Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

October 07 2013

BND darf auch deutsche Gespräche anzapfen, Google-Haftung, PCFritz, Silk-Road und FBI

Der BND darf seit mindestens zwei Jahren deutsche Internet-Provider abhören; Datenschutzbeauftragte fordern die öffentliche Hand auf, Ende-zu-Ende-Verschlüsselung einzusetzen und Google haftet nicht für ehrverletzende Suchergebnisse. Außerdem im Wochenrückblick: PCFritz erwirkt einstweilige Verfügung gegen Microsoft und das FBI verhaftet den mutmaßlichen Silk-Road-Betreiber.

BND lässt sich Abhören von Verbindungen deutscher Provider genehmigen.

Der Bundesnachrichtendienst (BND) hat seit mindestens zwei Jahren die Genehmigung zum Abhören deutscher Internet-Provider. Das berichtet der SPIEGEL. Einer entsprechenden Anordnung von Bundeskanzleramt und Bundesinnnenministerium zufolge soll der BND Leitungen der sechs deutschen Provider 1&1, Freenet, Strato AG, QSC, Lambdanet und Plusserver anzapfen dürfen. Gegenstand der Anordnung ist die sog. strategische Fernmeldeüberwachung, also das anlasslose Aufzeichnen und Filtern von Internet-Verkehr. Nach § 5 des G10-Gesetzes darf der BND „internationale Telekommunikationsbeziehungen” überwachen – eine Überwachung inländischer Datenverbindungen ist danach eigentlich nicht zulässig. Der BND hat jedoch dem SPIEGEL gegenüber versichert, die Überwachungsmaßnahmen „entsprächen den gesetzlichen Rahmenbedingungen”.
Die Details in einem Vorabbericht des Spiegels.

BGH: Verurteilungen im „NDR-Drehbuchskandal” rechtskräftig

Der Bundesgerichtshof hat die Revisionen gegen das Urteil des LG Hamburg im so genannten „NDR-Drehbuchskandal” als unbegründet verworfen. Das Urteil ist damit rechtskräftig. Das LG Hamburg hatte eine ehemalige Redaktionsleiterin beim NDR wegen Betruges und Untreue zu einer Bewährungsstrafe verurteilt. Ihren Ehemann, einen Drehbuchautor, sowie eine Filmproduzentin hatte das Gericht außerdem wegen Beihilfe zu einer Geldstrafe verurteilt. Die Filmproduzentin soll in mehreren Fällen dem Ehemann der NDR-Redaktionsleiterin Aufträge für Drehbücher verschafft haben. Im Gegenzug soll diese dafür gesorgt haben, dass die Produktionsfirma entsprechende Aufträge vom NDR erhielt.
Die Pressemeldung des BGH.

Datenschützer stellen Forderungen an die neue Bundesregierung

Anfang der Woche hat die 86. Konferenz der Datenschutzbeauftragten von Bund und Ländern getagt. Im Zentrum der Konferenz stand neben der Geheimdienstüberwachung des Internetverkehrs die Datenschutzpolitik der künftigen Bundesregierung. In einer gemeinsamen Stellungnahme forderten die Datenschützer die neue Bundesregierung auf, die Weiterentwicklung des Datenschutzrechts auf nationaler und internationaler Ebene voranzutreiben. Den Fokus setzten die Datenschutzbeauftragten in den Bereichen öffentliche Sicherheit, Gesundheitsdatenschutz und Vertraulichkeit der elektronischen Kommunikation. Die Nachrichtendienste sollen demnach transparenter überwacht werden. Außerdem solle der öffentliche Bereich mit gutem Beispiel vorangehen und eine Ende-zu-Ende-Verschlüsselung flächendeckend einführen.
Die Pressemeldung der Datenschutzbeauftragten von Bund und Ländern.

LG Mönchengladbach: Google haftet nicht für ehrverletzende Suchergebnisse

Google haftet nicht für Suchergebnisse, die zu ehrverletzenden Blogbeiträgen führen. Das hat das LG Mönchengladbach Anfang September entschieden, wie vergangene Woche bekannt wurde. Ein emeritierter Professor hatte gegen Google geklagt, weil über die Suche ein Blogbeitrag über ihn verlinkt wurde. In diesem wurde unter anderem behauptet, der Professor sei „Teil eines bundesweiten Stasinetzwerkes” und bei seiner Fachhochschule „abgesetzt” worden. Google haftet für diese Aussagen nach Ansicht des Landgerichts jedoch nicht: Google zeige die Inhalte nur auf Grundlage eines mathematischen Algorithmus an. Eine eigene Wertung nehme Google aber nicht vor.
Das Urteil Az. 10 O 170/12 im Volltext.
Eine Kurzbesprechung des Urteils bei Thomas Stadler.

Gebrauchtsoftware: PCFritz erwirkt einstweilige Verfügung gegen Microsoft

Der Softwarehändler PCFritz hat eine einstweilige Verfügung gegen Microsoft erwirkt. Danach darf Microsoft nicht mehr behaupten, dass PCFritz „gefälschte Software und Raubkopien des Betriebssystems Windows 7 vertreibt oder besitzt”. PCFritz handelt unter anderem mit gebrauchten OEM-Versionen von Microsoft-Produkten. Im September hatte Microsoft den Vorwurf erhoben, dass es sich dabei auch um gefälschte Ware handele. Daraufhin hatte die Staatsanwaltschaft Halle die Geschäfts- und Lagerräume von PCFritz durchsuchen lassen. Im Anschluss daran hatte Microsoft eine Pressemitteilung veröffentlicht, gegen die sich PCFritz nun äußerungsrechtlich zur Wehr gesetzt hat.
Die Details bei Golem.

FBI verhaftet mutmaßlichen Silk-Road-Betreiber

Das FBI hat den mutmaßlichen Hintermann hinter der Drogenhandelsplattform „Silk Road” verhaftet. „Silk Road” ist ein so genannter Hidden Service, der nur über das Anonymisierungsnetzwerk TOR erreichbar ist. Über die Plattform können verschiedene Arten von Drogen ge- und verkauft werden. Die Bezahlung erfolgt über die virtuelle Währung Bitcoin. Das Anonymisierungsnetzwerk TOR ist in der Vergangenheit zunehmend in den Fokus von Strafverfolgungsbehörden geraten. Der Fall „Silk Road” scheint jedoch auf einen Zufallsfund zurückzuführen zu sein: Bei Routinedurchsuchungen wurde ein Paket mit gefälschten Dokumenten abgefangen; die anschließenden Untersuchungen führten zu dem Verdächtigen.
Ausführlich bei Spiegel Online.

Lizenz dieses Artikels: CC BY-NC-SA.

August 28 2013

La Malédiction d'Edgar - Wikipédia

La Malédiction d’Edgar - Wikipédia
http://fr.wikipedia.org/wiki/La_Malédiction_d'Edgar

Le roman est présenté comme un livre de souvenirs attribués au numéro deux, Clyde Tolson. Toutefois, Dugain dans le prologue laisse entendre qu’il peut s’agir d’un faux : « J’avais acheté ce manuscrit sans en avoir lu une ligne. Faux, il m’intéressait autant que vrai.... La prétendue objectivité d’un mémorialiste est aussi nuisible à la vérité que l’intention de falsifier les faits ».

Lu cet été. Je recommande, pas tant pour l’impossible quête de la vérité que pour les éclairages (imaginaires ou réels, je m’en f...) apportés, ainsi que pour le « mini-cours » d’histoire du XXème siècle.

#hoover #fbi #etats-unis #XXème_siècle

August 21 2013

"But what agencies like the FBI are now worried about is that individuals are « going dark » by using…

"But what agencies like the FBI are now worried about is that individuals are “going dark” by using freely available encryption software to prevent their email and phone conversations to be captured by law enforcement agencies. [...]

Bimen Associates, which has its headquarters in McLean, Virginia, near the headquarters of the Central Intelligence Agency, provided custom designed software tools developed exclusively for the FBI to crack encrypted conversations, says Soghoian. Agency staff and contractors access computers of suspects remotely to install this software to allow them to watch everything that the target types or says.

http://www.opednews.com/articles/ACLU-Reveals-FBI-Hacking-C-by-Corp-Watch-130820-427.html

#nsa #surveillance #hacking #FBI #blackhat

August 16 2013

Tiens, finalement, la CIA et le FBI avaient bien un dossier sur Chomsky. Une note du 8/0/1970 vient…

Tiens, finalement, la #CIA et le #FBI avaient bien un dossier sur #Chomsky.

Une note du 8/0/1970 vient d’être déclassifiée, prouvant la matérialité de la chose. À ce jour, il n’y a plus de dossier sur lui ; il a donc été détruit, en violation totale de la loi.

Question : saura-t-on un jour qui d’autre avait un dossier ?

Exclusive : After Multiple Denials, CIA Admits to Snooping on Noam Chomsky | The Cable
http://thecable.foreignpolicy.com/posts/2013/08/13/after_multiple_denials_cia_admits_to_snooping_on_noam_chomsk

For years, the Central Intelligence Agency denied it had a secret file on MIT professor and famed dissident Noam Chomsky. But a new government disclosure obtained by The Cable reveals for the first time that the agency did in fact gather records on the anti-war iconoclast during his heyday in the 1970s.

The disclosure also reveals that Chomsky’s entire CIA file was scrubbed from Langley’s archives, raising questions as to when the file was destroyed and under what authority.

The breakthrough in the search for Chomsky’s CIA file comes in the form of a Freedom of Information Act (FOIA) request to the Federal Bureau of Investigation. For years, FOIA requests to the CIA garnered the same denial: “We did not locate any records responsive to your request.” The denials were never entirely credible, given Chomsky’s brazen anti-war activism in the 60s and 70s — and the CIA’s well-documented track record of domestic espionage in the Vietnam era. But the CIA kept denying, and many took the agency at its word.

Now, a public records request by Chomsky biographer Fredric Maxwell reveals a memo between the CIA and the FBI that confirms the existence of a CIA file on Chomsky.

July 23 2013

Telekom hat Überwachungsvereinbarung mit FBI und US-Justizministerium geschlossen

Netzpolitik.org hat heute einen Vertrag zwischen der deutschen Telekom und Voicestream (Vorgänger von T-Mobile USA) einerseits und dem FBI und dem US-Justizministerium auf der anderen Seite geleakt, in dem sich die Telekom verpflichtet, ihre gesamte US-Infrastruktur so zu konfigurieren, dass eine effektive Überwachung durch US-Behörden möglich ist. Der Vertrag stammt aus dem Jahr 2001.

Die Vereinbarung betrifft u.a. gespeicherte Kommunikation sowie drahtgebundene und elektronische Kommunikation die von einer US-Niederlassung der Telekom empfangen wird oder im Account eines Kunden einer US-Niederlassung der Telekom gespeichert wird.

Diese vertrsagliche Verpflichtung lässt die Vorratsdatenspeicherung nach europäischem Strickmuster wie Kinderkram erscheinen. Die US-Administration kann damit nicht nur Verbindungsdaten, sondern Kommunikationsinhalte anfordern. Man muss davon ausgehen, dass alle großen Telcos und Provider in den USA ähnliche Vereinbarungen mit ihrer Regierung und dem FBI getroffen haben.

(via netzpolitik.org)

July 14 2013

Spécial investigation - Copwatch : Les flics dans le viseur (27 mai 2013 - Canal+)

Spécial investigation - #Copwatch : Les flics dans le viseur (27 mai 2013 - Canal+)
http://www.youtube.com/watch?v=TBGhutZe3-o

#police #surveillance #sans-papiers #répression #violences_policières #internet #documentaire #calais #no_border #migrants

=> le passage très intéressant où l’on voit les agents du #FBI venir manipuler le serveur chez l’hébergeur

=> l’appli « stop & frisk watch »
http://www.nyclu.org/app

=> hommage à Marie-Noëlle Gues (« Zetkin »)

=> la police de Calais détruit les tentes données par l’ONG Médecins du Monde
cf. http://www.liberation.fr/societe/2012/11/16/la-police-epinglee-pour-ses-abus-envers-les-migrants-de-calais_860907

June 27 2013

September 06 2012

Digging into the UDID data

Over the weekend the hacker group Antisec released one million UDID records that they claim to have obtained from an FBI laptop using a Java vulnerability. In reply the FBI stated:

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

Of course that statement leaves a lot of leeway. It could be the agent’s personal laptop, and the data may well have been “property” of an another agency. The wording doesn’t even explicitly rule out the possibility that this was an agency laptop, they just say that right now they don’t have any evidence to suggest that it was.

This limited data release doesn’t have much impact, but the possible release of the full dataset, which is claimed to include names, addresses, phone numbers and other identifying information, is far more worrying.

While there are some almost dismissing the issue out of hand, the real issues here are: Where did the data originate? Which devices did it come from and what kind of users does this data represent? Is this data from a cross-section of the population, or a specifically targeted demographic? Does it originate within the law enforcement community, or from an external developer? What was the purpose of the data, and why was it collected?

With conflicting stories from all sides, the only thing we can believe is the data itself. The 40-character strings in the release at least look like UDID numbers, and anecdotally at least we have a third-party confirmation that this really is valid UDID data. We therefore have to proceed at this point as if this is real data. While there is a possibility that some, most, or all of the data is falsified, that’s looking unlikely from where we’re standing standing at the moment.

With that as the backdrop, the first action I took was to check the released data for my own devices and those of family members. Of the nine iPhones, iPads and iPod Touch devices kicking around my house, none of the UDIDs are in the leaked database. Of course there isn’t anything to say that they aren’t amongst the other 11 million UDIDs that haven’t been released.

With that done, I broke down the distribution of leaked UDID numbers by device type. Interestingly, considering the number of iPhones in circulation compared to the number of iPads, the bulk of the UDIDs were self-identified as originating on an iPad.

Distribution of UDID by device type

What does that mean? Here’s one theory: If the leak originated from a developer rather than directly from Apple, and assuming that this subset of data is a good cross-section on the total population, and assuming that the leaked data originated with a single application … then the app that harvested the data is likely a Universal application (one that runs on both the iPhone and the iPad) that is mostly used on the iPad rather than on the iPhone.

The very low numbers of iPod Touch users might suggest either demographic information, or that the application is not widely used by younger users who are the target demographic for the iPod Touch, or alternatively perhaps that the application is most useful when a cellular data connection is present.

The next thing to look at, as the only field with unconstrained text, was the Device Name data. That particular field contains a lot of first names, e.g. “Aaron’s iPhone,” so roughly speaking the distribution of first letters in the this field should give a decent clue as to the geographical region of origin of the leaked list of UDIDs. This distribution is of course going to be different depending on the predominant language in the region.

Distribution of UDID by the first letter of the “Device Name” field

The immediate stand out from this distribution is the predominance of device name strings starting with the letter “i.” This can be ascribed to people who don’t have their own name prepended to the Device Name string, and have named their device “iPhone,” “iPad” or “iPod Touch.”

The obvious next step was to compare this distribution with the relative frequency of first letters in words in the English language.

Comparing the distribution of UDID by first letter of the “Device Name” field against the relative frequencies of the first letters of a word in the English language

The spike for the letter “i” dominated the data, so the next step was to do some rough and ready data cleaning.

I dropped all the Device Name strings that started with the string “iP.” That cleaned out all those devices named “iPhone,” “iPad” and “iPod Touch.” Doing that brought the number of device names starting with an “i” down from 159,925 to just 13,337. That’s a bit more reasonable.

Comparing the distribution of UDID by first letter of the “Device Name” field, ignoring all names that start with the string “iP,” against the relative frequencies of the first letters of a word in the English language

I had a slight over-abundance of “j,” although that might not be statistically significant. However, the stand out was that there was a serious under-abundance of strings starting with the letter “t,” which is interesting. Additionally, with my earlier data cleaning I also had a slight under-abundance of “i,” which suggested I may have been too enthusiastic about cleaning the data.

Looking at the relative frequency of letters in languages other than English it’s notable that amongst them Spanish has a much lower frequency of the use of “t.”

As the de facto second language of the United States, Spanish is the obvious next choice  to investigate. If the devices are predominantly Spanish in origin then this could solve the problem introduced by our data cleaning. As Marcos Villacampa noted in a tweet, in Spanish you would say “iPhone de Mark” rather than “Mark’s iPhone.”

Comparing the distribution of UDID by first letter of the “Device Name” field, ignoring all names that start with the string “iP,” against the relative frequencies of the first letters of a word in the Spanish language

However, that distribution didn’t really fit either. While “t” was much better, I now had an under-abundance of words with an ”e.” Although it should be noted that, unlike our English language relative frequencies, the data I was using for Spanish is for letters in the entire word, rather than letters that begin the word. That’s certainly going to introduce biases, perhaps fatal ones.

Not that I can really make the assumption that there is only one language present in the data, or even that one language predominates, unless that language is English.

At this stage it’s obvious that the data is, at least more or less, of the right order of magnitude. The data probably shows devices coming from a Western country. However, we’re a long way from the point where I’d come out and say something like ” … the device names were predominantly in English.” That’s not a conclusion I can make.

I’d be interested in tracking down the relative frequency of letters used in Arabic when the language is transcribed into the Roman alphabet. While I haven’t been able to find that data, I’m sure it exists somewhere. (Please drop a note in the comments if you have a lead.)

The next step for the analysis is to look at the names themselves. While I’m still in the process of mashing up something that will access U.S. census data and try and reverse geo-locate a name to a “most likely” geographical origin, such services do already exist. And I haven’t really pushed the boundaries here, or even started a serious statistical analysis of the subset of data released by Antisec.

This brings us to Pete Warden’s point that you can’t really anonymize your data. The anonymization process for large datasets such as this is simply an illusion. As Pete wrote:

Precisely because there are now so many different public datasets to cross-reference, any set of records with a non-trivial amount of information on someone’s actions has a good chance of matching identifiable public records.

While this release in itself is fairly harmless, a number of “harmless” releases taken together — or cleverly cross-referenced with other public sources such as Twitter, Google+, Facebook and other social media — might well be more damaging. And that’s ignoring the possibility that Antisec really might have names, addresses and telephone numbers to go side-by-side with these UDID records.

The question has to be asked then, where did this data originate? While 12 million records might seem a lot, compared to the number of devices sold it’s not actually that big a number. There are any number of iPhone applications with a 12-million-user installation base, and this sort of backend database could easily have been built up by an independent developer with a successful application who downloaded the device owner’s contact details before Apple started putting limitations on that.

Ignoring conspiracy theories, this dataset might be the result of a single developer. Although how it got into the FBI’s possession and the why of that, if it was ever there in the first place, is another matter entirely.

I’m going to go on hacking away at this data to see if there are any more interesting correlations, and I do wonder whether Antisec would consider a controlled release of the data to some trusted third party?

Much like the reaction to #locationgate, where some people were happy to volunteer their data, if enough users are willing to self-identify, then perhaps we can get to the bottom of where this data originated and why it was collected in the first place.

Thanks to Hilary Mason, Julie Steele, Irene RosGemma Hobson and Marcos Villacampa for ideas, pointers to comparative data sources, and advice on visualisation of the data.

Update

9/6/12

In response to a post about this article on Google+, Josh Hendrix made the suggestion that I should look at word as well as letter frequency. It was a good idea, so I went ahead and wrote a quick script to do just that…

The top two words in the list are “iPad,” which occurs 445,111 times, and “iPhone,” which occurs 252,106 times. The next most frequent word is “iPod,” but that occurs only 36,367 times. This result backs up my earlier result looking at distribution by device type.

Then there are various misspellings and mis-capitalisations of “iPhone,” “iPad,” and “iPod.”

The first real word that isn’t an Apple trademark is “Administrator,” which occurs 10,910 times. Next are “David” (5,822), “John” (5,447), and “Michael” (5,034). This is followed by “Chris” (3,744), “Mike” (3,744), “Mark” (3,66) and “Paul” (3,096).

Looking down the list of real names, as opposed to partial strings and tokens, the first female name doesn’t occur until we’re 30 places down the list — it’s “Lisa” (1,732) with the next most popular female name being “Sarah” (1,499), in 38th place.

The top 100 names occurring in the UDID list.

The word “Dad” occurs 1,074 times, with “Daddy” occurring 383 times. For comparison the word “Mum” occurs just 58 times, and “Mummy” just 33. “Mom” came in with 150 occurrences, and “mommy” with 30. The number of occurrences for “mum,” “mummy,” “mom,” and “mommy” combined is 271, which is still very small compared to the combined total of 1,457 for “dad” and “daddy.”

[Updated: Greg Yardly wisely pointed out on Twitter that I was being a bit English-centric in only looking for the words "mum" and "mummy," which is why I expanded the scope to include "mom" and "mommy."]

There is a definite gender bias here, and I can think of at least a few explanations. The most likely is fairly simplistic: The application where the UDID numbers originated either appeals to, or is used more, by men.

Alternatively, women may be less likely to include their name in the name of their device, perhaps because amongst other things this name is used to advertise the device on wireless networks?

Either way I think this definitively pins it down as a list of devices originating in an Anglo-centric geographic region.

Sometimes the simplest things work better. Instead of being fancy perhaps I should have done this in the first place. However this, combined with my previous results, suggest that we’re looking at an English speaking, mostly male, demographic.

Correlating the top 20 or so names and with the list of most popular baby names (by year) all the way from the mid-’60s up until the mid-’90s (so looking at the most popular names for people between the ages of say 16 and 50) might give a further clue as to the exact demographic involved.

Both Gemma Hobson and Julie Steele directed me toward the U.S. Social Security Administration’s Popular Baby Names By Decade list. A quick and dirty analysis suggests that the UDID data is dominated by names that were most popular in the ’70s and ’80s. This maps well to my previous suggestion that the lack of iPod Touch usage might suggest that the demographic was older.

I’m going to do a year-by-year breakdown and some proper statistics later on, but we’re looking at an application that’s probably used by: English speaking males with an Anglo-American background in their 30s or 40s. It’s most used on the iPad, and although it also works on the iPhone, it’s used far less on that platform.

Thanks to Josh Hendrix, and again to Gemma Hobson and Julie Steele, for ideas and pointers to sources for this part of the analysis.

Related:

March 16 2009

Play fullscreen
Global Terrorism: The FBI`s Role
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl