Germany seeks malware 'specialists' to bug terrorists
http://www.theregister.co.uk/2007/11/21/germany_vxer_hire_plan/
The German government has reportedly started hiring coders to develop
"white hat" malware capable of covertly hacking into terrorists' PCs.
The recruitment push signals that the German government is going ahead
with controversial plans, yet to be legally approved, to develop "remote
forensic software" (AKA a law enforcement Trojan). BKA federal police
have been directed by the Interior Ministry to resume the initiative and
hire two "specialists" [1], AAP [2] reports.
Proposals to give explicit permission for law enforcement officials to
plant malware stem from a Federal Court ruling earlier this year
declaring clandestine searches of suspects' computers to be inadmissible
as evidence, pending a law regulating the practice. Germany's Federal
Court of Justice said the practice was not covered by existing
surveillance legislation.
Comps stolen from Kanpur DRDO lab
http://timesofindia.indiatimes.com/Lucknow/Comps_stolen_from_Kanpur_DRDO_lab/articleshow/2560576.cms
KANPUR: In what can be termed as highly detrimental to national
security, three computers, containing strategic information, have been
recently stolen from premises of Kanpur-based Defence Material Store
Research Development and Establishment (DMSRDE), a unit of Defence
Research Development Organisation (DRDO). And more shocking is the fact
that the incident has reportedly taken place between November 16 and
November 19, with former president APJ Abdul Kalam visiting the
establishment on November 16.
On Tuesday night, the Chakeri police registered a case on the complaint
lodged by DMSRDE security officer R N Pandey. The matter was reported
first last Monday when scientist Ashok Ranjan found the locks of Applied
Chemistry department broken and three computers missing.
"We have already informed DRDO headquarters and a six-member panel
headed by assistant director Mohd Naseem has been constituted to look
into the incident and submit a report within 15 days," DMSRDE director K
U Bhaskar Rao told TOI on Wednesday. He said the incident was very
serious as the entire premises was a high security zone. "However, it
wont have any impact on the national security," he added. One stolen
computer, "Drona," was connected to DRDO Intranet and contains
information about DRDO scientists including their phone numbers,
address, designations and also defence-related research projects they
are associated with. The other computers contained software used for
sample identification and quality measurement of defence-related
products.
Security expert's data alert went unheeded
http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/11/25/ncustoms625.xml
The Government failed to heed warnings that would have averted last
week's fiasco involving HM Revenue and Customs (HMRC), it can be
disclosed.
The concerns were raised two years ago by Dr Mark Walport, who
ironically was asked by Gordon Brown last month to head a six-month
review on the use of personal information.
The security expert co-authored a report for the Council for Science and
Technology, an independent government advisory body, which warned that
departments needed to "streamline data protection protocols" and improve
security.
The 37-page report, published in November 2005, was commissioned by the
Government for Tony Blair. It correctly predicted that the unauthorised
use of personal data would "damage [the] government's reputation with
political ramifications".
Last week, the warnings came back to haunt the Government as it was
revealed that HMRC had lost two CDs containing sensitive personal
details of 25 million people. In an interview with this newspaper, Dr
Walport described last week's disclosure as "a disaster".
ESU's code breakers
http://www.poconorecord.com/apps/pbcs.dll/article?AID=/20071125/NEWS/711250340/-1/NEWS01
EAST STROUDSBURG During rush hour on a Tuesday night in July 2006,
terrorists set off seven bombs in a coordinated attack on commuter
trains outside Mumbai, India, that killed more than 200 people and
wounded some 700 others.
Thousands of miles away, at East Stroudsburg University, computer
science graduate students are trying to foil future terrorists and
criminals from using a tool that may have masked the plotters'
communications with each other.
Authorities have suspected that the Mumbai bombers engaged in a
technique called steganography, according to news reports from India. It
would have disguised their plans, maps, photographs and bomb-making
instructions within common and seemingly innocent digital images that
they exchanged over the Web.
Steganography is most often deployed legitimately to watermark digital
images so that they will not be duplicated illegally. But some say the
technique's tracks have been glimpsed in shadier terrain in the
trafficking of child pornography, in identity theft, stealing
intellectual property and trading insider information.
"This is brand new stuff," said Paul Schembari, director of the computer
security program at ESU, which is one of 85 in the nation to be
certified by the National Security Agency and the U.S. Department of
Homeland Security. "It's out there and being used by bad guys."
Hushmail To Warn Users of Law Enforcement Backdoor
http://blog.wired.com/27bstroke6/2007/11/hushmail-to-war.html
Hushmail, the web's leading provider of encrypted web mail, updated its
explanation of its security model, confirming a THREAT LEVEL report that
the company can and will eavesdrop on its users when presented with a
court order, even if the targets uses the company's vaunted Java applet
that does all the encryption and decryption in a browser.
As THREAT LEVEL reported earlier this month, Hushmail provided 12 CDs of
emails in June to U.S. officials targeting steriod manufacturers. But
Hushmail promises users that "not even a Hushmail employee with access
to our servers can read your encrypted e-mail, since each message is
uniquely encoded before it leaves your computer."
Hushmail responds only to court orders from the Supreme Court of British
Columbia that target specific, named accounts, according to Hushmail's
CTO Brian Smith. In the steriod case, the Drug Enforcement Agency used a
mutual legal assistance treaty to get a Canadian court order, according
to court documents.
But when the company gets a court order, "we are required to do
everything in our power to comply with the law," according to an updated
explanation of Hushmail's security.
That everything seems to include sending a rogue Java applet to targeted
users that will then report the user's passphrase back to Hushmail, thus
giving the feds access to all stored emails and any future emails sent
or received.