part 1 of the story, skip back to read last week's EVE Evolved column before reading on. Newbies again Once in Zeeqo's corp, Scott and his crew began the slow task of setting their target up for a colossal fall. Simply destroying Zeeqo's mining barge could be a swift and fitting retribution, but Scott had a much harsher punishment in mind. Zeeqo would be made to pay for his mistake several times over. The plan for retribution hinged on Zeeqo's weekend freighter runs to Jita, a time at which he flew his most expensive and indefensible ship. This gave the three infiltrators only five days to befriend their target and work out how best to capitalise on his weekly haul.
EVE Evolved: Death of an industrialist
It's often said that the EVE Online universe is a dark and harsh place, the market overflowing with con-artists and the skies filled with pirates looking for some easy prey. The sandbox style of New Eden enables emergent gameplay like market manipulation, corporate infiltration, spying and theft. When faced with the choice, some players choose to be ruthless outlaws who will stop at nothing to further their own goals. Political puppet-masters pull the strings on the alliance war machines from behind the scenes, spies infiltrate corporations to gather intelligence, and thieves plot their way to riches. The latest official game trailer makes a big point of this side of EVE, telling an incredible story of revenge and theft that closely mirrors the reality of New Eden. As if to highlight the point made by the trailer, this week EVE player Bad Bobby confirmed that he'd stolen a total of 850 billion ISK from players in the investment market. Concluding a plan set in motion years ago, Bobby pulled off the theft last week of his supposedly secured Titans4U company. In keeping with this recent theme of theft and corruption, this week's EVE Evolved is a story of revenge, corporate infiltration, social deception and utter destruction. I've embellished the story in places and names have been changed to protect the privacy of all those involved, but the events described are real. In this week's article, I begin to tell the very real tale of an EVE player's revenge -- a precision strike against an industrialist who made one fatal mistake.
No criminal charges in Pennsylvania MacBook spying probe
The Associated Press is reporting that a federal investigation into the possible misuse of webcams on Apple laptops did not find criminal intent. The investigation was at a suburban Philadelphia school district that used special software that wound up covertly snapping images of students who were at home with their school provided MacBooks. The FBI opened the investigation to see if there were violations of federal wiretap statutes or privacy invasions. The school has said the security software had been purchased to track laptops that had been reported stolen, but one student, Blake Robbins, claimed he had been photographed more than 400 times during a two week period on a laptop that had not been reported to be stolen. The dropping of the federal probe does not have any bearing on a civil lawsuit against the Lower Merion School District. Another student has also joined that legal action. The school district issued 2,300 MacBook computers and installed software from LanRev to track stolen laptops. Parents and students were not notified the software was on the laptops. The civil suits allege that students' text messages were intercepted, and they were photographed while sleeping or only partially dressed. The school has since deactivated the anti-theft software.
Lower Merion, PA school district cleared of Federal spying charges, approves new privacy policies
Though a now-infamous Pennsylvania school district admitted to taking thousands of pictures of schoolchildren without their consent, federal investigators have decided not to pursue criminal charges. That doesn't halt a class-action complaint against the district (which charges invasion of privacy and wiretapping) but a US attorney told reporters that FBI and police investigators hadn't found proof beyond a reasonable doubt that school employees had criminal intent to spy on students using their school-issued laptops. On a related note, students returning to Lower Merion for a new school year can set their minds at ease, as the school board just approved a new set of laptop regulations that (among other things) ban remote monitoring of microphones and webcams. Feel free to pick through for technical loopholes at our more coverage link, and let's hope this little LMSD soap opera is finally at an end.
Immigration deports Alexey Karetnikov: Microsoft engineer, alleged Russian spy, loyal Facebook user
The curious case of the Russian spies grows, well, curiouser, as the Washington Post reports that a Microsoft Software Design Engineer named Alexey Karetnikov has recently been ordered out of the country for "immigration violations." According to a government source, Karetnikov had "just set up shop," (spy shop, that is) and the immigration charges were technicalities used to get him out of the country quickly (and without an annoying trial). We just hope that Alexey followed our advice for managing Facebook privacy settings -- it would be terribly ironic if he was exposed to the world through his naive use of the social networking sites.
Alleged Russian spies used WiFi and pre-paid cellphones, got caught anyways
Are the new crop of Russian spies nerds like us? We doubt it (we probably have more in common with Lil Wayne than a certain "Anna Chapman," if that is her real name). How do they do their dirty work, then? Apparently their kit is mostly off-the-shelf: including laptops and flash memory cards. According to the FBI, two of the recently accused perps would meet at a coffee shop in Manhattan every Wednesday, where one would sit inside, while they other passed by in a van. When in range, they would connect over WiFi and transfer encrypted communications over their network. (The FBI was able to sniff this out using commercial software. Had they used ultra-wideband radio, however, the investigator's task would probably have been all but impossible). It's also believed that the spies used pre-paid cellphones to communicate. One such unit, purchased by Chapman, had the following listed for her address: 99 Fake Street. It just goes to show you that all the gadgetry in the world will not protect you from your lack of common sense.
EU Written Declaration 29 wants you to think of the children, hand over all your search results
Oh boy, the EU's back on the crusade path again. This time, the Brussels brain trust has decided it will end pedophilia, child pornography, and other miscreant activities by simply and easily recording everyone's search results. Because, as we all know, Google searches are the central cog by which the seedy underworld operates. Here's how Declaration 29 sees it: Asks the Council and the Commission to implement Directive 2006/24/EC and extend it to search engines in order to tackle online child pornography and sex offending rapidly and effectively. Directive 2006/24/EC is also known as the Data Retention Directive, and permits (nay, compels) states to keep track of all electronic communications, including phone calls, emails and browsing sessions. Describing the stupefying invasion of privacy that its expansion represents as an "early warning system," the European Parliament is currently collecting signatures from MEPs and is nearing the majority it requires to adopt the Declaration. Guess when Google does it, it's a horrible infraction of human rights, but when the EU does it, it's some noble life-saving endeavor. Unsurprisingly, not everyone is convinced that sifting through people's search results will produce concrete crime-reducing results, and Swedish Pirate Party MEP Christian Engstrom puts together a very good explanation of what Written Declaration 29 entails and why it's such a bad idea. Give it a read, won't ya?
Lower Merion, PA school district denouement nears: report denies spying charges
The long, intense saga over in Lower Merion, Pennsylvania -- in which lawsuits were filed alleging that the school district used students' laptops to spy on them -- may be nearing its end. The class action suit was filed back in February claiming that the school district had made use of "unauthorized, inappropriate and indiscriminate remote activation" of webcams in laptops issued to students," with the school countering that it had some security features that allowed the laptops to be tracked in case of loss or theft, but that those features hadn't been used to track students in any way. The case got more complicated of course, with webcam usage allegations, as well as evidence that plenty of photos had been captured by the spy-crazy school district. Well, now an attorney hired by the school district says a report's been released that says there is no evidence of spying on the part of the school district, after all. It's all pretty boring after all the hubbub, and it turns out to be likely that the school was just tracking the laptop (which wasn't actually a school-issued laptop, but a loaner given to a student while his actual unit was repaired) in order to get it back over outstanding insurance fees. Nothing too exciting here, but if you're interested in the rest of the story, hit up those source links.
Thousands of images apparently captured by spying school district, more details revealed
Legal proceedings are getting underway in the case of Philadelphia's Pennsylvania's Lower Merion School District -- you know, the one accused of remotely turning on webcams on its student's laptops inappropriately? We knew that district IT folks enabled the webcams 42 times in total, capturing pictures every 15 seconds, but now we're learning that over 400 images were retrieved of a single sophomore and that there are thousands more of other students. There is also seeming proof of use of the webcams even when laptops were not reported stolen, like when a student failed to pay the school's hardware insurance premiums. The district is apparently not standing behind its two IT employees who had the necessary permissions to enable this remote viewing, technology coordinator Carol Cafiero and technician Michael Perbix, and from what little we can tell now it's not looking particularly good for them. In a deposition Cafiero refused to answer any questions, citing her Fifth Amendment rights, but an alleged e-mail exchange between the two saw Perbix calling the pictures "a little LMSD soap opera," to which Cafiero replied "I know, I love it!" That doesn't sound entirely appropriate... Update: We've received a few comments and e-mails about calling this "Philadelphia's Lower Merion School District" when, in actuality, the school is outside of the city limits, and county limits too, so we've corrected that above. Apparently nobody wants to be associated with these guys.
E-ON Magazine issue 19 hits the shelves
In Autumn 2005, EVE Online became one of the only MMOs out there with its own dedicated print magazine. Under contract from CCP Games, MMM Publishing has worked tirelessly ever since to produce EVE's official magazine "E-ON." Four times per year, we're blessed with a dose of the latest and greatest things from New Eden in a comfortingly solid format. The magazine covers everything from strategy guides and ship fitting advice to sneak peaks at upcoming expansions, interviews with CCP staff and incredible fiction set in the EVE universe. E-ON differs from other game magazines in that they don't any make money from advertising. In an effort to keep the magazine all about EVE, they've taken the unusual but apparently successful route of publishing full-page adverts from in-game corporations and organisations. Advertisers buy space in the magazine with ISK, the in-game currency, and adverts must be for strictly in-game purposes. The ISK is then used to pay volunteer writers, who create most of the magazine's content and produce important things like guides from a true player's perspective. There's even a scheme in the works to reward advertisers with discount coupon codes for the magazine to gift their corpmates. Now nearing their fifth year of publishing, E-ON issue 19 has recently been released. As usual, this issue is absolutely packed full of everything we've come to expect from the mag. Skip past the cut for a run-down of what you can expect in issue 19 of E-ON Magazine.
KDDI concocts snooping mobile phones, line managers rub hands with glee
Sci-fi movies often present us with omniscient villains who are able to track the most minute actions of their underlings and foes. Rarely do we get a glimpse into their surveillance systems, but you have to imagine that some of the more rudimentary "employee evaluation" hardware will not be too far off from KDDI's latest. The Japanese cellphone giant has unveiled a new system, built around accelerometers, that can detect the difference between a cleaner scrubbing or sweeping a floor and merely walking along it. Based on new analytical software, stored remotely, this should provide not only accurate positional information about workers, but also a detailed breakdown of their activities. The benefits touted include "central monitoring, "salesforce optimisation," and improvements in employee efficiency. We're guessing privacy concerns were filed away in a collateral damage folder somewhere.
Spying school district update: remote webcam functionality disabled, two IT monkeys suspended
We're still waiting for all the legal fallout from the Pennsylvania's Lower Merion School District webcam spying case, but more news is slowly trickling out about the whole thing, including the technology that the school used: a remote administration suite called LANrev. An update to the software, releasing this week, will disable the option for admins (or pervy IT workers) to remotely switch on a computer's webcam, hopefully preventing a replay of this situation. Beyond that, two unnamed (possibly pervy) IT workers have been suspended for their involvement in this whole situation. Are they the ones who went too far, or was it their managers who ordered them to do it and are now throwing their dutiful peons to the fire? We may never know the truth, but at least we can now frolic naked in front of our MacBooks without fearing that dreaded green light.
Remote webcam activation now disabled in software that led to controversy at Pennsylvania school
The suburban Philadelphia school being investigated for spying on students using MacBook laptops will lose the ability to turn on the built-in cameras remotely when they update their security software. Absolute Software, new owners of the LANrev remote administration suite (formerly owned and developed by Pole Position GmbH), say they are going to remove the webcam remote activation feature from the software this week. In a note to customers today, the company said: "We know that webcam pictures are an ineffective tool in tracking down the location of a stolen computer. Taking pictures of lawful computer users without their permission, and without law enforcement involvement, is contrary to Absolute's policies and is inconsistent with our existing, more effective product offering." "Based on recent events, we have received many inquiries about TheftTrack from customers who are concerned and who want to ensure their organizations are not involved in a similar incident." As a result, the webcam feature is being removed in all updated versions of the software as of tomorrow. Current customers still have the feature, but they are being advised by the company to get the latest update. Meanwhile, the Philadelphia Inquirer is reporting that two I.T. employees of the Lower Merion School District have been placed on leave while an investigation continues. The incident received national attention when the parents of a Harriton High School sophomore filed a federal lawsuit on February 16, alleging that school officials were activating the iSight cameras built into MacBook computers while students were using the computers at home. The school has said the cameras were only turned on to locate stolen laptops, but several students said they saw the green camera light come on several times on computers that had not been reported stolen. Federal Agents are also investigating, and have asked the school for all records relating to the incident. The school says it has stopped using the software for accessing the webcams remotely. Over the last two years, the district has provided MacBooks to all 2,300 high school students.
Did a Pennsylvania school district use iSight to iSpy?
The FBI and lots of parents want to know if school-issued MacBooks were used to spy on students at a suburban Philadelphia school. Earlier today, a federal judge was asked to stop the school from destroying any records or logs from the 2,300 laptops that were used by high school students that attended Harriton High School in the Lower Merion School District. The district admitted that it activated the iSight cameras to find more than 40 missing student computers. Officials claim that the district is no longer turning the cameras on remotely. Meanwhile, other lawyers are pursuing a potential class-action lawsuit against the district. The FBI is investigating if the school district broke any federal wiretapping or computer intrusion laws. The district noted that students must sign a release when they get the laptops, but the release does not state that the iSight cameras might be activated without the permission or knowledge of the students or their families. The parties met in court today as a judge ruled on the preserving of evidence. Some students say they are now putting tape over the camera and microphone on the laptops to keep school employees from seeing or hearing anything. According to one student involved in the legal action, the controversy began when an Assistant Principal at the school said the student was acting inappropriately at home. The student wondered how the Assistant Principal would know, and that started the investigation. The school district has said that it has not spied on students, but activated the cameras on computers it said were lost or stolen. Creepy.
Spying school district update: turned on webcams 42 times, FBI isn't sure that's legal
Remember the Pennsylvania school district that was accused of remotely flipping on the webcams of students' laptops? As if the civil suit filed on behalf of those students wasn't going to be enough trouble for the Lower Merion representatives, now it seems the FBI wants to know just what's going on, launching an investigation into the practice. For its part the district said that it remotely activated the cams 42 times, and that it only did so with the bestest of intentions: when trying to locate a missing laptop. It would also like to point out that only two employees had the power to flip the switch, and that they only captured images -- never sound. Because, you know, surreptitiously watching your kids is so much less menacing when there's no audio involved.
3G GSM encryption cracked in less than two hours
Looks like all that GSM code-cracking is progressing faster than we thought. Soon after the discovery of the 64-bit A5/1 GSM encryption flaw last month, the geniuses at Israel's Weizmann Institute of Science went ahead and cracked the KASUMI system -- a 128-bit A5/3 algorithm implemented across 3G networks -- in less than two hours. If you must know, the method applied is dubbed 'related-key sandwich attack' where multiple values of known differentials are processed through the first seven rounds of KASUMI, then using resulting quartets that are identified sharing key differences, subkey materials can be obtained in round eight to build up the 128-bit key. Sure, it's hardly snooping-on-the-go at this speed, but worryingly this was only an 'unoptimized implementation... on a single PC.' At the same time, the paper condemns the presumably red-faced GSM Association for moving from MISTY -- a more computationally-expensive but much stronger predecessor algorithm -- to KASUMI. Guess we'll just have to stick with Skype.
GSM call encryption code cracked, published for the whole world to see
Did you know that the vast majority of calls carried out on the 3.5 billion GSM connections in the world today are protected by a 21-year old 64-bit encryption algorithm? You should now, given that the A5/1 privacy algorithm, devised in 1988, has been deciphered by German computer engineer Karsten Nohl and published as a torrent for fellow code cracking enthusiasts and less benevolent forces to exploit. Worryingly, Karsten and his crew of merry men obtained the binary codes by simple brute force -- they fed enough random strings of numbers in to effectively guess the password. The GSM Association -- which has had a 128-bit A5/3 key available since 2007, but found little takeup from operators -- has responded by having a whinge about Mr. Nohl's intentions and stating that operators could just modify the existing code to re-secure their networks. Right, only a modified 64-bit code is just as vulnerable to cracking as the one that just got cracked. It's important to note that simply having the code is not in itself enough to eavesdrop on a call, as the cracker would be faced with just a vast stream of digital communications -- but Karsten comes back to reassure us that intercepting software is already available in customizable open source varieties. So don't be like Tiger, keep your truly private conversations off the airwaves, at least for a while.
Archerfish Quattro video monitoring and recording system now available at Amazon
Cernium's just announced something that should really please the 'I know the cat is putting my stuff on Ebay while I'm at church' crowd. The Archerfish Quattro is a full scale, no messing around video monitoring and recording system that pays attention to the little details while you're not around. Analyzing info in real time, if the Archerfish Quattro spies something funky, it'll send a message to your mobile phone or email. The system is expandable so that you can have as many cameras in the setup as you want (well, up to four), and best of all? It's available at Amazon now, so you can order it without having to leave home -- which you don't want to do yet. It's just not safe. The Archerfish Quattro system can be purchased now for a starting price of $1700. Full PR is after the break.
