Tuesday, 29 January 2008

Investigations and privacy: possible issues?

Here is the Statewatch newsletter of 22 January 2008 (01/08)Home page: http://www.statewatch.org - Enlightening if applied to cybercrime... Note also the old partnership bewteen UK and USA

"6. UK-USA: 1948 UKUSA agreement and ECHELON states behind "Server inthe Sky" project: Press coverage reporting that the FBI is seeking toset up a global alliance to target suspected terrorists and criminalshas not so far noted the historical origins of "Server in the Sky"project to collect and exchange personal biometrics and data. Thegroup behind the initiative is the "International InformationConsortium" comprised of the USA, UK, Australia, Canada and NewZealand. The same five states started intelligence gathering in theCold War era under the 1948 UKUSA agreement which set up a globalmonitoring system led by the NSA (USA) and Government CommunicationsHQ in the UK (GCHQ).And the very same five states set up the ECHELON surveillance systemin the 1980s which extended communications gathering on a huge scalefrom military objectives to political and economic targets bytrawling the ether for keywords, phrases and groups.Tony Bunyan, Statewatch editor, comments:"The USA and the UK have been running global surveillance systemssince the start of the Cold War through the NSA and GCHQ and theirscope was extended by the ECHELON system in the 1980s. For nearly 60years, since 1948, these hidden systems have been beyond democraticcontrol and now we see this alliance extending its tentacles to covernot just suspected terrorists but criminals as well. Its activitiesare likely to be as unaccountable as ever, by-passing standards ofprivacy and data protection."

- European Parliament: Echelon report:http://www.statewatch.org/news/2001/sep/echelon.pdf

- Appraisal of technologies of political control (for the EP STOA Committee):http://www.statewatch.org/news/2005/may/steve-wright-stoa-rep.pdf

- European Union and the FBI launch global surveillance system: AStatewatch report, 10 February 1997:http://www.statewatch.org/NEWS4A.HTM

- News report: FBI wants instant access to British identity data -Americans seek international database to carry iris, palm and fingerprints (Guardian, link):http://www.guardian.co.uk/print/0%2C%2C332065468-103690%2C00.html

Spamming: money, money, money..

Like hacking and the like, spamming is very profitable an activity, especially when linked with stock trading. According to this article, £1.5m in one summer, more than the salary in one's life time for most of us; and guess where they are coming from, sadly? Russia, HK and Canada, highlighting a constant feature of cybercrime, i.e. it is global crime.
The article does not hint on how the investigation has been done, but i'll be curious to know if the stock exchanges internal police were involved...

"US indicts pump-and-dump 'spam king' " (4 January 2008)

Hacking, extorsion, espionage...: money and political motives

Nothing new; most hacks aim at money.

Extorsion (or blackmail) is very profitable. see Tom Espiner, "Schneier: Cyber-extersion on the increase" ZDNet (23 january 2008) http://news.zdnet.co.uk/security/0,1000000189,39292357,00.htm

as well as corporate espionage, ZDNet (7 january 2008) http://resources.zdnet.co.uk/articles/0,1000001991,39291900,00.htm
and ZDNet (28 January 2008) where Greek Police arrested a hacker selling the corporate secrets of Dassault (French military company) http://news.zdnet.co.uk/security/0,1000000189,39292445,00.htm

and in general, about profits made by selling hack services and other tools: "Cracking open the cybercrime economy" (14 December 2007)

And when it is not hacking, it is modifying data, for revenge... An employee in the US was found guilty of computer damage and got 30 months imprisonment, a particularly harsh sentence comparing to customary sanctions applied (9 January 2008) http://news.zdnet.co.uk/security/0,1000000189,39292027,00.htm

And from time to time, political motives are not forgotten: "Hackers crash Panama's National Assembly website" (22 January 2008) http://news.zdnet.co.uk/security/0,1000000189,39292320,00.htm

Hacking: anatomy of an attack

Several comments sprung to mind when I read the article:
1) the liability of the hacker, what if he was employed by security firm?
2) why goverment as a target? government is not the only institution to have information. Tesco has probably more about us that government.
3) the IT team seems doing its work; how efficient is technology to counterattack technology?
4) the key role IT team plays in safeguarding evidence which for criminal investigation purposes can only be crucial...
Sally Whittle, "Anatomy of an attack", ZDNet (7 January 2008)

Thursday, 3 January 2008

Preventing crime: internet, a help to police forces

Often, internet is viewed as a threat by police forces because of its elusive character and the challenges it creates in relation to criminal procedure. But sometimes new technologies can be for the better: see the FBI thinking of using it to list all crimes having recently occured, a bit like the TV series Crimewatch... with the same dangers? " Crowdsourcing Law Enforcement" (28 December 2007) http://www.techdirt.com/articles/20071228/145343.shtml

and for a similar theme, but with a real case of a Japanese criminal wanted for 25 years who indicated on his blog his travel to US territory and obviously got! (29 February 2008)http://www.techdirt.com/articles/20080229/080250385.shtml

Criminal procedure: intercepting and posting

Intercepting communications is not new (remember the old days where post mail was opened and retained...) and the requirement to do it openly or at least within a framework where effective control exists has never been well accepted by investigatory forces. So it should not come as a surprise that the FBI does not particularly appreciate to follow court orders "FBI Apparently Believes That Court Orders Are For Suckers" (21 December 2007)http://www.techdirt.com/articles/20071221/141358.shtml

A bit more problematic, but among similar lines because of conflicting interests, the possibility nowadays for anybody to post videos about other people including when they behave badly. Should it be allowed? or should we be a bit more responsible? TechDirt made a stark comment about students not being allowed to post bad behaviour of their teachers; but is it their job to do so? Are there not other means to deal with problematic behaviour? My concern moreover is the effect on potentially disciplinary proceedings to be started on the teacher on the basis of the video without any regulation about it. And what if the video is a fake? At least, regulations for videos in criminal procedure are there to ensure the media's reliability... "Student Films Principal Fighting Another Student... School Board Bans Mobile Phones" (21 December 2007) http://www.techdirt.com/articles/20071218/224449.shtml

Cybercrime, copyrights: what is free information?

Identity theft presupposes that the information is confidential because it is private or because of its commercial value or its intellectual value. But what about data that informs readers of the news of the world?
Newspapers struggle between two avenues: asking for payment to view contents (news of the day or/and archives), making the data available for free and finding new means to cover costs, notably to pay journalist.
Two articles shed light on the debate and can possibly help understanding when there is theft of information.
The first article, at TechDirt, gives a historical perspective to the debate by reminding us that news were usually given for free and adverts cover the most costs. "Why Journalists Demanding Newspapers Charge For News Need To Check Up On Newspaper History" 2 January 2008 http://www.techdirt.com/articles/20071231/002429.shtml

The second article, also at TechDirt, looks at a specific issue, the struggle to hire sport journalists, and put it in perspective. Maybe the difficulties newspapers have do no relate to the internet, but the evolution of society as a whole, internet being part of this evolution, but only a part of it. " The Journalism Business Is Dying? Someone Forgot To Tell Sports Reporters..." 26 December 2007 http://www.techdirt.com/articles/20071226/020326.shtml

I can't stop myself making a link with something apparently different but ultimately very close to the issue. Apparently a MIT professor was so unhappy somebody used 2 lines of his work he sued them, the money went to charities. All is well apparently because he did not get the money; but what is the value and purpose of suing for one person having used 2 lines of work? Can he not content himself with a reference to his name? I personally would not dream to ask people to pay to use my work, as long as my name is visible somewhere, and there is no commercial exploitation of my work (i.e. the idea is the fundamental basis of a new machine or service). "Professor Uses Copyright Threats After Joke Commercial Uses Some Of His Lecture" 26 December 2007 http://www.techdirt.com/articles/20071226/014929.shtml