WEEKLY DATA SECURITY NEWS ROUND UP Ed. 25 April 26, 2013
FBI denied permission to spy on hacker through his webcam
In a world where it seems as though the Government is spying on us and our every move on a whim, stories like these can be a sigh of relief. The concept of “Big Brother” is still something that is becoming more of a reality (their cell phone tracking capability is insane, check out our last weekly for that), however it’s good to see that there are still some judges out there who know how to lay the hammer down. The FBI tried to get a warrant to spy on a hacker through his webcam but provided “Little or no explanation on how Target Computer would be found.” “Hacking should be something that is the last resort, not the first option,” said Chris Soghoian, principal technologist at the ACLU’s Speech Privacy and Technology Project. What I really love about this case is that Judge Smith goes beyond the obvious and points out the inherent unconstitutional nature of hijacking somebody’s computer as its a direct infringement on the Fourth Amendment.
The Government’s application contains little or no explanation of how the Target Computer will be found. Presumably, the Government would contact the Target Computer via the counterfeit e-mail address, on the assumption that only the actual culprits would have access to that e-mail account. Even if this assumption proved correct, it would not necessarily mean that the government has made contact with the end-point Target Computer at which the culprits are sitting. It is not unusual for those engaged in illegal computer activity to “spoof” Internet Protocol addresses as a way of disguising their actual online presence; in such a case the Government’s search might be routed through one or more “innocent” computers on its way to the Target Computer. The Government’s application offers nothing but indirect and conclusory assurance that its search technique will avoid infecting innocent computers or devices.
“This is the first time I’ve seen a public denial; the government has been very secretive about this surveillance tool and there hasn’t been much litigation about it that I’m aware of,” said Hanni Fakhoury, an attorney with the Electronic Frontier Foundation. It’s great to see a denial of permission to the FBI to spy on whoever they want and however they want, but it’s just one victory out of thousands of requests. What really strikes me is how effective Judge Smith was at bringing the cyber actions down to a basic level and showing how they directly contradict the constitution. Source: Ars Technica
Law Requiring Warrants for E-Mail Wins Senate Committee Approval The U.S. Senate is back to this law once again, and they’re making real progress this time. The last time we saw this law come up was during the General Petraeus Scandal that hit Washington hard a few months ago. The general’s g-mail account getting some un-warranted eyes on it was the end of his career, and it made others wonder if the same fate would happen to them. Washington started to take a hard look at the law that was created in 1986, the Electronic Communications Privacy Act, that stated that any e-mail past 180 days was fair game. The ECPA is painfully outdated. The reason this revision failed last time was because it was bundled into some motives that streaming company “Netflix” had to seamlessly integrate what they were watching on Netflix to be posted on their Facebook feed. It was very disappointing to see an important and obvious revision be marred by a social media clause, but that was the case. But luckily, the law won Senate Committee Approval after just 30 minutes, and now it’s up to the Senate floor to pass this law and put a dinosaur to rest. Source: Wired
The Dangers of an Online Currency; How cybercriminals are exploiting Bitcoin and other virtual currencies
If you haven’t heard of Bitcoin, it’s a currency that is entirely online. To give you an idea of how volatile and real this currency has become, a friend of mine decided to “mine” himself some bitcoins a few years back and thought he had cashed all of them in. He didn’t. He had roughly 40 bitcoins lying around in an old folder, and the value of a a single bitcoin was around $200. In other words, this friend found $8,000 of bitcoin money just laying around on his PC. It’s clear that bitcoin is becoming a real money maker, but it’s also very volatile and at times vulnerable. This in-depth technical look on alienvault shows how hackers are able to exploit a currency such as bitcoin and make some significant cash by stealing “cyber wallets” and other methods. It’s a really interesting look at how such a modern take on currency is going to face modern issues. Source: AlienVault Labs