On Q Professional Investigations

Among the snooping revelations of recent weeks, there have been tantalizing bits of evidence that the NSA is tapping fiber-optic cables that carry nearly all international phone and Internet data.

The idea that the NSA is sweeping up vast data streams via cables and other infrastructure — often described as the “backbone of the Internet” — is not new. In late 2005, the New York Times first described the tapping, which began after the Sept. 11, 2001 attacks. More details emerged in early 2006 when an AT&T whistleblower came forward.

But like other aspects of NSA surveillance, virtually everything about this kind of NSA surveillance is highly secret and we’re left with far from a full picture.

Is the NSA really sucking up everything?

It’s not clear.

The most detailed, though now dated, information on the topic comes from Mark Klein. He’s the former AT&T technician who went public in 2006 describing the installation in 2002-03 of a secret room in an AT&T building in San Francisco. The equipment, detailed in technical documents, allowed the NSA to conduct what Klein described as “vacuum-cleaner surveillance of all the data crossing the internet — whether that be peoples’ e-mail, web surfing or any other data.”

Klein said he was told there was similar equipment installed at AT&T facilities in San Diego, Seattle, and San Jose.

There is also evidence that the vacuuming has continued in some form right up to the present.

A draft NSA inspector’s general report from 2009, recently published by the Washington Post,refers to access via two companies “to large volumes of foreign-to-foreign communications transiting the United States through fiberoptic cables, gateway switches, and data networks.”

Read More

Google scientists have launched up to 30 helium-filled test balloons into the skies above New Zealand, with the dream of bringing the Internet to nearly five billion people across the globe without access to the World Wide Web.

The technology giant unveiled the project Saturday in Christchurch, where some 50 volunteer households have begun receiving Internet signals beamed from the balloons to their home computers. The wind-driven balloons are floating 20 kilometers above the earth and are designed to remain airborne for more than three months.

Project leader Mike Cassidy said engineers hope to provide much cheaper Internet connections in undeveloped and developing areas of the world. He cited current Internet costs in large parts of Africa, where monthly access costs are higher than monthly salaries.

Cassidy, speaking to reporters, called the project a “huge moonshot, a really big goal to go after.” But he also described the potential results as life-changing for billions of people across the globe.

The initiative, called “Project Loon,” was developed in the same top-secret Google X laboratories where scientists are developing the prototype driverless car and Google’s web-surfing eye glasses.

Google says the thin plastic, high-pressure balloons hovering over New Zealand carry navigational equipment, solar-powered panels, radios and transmitters. The balloons receive Internet signals from ground stations and then relay those signals to small specialized antennas on rooftops below.

Engineers are also touting the potential benefits of the balloon transmitters in areas that have lost communications because of violent storms and earthquakes.

View Source

The next time you post something on Facebook, LinkedIn, YouTube or practically anywhere else on the Internet, keep in mind you’re leaving cyber crumbs behind.

The trail can become key evidence in a lawsuit, as purported bigamist John France of Westlake learned when his wife discovered he had married someone new after she saw wedding photos of France and Wife 2 on Facebook a few years ago.

Granted, the photos weren’t exactly discreet. The wedding ceremony had been at Disney World in Orlando, Fla., with France dressed as Prince Charming and his new bride as Sleeping Beauty, surrounded by footmen.

While the France case may be over the top, gathering evidence from social media sites and other Internet sources has become quite routine in law practices. Family law, workers’ comp, trademark infringement and defamation litigation all lend themselves to sweeps of social media sites to bolster cases.

“The proverbial ‘smoking gun’ document of the pre-Internet era, which had given way to smoking gun email, has now given way to the smoking gun social media post,” attorneys Joshua Briones and Ana Tagvoryan write in “Social Media as Evidence,” newly published by the American Bar Association.

The authors point to the staggering growth of social media as tracked by pewinternet.org. Eighty percent of Americans who are online now regularly use some form of it. By the end of 2012, there were 200 million blogs worldwide, 901 million monthly active users of Facebook, more than 260 million users on Myspace, 160 million LinkedIn users, 340 million Tweets every 24 hours and 4 billion YouTube views per day, according to the Pew Research Center.

People will say things on social media sites that they would never say around the water cooler, said Tracy Johnson, an intellectual-property lawyer at Calfee Halter & Griswold in Cleveland.

“I think there’s a certain feeling of social anonymity,” Johnson said. “Also, I don’t think people really understand — certainly they don’t think about — the permanence of what they said or how they’re saying it. Sometimes it’s practically impossible to pull back an utterance online.”

An utterance or an image: Police in the recent conviction of Taunee Smith in the 2011 murder of DeJohn Dammons in Euclid used Facebook photos to identify Smith as present on the night of the shooting.

In an Arizona criminal case, prosecutors used the Myspace profile of Kirk Pressley Jr. to prove his Internet usage and alcohol consumption in violation of his probation. Pressley argued unsuccessfully on appeal that the trial court erred in admitting Myspace photographs.

On the civil side, litigants are checking social media sites as a standard part of due diligence for their clients. And insurance companies comb Facebook and Twitter accounts to assess the status of clients who file accident and personal injury claims.

Intellectual-property lawyer Philip Bautista at the Cleveland office of Taft, Stettinius & Hollister, said lawyers there make regular anti-piracy checks of social media sites. They’re looking for trademark and copyright infringements on clients with large portfolios of brands, including the Hershey Co. and gun manufacturer Heckler & Koch, he said.

“You can look at a business’s Facebook page and determine when an opposing party has used the trademark at issue,” Bautista said.

Briones and Tagvoryan say blogs and even the comments posted on them have deepening legal reach.

Court clerks use blogs as a source for researching legal issues, in the same way they used law review comments in the past, they said. U.S. Supreme Court Justice Anthony Kennedy recently remarked that comments on law review articles come out too late to be of use to the court, so he finds his clerks reading blogs for insight on cases pending before the court.

Internet sites are not culled only for evidence to prove cases or impeach witnesses. Online posting itself can be the subject of a lawsuit, as a South Carolina woman found when Med Express of Medina sued her over a complaint she wrote on eBay.

The posting by Amy Nicholls of Greenville, S.C., was not extremely critical. She said the microscope she bought from medical equipment supplier Med Express arrived with $1.44 in postage due. She posted that information online and gave the company a low rating on eBay’s feedback forum.

Med Express admitted its shipping error, offered to reimburse Nicholls for the postage and asked her to take down her posting. When Nicholls refused to retract it, Med Express responded with a defamation lawsuit.

“We certainly admit that it arrived postage due,” said Med Express lawyer James Amodio, who said the postage problem apparently arose because of a weighing error with the package.

Amodio said Med Express insisted on a retraction because the company sells exclusively over eBay, where a sufficient level of negative feedback can increase the cost of sales as well as possibly drive away customers.

A hearing in the case is set for May 2.

Paul Levy, staff attorney for the consumer advocacy group Public Citizen, blogged about the case in the hopes of finding a pro bono attorney for the defendant. Public Citizen itself usually doesn’t take on cases such as Nicholls’, at least at the trial court level.

“There are so many defamation cases out there, we couldn’t defend everyone,” Levy said, “and it would only scratch the surface.”

View Source

Mobile and Mac malware burbles noxiously, data breaches and data mining will cause more havoc with your privacy, and the Web will continue to suffer the ignominy of poorly-written, Swiss-cheesed code as security experts predict lessons from 2012 go unlearned in 2013.

The Internet is slowly changing, and security experts say that today’s security issues will continue to be major players in driving that change. Here are four trends that dominated headlines in 2012, and will continue to play a major role in 2013.

The Internet as governmental tool

The collective realization by governments around the world that the Internet is an excellent network for conducting surveillance, monitoring, espionage, and war, says Finnish computer security firm F-Secure’s Chief Technical Officer Mikko Hypponen, may not come to full fruition in 2013. But the foundation for that change is already underway.

“There will be more operations along the lines of Olympic Games, also from other sources than US and Israel. Later on, we might look back at these first 20 years of the Web as the Golden Days, when the net was still free,” he wrote in an e-mail to CNET. “Olympic Games” is the covert inter-government project that reportedly birthed Stuxnet, Duqu, and Flame.

Information security expert Chris Wysopal agreed that “cyber-warfare” is becoming commonplace. “When there’s a political or actual war event, we’re seeing cyber-attacks parallel that. It does seem to be more pronounced. It’s almost not newsworthy, as if we expect it to happen alongside a political event.”

Take that in for a moment. Government-sponsored, computer-based attacks, as “almost not newsworthy,” he said.

But just because these attacks are becoming more frequent doesn’t mean that they don’t stymie security researchers. Tomer Teller, a security evangelist and researcher at Check Point, said that he was surprised this year by the rise of “precision-targeted attacks.”

“We saw that with Gauss this year, from the Stuxnet family. It had an encrypted payload, and researchers couldn’t decrypt it,” Teller said.

Tim Rains, the director of Microsoft’s Trustworthy Computing division, pointed out that these governmental actions have consequences beyond the nuclear reactors of Iran and other industrial targets.

“Eighty-five percent of the exploits against operating systems tried to take advantage of one of the vulnerabilities that Stuxnet used. A very small fraction of malware uses “zero-days,” so we’re seeing commodity malware writers benefits from the research of professionals,” he said. “It was a trend in 2012, and we’ll continue to see that in the next year.”

More mobile devices, bigger targets

Experts have been talking up mobile security for several years now, and as mobile device proliferation continues, so will the security problems associated with them. Because the problems are mobile and always-connected in nature, the security challenges will become more complex in 2013, experts told me.

Lookout Mobile Security’s senior product manager, Derek Halliday, noted two interesting trends that his company saw in 2012. Lookout predicted and saw in 2012, “only a few dominant kinds of mobile malware,” he said.

Microsoft’s Rains agreed. “[The Looter exploit] is responsible for the second-most highest number of mobile threats we saw.”

Halliday added, “The other thing was how geographic specific these threats were. We were surprised by the stark contrast between the U.S. and say Russia or China. If you try to run a toll fraud application at scale in the U.S., you’ll encounter some problems — a double-opt in message, government intervention,” he said.

Another point Halliday made was that while Android 4.2 is the most secure yet, with numerous security improvements, operating system fragmentation will prevent it from reaching most people until late 2013.

On the other hand, said Wysopal, the impact of mobile malware is definitely growing. “In 2012, half a percent of all mobile users got hurt by mobile malware in the U.S. That’s a million people, not an insignificant number. It’s a trend that is happening slower than expected, but it’s not going to go away.”

The malware problem is likely to remain isolated from Apple’s iOS, according to Hypponen. “There’s still no iPhone malware. Five years after shipping one of the most popular systems, they have no malware problem at all. That’s a major accomplishment by Apple. Job well done.”

Read More

The New York Police Department has, for the first time, laid out rules for using social media sites like Facebook and Twitter during investigations.

New York City Police Commissioner Raymond Kelly issued a memo that makes it OK for cops to register fake aliases to cruise social media, as long as they keep the department informed.

The five page memo says officers involved in probes involving social media may register their aliases with the department and use a department-issued laptop whose Internet-access card can’t be traced back to the NYPD, the New York Daily News reports.

Trolling the Internet can give police a tipoff to an imminent threat or give cops a leg up if they are conducting undercover work that requires deception, such as posing online as a teen to nab a rapist.

According to the paper, Christopher Dunn, an associate legal director for the New York Civil Liberties Union, pointed out that police work on the Internet is ripe for abuse.

“Electronic undercover work is fine. But we worry about the ease with the police can use deceit on the Internet to monitor private communications. Police infiltration of social media should be closely regulated,” the paper quoted him, as saying.

Jethro Eisenstein, a lawyer, whose lawsuit led to the Handschu Guidelines, a consent decree that governs how police investigate political activity, also stressed that using aliases violates those guidelines.

The NYPD memo comes as police have made headlines for how it uses and deals with the Internet.

The memo says officers can use subpoenas, court orders or search warrants to obtain certain electronic evidence, the paper said.

View Source

Online dating scams have become a worldwide issue. A study presented at the annual meeting of the British Psychological Society in London found that people with strong romantic beliefs who idealize their romantic partners are most likely to fall victim to online dating scams. Meanwhile, the U.S. Department of State has posted an advisory warning Americans to “be alert to attempts at fraud by persons claiming to live outside of the U.S., professing friendship, romantic interest, and /or marriage intentions over the Internet.”

According to the State Department, the following red flags can be used to identify a potential romance scam:

The scammer and the victim meet online – often through Internet dating or employment sites.

The scammer asks for money to get out of a bad situation or to provide a service.
Photographs that the scammer sends of “him/herself” show a very attractive person. The photo appears to have been taken at a professional modeling agency or photographic studio.

The scammer has incredibly bad luck– often getting into car crashes, arrested, mugged, beaten, or hospitalized — usually all within the course of a couple of months. They often claim that their key family members (parents and siblings) are dead. Sometimes, the scammer claims to have an accompanying child overseas who is very sick or has been in an accident.

The scammer claims to be a native-born American citizen, but uses poor grammar indicative of a non-native English speaker. Sometimes the scammer will use eloquent romantic language that is plagiarized from the Internet.

Many dating sites and online communities have turned to device identification leader iovation Inc. for help. iovation works with global dating websites and social networks to protect their members from behind the scenes by eliminating scammers before they’ve had a chance to case harm. iovation has already prevented more than 50 million online scams, spam, solicitations, fake profiles and phishing attacks in their attempt to make the Internet a safer place to do business and interact.

Read more