Britain’s New Surveillance Plans Raises Privacy Concerns

Is The FBI Snooping TOR?

The Federal Bureau of Investigation (FBI) has been accused of gathering data from the anonymous network known as TOR.

The FBI might be behind a security assault on the TOR network that grabs users’ information.

Security researcher Vlad Tsyrklevich said that the attack is a strange one and is most likely the work of the authorities.

“[It] doesn’t download a backdoor or execute any other commands, this is definitely law enforcement,” he said in a tweet about the discovery.

He went a bit further in a blog post, explaining that the Firefox vulnerability is being used to send data in one direction.

“Briefly, this payload connects to 65.222.202.54:80 and sends it an HTTP request that includes the host name (via gethostname()) and the MAC address of the local host (via calling SendARP on gethostbyname()->h_addr_list). After that it cleans up the state and appears to deliberately crash,” he added.

“Because this payload does not download or execute any secondary backdoor or commands it’s very likely that this is being operated by an LEA and not by blackhats.”

The bug is listed at Mozilla, and the firm has a blog post saying that it is looking into it.

Over the weekend a blog post appeared on the TOR website that sought to distant it from a number of closed down properties or hidden websites. It is thought that the shuttered websites, which were hosted by an outfit called Freedom Hosting, were home to the worst kind of abuses.

A report at the Irish Examiner said that a chap called Eric Eoin Marques is the subject of a US extradition request. He is accused of being in charge of Freedom Hosting.

“Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the TOR Network,” the TOR project said.

“There are a variety of [rumors] about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site,” it said.

“The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The TOR Project, Inc., the organization coordinating the development of the TOR software and research.”

Source

Are CCTV Cameras Hackable?

When the nosy British bought CCTV cameras, worried citizens were told that they could not be hacked.

Now a US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military. Craig Heffner, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.

They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems. Heffner said that it was a significant threat as somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.

He will show how to exploit these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas. Heffner said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.

Source

EPIC Wants Biometric Data From The FBI

The Electronic Privacy Information Center (EPIC) has pressed the US Federal Bureau of Investigation (FBI) for access to its database of US citizens’ biometric data.

EPIC already tried to get access twice last September, and now it is trying again. It said that it has sent repeated freedom of information act requests regarding the database, and that the FBI has failed to respond. Now it has filed a lawsuit for access (PDF).

It warned that the Next Generation Identification system (NGI) is a massive database that “when completed, [will] be the largest biometric database in the world”.

The NGI will use CCTV systems and facial recognition, and it includes DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other “identifying information”.

The FBI has an information page about the NGI, and there it said that photographs of tattoos are also included and that the system is designed to speed up suspect detection and response times.

“The NGI system will offer state-of-the-art biometric identification services and provide a flexible framework of core capabilities that will serve as a platform for multimodal functionality,” it said.

“The NGI Program Office mission is to reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services through research, evaluation, and implementation of advanced technology”.

In its lawsuit EPIC said that the NGI database will be used for non law enforcement purposes and will be made available to “private entities”.

EPIC said that it has asked the FBI to provide information including “contracts with commercial entities and technical specifications”.

It said that so far it has received no information from the FBI in response to its requests.

Source

Google Goes Pay To Track

Amid widespread concern about its new privacy policies, Google is now facing additional criticism over a deal to offer users Amazon gift certificates if they open their Web movements to the company in a program called Screenwise.

Google says the program launched “near the beginning of the year,” but the company’s low-key offer was disclosed Tuesday night on the blog Search Engine Land.

Google is asking users to add an extension to the Chrome browser that will share their Web-browsing activity with the company. In exchange, users will receive a $5 Amazon gift when they sign up and additional $5 gift card values for every three months they continue to share. (Amazon is not a partner in the project.) Users must be over age 13, and minors will need parental consent to participate. The tracking extension can be turned off at any time, allowing participants to temporarily close their metaphorical shades on Google.

The company says the program will help it “improve Google products and services and make a better online experience for everyone.”

Source…

Google Defends New Privacy Policy

In a letter sent to eight members of Congress, Google yesterday defended its decision to consolidate its privacy policies and users’ personal information.

The 13-page letter explains Google’s decision to change its privacy policies and answers specific questions from the legislators. In sum, Google contended that its approach to privacy remains the same, that users still have control over how they use the company’s various online services, and that private information stays private.

“Some have expressed concern about whether consumer can opt out of ourupdated privacy policy,” wrote Pablo Chavez, Google’s director of public policy, in the letter.

“We understand the question at the heart of this concern. We believe the relevant issue is whether users have choices about how their data is collected and used. Google’s privacy policy – like that of other companies – is a document that applies to all consumers using our products and services. However, we have built meaningful privacy controls into our products, and we are committed to continue offering those choices in the future,” he added.

Google stirred up something of a privacy firestorm last week when company executives disclosed plans to rewrite privacy policies and to meld user information across its various products and services.

.

Source…