July 23, 2004

Ordinary Threats

I see a lot of threat articles come through from many sources. Each describes the latest threat to our net lives in an entertaining way - at least, as presented by the journalists who try and create a sense of excitement in their work.

We've seen them all before, in one variant or another. Still, reminders are good - these are the things that we have to balance when we build financial cryptography systems, and as there are so many and so varied a scale of threats, compromises are always needed. Here's the collected threats from the last month or so.

"Via eavesdropping, terror suspects nabbed" Intelligence officials use cellphone signals to track Al Qaeda operatives, as number of mid-level arrests rises.
By Faye Bowers June 02, 2004
http://www.csmonitor.com/2004/0602/p02s01-usmi.html

"NHTCU and Russian police foil online extortion racket" which was really clever, amounting to extortion for not DOSing the gambling sites.
http://www.finextra.com/fullstory.asp?id=12208

"Oops! Firm accidentally eBays customer database," when a disk drive sold on eBay carried data that it shouldn't. 7th June 2004, The Register.

"Venezuela: Fear for Sale" is an article about how government contractors are compiling databases on citizens in foreign countries. They just happen to have detailed files on countries in South America who are opposed to US interests.
GregPalast.com http://www.inthesetimes.com/site/main/article/fear_for_sale/

"Door locks know a lot more than you think" about how hotel door lock cards apparently don't know who you are, nor your credit cards, but they do (in concert with other systems) track entry to your hotel room.
June 12, 2004, Joe Sharkey NYT.

"Monaco banker faces re-imprisonment for not being French" is the story about the Brit who got caught doing special transfers for famous private clients of the bank. Whether he was acting for the client, or whether he was stealing, or whether the bank wanted a money laundering head is not clear and may never be clear.
Paul Murphy The Guardian Thursday June 17, 2004

"Iris scans at UK airports, says Home Office" is a story about testing iris scanners at borders, with no real hard indication that it will save anything, as yet.
By Lucy Sherriff 15th June 2004

"Google's Gmail: spook heaven?" argues that if Google can scan mail, then it puts in place the infrastructure for others to scan mail.
By Mark Rasch, SecurityFocus 15th June 2004

"How safe are the in-room safes in hotels?" says not safe enough for anything important, as it's too easy to break the pin code.
Roger Collis International Herald Tribune Friday, June 25, 2004

"Plan Would Pay Tax Whistleblowers" addresses how the IRS seeks to pay insiders to reveal on activity. A classic insider attack.
Mary Dalrymple AP.

"From a life of privilege to an English jail" reports on an all-American high school star who among other things fenced stolen account info from a ring of Russian thieves. Not clear how the "hackers" got the info, but they had access: "The Russians "were sitting there watching the accounts drain and recording everything so they knew how much money to expect at the end of the day," he said. "It was millions and m
illions of dollars." "
PAUL MEYER and MATT STILES / The Dallas Morning News June 27, 2004

"Email Spying and Attorney Client Privilege - US Government Reads All About It"
reports that the AG was secretly spying on the email of a lawyer for a Muslim mother of three. Emails made available from AOL, under warrant.

"Press card scam investigated" reports on one place to buy a fake press card.
30 June 2004 By: Jemima Kiss http://www.journalism.co.uk/news/story967.shtml

"The secrets your computer just can't keep safe" talks about malware - spying programs that are inserted into your PC: "On average every PC has 28 so-called spyware programs installed on it"
Mark Ward
http://news.bbc.co.uk/2/hi/technology/3845835.stm

"How [he who must not be named] Became a Dictator" talks about how a minority leader engineered a suspension of rights through a pogrom against bad people and took leadership of a country.
Jacob Hornberger
http://www.fff.org/freedom/fd0403a.asp


"Web sites allow gamblers to be their own bookmakers" talks about how offshore gambling sites (primarily Britain and Australia) are being financed by US investors. But, they don't take US customers.
Matt Richtel NYT July 7, 2004
http://www.iht.com/articles/528222.html


"Globalization, deregulation allow stock fraud industry to thrive" and it's Boiler Room all over again: this time the operation phones from one country, sells to an investor (read: victim) in another country for some Nasdaq loser stock in the US.
http://www.jewishworldreview.com/0604/stock_fraud.asp

"Text Messages May Turn Up in Bryant Case" about an alleged case of rape in the US, where the accuser exchanged cell phone text messages shortly after the incident. In this case, people are suprised that the telco can ... recover the messages!
JON SARCHE, Jun 07, 2004 AP


"Laptops containing sensitive financial details and all manner of corporate secrets can be snapped up at auctions for a pittance, a security firm revealed Wednesday."
(Reuters) By Bernhard Warner, European Internet Correspondent
http://www.reuters.com/newsArticle.jhtml?type=oddlyEnoughNews&storyID=5381490

"Smart-phone worm has a hang-up" reports about attempts to write a worm for cellular phones.
By Robert Lemos CNET News.com June 15, 2004
http://zdnet.com.com/2100-1105_2-5234953.html?tag=sas.email


"The Mystery of the Voynich Manuscript" New analysis of a famously cryptic medieval document suggests that it contains nothing but gibberish
Scientific American: June 21, 2004 By Gordon Rugg
http://www.sciam.com/print_version.cfm?articleID=0000E3AA-70E1-10CF-AD1983414B7F0000

"Spyware Sneaking into the Enterprise" ... well where else would it go?
By Roy Mark June 30, 2004
http://www.internetnews.com/security/article.php/3375661

"Woman allegedly stole law firm's identity" is another case of an insider shifting things around to steal money.
June 28, 2004, AP
http://www.cnn.com/2004/US/Northeast/06/28/corporate.id.theft.ap/index.html

"iPods are the latest security risk" because they can carry data out of corporates? Don't forget cameras, pocket drives, USB fobs, .....
John Leyden 7th July 2004 The Register
http://www.theregister.com/2004/07/07/ipod_security_risks/

Posted by iang at July 23, 2004 07:56 AM | TrackBack
Comments

The real threat is the arbitary nature of political prosecution. When a scandal is unfolded and presented in court the nature of the collection of seminal information regarding the details and particulars of the indivisuals involved is selective and serves only the political goals of those presently in power removing the rule of law as an absolute. This form of despotic rule seems on the surface to stop bad guys but the latitude afforded those in power via the notion of the rule of law is ill concieved and poorly monitored by what in the States they call the fourth estate the press. So government is basically unchecked because the secrets it holds are not revealed and the publics only means of examination is worthless. So for example any reporting of a scandal by the press where the source is a government official has to be assumed to be filled with half truths and lies that serve the political ends of the revealer of these half truths to the press. The press in many cases has no means of verification of these facts and takes all matters at face value. So indirectly the public is carried along to the slaughter. The only safe assumption to make given the current situation of half truths and lies revealed in the press by government officials in particular those of the Free World variety is they are all trying to steal something and are not to be trusted. This suggest that all systems are not trust worthy and the only value is what is hidden by the indivisual from other and especially the state. So the private citizen has the power not to share anything in fact scam artist and terrorist rely upon the power of the private secret and this power has rendered them more powerful that the nation state. So in order for people to recapture their power they must travel across borders without passports, hide gold bars, provide a means of self defense for themselves, transmit information to others they choose to transmit to without the use of post or public lines, and in general go underground. This suggest a marketplace where rationla people can go underground meet others and form alliances for their protection, and with enough critical mass discover the common threats and attack them as they see fit. By standing up to all threats in a private manner the threats that rely upon a flock of sheep sleeping in the meadow will go away. The threats that remain when the flock is no more are the real threats and this is where the government is a threat created by the flock itself and supported by its wool. No this flock has a tough choice what do you do with a government that steals and provides no value as is the case at the current moment terrorist are merely one form of wolf there are many yet to be known. Kill all the wolves make the world safe again hide the sheep you are from everyone.

Posted by: Unknown at July 23, 2004 09:31 AM