Monthly Archives: November 2014

Symantec the computer security firm has published an article describing an advanced spying tool with sophisticated “stealth” features which has been used to spy on private companies, government entities, IT infrastructure providers as well as private individuals. The malware known as Regin is a back door-type Trojan.  What is particularly interesting about it is its technical sophistication, which indicates it would have taken months if not years to develop.  Given the time a resources required  to develop and use it, Symantec suggest it is likely that it was developed by a nation state for cyberespionage and long-term surveillance operations. Infections are geographically diverse, but concentrated in mainly in ten countries with the Russian Federation and Saudi Arabia suffering the most infections.

Regin: Top-tier espionage tool enables stealthy surveillance

Rob Evans reports in the Guardian that a group of journalists have launched legal action against Metropolitan Police who have been secretly recording their activities on the Domestic Extremist Database. They have started the legal action to expose what they say is a persistent pattern of journalists being assaulted, monitored and stopped and searched by police during their work, which often includes documenting police misconduct. The six journalists have obtained official files under the Data Protection Act that reveal how police logged details of their work as they reported on protests. One video journalist discovered that the Metropolitan Police had more than 130 entries detailing his movements. The group includes a journalist on the Times.  Jules Mattsson, who, police noted, was “always looking for a story”.  Mattsson said that when he had been a victim of crime, police had transferred on to the Domestic Extremism Database details of his appearance, […]

Police face legal action for snooping on journalists

The BBC News website reports that Theresa May the Home Secretary is proposing a law forcing Internet Service Providers (ISPs) to hand over to the police information identifying who was using a computer or mobile phone at a given time. Although the current proposals do not resurrect the full powers in the abandoned Communications Data Bill, which is commonly called the Snoopers’ Charter, Conservative MP and former leadership contender David Davis said the new measure was a “stepping stone back” to those proposals. The core requirement of the new legislation is that ISPs record the user of a specific IP address at a specific time. Although each device has its own IP address, these change over time and when a device is switched on and off and thus an IP address is typically shared between different users. At the moment ISPs have no business need to retain information on a […]

Internet data plan back on political agenda

Big Brother Watch have issued a report on NHS data breaches.  It reveals that from the 1st April 2011 to 11th November 2014, there have been at least 7,255 breaches which is the equivalent to six breaches every day. As well as considering the number of data breaches within the NHS, the report reflects on the legislation that is in place to address them, highlighting that the Data Protection Act 1998 (DPA) has a number of flaws that must be corrected. Big Brother Watch proposes three measures that should be introduced, including introducing the option of custodial sentences and criminal records for the worst offenders and providing better training.

Patient Confidentiality Broken Six Times a Day

The Russia Today website reports that Mozilla are teaming up with Tor to provide increased internet security by allowing Firefox browser users to easily access the Tor network. Undertaken as part of the so called Polaris project, it aims to significantly improve internet privacy as well as combating internet censorship. The article highlights that although internet privacy is often a topic of conversation, it is yet to go mainstream; with many ordinary computer users put off by perceived complexity.  However, Mozilla hope the Polaris project will help to change these stereotypes.

Mozilla team-up with Tor to improve internet privacy

Frankie Mullin discusses on the Vice website if nightclubs are breaking the law storing clubbers finger prints and scanned IDs. ID scanning equipment is increasingly a feature in clubs and bars across the UK and is often required by the local licensing authority as part of the licence conditions for a venue.  However, there are concerns about the storage and retention of this personal data and the use to which it can be put, particularly as club owners were found to be unclear about data protection requirements. The power to require clubs to collect ID is in the Licensing Act 2003 (Mandatory Licensing Conditions) Order 2010, which was introduced by the coalition government.  In the article NO2ID’s General Secretary Guy Herbert highlights that: “…. at the same time as the government was making a fanfare about repealing Labour’s ID Cards legislation, they were creating a special case of requiring the […]

Are UK Nightclubs Breaking Data Laws by Storing Your ID ...

James Vincent reports in the Independent that Facebook is to allow a Tor link to its site via a special URL for users who wish to stay anonymous as possible.  Prior to this link, access to Facebook via Tor was essentially blocked by the sites security protocols. Users will not be anonymous to Facebook as they still have to log on; however, anyone monitoring the internet connection will not be able to identify the user or the user’s location.  This could be useful in countries like Iran, China and North Korea where Facebook is blocked for fear that it will be used by opposition movements.

Facebook offers Tor link for users that prefer to stay ...

Chris Mallett reports in the Derby Telegraph of a case where Derby City council used the Regulation of Investigatory Powers Act (RIPA) to spy on a Derby Telegraph reporter. The incident was highlighted  during a House Of Lords debate on the Regulation of Investigatory Powers act by Lord Black of Brentwood, executive director of the Telegraph Media Group. However, they were seen by member of Council staff who alerted colleagues who dispatched two members of the internal audit department to conduct the surveillance.  Lord Black highlighted that confidential sources like Miss Green’s were critical for reporting matters of public interest and said: “Just think about the disastrous impact on local press reporting of local authorities if such sources of information dried up.”

Derby City Council used RIPA to Spy on Reporter

Kat hall reports in the Register that some NHS trusts have failed to put agreements in place with Microsoft for extended security support for Windows XP. A majority of NHS trusts still operate Windows XP based machines and have signed up to a Cabinet Office agreement with Microsoft to provide ongoing security upgrades until April 2015; however, 18 trusts have so far failed to sign the agreement. The article highlights that a total of 1.1 million PCs and laptops are estimated to be running Windows at trusts, GPs and other health groups that comprise the NHS in England.  The security risks from a lack of security support depend on factors such as how many non-upgraded machines are on the networks, the effectiveness of perimeter defences and the availability of suitable exploits for an attacker to use.

Patient records open to hackers due to NHS Trusts failing ...

Christopher Joye reports on the Australian Financial Review website that Chinese state sponsored hackers have been ramping up their spying activities on Australian companies. The attacks have been revealed by Mandiant, a cyber security firm.  Mark Goudie, Mandiant’s Australian Director of Investigations, claimed that highly skilled hackers referred to in the industry as “advanced persistent threats” or APT’s had been penetrating Australian mining and natural resources companies and lawyers and financial advisors associated with them. The Chinese hackers particularly target companies that have dealings with organisations in China; however, another driver is to steal intellectual property which China can use to fuel its own economic growth.

Chinese state sponsored hackers increase attacks on Australian Companies

Sam Jones and Murad Ahmed report in the Financial Times that Robert Hannigan the new chief of the UK electronic spying agency, GCHQ, has accused US technology companies of becoming  “the command and control networks of choice for terrorists”. Hannigan says: “However much they may dislike it, they have become the command and control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us”. However,  his remarks were rejected by many in the industry, with one US tech group executive criticising the suggestion that technology companies should circumvent current legal process and asking: “What should we do if the Saudi or Russian government also demand information be handed over on the spot?”

Britain’s new chief of GCHQ claims that US technology companies ...

Bill Gardner reports in the Daily Telegraph that Government monitoring of communications in 2013, has more than doubled when compared 2010 which was the Coalition’s first year in power. Home Office figures show the department accessed 6,056 items of communications in 2013, compared with 2,813 in 2010.  The monitoring was undertaken using the Regulatory of Investigatory Powers Act (RIPA), which has come under scrutiny in recent weeks due to the Police using it to gain access to journalists’ phone records enabling them to identify confidential sources.

Spying on phone calls and emails has doubled under the ...