By Cybersecurity Intelligence.
Facebook says US Intelligence has corrupted the Internet
Mark Zuckerberg has posted his anti-American spying comments on Facebook. Zuckerberg hit out at the US government over the alleged surveillance and monitoring of web users by the National Security Agency (NSA). He strongly argued that because of documents released by Snowden it is now obvious that the American government via its intelligence services has used bogus Facebook identification to monitor, potentially propagandize and infect many millions of personal computers with software viruses and malware.
Zuckerberg let loose his annoyance with the US government after documents leaked byEdward Snowden explained that intelligence operations had used fake Facebook credentials to mislead web users while they corrupted millions of computers with viruses & malware.
“I’ve been so confused and frustrated by the repeated reports of the behavior of the US government. When our engineers work tirelessly to improve security, we imagine we’re protecting you (Facebook users) against criminals, not our own government,” Zuckerberg posted. “I’ve called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform.”
Also recently Tim Berners Lee, the UK inventor of WWW, said that the web requires a legal IT security Magna Carta in the face of growing surveillance and control from the governments. “Our rights are being infringed more and more on every side, and the danger is that we get used to it. So I want to use the 25th anniversary (of the web) for us all to do that, to take the web back into our own hands and define the web we want for the next 25 year,” Lee told the Guardian newspaper in the UK.
The documents leaked by Snowden and the alleged close ties of the technology companies with the US government have sparked a fierce debate among senior executives within technology companies, privacy activists, cryptographers and security researchers. While many consider Snowden to be a hero, some believe him to be misguided geek who has harmed American security through his disclosure of NSA programmes.
European Governments unaware of their own intelligence relationship with NSA
Edward Snowden has opened another can of worms exposing government naivety to cyber surveillance and many government official outside of the US claim ignorance of their nation’s cooperation with the US National Security Agency.
In Germany, when Der Spiegel first reported last June that the NSA was engaged in mass spying aimed at the German population, Chancellor Angela Merkel and other senior officials publicly expressed outrage – only for that paper to then reveal documents showing extensive cooperation between the NSA and the German spy agency BND. In the Netherlands, a cabinet minister was forced to survive a no-confidence vote after he admitted to having wrongfully attributed the collection of metadata from 1.8 million calls to the NSA rather than the Dutch spying agency.
A similar controversy arose in the U.S., when the White House claimed that President Obama was kept unaware of the NSA’s surveillance of Merkel’s personal cell phone and those of other allied leaders. Senate Intelligence Committee Chairwoman Dianne Feinstein claimed the same ignorance, while an unnamed NSA source told a German newspaper that the White House knew.
In the UK, Chris Huhne, a former cabinet minister and member of the national security council until 2012, insisted that ministers were in “utter ignorance” about even the largest GCHQ spying program, known as Tempora, “or its US counterpart, the NSA’s Prism,” as well as “about their extraordinary capability to hoover up and store personal emails, voice contact, social networking activity and even internet searches.” Huhne added, ”The Snowden revelations put a giant question mark into the middle of our surveillance state. It is time our elected representatives insisted on some answers before destroying the values we should protect.”
A classified NSA document published by The Intercept contains an internal NSA interview with an official from the SIGINT Operations Group in NSA’s Foreign Affairs Directorate. Titled “What Are We After with Our Third Party Relationships? — And What Do They Want from Us, Generally Speaking?”, the discussion explores the NSA’s cooperative relationship with its surveillance partners. Upon being asked whether political shifts within those nations affect the NSA’s relationships, the SIGINT official explains why such changes generally have no effect: because only a handful of military officials in those countries are aware of the spying activities. Few, if any, elected leaders have any knowledge of the surveillance.
These dangers have long been understood. After serving two terms as president, Dwight D. Eisenhower famously worried in his 1961 Farewell Address about the accumulated power of the “conjunction of an immense military establishment and a large arms industry,” warning of what he called the “grave implications” of “the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex.”
A secret GCHQ memo, reported by the Guardian in October, demonstrates that the agency’s primary motive for concealing its surveillance activities is that disclosure could trigger what it called ”damaging public debate,” as well as legal challenges throughout Europe. Those fears became realized when, in the wake of Snowden revelations, privacy lawsuits against the agency were filed in Europe, GCHQ officials were forced to publicly testify for the first time before Parliament, and an EU Parliamentary inquiry earlier this year concluded NSA/GCHQ activities were likely illegal. The British agency was also concerned about “damage to partner relationships if sensitive information were accidentally released in open court,” given that such disclosures could make citizens in other countries aware, for the first time, of their government’s involvement in mass surveillance.
According to Snowden, British and American spies are acting as malware hackers targeting millions of computers worldwide. Apparently, the NSA have set up fake and propaganda Facebook servers which allows data to be collected and also some to be rewritten to change stories and as propaganda.
The latest Snowden revelation claims that the NSA and GCHQ are expanding a massive programme of state-sponsored malware infection.
The malware allows spies to listen in to targets, watch them in some cases, extract data and destroy computers, according to documents from Snowden.
Russian Spyware Exposed
A 2008 Russian computer virus infected nearly a million PCs around the world including parts of the US, Europe as well as Russia itself according to the details of new research released this month and it ran for three years before it was stopped. Moscow-based Kaspersky Lab, said that at least 400,000 computers across Russia and Europe were infected with the virus, dubbed Agent.BTZ. The operators of Agent.BTZ have since stopped communicating with the virus after infections peaked around 2011.
Kaspersky published its analysis on the attacks because it believes they are likely linked to a sophisticated ongoing operation known as Turla, which is targeting hundreds of government computers across Europe and the United States. http://ow.ly/uZFvh
The largest number of infections by Agent.BTZ was in the Russian Federation, followed by Spain and Italy, Raiu said. Other victims were found in Kazakhstan, Germany, Poland, Latvia, Lithuania, the United Kingdom and Ukraine.
Details on the attack on the U.S. Central Command, which in 2008 was in charge of the conflicts in both Iraq and Afghanistan, have been deemed as classified by the Pentagon, so very little has been reported to date.
U.S. officials have said a foreign spy agency was responsible for the 2008 attack, which occurred when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. But they have never publicly singled out a particular country.
Some parts of NSA and CIA believe that Agent.BTZ was the work of Russian intelligence. Moscow has never confirmed those suspicions and Russia’s Federal Security Bureau last week declined to comment when asked about their cyber espionage programs.
Over 360 Million Private Details are on Sale
Hold Security www.holdsecurity.com have discovered more than 360 million newly stolen credentials and around 1.25 billion email addresses available for sale on the black market. It includes credentials from more than 360 million accounts and around 1.25 billion email addresses. Just a couple of weeks ago Hold Security reported it has discovered private details for close to 7,800 FTP (File Transfer Protocols) servers being circulated in cybercrime forums in the Deep Web. Apparently, a single hacker as stolen more than 105 million records, probably the largest single data breach ever.
Hold Security discovered a cache of over 300 million credentials still not publicly disclosed, but the total amount of abused credentials available on the black market could be over 450 million, including data related to the previously reported Adobe breach, when details of 2.9 million people globally were stolen in a highly sophisticated cyber attack against Adobe systems.
BYOD is a real Cyber Threat
Organisations that allow employees to bring in their own devices (BYOD), computers and mobiles etc. and use them when they are working find it is causing serious security issues. This is because there is a real lack of knowledge and awareness among the most working staff, of whatever age or experience, of how the engagement with the organisation’s IT systems should operate.
There is a lack of clear strategic and tactically related security expenditure and implementation by the senior management and connections with the IT staff’s issues and systems. You can have the best technical security and the most sophisticated processes in place, but a few or just one member of staff who is unaware of the procedures required can compromise your whole business activity and technology system. However, BYOD has definite advantages (although the argument about IT cost savings is debatable once proper security is taken into account) and allows employees to work from home and whist they are out of the office between meetings et al and should be used but with serious consideration given to the security issues.
BYOD is often not managed properly. Systems can be corrupted and infected. Cyber security should be continually balanced against the risks faced by the organisation. The security should be focused and based on the particular ways in which the organisation is perceived and how it operates. IT security should be the organisations own function and should not be parceled out to an outside security company. Outside reviews and advice and projects can and should be used but the day-to-day security of the system should be the responsibility of the organisation itself, so that ongoing and changing issues are understood.
The particular problem of BYOD is that it can also easily leave you open to cyber malfunction and attacks, which been brought into the organisation literally just that morning.
This issue feeds into a general lack of understanding of legal requirements surrounding data protection and credit card processing and this could land your organisation in an expensive turmoil, legal costs, fines and significant PR issues, tarnishing the picture for a long time. Cyber security requires a well-considered and continual review of security and this should be seen as part of the strategic and tactical understanding of the position and perspective of your organisation within its area of operations.
Classes on Cyber for UK Children
New learning materials would be offered to UK schools to publicize jobs in the cyber sector, the Department for Business, Innovations and Skills said.
Special learning materials for 11 to 14 year-olds and plans for a new higher-level and advanced apprenticeships are among new government plans to increase the cyber security skills of our nation.
The Cyber Security Skills: Business Perspectives and Government’s Next Steps report, includes plans to provide training for teachers to enable them to teach pupils about cyber security. The latest plans said teachers would be given training in how to inform children about this new, evolving subject area.
Universities and science minister David Willetts said: “Today countries that can manage cyber security risks have a clear competitive advantage. By ensuring cyber-security is integral to education at all ages, we will help equip the UK with the professional and technical skills we need for long-term economic growth.”
Speaking on its behalf, Sir David Pepper said a national shortage of cyber skills was “a key issue” for businesses and the government in dealing with “the growing threat from cyber-crime”.