Articles about Surveillance

Italian security and surveillance firm Hacking Team appears to have itself fallen victim to a security breach. Hacking Team produces software which is used by governments around the world as part of their surveillance programs. The company has been criticized for facilitating invasions of privacy, and, over the weekend, its Twitter feed was taken over, resulting in its name and profile picture being changed to read Hacked Team.

But this is far from being the end of the story. Whoever is responsible for the security breach also released a torrent file that provides access to 400GB of company data. Included in the cache are emails, source code, and confidential documents. The files reveal who the company has been dealing with including a number of countries known for their oppressive regimes.

Continue reading →

A court has revealed that the UK intelligence agency, GCHQ, illegally spied on human rights organization Amnesty International. It is an allegation that the agency had previously denied, but an email from the Investigatory Powers Tribunal backtracked on a judgement made in June which said no such spying had taken place.

The email was sent to Amnesty International yesterday, and while it conceded that the organization was indeed the subject of surveillance, no explanation has been offered. It is now clear that, for some reason, communications by Amnesty International were illegally intercepted, stored, and examined. What is not clear is when the spying happened, what data was collected and, more importantly, why it happened.

Continue reading →

Heightened awareness about online security means that more and more websites are using encryption to boost privacy and security. A few weeks after Wikimedia announced it was using HTTPS to encrypt traffic to its site, The Washington Post has followed suit.

It's a move designed to stop snooping on readers' browsing habits. The news outlet explains that it will make it "more difficult for hackers, government agencies and others to track the reading habits". For those concerned about privacy, this will come a good news, but there's a catch; encryption does not apply to the entire site.

Continue reading →

UK secret services say that the encrypted files Edward Snowden held from his time working at the NSA have been accessed by intelligence agencies in China and Russia. The Sunday Times reports that the top secret files have been hacked meaning that British and American spies could be identified and located.

Wanted by US authorities, Snowden has been in hiding for some time now. It is believed that the time he spent seeking refuge in Hong Kong and Moscow may have given security official the opportunity to access the data he held. Although the data was protected, it is thought that the encryption was hacked, and US and UK intelligence services have been "forced to intervene and lift their agents from operations to prevent them from being identified and killed".

Continue reading →

Today the US Senate passed the USA Freedom Act without amendments, signalling the start of the significant surveillance reform that has been called for since Edward Snowden blew the whistle on the agency's activities. It had already been determined that the bulk collection of phone metadata was illegal, and the expiry of Section 215 of the Patriot Act at the end of May brought this data collection to an end anyway.

The USA Freedom Act sets in concrete the end of the phone data collection program and is seen as a major victory for privacy advocates. It will come as good news to Snowden himself who will undoubtedly feel a sense of relief that his risk-taking paid off. The bill is still to be signed into law by President Obama, but this is now little more than a formality.

Continue reading →

The EFF (Electronic Freedom Foundation) has involved itself in lots of online battles -- including the fightback against NSA surveillance, and the drive for net neutrality. The latest fight sees the organization joining forces with web performance and security firm CloudFlare in tackling the site blocking activities of the record industry.

The digital rights group is battling record labels which it says are forcing web firms into becoming the "copyright police". The move was prompted by the closure of Grooveshark, a music website run by one of CloudFlare's clients. It re-opens the question of who is ultimately responsible for the content that appears on sites -- those posting it, those hosting it, or any other company involved in the delivery?

Continue reading →

Privacy advocates in the US -- and, indeed, the world over -- had pinned great hopes on the USA Freedom Act bringing to an end the mass collection of phone records. Hitting the Senate for the second time this year, the Act was blocked in a 57-42 vote.

Section 215 of the Patriot Act expires on 31 May, and it had been hoped that the hype and momentum surrounding it would have helped push the USA Freedom Act through. Despite making through the House of Representative, the Bill failed to reach the 60 vote goal it needed to hit. But as of 1 June, the NSA will still not be collecting phone data. So what happened?

Continue reading →

A Californian woman is suing her former employee after being fired for deleting an app that was tracking her movements at all times. The company instructed her to run the app, which monitored her via GPS, 24 hours a day.

According to the lawsuit, plaintiff Myrna Arias alleges that her employer, money transfer firm Intermex, fired her after she uninstalled job management app Xora. She also alleges that her boss John Stubits boasted about being able to monitor her during out-of-work hours.

Continue reading →

The Tor browser is used by many to stay anonymous online -- and it's something that has been embraced by the likes of WikiLeaks as a way to safely gather information whilst hopefully avoiding the surveillance of the NSA. One lesser known project from the same stables is the Tor Cloud service, and Tor has announced that it is closing down.

Based on the Amazon EC2 cloud computing platform, Tor Cloud provided a way to share computing resources and allow faster uncensored access to the internet. However, the project is plagued with "at least one major bug ... that makes it completely dysfunctional" and after failing to find anyone to undertake the work, the decision was taken to shutter Tor Cloud. This does not mean that Tor itself is dead -- far from it -- and developers are being encouraged to create their own forked versions of Tor Cloud.

Continue reading →

It has been hard to avoid talk of the NSA over the past year or so -- Edward Snowden's revelations blew the lid off convert surveillance that has been carried out by the US government. It has been a hugely divisive issue, many heralding Snowden as a hero, others as a traitor and has led people to question whether everyday software might include secret backdoors.

Included in the NSA's activities was the mass collection of metadata about phone calls made and receive by American citizens. Today the US court of appeals ruled that this data collection is illegal. With other countries adopting NSA-style surveillance tactics, the ruling opens up the possibility that the NSA could face further legal proceedings and probes.

Continue reading →

The French government has voted in favor of greater powers of surveillance, giving it intelligence-gathering capabilities on a par with the NSA. The move came in the wake of the Charlie Hebdo attack which led to the deaths of 12 people and prompted the Je Suis Charlie support campaign.

The new laws allow for NSA-style mass collection of metadata online as well as setting up the National Commission for Control of Intelligence Techniques (CNCTR) to oversee data collection. It has been criticized by some as being the French equivalent of the Patriot Act and the ruling Socialist Party is accused of prying too far into the private lives of normal people in the name of counter-terrorism.

Continue reading →

A security audit of TrueCrypt has determined that the disk encryption software does not contain any backdoors that could be used by the NSA or other surveillance agencies. A report prepared by the NCC Group for Open Crypto Audit Project found that the encryption tool is not vulnerable to being compromised.

However, the software was found to contain a few other security vulnerabilities, including one relating to the use of the Windows API to generate random numbers for master encryption key material. Despite this, TrueCrypt was given a relatively clean bill of health with none of the detected vulnerabilities considered severe enough to lead "to a complete bypass of confidentiality in common usage scenarios".

Continue reading →

Edward Snowden is heralded as both a hero and villain. A privacy vigilante and a traitor. It just depends who you ask. The revelations he made about the NSA's surveillance programs have completely changed the face of online security, and changed the way everyone looks at the internet and privacy.

But just before the whistle was blown, it seems that the NSA was considering bringing its telephone data collection program to an end. Intelligence officials were, behind the scenes, questioning whether the benefits of gathering counter-terrorism information justified the colossal costs involved. Then Snowden went public and essentially forced the agency's hand.

Continue reading →

You'd think that governments would be encouraging people to keep their computers and personal data safe. Until relatively recently, this has been exactly what the FBI has been pushing -- suggesting that phone users should enable encryption on their handsets. But it seems that there has been something of a change of heart. It's probably Snowden's fault.

Now, as part of an "ongoing website redesign", advice about using encryption and protective PINs has vanished from the FBI website. Forget the security-focused devices such as the Blackphone 2, it appears that the bureau wants your data, and you, to be insecure.

Continue reading →

Data leaks due to security flaws and hacker activity constantly make the news, but they're not the only ones that businesses have to worry about. Leaks can stem from employee or industrial espionage activity too and of course there's always government snooping.

Whilst larger businesses with sensitive data or intellectual property to protect often check for old-style surveillance they may not be as aware of the potential for PCs and other gadgets to gather intelligence as well as leak data. We spoke to Andre Ross, Director of Australian digital forensics and information security company Elvidence to find out how businesses may be at risk and what they can do to combat it.

Continue reading →