Tag: US

US banks finally adopt mark of the beast

Card-fraudUS banks have finally twigged that the reason they keep losing money to credit card theft is because they insist on being the last bastion of low tech cards.

Given the fact that the free market is supposed to decide the best form of technology to defend its transactions, the US banks have been dragging their collective trotters adopting the EMV standard.

Meanwhile in Europe, the birthplace of Europay, MasterCard and Visa (EMV) standard there is a low amount of credit card fraud while in the US it is incredibly high.

Now the US is finally making the transition to secure cards based on the European EMV standard, mostly because the liability shift imposed by the three big credit card brands — Visa, MasterCard and American Express — will start on October.

If the merchant is EMV compliant and has a POS system equipped to read EMV cards, and the card is not, because the financial institution has not started issuing them yet — effectively forcing the merchant to run your card on the magnetic stripe reader — then the bank or credit card issuer has to pay for the misuse of the card.

If the issuer has upgraded to EMV by sending chip cards to its cardholders, but the merchant has not upgraded their point of sale to accept them, the retailer bears the cost for counterfeit fraud.

While all this is a pain for the banks and retailers, it is widely accepted in the US that something has to be done. A wave of data breaches that has hit major retailers such as Target and Home Depot, among others, has convinced many card issuers that the expense of sending new cards fades in comparison to the consequences of new data breaches. It will probably take another three years for full adoption.

Some analysts expect fraud to increase this year, as thieves will step up their efforts to capture more credit card details before the EMV conversion starts to take a grip on their bottom line.

It is unclear why the US has been so slow in adopting the chips, one reason might be the fact that their parts of the US which may refuse to use them because of religious reasons.  Parts of the bible belt believe that the move to such technology is a sign of the “end times” and that any electronic transactions are the same as the “mark of the beast” of revelation.

US spooks hide in hard drives

spyIf you own hard-drives made by Western Digital, Seagate, and Toshiba all your data could have been seen by US spooks.

According to Kaspersky Lab, the US National Security Agency figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba, IBM, Micron and Samsung.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

The Russian outfit did not name the US as the country behind the software, but said it was closely linked to Stuxnet, which was a NSA-led effort.

A former NSA employee told Reuters that Kaspersky’s analysis was correct, and that people still in the spy agency valued these espionage programmes as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives.

Kaspersky published the technical details of its research on Monday, a move that could help infected institutions detect the spying programs, some of which trace back as far as 2001

The announcement could lead to a backlash against Western technology, in countries such as China, which is already drafting regulations that would require most technology suppliers to provide copies of their software code for inspection.

Kaspersky said the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.

Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.

The information was news to Western Digital, Seagate and Micron who said it was the first they had heard of it. Toshiba and Samsung declined to comment and IBM just ignored hacks requests.

Microsoft offers start ups Azure credits

Pic Mike MageeMicrosoft has launched a package to lure start-ups and SME’s to its Azure profile by offering them $500,000 in Azure credits. 

The deal, announced by partner Y Combinator, is only available to Y Combinator-backed companies and will be offered to the 2015 Winter and future batches.

It seems that Microsoft is following Google, AWS and IBM which already offer incentives for start-ups to join them.

Microsoft is giving Y Combinator start-ups a three years Office 365 subscription, access to Microsoft developer staff and one year of free CloudFlare and DataStax enterprise services.

It is starting to look like Microsoft is getting more aggressive in its competition with Amazon Web Services and Google, both of whom already offer credits and freebies.

Amazon offers $25,000 in AWS credits and other freebies, while Google offers $100,000 in Google platform credits and IBM offers $120,000 in credit for SoftLayer infrastructure of BlueMix PaaS.

Writing in his company’s bog Sam Altman said that this brings the total value of special offers extended to each YC company to well over $1,000,000. “The relentless nagging from partners to grow faster we throw in for free,” he said.

It is likely that the YC deal is the first of many which will be rolled out worldwide to Microsoft’s partners.

 

Obama joins British calls for encryption back-doors

 revolutionPresident Barack Obama and British Prime Minister David “One is an Ordinary Bloke” Cameron are singing from the same hymn sheet when it comes to the matter of encryption.

Obama has issued a statement that he can’t see why police and spies should not be locked out of encrypted smartphones and messaging apps.  Clearly he has not been paying much attention to the Snowden affair where it appears that the lack of encryption gave US and UK snoops huge powers over the lives of the great unwashed, while not making much difference to terrorists or criminals.

Apple, Google  and Facebook  have introduced encrypted products in the past half year that the companies say they could not unscramble, even if faced with a search warrant. That’s prompted vocal complaints from spy chiefs, the Federal Bureau of Investigation and British Prime Minister David Cameron.

In fact Obama’s comments came after two days of meetings with Cameron, and were made with his loyal lapdog at his side.

“If we find evidence of a terrorist plot… and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem,” Obama said.

He insisted that US tech-giants are on the side of the spooks.

He said that “They’re patriots.”  Standing next to a British Prime Minister claiming that people who are publically claiming they are working to stop UK and US spooks are actually working for them is a hugely ironic piece of disinformation.

Google, Apple and Microsoft have spent a fortune encrypting links to their networks to keep “tyranny” out. If they are patriots then they are unlikely to side with the British, if US history is anything to go by.

In the US, governments have long been able to access the contents of electronic communication, including phone calls, consumer email and social media, with warrants, through wiretaps and from technology companies themselves.

But the law that governs these practices is dated and doesn’t mandate tech firms incorporate such features into modern apps.

The president wants a technical way to keep information private, but ensure that police and spies can listen in when a court approves. He is on a hiding to no-where with this one. Bill Clinton tried for a “clipper chip” that would allow only the government to decrypt scrambled messages.

Security experts have long argued such systems would tigger anti-hacking tools, leaving computers exposed. An encryption algorithm with a master key, it is inherently weaker because it’s possible for an outsider to steal that master key and crack the code.

What is worrying about this particular transatlantic accord is that the UK is more likely to get it into law than the US.

Security experts have warned that you can’t have secure systems with backdoors and that if you bring in such rules you will be making it easier for terrorists to take control of systems.

 

UK pledges to increase snooping with US

spyThe UK and the US are using the massacres in Paris as a pretext for “increasing co-operation” on snooping on internet users.

Prime Minister David “one is an ordinary bloke” Cameron said the two countries will set up “cyber cells” to share intelligence and conduct simulated attacks to test the defences of organisations such as banks.

Cameron is visiting Washington to tell them how to sort out their economy and security, and is due to have a second meeting with President Barack Obama today.

Cameron said that the two countries had  hugely capable cyber defences and the expertise and that is why they  should set up cyber cells on both sides of the Atlantic to share information, Cameron said.

The cooperation between Britain’s GCHQ eavesdropping agency and the US National Security Agency will include joint war games, with the UK providing the Games Workshop figures and the US providing the rules, the polyhedral dice and the joints.

The first exercise later this year to involve the Bank of England and commercial banks in both the City of London and Wall Street. It is not clear who will be exercising but if you ask any bankers we have seen to do a push up the body bag count will be high.

“This is a real signal it is time to step up the efforts and to do more,” said Cameron.

The British leader said he also planned to discuss with Obama how the two countries could work more closely with big Internet companies such as Facebook and Google to monitor communications between terror suspects. This is of course something that Facebook and Google want nothing to do with, so chances are he will be talking about bringing in laws to force them.

One thing Cameron has not answered is that if the UK and US have such wonderful cyber ability and resources, how did the Paris attacks actually happen? It seems that the more snooping powers that the UK and the US demand, the less effect it has on the goal of preventing terrorism.

Microsoft accuses US of double standards

janus1Software giant Microsoft has accused the US government of operating a system of double standards when it comes to snooping on other countries.

Microsoft’s executive Vice President and General Counsel, Brad Smith said that by demanding companies hand over customer data stored overseas the US government was operating a double standard that it would not accept from other countries.

Writing in his blog, Smith said: “Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany. They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter’s box with a master key, rummage through it, and fax the private letters to the Stadtpolizei.”

Microsoft has applied to the US Second Circuit Court of Appeals in its ongoing case challenging a US government search warrant for customer data stored in Ireland. Microsoft filed the appeal after a US district court judge rejected the company’s argument that the warrant is illegal because it calls for the seizure of emails stored outside the United States.

If the situation was reversed the US government would be furious if a foreign government attempted to sidestep international law by demanding that a foreign company with offices in the United States produce the personal communications of an American journalist.

He pointed out that the Secretary of State would fume that he or she was outraged by the decision to bypass existing formal procedures that the European Union and the United States have agreed on for bilateral cooperation.

And then, if the Germans had responded the way the US had done,  they would claim that they did not conduct an extraterritorial search – in fact we didn’t search anything at all.

“No German officer ever set foot in the United States. The Stadtpolizei merely ordered a German company to produce its own business records, which were in its own possession, custody, and control. The American reporter’s privacy interests were fully protected, because the Stadtpolizei secured a warrant from a neutral magistrate,” Smith said.

That would not satisfy the Americans because the documents held by the foreign company for safekeeping are private letters, not business records.

“And any attempt to take possession of those letters through a warrant – even one served on the company entrusted with those letters – would constitute a seizure by a foreign government of private information located in another country,” Smith wrote.

As far as the US Government is concerned, your emails become the business records of a cloud provider. Because business records have a lower level of legal protection, the Government claims it can use a different and broader legal authority to reach emails stored anywhere in the world.

US tech snooping is a trade barrier

 shoe phoneThe US government’s mass surveillance of the whole world has become a trade barrier for European Internet companies trying to provide services in the United States, a top EU official claims.

Paul Nemitz, a director in the European Commission’s justice department said that US citizens are deterred from using European e-mail providers because they do not get the same protection as they would by using US providers, said

Laws which empower the NSA to basically grab everything which comes from outside the United States, is a real trade barrier to a European digital company to provide services to Americans inside America.

Nemitz, who is overseeing an overhaul of the EU’s 20-year-old data protection rules, told a conference on data protection in Paris that an American in the United States using a European service does not have the same level of protection as he would if he used an American service.

Using a European service, his communication is transmitted outside the United States, so it is subject to interception.

The comments underscore the widespread unease within Europe about access to people’s data by both security services and companies. They also come at a time when Brussels and Washington are renegotiating a data-sharing agreement – called Safe Harbour – used by over 3,000 companies.

The Safe Harbour agreement makes it easier for US companies to do business in Europe by certifying that their handling of user data meets EU data-protection laws.

The EU wants Washington to guarantee that it will only access Europeans’ personal data for national security reasons when it is strictly necessary, as it does with US citizens’ data.

Meanwhile the EU is also negotiating a new pan-European data- protection law which would impose stiff fines on companies mishandling personal data in Europe.

Companies in both the United States and the EU have lobbied against some parts of the new rules, arguing that they will impose too much red tape on businesses.

US splashes out on two more supercomputers

15013The US is going to spend $325 million on two new supercomputers, one of which may eventually be built to support speeds of up to 300 petaflops.

Deeply embarrassed by the fact that China has been ruling the super computer league tables for a while now, the US government is taking steps to unseat them from the top.

The US Department of Energy, the major funder of supercomputers used for scientific research, wants to have the two systems, each with a base speed of 150 petaflops, possibly running by 2017. Going beyond the base speed to reach 300 petaflops will take additional government approvals.

The DOE also announced another $100 million in “extreme” supercomputing research spending.

The funding was announced at a press conference at the US Capitol attended by lawmakers from both parties.

The two systems, which will be built at the DOE’s Oak Ridge and Lawrence Livermore National Laboratories, “will ensure the United States retains global leadership in supercomputing”.

Republican Chuck Fleischmann said, supercomputing was one of those things that that the US could step up and lead the world again,” he said. The Oak Ridge lab is located in his state.

Republican Bill Foster warned that the US’s technology lead is not assured and he blamed that most chip making was done over overseas.

Foster believed there is good bipartisan support for supercomputing research, but the research may face a problem if GOP budget proposals in the House slash science funding by double-digit percentages.

The US government is under pressure to abandon science funding because some constituents think it is better that people learn more about Jesus.

China has the top-ranked system, the Tianhe-2, at about 34 petaflops, and Japan and Europe have major investments underway in this area.

The new system to be built at Oak Ridge will be called the Summit. It will use about 10 megawatts of power, which is close to the power usage of Oak Ridge’s existing supercomputer, the Titan, which is ranked No. 2 in the world. The Summit will run five times faster than the Titan, despite using the same amount of power.

The new system to be built  at the Lawrence Livermore lab in California will be known as Sierra.

These systems will use IBM Power CPUs and Nvidia’s Volta GPU, the name of a chip still in development.

Motorola discovers US does not rule the world

courtroom_1_lgIt appears that Motorola’s US court case against several Asian suppliers for alleged price fixing is coming unstuck.

A US appeals court appeared sceptical of mobile phone maker Motorola Mobility’s attempt to sue  AU Optronics, Chunghwa Picture Tubes, HannStar Display, LG Display, Samsung, Samsung, Panasonic, Sanyo, Sharp and Toshiba.

A three judge panel of the 7th US Circuit Court of Appeals questioned whether the allegations had enough connection to the United States to be heard in US courts.

Motorola Mobility is now a unit of China’s Lenovo Group, but it sued the suppliers in Chicago federal court in 2009, saying some of its subsidiaries had overpaid for liquid crystal display screens because of a conspiracy in Asia. Some screens entered the US market, the lawsuit said.

Judge Richard Posner, a member of the appeals panel, pointed out that Motorola treated the foreign subsidiaries as separate for tax reasons, but for antitrust purposes, they are seen as part of Motorola.

Motorola Mobility lawyer Thomas Goldstein said the company should be able to sue under US law because a former Chicago-based parent negotiated its supply contracts.

Lenovo bought Motorola Mobility in October for $2.91 billion from Google which had bought it in 2012. Motorola Mobility says it paid the LCD makers more than $5 billion from 1996 to 2006.

The appeals court ruled against Motorola Mobility in March but agreed to hear the case again after the Obama administration said the ruling threatened its ability to prosecute global price fixing.

The US Justice Department, whose investigation of global LCD price-fixing led to more than $1.3 billion in criminal fines, asked the court to find that the conspiracy directly affected US commerce.

Belgium and Japan filed briefs criticising the reach of US antitrust law and urging the court to rule for the suppliers.

Chinese hack US post

postman_file_640_4806bc074ad1dChinese government hackers are suspected of breaching the computer networks of the United States Postal Service, compromising the data of more than 800,000 employees — including the postmaster general.

According to the FBI, the intrusion was discovered in mid-September, said officials, who declined to comment on who was thought to be responsible.

The announcement comes just as President Barak Obama arrived in Beijing for high-level talks with his counterpart, President Xi Jinping.

China has consistently denied accusations that it engages in cybertheft and notes that Chinese law prohibits cybercrime. But China has been tied to several recent intrusions, including one into the computer systems of the Office of Personnel Management and another into the systems of a government contractor, USIS, that conducts security-clearance checks.  Of course the US spooks have been doing the same thing in China, so it is a matter of all is fair in love and cold war.

The only question is why did the Chinese spooks think that hacking a the postal service was a good idea.

Postmaster General Patrick Donahoe said in a statement that it was an unfortunate fact of life these days that every organisation connected to the Internet is a constant target for cyber intrusion activity. “The United States Postal Service is no different. “Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data,” he said.

The compromised data included names, dates of birth, Social Security numbers, addresses, dates of employment and other information, officials said. The data of every employee were exposed.

No customer credit card information from post offices or online purchases at usps.com was breached, officials said.

While the OPM and USIS breaches involved data of people who had gone through security clearances and so could be useful to a foreign government seeking to gain access to individuals in sensitive government work, it is not clear why Postal Service employees would be of such interest.

FCC leaks terrible net neutrality decision

face-palmThe US FCC was expected to bow to public pressure and allow some semblance of net neutrality in the Land of the Free.

It was to be a brave move – after all a huge chunk of the FCC has connections with phone companies and the watchdog is widely seen as being in the telco pockets.

But the problem was that a huge chunk of the American public had told the FCC that they did not want the telcos strangling their bandwidth or making them pay extra for a reasonable service. In fact, more than four million Americans made it clear to the FCC that they were not going to stand for this thing.

However a new leak shows that the FCC is considering a proposal which it is called a hybrid proposal. It would expand the FCC’s powers to regulate broadband while also allowing cable providers to charge more money for fast lanes.

The “hybrid” proposal now under consideration has not been finalised but according to media leaks and discussions with interested parties they would expand the FCC’s powers to regulate broadband while also allowing a carve out for cable providers to charge more money for fast lanes. However, the rules will only allow the FCC to intervene to promote competition.

The idea is that would not upset the comms companies because they would be allowed to do what they like.

All those people who voted against such a scheme are a little miffed. Apparently, they thought if enough people voted against such a scheme the US government would have to listen. After all the US is supposed to be a democracy and follow the will of the majority and not corporates.

Apparently not.

Protesters having been gathering outside the White House and in a dozen US cities to demonstrate against a “hybrid” solution now being considered to end a stalemate over regulating the internet.

 

US spectrum launch delayed

LPSpectrumThe chance of the US leading the world when it comes to hi-spec mobile networks were put on ice by its regulatory authority.

The FCC has delayed the incentive auction and has prompted the agency to push the spectrum swap until 2016 thanks to a legal challenge.

The National Association of Broadcasters (NAB) started the court case because the incentive auction could hurt TV stations that choose not to participate in the auction.

Final briefs in the case are not due until late January 2015, meaning a decision is probably not likely until mid-2015.

An FCC spokesman said it was confident it wouldl prevail in court, but given the reality of that schedule, the complexity of designing and implementing the auction, and the need for all auction participants to have certainty well in advance of the auction, a delay is necessary.

The spectrum auction will allow broadcasters to sell their unused spectrum to mobile carriers and get a cut of the purchase price. NAB has been cautiously supportive of the move, but the group’s lawsuit says that the FCC is not providing adequate protection for broadcasters who decline to participate.

NAB said it was not its narrowly focused lawsuit which was the cause for delay. NAB Executive Vice President of Communications Dennis Wharton said the  NAB has said repeatedly, it is more important to get the auction done right than right now. Given its complexity, there is good reason Congress gave the FCC 10 years to complete the proceeding.

EU might suspend data agreements with the US

Russia-State-Cultural-Ideological-Policy-Weapon-West-US-Europe-Bodhita-NewsThe EU Justice Commissioner  is considering suspending a commercial data-sharing agreement between the European Union and the United States if Washington  doesn’t stop spying.

Vera Jourova said in written answers to EU lawmakers that the so-called Safe Harbour agreement allowing companies to transfer personal data to the United States could be suspended if negotiations between Brussels and Washington go nowhere.

Jourova said that suspension was an option on the table for me, but we are not yet there.

Under the EU’s strict data protection laws, companies may only transfer personal data outside the 28-member bloc if a country is deemed to have adequate safeguards for that data. Only a handful of countries worldwide meet the required standards and the US is not one of them.

In 2000 the EU adopted a Safe Harbour agreement under which US companies certify themselves that they meet the EU’s data privacy standards.

However the agreement was rendered a joke after last year’s revelations about mass US surveillance programs involving EU citizens which showed that  US technology companies were just handing over data to spooks.

And if negotiations with the US are tough now, it is expected that things will get worse when Jan Philipp Albrecht of the Greens group takes over  in November as the new Justice Commissioner. The Greens have no love of the US’s spying antics.

More than 3,246 companies were certified under Safe Harbour, including Google and Facebook.

The Commission announced a review of Safe Harbour in November last year after former U.S. National Security Agency contractor Edward Snowden revealed details of Washington’s eavesdropping on Europeans’ phone calls, including those of German Chancellor Angela Merkel.

The Commission gave Washington a 13-point list of issues to address before it would put forward a revised data sharing agreement. One of them was that the US would use the national security prerogative to access Europeans’ data only when strictly necessary and in response to a specific threat.

Apparently this is causing a problem because the US sees everyone as a threat, even loyal allies.

Jourova asked for more time to continue working in a constructive spirit with the United States building on the progress made so far. Theoretically, the Commission could roll over and allow the US to have its wicked way with Europe, but it is likely that the European Parliament would throw its toys out of the pram if it did so. Most feel that the Commission is a US lapdog and it is about time it gave the land of the Free a Chinese burn until it stops being such an international douche.

US more likely to hack you than the Chinese

1220aTwo security experts, Jordan Robertson and Greg Martin set up an online honey pot to see which country was more  like to attack it and was surprised to discover that the US was more likely to be an aggressor than the Chinese.

Writing for Bloomberg, the pair  wanted to find a way to show the global nature of attacks against industrial-control systems used in electrical grids, water systems and manufacturing plants. For obvious reasons, attacks against critical infrastructure are among the biggest concerns in cyber-security.

Martin and Robertson  configured the honeypot to look like an enticing industrial-control computer to hackers and traced who attacked it.

The fake control systems were made to look like they were located in the U.S., the U.K., Amsterdam, Brazil, Tokyo and Singapore. The pair wanted a variety of locations to show that systems everywhere are under attack.

Over a three month period, the US was by far the biggest source of attack traffic, trying to hit the honeypot more than 6,000 times, nearly double China with 3,500, Russia, more than 2,500.

The Dutch and France were also carrying out statistically significant amounts of attacks on the honeypot.

The attacks were mostly reconnaissance missions, in which hackers often use less obfuscation, Martin said. However, it does mean that the idea of China being the leading hacking country is a myth and that crown belongs to the United States, which appears to have a policy of hacking everyone.

US confirms Chinese government behind hacks

1220aA US Senate panel has ruled that hackers associated with the Chinese government have repeatedly infiltrated the computer systems of US airlines, technology companies and other contractors involved in the movement of US troops and military equipment.

The Senate Armed Services Committee’s year-long probe found the military’s US Transportation Command, or Transcom, was aware of only two out of at 20 such cyber intrusions within a single year.

It found gaps in reporting requirements and a lack of information sharing among US government bodies which left the US military oblivious to the computer compromises of its contractors.

Democratic Senator Carl Levin of Michigan, the committee’s chairman was keen to focus on the Chinese hackers rather that the big defence industry’s cock-ups.

He said that the peacetime intrusions into the networks of key defence contractors are more evidence of China’s aggressive actions in cyberspace.

But cybersecurity expert Dmitri Alperovitch, chief technology officer with the security firm Crowdstrike, said that China had for years shown a keen interest in the logistical patterns of the U.S. military.

While its military uses secret or top-secret networks that are not on the Internet, but the US private companies hired by the US do not.

In the year beginning June 1, 2012, there were about 50 intrusions or other cyber events into the computer networks of Transcom contractors, the 52-page report stated.

At least 20 of those were successful intrusions attributed to an “advanced persistent threat,” a term used to designate sophisticated threats commonly associated with attacks against governments. All of those intrusions were attributed to China.

Senator Jim Inhofe of Oklahoma, the committee’s top Republican, called for a “central clearinghouse” that makes it easy for contractors to report suspicious cyber activity.