STE WILLIAMS

Cloud storage: Lower cost and increase uptime

Anyone who encrypts their emails or uses secure instant message services runs the risk of having their communications stored by the US National Security Agency, according to the latest leaks from former NSA sysadmin Edward Snowden.

The Guardian has published two more explosive documents which set out what sort of information the NSA is allowed to harvest from foreign targets, as well American citizens.

Both were issued by the secret Foreign Intelligence Surveillance Court and were signed by US Attorney General Eric Holder in 2009.

The leaked documents show that data about a US citizen collected “inadvertantly” can also be stored for up to five years, giving agents significant breathing space when gathering intelligence. They also show the methods agents use to establish whether targets are based in the US and what they are allowed to do in order to spy on “non-US persons”.

The documents clearly state that surveillance should cease the minute a target is on US soil or is deemed to be an American – but there are exceptions to this which allow spooks to store communications from American citizens.

pIf someone’s location can not be clearly established, then they “will not be treated as a United States person” unless other evidence becomes apparent. This would mean that anyone using anonymity software like Tor, which deliberately masks their location, is liable to have their communications stored.

Spies are also told they can retain “all communications that are enciphered or reasonably believed to contain secret meaning” for up to five years, giving them another way to keep American citizens’ communications data.

These must be kept to help create a “technical data base”, which is spook slang for any data which is useful for cryptanalysis – the breaking of codes – or analysis of internet traffic. In practice, this means that using encrypted messages for security purposes may have the ironic effect of drawing the secret message to the attention of spies.

This data should really be destroyed within five years, unless they are “communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis”.

Exchanges between attorneys and clients can also be kept, as long as they contain foreign intelligence information.

The documents follow in the wake of other revelations from Snowden, including an NSA programme called PRISM which trawled data on individuals from popular US cloud and social services. ®

What you need to know about cloud backup

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/21/nsa_spooks_can_pry_on_your_encrypted_emails/

Symantec UK bosses must redraft their master plan to layoff Brit workers – after their first proposal was rejected by the US top brass for not cutting far enough, sources claim.

As we reported a week ago, up to 1,700 employees worldwide – eight per cent of the total workforce – are expected to get the chop during June and July as Symantec restructures.

The American security software giant’s CEO Steve Bennett wants a revolution leaner organisation with fewer layers of management to reduce bureaucracy and speed up decision making; that’s part of the thinking, at least.

Hacking out a layer of middle management will also no doubt reduce costs for Symantec once the exceptional charges for restructuring are out of the way.

Sources close to the firm claimed UK chiefs, based in the company’s Reading office, submitted a plan of spending cuts, but it was not seemed sufficient by the global heads in the US.

“Every country put together a plan of action on how to implement cost cutting. The UK sent its plan to central and they bounced it back saying it wasn’t deep enough,” said one.

The company’s troops in Blighty reckon the majority of cuts will now be made next month rather than in June. It is not clear at this stage how many people the company wants to jettison.

A Symantec PR told us:

“Symantec is in the midst of a company-wide transformation. As part of this effort, we are engaged in a company-wide reorganisation. As a result, some positions are being eliminated.

“This action is a reflection of our new strategy and organisational simplification initiative announced by Symantec’s executives on 23 January.

“One of the goals of Symantec’s reorganisational effort is to make the company’s employee reporting structure more efficient and support the company strategy moving forward. We have no additional details to provide at this time.“

A reshuffle on the senior management in Europe began in March: EMEA el presidente John Brigden returned to the US, and veep for northern Europe Matt Ellard replaced him, as revealed by El Chan. Brigden is now senior veep for global verticals and enterprise business strategy.

EMEA channel head Jason Ellis moved to veep role for inside sales and the customer management centre in the same month. ®

Article source: http://go.theregister.com/feed/www.channelregister.co.uk/2013/06/21/symantec_uk_job_cuts/

Cloud storage: Lower cost and increase uptime

Shadowy hacking collective Anonymous has claimed it will leak a huge cache of confidential documents from North Korea’s missile programme.

Although experts warned that the Norks were unlikely to store such sensitive data digitally, the hacktivists claimed to have purloined masses of secret military files. The Anons have vowed to publish the material on 25 June, the anniversary of the beginning of the Korean War.

In a statement, Anonymous hackers claimed they had opened a “ninja gateway” into Nork servers, allowing them to “hack their s**t”, “liberate their data” as well as “win public opinion and support for the upcoming citizen’s uprising”.

Anonymous stated: “Previously we said we would penetrate the intranet and private networks of North Korea. And we were successful. We are not a threat to the world peace like your government. We do not forcing ourselves [sic] like your government. We will no longer abide by your ways of ruling, we work toward world peace and for the Republic of Korea. Oh good people of North Korea, it is time to wake up. Soon you will experience a new culture, and your worthless leadership will be recognised by everyone. Come and join us!”

The collective also attacked the poverty-stricken hermit nation – led by ridiculous boy-king Kim Jong-un – for pulling out of talks with the South. The Anons added: “You cannot destroy ideas with missiles. You end talks by placing the blame on the Republic of Korea. And the price of your error will be costly and placed upon you.”

Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council, said he had doubts about whether Anonymous would have access to missile documents. He tweeted:

Anon to release stolen “top-secret North Korean missile tech” Unlikely Norks keep missile info online, but maybe http://t.co/9Yt34i8ppN

— Jason Healey (@Jason_Healey) June 20, 2013

Anonymous targeted North Korea in April this year, hacking into a propaganda site called Uriminzokkiri and other Nork government sites. ®

What you need to know about cloud backup

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/21/anonymous_claims_to_have_cracked_into_nork_computer_systems/

Cloud storage: Lower cost and increase uptime

Something for the Weekend, Sir? “I can make money from it, so why not?” This was a soundbite from a Radio 5 Live phone interview with a “Finnish webcam hacker” who claimed to have “sold” the ability to watch women as they sit in front of their laptops.

The reporter and presenters were suitably appalled at the callous and blatant admission, and everyone agreed that it would be best for the government to write some new laws. Or something.

It goes to show how things have changed. RBS chief Fred Goodwin went around saying, “I can make money from it, so why not?” for years without the government batting an eyelid. They even gave him a knighthood for it. In fact, it was Margaret Thatcher’s mantra for a generation. But, good God, we can’t have rank-and-file nutters with comedy Fenno-Scandinavian accents going around saying this on the radio, can we?

As proof, we are told about a young woman who says she “believes she was the victim of webcam hacking”. Will Gardner, chief executive of Childnet International, is quoted as saying that the organisation has further anecdotal evidence of webcams being hacked.

“Does my bum look big in this?”

Look, although Google’s just patched a bug in Chrome that could allow scumbags to hijack webcams, there’s a wider problem here.

There are two meanings for the word anecdote: (1) a short story about a real incident, and (2) an account regarded as unreliable or hearsay.

I believe strongly that anecdotes have their place, especially in defying the bloody bludgeon of statistics. I like the idea of countering impersonal stats, which are laughably easy to fabricate and misrepresent, with a few stories of personal experience by real people.

However, you can’t just repeat an anecdote and call it proof. What if the young woman had been saying she “believes she was the victim of alien abduction”? Would the BBC reporter still be nodding earnestly?

Shockingly, the internet is currently full of webcam hacking anecdotes. Annoyingly, they all turn out to be the same anecdote from the same woman.

I have already written about the great British public wielding their webcams to drag Doctor Duncan’s Video Symptom Show out of the fictional world of Max Headroom into real life – or, strictly speaking, 20 minutes from the future back into the present.

Precisely why people set up their laptops specifically to face their bathtubs is curious enough, but I won’t judge. Nor will I judge a Finnish fantasist imagining himself as Rocco Siffredi (but probably looking more like Ron Jeremy) playing the role of Neo in an Italian porno version of The Matrix [NSFW, natch], dropping a red-a pill-a so that he could watch da young-a woman taking-a da-bath.

What strikes me is that, assuming you believe all this shit, why few beyond the effulgent minds of El Reg readers bother to consider how so-called “ratting”* only really comes into its own with increased mobility of devices.

Beyond these hallowed halls, all the blather about Google Glass seemed to concern breaches of security (which corporations want to stop) rather than invasions of privacy (in which corporations actively participate).

Sure, inventions such as Google Glass could – and certainly will – be misused for personal naughtiness, as hinted in the 1983 movie Brainstorm when a youthful student records himself bonking his girlfriend, leading to his professor being discovered in ‘a bit of a state’ after having spliced the recorded orgasm into a loop for constant playback.

My own personal fear of Google Glass is not so much that I might leave them on while having a post-coital bath so much as while having a post-curry dump, although I am led to believe there may be a market for this kind of thing too.

Tiny hi-res cameras also played a major part in BBC 2’s recent ‘Little Cat Diaries’ Horizon documentary, in which a large number of domestic moggies in a posh village were tracked by GPS and webcams were attached to their collars to see what they got up to by night. We discovered that they chase mice and rabbits, stare at other cats from a distance and say “miaow” from to time, all of which came as a bit of a shock, I can tell you.

Pussy on camera

Source: BBC

More revealing, though, was that these cats spent half the night walking into other people’s houses and stealing other cats’ food. Sure, it’s just anecdotal evidence but at least it was real. The proof didn’t just involve a pampered domestic longhair loafing on a cushion, telling a credulous Radio 5 Live reporter that she suspected an unneutered tabby was spraying next to her water bowl. We could actually see it for ourselves.

Still, the webcams and GPS units being lugged around by the cats were pretty big. Even the funky Trax GPS gadget, designed for locating your precocious child-actor progeny and dopey family pets who have a penchant for getting lost in snowy Swedish forests, is still palm size rather than red pill size. If I attached that to my cat, he’d throw it off, kick it under the fir tree and urinate on it when no one’s looking. I’m not sure whether my children would do the same but I wouldn’t put it past them.

The limiting factor – according to Soulaiman Itani, chief executive of Atheer Labs, speaking during last weekend’s Reuters’ Global Technology Summit in San Francisco – is the battery. Apparently, the reason we’re not all wearing our computers – rather than carefully propping them on a chair up in front of the bath – is because high-powered batteries to keep these devices running are not small enough. Although simply answering a question put to him, Itani wins this month’s Spirited Away American Dub (“…Haku’s a dragon?”) Trophy for Stating The Bleeding Obvious.

Perhaps when webcams eventually get small enough to be convenient, we’ll have a problem. Until then, let’s just keep getting in a fluster over nothing so we can encourage our responsible governments to pass new laws to prevent us filming each other – while at the same time passing other laws that allow them to film every second of our lives. ®

Alistair Dabbs is a freelance technology tart, juggling IT journalism, editorial training and digital publishing. As soon as he can get internet access upgraded, he plans to install a public-accessible webcam at his Shoreditch publishing empire. It will be facing the sink in the washroom.

* When someone silently installs a remote administration tool (RAT) on your system to, among other things, watch you staring into space.

What you need to know about cloud backup

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/21/something_for_the_weekend_webcam_hacking/

Cloud storage: Lower cost and increase uptime

An Icelandic entrepreneur is offering to fly former NSA contractor turned whistleblower Edward Snowden to Iceland on a private plane, should the chilly island nation grant him asylum.

Olafur Vignir Sigurvinsson, director of DataCell, a company that at one time offered payment processing services for WikiLeaks told Reuters:

“A private jet is in place in China and we could fly Snowden over tomorrow if we get positive reaction from the [Icelandic] Interior Ministry. We need to get confirmation of asylum and that he will not be extradited to the U.S. We would want him to get a citizenship as well.”

Snowden, a former technology contractor at Booz Allen Hamilton stationed at an NSA facility in Hawaii, has named Iceland as a possible refuge but for now he appears content to stay in Hong Kong. He is continuing to work with The Guardian in releasing top secret memos that he extracted from the NSA network while working as a sysadmin.

The latest memos cover appendices to “Procedures used by NSA to target non-US persons” that explain how – in practice – NSA analysts can and do spy on the communication of Americans without a warrant despite misleadingly worded denials to the contrary by the signals intelligence agency. ®

What you need to know about cloud backup

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/21/snowden_private_plan/

Cloud based data management

South Korean defence minister Kim Kwan-jin reckons Pyongyang has 3,000 highly trained hackers tasked with stealing military secrets and disrupting systems.

In a warning clearly designed to set the alarm bells ringing in Seoul, Kim said that Seoul’s near neighbour to the north poses a clear threat to national security thanks to its formidable online capabilities.

The sizeable team of cyber operatives he described works under the Reconnaissance General Bureau of the Korean People’s Army, according to local news agency Yonhap.

Kim claimed that group was responsible for a large scale DDoS attack on South Korea in 2009, the hacking of the National Agricultural Cooperative Federation in 2010 and a data wiping malware attack which knocked out PCs at several major TV stations and banks earlier this year.

Pyongyang has apparently denied all responsibility for these incidents.

Although details are vague, South Korea is apparently working to create a new mobile device security system to ensure confidential information can’t be nabbed from officials’ smartphones and tablets.

The country’s military also uses a walled intranet cut off from the rest of the web to further reduce the risk of hacking attacks.

Although Seoul officials periodically warn of the increasing dangers of online attacks from the north, this stands somewhat at odds from the generally understood view that internet infrastructure in Norks is virtually non-existent.

Only a relatively select group of Party members, academics, scientists and of course the supposed 3,000-strong cyber army are thought to have access to the internet in North Korea. ®

Cloud based data management

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/21/norks_harbouring_3000strong_cyber_army_claims_seoul/

Cloud storage: Lower cost and increase uptime

For the last five years, Skype has been running an internal team called Project Chess to investigate methods to allow law enforcement to listen in on users’ phone calls, sources have told The New York Times.

Project Chess was set up after the company (then owned by eBay) started having discussions with the government over monitoring communications. The Project Chess team, which never numbered more than a dozen people, was tasked with exploring the legal and technical issues of letting the US government monitor Skype traffic, sources who have been briefed on the situation told the NYT.

According to the PRISM PowerPoint released by NSA whistleblower Ed Snowden, Skype joined that program in February 6, 2011, but it now appears that calls may have been monitored before this time, thanks to Project Chess.

According to the NYT, Microsoft executives are “no longer willing to affirm” comments made in the past that Skype calls are secure from wiretapping. A representative told El Reg that Microsoft has nothing to say on the matter at this time.

Skype management did issue a public statement last year about fears that it was reorganizing its internal systems to make spying on calls possible. It denied these rumors, saying the changes in the use of traffic “supernodes” were intended to make calls more reliable and make life easier for consumers.

“Our position has always been that when a law enforcement entity follows the appropriate procedures, we respond where legally required and technically feasible,” it said at the time.

The news about Project Chess has now refocused attention on these claims. Security guru Bruce Schneier is less than impressed with the company’s response.

“Reread that Skype denial from last July, knowing that at the time the company knew that they were giving the NSA access to customer communications. Notice how it is precisely worded to be technically accurate, yet leave the reader with the wrong conclusion,” he wrote in a blog post.

“This is where we are with all the tech companies right now; we can’t trust their denials, just as we can’t trust the NSA – or the FBI – when it denies programs, capabilities, or practices.” ®

What you need to know about cloud backup

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/21/skype_project_chess_snooping_report/

Cloud based data management

Pirate Bay founder Gottfrid Svartholm Warg has been found guilty of hacking in Sweden and sentenced to two years’ imprisonment.

Warg, 28, was found guilty of breaking into the Swedish arm of IT services firm Logica before publishing the personal data of thousands of people, as well as hacking into Nordea (Scandinavia’s biggest bank) before transferring 24,200 Danish crowns ($4,300), as well as unsuccessfully attempting to transfer 683,000 euros ($915,500), The Independent reports.

The Nacka District Court rejected defence arguments that an unidentified hacker had used Warg’s compromised PC to launch these attacks.

The Pirate Bay founder was found guilty of computer hacking, aggravated fraud and attempted aggravated fraud. An unnamed 36-year-old accomplice was sentenced to probation over the same set of offences, Aftonbladet reports.

More coverage of the sentencing can be found in a story by Reuters here and the Associated Press here.

Warg was extradited from Cambodia last to begin a one year jail sentence over a 2009 conviction for internet piracy. The latest case is unrelated.

Warg’s legal troubles do not end with the latest case. Earlier this week Nacka District Court ruled that Warg should be extradited to Denmark to face charges of conspiracy to hack into IT services firm CSC’s servers and illegally accessing the EU’s Schengen Information System, which holds data about wanted criminal suspects from the 27 EU member states, and also downloading millions of Danes’ personal identity numbers. ®

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/20/pirate_bay_founder_warg_jailed_for_two_years_for_hacking_and_fraud/

Cloud based data management

A note from The Register management: This is a survey, and yes, you’re right, that’s you giving us valuable time and information for nothing. But we have to pay the bills somehow, so if you like the Reg being here you might consider helping Mr Vile out. And who knows, maybe your views will reach the right ear somewhere and help improve matters in some small or large part of the IT world.

In this latest Reg Reader Study, we are looking at that ongoing challenge of securing the end user computing environment. This of course covers Windows and other types of desktops and laptops, but given the way in which smartphones and tablets are increasingly being used for business, we are interested in your thoughts on mobile security.

This topic is particularly relevant at the moment because of some of the changes that are taking place in this area – Windows desktop refresh activity, continued adoption of desktop virtualisation technologies, the increasing use of Mac OS X, the persistence of Desktop Linux in some environments, and, last but not least, the rate at which the whole mobile computing part of the equation is changing and user expectations and behaviour are evolving.

So, if you are responsible for end user computing and/or security in your organisation, or simply have strong views on the topic we are investigating, give us a few minutes of your time and we’ll report back on the state of play in this space.

You can get cracking here. ®

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/20/security_survey/

Cloud based data management

Data authorities have ruled that Google has breached the French Data Protection Act, and the huge advertising firm has been ordered to comply with the law within three months or else face sanctions.

Data watchdogs in the UK, Spain, Germany, Italy, and the Netherlands have also launched enforcement actions against Google today, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) said.

The French regulator was tasked by Brussels’ Article 29 Working Party with investigating Google’s controversial privacy policy changes in March 2012. In April this year it found that the ad giant had not implemented any “significant compliance measures.”

In the UK, the Information Commissioner’s Office is looking at whether Google’s rejigged privacy policy is compliant with the Data Protection Act 1998.

The Brit watchdog will be firing off a letter to the company soon, the CNIL said. The ICO, which is led by Commissioner Christopher Graham – who is vice chair of the Article 29 Working Party – did not immediately respond to The Register‘s request for comment at time of writing.

Google was told in a formal notice from the CNIL that it has until September to implement the following changes to its service:

• Define specified and explicit purposes to allow users to understand practically the processing of their personal data;
• Inform users by application of the provisions of Article 32 of the French Data Protection Act, in particular with regard to the purposes pursued by the controller of the processing implemented;
• Define retention periods for the personal data processed that do not exceed the period necessary for the purposes for which they are collected;
• Not proceed, without legal basis, with the potentially unlimited combination of users’ data;
• Fairly collect and process passive users’ data, in particular with regard to data collected using the ‘Doubleclick’ and ‘Analytics’ cookies, ‘+1’ buttons or any other Google service available on the visited page;
• Inform users and then obtain their consent in particular before storing cookies in their terminal.

Data protection authorities in some of the other countries mentioned by the CNIL are way ahead of the ICO.

In Spain, the DPA has opened a sanction procedure against Google for the infringement of key principles of the Spanish Data Protection law.

While Hamburg’s Commissioner in Germany will shortly hold a formal hearing that may lead to the release of an administrative order demanding that Google implements measures which comply with the country’s DP legislation.

The Dutch data protection regulator is set to issue a confidential report of a preliminary investigation and will ask Google to respond to its findings. Depending on the outcome of those discussions, the DPA could then issue sanctions.

The Italian data watchdog, meanwhile, is seeking clarification from Google after it opened a formal inquiry proceeding last month. It will shortly be looking at the findings of its probe, which could lead to possible enforcement measures that may include sanctions under the country’s data protection law, the CNIL said.

Google, however, failed to see what all the fuss was about.

“Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the authorities involved throughout this process, and we’ll continue to do so going forward,” the company told the Register. ®

What you need to know about cloud backup

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/20/cnil_gives_google_3_months_to_comply_with_french_data_protection_act/