Schneier: "It's really too late to secure 5G networks"

Bruce Schneier's Foreign Policy essay in 5G security argues that we're unduly focused on the possibility of Chinese manufacturers inserting backdoors or killswitches in 5G equipment, and not focused enough on intrinsic weakness in a badly defined, badly developed standard wherein "near-term corporate profits prevailed against broader social good." Read the rest

NSO Group employees kicked off Facebook for spying for brutal dictators are suing Facebook for violating their privacy

The NSO Group (previously) is an Israeli spyware company that sells tools to autocratic states that are used to spy on democratic opposition movements, journalists, and so on (the company's tools were used by the Saudi government to spy on Jamal Khashoggi in the runup to his kidnap and grisly murder). Read the rest

After suing NSO Group for hacking Whatsapp, Facebook kicks NSO employees off its services

This week, Facebook filed suit against the NSO Group, a cyber-arms dealer that supplies some of the world's most oppressive regimes with spying tools used to attack dissidents, journalists, human rights activists, and democratic opposition figures; Facebook alleges that NSO Group was behind more than 1,400 attacks on Whatsapp users. Read the rest

You have the right to remain encrypted

“You have the right to remain silent.” We’ve heard the Miranda warning countless times on TV, but what good is the right to remain silent if our own cellphones testify against us? Imagine every incriminating and embarrassing secret our devices hold in the hands of prosecutors, simply because you’ve been accused of a minor crime. This is the brave new world that Attorney General Bill Barr advocated when he recently addressed the International Conference on Cyber Security and called for an end to encryption as we know it. Read the rest

EFF publishes an indispensable, plain-language guide to "cell-site simulators": the surveillance devices that track you via your phone

In 2012, the Wall Street Journal first reported on a mysterious cellphone surveillance tool being used by law-enforcement; years later, we learned that the origin of this report was an obsessive jailhouse lawyer who didn't believe that the cops had caught him the way they said they had. Read the rest

UK ISP Association, spies, censorship organsation jointly condemn Mozilla for supporting secure DNS because it breaks UK internet censorship rules

ISPs in the UK are required to censor a wide swathe of content: what began as a strictly limited, opt-in ban on depictions of the sexual abuse of children has been steadily expanded to a mandatory ban on "extreme" pornography, "terrorist content," copyright and trademark infringement, and then there's the on-again/off-again ban on all porn sites unless they keep a record of the identity of each user and the porn they request.. Read the rest

Chinese authorities are secretly installing their anti-Uyghur surveillance app on the phones of tourists to Xinjiang province

Back in 2017, Chinese authorities in Xinjiang began stopping members of the Uyghur ethnic minority and forcing them to install spyware on their phones: it marked an intensification of the country's crackdown on Uyghur's and other ethnic/religious minorities, which acquired a new technological fervor: next came the nonconsensual collection of the DNA of every person in Xinjiang, then the creation of torture camps designed to brainwash Uyghurs out of their Islamic faith, and then a full blown surveillance smart-city rollout that turned the cities of the region into open-air prisons. Read the rest

"Massive scale" intrusion into mobile carriers' networks exposed customers' location, call data for years

The security firm Cybereason says that it has identified a likely state-sponsored attack on ten global mobile phone networks that they have attributed to "the Chinese-affiliated threat actor APT10," which has been "underway for years." Read the rest

CEO of London's Serpentine Gallery resigns after Guardian report

[Addendum 2/20/2020: Following a legal complaint, the Guardian removed its article of 14 June 2019 and apologised to Mrs Peel. We are happy to clarify that Yana Peel is not, and was not, personally involved in the operation or decisions of the regulated Novalpina Capital investment fund, which is managed by her husband Stephen Peel, and others. Mrs Peel was not involved in any decision-making relating to the fund’s acquisition of NSO. Mrs Peel only has a small, indirect and passive interest in the fund. She does not own, whether directly or indirectly, any Novalpina Capital entity or any stake in NSO Group.] The NSO Group (previously) is one of the world's most notorious cyber-arms dealers, linked to horrific human rights abuses, extrajudicial killing of human rights activists, and the dirtiest of dirty trick campaigns against its critics (and their lawyers) -- they're also accused of helping with the Saudi government's murder and dismemberment of journalist Jamal Khashoggi. The company has changed hands several times, and its ownership structure is predictably obscure. It's well understood, however, that a regulated investment fund, managed by a private equity firm called Novalpina, owns a controlling interest in the company; Novalpina's co-founder is Stephen Peel. On Friday, The Guardian published an article revealing the NSO Group’s ownership structure. Peel has no involvement in the operations or decisions of Novalpina, which is managed by her husband, Stephen Peel, and his partners. The report set off a firestorm in the art and human rights world over the weekend, and by Monday, Peel had resigned as CEO, while issuing a statement condemning her critics, characterising their concerns as "a concerted lobbying campaign against my husband’s recent investment." Read the rest

Germany demands an end to working cryptography

Germany's Interior Minister Horst Seehofer -- a hardliner who has called for cameras at every "hot spot" in Germany -- has announced that he will seek a ban on working cryptography in Germany; he will insist that companies only supply insecure tools that have a backdoor that will allow the German state to decrypt messages and chats on demand. Read the rest

How can spies from democracies compete with spies from autocracies?

Economist international editor Edward Lucas devotes 4,000+ words in the new issue of Foreign Policy to the changing landscape of state espionage in the 21st century; it's not particularly well-organized (if there's a reason for the order in which his thoughts are laid out, I couldn't find it), but despite that, it's well worth a read, even if there's lots I don't agree with here. Read the rest

Discovering whether your Iphone has been hacked is nearly impossible thanks to Apple's walled garden

This week, we learned that the notorious Israeli cyber-arms-dealer NSO Group had figured out how hijack your Iphone or Android phone by placing a simple Whatsapp call, an attack that would work even if you don't answer the call. Read the rest

European telcos want the right to perform "deep packet inspection" on our data

[Austria's Epicentre Works is an incredibly effective European digital rights group, most famous for getting the EU's Data Retention Directive struck down; now, they're raising the alarm about a move to relax the EU's Net Neutrality rules to allow ISPs to conduct fine-grained surveillance and discrimination against services that aren't in bed with ISPs. I'm happy to provide Epicenter Works's Thomas Lohninger a space to highlight the group's efforts -Cory]

Today 45 NGOs, Academics and Companies from 15 countries released an open letter outlining the dangers of the wide-spread use of privacy invasive Deep Packet Inspection technology in the European Union. The letter is referencing the ongoing negotiations about Europes new net neutrality rules in which some telecom regulators are pushing for the legalization of DPI technology. Read the rest

Lawyer involved in suits against Israel's most notorious cyber-arms dealer targeted by its weapons, delivered through a terrifying Whatsapp vulnerability

NSO Group is a notorious Israeli cyber-arms dealer whose long trail of sleaze has been thoroughly documented by the University of Toronto's Citizen Lab (which may or may not be related to an attempt to infiltrate Citizen Lab undertaken by a retired Israeli spy); NSO has been implicated in the murder and dismemberment of the dissident Saudi journalist Jamal Khashoggi (just one of the brutal dictatorships who've availed themselves of NSO tools), and there seems to be no cause too petty for their clients, which is why their malware has been used to target anti-soda activists in Mexico. Read the rest

Zuckerberg announces a comprehensive plan for a new, privacy-focused Facebook, but fails to mention data sharing and ad targeting

Mark Zuckerberg's 3,000 word blog post about his plan to create a parallel set of Facebook services that contain long-overdue privacy protections has plenty to please both the regulators who are increasingly ready to fine the company billions and possibly even break it up, but also privacy advocates who will rightly cheer the announcement that the service will be increasing its end-to-end encryption offerings, only storing data in countries with good track records on human rights and the rule of law, and allowing users to mark some of their conversations as ephemeral, designed to be permanently deleted after a short while. Read the rest

Bowing to public pressure, Coinbase announces it will "transition out" the ex-Hacking Team cybermercenaries whose company it just bought

The cryptocurrency service Coinbase recently acquired Neutrino, a forensics startup founded by cybermercenaries who were left unemployed by the collapse of the company Hacking Team, following a dump of internal documents that revealed the company's enthusiastic and highly profitable complicity in human rights abuses by the world's most torture- and murder-happy autocrats and dictators. Read the rest

A finance industry group is pushing an intentionally broken cryptography "standard" called ETS

ETS was originally called "Enterprise TLS," implying that it was an "enterprise-grade" version of TLS, the system used to secure internet sessions (if you visit a URL that starts with "https://", it's being protected with TLS). Read the rest

More posts