Posts Tagged ‘Tech-policy’

Google, target of worldwide surveillance and takedown requests

28 Jun

Google continued to demonstrate its commitment to transparency on Monday by releasing fresh statistics on the number of times it has disclosed private user data to a government, or removed content at government request. The country-by-country report covers the second half of 2010.

During that period, the United States was the top requester of user information (4,601 requests), while Brazil was the leader in takedowns, with 263 requests leading to the removal of 12,363 items.

Read the rest of this article...

Read the comments on this post


“Anonymous” attacks Sony to protest PS3 hacker lawsuit

04 Apr

The hacker hordes of Anonymous have transferred their fickle attention to Sony. They are currently attacking the company's online Playstation store in retribution for Sony's lawsuit against PS3 hacker George Hotz (aka "GeoHot"). A denial of service attack has temporarily taken down

In a manifesto announcing the new operation, Anonymous railed against Sony for going after coders who seek to modify hardware that they own. The lawsuits are an "unforgivable offense against free speech and internet freedom, primary sources of free lulz (and you know how we feel about lulz)."

"Your corrupt business practices are indicative of a corporate philosophy that would deny consumers the right to use products they have paid for and rightfully own, in the manner of their choosing," continues the pronouncement. "Perhaps you should alert your customers to the fact that they are apparently only renting your products? In light of this assault on both rights and free expression, Anonymous, the notoriously handsome rulers of the internet, would like to inform you that you have only been 'renting' your web domains. Having trodden upon Anonymous' rights, you must now be trodden on."

Anonymous is rallying participants to voluntarily contribute to the denial of service attack on Sony. That attack is continuing, and it appears to be far more successful than recent hits on Angel Soft toilet paper. In Anonymous chat rooms, participants bash Sony but worry about how their actions will be perceived. "Guys, you need to talk to the gamers and explain to them that this does not affect their gameplay," wrote one.

Some even hope to take credit for a small drop in Sony's stock price: "We're already causing sony stock to drop!!!"

While most Anonymous attacks remain online-only hacks or protests, Operation Sony will feature a real world component. On April 16, Anonymous wants people to gather at their local Sony stores to complain in person—no doubt leading participants to rummage through their closets in order to dig out the old Guy Fawkes mask.

Read the comments on this post


Feature: Anonymous speaks: the inside story of the HBGary hack

15 Feb

It has been an embarrassing week for security firm HBGary and its HBGary Federal offshoot. HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group's actions, including the denial-of-service attacks that hit MasterCard, Visa, and other perceived enemies of WikiLeaks late last year.

When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating. HBGary's servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced. As an added bonus, a second site owned and operated by Greg Hoglund, owner of HBGary, was taken offline and the user registration database published.

Over the last week, I've talked to some of those who participated in the HBGary hack to learn in detail how they penetrated HBGary's defenses and gave the company such a stunning black eye—and what the HBGary example means for the rest of us mere mortals who use the Internet.

Read the rest of this article...

Read the comments on this post


Senator: New net neutrality plan worse than “doing nothing at all”

16 Dec

We're five days and counting from the Federal Communications Commission issuing new net neutrality rules. Nobody beyond insiders at the agency has seen the draft Order in question. But Senator Al Franken (D-MN) has a message for the Commission. If the Order exempts wireless broadband from any nondiscrimination provisions, it might be better to put the whole matter off.

"I am very worried that the draft Order does not do enough to preserve that openness," he wrote to FCC Chair Julius Genachowski. In fact, as presently written, it could do "more harm than doing nothing at all."

Read the rest of this article...

Read the comments on this post


How the FBI nabbed a Russian spam king in Las Vegas

02 Dec

On October 30, Oleg Nikolaenko flew from his home in Moscow to JFK airport, and then on to Las Vegas. He checked in to the Bellagio Hotel, where he attended the Speciality Equipment Market Association car show, a show he had attended last year as well.

Bad move—because the feds nabbed him in Vegas just before the show ended, leaving his wife and young son back in Russia. At a November 4 hearing before a judge in Las Vegas, Nikolaenko needed a Russian interpreter and a public defender, but it didn't take much interpretation to see that he wasn't about to go free. That's because Nikolaenko was one of the biggest spammers in the world.

Nikolaenko doesn't come across in court documents as a man who learns his lessons well. He's allegedly one of the parties behind the Mega-D botnet, at one time "the largest botnet in the world, accounting for 32 percent of all spam," according to the FBI.

Yet he keeps coming to the US. When he was in Vegas for the 2009 car show, a security firm called FireEye actually managed to cripple Mega-D by shutting down its US-based command and control servers and redirecting much of the botnet traffic to "sinkhole" locations. Nikolaenko, poor guy, had to leave the US two days early to "repair the damage caused by FireEye."

Nikolaenko's home outside Moscow

So how did the FBI get its man this time around? By busting the US-based distributor of fake Rolex watches who used Mega-D to send a good chunk of his spam. That led them on a trail that culminated in ePassporte, a money transfer service, and they found Nikolaenka's name and e-mail addresses attached to his account.

Nikolaenko had made another mistake: the e-mail accounts were Gmail addresses, and it was no trouble at all for the US to get a subpoena, forcing Google to cough up the account information. FBI agents found copies of the botnet software and much else of interest among the e-mails.

With what they needed in hand, they waited—and it didn't take long for Nikolaenko to enter the US again at JFK. A few phone calls later and he was located at the Bellagio in Vegas. The FBI obtained and then executed an arrest warrant, and now Nikolaenko faces CAN-SPAM Act charges in, of all places, Milwaukee (where the FBI agent tracking him was located).

Read the comments on this post


Price shocks waiting as US abandons helium business

05 Jul

Robert Richardson got a Nobel Prize for creating the first superfluid, a Bose-Einstein condensate comprised of chilled helium. But he started his talk at the Lindau Nobel Laureates Meeting by announcing that he'd be focusing purely on science policy—policy related to his work, given that the policy in question is the one that governs much of the world's stockpile of helium.

Because of how the US is privatizing its stock of the gas, prices are artificially low, which is encouraging a pattern of consumption that may leave us without significant supplies of the gas midway through the century.

Inert but interesting

Why is that significant? Richardson started by describing helium's more interesting properties, which are key to its commercial use. These include its chemistry—his slide led with the text, "helium has no chemistry; it is a mere placeholder between hydrogen and lithium on the periodic table." Being completely inert may seem rather dull, but for industries that work with highly reactive materials, this absence of chemistry can be essential.

Read the rest of this article...

Read the comments on this post


Slashing the federal IT budget: can someone (please) help the FBI?

30 Jun

What is it with the FBI and overspending? Back in January 2008, the Office of the Inspector General released a damning report on the Bureau's gross mismanagement of its finances, noting that in many cases phone companies had shut down wiretaps because the FBI wasn't paying its bills. 

In our coverage of the OIG report, we noted, "The FBI's $170 million Virtual Case File system upgrade was so dysfunctional that it had to be completely scrapped. The agency's latest upgrade attempt, a project called Sentinel, is expected to cost $425 million and will supposedly be operational in 2009." 

Well, it's 2010 and not only is Sentinel not operational and over budget, but Politico reports that the program could get caught up in outgoing Office of Management and Budget director Peter Orszag's IT cost-cutting crusade.

In a blog post on the White House site, Orszag announced a series of actions aimed at updating and downsizing federal IT spending. The first order of business is a freeze on all financial system modernization projects, which Orszag describes as "an area of persistent problems."

"For instance," he writes, "the Department of Veterans Affairs (VA) has invested over $300 million in two financial system projects over the past 10 years. The first project ended in failure and no operational capability has been realized with the second."

Again, we're reminded of the FBI's Trilogy project, which was launched in 2000 to update the agency's IT infrastructure but which failed in 2005. Sentinel is Trilogy's successor, and so far it's not looking good.

All told, Orszag plans to cut $20 billion from the federal IT budget. When combined with the $30 billion he plans to trim via datacenter consolidation, he'll save just enough to pay a little over two months of interest on the national debt. Hey, every little bit helps.

Read the comments on this post