P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
Reload this Page Peer-To-Peer News - The Week In Review - December 10th, ’05
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

 
 
Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
Old 08-12-05, 02:34 PM   #3
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,018
Default
Surveillance

Report Finds Cover-Up in an F.B.I. Terror Case
Eric Lichtblau

Officials at the Federal Bureau of Investigation mishandled a Florida terror investigation, falsified documents in the case in an effort to cover repeated missteps and retaliated against an agent who first complained about the problems, Justice Department investigators have concluded.

In one instance, someone altered dates on three F.B.I. forms using correction fluid to conceal an apparent violation of federal wiretap law, according to a draft report of an investigation by the Justice Department inspector general's office obtained by The New York Times. But investigators were unable to determine who altered the documents.

The agent who first alerted the F.B.I. to problems in the case, a veteran undercover operative named Mike German, was "retaliated against" by his boss, who was angered by the agent's complaints and stopped using him for prestigious assignments in training new undercover agents, the draft report concluded.

Mr. German's case first became public last year, as he emerged as the latest in a string of whistle-blowers at the bureau who said they had been punished and effectively silenced for voicing concerns about the handling of terror investigations and other matters since Sept. 11, 2001.

The inspector general's draft report, dated Nov. 15 and awaiting final review, validated most of Mr. German's central accusations in the case. But the former agent, who left the bureau last year after he said his career had been derailed by the Florida episode, said he felt more disappointment than vindication.

"More than anything else, I'm saddened by all this," Mr. German said in an interview. "I still love the F.B.I., and I know that there are good, honest, hard-working agents out there trying to do the right thing, and this hurts all of them."

Robert S. Mueller III, director of the F.B.I., has emphasized repeatedly, both publicly and in private messages to his staff, that employees are encouraged to come forward with reports of wrongdoing and that he will not tolerate retaliation against whistle-blowers.

Senator Charles E. Grassley, an Iowa Republican who has been a frequent critic of the bureau, said of Mr. German: "Unfortunately, this is just another case in a long line of F.B.I. whistle-blowers who have had their careers derailed because the F.B.I. couldn't tolerate criticism."

Michael Kortan, an F.B.I. spokesman, said the bureau had not been briefed on the findings. But Mr. Kortan said that when the F.B.I. received the report, "if either misconduct or other wrongdoing is found, we will take appropriate action."

Ann Beeson, associate legal director for the American Civil Liberties Union, said that the inspector general's findings, coming just days after the Supreme Court refused to hear an appeal from an earlier F.B.I. whistle-blower, pointed to the need for tougher measures to protect those who report abuse. "With courts reluctant to protect whistle- blowers, it is crucial that Congress pass additional protections," Ms. Beeson said.

Mr. German's case dates to 2002, when the F.B.I. division in Tampa opened a terror investigation into a lead that laundered proceeds, possibly connected to a drug outfit, might be used to finance terrorists overseas. The F.B.I. was considering initiating an undercover operation to follow the lead, and Mr. German, who had extensive experience infiltrating militias, skinheads and other groups, was asked to take part.

But in the coming months, Mr. German would alert F.B.I. officials that the Orlando agent handling the case had "so seriously mishandled" the investigation that a prime opportunity to expose a terrorist financing plot had been wasted. He said agents had not adequately pursued leads, had failed to document important meetings with informants, and had tolerated violations of rules and federal law on the handling of wiretaps.

The report, in one of its few dissents from Mr. German's accusations, said it could not confirm that the F.B.I. had missed an important chance to expose terrorism. Rather, it cited two findings by the bureau that the prime informant had misled agents about the terrorism angle in the case and that "there was no viable terrorism case."

Nonetheless, the inspector general found that the F.B.I. had "mishandled and mismanaged" the investigation, partly through the failure to document important developments for months at a time. The report also found that supervisors were aware of problems in the case but did not take prompt action to correct them.

Moreover, after Mr. German raised concerns about the lack of documentation, an unnamed agent in Orlando "improperly added inaccurate dates to the investigative reports in order to make it appear as though the reports were prepared earlier," the inspector general found.

In addition, someone used correction fluid to backdate by two months a set of forms that the main informant had signed as part of a bugging operation, in which he agreed that he had to be present for all undercover taping.

The backdating was significant, the inspector general said, because the informant had taped a 2002 meeting with several suspects but had left the recording device unattended while he went to use the restroom - a violation of federal law.

Mr. German became increasingly vocal within the F.B.I. about what he saw as the bureau's failure to correct missteps, taking his concerns directly to Mr. Mueller in a 2003 e-mail message. His complaints, the inspector general found, led agents in Florida, Washington and Oregon to distance themselves from him.

In the most serious instance, the head of the F.B.I. undercover unit, Jorge Martinez, froze Mr. German out of teaching assignments in undercover training and told one agent that Mr. German would "never work another undercover case," the report said.

Mr. Martinez told investigators that he did not remember making the statements but that if he had, it was a "knee-jerk reaction but did not mean to indicate I was retaliating against him," the report said.

The inspector general disagreed. It said in the report that Mr. Martinez's treatment of Mr. German amounted to improper retaliation and "discrimination that could have a chilling effect on whistle-blowing."
http://www.nytimes.com/2005/12/04/po...l?pagewanted=2





White House and McCain Are Near Deal on Torture Bill
Eric Schmitt and David E. Sanger

The White House has all but abandoned its effort to persuade Senator John McCain to exempt Central Intelligence Agency employees from legislation barring inhumane or degrading treatment of prisoners in American custody. But a top presidential aide continued to negotiate a deal on Tuesday that would offer covert officers some protection from prosecution, administration and Senate officials said.

The talks between Mr. Bush's national security adviser, Stephen J. Hadley, and Mr. McCain, an Arizona Republican, took place by telephone Tuesday because Mr. McCain was on a book tour in Maine, said Eileen McMenamin, the senator's spokeswoman. The two men met at the White House last Thursday night.

White House officials and Ms. McMenamin refused to discuss the negotiations, saying they were private conversations. But administration officials concede that Mr. McCain's provision, which would also require a uniform standard on how to interrogate detainees, stands a strong chance of becoming law, despite a White House threat to veto any legislation containing it. The measure has already passed the Senate, 90 to 9, and senior House Republican staff members say it would probably pass by a large margin in the House.

Faced with that reality, administration officials said, Mr. Hadley has now retreated to seeking narrower language that could make it harder to prosecute intelligence officers charged with violating torture standards.

Mr. Bush, speaking to reporters Tuesday morning, repeated his statement that "we do not torture." He added that the administration would do all it could, within the law, to protect its citizens from terrorists. His spokesman, Scott McClellan, refused Tuesday to discuss how Mr. Bush defines torture, or to say how the United States ensures that prisoners it turns over to foreign nations are not tortured.

"I'm not going to get into talking about these issues because it could compromise things in an ongoing war on terrorism," Mr. McClellan said. Later, he called the question of how the United States monitors the treatment of prisoners an "intelligence matter" that he could not discuss.

Mr. McCain is balking at agreeing to any kind of exemption for intelligence officials, members of his staff say. Instead, he has offered to include some language, modeled after military standards, under which soldiers can provide a defense if a "reasonable" person could have concluded that he or she was following a lawful order about how to treat prisoners. The senator's offer was first reported Saturday by The Wall Street Journal.

The negotiations between Mr. Hadley and Mr. McCain appear to be coming to a head. Four top House and Senate negotiators, meeting Tuesday to hammer out a military budget bill in conference committee, discussed Mr. McCain's measure and a handful of other contentious issues. But one of the negotiators, Representative Duncan Hunter, a California Republican who heads the House Armed Services Committee, told reporters earlier in the day, "We think we're going to have a good outcome for all parties."

As the House returned to work after a two-week recess, a bitter partisan fight continues to rage over the war in Iraq. Republicans held a news conference to praise American progress in Iraq, while Democrats took credit for changing the public debate and lambasted President Bush and Vice President Dick Cheney for failing to outline a specific proposal for victory.

In the House, Representative Steny Hoyer of Maryland, the Democratic whip, complained to reporters that Mr. Cheney "apparently wants to continue the option of torture as a national policy, and therefore the defense bill hasn't moved."

Mr. Hoyer said Democrats would stand behind Senator McCain. "He ought to stick to his guns - he's right," Mr. Hoyer said, adding, "We ought to make it clear that the policy of the United States is, we're going to follow not only international law but we're going to pursue our own values, and torture is not one of our values."

Sheryl Gay Stolberg contributed reporting for this article.
http://www.nytimes.com/2005/12/07/po...rtner=homepage





Evidence Obtained by Torture Can't Be Used, British Court Rules

The British government can't use evidence against terror suspects that may have been obtained by torture, the country's highest court ruled.

The House of Lords today overturned a 2004 appeal court decision that permitted authorities to use evidence in some kinds of terrorism cases even if the information may have been extracted by torture outside Britain. The appeal was brought by a group of men who were previously held without charge at London's high- security Belmarsh prison.

``The duty not to countenance the use of torture by admission of evidence so obtained in judicial proceedings must be regarded as paramount and that to allow its admission would shock the conscience, abuse or degrade the proceedings and involve the state in moral defilement,'' Lord Carswell said today.

Both the U.K. and U.S. governments are facing pressure over the treatment of terror suspects at home and abroad. Human rights groups such as Amnesty International and London-based Liberty have accused them of condoning torture by failing to abide by a United Nations convention, ratified by both countries, which prohibits cruel, degrading or inhumane acts against detainees.

The Algerian and other North African nationals involved in today's case last year won a House of Lords ruling that detaining them indefinitely without charge breached European human rights laws.

Guantanamo Bay

Lawyers for the men claim they were being held on evidence that may have been obtained by the torture of other persons in foreign countries, including at the U.S. military detention facility in Guantanamo Bay, Cuba and in Afghanistan.

The U.K. Court of Appeal ruled in August 2004 that such material was admissible in deportation hearings before an immigrations tribunal, as long as the British government hadn't procured or participated in the torture. That tribunal, the Special Immigrations Appeals Commission, isn't bound by the same evidence rules as other U.K. courts, where evidence obtained by torture wouldn't be admissible, according to the 2004 ruling.

Human rights activists claim admitting such material in any proceeding would jeopardize the integrity of the judicial process and introduce unreliable evidence.

Today's judgment also comes amid increasing European concern over the U.S. government's ``rendition'' policy, where suspected terrorists are apprehended and sent to other countries for questioning. Human rights groups claim the practice encourages torture and violates international law.

U.S. Secretary of State Condoleezza Rice defended rendition on Dec. 5 before leaving for a tour of European nations, saying that it had been used ``for decades'' to bring terror suspects to justice.
http://www.bloomberg.com/apps/news?p...op_world_news#





Not Guilty Verdicts in Florida Terror Trial Are Setback for U.S.
Eric Lichtblau

WASHINGTON, Dec. 6 - In a major defeat for law enforcement officials, a jury in Florida failed to return guilty verdicts Tuesday on any of 51 criminal counts against a former Florida professor and three co-defendants accused of operating a North American front for Palestinian terrorists.

The former professor, Sami al-Arian, a fiery advocate for Palestinian causes who became a lightning rod for criticism nationwide over his vocal anti-Israeli stances, was found not guilty on eight criminal counts related to terrorist support, perjury and immigration violations.

The jury deadlocked on the remaining nine counts against him after deliberating for 13 days, and it did not return any guilty verdicts against the three other defendants in the case.

"This was a political prosecution from the start, and I think the jury realized that," Linda Moreno, one of Mr. Arian's defense lawyers, said in a telephone interview. "They looked over at Sami al-Arian; they saw a man who had taken unpopular positions on issues thousands of miles away, but they realized he wasn't a terrorist. The truth is a powerful thing."

Federal officials in Washington expressed surprise at the verdict in a case they had pursued for years.

The trial, lasting more than five months, hinged on the question of whether Mr. Arian's years of work in the Tampa area in support of Palestinian independence crossed the threshold from protected free speech and political advocacy to illegal support for terrorists.

Prosecutors, who had been building a case against Mr. Arian for 10 years, relied on some 20,000 hours of taped conversations culled from wiretaps on Mr. Arian and his associates. Officials said he had helped finance and direct terrorist attacks in Israel, the Gaza Strip and the West Bank, while using his faculty position teaching computer engineering at the University of South Florida as a cover for his terrorist activities.

But ultimately, the jury in Tampa that heard the case found him not guilty of the charge of conspiring to kill people overseas, and it deadlocked on three of the other most serious terrorism charges.

Justice Department officials said they were considering whether to re-try Mr. Arian on the counts on which the jury did not reach verdicts.

While expressing disappointment in the verdicts, the officials said the department had a strong track record of success in prosecuting terrorists, including the separate convictions last week of a Northern Virginia student and a Pakistani immigrant in New York on charges of supporting Al Qaeda.

"We remain focused on the important task at hand, which is to protect our country through our ongoing vigorous prosecution of terrorism cases," said Tasia Scolinos, a spokeswoman for the Justice Department. "While we respect the jury's verdict, we stand by the evidence we presented in court against Sami al-Arian and his co-defendants."

In bringing the case against Mr. Arian in 2003, the department relied on the easing of legal restrictions under the antiterrorism law known as the USA Patriot Act to present years of wiretaps on the defendants in a criminal context.

In the conversations cited by prosecutors, Mr. Arian was heard raising money for Palestinian causes, hailing recently completed attacks against Israel with associates overseas, calling suicide bombers "martyrs" and referring to Jews as "monkeys and swine" who would be "damned" by Allah.

But much of the conversation and activity used by prosecutors predated the 1995 designation by the United States of Palestinian Islamic Jihad as a terrorist group, a designation that prohibited Americans from supporting it. Several legal analysts and law professors said Tuesday that the government appeared to have overreached in its case.

"I think the government's case was somewhat stale because a lot of these events dated back 10 years, and the case was so complex that it was all over the board," said Peter Margulies, a law professor at Roger Williams University in Rhode Island who has studied terrorism prosecutions.

For the prosecutors, Professor Margulies said, "this is clearly embarrassing, and they were clearly outmaneuvered by some very good defense attorneys."

David Cole, a law professor at Georgetown University who represented Mr. Arian's brother-in-law in an earlier deportation case that also gained wide exposure, said the verdict amounted to a rejection of the government's "sweeping guilt by association theory."

In the mid-1990's, news coverage of Mr. Arian drew attention to his opposition to the Israeli occupation of the West Bank and Gaza and led some critics to label the University of South Florida as "Jihad U."

Many Muslims in Florida continued to support him, however, and, as an influential Muslim activist, he continued to have access to the most senior Democratic and Republican officials, meeting with Bill Clinton, George W. Bush and others.

Criticism accelerated after the Sept. 11 attacks, particularly in light of Mr. Arian's appearance on a program on the Fox News Channel just weeks later, in which the host, Bill O'Reilly, confronted him with his past statements calling for "death to Israel."

Mr. Arian's indictment in 2003 led to his firing by the university, a move that had been debated for years. And the disclosure of his close dealings with Palestinian militants as cited in the indictment prompted even some university backers to rethink their support for him.

Family members of Mr. Arian and the other three defendants - Sameeh T. Hammoudeh, Ghassan Ballut and Hatim Fariz - wept in court on Tuesday as the verdicts were read, and Muslims in the Tampa area planned a prayer service and celebration on Tuesday night at the local mosque Mr. Arian helped found.

Mr. Arian "loves America, and he believes in the system, and thank God the system did not fail him," his wife, Nahla al-Arian, said outside the federal courthouse as throngs of family members, supporters and lawyers celebrated the results.

"Not a single guilty verdict," said Ms. Moreno, one of Mr. Arian's two defense lawyers. "I have to say, that was more 'not guilty' verdicts in those 20 minutes than I've heard in my 25 years as a defense attorney."

Mr. Arian is to remain in jail on an immigration matter, but Ms. Moreno said the defense would probably file a motion next week asking to have him released on bond.

For the local Muslim community, the verdicts are "a huge relief, and people are just jubilant," said Ahmed Bedier, director of the Tampa chapter of the Council on American- Islamic Relations.

Mr. Bedier, who attended much of the trial, said he had doubted whether Mr. Arian could receive a fair trial in Tampa, especially in light of the publicity his case had generated, but "the jury proved us wrong," he said in a telephone interview.

"This was a very important case for us in that it tested both the Patriot Act and the right to political activity," Mr. Bedier said. "The jury is sending a statement that even in post-9/11 America, the justice system works, the burden of proof is on the prosecution, and political association - while it may be unpopular to associate oneself with controversial views - is still not illegal in this country."

Lynn Waddell contributed reporting from Tampa, Fla.,for this article.
http://www.nytimes.com/2005/12/07/na...rtner=homepage





EU Trade-Off On Phone Records

EUROPEAN justice ministers have sealed a compromise deal on controversial anti-terror measures that increase police access to phone and internet records.

The deal, clinched by Britain as EU president, lays out the kinds of data that can be retained, for how long, under what conditions and the types of crime that would allow Europe's authorities to access it.

"I am very pleased indeed that we achieved an agreement today," British Home Secretary Charles Clarke said after the deal was secured at a two-day meeting of EU justice and interior ministers in Brussels.

"We've agreed on a system that gives flexibility to EU member states that want to go further, and we've agreed a review procedure to keep raising the amount of material we're able to collect," he said.

Despite the difficult and complex nature of the talks, only Ireland, Slovakia and Slovenia were opposed.

The deal keeps Britain on target to fast-track the measures through the European Parliament, the EU executive commission and the council of member states before its presidency ends on December 31, Mr Clarke said.

"The impact of that will be very significant, as it will make a very clear statement that all the institutions of the European Union - the council, commission and parliament - stand firm in the fight against terrorism," he said.

Britain tried to build on the momentum from the Europe-wide outpouring of sympathy for the London public transport attacks on July 7, which killed 56 people, to get the new anti-terror measures passed.

Under the deal, they would oblige businesses in the telecommunications field to keep details about callers, such as the number they called where and when, for six months to two years. The rules would apply to land telephone lines and mobile phones, and internet data such as email, but police would not have access to the conversation or messages itself.

The measures have raised deep concern about privacy rights and who will pay for the costs such action will impose on businesses.

Indeed the plans still have to be accepted by the parliament, which has so far only agreed to allow less flexible laws, by the middle of next week and then pass in a vote in a full plenary session in Strasbourg in mid-December.

"I hope the parliament at the Strasbourg plenary will agree, but I haven't got any assurance of that, because there can't be any such assurance until there is a vote," Mr Clarke, said.

"I know there is a very strong desire in the leadership of the parliament as a whole."

EU justice commissioner Franco Frattini has committed to arguing strenuously in favour of the member states' package before the commission, Mr Clarke said.

The deal took some by surprise, especially given the vehemence of opposition among critics of the British proposals.

According to one diplomat, speaking on condition of anonymity, Ireland's main contribution to debate had been to say this was the wrong legal basis and Ireland would sue if it is adopted.

Such legal action remains a possibility.

Another diplomat summed up the compromise thus: "It falls short of expectations but it allows member states more flexibility" to apply their own rules, he said.
http://australianit.news.com.au/arti...-15319,00.html




Italian Anti-Terror Law Forces Cybercafe Owners To Take Names
AP

In a heavily immigrant neighborhood near the main railway station, Ahmed Sohel points dejectedly to the empty computer terminals at the modest storefront where he sells Internet and telephone service.

``Before, I was full of Internet clients, now I have no one left,'' said Sohel, a gentle, middle-aged immigrant from Bangladesh.

A new Italian law requires businesses that offer Internet access to the public, like Sohel's, to ask clients for identification and log the owner's name and the document type.

Cybercafes also must make and keep a photocopy of the ID and be registered with their local police station, dictates the law, part of an anti-terror package approved after the July terrorist bombings in London.

Many cybercafe owners say the law has increased their work load and decreased their profits.

``We're selling the store, and in part this is the reason,'' said Dolores Cabrera, who owns Kokonet, an Internet storefront across town near the Vatican. About half Cabrera's prospective clients either don't have their passport with them or aren't willing to show it, she said.

Enforcement is spotty at many cafes, however, and besides cybercafe owners and civil libertarians, the law appears to bother only people who fear scrutiny by the authorities, such as illegal immigrants.

Angela De Angelis, a 21-year-old Italian student using a cybercafe near the Vatican, was dubious about the new law's worth.

``I think it's all right if it serves to protect us, though sincerely, I can't see how it's useful,'' she said.

Italy is the only European Union country to require Internet cafes to record ID information on clients, said Richard Nash, secretary general of EuroISPA, which represents Internet providers in Europe.

Non-member Switzerland, however, does requires people who go online at cybercafes to show IDs, according to Robin Gross, of the U.S. civil liberties group IP Justice.

Several Asian countries and cities, most prominently China and including the Indian technology hub of Bangalore, require registration at cybercafes.

But the leaders of some of those nations tend to be thinking at least as much about inhibiting speech as preventing terror attacks in making the requirement. In Vietnam, Internet cafes also are required to block access to Web sites deemed subversive and pornographic.

The Internet's potential as a terrorist tool was highlighted by the 2002 kidnapping and murder in Pakistan of Wall Street Journal reporter Daniel Pearl, whose abductors used e-mail to issue demands and send photos. However, those messages were traced to a computer in a private residence, not an Internet cafe. Pakistan does not require cybercafe users to register.

Daniele Capezzone, a leader of Italy's Radical Party that often campaigns on human and civil rights issues, opposes the new law and explains why he thinks it has stirred little debate.

``Two reasons: one, the political class isn't talking about it, and two, the media hasn't shined a light on it,'' he said.

Cybercafe owners who rely in large part on a clientele that may not be in the country legally are often opting to turn a blind eye.

``Fifty percent of the people who come for Internet don't want to show their document,'' Sohel said, opening his registry book and pointing to where a few clients among those who used the computers left their names but not their passport numbers. As for successfully photocopying IDs, he said customer compliance is rare.

Giuseppe Italia, whose office at Rome's central police station oversees the application of the new law in the province of Rome, acknowledges that cybercafes that cater to immigrants might not be complying consistently.

Sabino Acquaviva, a sociologist at the University of Padua who specializes in terrorism, says compliance is indeed haphazard.

``People either won't register their documents, and others will show fake ones,'' he said. ``I think this law is useless.''

An added problem is that police cannot sanction violators -- license suspension or revocation are among the stipulated penalties -- unless they have approved a cybercafe owner's license, Italia said.

As of mid-November, only about 130 cybercafe operators in the province of Rome had been approved and one rejected by police with more than 950 still pending.

Italia did not return a call seeking updated information this week, but the Internet magazine Punto Informatico reported on its Web site that seven Internet parlors in Florence were temporarily closed last month for not complying with the law and at least one was shuttered indefinitely for not recording clients' names and failing to register with police.

Some cybercafe owners bemoan another requirement of the new law: They must be able, if necessary, to track the sites visited by their clients. And some bellyache about the added expense. Contents of people's e-mail is, however, supposed to remain private and can only be made available to law enforcement through a court order.

Italy also obliges telecommunications companies to keep traffic data and European ministers agreed last week to require the carriers to retain records of calls and e-mails for a maximum of two years. The European Parliament's two largest groups endorsed the data retention initiative on Wednesday despite complaints from privacy advocates and telecoms, and the full body is expected to adopt a bill next week.

Back at the cybercafes, there isn't much confidence among workers that such measures could help prevent a terror attack.

``These people caused the Twin Towers to collapse,'' said Edoardo Righi, a computer tech at a store near the tourist-rich neighborhood of Campo dei Fiori. ``They're not going to stop because they can't send an e-mail.''
http://www.siliconvalley.com/mld/sil...y/13350888.htm





Patriot Act May Be Renewed Without Reforms
Declan McCullagh

A frenzy of last-minute negotiations over the Patriot Act, conducted behind closed doors as a Dec. 31 expiration date nears, has yielded a four-year renewal of the law and no substantial reforms.

Sen. Arlen Specter, the Pennsylvania Republican who has been a point person during this year's debate over the fate of the complex and controversial law, said Wednesday that he and his counterparts in the House of Representatives have agreed to a deal that could pave the way for reauthorization of the Patriot Act by next week.

After reaching an impasse with House Republicans who held out for a longer seven- year renewal, Specter said he asked President Bush to intervene. "The vice president helped out a little yesterday and after a lot of haggling, I signed the conference report at 9:00 p.m.," Specter said in a statement sent to CNET News.com. "They brought it to my house."

But a band of six Democratic and Republican senators--who lodged strong objections to the draft conference report prepared last month--is likely to block a vote unless their concerns about privacy and overly broad surveillance are addressed. Sen. Russ Feingold, a Wisconsin Democrat and member of the group, said through a spokesman on Wednesday that he had not reviewed the final text.

Patriot Act's e- surveillance

Only 16 sections of the massive law, enacted in October 2001, are set to expire on Dec. 31. Five deal with electronic surveillance and computer crime:

Sec. 202: Computer hacking is a "predicate offense" permitting police to seek certain types of wiretaps.

Sec. 203: Federal police can share information gleaned from a wiretap or Carnivore- like surveillance device with spy agencies. Previously, there was no explicit authorization for such data sharing.

Sec. 212: Internet providers and other communications providers can divulge information to police more readily. Specifically, customer records and other data may be legally handed over to police in an emergency.

Sec. 215: Secret court orders can be used to obtain records or "tangible items" from any person or business if the FBI claims a link to terrorism. The unlucky recipient of the secret order is gagged; disclosing its existence is punishable by a prison term.

Sec. 217: Computer service providers may eavesdrop on electronic trespassers legally. Police can be authorized to "listen in" on what's happening on the provider's network.
Of the 16 portions of the massive law that are set to expire, five deal with electronic surveillance and computer crime. Those permit secret court orders that the FBI can use to obtain business records; authorize more information sharing between Internet providers and police; and list computer hacking as an offense granting increased eavesdropping authority.

One important but unanswered question is how much support the group of six senators can muster among their colleagues. At a press conference last month, the group called for reforming portions of the Patriot Act that deal with library and other business record acquisitions, secret "National Security Letters" that have been used against Internet service providers, and delayed search warrants that permit police to secretly enter a home and notify the person weeks or months later.

Specter's office did not make the text of the final bill available. But according to interviews with staffers and lobbyists, not one of those three changes has been made.

Tim Edgar, a legislative counsel for the American Civil Liberties Union, said Specter's announcement was "designed to put a lot of pressure on the Senate to go along with an extremely flawed conference report. We'll see if they bite."

The group of six includes Democrats Richard Durbin of Illinois and Kenneth Salazar of Colorado; and Republicans Lisa Murkowski of Alaska; Larry Craig of Idaho; and John Sununu of New Hampshire. They backed a Patriot Act reform plan, called the Safe Act, that is still stuck in committee.

One person who likely will wield strong influence over whether Democratic senators side with the Bush administration or the group of six is Vermont Sen. Patrick Leahy, who spent Wednesday conferring with members of his party. "I'm anxiously awaiting an answer," Specter said. (Leahy's office said late in the day that no decision had been made.)

Bush has repeatedly called for a full renewal of the Patriot Act, regularly lacing speeches with phrases like: "Our law enforcement needs this vital legislation to protect our citizens." The White House is expected to increase the pressure on Republican senators not to defect to the group of six.

As a way to twist arms, House Republicans are expected to schedule a vote before Christmas, which would let them and the Bush administration characterize the Senate as obstructionist. A spokesman for the House Judiciary Committee said a floor vote had been anticipated for Thursday but has been delayed: "It won't be on the floor tomorrow. That was our hope earlier today, but it's not going to happen."

History of controversy
From the time a preliminary version was introduced in the Senate days after the Sept. 11, 2001 terrorist attacks, the Patriot Act has been dogged by controversy.

When the final vote was held the following month, members of Congress were required to vote on the bill without a lot of time to read it. The measure "has been debated in the most undemocratic way possible, and it is not worthy of this institution," Rep. Barney Frank, D-Mass., said at the time. Rep. Ron Paul, R-Texas, added later: "Almost all significant legislation since 9/11 has been rushed through in a tone of urgency with reference to the tragedy."

Even though the Patriot Act was approved by overwhelming majorities in both chambers of Congress, some legislators voted for it with the understanding that key portions would be revisited in 2005. Early this year, the Senate and the House of Representatives began a series of hearings on the law. One portion that has drawn scrutiny is section 215, which permits secret court orders to be used to obtain records or "tangible items" from any person or organization if the FBI claims a link to terrorism. The recipient of the secret order is gagged, and disclosing its existence is punished by a prison term. Section 215 is set to expire on Dec. 31.

Another is the portion of the Patriot Act that requires Internet service providers and any other type of communication provider--including telephone companies--to comply with secret "National Security Letters" from the FBI. Those letters can ask for information about subscribers--including home addresses, what telephone calls were made, e-mail subject lines and logs of what Web sites were visited.

Such letters are not new: Before the Patriot Act was enacted, they could be used in investigations of suspected terrorists and spies. But after the change to the law, the FBI needed only to say that a letter may be "relevant" to a terrorist-related investigation. No court approval is required.

The 2nd Circuit Court of Appeals heard arguments on Nov. 2 about the constitutionality of National Security Letters--which, under current law, don't even permit the recipient to consult an attorney. That portion of the Patriot Act is not scheduled to expire.

Kevin Bankston, a staff attorney at the Electronic Frontier Foundation, said the current debate over the Patriot Act is important but ultimately limited because even the proposed modifications are modest. "To some extent it feels like rearranging the deck chairs on the Titanic," Bankston said. "At the end, it's still going to be the Patriot Act. It's going to be a broad enhancement of police power, of law enforcement and investigative powers."
http://news.zdnet.com/2100-9588_22-5986379.html





Patients Fear Safety Risk From Electronic Notes
Press Association

Health campaigners fear that the switch from paper to electronic patient records will put patient confidentiality at risk, researchers said today.

Concern that medical records will fall into the wrong hands is greatest among groups representing people with disabilities, HIV or mental health problems, who already face stigmatisation. They fear that if confidential information is intercepted electronically that their members could face greater discrimination.

The findings come in a poll of more than 200 organisations worldwide, including almost 50 in England, by Health and Social Campaigners News International (HSCNI) - a global network of patient groups.

The HSCNI found that despite general enthusiasm about the electronic medical records technology, but 64% of the groups in England said they were worried that patients would suffer a loss of confidentiality and privacy.

The groups, including the mental health charity Mind and others representing patients with autistic spectrum disorders, said people believed electronic records could mean medical details leaking out to a wider audience. A Mind spokesman said: "Everyone is strongly opposed and worried."

A third of the groups in England said they believed the technology was not yet good enough to develop a comprehensive electronic medical records system.

Just six of the 47 groups surveyed in England thought the technology was capable of improving doctor-patient relationships, or would help patients manage their own care. And 62% of groups believed patients should be able to decide who can access their own electronic record.

There were also concerns about the cost of the records system, which forms part of a £6.2bn NHS IT programme.

A respondent from a cancer patient organisation said: "In the 1980s, the NHS in the Hampshire area lost millions of pounds trying, and failing, to install a comprehensive, linked, and interactive computer system. Will another foray into this subject mean more money and administrative tasks, and less nursing care?"

Earlier this year the British Medical Association conference heard fears over the confidentiality of the system and ways in which the government and computer hackers could abuse it. A poll of almost 2,000 patients by the association also found that 75% had concerns about the security of information on the care records system.

A Department of Health spokeswoman said it had published a care records guarantee, which made clear that only NHS staff involved in treating a particular patient would have access to that person's electronic medical record.

She added: "The guarantee also ensures patients keep control over who has access to their electronic health record. Very soon, we shall be undertaking an England-wide public information campaign that explains how security and confidentiality measures are built into the electronic health record."
http://technology.guardian.co.uk/new...654157,00.html





Report Warns Against Merging Federal Information, Privacy Ombudsmen
Jim Bronskill

Merging the offices of the information and privacy watchdogs would take some of the bite out of their roles, warns a federally commissioned report.

Former Supreme Court justice Gerard La Forest urges Ottawa to focus instead on making information and privacy laws work better for the public.

The information commissioner is an ombudsman for Canadians who request files under the federal access law, while the privacy commissioner handles complaints about abuses of personal information.

A full merger, or the appointment of a single commissioner to both offices, "would likely have a detrimental impact" on the policy aims of the access and privacy laws, La Forest's report says.

He concludes combining the functions would not save much money and could leave one commissioner with too much work.

La Forest calls on Ottawa to "do much more" to foster compliance with information and privacy obligations. Concerning access to records, he says the government should:

-Make it clear to officials that information should be provided to requesters unless there is a clear and compelling reason not to do so.

-Develop better information management systems.

-Provide incentives for complying with the law.

With respect to privacy, La Forest says the government should pay greater attention to the implications of programs involving the sharing, matching and outsourcing to private companies of personal information about Canadians.

He also urges better training for access and privacy officials who process inquiries from the public.

"Merging the offices, or appointing one commissioner to preside over both, would do little to respond to these challenges," his report says.

The combined budgets of the two offices for 2004-2005 were $15 million, representing less than 50 cents a Canadian.

In light of "the modest costs" associated with the two commissioners, as well as the challenges in achieving efficiencies through a merger, it seems unlikely any potential savings could be justified, the report adds.

The Conservatives and New Democrats have made access-to-information reform a key plank of their proposed ethics packages.

A spokesman for Justice Minister Irwin Cotler, the minister responsible for access and privacy policy, had no immediate comment on La Forest's report.

The government appointed the former judge earlier this year to assess the strengths and weaknesses of the current model of separate commissioners.

The provincial information and privacy commissioners and many of the experts he consulted generally agreed the single-commission model works well in the provinces.

"It does not necessarily follow, however, that it would be wise to switch to this model at the federal level," the report says.

A spokeswoman for Privacy Commissioner Jennifer Stoddart said Wednesday that La Forest's report was "a wise and thoughtful study that does justice to the many complex issues that would arise with a merger of the two offices."

Her office had earlier concluded that "fusing the two offices is not an appropriate measure at present," citing more pressing priorities - namely a review of the "woefully deficient" and outdated Privacy Act.

Information Commissioner John Reid once supported the idea of combining the functions, but said recently he is convinced the dual-commissioner model is far less open to abuse.

Lately Reid has pressed the government to focus on reforming the Access to Information Act.
http://www.macleans.ca/topstories/ne...tent=n113057A#





ACLU Joins Fight Against Internet Surveillance
Caron Carlson

The American Civil Liberties Union today joined an expanding group of organizations filing lawsuits against a new rule that increases the FBI's power to conduct surveillance on the Internet.

The rule being challenged is one the Federal Communications Commission adopted in September, granting an FBI request to expand wiretapping authority to online communications.

The commission ruled that the 1994 Communications Assistance for Law Enforcement Act applies to voice-over-IP providers whose services can connect with the public switched telephone network.

The ACLU charged in a petition to the U.S. Court of Appeals for the District of Columbia Circuit that the ruling goes beyond the authority of CALEA, which specifically exempted information services.

"The ACLU seeks review of the CALEA order on the grounds that it exceeds the FCC's statutory authority and is arbitrary, capricious, an abuse of discretion, unsupported by substantial evidence, or otherwise contrary to law," the organization charged in its petition.

Bolstering the challengers' position, the FCC decided last year that Internet communications like those offered by Pulver.com fall under the regulatory classification of "information services" and therefore are not subject to traditional telephone mandates.

In October, Sun Microsystems Inc., the Center for Democracy and Technology, the Electronic Frontier Foundation, the Electronic Privacy Information Center, Pulver.com, Comptel, and the American Libraries Association filed a petition with the same court.

Read more here about protests from Sun and other groups challenging the FCC's stance on VOIP surveillance.

The coalition maintains that FCC rules will stifle innovation, require the re-engineering of private IP networks at a huge expense and weaken the security of the Internet.

The diverse organizations also warned that the expanded eavesdropping rules represent only the beginning of what will become a broader effort to regulate the Internet.

Separately, The American Council on Education filed a court challenge arguing that compliance with the rules would require colleges and universities to spend $7 billion in upgrading switches and routers.

Some lawmakers have already joined their voices with the opposition. Sen. Patrick Leahy, D-Vt., cautioned that the mandates could give the government the authority to dictate software designs, drive innovators offshore and threaten security as well as privacy.
http://www.eweek.com/article2/0,1895,1895253,00.asp





Gone Spear-Phishin'
Timothy L. O'Brien

ABOUT a year and a half ago, Amnon Jackont, an Israeli mystery novelist and Tel Aviv University history professor, became ensnared in a mystery of his very own: friends and students were receiving e-mail messages from him that he had never written. A few months later, unpublished paragraphs and chapters from a book he was writing were plucked from his computer and began appearing on Israeli Web sites.

Mr. Jackont took his computer to the Israeli police last fall and was told to reformat it. But his problems persisted. So the police examined his computer more closely and discovered that a malicious program known as a Trojan horse lay hidden deep inside and had hijacked the machine from a remote location.

"When they followed the link they found a lot of goodies, but they wouldn't tell me anything," Mr. Jackont said. "All they told me was that they found something big, something that was bigger than just me being harassed."

In May, Israeli investigators opened their bag of goodies, disclosing that the Trojan horse on Mr. Jackont's computer had also galloped onto the networks of about 60 other Israeli companies, unleashing the biggest corporate espionage scandal in Israeli history. Prosecutors indicted members of three of the country's largest private investigation firms on criminal fraud charges in July. And some of Israel's most prestigious corporations are now under investigation for possibly stealing information from companies in such assorted fields as military contracting, telephony, cable television, finance, automobile and cigarette importing, journalism and high technology.

While the Israeli victims were diverse, they shared one thing in common: the Trojan horses that penetrated their computers came packaged inside a compact disc or an e-mail message that appeared to be from an institution or a person that the victims thought they knew very well. Once the program was installed, it whirred along surreptitiously, logging keystrokes or collecting sensitive documents and passwords before transmitting the information elsewhere.

"It's like the Yom Kippur War or Pearl Harbor in the Israeli business market because of the great surprise the victims had when the problem was exposed," said Haim Wismonsky, a senior prosecutor in the Tel Aviv district attorney's office who is overseeing the investigation. "It's O.K. to get information about competitors from the Internet or from former employees, but using Trojan horses is an entirely other matter."

PEOPLE in many other countries, including the United States, have reason to feel queasy as well, say Internet security specialists and government agencies that monitor cyberfraud. Over the last few years, enticing offers wearing the friendly guise of e-mail solicitations have been at the center of well-publicized frauds known as "phishing," in which con artists troll online for valuable personal and financial information. In September, the Anti-Phishing Working Group, a coalition of corporate and law enforcement groups that track identity theft and other online crimes, said it had received more than 13,000 unique reports of phishing schemes in that month alone, up from nearly 7,000 in the month of October last year.

More recently, however, a hybrid form of phishing, dubbed "spear-phishing," has emerged and raised alarms among the digital world's watchdogs. Spear-phishing is a distilled and potentially more potent version of phishing. That's because those behind the schemes bait their hooks for specific victims instead of casting a broad, ill-defined net across cyberspace hoping to catch throngs of unknown victims.

Spear-phishing, say security specialists, is much harder to detect than phishing. Bogus e-mail messages and Web sites not only look like near perfect replicas of communiqués from e-commerce companies like eBay or its PayPal service, banks or even a victim's employer, but are also targeted at people known to have an established relationship with the sender being mimicked.

And spear-phishing is usually not the plaything of random hackers; it is more likely, analysts say, to be linked to sophisticated groups out for financial gain, trade secrets or military information. While hard data about spear-phishing incidents is hard to come by and some security vendors may have a vested interest in hyping potential threats, veteran security analysts describe spear-phishing as one of the more insidious cybercrimes they have encountered and one that has been underpublicized because victims are hesitant to come forward.

"The real challenge of spear-phishing is that it's embarrassing, like head lice," said Alan Paller, research director at the SANS Institute, a group that trains and certifies computer security professionals. "Nobody wants to talk about it and say, 'Look, we're being hurt.' There's never been a better attack method than spear-phishing."

Last spring, staff, faculty and students at the University of Kentucky opened e-mail messages purporting to be from the university's credit union and requesting confidential information to access their accounts (something no financial institution in the country ever seeks via e-mail). University officials snuffed out the scheme, which made use of a computer server based in South Korea, after some recipients realized they had been duped and called the university to complain.

In June, the National Infrastructure Security Coordination Centre, a government agency that monitors computer security in the United Kingdom, took the unusual step of publicly warning about a spear-phishing campaign of "targeted Trojan e-mail attacks" aimed at industrial and government computer networks. The warning noted that the e- mail messages appeared to come from a trusted sender, that antivirus software and firewalls didn't protect recipients, and that, in fact, there was no way to completely protect any computer connected to the Internet from the Trojan attacks once recipients opened a bogus e-mail message.

"Files used by the attackers are often publicly available on the Web or have been sent to distribution lists," the warning said. "The attackers are able to receive, trojanise and resend a document within 120 minutes of its release, indicating a high level of sophistication."

About two weeks ago, a more traditional phishing scam infected about 30,000 individual computers worldwide, according to CipherTrust, a computer security firm. Consisting of what CipherTrust said was about 50 million e-mail messages that a German hacker deployed simultaneously, the communiqués purported to come from the Federal Bureau of Investigation, the Central Intelligence Agency and a German intelligence agency and tried to convince recipients to provide personal information and open a file containing a virus. The F.B.I. issued a warning about the scheme and a spokeswoman said that thousands of people swamped the agency with phone calls inquiring about it. The F.B.I. is investigating the matter and declined further comment; a CipherTrust analyst said the phisher's motive remained unclear.

Analysts caution that, despite stepped-up attacks, there is no indication that phishers of any stripe are siphoning torrents of cash out of bank accounts or foraging willy-nilly in any hard drive they choose. But they do note that at the very least the attacks show the vulnerability of sensitive data stored on computer networks, undermine consumer confidence in Web-based transactions, and uproot faith in e-mail, a backbone of electronic commerce and digital communication.

"The problem is not a loss of money or credit, it's a loss of trust," said David Perry, director of global education at Trend Micro Inc., an Internet security firm. "If you open up e-mails and 8 out of 10 of them are from people selling prescription drugs or Nigerian banking scams, then you lose trust and e-mails become the criminals."

At least one veteran fraud investigator in Israel said he wasn't shocked by revelations of widespread spear-phishing and the corporate espionage scandal last spring. "This case is not unconventional," said Boaz Guttman, a lawyer and former head of the cybercrimes unit for the Israeli national police. "Most of the crimes are not reported. The police here and in the United States only know about 5 percent of the cases. Hackers don't take a break, not one minute.

"Everybody is spying against everybody in Israel," added Mr. Guttman, who said he was representing one of the suspects in the Trojan horse investigation but was not authorized to reveal his client's identity. "You cannot be surprised by this because this is the way of life for companies today."

Others, however, had a less subdued reaction to the realities of the investigation when its scale and sprawl first became clear in the spring. "There it was," Mr. Jackont recalled, "we were all in the middle of a hurricane."

The hurricane that enveloped Mr. Jackont probably began spinning, Israeli investigators told him, when an e-mail message arrived that appeared to come from a student asking him to review an essay, or from another e-mail address that looked familiar. (Because Mr. Jackont had his computer swept clean in his unsuccessful early effort to oust the digital hijacker, all records of the initial intrusion disappeared.)

By November of last year, as investigators scrutinized Mr. Jackont's computer woes more closely, his stepdaughter, Natalya Wieseltier, stepped forward with a key bit of evidence. According to records of the Israeli investigation, Ms. Wieseltier told authorities that she received a Trojan-infested e-mail message bearing the address of gur_r@zahav.net.il, which she believed came from a friend.

But her friend's e-mail was actually gur-r@zahav.net.il. As Israeli investigators traced the origin of the bogus account they discovered that the person who had opened it lived in London and had charged the cost of the account to his American Express card. The name on the card was Michael Haephrati - Ms. Wieseltier's former husband.

Israeli authorities then deployed their own computer snoop, which analyzed packets of information as the Trojan filched them from Ms. Wieseltier's computer. The files ended up on a computer server in the United States and the server's contents startled investigators, according to records of the investigation. Among the personal documents and screenshots of Ms. Wieseltier's family were hundreds of records from Israeli companies as well as classified military documents. Investigators soon uncovered four more servers, two in America and two in Israel, that also housed stolen information.

As the trail became clearer, authorities learned that at least 15 senior members of three of Israel's largest private investigative agencies were involved in a scheme in which dozens of companies received a compact disc or an e-mail message offering a business opportunity. The offer required them to respond to INFO@targetdata.biz, a site registered to Mr. Haephrati. Responding to them would unleash the Trojan, which, according to records of the investigation, was impervious to antivirus and anti-Trojan software.

Investigators say Mr. Haephrati designed and transmitted the Trojan responsible for pickpocketing Mr. Jackont and Ms. Wieseltier's computers. And while his methods were modern, Mr. Jackont said, his motive was ancient: his divorce from Ms. Wieseltier was messy, and he resented the family. Mr. Haephrati's reason for working with private investigators, said Mr. Wismonsky, the Israeli prosecutor, was pecuniary; private eyes paid him about $3,500 for each installation of his spyware and about $900 a month per Trojan after that to monitor information the spyware collected.

Israeli investigators have unearthed e-mail messages indicating that Mr. Haephrati interacted with a number of companies and governments in countries besides Israel; Mr. Wismonsky said e-mail messages suggest that Mr. Haephrati once apparently tried to sell his spyware to the Norwegian government.

BRITISH authorities arrested Mr. Haephrati, 41, and his new wife, Ruth, 28, last summer on computer fraud charges, but the authorities there did not respond to interview requests. The Haephratis, currently detained in separate British prisons, were unavailable for comment and Israeli prosecutors are awaiting the couple's transfer to Israel. Mr. Wismonsky said corporate victims ranged from HOT, a major Israeli cable television concern, to I.M.C., an Israeli high-tech company that supplies the military.

Among the Israeli corporations on the receiving end of stolen information, said Mr. Wismonsky, were two telecommunications affiliates of Bezeq, the country's largest telephone company. The Israeli government held a controlling interest in Bezeq until it sold most of its stake to private investors, including Los Angeles media mogul Haim Saban, shortly before the Trojan horse scandal became public. A lawyer representing Bezeq and the two affiliates, YES and Pele-Phone, declined to comment on the investigation; Mr. Wismonsky said that Bezeq itself appeared to have been a victim, not a recipient, of stolen information.

Mr. Wismonsky's office has indicted members of the three detective agencies involved in the scandal on computer fraud charges. The firms - Modi'in Ezrahi, Zvi Krochmal Investigations and Pilosoph-Baleli - or their lawyers declined to comment or did not respond to interview requests. As of yet, said Mr. Wismonsky, no Israeli corporations have been indicted for receiving information because no evidence has surfaced indicating that the companies had knowledge that the data was stolen.

"The main problem we have is to match the firms that ordered computer espionage with the companies that were victims," Mr. Wismonsky said. "We have to see if the private investigators have records in their offices that show who ordered the spying."

While reputable firms and businesspeople worldwide rarely admit to enlisting the services of private investigators, it is a routine fact of life in some business quarters.

"The thinking in Israel is that if a company gets away with stealing information, they're heroes, and if they get caught, they're stupid," said Ben Gilad, an Israeli-born business consultant who works in the United States. "You can always hire someone from outside the company to get the information for you, and if they get caught you can deny any knowledge."

For his part, Mr. Wismonsky said that so far he had encountered many denials. "The president of every company said they didn't know at all that they were receiving stolen information," he said. "These are people whose jobs are to know what is going on in the market."

Elsewhere in the world, authorities advise a dose of common sense for individuals who want to protect themselves from spear-phishers, plain vanilla phishers and other online predators. "We have yet to meet a bank or any financial institution that contacts their customers via e-mail to alert them to problems with their credit cards or accounts," said Thomas X. Grasso, a special agent with the F.B.I. who specializes in investigating cybercrimes. "Armed with that knowledge, consumers should look on any e-mails like that suspiciously."

Some computer security specialists suggest at least one basic approach that might allow e-mail recipients to learn right away that a communiqué appearing to come from a company like Amazon.com actually originated somewhere in the Ukraine, Romania, Bulgaria, Poland, Russia or any of the other places that law enforcement officials say are hot spots for phishing scams. "It strikes me that this is just a failure of most e-mail systems to reveal the history of an e-mail," said Whitfield Diffie, a pioneer in computer cryptography who is the chief security officer of Sun Microsystems. "You could post a warning flag indicating that the 'from' address doesn't seem consistent with the path history."

Still, spear-phishers and other cyberstalkers have well-earned reputations for their ability to morph, molt and develop new modes of attack. Analysts say that attackers have moved on from trying to infiltrate computer operating systems and now appear to favor piggybacking spyware on external applications and network routers. The low cost of doing business is also attractive to spear-phishers.

According to CipherTrust, a spear-phisher can rent a server for about $300 month after paying a $100 setup fee; install spam-sending software on the server for about $1,200 a month; and get spam-sending proxies, a database of e-mail addresses, and other necessary add-ons for another $1,900 a month. How much phishers make depends on how many victims they hook, but the relatively small expense means the work can be lucrative. According to a research report issued in June by Gartner Inc., a consulting firm, about 2.4 million Americans reported losing about $929 million to phishing schemes during the previous year.

The Gartner report noted that although some analysts thought that phishing attacks were a fad that peaked in 2004, reports of such schemes have continued to grow at double-digit rates. According to the report, for the year ending in May about 73 million American adults who use the Internet believed that they received an average of more than 50 phishing e-mails during the prior 12 months. And that, of course, is just what Internet users actually know might be happening.

"Phishing is really transforming into more desktop-based attacks that are not visible to users, and there are so many different varieties that I'm not sure there's anything the average user can do to stop them," said Avivah Litan, a Gartner research director who wrote the June report. "Having said that, I don't think there's a crisis in our country in terms of money being drained out of bank accounts. It's all sporadic."

Sporadic or not, information theft has skyrocketed, Ms. Litan said, and banks have been under siege by hackers. Phishers prize checking-account numbers as well as credit card and A.T.M. card numbers, which they can copy onto bogus cards.

Ms. Litan said many banks had had security gaps in the software used to analyze magnetic stripe coding on the back of A.T.M. cards, and these gaps had allowed card hijackers to use bogus copies. American regulators, concerned about online vulnerabilities at the country's banks, have sharply tightened security requirements at financial institutions.

Meanwhile, spear-phishers remain on the prowl, pinpointing victims in a way that phishers never did. "Widespread phishing and spear-phishing are going to merge so that company logos can be snatched from Web sites to build customized databases of corporate logos," said Johannes B. Ullrich, who monitors and responds to emerging digital attacks at the SANS Institute's Internet Storm Center. "The main goal of all hacking attacks is automation, basically trying to have the biggest effect with the least amount of work. So I think it will go that way and it will be harder and harder for people to detect."

All of this provides cold comfort to victims like the mystery writer, Mr. Jackont, who said he was still reeling from his encounter with a Trojan horse in Israel.

"I must tell you that I still have a reflex of uneasiness when I get onto the Internet - I feel a trauma," he said. "People don't like it when I say this, but it's like being raped. It's like my underwear was spread all over the streets. It was a severe breach of privacy."
http://news.com.com/Online+scammers+...l?tag=nefd.top





Airport Codes Leaked Onto Internet

TOKYO: Passwords for restricted areas in 17 airports have been leaked onto the Internet from a Japan Airlines co-pilot's personal computer, the airline said Friday.

Japan's Transport Ministry notified the airline after it noticed Wednesday that passwords for 16 Japanese airports -- including the two serving Tokyo -- as well as for Guam International Airport had been posted on Internet bulletin boards, the Mainichi Shimbun reported Friday.

Moreover, the ministry confirmed that the Boeing 767 instruction manual had been leaked. JAL has asked the operators of the 17 airports to change their code numbers and tighten security.

The information was leaked from a computer that a 29-year-old Boeing 767 co-pilot kept at his home after it was infected with a computer virus. The co-pilot used the peer-to-peer file-sharing program Winny at home.

Three- to five-digit code numbers are used to unlock doors to restricted areas within the airports. However, ministry officials said there is not a route through which outsiders can go straight to aircraft without going through immigration.

JAL prohibits ground staff members from taking work-related information out of their offices, while setting guidelines for ways that crew members manage and take out such information.
http://www.newkerala.com/news.php?ac...lnews&id=64183





Scientists Work On Peer-To-Peer Security

Israeli scientists are working on a new method of distributing antivirus patches so that they reach computers before the virus does.

Researchers at Tel Aviv University are examining ways of creating a network of shortcuts hidden in the Internet and only accessible to antivirus applications.

The system would rely on 'honeypot' computers that lie in wait for viruses, worms, trojans and other malicious code. When a new infection is detected these computers would instantly notify other computers and equip them with the necessary information to block it.

The proposed shortcuts would ensure that this information arrives before the malicious code. The researchers' simulation shows that 800,000 honeypots among the 200 million computers in the US could restrict a new virus to just 2,000 machines.

'The software companies just regard the Internet as a sophisticated FedEx service,' explained the research team's Eran Shir. 'Our focus is to immunise the whole network, not to clean individual computers or fix what is already broken.
http://www.pcpro.co.uk/news/81046/sc...-security.html





Radio Industry Forms Alliance To Roll Out Digital Broadcasts

The radio industry, in a move to take on growing competition from satellite radio, iPods and the Internet, has formed an alliance to step up the rollout of digital radio.

The group's goal is to offer new and compelling content using ``high-definition'' digital radio technology, which produces CD-quality sound and eliminates the static, hiss and fades associated with analog signals, top radio executives said Tuesday at a press briefing unveiling the alliance.

So far, about 600 out of more than 10,000 radio stations across the United States have started digital broadcasts. HD radio is free, but consumers need to purchase pricey digital radio receivers to listen to broadcasts.

The alliance -- which has at least seven radio companies on board including giants Clear Channel Communications Inc. and Viacom Inc.'s Infinity -- hopes its efforts will drive down the cost of digital receivers as they catch on with more consumers.

The group, called HD Digital Radio Alliance, will coordinate the rollout of HD digital radio, including who will get to air what on new ``multicast'' channels. Through multicasting, which involves the split of radio frequencies into niche channels, a radio station can use the extra space for alternate programming.
http://www.siliconvalley.com/mld/sil...y/13342891.htm





Clear Channel Eyes Net Distribution Deals

Clear Channel Communications could possibly ink distribution deals with Yahoo or Apple Computer's iTunes music service by next year, a senior executive said on Wednesday.

The U.S. radio conglomerate, which is seeking as many distribution outlets as possible for its programs, has been in talks with Apple, Yahoo and Microsoft during the past year, according to John Hogan, chief executive of Clear Channel's radio division.

"They have yielded more discussions," Hogan said at the Reuters Media and Advertising Summit in New York. "They (the companies) are interested in content."

He said it was possible that a deal could be reached in 2006. Hogan declined to give details about what might be included in any such deal.

This month, Clear Channel said it planned to offer 60-second video clips of radio personality Rush Limbaugh's show that could be played on Apple's iPod digital music and video player.

Based in San Antonio, Texas, Clear Channel operates more than 1,200 radio stations across the United States. The company faces competition from satellite radio services and Apple's iPod digital music player.
http://news.com.com/Clear+Channel+ey...3-5978525.html





Satellite Radio Receiver Raises Ire Of Recording Industry
ILN News Letter
Michael Geist

The recording industry is expressing concern about new satellite-radio receivers that mimic iPods in their ability to store and organize hundreds of songs. The satellite companies say there's nothing wrong with the additional functions they are offering customers. They point to a 1992 federal law that permits consumers to make personal recordings from the radio and argue that the storage capability is a legal time-shifting device, similar to a digital-video recorder such as TiVo.
http://online.wsj.com/article/SB113401703445217173.html





Hack early and often

California May Impose Hacker Test On All Electronic Vote Machines
AP

Companies wanting to sell electronic voting machines in California may be forced to prove their systems can withstand an attack from a computer hacker, the state's top elections official said Monday.

Secretary of State Bruce McPherson said his office is planning a hacker test on a machine built by Diebold Election Systems, one of the nation's largest manufacturers of electronic voting systems. McPherson said he might seek to expand such testing to all systems seeking certification for use in California's 58 counties.

``It's all about giving the voters trust in the system,'' McPherson told reporters after giving opening remarks at a conference focused on testing and certification of electronic voting machines.

Several media outlets had reported that the Diebold hacker test was scheduled for Wednesday, but McPherson said the details of the arrangement are still being worked out. He said he expected the Diebold test to be performed sometime before the end of the year.

Diebold has been criticized by some activist groups as being vulnerable to outside hackers seeking to manipulate election results.

The secretary of state's office has asked Finnish security expert Harri Hursti to come to California and conduct the Diebold hacker test, said Nghia Nguyen Demovic, a spokeswoman for McPherson.

``He's been invited and we're in talks with him,'' Demovic said.

She said the contact was made by David Jefferson, a scientist at Lawrence Livermore Laboratory who chairs a committee for McPherson that is investigating the electronic voting machines.

The tests will use a randomly selected voting machine from one of the 17 counties that currently use a Diebold system.

Diebold spokesman David Bear said company officials are confident their machines are not vulnerable to hackers.

``These are unfounded allegations that are just false,'' he said. ``We will absolutely pass the test.''

Bev Harris, a spokeswoman for the advocacy group Black Box Voting, said her nonprofit, nonpartisan watchdog group has been pushing California officials since June to hire Hursti for just this kind of test. Black Box wants him to recreate a test he performed in Florida in May.

``The exploits we were able to demonstrate in Florida call into question the testing that has gone on at the federal testing lab,'' Harris said.

If the Diebold machine could be manipulated from the outside, there's a good chance others will be, too, she said.

``We're very interested to see what else has been missed,'' she said.

State and local officials face a Jan. 1 federal deadline for upgrading voting machine systems to comply with new federal guidelines aimed at making systems safer and more accessible.

Meeting that deadline might be difficult for California, McPherson said.

``But the Department of Justice and others have said that you are moving in the right direction and making an earnest effort, and we're seeing good results from this already,'' he said. ``We think we are going to be right on target.''

Earlier this fall, McPherson issued 10 requirements that voting machines must meet to be used in California elections starting next year.

Those requirements include gaining approval by an independent testing unit certified by the U.S. Election Assistance Commission and providing state officials with information about how the machines operate. It also requires companies to test their machines under Election Day conditions.

California law also requires electronic voting machines to provide paper receipts to assure voters that their votes were recorded accurately.
http://www.siliconvalley.com/mld/sil...l/13284156.htm





SunnComm MediaMax Security Vulnerability FAQ

What is the SunnComm MediaMax Security Vulnerability?
Is there a solution?
What is a privilege escalation attack?
Can you explain this with an analogy?
What are access controls?
What are some details of the MediaMax vulnerability?
How could this harm consumers' computer?
Who discovered the MediaMax security vulnerability?
Who is iSEC Partners?
Are there any more security issues with SunnComm's MediaMax software?
How many CDs are affected?
What are some of the artists with SunnComm MediaMax CDs?"
Does the patch resolve all the issues with CDs with SunnComm MediaMax software?
Does SunnComm MediaMax appear on CDs other than Sony BMG?
Is EFF Suing Sony BMG?
What more does EFF want Sony BMG to do?

What is the SunnComm MediaMax Security Vulnerability?

Certain audio compact discs distributed by Sony BMG contain a version of the SunnComm MediaMax software, which creates a serious risk of a "privilege escalation attack." This new security vulnerability -- different than the one reported in early November regarding Sony BMG CDs sold with software called XCP -- affects all Sony BMG CDs that contain version 5 of SunnComm MediaMax software. According to Sony BMG, about six million CDs have this software.

Sony BMG's list of affected CDs

Is there a solution?

On Tuesday December 6, Sony BMG and SunnComm made available a patch that was designed to resolve this
security vulnerability. We're pleased that Sony BMG responded quickly and responsibly when we drew their attention to this serious security problem.

However, the day after the patch was released, Professor Ed Felten and Alex Halderman identified a new problem. We take any security problems identified by these security researched very seriously. They "recommend for now that if you have a Windows PC, you

do not use the MediaMax patch
do not use the previously released MediaMax uninstaller, and
do not insert a MediaMax-bearing CD into your PC."

What is a privilege escalation attack?

A privilege escalation attack is the act of exploiting a security weakness in an application to gain access to resources that normally would have been protected from an application or user. This means that low-rights users can add files to a directory and overwrite the binaries installed therein, which will be then be unknowingly executed by a later user with higher level of rights. In other words, a guest user or a malicious program can effectively make changes to a computer that would normally be reserved to an administrator.

Can you explain this with an analogy?

Consider an office worker who has keys to her office and to the front door of the building, but not to other offices or to the supply closet. There are many ways to gain additional access: Sometimes those locks can be picked, sometimes the locks are left unlocked, and sometimes an attacker can steal the building manager's keys. This vulnerability is yet another way to gain increased access, similar to leaving the manager's keys out. By stealing the manager's keys, the office worker can escalate her privileges, i.e. get into offices and other room where she is not authorized.

What are access controls?

On a computer system, information resources are protected with access controls analogous to door locks. A common implementation of such access controls is called an access control list (ACL). An ACL is simply a table listing principals (e.g. user accounts) and the privileges each principal has with an object.

An ACL might stipulate, for example, that user account Bob can read the spreadsheet file accounts-2005.xls, while user account Jane can both read and write it. In this example, the Bob and Jane accounts are principals, the accounts-2005.xls file is the object, and "read" and "write" are privileges.

What are some details of the MediaMax vulnerability?

MediaMax version 5 leaves a crucial folder "unlocked," that is to say with an ACL that allows all principals to have all privileges. The reason this is a problem is that the folder contains an executable program (MMX.EXE, the MediaMax program) that must be run by a user account with high privileges. An attacker can overwrite MMX.EXE with code of her choice, and the next time a MediaMax disc is played, her attack code will be executed.

Specifically, the directory that the SunnComm MediaMax software creates, located in "c:\Program Files\Common Files\SunnComm Shared\," overrides the default Access Control List (also known as the file system permissions). The SunnComm Shared directory uses an ACL that doesn't protect against low rights users (i.e., "Everyone" in Windows parlance) overwriting the contents including the installed binaries.

Returning to our example of Bob and Jane, it mean that Bob can now rewrite the spreadsheet, or more worrisome, replace it with a malicious program.

How could this harm consumers' computer?

The SunnComm MediaMax version 5 software distributed by Sony BMG could expose the computers of millions of users to attacks by malicious hacker and virus writers. They undermine significant security protections otherwise present on computers running Windows, which are designed to prevent users (either people or programs) from gaining control of your computer.

Who discovered the MediaMax security vulnerability?

iSEC Partners discovered the security vulnerability after EFF requested an examination of the software, and EFF and iSEC promptly communicated it to Sony BMG. In accordance with standard information security practices, EFF and iSEC delayed public disclosure of the details of the exploit to give Sony BMG the opportunity to develop a patch.

iSEC Partners' report [PDF, 237K]

Who is iSEC Partners?

iSEC Partners is a proven full-service security consulting firm that provides penetration testing, secure systems development, security education and software design verification. iSEC Partners' security assessments leverage their extensive knowledge of current security vulnerabilities, penetration techniques and software development best practices to enable their customers to secure their applications against ever-present threats on the Internet. Primary emphasis is placed upon helping software developers build safe, reliable code.

Areas of research interest include application attack and defense, web services, operating system security, privacy, storage network security and malicious application analysis.

For more information: http://www.isecpartners.com.

Are there any more security issues with SunnComm's MediaMax software?

We don't know. We have identified one security issue, but there may be others. Even before this vulnerability came to light, security researcher Ed Felten noted "the MediaMax software will still erode security, for reasons stemming from the basic design of the software." See Freedom to Tinker for more. We urge Sony BMG to undertake rigorous security testing on all of its software, and we will continue to look into this issue.

How many CDs are affected?

There are over 20 million Sony BMG CDs with some version of the SunnComm MediaMax software. Sony BMG says that about six million have the MediaMax version 5 that is subject to this vulnerability, and has provided a list of affected titles. In addition EFF has prepared a Spotter's Guide to help you identify MediaMax CDs in the wild.

Sony BMG's list of affected CDs
EFF's Spotter's Guide

What are some of the artists with SunnComm MediaMax CDs?

MediaMax can be found on a wide variety of popular artists' music, such as Britney Spears "Hitme (Remix)" , David Gray's "Life In Slow Motion," My Morning Jacket's "Z," Santana's "All That I Am," and Sarah McLachlan's "Bloom (Remix Album)."

Sony BMG's list of affected CDs
EFF's list of CDs affected and possibly affected by MediaMax.

Does the patch resolve all the issues with CDs with SunnComm MediaMax software?

No. There are other severe problems with MediaMax discs, including: undisclosed communications with servers Sony controls whenever a consumer plays a MediaMax CD; undisclosed installation of over 18 MB of software regardless of whether the user agrees to the End User License Agreement; and failure to include an uninstaller with the CD. EFF will continue to raise these issues with Sony BMG.

Does SunnComm MediaMax appear on CDs other than those released by Sony BMG?

Yes. According to SunnComm, its "MediaMax technology has appeared on over 140 commercially released CD titles across more than 30 record labels." Earlier this year, SunnComm forecast "that its MediaMax CD Copy Management Technology will be Applied to More than 145,000,000 Audio CDs this Year." Currently our focus is on the Sony BMG CDs, but we are investigating whether the vulnerability exists on other labels, and urge every label that has used the MediaMax technology to check with security experts immediately.

SunnComm press release: SunnComm Ups Security Another Notch
SunnComm press release: SunnComm Forecasts for MediaMax

Is EFF Suing Sony BMG?

Yes. On November 21, EFF, along with the law firms of Green Welling, LLP, and Lerach, Coughlin, Stoia, Geller, Rudman and Robbins, LLP, filed a California class action lawsuit in Los Angeles against Sony BMG including claims arising from both XCP and SunnComm CDs. We also filed a national class action on December 2 in New York and are joined in that action by the Law Offices of Lawrence E. Feldman and Associates.

Sony BMG litigation information

What more does EFF want Sony BMG to do?

EFF would like Sony BMG and all record labels to stop using DRM on their CDs and stop requiring its customers to agree to a EULA as a condition of playing CDs on their computers. See: The Customer is Always Wrong, DRM Skeptics View, and New York Times Op-Ed: Buy, Play, Trade, Repeat.

Barring that, we would like Sony BMG to ensure, before a CD is released to the public, that it contains no security vulnerabilities, can be fully uninstalled by end users, properly protects consumer privacy including allowing consumers to opt-out of any reporting back to the company done by the CD, and is provided on terms that are fair, reasonable and fully disclosed. To the extent that they fail to do so, they need to remove such products from the market immediately, engage in a robust notice campaign and compensate consumers who have purchased them, including those harmed by XCP and MediaMax software already.
http://www.eff.org/IP/DRM/Sony-BMG/mediamaxfaq.php#2





Buy, Play, Trade, Repeat
Damian Kulash Jr.

Los Angeles

THE record company Sony BMG recently got in trouble after attempting to stem piracy by encoding its CD's with software meant to limit how many copies can be made of the discs. It turned out that the copy-protection software exposed consumers' computers to Internet viruses, forcing Sony BMG to recall the CD's.

This technological disaster aside, though, Sony BMG and the other major labels need to face reality: copy-protection software is bad for everyone, consumers, musicians and labels alike. It's much better to have copies of albums on lots of iPods, even if only half of them have been paid for, than to have a few CD's sitting on a shelf and not being played.

The Sony BMG debacle revealed the privacy issues and security risks tied to the spyware that many copy-protection programs install on users' computers. But even if these problems are solved, copy protection is guaranteed to fail because it's a house of cards. No matter how sophisticated the software, it takes only one person to break it, once, and the music is free to roam and multiply on the peer-to-peer file-trading networks.

Meanwhile, music lovers get pushed away. Tech-savvy fans won't go to the trouble of buying a strings-attached record when they can get a better version free. Less Net- knowledgeable fans (those who don't know the simple tricks to get around the copy-protection software or don't use peer-to-peer networks) are punished by discs that often won't load onto their MP3 players (the copy-protection programs are incompatible with Apple's iPods, for example) and sometimes won't even play in their computers.

Conscientious fans, who buy music legally because it's the right thing to do, just get insulted. They've made the choice not to steal their music, and the labels thank them by giving them an inferior product hampered by software that's at best a nuisance, and at worst a security threat.

As for musicians, we are left to wonder how many more people could be listening to our music if it weren't such a hassle, and how many more iPods might have our albums on them if our labels hadn't sabotaged our releases with cumbersome software.

The truth is that the more a record gets listened to, the more successful it is. This is not just our megalomania, it's Marketing 101: the more times a song gets played, the more of a chance it has to catch the ear of someone new. It doesn't do us much good if people buy our records and promptly shelve them; we need them to fall in love with our songs and listen to them over and over. A record that you can't transfer to your iPod is a record you're less likely to listen to, less likely to get obsessed with and less likely to tell your friends about.

Luckily, my band's recently released album, "Oh No," escaped copy control, but only narrowly. When our album came out, our label's parent company, EMI, was testing protective software and thought we were a good candidate for it. Record company executives reasoned that because we appeal to college students who have the high- bandwidth connections necessary for getting access to peer-to-peer networks, we're the kind of band that gets traded instead of bought.

That may be true, but we are also the sort of band that hasn't yet gotten the full attention of MTV and major commercial radio stations, so those college students are our only window onto the world. They are our best chance for success, and we desperately need them to be listening to us, talking about us, coming to our shows and yes, trading us.

To be clear, I certainly don't encourage people to pirate our music. I have poured my life into my band, and after two major label records, our accountants can tell you that we're not real rock stars yet. But before a million people can buy our record, a million people have to hear our music and like it enough to go looking for it. That won't happen without a lot of people playing us for their friends, which, in turn, won't happen without a fair amount of file sharing.

As it happened, for a variety of reasons, our label didn't put copy-protection software on our album. What a shame, though, that so many bands aren't as fortunate.

Damian Kulash Jr. is the lead singer for OK Go.
http://www.nytimes.com/2005/12/06/opinion/06kulash.html





Ogre to Slay? Outsource It to Chinese
David Barboza

One of China's newest factories operates here in the basement of an old warehouse. Posters of World of Warcraft and Magic Land hang above a corps of young people glued to their computer screens, pounding away at their keyboards in the latest hustle for money.

The people working at this clandestine locale are "gold farmers." Every day, in 12-hour shifts, they "play" computer games by killing onscreen monsters and winning battles, harvesting artificial gold coins and other virtual goods as rewards that, as it turns out, can be transformed into real cash.

That is because, from Seoul to San Francisco, affluent online gamers who lack the time and patience to work their way up to the higher levels of gamedom are willing to pay the young Chinese here to play the early rounds for them.

"For 12 hours a day, 7 days a week, my colleagues and I are killing monsters," said a 23-year-old gamer who works here in this makeshift factory and goes by the online code name Wandering. "I make about $250 a month, which is pretty good compared with the other jobs I've had. And I can play games all day."

He and his comrades have created yet another new business out of cheap Chinese labor. They are tapping into the fast-growing world of "massively multiplayer online games," which involve role playing and often revolve around fantasy or warfare in medieval kingdoms or distant galaxies.

With more than 100 million people worldwide logging on every month to play interactive computer games, game companies are already generating revenues of $3.6 billion a year from subscriptions, according to DFC Intelligence, which tracks the computer gaming market.

For the Chinese in game-playing factories like these, though, it is not all fun and games. These workers have strict quotas and are supervised by bosses who equip them with computers, software and Internet connections to thrash online trolls, gnomes and ogres.

As they grind through the games, they accumulate virtual currency that is valuable to game players around the world. The games allow players to trade currency to other players, who can then use it to buy better armor, amulets, magic spells and other accoutrements to climb to higher levels or create more powerful characters.

The Internet is now filled with classified advertisements from small companies - many of them here in China - auctioning for real money their powerful figures, called avatars. These ventures join individual gamers who started marketing such virtual weapons and wares a few years ago to help support their hobby.

"I'm selling an account with a level-60 Shaman," says one ad from a player code-named Silver Fire, who uses QQ, the popular Chinese instant messaging service here in China. "If you want to know more details, let's chat on QQ."

This virtual economy is blurring the line between fantasy and reality. A few years ago, online subscribers started competing with other players from around the world. And before long, many casual gamers started asking other people to baby-sit for their accounts, or play while they were away.

That has spawned the creation of hundreds - perhaps thousands - of online gaming factories here in China. By some estimates, there are well over 100,000 young people working in China as full-time gamers, toiling away in dark Internet cafes, abandoned warehouses, small offices and private homes.

Most of the players here actually make less than a quarter an hour, but they often get room, board and free computer game play in these "virtual sweatshops."

"It's unimaginable how big this is," says Chen Yu, 27, who employs 20 full-time gamers here in Fuzhou. "They say that in some of these popular games, 40 or 50 percent of the players are actually Chinese farmers."

For many online gamers, the point is no longer simply to play. Instead they hunt for the fanciest sword or the most potent charm, or seek a shortcut to the thrill of sparring at the highest level. And all of that is available - for a price.

"What we're seeing here is the emergence of virtual currencies and virtual economies," says Peter Ludlow, a longtime gamer and a professor of philosophy at the University of Michigan, Ann Arbor. "People are making real money here, so these games are becoming like real economies."

The Chinese government estimates that there are 24 million online gamers in China, meaning that nearly one in four Internet users here play online games.

And many online gaming factories have come to resemble the thousands of textile mills and toy factories that have moved here from Taiwan, Hong Kong and other parts of the world to take advantage of China's vast pool of cheap labor.

"They're exploiting the wage difference between the U.S. and China for unskilled labor," says Edward Castronova, a professor of telecommunications at Indiana University and the author of "Synthetic Worlds," a study of the economy of online games. "The cost of someone's time is much bigger in America than in China."

But gold farming is controversial. Many hard-core gamers say the factories are distorting the games. What is more, the big gaming companies say the factories are violating the terms of use of the games, which forbid players to sell their virtual goods for real money. They have vowed to crack down on those suspected of being small businesses rather than individual gamers.

"We know that such business exists, and we are against it," says Guolong Jin, a spokesman for N-Sina, a Chinese joint venture with NC Soft, the Korean creator of Lineage, one of the most popular online games. "Playing games should be fun and entertaining. It's not a way to trade and make money."

Blizzard Entertainment, a division of Vivendi Universal and the creator of World of Warcraft, one of the world's most popular games with more than 4.5 million online subscribers, has also called the trading illegal.

But little has been done to halt the mushrooming black market in virtual goods, many available for sale on eBay, Yahoo and other online sites.

On eBay, for example, 100 grams of World of Warcraft gold is available for $9.99 or two über characters from EverQuest for $35.50. It costs $269 to be transported to Level 60 in Warcraft, and it typically takes 15 days to get the account back at the higher level.

In fact, the trading of virtual property is so lucrative that some big online gaming companies have jumped into the business, creating their own online marketplaces.

Sony Online Entertainment, the creator of EverQuest, a popular medieval war and fantasy game, recently created Station Exchange. Sony calls the site an alternative to "crooked sellers in unsanctioned auctions."

Other start-up companies are also rushing in, acting as international brokers to match buyers and sellers in different countries, and contracting out business to Chinese gold- farming factories.

"We're like a stock exchange. You can buy and sell with us," says Alan Qiu, a founder of the Shanghai-based Ucdao.com. "We farm out the different jobs. Some people say, 'I want to get from Level 1 to 60,' so we find someone to do that."

Now there are factories all over China. In central Henan Province, one factory has 300 computers. At another factory in western Gansu Province, the workers log up to 18 hours a day.

The operators are mostly young men like Luo Gang, a 28-year-old college graduate who borrowed $25,000 from his father to start an Internet cafe that morphed into a gold farm on the outskirts of Chongqing in central China.

Mr. Luo has 23 workers, who each earn about $75 a month.

"If they didn't work here they'd probably be working as waiters in hot pot restaurants," he said, "or go back to help their parents farm the land - or more likely, hang out on the streets with no job at all."

Here in coastal Fujian Province, several gold farm operators offered access to their underground facilities recently, on the condition that their names not be disclosed because the legal and tax status of some of the operations is in question.

One huge site here in Fuzhou has over 100 computers in a series of large, dark rooms. About 70 players could be seen playing quietly one weekday afternoon, while some players slept by the keyboard.

"We recruit through newspaper ads," said the 30-something owner, whose workers range from 18 to 25 years old. "They all know how to play online games, but they're not willing to do hard labor."

Another operation here has about 40 computers lined up in the basement of an old dilapidated building, all playing the same game. Upstairs were unkempt, closet-size dormitory rooms where several gamers slept on bunk beds; the floors were strewn with hot pots.

The owners concede that the risks are enormous. The global gaming companies regularly shut accounts they suspect are engaged in farming. And the government here is cracking down on Internet addiction now, monitoring more closely how much time each player spends online.

To survive, the factories employ sophisticated gaming strategies. They hide their identities online, hire hackers to seek out new strategies, and create automatic keys to bolster winnings.

But at some point, says Mr. Yu, the Fuzhou factory operator who started out selling computer supplies and now has an army of gamers outside his office here, he knows he will have to move on.

"My ultimate goal is to do Internet-based foreign trade," he says, sitting in a bare office with a solid steel safe under his desk. "Online games are just my first step into the business."
http://www.nytimes.com/2005/12/09/te.../09gaming.html
















Until next week,

- js.

















Current Week In Review





Recent WiRs -

December 3rd, November 26th, November 19th, November 12th, November 5th

Jack Spratts' Week In Review is published every Friday. Please submit letters, articles, and press releases in plain text English to jackspratts (at) lycos (dot) com. Include contact info. Submission deadlines are Wednesdays @ 1700 UTC.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black
JackSpratts is offline   Reply With Quote
 

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump






All times are GMT -6. The time now is 03:37 PM.

Contact Us - www.p2p-zone.com - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)