Eideard

Internet companies such as Google, Twitter and Facebook are increasingly co-opted for surveillance work as the information they gather proves irresistible to law enforcement agencies…

Although such companies try to keep their users’ information private, their business models depend on exploiting it to sell targeted advertising, and when governments demand they hand it over, they have little choice but to comply…

But the vast amount of personal information that companies like Google collect to run their businesses has become simply too valuable for police and governments to ignore, delegates to the Internet Governance Forum in Nairobi said.

“When the possibility exists for information to be obtained that wasn’t possible before, it’s entirely understandable that law enforcement is interested,” Google’s Chief Internet Evangelist Vint Cerf told Reuters in an interview. “Then the issue would be, what’s the right policy? And that, of course, engenders a lot of debate,” said Cerf…

Demands from governments for Internet companies to hand over user information have become routine, according to online privacy researcher and activist Christopher Soghoian, who makes extensive use of freedom-of-information requests in his work.

“Every decent-sized U.S. telecom and Internet company has a team that does nothing but respond to requests for information,” Soghoian told Reuters…

Soghoian estimates that U.S. Internet and telecoms companies may receive about 300,000 such requests in connection with law enforcement each year…

“Now, one police officer from the comfort of their desk can track 20, 30, 50 people all through Web interfaces provided by mobile companies and cloud computing companies,” he said.

I realize some of my regular readers are already paranoid about what companies like Google and Facebook are doing with the information they gather about users. Anonymized or not.

Now, it’s becoming more and more clear that the cost to governments of tracking your every movement and thought – is a bargain at any price.

U.S. federal agents allegedly allowed the Sinaloa drug cartel to traffic several tons of cocaine into the United States in exchange for information about rival cartels, according to court documents filed in a U.S. federal court.

The allegations are part of the defense of Vicente Zambada-Niebla, who was extradited to the United States to face drug-trafficking charges in Chicago. He is also a top lieutenant of drug kingpin Joaquin “Chapo” Guzman and the son of Ismael “Mayo” Zambada-Garcia, believed to be the brains behind the Sinaloa cartel…Zambada-Niebla claims he was permitted to smuggle drugs from 2004 until his arrest in 2009…

According to the court documents, Mexican lawyer Humberto Loya-Castro, another high-level Sinaloa cartel leader, had his 1995 U.S. drug-trafficking case dismissed in 2008 after serving as an informant for 10 years for the U.S. government…

“Loya himself continued his drug trafficking activities with the knowledge of the United States government without being arrested or prosecuted,” the court documents state.

Just get the same sleazy lawyers that helped Ollie North get beyond his “Drugs for Guns” conviction. The courts will roll over. The DEA, the FBI and the rest will continue corrupt policies untouched.

Police in the United States and seven other countries seized computers and servers used to run a “scareware” scheme that has netted more than $72 million from victims tricked into buying fake anti-virus software.

Twenty-two computers and servers were seized in the United States and 25 others in France, Germany, Latvia, Lithuania, the Netherlands, Sweden and the United Kingdom…

The suspects involved in the scheme, who were not identified, planted “scareware” on the computers of 960,000 victims. The scareware would pretend to find malicious software on a computer. The goal is to persuade the victim to voluntarily hand over credit card information, paying to resolve a nonexistent problem.

Latvian authorities seized at least five bank accounts believed to have been used by the leaders of the scam…

U.S. authorities also said…they disrupted a second scam, charging two Latvians with running a similar scareware scheme that led to $2 million in losses through an advertisement placed on a Minnesota newspaper’s website…

Law enforcement officials would not confirm whether the seizures were directly connected to a raid early on Tuesday morning at a web-hosting company in northern Virginia where they took servers, a move that disrupted more than 120 websites.

U.S. authorities have been more aggressive this year in trying to stem cybercrime and have been scrambling to investigate several hacking attempts on U.S. institutions and corporations.

I know there’s no patch for stupid; but, it seems possible – since there have already been a few examples in the field – for the FBI to place software on a few compromised machines and trace back control of botnets to criminal sources.

Grab and incarcerate the crooks – and throw away the key.

Sony lost $450 million last year – paid Stringer $4.5 million + stock options
Daylife/Reuters Pictures used by permission

Sony PlayStation gamers expressed shock and disappointment on Wednesday at a massive data hack in which their names, addresses and credit-card details might have been stolen from the PlayStation Network.

Shoppers at London video-games stores said they might leave the network, PSN, which allows them to play games with 77 million other members and buy games online, while some gamers writing in online forums called for a boycott of Sony products…

Sony warned earlier that unidentified hackers had stolen the personal details of its 77 million user accounts, in one of the biggest-ever Internet security break-ins.

The Japanese electronics giant advised users, almost 90 percent of whom are based in Europe and the United States, to change any common passwords they also used for other services.

It said children with accounts established by their parents might have had their data exposed.

“If you think the gamers are pissed over at playstation blog, wait until the Mums get wind of this,” wrote senior member barrybarryk on the PS3news.com online forum…

Sony pulled the plug on the network eight days ago but did not tell the public about the stolen data until Tuesday.

Phew! I don’t know of any industry guaranteed safe from attack. I have some experience with procedures that appear to work – when enforced with diligence and consistency. I’m not certain about any IT departments other than those I personally could vouch for, though.

Oh yeah – just discussing this with another geek in the family – remember all the crap that’s happened at Sony from the closing of research centers to failed security to snooping on users has happened on Stringer’s watch.

We will keep you safe!

Following last week’s massive Epsilon e-mail breach, it feels as if all of us suddenly have a little too much personal information floating around online. And now, a large group of Texans are about to have it a lot worse: the state revealed Monday that personal information for 3.5 million citizens has been exposed to the public, including names, addresses, Social Security numbers, and more.

According to Texas State Comptroller Susan Combs, the data wasn’t exposed by a hacker or a group of vigilante scriptkiddies—it ended up on a state-controlled public server after having been passed around between various state agencies. The data came from the Teacher Retirement System of Texas, the Texas Workforce Commission, and the Employees Retirement System of Texas, all of whom transferred the unencrypted data (against state policy) between January and May of 2010. The information was only discovered on the public server on March 31, 2011, meaning it has been available for almost a year.

… In addition to the aforementioned personal information, Combs said that other data, like date of birth and driver’s license numbers had been exposed “to varying degrees.” Additionally, “all the numbers were embedded in a chain of numbers and not in separate fields”—good if only lazy “hackers” accessed the file, but bad because it ensures that the appropriate data is matched with other data from the same person.

Combs emphasized that numerous internal procedures were not followed, and that her office had been in contact with the Texas Attorney General in order to conduct an investigation into the exposure…

If it’s like most investigations of this type, some poor file clerk will be blamed and walloped.

Unfortunately for those whose data was exposed by the state of Texas, it won’t just be a matter of beefing up their spam filters or making sure not to click links from unverified parties. The comptroller’s office advises that affected individuals should put a fraud alert on their profiles with all the major credit reporting agencies and to carefully monitor all of their accounts for cases of identity theft…Texans whose data was exposed will be notified by letter, or they can call (855) 474-2065 starting April 12 to find out early.

That should make everyone feel all toasty and safe again. The Texas government is on the job.

USB memory stick found in parking lot

Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people’s private details. The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets.

An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost.

Users trying to log on to the site yesterday were met by the message: ‘The Government Gateway is temporarily offline. We apologise for any inconvenience. Normal service will be resumed as soon as possible.’

This year alone, 1.8 million people have submitted their tax returns on the system.

Members of the public registering for the service have to provide their personal details, which can include names, addresses, wages, National Insurance numbers and credit card details.

It’s not just that the British Government’s security protocols were obviously designed by the Looney Party. They’ve made it clear they can screw up just about anything – and will.

Here in the states, at least we can count on corruption and cronyism to give us a hint of what to watch for. Incompetence leaves every possible door open for screw-ups.

Google must divulge the viewing habits of every user who has ever watched any video on YouTube, a US court has ruled. The ruling comes as part of Google’s legal battle with Viacom over allegations of copyright infringement.

Digital rights group the Electronic Frontier Foundation (EFF) called the ruling a “set-back to privacy rights”.

The viewing log, which will be handed to Viacom, contains the log-in ID of users, the computer IP address and video clip details.

The EFF said: “The Court’s erroneous ruling is a set-back to privacy rights, and will allow Viacom to see what you are watching on YouTube.

Don’t we all trust Viacom?