A Skype call in Ethiopia will now get you 15 years in prison

A 30-second call using Skype in Ethiopia can land you a 15-year prison sentence, thanks to new legislation passed by the country’s government.

The new legislation will criminalize the use of all Voice Over IP (VoIP) services, such Skype or Google Voice, from within the country, according to an Al Jazeera report. The legislation, which was voted into law last month with little notice from international media, seems to close a loop hole allowing some of its citizens to communicate without being monitored by authorities.

The country’s sole communication infrastructure is operated by a government-run telecom Ethio Teleco. The new legislation empowers the state-owned telecom to not only prohibit the use of VoIP services, but also video chatting, social media communication, e-mail usage, and any other data transfer service capable of communicating information. So basically, that encompass pretty much all communication except for speaking aloud, and talking within your own mind.

The law also gives the government the right to inspect any imported of voice communication equipment as well as the power to ban any inbound packages that don’t have prior permission from the state, according to the Al Jazeera report.

Anyone in the country that uses an illegal phone service will face up to 15 years in jail and heavy fines. Making a phone call over the Internet is a no more reasonable punishment of 3 to 8 years in prison plus fines. Essentially, I don’t think the majority of the Ethiopian people will risk it, considering every facet of connected technology is so heavily monitored. This is especially true because Ethio Teleco recently installed a  system for blocking access to the Tor network that users browse anonymously and access blocked websites, according to Reporters Without Boarders.  Read More

Like LinkedIn, eHarmony is hacked; 1.5 million passwords stolen

A screenshot of insidepro.com, the site used by a hacker to dump two lists containing 8 million stolen passwords from LinkedIn and eHarmony. (Insidepro.com / June 6, 2012)

EHarmony, the popular online dating site, was the target of a password hacking attack that resulted in 1.5 million stolen passwords, most of which have been cracked.

The attack is believed to be by the same hacker who stole 6.5 million passwords from LinkedIn, the career-oriented social network.

The hacker posted two lists containing the 8 million passwords on the website insidepro.com, on which the user goes by the name of “dwdm.”

The larger list contained some passwords LinkedIn has now confirmed as belonging to its social network.  and a significant number of the passwords on the smaller list contained the words “eHarmony” or “harmony,” according to Ars Technica.

EHarmony has confirmed that some of its passwords were stolen. The company announced the news in a blog, but did not say how many passwords were stolen. The dating site reset passwords for compromised accounts and emailed those users with instructions on how to reset their passwords.

The user posted the list of hashed passwords online and asked peers for help cracking them. The passwords were not salted — which is an extra form of security that can be added on top of  hashing passwords — allowing dwdm’s peers to help crack the vast majority of the passwords. Ars Technica reports that only about 98,000 passwords are still secure.

Ars Technica reports that the lists only contains passwords and not actual logins, which makes the passwords useless even if cracked, but in all likelihood, the hacker also has the logins.  Read More

Del. House passes social media privacy bill

The Delaware House on Tuesday passed a bill prohibiting public and private schools in Delaware from requiring that students or applicants for enrollment provide their social networking login information.

With little debate, House members voted unanimously for the bill. It also prohibits schools and universities from requesting that a student or applicant log onto a social networking site so that school officials can access the site profile or account.

“With the number of kids who have social media sites and choose to share information with a select audience, I thought it was important to provide them some protection if they choose not to share that with the entire world,” said Rep. Darryl Scott, D-Dover, the legislation’s chief sponsor.

The bill initially introduced by Scott applied only to universities and institutions of higher education. An amendment approved Tuesday expands the scope of the legislation to primary and secondary schools as well. The amendment also allows for exemptions for investigations by police agencies or a school’s public safety department based on a reasonable suspicion of criminal activity or a school’s threat assessment policy or protocol.  Read More

Andrew Keen: ‘Social media is killing our species’

In his new book “Digital Vertigo,” Keen argues that the profusion of sharing online is harming society, dividing, diminishing, and disorienting humanity.

Andrew Keen took on the unruly Internet with his provocative 2007 book, “Cult of Amateur — How Today’s Internet is Killing Our Culture.” He advanced a thesis that mainstream media, copyrights, and the public trust are being compromised by the profusion of content on blogs, YouTube, and other venues. He described the situation as “ignorance meets egoism meets bad taste meets mob rule.”

In his new book, “Digital Vertigo,” Keen takes on Facebook and the social web. He argues that the profusion of sharing online is “killing our species,” dividing, diminishing and disorienting humanity. He maintains that a kind of “digital narcissism,” or exhibitionism, is becoming a salient feature of our culture, and that Facebook is “stealing the innocence of our inner lives.”

Sharing, or over-sharing, individual data, according to Keen, will lead to a generation of individuals without “mystery,” living more isolated lives and lining the pockets of the social network companies that turn their data into profit.

In the video interview above, Keen and I debate his notion that the social web is leading civilization off a cliff and “stealing the innocence of our inner lives.” Watch the video

Massive ‘Flame’ Malware Stealing Data Across Middle East

By Chloe Albanesiu

Researchers at Kaspersky Lab have uncovered a massive cyber threat, dubbed Flame, that is targeting “sensitive” information across the Middle East.

The malware, Kaspersky said, “might be the most sophisticated cyber weapon yet unleashed.”

Once deployed, Flame can sniff network traffic, take screenshots, record audio conversations, intercept a keyboard, and more, Kaspersky said. All of this data is then available via Flame’s command-and-control servers.

Iran has thus far been hardest hit by Flame, with at least 189 infections. Israel/Palestine came in second with 98, followed by Sudan (32), Syria (30), Lebanon (18), Saudi Arabia (10), and Egypt (5).

Kaspersky has not identified any specific organization that Flame is targeting. “From the initial analysis, it looks like the creators of Flame are simply looking for any kind of intelligence – emails, documents, messages, discussions inside sensitive locations, pretty much everything,” Kaspersky’s Alexander Gostev wrote in a blog post. “We have not seen any specific signs indicating a particular target such as the energy industry – making us believe it’s a complete attack toolkit designed for general cyber-espionage purposes.”  Read More

Looking for love in the wrong (online) places costs $5,700 every hour

May 21, 2012 By Graeme McMillan

Just how much money is lost to spam email and other Internet scams every year? According to a new FBI report, the figure for last year was $485.3 million – and it’s going up every single year.

If your email is anything like mine, every day brings a new stream of messages that go directly into the spam folder with their promises of true love, hot sex or free money as long as you’d kindly fill in your personal details and send them along to make the transaction that little bit easier. And, if you’re anything like me, you’ll laugh at the new fictional sender name (Recently, the messages in my spam filters have either included the word “spam” as the sender’s last name – I imagine someone who’s actually called “Jessica Spam” getting frustrated every time one of her friends tells her that they didn’t see her email for some reason – or used the real names of popular movie directors and comic book creators from the 1980s) or mangled english used in the subject line, delete the message and wonder “Does anyone actually fall for that?”

The answer, according to the FBI’s Internet Crime Complaint Center – or IC3, for short – is a resounding, and somewhat depressing, yes. According to IC3′s 2011 Internet Crime Report, cyber crime rose 3.4 percent in 2011 compared with the previous year to an estimated adjusted dollar value of $485.3 million. The most common crime reported to IC3 during 2011 was, the report explains, “FBI-related scams, identity theft and advance fee fraud,” with most crimes reported in California (34,169 complaints filed), Florida (20,034), Texas (18,477), New York (15,056) and Ohio (12,661). California also hold the dubious crown of highest dollar losses reported, with a total of $70.5 million.  Read More

Cybercriminals offer bogus fraud insurance services

Security researchers from Trusteer have spotted a clever new technique used by cybercriminals interested in optimizing their malicious campaigns in an attempt to earn more revenue.

Here’s how it works:

The recent attack we discovered uses the Tatanga malware platform. In the configuration file we captured, Tatanga notifies the online banking victim via a web browser injection that their bank is offering free insurance protection against online fraud.The victim is then presented with a fake insurance account that claims to cover the total amount of funds in their bank account. This fake insurance account is actually a real bank account that belongs to a money mule. The victim is told that they will be protected against any losses from online fraud by this insurance coverage. In the final step, the victim is prompted to authorize a transaction that they believe is to activate the insurance coverage. In all likelihood, the victim does not expect any funds will be transferred out of their account.To approve the transaction the victim enters a one-time SMS password that is sent to their mobile device. Unfortunately, the victim is actually approving a transfer of funds from their account to the fraudster’s money mule account.

Despite the technological implementation behind the success of the campaign relies on the Tatanga malware platform, a central role for the success of the concept is played by money mules.

Recruited though bogus ‘work at home’ job offers offering up to 45% revenue sharing schemes for amounts starting from $5000 and going up to $7000, thousands of average Internet users unknowingly become active participants in the cybercrime ecosystem. The process, now largely standardized, relies on bogus companies set up for the purpose of recruiting unaware Internet users into processing fraudulently obtained funds.  Read More

How New Internet Spying Laws Will Actually ENABLE Stalkers, Spammers, Phishers And, Yes, Pedophiles & Terrorists

There’s proposed legislation in the US (sponsored by Lamar Smith) and in Canada (sponsored by Vic Toews) and in the UK that uses various flimsy justifications for the mass collection of data on telecommunications users. The data covered by these proposals varies, but includes things like URLs, phone calls, text/instant/email messages, and other forms of communication. Some of this proposed legislation deals with communication metadata, e.g., sender, recipient, time, etc.; some of it deals with communication content, e.g., the full text of messages.

I’m going to gloss over the specifics for two reasons: first, they’ve been covered exhaustively elsewhere, and second, I think it’s an absolute certainty that whatever these proposals contain, the next ones will contain more.

The putative reasons given for these proposals are the usual Four Horseman of the Infocalypse: terrorists, pedophiles, drug dealers, and money launderers. One would think, given the hysteria being whipped up by the proponents of these bills, that one could hardly walk down the street without being offered raw heroin by a grenade-throwing child pornographer carrying currency from 19 different countries.

Of course, everyone who’s actually studied terrorists, pedophiles, drug dealers and money launderers in the context of telecommunications knows full well that nothing in these bills will actually help deal with them. The very bad people who are seriously into these pursuits are not stupid, and they’re not naive: they use firewalls, encryption, and tunneling. They use strong operating systems and robust application software. They use rigorous procedures guided by a strong sense of self-preservation and appropriate paranoia. They’re not very likely to be caught by any of the measures in these bills because they’ll (a) read the text and (b) evade the enumerated measures.  Read More

CON Social Networking Sites

1. Social networking sites entice people to spend more time online and less time interacting face-to-face. The sites offer many time wasting activities that supplant more productive activities. Teens spend an average of nine hours per week on social networking sites (950 KB) . [22]
2. Teens growing up with these sites may not be aware that the information they post is public and that photos and text can be retrieved even after deletion. Consequences from over-sharing personal information include vulnerability to sexual or financial predators and lost job opportunities from employers finding embarrassing photos or comments.
3. Social networking sites have no way to verify that people are who they claim to be, leaving people vulnerable to solicitations from online predators who are able to mask their true identities. In Feb. 2009, MySpace identified 90,000 registered sex offenders with profiles on the site, while Facebook declined to reveal how many were present on its site. Even if the sites agree to remove sex offenders, they cannot identify all of them or stop them from creating new accounts. [6]
4. Social networking sites make cyberbullying, a type of bullying that occurs online, easier and more public than bullying through other online activities such as email and instant messaging. A 2009 study found that 17.3% of middle school students have been victims of cyberbullying. [7] Victims often experience a drop in grades, decreased self-esteem, and other symptoms of depression. [8]
5. The US Marine Corps banned the use of all social media sites on its networks because the sites are “a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries.” [9] The entire Department of Defense is considering a ban on social networking sites because of concerns over security threats and potential computer viruses.  Read Them All

Mozilla Slams CISPA, Breaking Silicon Valley’s Silence On Cybersecurity Bill

While the Internet has been bristling with anger over the Cyber Intelligence Sharing and Protection Act, the Internet industry has been either silent or quietly supportive of the controversial bill. With one exception.

Late Tuesday, Mozilla’s Privacy and Public Policy lead sent me the following statement:

While we wholeheartedly support a more secure Internet, CISPA has a broad and alarming reach that goes far beyond Internet security. The bill infringes on our privacy, includes vague definitions of cybersecurity, and grants immunities to companies and government that are too broad around information misuse. We hope the Senate takes the time to fully and openly consider these issues with stakeholder input before moving forward with this legislation.

CISPA was introduced to the House in Novemeber with the intention of allowing more sharing of cybersecurity threat information between the private sector and the government, but has since been criticized for a provision that would also allow firms to share users’ private data with agencies like the National Security Agency or the Department of Homeland security without regard for any previous privacy laws.

Just before its passage last Thursday, the House added new amendments broadening that sharing to not just information about cyberattacks but also any case that involves computer “crime,” exploitation of minors or even “the protection of individuals from the danger of death or serious bodily harm.”  Read More