Tag: US

Kaspersky finds more US snoops

spyMoscow-based Kaspersky Labs has uncovered more evidence indicating that the US National Security Agency is behind a particularly successful hacking group.

“Equation Group” ran the most advanced hacking operation ever uncovered and was untouched for more than 14 years.

Kaspersky researchers did not say that the hackers were the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project.

However the mountain of  evidence that Kaspersky provided  strongly implicated the spy agency.

The strongest new tie to the NSA was the string “BACKSNARF_AB25” discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed “EquationDrug.” “BACKSNARF,” according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA’s Tailored Access Operations.

“BACKSNARF” joins a host of other programming “artifacts” that tied Equation Group malware to the NSA. They include “Grok,” “STRAITACID,” and “STRAITSHOOTER.” Just as jewel thieves take pains to prevent their fingerprints from being found at their crime scenes, malware developers endeavor to scrub usernames, computer IDs, and other text clues from the code they produce. While the presence of the “BACKSNARF” artifact isn’t conclusive proof it was part of the NSA project by that name, the chances that there were two unrelated projects with nation-state funding seems tiny.

The code word is included in a report Kaspersky detailing new technical details uncovered about Equation Group.

Among other new data included in the report, the timestamps stored inside the Equation Group malware showed that members overwhelmingly worked Monday through Friday and almost never on Saturdays or Sundays. The hours in the timestamps appeared to show members working regular work days, an indication they were part of an organised software development team.

The timestamps show the employees were likely in the UTC-3 or UTC-4 time zone, a finding that would be consistent with people working in the Eastern part of the US.

 

 

Intel and Huawei snuggle up

cuddling-dog-catIntel and Huawei Technologies are getting closer even as their rival governments fall out over trade blocks.

According to Huawei, the pair are getting closer and will share technology and adopt Huawei branding behind the bamboo curtain to make Intel products more palatable to local buyers and the Chinese government.

The technology involved focuses on the cloud, with the pair working on a project to create new servers, a data centre, software and cyber security for a global cloud-computing network.

China’s government has been openly pushing for the use of more Chinese and less foreign-made technology, both to grow its own tech sector and as a response to Edward Snowden’s leaks about widespread US cyber surveillance.

Intel and Huawei have collaborated previously, including a server and cloud product team-up in 2012 and an agreement to cooperate on data storage last April.

Although the announcement is mostly Chinese focused it is likely that the Intel side of the deal will result in other products seen worldwide. Intel would take the lead in nations where Huawei is not trusted, and Huawei stepping forward in countries which are worried about US surveillance.

US tech economy suffering because of paranoia

Senator McCarthy On 'Face The Nation'The US economy is officially suffering because its government is not reigning in its paranoid security services.

One of the world’s biggest markets, China, has said that it is no longer using high-profile US technology brands for state buys, amid ongoing revelations about mass surveillance and hacking by the US government.

That means that key brands, including Cisco, Intel, Apple and McAfee — among others — have been dropped from the Chinese government’s list of authorised brands.

The number of approved foreign technology brands fell by a third, based on an analysis of the procurement list. Less than half of those companies with security products remain on the list.

Chinese companies were said to offer “more product guarantees” than overseas rivals. Some claim it has cost the US government many billions of dollars figure on the impact of the leaks.

US companies have been moaning that the activities by the NSA are harming their businesses in crucial growth markets, including China. However, the US government has claimed that its aggressive spying plan meant that Americans were safer and spying on everyone was the only way to catch terrorists.

This included backdoors being placed in US products sold overseas. Those revelations sparked a change in Chinese policy by forcing Western technology companies to hand over their source code for inspection. That led to an outcry in the capital by politicians who accused Chinese companies of doing exactly the same thing, when they hadn’t.

Microsoft said its fourth-quarter earnings that China “fell short” of its expectations, which chief executive Satya Nadella described as a “set of geopolitical issues” that the company was working through.

HP said its fiscal first-quarter earnings had “execution issues” in China thanks to the “tough market” with increasing competition from the local vendors approved by the Chinese government.

However Cisco has been suffering the most. Earlier this month at its fiscal second-quarter earnings, the networking giant said it lost 19 percent of its revenue in China, amid claims the NSA was installing backdoors and implants on its routers in transit.

US no longer the Land of the Fee

 Statue-of-LibertyThe US will finally get net neutrality after the Republicans realised that mindlessly defending telco’s rights to charge people double were going to cost them votes.

Republicans conceded that the gruelling fight with President Obama over the regulation of Internet service appears over, with the president and all those people who did not want to be charged for internet use were victorious.

The Federal Communications Commission is expected on Thursday to approve regulating Internet service like a public utility, prohibiting companies from paying for faster lanes on the Internet.

Republicans, many of which take donations from the phone companies that opposed the scheme, had slammed the plan as “Obamacare for the Internet.”  It looks like that was also a mistake, as a large chunk of Americans did well under Obamacare.

But it also became clear that the Senators needed bi-partisan support to shaft net neutrality and there was no way that the democrats would support it.

It is not over yet. The new F.C.C. rules are still likely to be tied up in a protracted court fight with the cable companies and Internet service providers that oppose it, and they could be overturned in the future by a Republican-leaning commission.

The F.C.C. plan would let the agency regulate Internet access as if it is a public good. It would follow the concept known as net neutrality or an open Internet, banning so-called paid prioritization — or fast lanes — for willing Internet content providers.

In addition, it would ban the intentional slowing of the Internet for companies that refuse to pay broadband providers. The plan would also give the F.C.C. the power to step in if unforeseen impediments are thrown up by the handful of giant companies that run many of the country’s broadband and wireless networks.

Dave Steer, director of advocacy for the Mozilla Foundation, the nonprofit technology foundation that runs Firefox said that despite the telcos out spending out outlobbying the net neutrality lobby, they still managed to lose.

In fact there is talk that the days of top-down decisions by executives investing in or divesting themselves of resources, paying lobbyists and buying advertisements might be over.  This case showed that it was possible to remove the old system by mobilising Internet customers and users.

 

US leans on Indonesia over smartphone law

page_detail_zoom_3315The US government is leaning on Indonesia to daring to set up laws that forbid foreign smartphone makers from coming into the country.

The country is one of the few where smartphone makers have not been able to penetrate, and Indonesia has insisted that companies make 40 percent of their phones locally.

This of course destroys the US model of making cheap phones in China and having them shipped to foreign parts.

From January 1, 2017, smartphone makers that sell smartphones and tablets in the fast-growing economy of 250 million people to produce 40 percent of their content locally.

We are not sure why the US Trade Representative (USTR), is involved in strong arming Indonesia to have a change of heart. If he wins, it is not as if he is protecting US jobs.  He is in fact protecting Chinese jobs and the bottom lines of big multinationals who do not pay much tax in the US.

Apparently critics of the “made in Indonesia” rule, including an influential US business group, say it could increase costs and restrict access to technology.

“The United States shares these concerns, and strongly supports ensuring that information and communications technology, which can be instrumental to economic development, be openly available in Indonesia,” said a USTR spokesman in Washington.

Less than a third of Indonesians own a smartphone, a much lower rate than China’s almost 80 percent, according to figures from research firm Canalys.

Samsung has already begun producing phones in Indonesia after opening a factory near Jakarta last year, but Apple’s supplier Foxconn has been dragging its feet as it negotiates with the Indonesian government over a proposed investment that would include manufacturing smartphones.

US banks finally adopt mark of the beast

Card-fraudUS banks have finally twigged that the reason they keep losing money to credit card theft is because they insist on being the last bastion of low tech cards.

Given the fact that the free market is supposed to decide the best form of technology to defend its transactions, the US banks have been dragging their collective trotters adopting the EMV standard.

Meanwhile in Europe, the birthplace of Europay, MasterCard and Visa (EMV) standard there is a low amount of credit card fraud while in the US it is incredibly high.

Now the US is finally making the transition to secure cards based on the European EMV standard, mostly because the liability shift imposed by the three big credit card brands — Visa, MasterCard and American Express — will start on October.

If the merchant is EMV compliant and has a POS system equipped to read EMV cards, and the card is not, because the financial institution has not started issuing them yet — effectively forcing the merchant to run your card on the magnetic stripe reader — then the bank or credit card issuer has to pay for the misuse of the card.

If the issuer has upgraded to EMV by sending chip cards to its cardholders, but the merchant has not upgraded their point of sale to accept them, the retailer bears the cost for counterfeit fraud.

While all this is a pain for the banks and retailers, it is widely accepted in the US that something has to be done. A wave of data breaches that has hit major retailers such as Target and Home Depot, among others, has convinced many card issuers that the expense of sending new cards fades in comparison to the consequences of new data breaches. It will probably take another three years for full adoption.

Some analysts expect fraud to increase this year, as thieves will step up their efforts to capture more credit card details before the EMV conversion starts to take a grip on their bottom line.

It is unclear why the US has been so slow in adopting the chips, one reason might be the fact that their parts of the US which may refuse to use them because of religious reasons.  Parts of the bible belt believe that the move to such technology is a sign of the “end times” and that any electronic transactions are the same as the “mark of the beast” of revelation.

US spooks hide in hard drives

spyIf you own hard-drives made by Western Digital, Seagate, and Toshiba all your data could have been seen by US spooks.

According to Kaspersky Lab, the US National Security Agency figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba, IBM, Micron and Samsung.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

The Russian outfit did not name the US as the country behind the software, but said it was closely linked to Stuxnet, which was a NSA-led effort.

A former NSA employee told Reuters that Kaspersky’s analysis was correct, and that people still in the spy agency valued these espionage programmes as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives.

Kaspersky published the technical details of its research on Monday, a move that could help infected institutions detect the spying programs, some of which trace back as far as 2001

The announcement could lead to a backlash against Western technology, in countries such as China, which is already drafting regulations that would require most technology suppliers to provide copies of their software code for inspection.

Kaspersky said the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.

Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.

The information was news to Western Digital, Seagate and Micron who said it was the first they had heard of it. Toshiba and Samsung declined to comment and IBM just ignored hacks requests.

Microsoft offers start ups Azure credits

Pic Mike MageeMicrosoft has launched a package to lure start-ups and SME’s to its Azure profile by offering them $500,000 in Azure credits. 

The deal, announced by partner Y Combinator, is only available to Y Combinator-backed companies and will be offered to the 2015 Winter and future batches.

It seems that Microsoft is following Google, AWS and IBM which already offer incentives for start-ups to join them.

Microsoft is giving Y Combinator start-ups a three years Office 365 subscription, access to Microsoft developer staff and one year of free CloudFlare and DataStax enterprise services.

It is starting to look like Microsoft is getting more aggressive in its competition with Amazon Web Services and Google, both of whom already offer credits and freebies.

Amazon offers $25,000 in AWS credits and other freebies, while Google offers $100,000 in Google platform credits and IBM offers $120,000 in credit for SoftLayer infrastructure of BlueMix PaaS.

Writing in his company’s bog Sam Altman said that this brings the total value of special offers extended to each YC company to well over $1,000,000. “The relentless nagging from partners to grow faster we throw in for free,” he said.

It is likely that the YC deal is the first of many which will be rolled out worldwide to Microsoft’s partners.

 

Obama joins British calls for encryption back-doors

 revolutionPresident Barack Obama and British Prime Minister David “One is an Ordinary Bloke” Cameron are singing from the same hymn sheet when it comes to the matter of encryption.

Obama has issued a statement that he can’t see why police and spies should not be locked out of encrypted smartphones and messaging apps.  Clearly he has not been paying much attention to the Snowden affair where it appears that the lack of encryption gave US and UK snoops huge powers over the lives of the great unwashed, while not making much difference to terrorists or criminals.

Apple, Google  and Facebook  have introduced encrypted products in the past half year that the companies say they could not unscramble, even if faced with a search warrant. That’s prompted vocal complaints from spy chiefs, the Federal Bureau of Investigation and British Prime Minister David Cameron.

In fact Obama’s comments came after two days of meetings with Cameron, and were made with his loyal lapdog at his side.

“If we find evidence of a terrorist plot… and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem,” Obama said.

He insisted that US tech-giants are on the side of the spooks.

He said that “They’re patriots.”  Standing next to a British Prime Minister claiming that people who are publically claiming they are working to stop UK and US spooks are actually working for them is a hugely ironic piece of disinformation.

Google, Apple and Microsoft have spent a fortune encrypting links to their networks to keep “tyranny” out. If they are patriots then they are unlikely to side with the British, if US history is anything to go by.

In the US, governments have long been able to access the contents of electronic communication, including phone calls, consumer email and social media, with warrants, through wiretaps and from technology companies themselves.

But the law that governs these practices is dated and doesn’t mandate tech firms incorporate such features into modern apps.

The president wants a technical way to keep information private, but ensure that police and spies can listen in when a court approves. He is on a hiding to no-where with this one. Bill Clinton tried for a “clipper chip” that would allow only the government to decrypt scrambled messages.

Security experts have long argued such systems would tigger anti-hacking tools, leaving computers exposed. An encryption algorithm with a master key, it is inherently weaker because it’s possible for an outsider to steal that master key and crack the code.

What is worrying about this particular transatlantic accord is that the UK is more likely to get it into law than the US.

Security experts have warned that you can’t have secure systems with backdoors and that if you bring in such rules you will be making it easier for terrorists to take control of systems.

 

UK pledges to increase snooping with US

spyThe UK and the US are using the massacres in Paris as a pretext for “increasing co-operation” on snooping on internet users.

Prime Minister David “one is an ordinary bloke” Cameron said the two countries will set up “cyber cells” to share intelligence and conduct simulated attacks to test the defences of organisations such as banks.

Cameron is visiting Washington to tell them how to sort out their economy and security, and is due to have a second meeting with President Barack Obama today.

Cameron said that the two countries had  hugely capable cyber defences and the expertise and that is why they  should set up cyber cells on both sides of the Atlantic to share information, Cameron said.

The cooperation between Britain’s GCHQ eavesdropping agency and the US National Security Agency will include joint war games, with the UK providing the Games Workshop figures and the US providing the rules, the polyhedral dice and the joints.

The first exercise later this year to involve the Bank of England and commercial banks in both the City of London and Wall Street. It is not clear who will be exercising but if you ask any bankers we have seen to do a push up the body bag count will be high.

“This is a real signal it is time to step up the efforts and to do more,” said Cameron.

The British leader said he also planned to discuss with Obama how the two countries could work more closely with big Internet companies such as Facebook and Google to monitor communications between terror suspects. This is of course something that Facebook and Google want nothing to do with, so chances are he will be talking about bringing in laws to force them.

One thing Cameron has not answered is that if the UK and US have such wonderful cyber ability and resources, how did the Paris attacks actually happen? It seems that the more snooping powers that the UK and the US demand, the less effect it has on the goal of preventing terrorism.

Microsoft accuses US of double standards

janus1Software giant Microsoft has accused the US government of operating a system of double standards when it comes to snooping on other countries.

Microsoft’s executive Vice President and General Counsel, Brad Smith said that by demanding companies hand over customer data stored overseas the US government was operating a double standard that it would not accept from other countries.

Writing in his blog, Smith said: “Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany. They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter’s box with a master key, rummage through it, and fax the private letters to the Stadtpolizei.”

Microsoft has applied to the US Second Circuit Court of Appeals in its ongoing case challenging a US government search warrant for customer data stored in Ireland. Microsoft filed the appeal after a US district court judge rejected the company’s argument that the warrant is illegal because it calls for the seizure of emails stored outside the United States.

If the situation was reversed the US government would be furious if a foreign government attempted to sidestep international law by demanding that a foreign company with offices in the United States produce the personal communications of an American journalist.

He pointed out that the Secretary of State would fume that he or she was outraged by the decision to bypass existing formal procedures that the European Union and the United States have agreed on for bilateral cooperation.

And then, if the Germans had responded the way the US had done,  they would claim that they did not conduct an extraterritorial search – in fact we didn’t search anything at all.

“No German officer ever set foot in the United States. The Stadtpolizei merely ordered a German company to produce its own business records, which were in its own possession, custody, and control. The American reporter’s privacy interests were fully protected, because the Stadtpolizei secured a warrant from a neutral magistrate,” Smith said.

That would not satisfy the Americans because the documents held by the foreign company for safekeeping are private letters, not business records.

“And any attempt to take possession of those letters through a warrant – even one served on the company entrusted with those letters – would constitute a seizure by a foreign government of private information located in another country,” Smith wrote.

As far as the US Government is concerned, your emails become the business records of a cloud provider. Because business records have a lower level of legal protection, the Government claims it can use a different and broader legal authority to reach emails stored anywhere in the world.

US tech snooping is a trade barrier

 shoe phoneThe US government’s mass surveillance of the whole world has become a trade barrier for European Internet companies trying to provide services in the United States, a top EU official claims.

Paul Nemitz, a director in the European Commission’s justice department said that US citizens are deterred from using European e-mail providers because they do not get the same protection as they would by using US providers, said

Laws which empower the NSA to basically grab everything which comes from outside the United States, is a real trade barrier to a European digital company to provide services to Americans inside America.

Nemitz, who is overseeing an overhaul of the EU’s 20-year-old data protection rules, told a conference on data protection in Paris that an American in the United States using a European service does not have the same level of protection as he would if he used an American service.

Using a European service, his communication is transmitted outside the United States, so it is subject to interception.

The comments underscore the widespread unease within Europe about access to people’s data by both security services and companies. They also come at a time when Brussels and Washington are renegotiating a data-sharing agreement – called Safe Harbour – used by over 3,000 companies.

The Safe Harbour agreement makes it easier for US companies to do business in Europe by certifying that their handling of user data meets EU data-protection laws.

The EU wants Washington to guarantee that it will only access Europeans’ personal data for national security reasons when it is strictly necessary, as it does with US citizens’ data.

Meanwhile the EU is also negotiating a new pan-European data- protection law which would impose stiff fines on companies mishandling personal data in Europe.

Companies in both the United States and the EU have lobbied against some parts of the new rules, arguing that they will impose too much red tape on businesses.

US splashes out on two more supercomputers

15013The US is going to spend $325 million on two new supercomputers, one of which may eventually be built to support speeds of up to 300 petaflops.

Deeply embarrassed by the fact that China has been ruling the super computer league tables for a while now, the US government is taking steps to unseat them from the top.

The US Department of Energy, the major funder of supercomputers used for scientific research, wants to have the two systems, each with a base speed of 150 petaflops, possibly running by 2017. Going beyond the base speed to reach 300 petaflops will take additional government approvals.

The DOE also announced another $100 million in “extreme” supercomputing research spending.

The funding was announced at a press conference at the US Capitol attended by lawmakers from both parties.

The two systems, which will be built at the DOE’s Oak Ridge and Lawrence Livermore National Laboratories, “will ensure the United States retains global leadership in supercomputing”.

Republican Chuck Fleischmann said, supercomputing was one of those things that that the US could step up and lead the world again,” he said. The Oak Ridge lab is located in his state.

Republican Bill Foster warned that the US’s technology lead is not assured and he blamed that most chip making was done over overseas.

Foster believed there is good bipartisan support for supercomputing research, but the research may face a problem if GOP budget proposals in the House slash science funding by double-digit percentages.

The US government is under pressure to abandon science funding because some constituents think it is better that people learn more about Jesus.

China has the top-ranked system, the Tianhe-2, at about 34 petaflops, and Japan and Europe have major investments underway in this area.

The new system to be built at Oak Ridge will be called the Summit. It will use about 10 megawatts of power, which is close to the power usage of Oak Ridge’s existing supercomputer, the Titan, which is ranked No. 2 in the world. The Summit will run five times faster than the Titan, despite using the same amount of power.

The new system to be built  at the Lawrence Livermore lab in California will be known as Sierra.

These systems will use IBM Power CPUs and Nvidia’s Volta GPU, the name of a chip still in development.

Motorola discovers US does not rule the world

courtroom_1_lgIt appears that Motorola’s US court case against several Asian suppliers for alleged price fixing is coming unstuck.

A US appeals court appeared sceptical of mobile phone maker Motorola Mobility’s attempt to sue  AU Optronics, Chunghwa Picture Tubes, HannStar Display, LG Display, Samsung, Samsung, Panasonic, Sanyo, Sharp and Toshiba.

A three judge panel of the 7th US Circuit Court of Appeals questioned whether the allegations had enough connection to the United States to be heard in US courts.

Motorola Mobility is now a unit of China’s Lenovo Group, but it sued the suppliers in Chicago federal court in 2009, saying some of its subsidiaries had overpaid for liquid crystal display screens because of a conspiracy in Asia. Some screens entered the US market, the lawsuit said.

Judge Richard Posner, a member of the appeals panel, pointed out that Motorola treated the foreign subsidiaries as separate for tax reasons, but for antitrust purposes, they are seen as part of Motorola.

Motorola Mobility lawyer Thomas Goldstein said the company should be able to sue under US law because a former Chicago-based parent negotiated its supply contracts.

Lenovo bought Motorola Mobility in October for $2.91 billion from Google which had bought it in 2012. Motorola Mobility says it paid the LCD makers more than $5 billion from 1996 to 2006.

The appeals court ruled against Motorola Mobility in March but agreed to hear the case again after the Obama administration said the ruling threatened its ability to prosecute global price fixing.

The US Justice Department, whose investigation of global LCD price-fixing led to more than $1.3 billion in criminal fines, asked the court to find that the conspiracy directly affected US commerce.

Belgium and Japan filed briefs criticising the reach of US antitrust law and urging the court to rule for the suppliers.

Chinese hack US post

postman_file_640_4806bc074ad1dChinese government hackers are suspected of breaching the computer networks of the United States Postal Service, compromising the data of more than 800,000 employees — including the postmaster general.

According to the FBI, the intrusion was discovered in mid-September, said officials, who declined to comment on who was thought to be responsible.

The announcement comes just as President Barak Obama arrived in Beijing for high-level talks with his counterpart, President Xi Jinping.

China has consistently denied accusations that it engages in cybertheft and notes that Chinese law prohibits cybercrime. But China has been tied to several recent intrusions, including one into the computer systems of the Office of Personnel Management and another into the systems of a government contractor, USIS, that conducts security-clearance checks.  Of course the US spooks have been doing the same thing in China, so it is a matter of all is fair in love and cold war.

The only question is why did the Chinese spooks think that hacking a the postal service was a good idea.

Postmaster General Patrick Donahoe said in a statement that it was an unfortunate fact of life these days that every organisation connected to the Internet is a constant target for cyber intrusion activity. “The United States Postal Service is no different. “Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data,” he said.

The compromised data included names, dates of birth, Social Security numbers, addresses, dates of employment and other information, officials said. The data of every employee were exposed.

No customer credit card information from post offices or online purchases at usps.com was breached, officials said.

While the OPM and USIS breaches involved data of people who had gone through security clearances and so could be useful to a foreign government seeking to gain access to individuals in sensitive government work, it is not clear why Postal Service employees would be of such interest.