STE WILLIAMS

Win a top of the range HP Spectre laptop

Businesses selling online to Brazil-based consumers could be forced to store any personal data they collect about those individuals on local servers under proposed new laws under consideration in the country.

According to an automated translation of a report by the Reuters news agency, the federal government in Brazil has proposed amendments to a new civil rights law currently being worked on called the Marco Civil da Internet. Under the amendments, data collected about Brazilian internet users would have to be stored locally.

Google and Facebook have both raised objections with the plans, according to an automated translation of a report by Agência Brasil. Both are in favour of the original proposals.

“We have concerns with the [possible] changes, such as requiring the maintenance of data in Brazil,” said Bruno Magrani, head of public policy at Facebook Brazil, according to the report. “This requirement would entail huge costs and inefficiencies in online business in the country, it will impact small and new technology companies that want to provide services to Brazilians.”

Microsoft already has data centres in Brazil and so sees “the location of data” issue as “irrelevant”, Microsoft Brazil’s director-general of legal affairs and of institutional relations, Alexandre Esper, said, according to the Agência Brasil report.

The amendments may have been prompted by revelations made about a US internet surveillance programme called PRISM, according to William Beer, an information security expert at consulting firm Alvarez Marsal.

“There are a lot of datacenter-related issues already, such as the high cost of electricity, access to skills and even the temperature, which makes it expensive to run those facilities in Brazil,” Beer said. “Then if you add regulation that will present further obstacles, companies might end up moving their IT operations to other South American countries where the rules are not so strict.”

The PRISM programme, it is claimed, allows the US’ National Security Agency (NSA) to collect data from a number of major technology companies, including Microsoft, Facebook and Google. The revelations came from NSA whistleblower Edward Snowden and were reported by a number of newspapers, including the Guardian in the UK. They have sparked concerns about the scope and oversight of such surveillance.

The Prism revelations have prompted the European Commission to conduct a review of an existing agreement that governs personal data transfers from the EU to US. In addition, a US think tank has said that US cloud providers could lose out on up to $35 billion in revenues over the next three years as a result of the adverse publicity surrounding the Prism programme.

Copyright © 2013, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/21/brazil_data_protection/

Win a top of the range HP Spectre laptop

Cyber attacks caused fewer problems to communications networks than unrelated system failures and natural disasters, a study by an EU security agency has found.

The European Union Agency for Network and Information Security (‪ENISA‬) reports that the average duration of cyber attacks was four hours ‪whilst o‬utages due to nature – mainly storms and heavy snowfall – lasted 36 hours.

The number of incidents caused, or partly caused, by cyber attacks came out at 8 per cent; more than the 5 per cent where human error played a role but dwarfed by problems caused at least in part by system failure (76 per cent).

The study, released on Tuesday, covers 79 outages across 18 EU nations that reported major incidents last year. About half of the incidents affected mobile telephony or mobile internet services. Outages affecting mobile telephony or mobile internet also affected most users (around 1.8 million users per incident) than comparable problem affected fixed line voice and data services.

Switches were the most frequent point of failure (e.g. routers and local exchange points) followed by mobile network home location registers.

Outages blamed on problems with third-party suppliers, mostly power supply failures, affected around 2.8 million users per incident, on average. Overload problems affected a greater number of users than simple power failures, affecting an average of 9.4 million user connections per incident.

In general, hardware failures were the most common cause of “systems failures”, followed by software bugs. Incidents dealing with hacker attacks are covered in the report – but despite all the hype, malicious activity was a far less significant issue than system failures, power supply problems or bad weather in causing the most significant outages in Europe last year. Human error generally took much longer to unravel than problems caused by malicious attacks.

Cyber attacks were a more significant cause of problems when it came to fixed internet services but even in those cases, it played a role in just a fifth of outages.

Anonymized examples of the incidents reported to ENISA range from overloads causing VoIP outage to a faulty upgrade halting IP-based traffic and a DDoS attack on DNS servers that affected mobile internet access. Up to 2.5 million mobile device users were affected by the DDoS attack before the attacking addresses were identified and blocked, a process that took around two hours.

The study also covers the impact of the theft of a stretch of fibre optic cable, which obviously caused a break in a communications link, and a faulty software update that affected a mobile telephony service. The cable theft incident in question affected 70,000 fixed telephony users and 90,000 fixed Internet users for 10 hours.

Professor Udo Helmbrecht, executive director of ENISA, explained that the report will be used to draw up best practice guidelines.

“The EU collaboration behind this report is key to improving the security and resilience of electronic communications networks in the EU, as well as for security in other critical sectors. Reporting major incidents helps us understand what went wrong, why, and how to prevent similar incidents from happening again.”

ENISA’s report, which is a must read for anyone involved in either disaster recovery or telecommunications network management, can be downloaded from their website (PDF). ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/21/enisa_comms_outage_breakdown_report/

Win a top of the range HP Spectre laptop

Trendy UK estate agency Foxtons pushed the big red password reset button, as a precaution, after it appeared hackers lifted thousands of clients’ usernames and passwords from its systems.

Miscreants claimed to have leaked online user names, email addresses and passwords of nearly 10,000 Foxtons’ customers, Estate Agent Today reports. The supposed logins to MyFoxtons web portal, some partially obscured, were uploaded to Pastebin.

The list was quickly pulled but the assumption has to be that copies were made before this happened. Anyone with access to the list, whose authenticity remains unconfirmed, may have been able to log into Foxtons’ systems and access all sorts of sensitive information such as addresses, phone numbers and rent payment details. This wouldn’t include credit card or bank details but it would still provide rich fodder for follow-up social engineering attacks.

In an advisory to customers on Tuesday, forwarded to El Reg by readers, Foxtons said it was investigating the purported hack. In the meantime it had reset user passwords as a precaution:

We have been able to download the list of usernames and passwords that were posted and are currently running checks to determine its veracity. Please be assured though that any sensitive information, including credit card information that you may have provided in relation to payments made through Foxtons is completely secure with our external payment providers.

Immediate action, however, has been taken to safeguard your account and an investigation will continue. Should your account be upon the list, you will be contacted directly by our Team.

Whilst this investigation is underway, we are unwilling to run the risk that any live MyFoxtons account is upon the list and have initiated a trigger to reset user passwords upon your next successful login. It is not necessary to do this straight away, just the next time you want to use the account.

We asked a Foxtons representative whether the company hashed or salted stored passwords, a basic security practice. The rep declined to comment on any aspects of the incident beyond saying that it may decide to issue a statement at some point.

Ross Parsell, director of cyber security at Thales UK, said that tighter regulation might be needed to stem the growing list of data breaches.

“The recent spate of high-profile data breaches, such as this alleged attack on Foxtons, are evidence that organisations are either not taking cyber security seriously or are bewildered by the problem. Regulation in this case is a necessity to alter corporate behaviour.” ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/21/foxtons_password_reset/

Win a top of the range HP Spectre laptop

A military judge has sentenced US Army Private Bradley Manning to 35 years in prison for leaking classified material to Wikileaks.

He was also dishonourably discharged from the Army, busted from private first class to private and will forfeit all pay and allowances.

Manning has built up credit of three and a half years of pre-trial jail time, including 112 days that were given to him after the judge ruled he was “illegally punished” while being held at US Marine base Quantico, reducing his sentence to around 33 years. The Wikileaker has to serve at least a third of his jail sentence before he becomes eligible for parole.

The 25-year-old private first class had been facing up to 90 years in prison for leaking over 700,000 Iraq and Afghanistan battlefield reports and State Department diplomatic cables, along with the video of a US helicopter attack in Baghdad in which a Reuters news photographer and his driver were killed.

The soldier was cleared of the serious charge of “aiding the enemy”, which carries the death penalty, but was found guilty of 20 further charges related to accessing and handing over the documents.

Prosecutors had pushed for at least 60 years of jail time, saying that a longer sentence would dissuade other soldiers from a similar course of action, The Guardian, Associated Press and others reported.

But Manning’s defence attorney David Coombs asked for a sentence of no more than 25 years, one that wouldn’t “rob him of his youth”.

Manning told the court in February that he leaked the information in order to “spark a domestic debate as to the role of the military and foreign policy in general”.

While the prosecution has claimed that his leaks endangered military and diplomatic lives and risked national security, Coombs has consistently painted Manning as a naive youth whose disillusionment with his military life led to the leaks.

Under military law, the verdict and sentence have to be reviewed by the commander of the military district of Washington, currently Major General Jeffrey Buchanan, who could reduce the sentence. Because the sentence includes a dishonourable discharge and confinement for a year or more, the case will be automatically reviewed by the army court of criminal appeals.

Further appeals can be made to the US court of appeals for the armed forces, and the Supreme Court.

Coombs is scheduled to give a press conference about the sentence at 6.30pm BST today. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/21/manning_35_years_jail_wikileaks_assange/

Win a top of the range HP Spectre laptop

Cybercrooks are running distributed denial of service attacks as a smokescreen to distract bank security staff while they plunder online banking systems, according to a researcher.

Avivah Litan, vice president at Gartner Research, reports that cyber criminals looking to attack financial institutions are getting more ambitious by targeting the internal wire applications of entire banks, instead of individual accounts, and covering their tracks using simultaneous denial of service attacks against bank systems as a distraction.

Fraudulent money transfers have traditionally been pulled off by taking over a mark’s bank account and moving money into accounts of “money mules”. The stolen cash is then passed around between mules until it ends up in the accounts of the cyber criminals. However, Litan says that the latest evolution of these attacks uses DDoSes as a cover for much more damaging attacks:

A new much more ominous attack type has emerged over the past few months – and uses DDoS as its cover. Once the DDoS is underway, this attack involves takeover of the payment switch (eg, wire application) itself via a privileged user account that has access to it. Now, instead of having to get into one customer account at a time, the criminals can simply control the master payment switch and move as much money from as many accounts as they can get away with until their actions are noticed.

Considerable financial damage has resulted from these attacks. One rule that banks should institute is to slow down the money transfer system while under a DDoS attack. More generally, a layered fraud prevention and security approach is warranted.

Litan, an expert in financial fraud and banking security who has been covering the sector for years, said that three unnamed US banks lost millions through just this type of distraction-based cyberheist over against payment switches recent months.

“It was a stealth, low-powered DDoS attack, meaning it wasn’t something that knocked their website down for hours,” he told SC Magazine.

One popular DDoS toolkit, dubbed Dirt Jumper, which has been linked to extortion-based DDoS attacks against gambling sites, has recently been used in attacks against banks that occurred shortly after fraudulent wire transfers.

A report by Dell SecureWorks published in April 2013 explains that Dirt Jumper creates a botnet of compromised machines that can be used to swamp targeted websites with junk traffic. Dirt Jumper (or later variants dubbed Pandora) is readily accessible online through underground forums for around $200.

Banks are often in the firing line of Dirt Jumper-powered DDoS attacks, Dell SecureWorks explains:

Working with organizations affected by Dirt Jumper DDoS attacks revealed a threat scenario in which the threat actor first performed a short-lived “test” DDoS attack to determine if the actor’s botnet could make the targeted site unusable. If the test was successful, then the threat actor performed another DDoS attack in the near future, but this time the DDoS attack occurred shortly after an unauthorized wire or Automated Clearing House (ACH) transfer out of a compromised account. DDoS attack patterns revealed that short-lived attacks were an indicator of an unauthorized wire transfer, while longer attacks, which could last hours to days, were indicators of a fraudulent ACH transfer. The fraud attempts were non-trivial and were usually in the six-figure range, with some attempts in the millions of dollars. Transfers were being made to banks located in Russia, Cyprus, and China.

Eventually the “test” DDoS attack was phased out. Visibility on these attacks proved to be quite useful — in some cases, the DDoS attack was the initial notice that high-dollar fraud was occurring. Some of the fraud attempts and losses are staggering, with total dollar values of attempted fraud ranging from $180,000 to $2.1m.

Separately the FBI-affiliated Internet Crime Complaint Centre warned(PDF) that cybercrooks were targeting financial institution employee credentials to conduct wire transfer frauds back in September 2012.

Recent FBI reporting indicates a new trend in which cyber criminal actors are using spam and phishing emails, keystroke loggers, and Remote Access Trojans (RAT) to compromise financial institution networks and obtain employee log in credentials. The stolen credentials were used to initiate unauthorized wire transfers overseas. The wire transfer amounts have varied between $400,000 and $900,000, and, in at least one case, the actor(s) raised the wire transfer limit on the customer’s account to allow for a larger transfer.

In most of the identified wire transfer failures, the actor(s) were only unsuccessful because they entered the intended account information incorrectly.

The attacks largely focused on small- to medium-sized banks or credit unions but a few large banks have also been affected.

“In some of the incidents, before and after unauthorised transactions occurred, the bank or credit union suffered a distributed denial of service (DDoS) attack against their public websites and/or Internet Banking URL,” IC3 reports.

IC3, like Dell SecureWorks, reckons that the Dirt Jumper Trojan is the main vector of these DDoS smokescreens. The attacks reported by Litan appear to employ much the same tactics and tools, but targeting wire application systems rather than seeking to compromise trusted user accounts. As such, it represents an escalation in how banking attacks are run.

All this is carried out under the cover of denial of service attacks. However there’s no suggestion that a recent run of apparently politically motivated DDoS attacks against large US banks, claimed by the Izz ad-Din al-Qassam Cyber Fighters, is linked to this financial fraud. Hackers launched packet-flooding attacks against Wells Fargo, Bank of America, Citibank and many other US banking organisations using compromised WordPress installations, employing a hacker tool called Itsoknoproblembro.

Spooky US intelligence types suggested that the attacks were so sophisticated that they must be the work of a nation state, before pointing the finger of blame towards Iran. Security experts countered that the attack is well within the scope of ordinary hackers, and that the involvement of Iran is not supported by any hard evidence. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/21/cyberheist_ddos_smokescreen/

Win a top of the range HP Spectre laptop

The US National Security Agency may have some of the most sophisticated cyber-surveillance programs in the world, but it was trivial for former NSA contractor Edward Snowden to walk off with sensitive data, sources say, owing to the agency’s antiquated internal security.

“The [Defense Department] and especially NSA are known for awesome cyber security, but this seems somewhat misplaced,” former US security official Jason Healey told NBC News on Thursday. “They are great at some sophisticated tasks but oddly bad at many of the simplest.”

While some sources claimed that it was Snowden’s genius for infiltrating electronic systems that allowed him to make off with a cache of at least 20,000 documents – “Every day, they are learning how brilliant [Snowden] was,” one former US official said – other sources suggested that all he needed was a little determination and the right business card.

“It’s 2013,” an insider told NBC, “and the NSA is stuck in 2003 technology.”

For example, the NSA policy prevents a typical worker from doing things like copying files to USB thumb drives or other external storage. But Snowden had an easy way around those restrictions, simply by virtue of being classified as a “systems administrator”.

With that privilege, Snowden would have been able to move files around at will, sources claim. If higher-ups ever questioned him about it, he could have claimed he was doing so in order to repair a corrupted drive or some other maintenance operation.

Snowden’s administrator account also gave him the ability to log into the accounts of other users of the agency’s NSAnet computer systems – some of whom had higher security clearance than Snowden himself did.

In essence, Snowden was able to impersonate those NSA employees to gain access to highly sensitive documents, which he was then able to copy to thumb drives. This was so easy to do that one source described him as a “ghost user” of NSAnet, whose activities couldn’t easily be traced.

The NSA is reportedly only now piecing together the exact steps Snowden took to infiltrate its systems, including identifying specific users whose accounts he used to access documents. But there’s no clear paper trail – investigators are said to be looking for red-flag discrepancies, such as accounts that were accessed while their owners were on vacation.

Once he began collecting documents, Snowden was surely also emboldened by the fact that, as a contractor working for Booz Allen Hamilton in Hawaii, he never once needed to set foot in NSA headquarters. Instead, he could access the files he wanted from a computer terminal some 5,000 miles away.

The NSA reportedly employs around 40,000 people, roughly 1,000 of which are systems administrators. Like Snowden, most of those systems admins are contractors – or they were, at least.

Earlier this month, NSA director General Keith Alexander announced that the agency plans to reduce its total number of sysadmins by 90 per cent, specifically to reduce the number of staffers who have access to secret information.

Such measures come too late to reduce the impact of Snowden’s leaks, however. As one former intelligence official described the aftermath of Snowden’s disclosures to NBC News, “The damage, on a scale of 1 to 10, is a 12.” ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/30/snowden_sysadmin_access_to_nsa_docs/

A common type of Internet-based threat intelligence is the assigning of reputation scores to the source of traffic, usually expressed as a certain Internet address or domain.

Yet, with the gradual–some would say “glacial”–move to the Internet Protocol Version 6 (IPv6) address scheme, the Internet’s address space will grow from merely big to nearly infinite. The vastness of the address space will cause problems for many threat-intelligence firms, from allowing attackers to use a new address for every attack to causing a rapid expansion in the size of the database needed to track the data on various sources, says Tommy Stiansen, chief technology officer for Norse, a real-time threat intelligence provider.

“IPv6 makes the whole thing interesting, because it’s a lot bigger,” Stiansen says. “Databases will have to be re-architected to handle the increased data. For anyone in threat intelligence, that will be the biggest challenge to overcome.”

A small, but still significant, part of the Internet has adopted IPv6. While the global rate of adoption is a mere 1.6 percent, according to statistics provided by Google, about 4 percent of networks in the United States have an end-to-end implementation of IPv6. Moreover, the fraction of networks that use IPv6 is growing exponentially.

While security researchers have already raised general concerns on the impact that the expansion of the Internet’s address space will have on various security technologies and techniques, the impact on the services that collect data on attackers and their activities has not generally been studied. Because the Internet address of malicious traffic is often used as a proxy identifier for the attacker and as a way to turn intelligence into action–blocking traffic from the offending IP address–IPv4 addresses are often a key component of the first line of network defense.

[With IPv6, a deluge of new top-level domains, and DNSSEC all coming, the Internet will become a much bigger place, meaning that defenses that worked in the past won’t work in the future. See Broader Digital Landscape Means More Places To Hide.]

For the current Internet addressing scheme, the model works fine, says Craig Sprosts, vice president of product management for domain-name system (DNS) firm Nominum.

“A lot of security technologies and intelligence vendors rely on an IPv4 address or range of addresses–it tends to be a reasonably effective way of representing identity of the attacker,” Sprosts says. “It is a very reliable indicator of where the attack is coming from for certain protocols.”

Yet, there will be no scarcity of IPv6 addresses, and so attacker may frequently change their assigned numbers, resulting in a potentially fast expansion of the IP address space that vendors deem to be suspicious. Threat intelligence systems that assign a reputation score to an Internet address will have to be rethought, says Brian Foster, chief technology officer for network-security firm Damballa. Managing the reputation of the 4.2 billion addresses available under IPv4 is possible, but doing it for the vast IPv6 address space is not, he says.

“With IPv6, that goes right out the window,” Foster says. “A lot of the reputation systems that are simple blacklists and are signature based are going to have to be rethought and redone.”

Damballa has focused on creating algorithms that can generate reputation scores on the fly, lessening the need for large databases of scores.

The problems are not limited to the increase in data requirements needed to track malicious behavior. Attackers will also find ways to hide in IPv6 traffic that are not available to them in Internet protocol version 4. For example, using extension headers, a feature of IPv6 designed to support additional functionality, an attacker could include a payload disguised as a Web packet, for example, but in reality also includes attack code, says Jeremy Duncan, senior director and IPv6 network architect for Salient Federal Solutions.

“If I rewrite the code for malicious software to use the extension header, normal intrusion detection systems can’t see those headers and I’ve evaded defenses,” he says.

Those problems, however, should eventually be resolved as companies figure out how to handle IPv6 traffic and make their products more IPv6 aware, says Nominum’s Sprosts.

“Over time this risk will be mitigated, but I think over the next few years, it will be a problem,” he says.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/threat-intelligence/ipv6-to-complicate-threat-intelligence-l/240160628

Win a top of the range HP Spectre laptop

Users of Cisco’s Unified Communications Manager, UCM instant messaging and presence, and Prime Central hosted collaboration system need to get busy with patches, after the Borg announced denial-of-service vulnerabilities across all three platforms.

UCM 7.1, Cisco advises, has an improper error handling vulnerability that can be used in denial-of-service. An attacker can hose the system by sending malformed registration messages.

There are also vulns in versions 8.5, 8.6 and 9.0 of UCM: some UDP ports don’t rate-limit properly, and could therefore be hit with high-rate traffic for denial-of-service. The same versions also fail to rate-limit on UDP 5060, the SIP port.

There’s also a buffer overrun vulnerability on UCM 7.1, 8.5, 8.6, 9.0 and 9.1. If exploited, an attacker would be able to run arbitrary commands, corrupt data, and disrupt services on the systems.

UCM’s IM and Presence Service suffers from a memory leak, meaning large numbers of TCP connections to port 5060 or 5061 could DoS the system, requiring a restart.

And finally, Cisco Prime Central for HCS Assurance – a hosted application solution – has three vulnerabilities, all of them exposing the system to denial-of-service attacks. They are, in order:

• A memory leak under which TCP flooding on vulnerable ports will crash the system;
• Memory exhaustion vulnerabilities associated with TCP 61615 and 61616, and the Ephemeral Java Port (44444); and
• A disk exhaustion vulnerability under which a TCP connection flood will fill the disk with error logs.

With no workarounds available, Cisco is advising patches be applied to all affected systems. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/21/cisco_goes_public_with_major_vulns/

Win a top of the range HP Spectre laptop

Hacktivists linked to Anonymous have claimed responsibility for knocking shouty anti-Islam group the English Defence League’s website offline.

The EDL is a far-right street protest movement whose official stance is an objection to the “spread of Sharia law and Islamic extremism in the UK”. Its numerous critics argue the league are just a bunch of xenophobic football hooligans, and their numerous protests often involve violence and arrests.

The group’s official website (http://englishdefenceleague.org) was taken offline on Tuesday and a Pakistani hacking crew affiliated with Anonymous claimed responsibility for the hack.

The website remains unavailable at the time of writing on Thursday morning, with a notice stating that the website is unavailable. “We are currently fixing an issue with our server and will restore services as soon as possible,” a notice from the EDL Web Division explains.

Hacktivists affiliated with Anonymous have locked horns with the EDL on several previous occasions. For example, in May, the hacktivist group leaked names and addresses of more than 200 supposed members of the controversial protest group, as well as the mobile phone numbers of its leaders.

The leak was the first salvo in ‪#OpEDL‬, aimed at bringing down the group, which hacktivists accuse of attempting to hijack public revulsion about the horrific murder of soldier Lee Rigby in south London three months ago to further the group’s own political agenda. The EDL’s leader, Stephen Yaxley-Lennon, was yesterday charged with obstructing police after allegedly trying to defy a ban on marching past a mosque in Woolwich in June.

The latest hack was also carried out under the banner of ‪#OpEDL‬ and carried out by members of the ZHC (ZCompany Hacking Crew) from Pakistan, apparently supported by elements of the wider Anonymous hacktivist collective. ZHC accompanied the hack with the leak of around 40 names and mobile phone numbers of supposed EDL members.

It’s unclear whether the leaked list, uploaded to Pastebin, is genuine or represents new information. Very little has been heard of ‪#OpEDL‬ after an initial flurry of activity in late May, until this week’s shenanigans.

The ZHC member behind the latest hack, @Guy_Victory, has been taunting the EDL about its inability to get its site back up and running.

“EDL still cant fix site from #ZHC hacked it yesterday id call that a K.O :),” the hacktivist said in a Twitter update.

ZHC claims to have lifted personal information, including but perhaps not limited to email addresses, after breaking into the EDL’s official website in an earlier assault last November.

Research outfit Netcraft reports the englishdefenceleague.org website, which runs on Linux, began using protection services from CloudFlare earlier this month. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/22/edl_website_hack_zhc/

Win a top of the range HP Spectre laptop

Australia’s security intelligence organisation (ASIO) is hiring a clutch of telecoms intelligence staff.

The agency is after a new “Assistant Director Telecommunications Interception” , a pair of ”Telecommunications Investigations Officers (we’ve linked to the better-paid of the two positions) and also a “Telecommunications Interceptions Specialist”.

The Assistant Director’s job says the successful applicant’s duties will include:

• Supervision of technical staff involved in the development of telecommunications interception capabilities;
• Contribute to policy and process development supporting telecommunications interception;
• Liaison with telecommunications carriers for the development of lawful interception systems;
• Liaison with industry for the development of specialist systems;
• Compliance testing of interception solutions;
• Trouble-shooting system faults; and
• Development of in-house lawful interception solutions.

Vulture South can’t help but think the wording of those duties imply that new interception tools are contemplated.

Interceptions Specialists will be expected to perform duties including “Development of in-house lawful interception solutions”. Skills needed to score the job include:

• Previous experience with carrier networks and/or interception systems
• Project management in an ICT environment
• Understanding of IP networks (architecture, systems and related protocols)
• Understanding of the architecture of mobile telephony networks, including SMS, GPRS and LTE
• Understanding of carrier-level VoIP implementations
• Exposure to international ICT standards and specifications
• Knowledge of mark-up languages such as XML and ASN.1
• Ability to perform and analyse IP captures and perform protocol analysis and network-level problem-solving

The inclusion of LTE seems worth noting: 4G is growing fast in Australia and ASIO will doubtless be keen to monitor traffic on new networks. Intriguingly, “Applicants that have applied for this position in the last 12 months need not reapply,” suggesting this has proved a tough gig to fill.

The job description for the Telecommunications Investigations Officers says the new hires will “join a small team responsible for the collection, processing and dissemination of telecommunications-related data.”

Duties include “Assisting in the preparation and submission of lawful requests to telecommunications providers”, which sounds an awful lot like making warrantless requests for telecommunications metadata. Such requests are controversial because they’re made in their hundreds of thousands each year. If Vulture South’s guess is correct and ASIO feels it needs more people to make the requests, it could signal even greater volumes. Australia’s Greens party has tabled amendments to the Act permitting such requests in the hope of reducing their number.

If you fancy one of these jobs, care to check out the dozen or so other IT roles, or fancy a closer look at ASIO’s hiring trends, its vacancies page is here. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/22/asio_beefing_up_telecoms_interception_teams/