STE WILLIAMS

The annual Oslo Freedom Conference, where activists meet to share tips on advancing human rights, has thrown up an unusual piece of Apple OS X malware.

At a workshop covering how to secure your hardware against government intrusion, security researcher Jacob Applebaum discovered the code on a laptop owned by an Angolan human rights campaigner. The malware was stealing screenshots from the infected system and uploading them to two command and control servers.

The malware is a hidden program called macs.app which installs itself among the computer’s log-in items so that it fires up once the machine is booted. It had been signed off by a legitimate Apple developer ID, enabling it to get past Cupertino’s Gatekeeper security software.

Once activated, the software takes a regular series of screenshots from the infected computer and sends them off to two servers – one of which has been found to be inactive and the other is private. Since the initial discovery, a second sample of the malware has also been discovered on another system, but this isn’t thought to be a large-scale attack.

“The Angolan activist was pwned via a spear phishing attack – I have the original emails, the original payload and an updated payload,” Applebaum tweeted. He also said that Apple has now revoked the developer ID used by the code.

Thankfully, removing the malware is relatively simple. F-Secure already has a signature file for it included in its security software, and users can delete it themselves by removing the macs.app application from the log-in queue and applications folder.

The use of a developer ID is unusual in the world of malware for OS X, and this fact, along with its highly targeted distribution method, suggests it’s a custom job done specifically for spying on specific individuals.

Malware is increasingly being used to spy on activists in China and other countries (here in the Land of the Free the government doesn’t need to, since the phone companies are happy to help) and those who think they might be under surveillance should take extra precautions with their systems and communications. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/mac_malware_steals_screenshots/

Three British members of the notorious LulzSec hacktivist crew and a hacker affiliate were sentenced today for a series of attacks against targets including Sony, News International, the CIA and the UK’s Serious Organised Crime Agency. The youngest of the four accused avoided jail with a suspended sentence while the other three were jailed for terms ranging from 24 to 32 months.

Jake Davis, 19, of Lerwick, Shetland; Ryan Ackroyd, 26, of Mexborough, Doncaster; and Mustafa Al-Bassam, 18, from Peckham, south London all previously admitted involvement in computer hacking attacks. All three were core members of LulzSec while Ryan Cleary, 21, of Wickford, Essex, supplied a botnet of around 100,000 compromised computers that acted as a platform to blitz targeted websites with junk traffic, crashing many sites in the process.

The hackers ran distributed denial of service (DDoS) attacks against the Arizona State Police, 20th Century Fox, HBGary Federal, Bethesda, Eve Online, Nintendo, SOCA and others as part of operations run by various hacking groups including Anonymous and LulzSec.

Cleary (aka Viral) admitted hacking into systems at the Pentagon. He has been indicted in the US and faces possible extradition proceedings. Davis has also been indicted in the US.

Not all members of the group were involved in all the attacks, some of which went far beyond simple packet flooding. Judge Deborah Taylor sentenced the men after considering mitigating factors highlighted by their lawyers over the course of a two day hearing.

In sentencing, Judge Taylor said the group’s offences were “planned and persistent”.

“The losses were substantial even if your motivation was not financial,” she said.

Ackroyd, a former soldier who adopted the online persona of a 16-year-old girl called Kayla to rub salt into the wounds of victims, admitted stealing data from Sony. He also confessed to playing a key role in a malicious prank back in July 2011 involving redirecting visitors to The Sun newspaper’s website to a fictitious story about News Corp chairman Rupert Murdoch committing suicide.

Ackroyd taught himself computer programming as a means to gain an edge in the games he was playing online. Among his roles in LulzSec was to seek vulnerabilities on websites. He was jailed for 30 months.

Al-Bassam (aka T-Flow), who was still at school at the time of the attacks, also sought out vulnerable websites that the hacking crew could target. His barrister said that he wanted to go on to study computer science at university. Al-Bassam avoided jail with a 20 month sentence but will still be punished by having to complete a 300 hour community service order.

Davis (aka Topiary) acted as LulzSec’s main publicist as well as playing a role in co-ordinating its activities. He was sentenced to 24 months in a prison for young offenders.

The court heard that Cleary made up to £2,500 a month selling access to his zombie computer network to hackers. The Asperger’s Syndrome sufferer built up a botnet of 100,000 compromised PCs over a period of five years.

Cleary was jailed for 32 months for the computer hacking offences.

In some instances the group lifted sensitive personal data from compromised websites, London’s Southwark Crown Court heard.

Data leaks, including personal details of 74,000 people who had registered to appear on X-Factor, were made available as torrents and publicised through file-sharing sites such as the Pirate Bay. The gang obtained the data after hacking into US network Fox in May 2011.

‪LulzSec‬ stole 24.6 million customers’ private records during an attack on Sony. The entertainment giant was forced to take its PlayStation Network offline for weeks in the wake of the mega-breach, which ultimately cost it an estimated $20 million.

“This is not about young immature men messing about,” prosecutor Sandip Patel told the court at the start of the mens’ sentencing hearing, Reuters reports. “They are at the cutting edge of a contemporary and emerging species of international criminal offending known as cyber crime.”

“LulzSec saw themselves as latter-day pirates,” Patel said, adding that the group were motivated by “anarchic self-amusement”.

LulzSec – or the Lulz Security hacking collective – started off as an offshoot from the Anonymous hacking collective in 2011. It went on claim a large number of attacks during a 50 day hacking spree in the summer of 2011. Most of its targets were entertainment firms opposing file sharing and law enforcement or intelligence agencies. ‪LulzSec‬ ran a Twitter hashtag called “Fuck FBI Friday” that boasted of its latest assaults.

The alleged ringleader of LulzSec, Hector Xavier Monsegur – known online as “Sabu” – turned FBI snitch following his arrest in June 2011 and helped to identify other members of the group. Monsegur’s sentencing hearing has repeatedly been delayed. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/16/lulzsec_sentencing/

Britain’s biggest businesses are draughting up cyber-security apprenticeships to train the online samurais of the future.

According to digital knowhow spreader e-Skills, just seven per cent of all computer security professionals are aged between 20 and 29. The employer-led quango sees apprenticeships as a vital way of encouraging the kids to get down with this vital sector and help battle online threats that are constantly emerging.

Thus, e-Skills is working with a number of big firms – including privatised defence boffins at QinetiQ, and engineers at BT, IBM, Cassidian, CREST and disability benefit assessors Atos – to develop nationally available degree-level apprenticeships.

Just like trade apprenticeships, these positions will come with wages and give young people a chance to build a career while earning a decent qualification.

Coordinated by the National Skills Academy for IT, the apprenticeships will be created later this year. The intent is to provide the sort of useful skills in demand from employers, while attracting women and other groups who are currently under-represented in the sector.

Paul Thorlby, technical and strategy director at QinetiQ and chair of the employer group, said: “QinetiQ are pleased to be driving this partnership with e-skills UK and other industry employers to shape development opportunities for our next generation of cyber professionals.”

Specialising in defence tech, Qinetiq knows the risks of inadequate digital defences, having been repeatedly targeted by Chinese hackers over a three-year period.

Currently there are few “structured routes for young people to enter the cyber security work sector”, said Bob Nowill, director of cyber and assurance at BT.

“We are pleased to be contributing to this opportunity to proactively grow new talent which is directly aligned to the needs of industry,” he added.

The new scheme will be supported by dosh from the UK Commission for Employment and Skills, a taxpayer-funded operation set up to offer the government advice on skills and employment. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/16/apprenticeship_cyber_security/

Seemingly borrowing a page from the old, line-numbered BASIC programs of the 1980s, Oracle has adopted a new version numbering strategy for the Java Development Kit (JDK) – one that skips numbers, in case Oracle has to go back and plunk in new code later.

Traditionally, Oracle has issued new patches for the JDK on a predictable, regular basis, shipping Critical Patch Updates (CPUs) three times a year on an advertised schedule. That practice was designed to suit the needs of enterprise IT admins, who typically need lots of time to test new patches before they apply them.

But given how rapidly new Java vulnerabilities have been popping up of late, the database giant has been forced to break with tradition and release emergency patches off schedule, lest exploits run rampant.

That’s been happening so often, in fact, that it has started causing problems for Oracle’s version numbering system. The company has been forced to assign version numbers to the quick-fix, small patches that were originally intended for later CPUs, then renumber the CPUs – flummoxing those stodgy, risk-averse enterprise admins.

Now Oracle has had enough of it. “To avoid confusion caused by renumbering releases, we are adopting a new numbering scheme,” the company announced in a bulletin issued on Tuesday, although “avoiding confusion” might be overstating it.

Here’s how the new plan works: The JDK will keep its current versioning scheme, where each update is assigned a code that starts with the current major JDK version number, followed by a lowercase “u” and the current update number. So, for example, the current version of JDK 7 is update 7u21.

Traditionally, Limited Update patches – the kind that add new features and non-security fixes – have been assigned even numbers. CPUs, which only contain fixes for security vulnerabilities, are assigned even numbers. None of that will change under the new system, but what will change is how the numbers are doled out for future planned updates.

Under the new scheme, Limited Updates will only be assigned numbers in multiples of 20. So, since we’re on JDK 7 version 7u21 now, when the next Limited Update shows up it will be version 7u40. The one after that will be 7u60, and so on.

In between these feature updates, CPUs will be assigned odd numbers that are multiples of 5, added to the version number of the previous Limited Update. If you’re following along, that means the next CPU should carry version number 7u25, followed by 7u30 and 7u35.

All of the numbers in between are up for grabs. As Oracle’s bulletin explains, “This numbering scheme will leave several numbers between releases which will allow us to insert releases – for example security alerts or support releases, should that become necessary – without having to renumber later releases.”

Emergency patches for security alerts will be assigned whatever is the next available number, odd or even, as long as it doesn’t fall on a multiple of 5 or 20.

We know – clear as mud, right? But according to Oracle, this rather ham-fisted fix is the best approach for now, to maintain compatibility with old code that expects the JDK version number code to be formatted exactly the way it is today.

“A more elegant solution requires changing the version format of the JDK to accommodate multiple types of releases,” the company writes. It adds, however, that this won’t happen until some future major Java update, to give developers adequate time to prepare for the change – those lumbering enterprise admins raising their ugly heads again. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/15/oracle_new_versioning_scheme/

A US diplomat accused of attempting to recruit a Russian security services staffer as a double agent used a comical “spy arsenal” of equipment, it is claimed.

Ryan Fogle – third secretary of the political department of the US Embassy in Moscow – was allegedly caught redhanded by Russia’s counterintelligence agency, the FSB, with an old Nokia phone, aluminium foil, a compass, knife, wigs, sunglasses and high-denomination euro notes.

The FSB published photos of the stuff to suggest Fogle, if the allegations are true, was more likely supplied by the Marx Brothers than anything comparable to James Bond’s Q branch.

And the possessions apparently included a one-page letter to “a dear friend”, apparently destined for Russians the US wanted to turn: the document offered a $100,000 down-payment for an interview with the would-be recruit, as well as step-by-step instructions on how to set up a new Gmail account for future secret communications.

“Ever-so-savvy, the document stressed the importance of not divulging any real contact information like phone numbers, email or home addresses when creating an email account for the purposes of spying on one’s own country,” Russia Today sarcastically noted in a report that includes a copy of the supposed letter of introduction.

The Gmail account should be set up in a cyber-cafe with a new computer, which ought to be paid for in cash. “We will reimburse you for this purchase,” the letter promises.

Once this is accomplished a message should be sent to [email protected], before allowing a week for a reply. El Reg’s security desk predicts that this webmail address faces a barrage of spam and 419 scams – perhaps something along the lines of: “I am William Boot of the US Embassy of Ishmaelia and have huge funds at disposal for a discreet person who can act as an agent for the release of funds held in XY bank.

Fogle was detained late on Monday “during an attempt to recruit a representative of one of the Russian security services”, the Russian Foreign Ministry said. The diplomat has since been returned to the embassy after he was branded “persona non grata”. The Russian foreign ministry, which summoned the US ambassador for a meeting without coffee, is demanding Fogle’s expulsion.

The FSB told journalists that Fogle’s alleged actions were far from isolated, WiReD reports.

“Recently American intelligence has made multiple attempts to recruit employees of Russian law enforcement organs and special agencies, which have been detected and monitored by Russian FSB counterintelligence,” the agency claimed in a statement.

A former FBI counterintelligence officer cast doubt on the Russian version of events, specifically that Fogle was ineptly engaged in Cold War-style shenanigans.

“I very much doubt that a highly trained CIA operative is going to be walking the streets of Moscow wearing a really bad blond wig. It’s poor tradecraft, and it looks like a setup to me,” Eric O’Neill told CNN. O’Neill suggested the embarrassing material was planted on Fogle.

The whole affair is something of an unwelcome distraction at a time the US is trying to build bridges with Moscow ahead of a planned international conference on Syria.

For all the emphasis on high-tech computer espionage, old-school spying involving Russia and the US still takes place. Three years ago ten alleged members of a Russian sleeper spy ring, including photo-friendly Anna Chapman, were deported from the US and sent back to Russia as part of an official swap programme. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/15/alleged_cia_spy_naff_tradecraft/

Today, right on schedule, Microsoft’s monthly security patch bandwagon rolled into town with updates for Internet Explorer, Office and Windows – with Adobe bringing up the rear.

This latest instalment of Patch Tuesday addresses 33 bugs in a range of Redmond software, as revealed late last week. The flaws have been grouped into 10 updates: two marked critical and eight important.

One of the critical patches (MS13-037) fixes use-after-free vulnerabilities and information leaks in every version of Internet Explorer, from version 6 through 10. The other critical update (MS13-038) tackles a remote-code-execution hole in IE 8, which was first exploited by malicious code injected by hackers into a US Department of Labor website. The bug is also present in IE 9, but there have been no reported attempts to capitalise on the flaw.

“While no known attack vectors exist for Internet Explorer 9 in the default configuration, the vulnerable component still exists and is therefore receiving an update,” explained Marc Maiffret, chief technology officer at IT security outfit BeyondTrust.

Microsoft’s May patch batch contains eight lesser “important” updates; the most pressing is a denial-of-service vulnerability (MS13-039) in Windows 8, Server 2012, and RT. The other updates close holes in the instant-messaging app Lync, Visio, Publisher and Word. There’s also a fix for an authentication bypass in .NET and a security update for Windows Essentials – a bundled package of utilities. Lastly, there’s a patch to resolve an important privilege elevation flaw in Windows kernel-mode drivers.

Microsoft’s roundup of the security fixes is here, and there’s a graphical overview from the Internet Storm Centre here.

And it wouldn’t be a security update story without…

Not to be left out, Adobe published updates for three of its products: website development system ColdFusion, Flash, and PDF software Reader and Acrobat. The ColdFusion patch addresses a vulnerability already being exploited in the wild: the security hole was used to swipe sensitive data from the US’s Washington State Court System, which led to the exposure of 160,000 social security numbers and one million driver licence numbers.

The Acrobat/Reader update (APSB13-15) contains fixes for 27 security blunders, and targets all versions of Reader on Windows, Mac OS X and Linux. The update is critical for Reader/Acrobat 9 on Windows and “important” for other builds. All need patching sooner rather than later because Reader PDF vulnerabilities are such a hacker’s favourite.

The Flash update (APSB13-14) addresses seven vulnerabilities, all unearthed by Google’s security team. Commentary on Adobe’s patches, as well as the security updates from Microsoft, can be found in a blog post by Wolfgang Kandek, CTO at cloud security firm Qualys, here.

And in yet more patching news, Mozilla pushed out its latest version of its browser and a maintenance release for its Thunderbird email client. Firefox 21.0 fixes eight security issues, including three critical bugs all involving memory-related programming errors. For the completists out there, security commentary specifically focused on the Mozilla updates can be found in a blog post by Paul Ducklin on Sophos’s Naked Security blog here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/15/may_patch_roundup/

McAfee has launched an all-in-one cross-platform security suite for consumers that incorporates online storage through biometric authentication as well as a host of other security technologies. Equally importantly, the Intel security division is trying to shake up the way security software is sold to consumers.

The McAfee LiveSafe service features a cloud-based “safety deposit box” – Personal Locker – that allows online users to store their most sensitive documents, including financial records and copies of IDs and passports, providing they fit into the 1GB allocated storage space. Users would access their documents through biometric authentication – using voice, face, and device recognition technologies.

This is delivered through Intel Identity Protection Technology, a tamper-resistant hardware authentication mechanism, built into the latest Intel processors.

The cross-device service offers protection for a user’s PCs, Macs, smartphones, and tablets against the latest malware and spam, along with a host of other security technologies, including McAfee Anti-Theft. This aspect of the technology gives consumer the means to remotely lock, disable or wipe a device as well as an ability to recover some data if a device gets either lost or stolen.

The software also offers simplified password management through a facility to securely store usernames and passwords, offering users a means to log into websites with one click.

Intel is trying to make the inclusion of security technologies part of laptop and PC purchasing decisions rather than an afterthought, with big discounts for bundled versions of the technology.

The LiveSafe service will be offered from July 2013 at a special introductory price of £19.99 with the purchase of selected new PCs or tablets. LiveSafe will come preinstalled on Ultrabook devices and PCs from Dell starting on June 9. By contrast, a 12-month subscription for consumers’ existing PCs and tablets will cost £79.99.

All this is a big change from offering security software to consumers as part of a 30- or 90-day trial package, offering free-of-charge basic security software packages before trying to get consumers to upgrade to paid-for products, or the frequently criticised practice of bundling trial versions of anti-virus software with third-party security patches.

Despite the new offer, McAfee has no plans to discontinue its traditional consumer and home-office security-suite and anti-virus product lines. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/15/mcafee_livesafe/

Is Microsoft “snooping” on Skype text conversations, or merely protecting users from malware URLs?

German publisher Heise Online has given that question prominence with the accusation that Redmond is snooping, as the result of receiving return visits from Microsoft IP addresses if they send URLs through Skype text chats.

In essence, untangling the syntax that Google Translate applies to German – I think it passes through a couple of other languages on the way to English – Heise reports that if two Skype users send a URL through text chat, they get an “unannounced visit from Redmond”.

The issue was raised by a reader, the report says, whose network protection took the tap from a Microsoft IP address as a replay attack.

To test the report, the researchers sent URLs – one of them including HTTPS credentials – via Skype, and then watched the logs of the servers identified in the chat messages. The servers then received visits from the Redmond machine (IP address 65.52.100.214) using the same URLs (including the credentials, Heise claims).

Redmond’s response to Heise’s inquiry was that it is scanning URLs to make sure that users aren’t (accidentally or stupidly) passing around malware or phishing links. The publisher retorts that instead of using an HTTP GET, Microsoft is calling the URLs using HTTP REQUESTS HEAD. As a result, it says, Microsoft isn’t actually reviewing the pages it’s requesting.

The Register isn’t so sure that the HEAD request is useless: it could offer a quick and automated way to see if a page’s header matched a signature for known malicious pages. However, repeating requests that include sign-on credentials would appear, at first blush, to be a risky behaviour. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/14/skype_snoop_or_phishing_defence/

So: the person alleged to have described himself as the “leader” of LulzSec was arrested for what, exactly?

There’s been a lot of noise flowing around, and the odd tip-off (including some to The Register in an extensive phone call on April 29). Since we try to avoid jumping ahead of the court process, we have kept our traps shut.

However, with one Matthew Flannery having appeared in the Central Local Court in Sydney today, it is now on the public record that the charges he’s facing are for defacing the Website of the Narrabri Shire Council.

Without wanting to downplay the seriousness of the trouble “Aush0k”, as Flannery is alleged to have called himself online, is in – if convicted of the attack he could spend is 12 years in the slammer – news of the target means there’s plenty that doesn’t ring true about this csase.

Here is your elite hacker, world: someone of whom the Australian Federal Police originally said:

“Police will allege the man was in a position of trust within the company, with access to sensitive information from clients including government agencies.

“The AFP believes the man’s knowledge and skills presented a significant risk to the clients of the company for which he was employed had he continued his illegal online activities.”

It’s very difficult to reconcile “leader of LulzSec”, “significant risk”, “knowledge and skill” with “defacer of Narrabri Shire Council”.

I would be the last to make fun of Narrabri – it is, after all, home to the Australia Telescope Compact Array. However, with a total population of 14,000 and low Internet penetration (by national standards), it’s quite possible that narrabri.nsw.gov.au would have days on which most of its traffic comes from search engines’ crawlers.

Narrabri, target of the l33t

Defacing Narrabri Shire Council is hardly a bragging-rights attack. Australia’s democracy failed to teeter on the edge of collapse when it happened; in fact, Australia failed to notice it happening. Whatever the attack entailed, it had even less impact that when Anonymous dumped the Mosman Shire Council site to Pastebin in 2011.

So the Australian Federal Police’s huge bragging-rights coup, the arrest of the “alleged leader of LulzSec”, was to catch someone defacing a ColdFusion/Dreamweaver site on a Windows server at GoDaddy in Singapore.

It’s almost enough to make me believe in the theory that Flannery was set up: because you’d have to be an American script kid to think that this target was worth your effort.

The case returns to court on August 6. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/15/narrabri_shire_ash0ks_target/

Claims that a Saudi mobile network is attempting to spy on citizens emerged after the telco apparently tried to recruit top cryptographer Moxie Marlinspike – who promptly went public.

The cryptography expert and former hacker, who left Twitter’s security team in January, said he had been asked to help Mobily in its state-backed project to monitor encrypted chat sent by Twitter, Viber, WhatsApp and other third-party smartphone natter apps.

Just two months ago, the Saudi telecommunications regulator was reported to have warned that encrypted messaging services including Skype, Viber and WhatsApp could be blocked if they did not provide the government the means to monitor the apps. Saudi papers at the time said the affected firms had been given one month to respond.

Marlinspike has published emails exchanged between himself and someone who appears to be a high-ranking executive at the mobile telco, who apparently tried to hire the noted software engineer. The network is investigating the claims, we’re told. A spokesman told the WSJ that Marlinspike’s “account of of his contacts with Mobily ‘is not 100% accurate’.”

Mobily, one of two telecom operators in Saudi Arabia, is believed to be under pressure from a regulator within the kingdom to wiretap the aforementioned apps. Its bosses, it is claimed, sought technical knowhow from Marlinspike, who created a tool that intercepted secure web traffic to highlight shortcomings in HTTPS and SSL.

But the expert would have been a rather poor recruitment target: he co-founded Whisper Systems, a company which provided free encrypted cellphone comms technology to dissidents in Egypt during the time of the Arab Spring uprising. And he devised the Convergence SSL system to strengthen the bedrock of cryptography HTTPS web browsing is built on.

Whisper was bought by Twitter in 2011, and Marlinspike worked on the social network’s software security team after the acquisition. All of this makes Marlinspike a highly unlikely recruit for a state-sponsored surveillance project.

Nonetheless, according to the engineer and keen sailor, Mobily sent him an email titled Solution for monitoring encrypted data on telecom that outlined its requirements for the dragnet lawful interception project. Despite the telco’s apparent lack of communications security skills, with the funds available at its disposal, it will eventually come up with a mobile snooping system that works, Marlinspike lamented on his blog. He claimed:

One of the design documents that they volunteered specifically called out compelling a CA [Certificate Authority] in the jurisdiction of the UAE or Saudi Arabia to produce SSL certificates that they could use for interception. A considerable portion of the document was also dedicated to a discussion of purchasing SSL vulnerabilities or other exploits as possibilities.

Their level of sophistication didn’t strike me as particularly impressive, and their existing design document was pretty confused in a number of places, but Mobily is a company with over 5 billion in revenue, so I’m sure that they’ll eventually figure something out.

What’s depressing is that I could have easily helped them intercept basically all of the traffic they were interested in (except for Twitter – I helped write that TLS code, and I think we did it well). They later told me they’d already gotten a WhatsApp interception prototype working, and were surprised by how easy it was. The bar for most of these apps is pretty low.

The discussion between the Mobily employee and Marlinspike progressed until, we’re told, the SSL expert was asked for a price quote – at which point he declined stating he wasn’t interested in the job for privacy reasons.

Undaunted, according to the published emails, the Mobily pitchman responded that the project was needed in order to spy on the local jihadis, going so far to suggest that Marlinspike was “indirectly helping those who curb the freedom with their brutal activities” by not getting involved with the wiretap project.

Marlinspike has little doubt that other telecom providers in multiple countries are running surveillance projects similar to the one described above, hence his decision to publish the messages.

“I’m being rude by publishing this correspondence with Mobily, not only because it’s substantially more rude of them to be engaged in massive-scale eavesdropping of private communication, but because I think it’s part of a narrative that we need to consider,” he said. “What Mobily is up to is what’s happening everywhere, and we can’t ignore that.”

In his blog post Marlinspike went on to talk about changes in hacking culture, increased commercialism, governments and defence contractors splashing cash all over exploit marketplaces to becoming the biggest consumers of attack code, and private citizens becoming a principal target. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/14/saudi_arabia_misfiring_surveillance_recruitment_pitch/