This week, the FBI arrested a 19-year-old computer science student named Jared James Abrahams for tricking young women into installing malicious software on their computers, software that let him covertly operate their webcams and microphones, as well as capturing their keystrokes and plundering their hard-drives. Abrahams captured nude photos of his victims, then threatened to release them to the victims' social media accounts unless they performed live, on-camera sex-acts for him. At least one of his victims was a minor. Another of his victims was Miss Teen USA Cassidy Wolf, who turned him into the FBI.
Ars Technica's Nate Anderson has a spellbinding account of Abrahams's crimes, and the way that the FBI tracked him down, and he places Abrahams in the larger context of "RATers" (crooks who operate Remote Access Trojans -- the kind of malware used by Abrahams). This phenomenon is also the subject of one of the chapters in Anderson's excellent book The Internet Police: How Crime Went Online, and the Cops Followed, and few journalists are better qualified to write about the subject.
Read the rest
The Dutch MEP Marietje Schaake has a fantastic, must-read essay on the problem with "cyber-war." She lays out the case for securing the Internet (and the world of people and systems that rely on it) through fixing vulnerabilities and making computers and networks as secure and robust as possible, rather than relying on weaknesses in security as vectors for attacking adversaries.
Mass surveillance, mass censorship, tracking and tracing systems, as well as hacking tools and vulnerabilities can be used to harm people as well as our own security in Europe. Though overregulation of the internet should never be a goal in and of itself, regulation of this dark sector is much needed to align our values and interests in a digital and hyper-connected world. There are many European examples. FinFisher software, made by UK’s Gamma Group was used in Egypt while the EU condemned human rights violations by the Mubarak regime. Its spread to 25 countries is a reminder that proliferation of digital arms is inevitable.
Vupen is perhaps best labelled as an anti-security company in France that sells software vulnerabilities to governments, police forces and others who want to use them to build (malicious) software that allows infiltrating in people’s or government’s computers.
It is unclear which governments are operating on this unregulated market, but it is clear that the risk of creating a Pandora’s box is huge if nothing is done to regulate this trade by adopting reporting obligations. US government has stated that American made, lawful intercept technologies, have come back as a boomerang when they were used against US interests by actors in third countries.
Other companies, such as Area Spa from Italy designed a monitoring centre, and had people on the ground in Syria helping the Assad government succeed in anti-democratic or even criminal behaviour by helping the crackdown against peaceful dissidents and demonstrators.
It's just not good policy to make the people who are supposed to be securing our computers dependent on insecurity in computers to achieve that end.
In defense of digital freedom
Here's the video of "It's not a fax machine connected to a waffle iron," the talk I gave at the Re:publica conference in Berlin this week: "Lawmakers treat the Internet like it's Telephone 2.0, the Second Coming of Video on Demand, or the World's Number One Porn Distribution Service, but it's really the nervous system of the 21st Century. Unless we stop the trend toward depraved indifference in Internet law, making – and freedom – will die."
re:publica 2013 - Cory Doctorow: It's not a fax machine connected to a waffle iron
Thomas "Command Line" Gideon came out for the DC stop on my Homeland tour, at Busboys and Poets, and mic'ed me up for the event. He's mastered the audio and posted it. It's a 40 minute talk about the promise of technology to improve our lives, the risks from allowing technology to be used to surveil and control us, and the contributions Aaron Swartz made to this cause and to the book. There's also about 20 minutes of Q&A.
TCLP 2013-03-13 Cory Doctorow on the Themes of “Homeland”
Subscribe to Command Line podcast (RSS/XML)
Michael Geist sez,
A coalition of Canadian industry groups, including the Canadian Chamber of Commerce, the Canadian Marketing Association, the Canadian Wireless Telecommunications Association and the Entertainment Software Association of Canada, are demanding legalized spyware for private enforcement purposes. The demand comes as part of a review of anti-spam and spyware legislation in Canada.
The potential scope of coverage is breathtaking: a software program secretly installed by an entertainment software company designed to detect or investigate alleged copyright infringement would be covered by this exception. This exception could potentially cover programs designed to block access to certain websites (preventing the contravention of a law as would have been the case with SOPA), attempts to access wireless networks without authorization, or even keylogger programs tracking unsuspecting users (detection and investigation).
Sony Rootkit Redux: Canadian Business Groups Lobby For Right To Install Spyware on Your Computer