STE WILLIAMS

Mobile software that meddles with your sensitive info must have privacy polices and must display them clearly, California’s Attorney General Kamala Harris declared yesterday in a statement agreed by all major app sellers.

Under the new rule, anyone downloading a program from Apple, Android, RIM, Windows, HP or Amazon stores should be presented with an app privacy policy that reports what personal information the software will slurp and how it will be used. Apps that don’t use personal data don’t have to present a policy.

The move comes after reports that only 5 per cent of apps have privacy policies and popular titles were caught snatching contact lists and unique phone IDs, location, age, gender and even key taps. Harris expressed the hope that the joint statement will bring developers in line with California’s laws on digital privacy.

It will also have a ripple-out effect for anyone outside California as app stores are global, and will bring the issue to the attention of federal law-makers.

“This agreement strengthens the privacy protections of California consumers and of millions of people around the globe who use mobile apps,” Harris said in a statement. “By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used.”

Apps that fail to meet the new guidelines will be fined at a rate of up to $5,000 per user, said Harris at a conference reported by the LA Times. Users will get new tools to report apps that breach privacy regulations and a review will be held in 6 months’ time.

The new app privacy agreement doesn’t change what apps can or can’t do, but does make punters aware of what’s happening in their phone. However watchdogs argue that privacy policies – often weighed down in small print – are not the best way to inform consumers.

“This is an improvement from the current Wild West that is the mobile market,” said John M Simpson of the Californian Consumer Watchdog Privacy Project. He added:

But trying to decipher what’s going on through a privacy policy written by lawyers, paid by the word to obfuscate can be extremely frustrating.  It’s even more difficult on small hand-held devices. We need a simple, persistent way to send a message that a user doesn’t want to be tracked. We need Do Not track legislation.

The move to stop browsers tracking user activity – nicknamed the Do Not Track debate – has raged on at PC level – this brings that argument into the mobile space.

Apple and Google host approximately 1 million mobile applications, up from just 600 in 2008. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/23/california_mobile_app_privacy_policy/

Anonymous has distanced itself from a plot to knock out critical systems in the backbone of the internet.

Documents posted on Pastebin and elsewhere warn of a planned attack against the main DNS root servers on 31 March as part of a protest against SOPA and other hated copyright enforcement measures. If successful, the attack would disable the core components of internet’s systems for domain name to IP address lookup, hobbling web surfing and email delivery in the process.

“On March 31, anonymous will shut the Internet down. In order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet,” according to a memo outlining the proposed assault, dubbed Operation GlobalBlackOut.

“By cutting these off the Internet, nobody will be able to perform a domain name lookup, thus, disabling the HTTP Internet, which is, after all, the most widely used function of the Web. Remember, this is a protest, we are not trying to ‘kill’ the Internet, we are only temporarily shutting it down where it hurts the most.”

Established individuals associated with Anonymous have distanced the group from the plan.

“GlobalBlackOut is another Fake Operation. No intention of #Anonymous to cut Internet,” an update to the @Anonops Twitter account on Tuesday states.

Anyone can declare themselves as members of Anonymous and use the groups’s banner as a flag of convenience. In the absence of official spinners, let alone any recognised hierarchy, Twitter accounts and blogs act as the best guide for what’s going on with the collective.

These accounts correctly predicted that there would be no attack on Facebook, so El Reg reckons Operation GlobalBlackOut – which doesn’t make much sense in the first place – is a non-starter.

A minority of members of Anonymous have shown themselves prepared to leak the personal details of consumers in order to expose the insecurity of corporations in the past, but taking out the root DNS of the net is not the group’s style. After all, such a action would throw a spanner in the works of the hacktivists’ favourite playground.

In other Anon-related news, National Security Agency director Gen. Keith Alexander has warned the White House that Anonymous “could have the ability within the next year or two to bring about a limited power outage through a cyberattack”, the Wall street journal breathlessly reports.

Various members of Anonymous denounced this warning as scare-mongering geared towards creating a climate in which Congress allows the passage of the 2012 cyber-security bill despite objections by Senate Republicans. They say it gives federal authorities too much power over private-sector infrastructure firms.

“We’re pretty sure, that cyber bill is the reason for the renewed NSA fear-mongering,” AnonymousIRC retorted. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/anon_disowns_dns_takedown_plan/

The email addresses and passwords of more than a million users of the YouPorn sex chat site were exposed to all and sundry this week following a coding error that went undetected for years.

The data – which identifies customers of the smut site, exposing them to potential embarrassment as a result – might also be used in attempts to hack into more sensitive accounts maintained by the same potential victims. Those that use the same or similar passwords for more sensitive accounts (webmail, Facebook, PayPal etc) are most at risk of attack.

Grumble-flick vault YouPorn – unlike porn portal Brazzers, the victim of a similar recent attack that also exposed customers data – wasn’t hacked. Instead careless programmers left unencrypted sign-up information on a public-facing web server.

The sensitive files were uploaded to an FTP site and released as a (no longer available) torrent. However the index, and some older files, from the YouPorn chat site are still available through archive.org.

The breach became public knowledge this week via a thread on Flashback.org, Sweden’s largest web forum, which includes samples of some of the harvested files.

“Looking at the data, it seems like a careless programmer accidentally left debug logging on to a publicly accessible URL as early as November 2007, and it has been storing all registrations ever since,” explains Anders Nilsson of CTO at Swedish security distributor EuroSecure, in a blog post on the breach.

“The data was found by someone sweeping websites for publicly accessible, but non-linked (‘hidden’) folders, looking for either porn or sensitive material like this, and struck gold,” he adds.

The affected site – chat.youporn.com – was taken down on Tuesday, 21 February. Prior to this, the site offered “regular” chat with different rooms and moderators, and the possibility of sending audio or video to other members of the forum.

The main YouPorn.com site appears to be operating as normal. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/smut_chat_breach/

Microsoft has claimed that Google has been serving third-party cookies capable of tracking users’ online behaviour even when those users have adjusted settings in the Internet Explorer browser to prevent it happening.

Dean Hachamovitch, corporate vice president of Internet Explorer (IE) at the software giant, said Google had “bypassed” the settings by using a quirk in privacy technology. He said the company had identified the problem with its system after a researcher had reported that Google had circumvented user settings on the Apple Safari browser in order to send third-party cookies to those users.

Google has argued that Microsoft’s reliance on outdated technology had forced thousands of websites to circumvent the ‘Platform for Privacy Preferences’ (P3P) system it uses in IE in order to deliver “functionality” to web users. It has also claimed that it had unintentionally served advertising cookies to Safari users when trying to deliver a personalised service to them in other ways, according to media reports.

Google has said that it was removing those advertising cookies from Safari and that, in any case, the advertising cookies the company serves “do not collect personal information“.

A spokesman for the Information Commissioner’s Office (ICO) told Out-Law.com that the watchdog was “making enquiries with Google” to establish whether the way in which it serves cookies complies with UK law.

Websites and third parties, such as advertisers, often like to record users’ online interaction in order to serve personalised content, such as adverts, based on that recorded information. Websites can use a number of methods to collect user-specific data, including through the use of cookies. Operators sometimes pass on information stored in cookies to advertisers in order that they can serve behavioural adverts based on users’ activity and apparent interests.

EU law

However, EU privacy rules that came into force last May state that storing and accessing information on users’ computers is only lawful “on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing”. Consent must be unambiguous and be explicitly given.

Those laws have been implemented into UK law by the amendment of the Privacy and Electronic Communications Regulations (PECR). The ICO’s spokesman said that the watchdog would begin enforcing the law from 26 May this year – a year on from the date the amended PECR was introduced. The ICO previously said it would give website operators a year to work towards complying with the new rules.

In a Microsoft blog, Hachamovitch said that Google had been able to send third-party cookies to Internet Explorer even if users had elected not to receive them.

“By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent,” Hachamovitch said.

Web standards

According to web standards body the World Wide Web Consortium (W3C) P3P “allows websites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner [and] enables web users to understand what data will be collected by sites they visit, how that data will be used, and what data/uses they may ‘opt out’ of or ‘opt in’ to”.

However, Hachamovitch said the technology allows unlabelled P3P ‘policies’ to circumvent blocking measures.

“Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies,” he said.

Hachamovitch said that IE users can use other ‘Tracking Protection’ technology to prevent Google serving third-party cookies to them and that Microsoft would change the way its P3P system works.

“The P3P specification says that browsers should ignore unknown tokens. Privacy advocates involved in the original specification have recently suggested that IE ignore the specification and block cookies with unrecognized tokens. We are actively investigating that course of action,” he said.

Google said that using Microsoft’s P3P system is “impractical.”

“Microsoft uses a ‘self-declaration’ protocol (known as ‘P3P’) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form,” a Google spokeswoman said.

“It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern web functionality,” she said.

“Today the Microsoft policy is widely non-operational,” she said.

Internet companies have been urged to establish a final standardised system that will allow users to control their privacy settings across websites by the European Commission.

Neelie Kroes, EU Commissioner responsible for the Digital Agenda, last year warned internet companies that she would “not hesitate to employ all available means to ensure our citizens’ right to privacy” if a standardised system for indicating user consent to their online activity being tracked was not agreed by June 2012. Last month Kroes reiterated her demand and reported that the technology was at that stage more of an “aspiration rather than a reality”.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/ico_enquires_about_google_system_for_serving_third_party_cookies/

Four-digit banking PINs are almost as insecure as website passwords, according to a study by Cambridge University computer scientists.

The first-ever quantitative analysis of the difficulty of guessing four-digit banking PINs estimates the widespread practice of using a date of birth as a PIN code and other factor means that opportunistic thieves will be able to correctly guess a PIN before a card is blocked between 8-9 per cent of the time.

The researchers modeled banking PIN selection using a combination of leaked data from non-banking sources (smartphone unlock-codes and the RockYou dataset) and an online survey. The 1,300 people quizzed online were not asked for their PIN, only if it fell into one of the general categories the Cambridge University team identified.

Most people are significantly more careful choosing PINs than online passwords, with a majority using an effectively random sequence of digits. However a few weak choices – and using birthdays in particular – provide hope for opportunistic thief.

In a blog post, Cambridge University researcher Joseph Bonneau explains:

About a quarter stick with their bank-assigned random PIN and over a third choose their PIN using an old phone number, student ID, or other sequence of numbers which is, at least to a guessing attack, statistically random.

In total, 63.7 per cent use a pseudo-random PIN, much more than the 23 to 27 per cent we estimated for our base datasets. Another 5 per cent use a numeric pattern (like 4545) and 9 per cent use a pattern on the entry keypad, also lower than the other two datasets.

Altogether, this gives an attacker with six guesses (three at an ATM and three with a CAP [hand-held card] reader) less than a 2 per cent chance of success.

Unfortunately, the final group of 23 per cent of users chose a PIN representing a date, and nearly a third of these used their own birthday. This is a game-changer because over 99 per cent of customers reported that their birth date is listed somewhere in the wallet or purse where they keep their cards. If an attacker knows the cardholder’s date of birth and guesses optimally, the chances of successfully guessing jump to around 9 per cent.

If customers use their wallet then it is very likely to have a ID document with a birth date printed on it. That makes choosing a date of birth for a bank card PIN a terrible idea. Other not-so-random codes include PINs representing dates, years, repeated digits, ascending digits or ending in 69. More bad practices in the area include sharing and reusing PINs.

The researchers suggest that blacklisting the top 100 PINs can drive the guessing rate down to around 0.2 per cent in the general, though not if a user’s birthday is known, where the rate stays at 5 per cent. Dropping all dates that can be considered as birthdays doesn’t work because there are too many.

Even so, some blacklisting can be done. Shamefully some banks in both the US and Europe fail to prohibit obviously guessable PINs, such as 1234, the Cambridge boffins report.

The team’s research paper, A birthday present every eleven wallets? The security of customer-chosen banking PINs – by Joseph Bonneau, Sören Preibusch and Ross Anderson, can be found here (PDF). ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/banking_pin_security/

UK local authorities spent a total of £515m installing, operating and maintaining CCTV between 2007-11, according to the privacy campaign group Big Brother Watch.

It has released figures obtained from freedom of information (FoI) requests showing that Birmingham was the highest spender on CCTV with more than £14m, while Westminster spent nearly £12m. The group claimed that 428 councils responded to the requests, accounting for 98.6 per cent of the total.

According to Big Brother Watch, the findings show that Leicester has the highest number of CCTV cameras, with 2,083 in total. Other authorities with more than 1,000 include Fife, Wandsworth, Nottingham and Southampton.

The data also shows that:

• There are at least 51,600 CCTV cameras controlled by 428 local authorities in Britain.
• Leicester, Fife, Wandsworth, Nottingham, Southampton, Aberdeen City and Cardiff have more CCTV cameras than Liverpool, Manchester and Leeds combined.
• 18 councils have spent more than £1m annually between 2007-11 on CCTV, including Wandsworth, Bristol, Wakefield, Cambridge and Caerphilly.

Caerphilly has challenged this figure, claiming it does not provide an accurate reflection of the information it provided in response to the FoI request.

Nick Pickles, director of Big Brother Watch, said: “Surveillance is an important tool in modern policing but it is not a substitute for policing. In too many cities across the country every corner has a camera but only a few ever see a police officer. Despite millions of cameras, Britain’s crime rate is not significantly lower than comparable countries that do not have such a vast surveillance state.

“There is no credible evidence that more cameras will reduce crime, yet councils have poured enough money into CCTV in just four years that would have put more than 4,000 extra police officers on the streets.”

The five lowest spenders on CCTV were Arun council, which spent £250,000 between 2007-11, Mid Sussex (£462,000), West Devon (£737,000), Waverley (£1.1m) and Rutland (£1.4m).

The department of Communities and Local Government declined to comment on the findings.

This article was originally published at Guardian Government Computing.

Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/councils_cctv/

The volume of malware samples detected by McAfee passed the 75 million milestone late last year, the Intel-owned security firm reported this week.

Although the release of new malware slowed in Q4 2011, mobile malware continued to increase albeit from a low base. Android was by far the most targeted platform with 400 new strains appearing in just that quarter, compared to a cumulative total of little over 100 prior to the last three months of 2011. For comparison, there were four million new strains of Windows malware in Q4 2011, compared to 6m in Q2 2011.

Scareware volumes dropped considerably between Q3 and Q4 2011, while AutoRun and password-stealing Trojan malware each showed modest declines over the same period. Mac-specific malware, which spiked in Q2 2011, dropped off in the last two quarters of last year. In June 2011, more than 250 new samples were detected but this figure trailed off to less than 50 in Q4 2011. Almost all the June samples were designed to power fake anti-virus for Mac scams.

McAfee advises Mac fans to not discount security threats, despite the decline.

“Mac malware had a big spike in the second quarter but has remained quiet since then. As always, comparing overall malware growth for the Mac with that for PCs makes the Mac threat look rather tame, but it’s always wise to protect your system, even if it’s a MacBook Air.”

McAfee Labs recorded an average of 9,300 new bad websites per day in Q4, up from 6,500 in the previous quarter. The vast majority of new malicious sites were hosted in the US, followed by the Netherlands, Canada, South Korea and Germany.

While the malware outlook remains bleak there was much better news on the junk mail front. Global spam reached its lowest point in years at the end of last year, according to McAfee. Somewhere around 1 trillion spam messages were dispatched per day in December 2011, compared to 2 trillion in May 2011. The volume of legitimate email hovered at between 450 and 500 billion messages a day during 2011. Although that put spam volumes at more than 70 per cent the figure is much improved from the dark days of the Naughties when spam volumes routinely exceeded 90 per cent.

McAfee doesn’t comment on the reasons for the decline but other observers credit the dismantling of various pharma spam operations and botnet takedowns for lower volumes of junk mail.

Instead of merely coping with the sheer volumes of junk email hitting servers, the latest challenge is countering targeted attacks. “Despite the drop in global levels, spear-phishing and spam are as dangerous as ever,” McAfee concludes. McAfee’s third-quarter threat report can be found here [PDF]. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/malware_spam_trends_mcafee/

IBM is beefing up its enterprise security offerings by creating a security platform that is aware of real-time virus information, meaning that the system will be much quicker at recognising new threats.

Marketing its updated QRadar Security Intelligence Platform as a comprehensive security solution, IBM argue that the platform will protect companies much better than a bunch of piecemeal security patches. Systems patched that way have loopholes, warned Brendan Hannigan, general manager, IBM Security Systems.

“Trying to approach security with a piece-part approach simply doesn’t work,” Hannigan said. “By applying analytics and knowledge of the latest threats and helping integrate key security elements, IBM plans to deliver predictive insight and broader protection.”

The QRadar platform – designed by Q1 Labs and acquired by IBM last autumn – will have live information about viruses fed into it from 400 different sources. It will use that information to react more quickly and effectively to detect and quash bugs. The information feed is drawn from the IBM X-Force threat repository, which combs through over 13 billion security threats a day. According to Big Blue, it is the first time that X-Force‘s threat intelligence has been incorporated into a security intelligence solution.

Another key feature of the platform is additional data-crunching capacity – which will allow the monitoring and corroborating of suspicious activity across multiple different areas.

For example, the software will track activity for unusual changes:

With security intelligence, security teams can quickly determine whether access patterns exhibited by a given user are consistent with the user’s role and permissions within the organization.

And then using information from other areas, the system will be able to combine reports of threats. The statement explains:

With IBM Guardium Database Security integrated with the security intelligence platform, users can better correlate unauthorized or suspicious activity at the database layer – such as a database administrator accessing credit card tables during off-hours – with anomalous activity detected at the network layer, such as credit card records being sent to unfamiliar servers on the public Internet.

IBM’s QRadar Security Intelligence Platform will be available before the end of March 2012. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/ibm_announce_security_platform/

Microsoft has claimed that Google has been serving third-party cookies capable of tracking users’ online behaviour even when those users have adjusted settings in the Internet Explorer browser to prevent it happening.

Dean Hachamovitch, corporate vice president of Internet Explorer (IE) at the software giant, said Google had “bypassed” the settings by using a quirk in privacy technology. He said the company had identified the problem with its system after a researcher had reported that Google had circumvented user settings on the Apple Safari browser in order to send third-party cookies to those users.

Google has argued that Microsoft’s reliance on outdated technology had forced thousands of websites to circumvent the ‘Platform for Privacy Preferences’ (P3P) system it uses in IE in order to deliver “functionality” to web users. It has also claimed that it had unintentionally served advertising cookies to Safari users when trying to deliver a personalised service to them in other ways, according to media reports.

Google has said that it was removing those advertising cookies from Safari and that, in any case, the advertising cookies the company serves “do not collect personal information“.

A spokesman for the Information Commissioner’s Office (ICO) told Out-Law.com that the watchdog was “making enquiries with Google” to establish whether the way in which it serves cookies complies with UK law.

Websites and third parties, such as advertisers, often like to record users’ online interaction in order to serve personalised content, such as adverts, based on that recorded information. Websites can use a number of methods to collect user-specific data, including through the use of cookies. Operators sometimes pass on information stored in cookies to advertisers in order that they can serve behavioural adverts based on users’ activity and apparent interests.

EU law

However, EU privacy rules that came into force last May state that storing and accessing information on users’ computers is only lawful “on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing”. Consent must be unambiguous and be explicitly given.

Those laws have been implemented into UK law by the amendment of the Privacy and Electronic Communications Regulations (PECR). The ICO’s spokesman said that the watchdog would begin enforcing the law from 26 May this year – a year on from the date the amended PECR was introduced. The ICO previously said it would give website operators a year to work towards complying with the new rules.

In a Microsoft blog, Hachamovitch said that Google had been able to send third-party cookies to Internet Explorer even if users had elected not to receive them.

“By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent,” Hachamovitch said.

Web standards

According to web standards body the World Wide Web Consortium (W3C) P3P “allows websites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner [and] enables web users to understand what data will be collected by sites they visit, how that data will be used, and what data/uses they may ‘opt out’ of or ‘opt in’ to”.

However, Hachamovitch said the technology allows unlabelled P3P ‘policies’ to circumvent blocking measures.

“Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies,” he said.

Hachamovitch said that IE users can use other ‘Tracking Protection’ technology to prevent Google serving third-party cookies to them and that Microsoft would change the way its P3P system works.

“The P3P specification says that browsers should ignore unknown tokens. Privacy advocates involved in the original specification have recently suggested that IE ignore the specification and block cookies with unrecognized tokens. We are actively investigating that course of action,” he said.

Google said that using Microsoft’s P3P system is “impractical.”

“Microsoft uses a ‘self-declaration’ protocol (known as ‘P3P’) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form,” a Google spokeswoman said.

“It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern web functionality,” she said.

“Today the Microsoft policy is widely non-operational,” she said.

Internet companies have been urged to establish a final standardised system that will allow users to control their privacy settings across websites by the European Commission.

Neelie Kroes, EU Commissioner responsible for the Digital Agenda, last year warned internet companies that she would “not hesitate to employ all available means to ensure our citizens’ right to privacy” if a standardised system for indicating user consent to their online activity being tracked was not agreed by June 2012. Last month Kroes reiterated her demand and reported that the technology was at that stage more of an “aspiration rather than a reality”.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/22/ico_enquires_about_google_system_for_serving_third_party_cookies/

A man accused of hacking into the computers of a former British Army intelligence officer on behalf of a News of the World editor has been named as Philip Campbell Smith, also a former British Army intelligence officer.

Ex-agent Ian Hurst told the Levenson media-ethics inquiry that in July 2006 he received and inadvertently activated a trojan, which then copied his emails to the hacker who created it. Hurst confronted Smith over the issue, and recorded him admitting to sending the trojan malware to his system. It is claimed that Smith was acting on behalf of a private investigator, Jonathan Rees, who was under contract to the News of the World, aka NotW.

“He states for a three-month period, and all documents he could access via the back door trojan: our emails, the hard drive, social media, the whole range of – I mean, he didn’t say this, but the trojan that we’ve identified would have allowed the cam, your web cam, so he could have actually seen me or my kids at the desk,” Hurst told the inquiry into press standards, The Guardian reports.

Hurst was targeted as one of the few men who knew the real identity of an IRA informer dubbed “SteakKnife”. An investigation by the BBC’s Panorama claimed that Rees hired Smith to carry out the hacking at the instigation of Alex Marunchak, then an Ireland editor for the NotW under editor Andy Coulson, who was forced to resign as Prime Minister David Cameron’s spin doctor when the hacking scandal broke. In one recording made by Hurst, Smith said: “I got introduction in [sic] Andy Coulson … on my phone, he’s the first name that appears before yours. I ended up deleting it.”

Smith’s identity had been sealed under court order, following a separate case against him for having three rounds of ammunition in his possession, in which he pleaded guilty. He has also pled guilty to conspiracy to commit fraud by illegally obtaining confidential information.

The NotW senior management have admitted that phone hacking of people’s voicemail messages did occur in some cases, but computer hacking has always been denied. Several politicians and celebrities as well as lawyers involved in the inquiry have reported to the Leveson inquiry their suspicions that their email was hacked, but nothing has been proven.

In the opinion of this El Reg hack, it’s certainly likely that such hacking took place. Once someone has taken the (im)moral decision to hack into someone’s voicemail for fun and/or profit, then it’s a logical next step to check out their email as well, and virus-generation kits to do it can be had online for less than $500. It may not be too long before the NotW‘s parent company, Rupert Murdoch’s News International, faces another round of settlements as a result of this latest move. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/02/21/notw_computer_hacker_named/