STE WILLIAMS

Microsoft Patent Points to Snooping

A new Microsoft patent points towards Skype becoming equipped for lawful interception, which could be important as the service grows up to challenge traditional telcos.

The patent was filed back in 2009, but granted last week and picked up by Computerworld. Titled “Legal Intercept”, it covers one way in which a VoIP-based communications system might enable a call to be intercepted and covertly recorded, naming Skype as one of the services to which it could be applied.

Microsoft bought Skype back in May, but only received approval for the deal in June – so hasn’t had much time to do anything with the VoIP leader. Skype is hugely successful, with 170 million registered users, but it’s been very secretive about its protocols and security, refusing interoperability and asking users to just trust in Skype for their security.

That won’t wash in the real world, and neither will denying governments the right to listen in on their citizens. Most of us accept that security forces need to occasionally tap into phone lines, hopefully with suitable judicial oversight, but Skype’s apparent reluctance to permit such taps has resulted in rumours of secret deals and government-backed attacks on the cryptography used to protect Skype calls.

The patent describes how client, or network, software can be surreptitiously alerted that incoming and/or outgoing calls are to be monitored for a specific user. Such calls are then copied (packet by packet) to the monitoring server without the user being aware. The patent suggests the interception software could be placed in a NAT or router, but also incorporated into the VoIP client itself.

India has made it clear that Skype risks being kicked out of the country unless it sorts out some sort of lawful intercept capability, and other countries will be quick to follow India’s lead. So if Microsoft wants to see Skype spreading around the world then it will need to have just what’s described in the Legal Intercept patent.

Citizens aghast that their VoIP calls could be intercepted might be annoyed, but they’d be better off petitioning their governments, rather than raging against the companies trying to obey the law.

UC Gov Gmail Phishers Stalked Victims for Months

Spear phishers who targeted the personal Gmail accounts of senior government officials painstakingly monitored incoming and outgoing email for almost a year, a researcher who helped uncover the campaign said.

In some cases, the attackers sent the victims emails designed to originate from friends or colleagues in hopes of getting responses that detailed the targets’ schedules, contacts, and job responsibilities, Mila Parkour, a Washington, DC-based system administrator who does security research on the side, told The Register. The attackers also employed web-based scripts that caused earlier versions of Microsoft’s Internet Explorer browser to divulge detailed information about the software used by the compromised account holder. (more…)

Leaked US cables finger Chinese army hackers for cyber-spying

Leaked US diplomatic cables have provided some of the first hard evidence that the US is engaged in a heated cyberespionage battle with China, a conflict diplomats reckon is showing few signs of cooling off.

Diplomatic cables, obtained by WikiLeaks and released to the media by a third party last week, trace a series of breaches codenamed Byzantine Hades back to a specific unit of China’s People’s Liberation Army.

Websites associated with attacks dating back to 2006 were registered using the same postal code in the central Chinese town of Chengdu that is used by the People’s Liberation Army Chengdu Province First Technical Reconnaissance Bureau (TRB), an electronic espionage unit.

At least six such bureaus, including the Chengdu unit, “are likely focused on defines or exploitation of foreign networks”, according to a report by officials in the State Department’s Cyber Threat Analysis Division and quoted in the leaked cable, which was written in April 2009.

The Byzantine Hades attacks, which ran from 2006 through till at least October 2008 – and are possibly still ongoing – used targeted emails that attempted to trick recipients into opening booby-trapped attachments. Common malware payloads involved the so-called Gh0stNet Remote Access Tool (RAT), a strain of malware capable of capturing keystrokes, taking screen shots, installing and changing files, and even surreptitiously recording conversations before uploading them to a remote server, Reuters reports.

Servers used in the exercise were the same as those previously linked to attacks on Tibetan websites around the time of the Beijing Olympics in 2008.

The cable reports claim that a Shanghai-based hacker group linked to the People’s Liberation Army’s Third Department was involved in the assaults. The leaked cable names a hacker named Yinan Peng from a group called Javaphile as among those involved in the assaults.

Both US government agencies and private sector firms became victims of the attacks.

Hackers successfully swiped “50 megabytes of email messages and attached documents, as well as a complete list of usernames and passwords from an unspecified [US government] agency,” the cable said.

Other targets of the assaults include the US Embassy in Tokyo, Japan. The cable quotes a meeting at the Ramstein Air Base in September 2008 when German and French officials told their US opposite numbers that they had also been hit by cyber-espionage attacks.

The leaked cable was written months before China went public over hack attacks against the US search giant and other high-tech firms that were creating diplomatic tension between the US and China. The cable speaks of a series of diplomatic meetings between US and Chinese officials. US diplomats seem fairly sure that the Chinese are behind the attacks, whose main motive seems to be to steal trade secrets that might be used to sustain China’s economic growth. The talks reportedly remain ongoing, even though progress remains slow.

Chinese officials are seemingly happy enough to assure the US that they have no interest in destabilising the US economy – as a major stockholder such actions would be counterproductive – but clam up when talk turns to cyber-espionage. Senior figures in the government, when pressed on the issue, are inclined to state that China is being spied upon more than it is spying on others

No court order against PlayStation hackers for now

A San Francisco federal judge declined to order New Jersey-based hacker Geohot to turn over the technology he used to root the PlayStation 3, saying she doubted Geohot was subject to her court’s authority.

The move by US District Judge Susan Illston on Friday was a blow to Sony, which argued that the 21-year-old hacker, whose real name is George Hotz, should be forced to surrender his computer gear and the code he used to circumvent digital rights management features in the gaming console. Illston rejected arguments that Hotz’s use of Twitter, PayPal, and YouTube, all located in the Northern District of California, were sufficient contacts with the region to establish personal jurisdiction.

“If having a PayPal account were enough, then there would be personal jurisdiction in this court over everybody, and that just can’t be right,” Illston told James G. Gilliland Jr., an attorney representing Sony. “That would mean the entire universe is subject to my jurisdiction, and that’s a really hard concept for me to accept.” (more…)

Cellphone tower data protected by US Constitution

A federal judge has ruled that subscriber data captured from cellphone towers is protected by the US Constitution’s Fourth Amendment guarantee against illegal searches and seizures.

The decision is part of a sea change from half a decade worth of previous rulings, in which police weren’t required to obtain search warrants based on probable cause before accessing the subscriber information. US Magistrate Judge Stephen Wm Smith of the Southern District of Texas said recent changes in case law and rapidly evolving mobile technology required a departure from the outcomes in that long line of cases.

“In 1789 it was inconceivable that every peripatetic step of a citizen’s life could be monitored, recorded, and revealed to the government,” he wrote in a decision that was released late last month but only noticed in the last few days. “For a cell phone user born in 1984, however, it is conceivable that every movement of his adult life can be imperceptibly captured, compiled, and retrieved from a digital dossier somewhere in a computer cloud. Now as then, the Fourth Amendment remains our polestar.”

The ruling – which seemed to make reference to the year the Constitution went into effect and the George Orwell novel – is a huge victory for privacy advocates, who have long argued that historical cell-site information gives the government the ability to track users’ location each time they make a call or send a text message. In this case, however, it would appear the government was seeking to electronically surveil targets “whether the phone was in active use or not,” Smith said.

The government’s request for permission to capture 60 days worth of tower data didn’t sit well with the judge, who likened the electronic record to “a continuous reality TV show, exposing two months’ worth of a person’s movements, activities, and associations in relentless detail.”

The decision follows August’s landmark decision in which a federal appeals court bashed warrantless GPS surveillance, ruling FBI agents should have obtained a search warrant before planting a GPS device on the vehicle of a suspected drug dealer. A few weeks later, a federal judge in New York ruled cell-tower data was also protected by the Fourth Amendment, rebuffing investigators who said there was no reasonable expectation such data is private.

The American Civil Liberties Union, hailed Smith’s decision.

“The court reached this conclusion both because cell tracking reveals information about constitutionally protected spaces such as the home, and because the prolonged nature of such surveillance is very invasive,” Catherine Crump, of the ACLU’s Speech, Privacy and Technology Project, blogged.

A PDF of Smith’s ruling is here ®

Cell Phone Search Needs No Warrant – California

California’s high court said police don’t need a warrant to read text messages stored on the cell phones of people taken into custody.

Monday’s 5-2 decision (PDF) relied on separate decisions from the 1970s by the US Supreme Court that upheld warrantless searches of cigarette packs and clothing taken from suspects after they were arrested.

Cell phones are no different, California Supreme Court Justice Ming Chin wrote for the majority in Monday’s decision. They went on to uphold an appeals court decision that the retrieval of an incriminating text message from a drug suspect’s handset didn’t violate the US Constitution’s protection against unreasonable searches and seizures.

The ruling came in the case of Gregory Diaz, who was arrested in 2007 for conspiracy to sell Ecstasy. Officers who confiscated his phone found a message that read “6 4 $80,” which was interpreted to mean the defendant would sell six pills for $80.

In a dissenting opinion, two associate justices said cell phones should be treated differently than other personal effects confiscated from a suspect because they’re capable of storing so much more information.

“A contemporary smartphone can hold hundreds or thousands of messages, photographs, videos, maps, contacts, financial records, memoranda and other documents, as well as records of the user‟s telephone calls and Web browsing,” Kathryn M. Werdegar wrote in the dissent. “Never before has it been possible to carry so much personal or business information in one’s pocket or purse. The potential impairment to privacy if arrestees’ mobile phones and handheld computers are treated like clothing or cigarette packages, fully searchable without probable cause or a warrant, is correspondingly great.”

The warrantless seizure of cell phones has already been heard by other courts with varying outcomes, according to The San Francisco Chronicle. The split may prompt the US Supreme Court to take up the issue. ®

Lawyers fear Assange faces death penalty in US

WikiLeaks founder Julian Assange could be imprisoned at Guantanamo Bay or face the death penalty if he’s extradited to the US, his attorneys argued in court papers released Tuesday.

The document, which outlines the defense Assange’s legal team intends to use next month at a hearing over Sweden’s request for extradition, says Assange could be subject to other types of maltreatment that would violate the European Convention on Human Rights. They include the possibility of torture or, they hinted, “extraordinary rendition,” in which the CIA forcibly transfers suspected terrorists to countries where prohibitions against torture aren’t in place.

“There is a real risk that, if extradited to Sweden, the US will seek his extradition and/or illegal rendition to the USA, where there will be a real risk of him being detained at Guantanamo Bay or elsewhere, in conditions which would breach Article 3 of the ECHR,” the document stated. “Indeed, if Mr. Assange were rendered to the USA, without assurances that the death penalty would not be carried out, there is a real risk that he could be made subject to the death penalty.”

The document went on to cite references from former Alaska Governor Sarah Palin and former Arkansas Governor Mike Huckabee, who have both called for Assange to be treated as a terrorist.

Assange, 39, remains confined to a country mansion outside London on about $410,000 surety while a London court decides whether Assange should be extradited to Sweden. Prosecutors in that country are investigating claims by two women that Assange sexually molested them while visiting Sweden in August. Assange was previously cleared to leave the country after prosecutors there closed their investigation. When it was reopened, prosecutors sought Assange’s extradition, which the WikiLeaks’ founder has opposed.

Assange hasn’t been charged with any crime.

In the defense preview, Assange’s attorneys took issue with the extradition application of Swedish prosecutor Marianne Ny. Requests can be made only after a suspect has been charged with a crime that is subject to extradition, the attorneys argued. What’s more, prosecutors must exhaust all “normal procedures” for interrogating Assange, which has yet to happen, they argued.

“In short, Ms. Ny went from informal discussions about arranging an interview of Mr. Assange straight to the issuance of [a European arrest warrant], without taking the reasonable and proportionate, intermediary step of formally summoning him for an interview or formally requesting his interrogation,” the wrote. “The proper, proportionate and legal means of requesting a person’s questioning in the UK in these circumstances is through Mutual Legal Assistance.”

The defense preview was issued a few hours after Assange appeared at a brief court hearing attended by supporters including Bianca Jagger and heiress/socialite/humanitarian Jemima Goldsmith. ®

WikiLeaks lawyer dubs US subpoena on Twitter ‘harassment’

US prosecutor demands that Twitter hand over data about WikiLeaks and a raft of supporters amounts to harassment, a lawyer for the whistle-blower website says.

The claim comes amid revelations of documents the US Department of Justice secretly filed in federal court seeking detailed information associated with the accounts of WikiLeaks and several of its supporters, including Icelandic Member of Parliament Birgitta Jónsdóttir, founder Julian Assange, and Rop Gonggrijp and Jacob Appelbaum, who are hackers who have worked with Assange in the past. Pfc. Bradley Manning, the US Army intelligence analyst suspected of supplying WikiLeaks with classified government documents was also targeted.

Mark Stephens, an attorney representing the secret-spilling website, told journalists over the weekend that the demands violate the US Constitution’s guarantee against unreasonable searches and seizures and amounts to a shake down.

“The Department of Justice is turning into an agent of harassment rather than an agent of law,” Stephens told Bloomberg News. “They’re shaking the tree to see if anything drops out, but more important they are shaking down people who are supporters of WikiLeaks.”

Stephens went on to tell Bloomberg that similar information was sought from Google, Facebook and eBay’s Skype division. Those companies have yet to confirm or deny that claim.

The government’s dragnet might never have come to light were it not for the actions of Twitter, which under the national security letters filed on December 14 in US District Court for the Eastern District of Virginia was forbidden from notifying its subscribers that their information was being demanded. Lawyers for the micro-blogging filed a motion to unseal the court order and won last week.

The company easily could have complied with the order and faced “zero” liability for doing so, said Christopher Soghoian, a Ph.D. candidate in Indiana University’s School of Informatics and Computing, where he is researching data security and privacy, cyber law.

“It is wonderful to see companies taking a strong stance, and fighting for their users’ privacy,” he blogged. “I am sure that this will pay long term PR dividends to Twitter, and is a refreshing change, compared to the actions by some other major telecommunications and internet application providers, who often bend over backwards to help law enforcement agencies.”

He went on to highlight comments made a few years ago by eBay’s director of compliance boasting that the online auction house “has probably the most generous policy of any internet company when it comes to sharing information.” The site doesn’t require a subpoena “except for very limited circumstances,” the official went on to say.

Meanwhile Iceland’s Foreign Ministry has summoned the US Ambassador to Reykjavik to explain why investigators are dredging up the online activity of an Icelandic lawmaker. It’s not clear when the meeting will take place.

Stephens, the WikiLeaks attorney, said government investigators are using the data demands to learn as much as they can about the comings and goings of the targets, as well as their relationship to each other.

“What they will then do is take that data and analyze it in conjunction with data they get from Google, Facebook and the other social media, so that they can ascertain individuals that they feel they want to pay more attention to,” he told Bloomberg. ®

PayPal banned WikiLeaks after US gov intervention

Updated A PayPal executive said his company’s decision to suspend payments to Wikileaks came after the US State Department said the whistle-blower site was engaged in illegal activity. The comment came shortly before PayPal agreed to release the remaining funds in the WikiLeaks fund-raising account.

Press accounts from The Guardian and TechCrunch differ, but both claim that PayPal’s move was influenced by statements from the State Department.

“State Dept told us these were illegal activities,” PayPal VP of platform Osama Bedier told the LeWeb conference in Paris, according to this report from The Guardian. “It was straightforward. We … comply with regulations around the world, making sure that we protect our brand.”

TechCrunch reported much the same thing but later updated its post to say: “After talking to Bedier backstage, he clarified that the State Department did not directly talk to PayPal.” He went on to say that the online payment service was influenced by a November 27 letter State Department officials sent Wikileaks founder Julian Assange and his attorney.

“As you know, if any of the materials you intend to publish were provided by any government officials, or any intermediary without proper authorization, they were provided in violation of US law and without regard for the the grave consequences of this action,” the letter, signed by State Department legal adviser Hongju Koh, stated. “As long as WikiLeaks holds such material, the violation of the law is ongoing.”

The letter didn’t cite any specific US statutes WikiLeaks was violating.

WikiLeaks went on to release a trove of State Department memos that aired confidential diplomatic communications.

PayPal representatives didn’t respond to emails seeking clarification about the influence of the State Department.

But late on Wednesday, PayPal General Counsel John Muller said: “While the account will remain restricted, PayPal will release all remaining funds in the account to the foundation that was raising funds for WikiLeaks. According to The Washington Post, there was about $80,000 in the account.

Muller went on to defend the permanent closure of the account by saying the online payment site is “required to comply with laws around the world.”

“Ultimately, our difficult decision was based on a belief that the WikiLeaks website was encouraging sources to release classified material, which is likely a violation of law by the source,” he continued.

Muller’s argument made no mention of organizations such as the International Tibet Network, which continues to solicit donations through PayPal even though some of their activities almost surely violate Chinese laws.

Over the past few days, other financial services, including Visa, MasterCard, and the Swiss bank Post Finance, have also suspended services to Wikileaks and Assange. The move has prompted criticism on Twitter and elsewhere by users who point out that Visa and MasterCard still permit payments to Ku Klux Klan groups but not to a group that so far has been charged with no crime.

Distributed denial of service attacks by people sympathetic to Wikileaks soon took out MasterCard and were also reported against EveryDNS.net, which suspended one of WikiLeaks domain names. US Senator Joe Lieberman and Sarah Palin – both outspoken WikiLeaks critics – and Swedish prosecutors, who are investigating Assange for alleged sexual offenses, have also been targeted, according to reports. A PayPal blog was also disrupted by attacks.

The Register has asked Visa and MasterCard to comment. This post will be updated if either responds. ®

WikiLeaks dubs Amazon ‘The Cowardly Liar’

WikiLeaks has dubbed Amazon both cowardly and a liar, after the American net giant booted the whistle-blowing website from its hosting service and then said its decision had nothing to do with complaints from the US government.

“Amazon’s press release does not accord with the facts on public record. It is one thing to be cowardly. Another to lie about it,” WikiLeaks said in post to its Twitter account on Friday.

As of Monday, WikiLeaks was hosting its trove of classified US state department cables on the US-based portion of Amazon Elastic Compute Cloud service, and on Wednesday, US Senator Joe Lieberman, the chair of the Senate’s Homeland Security and Governmental Affairs Committee, announced that after an inquiry from his staff, Amazon said it had removed WikiLeaks from the service.

“The company’s decision to cut off WikiLeaks now is the right decision and should set the standard for other companies WikiLeaks is using to distribute its illegally seized material. I call on any other company or organization that is hosting WikiLeaks to immediately terminate its relationship with them,” Lieberman said in a statement

“WikiLeaks’ illegal, outrageous, and reckless acts have compromised our national security and put lives at risk around the world. No responsible company — whether American or foreign — should assist WikiLeaks in its efforts to disseminate these stolen materials. I will be asking Amazon about the extent of its relationship with WikiLeaks and what it and other web service providers will do in the future to ensure that their services are not used to distribute stolen, classified information.”

Netcraft records confirmed that WikiLeaks was no longer hosted on AWS, and WikiLeaks soon tweeted that its mirrors were removed against its wishes. “WikiLeaks servers at Amazon ousted,” it said. “Free speech the land of the free — fine our $ are now spent to employ people in Europe.” According to internet records, the site fell back on servers in Sweden.

Amazon did not respond to repeated requests for comment from The Register. But more than a day later, the company published a blog post claiming it had not removed WikiLeaks in response to government inquiries. “There have been reports that a government inquiry prompted us not to serve WikiLeaks any longer,” the post said. “That is inaccurate.”

The company also said it had not removed the mirrors due to DDoS attacks. It said that WikiLeaks was booted because the site wasn’t following its terms of service. “AWS does not pre-screen its customers, but it does have terms of service that must be followed. WikiLeaks was not following them. [For instance], it’s clear that WikiLeaks doesn’t own or otherwise control all the rights to this classified content,” the company said.

“Further, it is not credible that the extraordinary volume of 250,000 classified documents that WikiLeaks is publishing could have been carefully redacted in such a way as to ensure that they weren’t putting innocent people in jeopardy. Human rights organizations have in fact written to WikiLeaks asking them to exercise caution and not release the names or identities of human rights defenders who might be persecuted by their governments.”

The company added that it has no problems hosting “controversial” data, but that the WikiLeaks situation is a separate case. “When companies or people go about securing and storing large quantities of data that isn’t rightfully theirs, and publishing this data without ensuring it won’t injure others, it’s a violation of our terms of service, and folks need to go operate elsewhere.”

But the timing of the decision is telling.

Assange: ‘It was all part of my master plan…’

On October 25, The Register reported that WikiLeaks was mirroring data on Amazon servers in both the US and Ireland, including the classifed “Iraq War logs.” But aside from a brief mention on The Daily Telegraph website, the news received little mention in the mainstream media. We contacted Amazon at the time and alerted them to the mirrors, but the company did not respond.

Then, earlier this week, we reported that WikiLeaks had hoisted its “cablegate” documents onto Amazon, and this time, the news was picked up by the Wall Street Journal and several other major news outlets. The Joe Liebermans of the world, you see, read The Wall Street Journal.

What’s more, a day after Amazon booted WikiLeaks, the site was also ousted by its US-based DNS provider, EveryDNS. Last month, we spoke to EveryDNS about WikiLeaks’ use of its service, and though it declined to discuss the accounts of specific customers, it said it would only remove customers if they violated its terms of service. We also spoke to Dynadot, WikiLeaks’ US-based domain name registrar. President Todd Han echoed what EveryDNS told us, but he did add that it typically only removes sites for violations if it receives a complaint from an injured party.

“Usually, most of the time, we resonded to complaints, but sometimes we will take action on our own if it violates our terms of service,” Han told us. “If they violate the law, they violate terms of service. But with these kinds of situations with domains, there are two sides of the story. There’s a lot of grey areas.”

Indeed.

Like Amazon, EveryDNS did not boot WikiLeaks until this week — more than a month after we first spoke to the company about the site. Unlike Amazon, it said that it removed WikiLeaks due to DDos attacks on the site. “The services were terminated for violation of the provision which states that ‘Member shall not interfere with another Member’s use and enjoyment of the Service or another entity’s use and enjoyment of similar services’,” EveryDNS said in a statement.

“The interference at issue arises from the fact that wikileaks.org has become the target of multiple distributed denial of service (DDOS) attacks. These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites.”

Naturally, WikiLeaks has simply moved its service elsewhere. Booted by its DNS provider, the site has resurfaced on a Swiss net domain. “WikiLeaks moves to Switzerland http://wikileaks.ch/,” read another Tweet from WikiLeaks.

In other words, the whole saga has played out just as expected. “Even if Amazon is insulated from liability, I suspect Amazon will choose to remove the content ‘voluntarily’ (motivated by a little persuasion from the government), presumably citing a breach of its terms of service as a pretext,” Santa Clara law professor and tech law blogger Eric Goldman told The Reg a month ago.

“A more ‘ideological’ web host would probably fight more vigorously for its users’ publishing rights than Amazon will.” Unless a federal crime has been committed, Amazon is not legally required to remove the data, and it’s unclear whether WikiLeaks is committing a criminal act.

And echoing other suspicions from late October, WikiLeaks founder has now claimed that the site purposefully mirrored its data on Amazon’s servers to expose the company’s “free speech deficit.”

“Since 2007 we have been deliberately placing some of our servers in jurisdictions that we suspected suffered a free speech deficit in order to separate rhetoric from reality,” Assange said on Friday during a live chat on The Guardian‘s website. “Amazon was one of these cases.” ®