"joseph menn"

Beto O'Rourke was in the Cult of the Dead Cow and his t-files are still online

Investigative tech journalist Joseph Menn's (previously) next book is a history of the Cult of the Dead Cow (previously) the legendary hacker/prankster group that is considered to be "America's oldest hacking group." Read the rest

Feds ask court to force Facebook to break Messenger's end-to-end voice encryption for MS-13 gang probe

In secret court proceedings, the U.S. government is trying to force Facebook to help wiretap Messenger. Facebook has declined, so the Justice Department is asking a judge for an order of contempt. Read the rest

Zuckerberg: Facebook will not stop spying on Americans to comply with EU privacy law

The imminent implementation of the EU's General Data Protection Regulation (GDPR) has been hailed as a victory for global privacy advocates; since the regulation severely limits the collection of data on Europeans -- even when they're communicating with non-Europeans -- services like Facebook would risk running afoul of the GDPR if they collected data on anyone in a way that violated EU rules, and since the penalties for violating the GDPR are incredibly draconian, the benefits of such surveillance would surely be outweighed by the risk of getting it wrong. Read the rest

Yahoo didn't install an NSA email scanner, it was a "buggy" NSA "rootkit"

Ex-Yahoo employees have spoken anonymously to Motherboard about the news that Yahoo had built an "email scanner" for a US security agency, likely the FBI or the NSA. These sources -- at least one of whom worked on the security team -- say that in actuality, the NSA or FBI had secretly installed a "rootkit" on Yahoo's mail servers and that this was discovered by the Yahoo security team (who had not been apprised of it), who, believing the company had been hacked, sounded the alarm, only to have the company executives tell them that the US government had installed the tool. Read the rest

Yahoo secretly built a tool to scan all email in realtime for US spies

In 2015, Yahoo CEO Marissa Meyer ordered the company's engineers to build a tool that scanned Yahoo Mail messages in realtime for "characters" of interest to a US security agency, either the FBI or the NSA. Read the rest

Congress wants to know if agencies were compromised by the backdoor in Juniper gear (and where it came from)

The House Committee on Oversight and Government Reform has asked dozens of agencies in the US government to disclose whether they used switches made by Juniper, the disgraced US network technology giant that had at least two backdoors inserted into the software for one of its most popular product-lines. Read the rest

Juniper blinks: firewall will nuke the NSA's favorite random number generator

In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA. Read the rest

New NYT editor spiked NSA spying story

Mostly lost in the past week's media gossip around NYT executive editor Jill Abramson's ouster, and Dean Baquet's promotion to her role: Baquet is the former LA Times editor who killed the biggest NSA leak pre-Edward Snowden. Read the rest

NSA had secret deal on back-doored crypto with security firm RSA, Snowden docs reveal

"As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry," reports Joseph Menn at Reuters in an exclusive today:

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

"Secret contract tied NSA and security industry pioneer" [Reuters.com] Read the rest

New Skype malware threat reported: Poison Ivy

Dancho Danchev reports an incident in which a friend pinged him at an odd hour on Skype "with a message pointing to what appeared to be a photo site with the message 'hahahahaha foto' and a link to hxxp://random_subdomain.photalbum.org." Yup, malware. The Poison Ivy trojan is spreading across Skype. [webroot via Joseph Menn] Read the rest

Why the world fears Anonymous: Joe Menn in the FT

(photo: Demonstrators wearing "Anynomous" masks protest in Madrid. REUTERS.)

Joseph Menn has a must-read analysis piece in the Financial Times today, mercifully freed from the paywall, about why the world fears so-called "hacktivists" like Anonymous. Everyone with a computer connected to the internet should read this piece.

To admirers, the hacktivism trend reflects the increased importance of technology in more and more aspects of life. The net is now democratising both legitimate political expression and hacking in the same way it once democratised media, allowing anyone to blog or publish an electronic book.

But others, including the companies that have lost business due to web outages or been robbed of customer information by hacktivists, believe Anonymous sets a dangerous precedent. “Motivation-wise, I think these guys are on a massive power trip. There is definitely some criminal element,” says Karim Hijazi, founder of tech security start-up Unveillance, which had its internal e-mails published by hackers with Lulz Security (commonly known as LulzSec), an Anonymous offshoot.

Even some supporters worry that if the group continues on its current path, it could trigger a legislative backlash that would bring heightened monitoring at the expense of the privacy that Anonymous prizes.

Steven Chabinsky, FBI deputy assistant director, says the bureau is placing “a lot of emphasis and focus on Anonymous and other groups that would be like them. These organisations have managed to use new technologies to connect to otherwise disenfranchised hackers to gather force and momentum in a way we have not seen before.” Since July, the FBI’s most useful ally has been Scotland Yard and its beefed-up e-Crime unit, which says it has arrested three of the four founders of LulzSec.

Read the rest

Two veteran Anonymous members say group is responsible for Sony attacks

Anonymous officially denies that it is responsible for the recent hacking attacks on Sony—well, to the extent that an entity like Anonymous is capable of doing anything "officially," or with one voice. But two hackers identified as veterans of Anonymous tell the Financial Times that the cyber-activist group, or at least cells of the group, are probably behind it.

One Anonymous member told the FT that he saw technical details of a vulnerability in Sony's network that enabled the break-in discussed on an Anonymous chatroom, shortly before the intrusion.

"The hacker that did this was supporting OpSony's movements," the Anonymous activist told the FT.

Another established member of Anonymous who participated in the hacking of security firm HBGary Federal, said it could well have been other members who subsequently hacked Sony.

"If you say you are Anonymous, and do something as Anonymous, then Anonymous did it," said the hacker, who uses the online nickname Kayla. "Just because the rest of Anonymous might not agree with it, doesn't mean Anonymous didn't do it."

Hackers admit Anonymous likely behind Sony attacks (FT, thanks Joseph Menn)

 

Sony PlayStation network targeted in massive customer data breach ... Sony: PSN intruder may have taken credit card info Embattled PS3 hacker raises big bank to fight Sony Sony: We wuz robbed. Again. Sony hack timeline Read the rest

Reports of a new virus, "Stars," hitting Iran: son of Stuxnet?

The government of Iran said today it has been targeted by a new computer virus dubbed "Stars." From a blog post by Joris Evers for computer security firm Macafee:

Stars would be the second malware infestation targeted at Iran within a years time, following the discovery of Stuxnet in July last year.

Outside of the published news reports, McAfee has no information on "Stars" at this time. That's different from Stuxnet, where international cybersecurity companies knew of the malware and were able to investigate it through customary sharing of malware samples.

We currently have no way of verifying the attack the Iranian government is reporting, nor do we have any way of identifying who might be behind the attack or what the target could be.

(via Joseph Menn) Read the rest

Moscow cops confiscate copies of book outing corrupt authorities

Police in Moscow have confiscated 3,500 copies of a book written by a Anna Sokolova (shown at left, she's on Twitter), investigative reporter with Forbes Russia, about links between regional authorities and corruption. From the Moscow Times:

The confiscation took place after Deputy Governor Igor Parkhomenko filed a libel complaint with the local police over the book, titled, "Corporation 'Moscow Region': How Russia's Richest Region Was Bankrupted."

The book had a total print run of 5,000. On his Facebook page, editorial director Leonid Bershidsky at Eksmo, the book's publisher, says the other 1,500 copies of the book had already been shipped to bookstores, but...

The confiscated books were not delivered to stores after an obscure company asked Eksmo to hold off on the shipments because it wanted to purchase them all, he said. The request came two days before the confiscation, but the company, Konsard, never picked the order.

Read the rest of the Moscow Times article here. Forbes Russia has an item up today about the police action here.

has released a sample chapter here, in Russian.

Journalists in Russia whose work runs afoul of authorities and/or crime syndicates are frequently the target of intimidation, violent attacks, disappearance, and murder. Sokolova and those close to her are now understandably concerned for her safety.

(via Joseph Menn) Read the rest

Tracing the pill-trails to America from Russia's e-pharmacy underworld

Security reporter Brian Krebs has a fascinating piece up on Pavel Vrublevsky, founder of Russia's biggest online payment processor, ChronoPay. Krebs reports that this man also co-owns Rx-Promotion, an online pharmacy that sells tens of millions of US dollars worth of controlled pills to Americans each year: Valium, Percocet, Tramadol, Oxycodone, and other substances with high street resale value. Just before Krebs arrived in Russia to meet with Vrublevsky, "several truckloads of masked officers from Russian drug enforcement bureaus" raided a private party thrown for the top moneymakers of Rx-Promotion (that's their promotional banner, above). Snip:

I hadn't told Vrublevsky that I was coming to Russia before I arrived on Feb. 8. But I wasted no time in phoning him via Skype, using the line he normally calls me on several times a week.

"Duuuuuuuudddde!," he answers. "It's 7 a.m. where you are, who died?"

I reply that I am in fact in his time zone and that we should meet. After another long "Duuuuuuuuddde!" Vrublevsky promises to send a car if I will wait in the hotel lobby. He tells me he'll be sending along with the driver his receptionist, named Vera. He proceeds to describe Vera as this grossly overweight, unattractive older lady but, hey, she speaks English and knows how to deal with Westerners, so she's coming, he says.

Fifteen minutes later, I am seated in the lobby waiting for Vera, watching incoming guests as they stomp off snow and trudge through the hotel's revolving door. I find it difficult to avoid staring at this unusually attractive, slender, dark-haired young woman standing nervously just beside the door.

Read the rest

Four horsemen of the information apocalypse: Cohen, Fanning, Johansen and Frankel

Time magazine's Lev Grossman's got a great profile of four authors of notorious software tools that formed the nexus of the last 12 years of copyright cold-wars: Bram Cohen (BitTorrent), Jon "DVD Jon" Johansen, Justin Frankel (Gnutella) and Shawn Fanning ("Napster").

So what ever happened to the pirate apocalypse of yesteryear? In the U.S., piracy hasn't turned out to be quite as bad for content producers as everybody thought. A report by the U.S. Government Accountability Office released last April labored mightily to establish a strong link between piracy and lost sales, but the results were inconclusive.

What's striking about the pirate kings is that they've been much less successful in the straight world than they were as pirates. An anarchic worldview coupled with brilliant code doesn't travel as well as you'd think in the bean-counting world of legitimate commerce. Good code empowers users by giving them choices and options, but empowered users aren't necessarily good for business. What you need to hit it really big in legitimate commerce is an authoritarian sensibility that limits users to doing what you want them to.

The Men Who Stole the World

(Thanks, Airshowfan, via Submitterator!)

  Jon Johansen acquitted! - Boing Boing Boing Boing: DVD Jon on VLC and Apple's iTunes singles Napster rises from grave - Boing Boing Welcome to the Boing Boing guestblog, Joseph Menn! - Boing Boing Boing Boing: MPAA, Bram Cohen announcement today in Hollywood ... Read the rest

Welcome to the Boing Boing guestblog, Joseph Menn!

I am delighted to welcome author and journalist Joseph Menn (web / Twitter / Facebook) to Boing Boing as guestblogger. His most recent book, Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet, was published this January in the US and comes out today in an updated paperback form.

From his bio:

Menn has spoken at major security conferences including RSA, Black Hat DC and DefCon on his findings, which include hard evidence that the governments of Russia and China are protecting and directing the behavior of some of the world's worst cyber-criminals. He also has given invited talks at meetings convened by the US Secret Service and Federal Deposit Insurance Corp.

"Fatal System Error accurately reveals the secretive global cyber cartels and their hidden multibillion-dollar business, proving cybercrime does pay and pays well," said Richard A. Clarke, special advisor to President George W. Bush for cyber security. The New Yorker magazine said it was "riveted" by the tale, comparing it to the novels of Stieg Larsson, while Business Week called it "a fascinating high-tech whodunit." Fatal System Error has been placed on the official reading list of the US Strategic Command and is being translated into Chinese, Japanese and Korean.

Menn has reported on technology for more than a decade at the Financial Times and the Los Angeles Times, mostly from his current base in San Francisco. His coverage areas for the FT include technology security and privacy, digital media, and Apple and the PC industry.

Read the rest

Next page

:)