P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 11-12-13, 09:25 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - December 14th, '13

Since 2002


































"If properly exploited, games could produce vast amounts of intelligence, according to the NSA." – James Ball






































December 14th, 2013




Popular File Sharing Site The Pirate Bay Evades Authorities Again With Obscure Volcanic Island Domain
Jillian D'Onfro

The Pirate Bay, one of the most popular sites for file sharing, once again thwarted authorities trying to shut it down.

After briefly disappearing because its Caribbean domain name, thepiratebay.sx, was seized by authorities, the site popped back into action on thepiratebay.ac, according to The Verge and originally reported by Torrent Freak.

The ".ac" is the country code, top-level domain of an isolated volcanic island almost 1,000 miles from the coast of Africa in the Atlantic Ocean, called Ascension Island.

This is the fourth domain that The Pirate Bay has had to switch to in 2013 to avoid being shut down for violating copyright.

And the game of cat and mouse isn't over yet.

Sources from The Pirate Bay told Torrent Freak that because Ascension Island has links to the UK, the site won't be safe for long. It plans to use thepiratebay.ac only temporarily before switching to the Peruvian ".pe". And, if that doesn't last, the infamous torrent site assured Torrent Freak that it has dozens of domain names on reserve.
http://www.businessinsider.com/the-p...domain-2013-12





Once Piracy Havens, China's Internet Video Websites Turn Police
Paul Carsten and Jane Lanhee Lee

The website of China's biggest Internet video company Youku Tudou Inc was once a haven for illicit Hollywood blockbusters and hit South Korean soap operas, until it realised piracy really doesn't pay.

Now the company that controls almost a third of China's booming online video market forks out more than a billion yuan ($164 million) a year on licenses so it can legally distribute movies and shows like "The Walking Dead", a strategy expected to result in its first ever quarterly net profit.

And to protect this market share, Youku Tudou employs a dozen sleuths who scour the web for pirated content, highlighting how China's online video industry is courting higher advertising revenues and better relations with foreign media firms by cracking down on illegal content.

"The biggest challenge is that there are more new ways to pirate video as the technology develops," Lu Changjun, the head of Youku Tudou's Internet police squad, told Reuters.

In the past, China's video websites were rife with pirated films and TV programmes, often put there by users. Companies also repeatedly sued each other for copyright infringement.

Youku Tudou and rival Baidu Inc, China's search engine giant with the second largest market share of online video, both told Reuters via email this week that they never deliberately ignore pirated material on their websites, and never wilfully upload unlicensed content.

Tencent Holdings Ltd, which runs China's fourth-largest online video site, also told Reuters it never ignored or engaged in piracy.

All three companies, however, also said they have lost copyright infringement lawsuits filed by other Chinese firms in local courts.

Better technology has now helped these firms police their sites more vigilantly.

Advertisers willing to put money on legal content, and the popularity of online video, have also provided incentives: China's online video market is expected to grow by more than a third this year and see annual revenues of 12.3 billion yuan ($2 billion), according to data from Beijing-based Internet research firm iResearch.

Youku Tudou and Baidu, as well as rivals Sohu.com Inc and Tencent, all say they are fighting piracy.

SCORING POINTS

Piracy leaves companies open to costly lawsuits, and also eats into the viewer numbers, and advertising revenues, of those sites that have spent big on licensed content. It also hurts the sales of foreign entertainment production firms.

"We pay so much money to buy content," said Charles Zhang, chief executive of Sohu.com, China's third largest online video provider.

"So we can't sell ads, or the revenue from ad sales can't cover our content costs. If piracy continues we won't be able to survive," he added. "We bleed and lose money."

Sohu.com has seen online video advertising revenues increase 123 percent year-on-year in the first nine-months of the year, according to its latest earnings statement.

Market leader Youku Tudou, which makes the bulk of its money from advertising, said it saw a more than 70 percent year-on-year increase in its net revenues in the third quarter.

The third quarter results of Tencent Holdings Ltd also show online advertising revenues rose almost 40 percent year-on-year to 1.39 billion yuan ($228 million), with video driving most of the growth.

Baidu did not give a specific figure for online video revenues in the third-quarter, but said overall revenues grew more than 40 percent year-on-year to 8.892 billion yuan ($1.45 billion).

Baidu also shelled out $370 million to acquire online video site PPStream in May, to merge with its own iQiyi.com video site, and in September announced the launch of a line of Smart TV products.

China has long been known for its weak intellectual property protection and enforcement, leading to numerous disputes with the United States.

But a salvo of lawsuits announced in November underscores how the industry has changed.

Last month, Youku Tudou, Tencent, Sohu.com and Chinese conglomerate Dalian Wanda group joined forces with the Motion Picture Association of America to sue Baidu and smaller Internet video software-maker QVOD for 300 million yuan ($49.2 million) in damages for copyright violation.

Baidu, in a statement sent to Reuters this week in response to the lawsuits, said it "deeply regrets the sensationalistic litigiousness".

"At present, we've already agreed to work together with many copyright holders, and together provide better resources for legal high-definition video for our users," the statement added.

QVOD was not immediately available to comment. A spokeswoman, responding to the lawsuits, had previously told Reuters the company did not provide content. "We are just a video player," she said, declining to elaborate on the piracy allegations.

Michael Clendenin, managing director of technology consultancy RedTech Advisors, said the lawsuits would help Chinese online video firms gain more clout with foreign media providers as it showed how serious they were about piracy.

"From Youku's perspective they gain some points with people they license content from, that's Hollywood," he said.

"In the future they need to be able to license content and be able to say they take a strong stand against piracy."

CONTROLLING THE ROUTES

According to Youku Tudou, about a quarter of the 20,000 links it finds each week that lead to pirated content on Android systems alone are on Baidu's portals.

The company's Internet police chief Lu said the number has dropped to one-fifth since the lawsuits were announced, but analysts note that there are plenty of other portals in China that host links to pirated content.

Baidu and QVOD pose a different challenge to their rivals because of their dominance on mobile Internet which is fast becoming the method of choice for Chinese audiences.

More than three-quarters of China's Internet users access the web through smartphones and tablets, according to the State Internet Information Office.

Controlling the routes from your home page to content, like Baidu and QVOD do, is key to getting eyeballs.

Baidu says it is the default search provider on over 80 percent of Android handsets shipped to retailers in China, the world's biggest mobile phone market by sales.

QVOD's Kuaibo video app accounted for almost one-quarter of all video content app downloads in the past four months, nearly matching the total for the Youku Tudou and Baidu video apps combined, according to data from Wandoujia, China's second biggest Android app store by monthly active users.

The app lets users pull content from websites onto their phones and tablets, stripping away the ads in the process.

"Consumers spend more and more time watching videos on mobile devices, mobile phones and tablets," said Xiaofeng Wang, a Beijing-based analyst at Forrester Research.

"All these video platforms need to go where consumers go. Revenue is increasing very fast, and they can see lots of traffic actually driven from mobile users."

As faster mobile Internet becomes the norm in China, more viewers are willing to put up with online video advertising to get higher-quality, easy-to-find legal content than go hunting for poorer-resolution pirated versions.

"At the end of the day piracy is going away in China. There's no use going to the DVD store on the corner -- you can get it online," said RedTech Advisors' Clendenin.

"The online video industry has just been happy it's moved to this point and user habits are changing very quickly." ($1 = 6.0924 Chinese yuan)

(Additional reporting by Anita Li; Editing by Miral Fahmy)
http://www.reuters.com/article/2013/...9B414Z20131205





YouTube Defends Copyright Crackdown
Colin Campbell

Google today responded to widespread outrage at its recent crackdown on game videos on YouTube.

In recent days the company has sent out thousands of copyright infringement notices to video producers of game walk-throughs and Let's Plays. These notices deprive producers of advertising revenues. The notices are generated by an automatic system called Content ID.

"We recently enabled Content ID scanning on channels identified as affiliates of MCNs [Multi Channel Networks]," a YouTube spokesperson told Polygon. "This has resulted in new copyright claims for some users, based on policies set by the relevant content owners."

Let's Plays are videos showing game footage, overlaid with discussion from an independent host. They make use of extensive video game content, often copyrighted to games companies. Some of the content may also be copyrighted to separate companies, like music rights holders.

Content ID is YouTube's system for tracking use of copyrighted material. In the last few days, it has churned out an unusually large number of claims, aimed at video channels that generate advertising revenue, usually affiliated to a larger sales network like Machinima, often called Multi Channel Networks.

Some games companies, including Ubisoft, Capcom, Blizzard and Deep Silver, have stated that they have made no copyright claims, and have urged video producers to contest claims. They view Let's Plays as a useful promotional device.

"As ever, channel owners can easily dispute Content ID claims if they believe those claims are invalid," added the spokesperson.

Polygon will have more on this story in the days ahead.
http://www.polygon.com/2013/12/11/52...ight-crackdown





Thousands of Germans Threatened with €250 Fines for Streaming Porn
Chris Smith

Thousands of German users that have used a porn website to stream shows have received threatening letters from a local law firm demanding €250 ($344) per certain watched clips, Chip.de reports. Apparently, a Swiss-based firm that owns the content hosted by porn site Redtube has tasked a law firm with collecting fines for each of its shows that was streamed online in the region. The law firm has apparently received a go ahead from a local court, and as many as ten thousand warnings may have been set to users, for porn shows watched in August.

However, the court in Cologne may have issued a wrong verdict, German online publication Stern says, allowing the lawyers of U+C to go forward and ask ISPs to disclose names and addresses associated with the IPs which allegedly streamed the porn shows. But from a legal standpoint, online streaming is not the same as downloading and sharing content online in Germany, as users who are streaming shows are simply watching content that’s hosted on a different site, whether it’s legal or illegal. Furthermore, it would appear that users were not exactly aware whether the shows they streamed were obtained legally or not by Redtube, as the site did not mention this detail.

More importantly, it’s unclear how their IPs were actually shared with the law firm sending out the warnings in the first place, but their privacy has clearly been violated in some sort of way. Chip.de suggests that these users may have been targeted with malware that harvested their IP addresses in order to be later used in such legal proceedings.
http://bgr.com/2013/12/10/redtube-st...fines-germany/





Criminal Investigators Get Training on File Sharing Through Southern VA ICAC
Ananda Rochita

With several cases we've covered involving child pornography, some of the cases involves a person using a network to find and share explicit photos and videos.

Throughout the week investigators around the country and even from Canada are in Bedford County learning with investigators through Southern Virginia ICAC about tools to help with child pornography cases.

Investigators tell us these explicit images are getting more violent and now have more online offenders who are women. Some of the tools the investigators are learning this week are keywords some online offenders use to search for child pornography and also how to find the location of the online offenders.

"These guys they have specific ways to find and use specific terms to go find it," says Chauncey Wilder with Southern Va. ICAC.

The Southern Va. ICAC is teaching the session upon their 15 years of experience.

"We use basics like how to look and locate and collect evidence from people who are using popular free file sharing programs," says Sgt. Steve Anders, Southern Va. ICAC. "The average user doesn't typically cross child pornography unless they're looking for it."
http://www.wsls.com/story/24184547/c...uthern-va-icac





Joe Bihari, Who Put Early R&B on Record, Dies at 88
William Yardley

Soon after the Bihari brothers started leasing jukeboxes in black neighborhoods of Los Angeles in the early 1940s, they realized they had a problem. While their business had a solid distribution network of stores, bars and restaurants, they could not find enough records to play in their machines.

In 1945 they came up with a solution. Jules, Saul and Joe Bihari created Modern Music Records.

Using the same manufacturing space and distribution network that they used to service and deliver jukeboxes, the brothers built Modern Records (to which the name was shortened in 1948) into a force among labels that recorded black music. Along with Chess, Specialty and other relatively small labels, Modern recorded, pressed and distributed some of the most influential blues and rhythm and blues records of the ’40s, ’50s and ’60s.

All three brothers helped Modern find new artists. But Joe, who was the last surviving sibling when he died on Nov. 28 at 88, made the search his specialty, scouring juke joints and radio stations across the country, especially the South, to find promising new acts. In its early years, Modern, which also bought master recordings from other small labels, released some of the first widely distributed recordings of blues legends including Elmore James, John Lee Hooker, Etta James and Johnny (Guitar) Watson.

Most notably, the company helped make B. B. King a star.

Joe Bihari first recorded Mr. King in Memphis in 1951. Modern had recently severed ties with Sam Phillips, whose Sun Records studio in Memphis they had sometimes used, so Mr. Bihari created a makeshift studio at the local black Y.M.C.A. The session included one of the Biharis’ best talent scouts on piano, a young musician named Ike Turner. The first record released from that session became Mr. King’s first hit, his version of “3 O’Clock Blues.”

“Most of the artists came into the studio with their own material, things they wrote or picked up,” Joe Bihari recalled in an interview included in Arnold Shaw’s book “Honkers and Shouters: The Golden Years of Rhythm and Blues” (1978). “The only thing we might have done — they might not have constructed the tune properly — we’d change certain lyrics. On some songs, they had them in their head but couldn’t quite get it together, and there was help. We worked with artists in recording sessions. We rehearsed with them and changed things.”

The changes, his brother Jules suggested, were usually minimal.

“I don’t think you have to be a genius to record blues,” he was quoted as saying in “Honkers and Shouters.” “All you have to do is stick a microphone out there and let them play.”

Turner and Mr. King maintained good relationships with the Biharis, particularly Joe, but they were among many black artists who have questioned whether they were properly compensated for their early work by the Biharis and others. The Biharis sometimes used pseudonyms to give themselves writing credit on songs.

“Some of the songs I wrote, they added a name when I copyrighted it,” Mr. King said of the Biharis in a 1999 interview for the magazine Blues Access. “Like ‘King and Ling’ or ‘King and Josea.’ There was no such thing as Ling or Josea. No such thing. That way, the company could claim half of your song.”

The Biharis denied exploiting their artists, saying the songwriters were paid well for their songs.

Modern struggled financially in the 1960s, and the Bihari brothers had sold the company’s catalog by the 1980s. But descendants continue to control a music publishing company that receives royalties from some early recordings, Joe Bihari’s son, Michael, said.

The youngest of eight siblings, Joseph Bihari was born on May 30, 1925, in Memphis and moved several times as a boy. His father, Edward, a Jewish immigrant from Hungary who worked in sales and later ran a grain and seed business in Tulsa, Okla., died in 1930.

Joe and one of his sisters spent much of their childhood in a Jewish children’s home in New Orleans. While he was there, his older brothers entered the jukebox business, eventually creating a distribution network across several states. Modern employed most of the Bihari siblings at some point or another, including three sisters, Florette, Rosalind and Maxine, and another brother, Lester, who also started his own label, Meteor. (A fourth sister, Serene, did not work there.)

Mr. Bihari died in Los Angeles, Michael Bihari said. In addition to his son, his survivors include three daughters, Michele, Lita and Nicole, and two grandchildren.

Joe Bihari did not limit himself to jukeboxes and rhythm and blues. In the 1970s he made aftermarket parts for motorcycles in the same plant where his family made records.

John Broven, who interviewed Joe Bihari extensively for his book “Record Makers and Breakers: Voices of the Independent Rock ’n’ Roll Pioneers” (2009), said in an interview that Modern Records “was part of this great independent label explosion in the 1940s and 1950s that really put rhythm and blues and blues music on the map when it was strictly a Negro form.

“As a result of this R & B scene that they created,” he added, “all of a sudden you had rock ’n’ roll, which then became an international music.”
http://www.nytimes.com/2013/12/12/ar...ies-at-88.html





The FCC’s Wireless Dilemma: More Cash, or More Competition?
Brian Fung

If you've been following the debate about wireless spectrum, you know that Sprint and T-Mobile are at loggerheads with Verizon and AT&T over how much of the airwaves the big carriers will be allowed to buy in an upcoming auction. If Verizon and AT&T manage to snap up the bulk of it, regulators worry they'll threaten competition in the wireless industry.

To avoid that fate, some have suggested imposing auction limits on the nation's two biggest carriers. In a Senate hearing Tuesday, observers got a glimpse of how these restrictions might take shape.

One option being considered is a set of caps that explicitly acknowledge Verizon and AT&T's current position at the top of the market.

"No one has ever suggested that the two dominant incumbents be excluded from the upcoming incentive auction," wrote T-Mobile, Sprint and a handful of other companies in a letter to the Senate Commerce Committee on Tuesday. "But they already control nearly 80 percent of all available low-frequency spectrum."

Rules that primarily restrict the largest carriers would free up more spectrum for other bidders, these companies argue. But experts disagree over the second-order effects — whether it would raise more revenue that way in the long run, for example, or whether the smaller carriers would be able to use that spectrum as efficiently as the larger ones.

Others argue that it'd be more fair to adopt a rule that enforces the same limit on all the participants, regardless of their existing holdings.

"I don't think one bidder has a good chance of gobbling up all the spectrum, but if people are concerned about that contingency, a cap that hit all bidders equally would mitigate" the worst effects, said Hal Singer, a senior fellow at the Progressive Policy Institute.

Another way to put this is that the small carriers favor what are called "asymmetric" spectrum caps that affect various carriers differently, while opponents prefer "symmetric" caps that don't account for existing market positions.

Sorting through all this is the Federal Communications Commission, which has to juggle sometimes competing goals in designing the auction. Making sure the auction generates enough wealth to fund other expensive projects is one example. But the FCC also has to consider whether the rules of the sale ultimately benefit consumers.

According to Singer, diverting spectrum to smaller carriers means they'll have to spend more money to take advantage of it, particularly in rural areas where the infrastructure may not exist. That in turn could mean higher costs that'll get passed on to consumers. As an argument for efficiency, this is true as far as it goes. With AT&T and Verizon having built out the largest networks nationwide, they're already in a strong position to put new spectrum to use.

But granting incumbents an advantage just because they already have one isn't exactly the strongest case for competition. The whole idea behind making spectrum available to smaller carriers is that the opportunity could result in a wireless industry where consumers have more, and more viable, options.
http://www.washingtonpost.com/blogs/...e-competition/





Sky Customers Cut Off As Failed Copper Thieves Steal BT Fibre

At least the dimwitted criminals didn’t make any money
Max Smolaks

Around 37,000 Sky customers in London were left without landline or broadband connection for two days, after incompetent copper cable thieves raided BT‘s infrastructure – and stole fibre.

The outage began on Tuesday evening, affecting customers in Stamford Hill, Dartford, Ewell, Mitcham, Wimbledon, Hampstead, Battersea, Chiswick and Beulah Hill. An undisclosed number of BT and TalkTalk clients were also affected.

Sky is working with BT Openreach to fix the problem, and by Friday morning all exchanges except the one in Chiswick were back online.

According to the Guardian, the hapless criminals were after valuable copper cable, but all they managed to find was fibre, which enables faster broadband speeds but is almost impossible to resell.
Pointless

The outage was first reported after 11pm on Tuesday. According to Sky, a “large number” of cables were cut at the site on Great West Road, where they were apparently accessed through a manhole cover. Stolen copper wire can be sold to unscrupulous recycling companies, which pay up to Ł4 for a kilogram, melt it down and sell it on. In contrast, fibre cable is useless to anyone outside of the networking industry.

By 2pm on Wednesday, a team of ten engineers was already working on the affected site. According to a Sky spokesperson, the location was difficult to access, which delayed the repairs.

On Thursday evening, Sky restored service to 27,000 customers, but discovered “further damage” affecting areas of Stamford Hill, Ewell and Chiswick, which could indicate the thieves attempted to cut the cables in more than one place.

Last year, BT introduced the Rapid Assessment BT Incident Tracker (RABIT) – a system that can detect when a cable has been cut or damaged, alerting the company and law enforcement of a possible cable theft. However, the system obviously doesn’t apply to the fibre cable.

The sudden outage left many customers stranded amid one of the busiest online shopping periods of the year. Sky said it expects to completely restore the service tonight.
http://www.techweekeurope.co.uk/news...t-fibre-134037





Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet
Kim Zetter

Hijacked traffic went all the way to Iceland, where it may have been copied before being released to its intended destination. The green arrows show the path the traffic should have traveled; the red arrows show the path it took. Map courtesy of Renesys

In 2008, two security researchers at the DefCon hacker conference demonstrated a massive security vulnerability in the worldwide internet traffic-routing system — a vulnerability so severe that it could allow intelligence agencies, corporate spies or criminals to intercept massive amounts of data, or even tamper with it on the fly.

The traffic hijack, they showed, could be done in such a way that no one would notice because the attackers could simply re-route the traffic to a router they controlled, then forward it to its intended destination once they were done with it, leaving no one the wiser about what had occurred.

Now, five years later, this is exactly what has happened. Earlier this year, researchers say, someone mysteriously hijacked internet traffic headed to government agencies, corporate offices and other recipients in the U.S. and elsewhere and redirected it to Belarus and Iceland, before sending it on its way to its legitimate destinations. They did so repeatedly over several months. But luckily someone did notice.

And this may not be the first time it has occurred — just the first time it got caught.

Analysts at Renesys, a network monitoring firm, said that over several months earlier this year someone diverted the traffic using the same vulnerability in the so-called Border Gateway Protocol, or BGP, that the two security researchers demonstrated in 2008. The BGP attack, a version of the classic man-in-the-middle exploit, allows hijackers to fool other routers into re-directing data to a system they control. When they finally send it to its correct destination, neither the sender nor recipient is aware that their data has made an unscheduled stop.

The stakes are potentially enormous, since once data is hijacked, the perpetrator can copy and then comb through any unencrypted data freely — reading email and spreadsheets, extracting credit card numbers, and capturing vast amounts of sensitive information.

The attackers initiated the hijacks at least 38 times, grabbing traffic from about 1,500 individual IP blocks — sometimes for minutes, other times for days — and they did it in such a way that, researchers say, it couldn’t have been a mistake.

Renesys Senior Analyst Doug Madory says initially he thought the motive was financial, since traffic destined for a large bank got sucked up in the diversion. But then the hijackers began diverting traffic intended for the foreign ministries of several countries he declined to name, as well as a large VoIP provider in the U.S., and ISPs that process the internet communications of thousands of customers.

Although the intercepts originated from a number of different systems in Belarus and Iceland, Renesys believes the hijacks are all related, and that the hijackers may have altered the locations to obfuscate their activity.

“What makes a man-in-the-middle routing attack different from a simple route hijack? Simply put, the traffic keeps flowing and everything looks fine to the recipient,…” Renesys wrote in a blog post about the hijacks. “It’s possible to drag specific internet traffic halfway around the world, inspect it, modify it if desired, and send it on its way. Who needs fiberoptic taps?”

Earlier this year someone mysteriously hijacked internet traffic headed to government agencies, corporate offices and other recipients and redirected it to Belarus and Iceland (above). Photo: Image Source/Getty

Renesys cautions that it doesn’t know who is behind the hijacks. Although systems in Belarus and Iceland initiated the hijacks, it’s possible that those systems were hijacked by a third party that simply used them as a proxy for the attacks.

Either way, one thing is certain, Madory says: the characteristics of the hijacks indicate they were intentional. Some of the targets whose traffic was hijacked seemed hand-picked by the attackers, he says, especially the foreign ministry domains.

“It’s a list [of targets] that you just wouldn’t come by mistake,” Madory told WIRED.

The hijackers also appeared to tweak their attack over time to modify and refine it.

“In the Belarus example, we saw an evolution of the technique of someone manipulating the attributes of the BGP messages to try to achieve this man-in-the-middle thing,” he said. “To us, that communicated some intention versus a mistake.”

BGP eavesdropping has long been a known weakness, but no one is known to have intentionally exploited it like this until now. The technique doesn’t attack a bug or flaw in BGP, but simply takes advantage of the fact that BGP’s architecture is based on trust.

To make it easy for e-mail traffic from an ISP in California to reach customers of an ISP in Spain, networks for these providers and others communicate through BGP routers. Each router distributes so-called announcements indicating which IP addresses they’re in the best position to deliver traffic to, for the quickest, most efficient route. But BGP routers assume that when another router says it’s the best path to a specific block of IP addresses, it’s telling the truth. That gullibility makes it easy for eavesdroppers to fool routers into sending them traffic they shouldn’t get.

When a user types a website name into his browser or clicks “send” to launch an e-mail, a router belonging to the sender’s ISP consults a BGP table for the best route to the destination. That table is built from the announcements issued by ISPs and other networks declaring the range of IP addresses, or IP prefixes, to which they’ll deliver traffic. The routing table searches for the destination IP address among those prefixes, and if two systems deliver traffic for the address, the one with the narrower, more specific range of prefixes “wins” the traffic.

For example, one ISP announces that it delivers to a group of 90,000 IP addresses, while another delivers to a subset of 24,000 of those addresses. If the destination IP address falls within both of these, the e-mail will get sent to the narrower, more specific one.

To intercept data, anyone with a BGP router or control of a BGP router could send out an announcement for a range of IP addresses he wished to target that was narrower than the chunk advertised by other network routers. The announcement would take just minutes to propagate worldwide and, just like that, data that should have headed to those networks would begin arriving to the eavesdropper’s router instead.

Ordinarily, when an attacker tried to then forward the stolen traffic to its rightful destination, it would boomerang back to him, since other routers would still believe that his was the best destination for the traffic. But the technique demonstrated at DefCon, and now spotted in the wild, allows an attacker to send his announcement in such a way that it is delivered only to select routers. So, once the traffic passes through his router, it gets directed to its rightful destination through routers that never got the bogus announcement. The attack intercepts only traffic headed to target addresses, not from them.

BGP hijacking happens in some form or fashion every day, but it’s usually unintentional — the result of a typo in a routing announcement or some other mistake. And when it does occur, it generally results in an outage, as the traffic being routed never reaches its destination. This was the case in 2008 when Pakistan Telecom inadvertently hijacked all of the world’s YouTube traffic when it attempted to prevent just Pakistan citizens from reaching video content the government deemed objectionable. The telecom and its upstream provider mistakenly advertised to routers around the world that it was the best route through which to send all YouTube traffic, and for nearly two hours browsers attempting to reach YouTube fell into a black hole in Pakistan until the problem was corrected.

In April 2010, another outage occurred when China Telecom distributed an erroneous announcement for more than 50,000 blocks of IP addresses, and within minutes some of the traffic destined for these domains got sucked into China Telecom’s network for 20 minutes. After analyzing the details, Renesys concluded that this incident, too, was likely a mistake.

But the incidents this year have all the characteristics of an intentional intercept, Renesys says.

There are legitimate reasons to send out bogus BGP announcements intentionally. Some security firms do this as part of a DDoS protection service. If a victim is being hit with a lot of trash traffic in an effort to knock its servers offline, the security firms will send out bogus announcements to divert traffic away from the client, filter out the trash, and forward the legitimate traffic to the client. But Renesys ruled this out as an explanation for the suspected hijacks after speaking with victims whose IP traffic was hijacked.

The first hijacks occurred last February, when an internet service provider called GlobalOneBel based in the Belarusian capital, Minsk, sent out a bogus BGP announcement.

The intercepts occurred 21 times throughout the month, with different IP addresses re-routed each day. Some of the intercepts lasted a few minutes, others continued for hours. Countries whose traffic was intercepted included the U.S., Germany, South Korea and Iran. GlobalOneBel’s traffic gets routed through the state-run Bel Telecom, which is where Renesys saw the hijacked traffic go.

In one case, traffic headed from New York to Los Angeles took a detour to Moscow and Belarus before being sent back through New York to its destination on the West Coast. In another case, traffic headed from Chicago to Iran, which normally passed through Germany, took a roundabout journey through Canada, London, Amsterdam, Moscow and Belarus before being sent to Iran via Poland, Germany, the UK and New York.

The intercepts suddenly halted in March, but then resumed on May 21. This time the hijack appeared to be initiated by a system belonging to Elsat, another ISP in Belarus, whose traffic also gets routed through Belarus’s state-run telecom. The intercepts didn’t last long, though, before the hijackers appeared to change their tactics. The diversion to Belarus stopped, and instead Renesys saw traffic being diverted to a different location, this time in Iceland. The hijack now appeared to be initiated by Nyherji hf, a small internet provider in that country. That intercept lasted just five minutes before the hijack went silent.

Nothing occurred again until July 31 when the intercepts resumed with a vengeance, this time appearing to come from Opin Kerfi, another ISP in Iceland. The hijack intercepted 597 IP blocks belonging to a large company in the U.S. that provides VoIP and other services, as well as other IP blocks, most of them in the U.S. Renesys counted 17 intercepts between July 31 and August 19, with nine different ISPs or companies in Iceland initiating the intercepts — all of them downstream customers of Síminn, an internet backbone provider in Iceland.

In one case, traffic headed from one location in Denver, Colorado, to another location in Denver flew off to Illinois, Virginia and New York before traveling overseas to London and Iceland. From there it was redirected back to Denver through Canada, Illinois, New York, Texas and Missouri before finally reaching its destination. The bogus BGP announcements that hijacked the traffic went to so-called peering partners of Síminn in London but not to its peering partners elsewhere. Peers are separate networks that have an established connection in order to easily pass traffic back and forth.

Map showing the long and winding path taken by traffic headed from Chicago to Iran. The green route represents the normal route the traffic takes; the red route is the hijacked route it took through Belarus.

Renesys contacted Síminn to inquire about the redirects and was told the cause was a bug that had since been patched. “A software malfunction in Síminn’s internet gateway in Montreal this summer resulted in the corruption of routing data,” a Síminn security manager wrote Renesys in an email. “The effect of the malfunction was that traffic which was not intended for Síminn or its customers passed through Síminn’s network en route to its intended destination. … The malfunction had the effect that the corrupt routing data appeared to originate from certain customers of Síminn, including Opin Kerfi and Nýherji.” The company said the malfunction was resolved with the assistance of the equipment vendor on August 22nd.

Renesys, skeptical of the response, asked for details about the bug and the vendor so that others using the same system could fix it as well, but Síminn didn’t respond. The Síminn manager also did not respond to questions from WIRED.

Madory says that if the hijacks to Iceland occurred in isolation, Siminn’s explanation might be plausible, though he still wouldn’t understand how a problem with a system in Montreal resulted in traffic being misrouted through London but then correctly routed through Montreal on its way back from Iceland.

But the hijacks to Iceland weren’t isolated; they occurred around the same time as the Belarus attacks. He says he has no doubt that the Belarus hijacks were intentional, and the fact that the last Belarus hijack and the first hijack to Iceland occurred on the same day – May 21 – within minutes of one another appear to link them.

“This is a one-in-a-million thing that this would just also happen [on the same day] with some similarities to it,” he says.

Renesys discovered the hijacks because it uses an automated system to read global BGP tables daily and tag any that match suspicious parameters. But BGP tables don’t tell the whole story. So Renesys also sends about a quarter of a billion traceroutes a day around the world to measure the health of digital traffic – like a coronary angiography for the internet. This helps verify that the data in routing tables matches what is really happening to data in the stream, and helps them spot outages when undersea cables are cut or when countries like Iran or Syria block users from the internet.

Judging by the BGP tables alone, the traffic that got hijacked to Belarus, for example, should have dead-ended there. But when Renesys sent traceroutes along the same path, it got sucked into the stream going to Belarus and then got spit out the other end to continue to its destination. “Which is alarming,” Madory says.

BGP hijacking is an “exceedingly blunt instrument” to capture traffic, and is “about as subtle as a firecracker in a funeral home,” Renesys has noted in the past.

In all the years Renesys has been monitoring internet traffic, analysts had never seen anything that looked intentional before. Generally, Madory says, mistakes look clumsy and show obvious signs of being mistakes. They also generally last minutes, not days as these did, and they also generally do not result in traffic being re-routed to its legitimate destination, as occurred in these cases.

“To achieve this thing where you can get [hijacked] traffic back to its destination, . . . you have to craft your [BGP] messages in a way that you control how far it propagates or where it propagates,” he says. “And we can see these guys experiment over time, modifying different attributes to change the propagation until they’ve achieved the one that they want. We’ve never seen anything like that, that looks very deliberate where someone is tweaking the approach.”

But Tony Kapela, VP of data center and network technology at 5Nines in Wisconsin and one of the researchers who exposed the BGP vulnerability in 2008, is shocked that no other signs of intentional hijacking have occurred since their talk five years ago and questions whether this is really the first case, or just the first one seen.

Kapela says there are a number of ways that an attacker could hijack traffic so that even Renesys wouldn’t notice — specifically, if attackers wanted to grab a narrow slice of traffic going to a specific destination and did so in a way that prevented a bogus route announcement from being distributed to the entire internet.

He gives the example of three networks that are traffic peers. One of the networks could siphon traffic passing between the other two by sending a route announcement that doesn’t get broadcast to the wider internet. The attacker would send an announcement to one of the others with a tag attached, indicating that the announcement should not be broadcast to any other systems.

“If you have the ability to give a network route to another provider and say ‘don’t export this,’ and if that provider doesn’t give it to Renesys or the world, it will not be visible,” Kapela says.

Renesys has monitoring systems set up throughout the internet in more than 400 networks, but doesn’t see all traffic movement.

“Renesys sees whatever lands in the fly trap,” Kapela says. “But if you pick one that doesn’t give a route view to Renesys, you have a good chance of not having this get noticed.”

Kapela notes that the first time he and his colleague demonstrated a BGP attack at a conference in Germany, the bogus announcements they sent out did not reach the internet at large, just the specific networks they wanted to affect.

Kapela says the culprit doesn’t have to be one of the three entities in the attack scenario, but could actually be an outsider who simply seizes control of one of the systems and sends out the bogus announcement without the owner of the system knowing it. He imagines a scenario where an attacker gains physical access to a router belonging to one of the companies and installs a monitoring device to record data, then gains control of the router console to send out a bogus BGP announcement to redirect traffic through the router. If anyone discovers the redirect, the culprit would appear to be the company that owned the router.

Kapela says this kind of attack could become a real risk as data centers and ISPs begin installing centralized router controls.

Until now, many ISPs have used proprietary systems and decentralized models of control whereby routers were managed individually. But many are switching to new systems, where control for numerous routers is centralized. If someone can hijack the master control, he can distribute bogus announcements. There may also be ways to feed operators false data to blind them to this manipulation.

Renesys and Kapela say that ISPs, credit-card processing companies, government agencies and others should all be monitoring the global routing of their advertised IP prefixes to make sure that someone isn’t hijacking their traffic or using their system to hijack someone else’s traffic.

In other words, the future may hold more of these security breaches.

As Renesys warned on its blog: “We believe that people are still attempting this because they believe (correctly, in most cases) that nobody is looking.”
http://www.wired.com/threatlevel/201...larus-iceland/





AT&T’s Gigabit Service is $70 if You Let it Spy On Your Searches
Stacey Higginbotham

Summary: AT&T plans to charge $70 a month for its gigabit service in Austin if users agree to let AT&T track their searches. This is a relatively new model for an ISP, although it has been tried elsewhere.

AT&T said Wednesday that it has started service in four Austin neighborhoods with an offer to bring its GigaPower fiber-to-the-home service for $70 a month — but with a pretty big catch.

If you want to pay the lower rate you must agree “to participate in AT&T Internet Preferences.” This means, “AT&T may use your Web browsing information, like the search terms you enter and the Web pages you visit, to provide you relevant offers and ads tailored to your interests.”

Looks like AT&T isn’t just trying to compete with Google’s fiber build-out in Austin, but also its targeted advertising business model. This is also a similar model to what Amazon is doing with its lower priced Kindle tablets that cost less if you elect to let the tablet show you ads. Here are the two options for the service:

Premier: Internet speeds up to 300 Mbps for $70 per month, which includes a waiver of equipment, installation and activation fees. This also means you’ll agree to sign up for AT&T’s Internet Preferences program (a fact noted in a footnote in the release). Customers who also select U-verse TV will receive free HBO, HBO GO for 36 months, and HD service for $120 per month with qualifying TV services.

Standard: Internet speeds up to 300 mbps for $99 per month. AT&T will upgrade those customers later at no extra charge. Later, those customers can get a gigabit at no extra cost, and presumably while retaining their right to privacy. You can add television for $50 more per month.

I’ve asked AT&T for some more information on this model, which is reminiscent of the efforts of ISPs to use deep packet inspection to deliver advertising to users. There’s was a significant outcry about that at the time.

Back in 2008 companies like Phorm and NebuAd used technology called deep packet inspection to scan packets as they passed over the network. The idea is that ISPs could then offer more targeted advertising to users and take a cut of the money that they saw companies like Google or Yahoo snagging from the internet. Several ISPs actually used DPI gear without telling users and the result was a Congressional hearing and a retrenchment by the ISPs.

I asked AT&T how it plans to implement this program, if it was using DPI or if it planned to have users visit a certain search page in order to capture the results (a model closer to Google’s). Here’s the response:

We use various methods to collect web browsing information, and we are currently reviewing the methods we may use for the Internet Preferences program. Whichever method is used, we will not collect information from secure (https) or otherwise encrypted sites, such as online banking or when a credit card is used to buy something online on a secure site. And we won’t sell your personal information to anyone, for any reason.

The good news is AT&T doesn’t plan to overlay ads on top of a site’s existing ads, and possibly hacking off site owners. It will instead use its targeting abilities to deliver better ads. As a commenter notes below, this means AT&T might work with ad networks and publishers.

The gigabit service will have a one terabyte data cap with overage fees of $10 for each additional 50GB, up to an additional $30 per month. The pricing with targeted advertising is in line with what Google charges in Kansas City, although Google does offer a free 5 Mbps service, and has confirmed that it does not inspect your content at the packet level as an ISP.

If you are curious about how AT&T will build out its network, check out this story I wrote yesterday with that information. Meanwhile, because this is such a hot-button topic I’ve pasted a note from AT&T about the program in its entirety. Here you go:

A bit more about AT&T Internet Preferences:

We’ll use your individual web browsing information, like the search terms you enter and the web pages you visit, to tailor ads and offers to your interests. You won’t necessarily receive more ads when you are online, but those you do see may be more suited to your interests.

For example: If you search for concert tickets, you may receive offers and ads related to restaurants near the concert venue.

We won’t sell your personal information. Rather, AT&T may use your personal information to direct another advertiser’s ad to you, but that advertiser would never have access to your Personal Information. For example, after you browse hotels in Miami, you may be offered discounts for rental cars, but that rental company doesn’t know who you are.

With AT&T Internet Preferences, we are trying something different. Consumers are used to the concept of a mobile app or an e-reader being priced differently with or without certain ads, or a free email service that stays free by serving ads. We want to give Austinites a similar choice with our latest innovation, U-verse with GigaPower.

http://gigaom.com/2013/12/11/atts-gi...your-searches/





“We Cannot Trust” Intel and Via’s Chip-Based Crypto, FreeBSD Developers Say

Following NSA leaks from Snowden, engineers lose faith in hardware randomness.
Dan Goodin

Developers of the FreeBSD operating system will no longer allow users to trust processors manufactured by Intel and Via Technologies as the sole source of random numbers needed to generate cryptographic keys that can't easily be cracked by government spies and other adversaries.

The change, which will be effective in the upcoming FreeBSD version 10.0, comes three months after secret documents leaked by former National Security Agency (NSA) subcontractor Edward Snowden said the US spy agency was able to decode vast swaths of the Internet's encrypted traffic. Among other ways, The New York Times, Pro Publica, and The Guardian reported in September, the NSA and its British counterpart defeat encryption technologies by working with chipmakers to insert backdoors, or cryptographic weaknesses, in their products.

The revelations are having a direct effect on the way FreeBSD will use hardware-based random number generators to seed the data used to ensure cryptographic systems can't be easily broken by adversaries. Specifically, "RDRAND" and "Padlock"—RNGs provided by Intel and Via respectively—will no longer be the sources FreeBSD uses to directly feed random numbers into the /dev/random engine used to generate random data in Unix-based operating systems. Instead, it will be possible to use the pseudo random output of RDRAND and Padlock to seed /dev/random only after it has passed through a separate RNG algorithm known as "Yarrow." Yarrow, in turn, will add further entropy to the data to ensure intentional backdoors, or unpatched weaknesses, in the hardware generators can't be used by adversaries to predict their output.

"For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random," FreeBSD developers said. "It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more."

In separate meeting minutes, developers specifically invoked Snowden's name when discussing the change.

"Edward Snowdon [sic] -- v. high probability of backdoors in some (HW) RNGs," the notes read, referring to hardware RNGs. Then, alluding to the Dual EC_DRBG RNG forged by the National Institute of Standards and Technology and said to contain an NSA-engineered backdoor, the notes read: "Including elliptic curve generator included in NIST. rdrand in ivbridge not implemented by Intel... Cannot trust HW RNGs to provide good entropy directly. (rdrand implemented in microcode. Intel will add opcode to go directly to HW.) This means partial revert of some work on rdrand and padlock."

RNGs are one of the most important ingredients in any secure cryptographic system. They are akin to the dice shakers used in board games that ensure the full range of randomness is contained in each roll. If adversaries can reduce the amount of entropy an RNG produces or devise a way to predict some of its output, they can frequently devise ways to crack the keys needed to decrypt an otherwise unreadable message. A weakness in the /dev/random engine found in Google's Android operating system, for instance, was the root cause of a critical exploit that recently allowed thieves to pilfer bitcoins out of a user's digital wallet. RDRAND is the source of random data provided by Ivy Bridge and later versions of Intel processors. Padlock seeds random data in chips made by Via.

While the FreeBSD developers discussing the change cited allegations of backdoors raised in documents leaked by Snowden, the move would have been a good idea even if those weaknesses never came to light. Adding additional sources of randomness to RDRAND, Padlock, and other RNGs will not reduce their entropy and may make the keys they help generate harder to crack. Relying on multiple sources of randomness is a good practice and possibly could have helped prevent recently discovered crippling weaknesses in Taiwan's secure digital ID system.
http://arstechnica.com/security/2013...evelopers-say/





FBI’s Search for ‘Mo,’ Suspect in Bomb Threats, Highlights Use of Malware for Surveillance
Craig Timberg and Ellen Nakashima

The man who called himself “Mo” had dark hair, a foreign accent and — if the pictures he e-mailed to federal investigators could be believed — an Iranian military uniform. When he made a series of threats to detonate bombs at universities and airports across a wide swath of the United States last year, police had to scramble every time.

Mo remained elusive for months, communicating via e-mail, video chat and an Internet-based phone service without revealing his true identity or location, court documents show. So with no house to search or telephone to tap, investigators turned to a new kind of surveillance tool delivered over the Internet.

The FBI’s elite hacker team designed a piece of malicious software that was to be delivered secretly when Mo signed on to his Yahoo e-mail account, from any computer anywhere in the world, according to the documents. The goal of the software was to gather a range of information — Web sites he had visited and indicators of the location of the computer — that would allow investigators to find Mo and tie him to the bomb threats.

Such high-tech search tools, which the FBI calls “network investigative techniques,” have been used when authorities struggle to track suspects who are adept at covering their tracks online. The most powerful FBI surveillance software can covertly download files, photographs and stored e-mails, or even gather real-time images by activating cameras connected to computers, say court documents and people familiar with this technology.

Online surveillance pushes the boundaries of the constitution's limits on searches and seizures by gathering a broad range of information, some of it without direct connection to any crime. Critics compare it to a physical search in which the entire contents of a home are seized, not just those items suspected to offer evidence of a particular offense.

A federal magistrate in Denver approved sending surveillance software to Mo’s computer last year. Not all such requests are welcomed by the courts: An FBI plan to send surveillance software to a suspect in a different case — one that involved activating a suspect’s built-in computer camera — was rejected by a federal magistrate in Houston, who ruled that it was “extremely intrusive” and could violate the Fourth Amendment.

“You can’t just go on a fishing expedition,” said Laura K. Donohue, a Georgetown University law professor who reviewed three recent court rulings on FBI surveillance software, including one involving Mo. “There needs to be a nexus between the crime being alleged and the material to be seized. What they are doing here, though, is collecting everything.”

The FBI and Justice Department declined to comment on the case or the surveillance techniques used in pursuit of Mo.

But court documents related to the investigation, created when the FBI requested a search warrant before sending the surveillance software across the Internet to Mo, have offered a rare window into the bureau’s tools for tracking suspects through an online landscape replete with places to hide.

The case also shows the limits of the surveillance software, which have not yielded Mo’s arrest, and the legal complexities created when the location of a subject is unknown.

“The suspect could be down the street or on the other side of the planet,” said Jason M. Weinstein, a former deputy assistant attorney general in the Justice Department’s criminal division who is now a partner at Steptoe & Johnson. He said he had no direct knowledge of the investigation of Mo. The case, however, “raises the broader question of whether the rules that exist now are adequate to address the problem.”

Mystery caller

The first known call from Mo came in July 2012, two days after a troubled man with dyed orange hair had gunned down 12 people in a movie theater in the Denver suburb of Aurora, Colo., court documents show. Mo told the county sheriff’s office there that he was a friend of the alleged killer and wanted him freed. If the sheriff refused, Mo said, he would blow up a building full of potential victims.

Mo and a deputy sheriff ended up speaking by phone for three hours while also communicating for much of that time through e-mail. That left investigators with several leads, including a phone number and a working address on Gmail, the Web-based e-mail service from Google.

Yet Mo’s true identity remained a mystery. The number turned out to be for Google Voice, an Internet-based service that allows users to make phone calls from their computers. When authorities made an emergency request to Google for information from his account with the company, they learned that Mo had used an online tool called a “virtual proxy” to mask identifying information about the computer he was using. The name registered for the Google account, meanwhile, was “Soozan vf.”

There was no obvious reference to Iran, even though a set of pictures Mo later e-mailed to investigators appeared to show an olive-skinned man in his late 20s, wearing what court documents described as an “Iranian tan camouflaged military uniform.”

Over several months, Mo allegedly threatened to detonate bombs at a county jail, a DoubleTree hotel, the University of Denver, the University of Texas, San Antonio International Airport, Washington-Dulles International Airport, Virginia Commonwealth University and other heavily used public facilities across the country, court documents show.

Though no bombs were ever found, during his rash of threats Mo began using an ominous new e-mail address: “texan.slayer@yahoo.com.” He also gave investigators a plausible full name for himself — Mohammed Arian Far — whose initials roughly fit a name he had used when registering his Google account: “mmmmaaaaffff.”

The account information, gathered after the approval of a search warrant in September 2012, listed a birthday that suggested Mo was 27 years old, fitting the estimates investigators made based on the pictures he had sent them. The field for country said “Iran.” The computer IP address used when Mo had signed up for the account in 2009 suggested he was in Tehran, the capital, at the time. But it wasn’t clear where in the city he lived, or even if he was still there.

Phishing for a suspect

The FBI team works much like other hackers, using security weaknesses in computer programs to gain control of users’ machines. The most common delivery mechanism, say people familiar with the technology, is a simple phishing attack — a link slipped into an e-mail, typically labeled in a misleading way.

When the user hits the link, it connects to a computer at FBI offices in Quantico, Va., and downloads the malicious software, often called “malware” because it operates covertly, typically to spy on or otherwise exploit the owner of a computer. As in some traditional searches, subjects typically are notified only after evidence is gathered from their property.

“We have transitioned into a world where law enforcement is hacking into people’s computers, and we have never had public debate,” said Christopher Soghoian, principal technologist for the American Civil Liberties Union. “Judges are having to make up these powers as they go along.”

Former U.S. officials say the FBI uses the technique sparingly, in part to keep public references to its online surveillance tools to a minimum. There was news coverage about them in 2007, when Wired reported that the FBI had sent surveillance software to the owner of a MySpace account linked to bomb threats against a Washington state high school.

The FBI has been able to covertly activate a computer’s camera — without triggering the light that lets users know it is recording — for several years, and has used that technique mainly in terrorism cases or the most serious criminal investigations, said Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, now on the advisory board of Subsentio, a firm that helps telecommunications carriers comply with federal wiretap statutes.

The FBI’s technology continues to advance as users move away from traditional computers and become more savvy about disguising their locations and identities. “Because of encryption and because targets are increasingly using mobile devices, law enforcement is realizing that more and more they’re going to have to be on the device — or in the cloud,” Thomas said, referring to remote storage services. “There’s the realization out there that they’re going to have to use these types of tools more and more.”

The ability to remotely activate video feeds was among the issues cited in a case in Houston, where federal magistrate Judge Stephen W. Smith rejected a search warrant request from the FBI in April. In that case, first reported by the Wall Street Journal, Smith ruled that the use of such technology in a bank fraud case was “extremely intrusive” and ran the risk of accidentally capturing information of people not under suspicion of any crime.

Smith also said that a magistrate’s court based in Texas lacked jurisdiction to approve a search of a computer whose location was unknown. He wrote that such surveillance software may violate the Fourth Amendment’s limits on unwarranted searches and seizures.

Yet another federal magistrate judge, in Austin, approved the FBI’s request to conduct a “one-time limited search” — not involving the computer’s camera — by sending surveillance software to the e-mail account of a federal fugitive in December 2012.

In that case, investigators had evidence that the man, who allegedly had taken the identity of a soldier serving in Iraq, was living at a hotel in San Antonio, just more than an hour’s drive from Austin. The FBI’s surveillance software returned a detailed inventory of the fugitive’s computer, including the chips used, the amount of space on his hard drive and a list of dozens of programs loaded onto it. He was later arrested, convicted and sentenced to five years in prison for financial fraud and identity theft.

“Technology is evolving and law enforcement is struggling to keep up,” said Brian L. Owsley, a retired federal magistrate judge from Texas who was not involved in either case. “It’s a cat-and-mouse game.”

Still searching

Even though investigators suspected that Mo was in Iran, the uncertainty around his identity and location complicated the case. Had he turned out to be a U.S. citizen or a foreigner living within the country, a search conducted without a warrant could have jeopardized his prosecution.

Federal magistrate Judge Kathleen M. Tafoya approved the FBI’s search warrant request on Dec. 11, 2012, nearly five months after the first threatening call from Mo. The order gave the FBI two weeks to attempt to activate surveillance software sent to the texan.slayer@yahoo.com e-mail address. All investigators needed, it seemed, was for Mo to sign on to his account and, almost instantaneously, the software would start reporting information back to Quantico.

The logistical hurdles proved to be even more complex than the legal ones. The first search warrant request botched the Yahoo e-mail address for Mo, mixing up a single letter and prompting the submission of a corrected request. A software update to a program the surveillance software was planning to target, meanwhile, raised fears of a malfunction, forcing the FBI to refashion its malicious software before sending it to Mo’s computer.

The warrant authorizes an “Internet web link” that would download the surveillance software to Mo’s computer when he signed on to his Yahoo account. (Yahoo, when questioned by The Washington Post, issued a statement saying it had no knowledge of the case and did not assist in any way.)

The surveillance software was sent across the Internet on Dec. 14, 2012 — three days after the warrant was issued — but the FBI’s program didn’t function properly, according to a court document submitted in February,

“The program hidden in the link sent to texan.slayer@yahoo.com never actually executed as designed,” a federal agent reported in a handwritten note to the court.

But, it said, Mo’s computer did send a request for information to the FBI computer, revealing two new IP addresses in the process. Both suggested that, as of last December, Mo was still in Tehran.

Julie Tate contributed to this report.
http://www.washingtonpost.com/busine...d98_story.html





Japan Cracks Down On Leaks After Scandal of Fukushima Nuclear Power Plant

State secrecy law carrying threat of 10-year jail term criticised as attack on democracy but PM denies trying to gag press
David McNeill

In April 2011, while Fukushima’s fires still smouldered, journalists scrambled to find sources who could shed any light on the nuclear crisis.

In a car park 25 miles south of the plant, a nervous maintenance worker on a rare break told The Independent that conditions onsite were chaotic and dangerous. Workers were exhausted; nobody at the top seemed to know what they were doing.

Nearly three years later, Japan’s parliament is set to pass a new state secrecy bill that critics warn might make revealing such conversations impossible, even illegal. They say the law dramatically expands state power, giving every government agency and ministry the discretion to label restricted information “state secrets”. Breaching those secrets will be punishable by up to 10 years in prison.

The Prime Minister, Shinzo Abe, denies he is trying to gag the media or restrict the public’s right to know. “There is a misunderstanding,” he told Japan’s parliament today as the Lower House prepared to pass the bill (to be enacted on 6 December). “It is obvious that normal reporting activity of journalists must not be a subject for punishment.”

Few people outside the government, however, seem to believe him. The legislation has triggered protests from Human Rights Watch, the International Federation of Journalists, the Federation of Japanese Newspapers Unions, the Japan Federation of Bar Associations and many other media watchdogs. Academics have signed a petition demanding it be scrapped.

“It represents a grave threat to journalism because it covers such a wide and vague range of secrets,” said Mizuho Fukushima, a former leader of the opposition Social Democratic Party. She pointed out that the bill casts its net so wide it even includes a clause for “miscellaneous” secrets.

Inevitably, perhaps, debate on the new law has been viewed through the prism of the Fukushima crisis, which revealed disastrous collusion between bureaucrats and the nuclear industry. Critics say journalists attempting to expose such collusion today could fall foul of the new law, which creates three new categories of “special secrets”: diplomacy, counter-terrorism and counter-espionage, in addition to defence.

Damage caused by the tsunami to the Unit 3 reactor building at Fukushima (AP)

During deliberations in November, Masako Mori, the minister in charge of the bill, admitted that security information on nuclear power plants could be designated a state secret because the information “might reach terrorists.” The designation would mostly be left to elite bureaucrats.

The government has attempted to steer debate away from Fukushima and toward rising tensions in Asia. Japan’s government says the secrecy legislation has been introduced partly to head off pressure from the US, its key military ally. Washington is still struggling to put out its own diplomatic fires started by whistleblowers Edward Snowden and Bradley Manning.

One possible application for the new law could be seen in November, when Japan held some of its largest-ever military exercises near the southern prefecture of Okinawa.

Opponents of the bill say Japan’s mainstream media is in any case already largely compliant. The latest (2013) World Press Freedom survey, published by journalism watchdog Reporters Without Borders, ranks Japan just 53rd, behind most advanced democracies and Lithuania and Ghana.

“Why do we need another law,” asks Taro Yamamoto, an independent politician. “What the government is truly trying to do is increase the power of the state.”
http://www.independent.co.uk/news/wo...t-8965296.html





On Second Thought …

Facebook wants to know why you didn’t publish that status update you started writing.
Jennifer Golbeck

A couple of months ago, a friend of mine asked on Facebook:

Do you think that facebook tracks the stuff that people type and then erase before hitting <enter>? (or the “post” button)

Good question.

We spend a lot of time thinking about what to post on Facebook. Should you argue that political point your high school friend made? Do your friends really want to see yet another photo of your cat (or baby)? Most of us have, at one time or another, started writing something and then, probably wisely, changed our minds.

Unfortunately, the code that powers Facebook still knows what you typed—even if you decide not to publish it. It turns out that the things you explicitly choose not to share aren't entirely private.

Facebook calls these unposted thoughts "self-censorship," and insights into how it collects these nonposts can be found in a recent paper written by two Facebookers. Sauvik Das, a Ph.D. student at Carnegie Mellon and summer software engineer intern at Facebook, and Adam Kramer, a Facebook data scientist, have put online an article presenting their study of the self-censorship behavior collected from 5 million English-speaking Facebook users. It reveals a lot about how Facebook monitors our unshared thoughts and what it thinks about them.

The study examined aborted status updates, posts on other people's timelines, and comments on others' posts. To collect the text you type, Facebook sends code to your browser. That code automatically analyzes what you type into any text box and reports metadata back to Facebook.

Storing text as you type isn't uncommon on other websites. For example, if you use Gmail, your draft messages are automatically saved as you type them. Even if you close the browser without saving, you can usually find a (nearly) complete copy of the email you were typing in your Drafts folder. Facebook is using essentially the same technology here. The difference is that Google is saving your messages to help you. Facebook users don't expect their unposted thoughts to be collected, nor do they benefit from it.

It is not clear to the average reader how this data collection is covered by Facebook's privacy policy. In Facebook’s Data Use Policy, under a section called "Information we receive and how it is used," it’s made clear that the company collects information you choose to share or when you "view or otherwise interact with things.” But nothing suggests that it collects content you explicitly don’t share. Typing and deleting text in a box could be considered a type of interaction, but I suspect very few of us would expect that data to be saved. When I reached out to Facebook, a representative told me that the company believes this self-censorship is a type of interaction covered by the policy.

In their article, Das and Kramer claim to only send back information to Facebook that indicates whether you self-censored, not what you typed. The Facebook rep I spoke with agreed that the company isn’t collecting the text of self-censored posts. But it’s certainly technologically possible, and it’s clear that Facebook is interested in the content of your self-censored posts. Das and Kramer’s article closes with the following: "we have arrived at a better understanding of how and where self-censorship manifests on social media; next, we will need to better understand what and why." This implies that Facebook wants to know what you are typing in order to understand it. The same code Facebook uses to check for self-censorship can tell the company what you typed, so the technology exists to collect that data it wants right now.

It is easy to connect this to all the recent news about NSA surveillance. On the surface, it's similar enough. An organization is collecting metadata—that is, everything but the content of a communication—and analyzing it to understand people's behavior. However, there are some important differences. While it may be uncomfortable that the NSA has access to our private communications, the agency is are monitoring things we have actually put online. Facebook, on the other hand, is analyzing thoughts that we have intentionally chosen not to share.

This may be closer to the recent revelation that the FBI can turn on a computer's webcam without activating the indicator light to monitor criminals. People surveilled through their computers’ cameras aren’t choosing to share video of themselves, just as people who self-censor on Facebook aren’t choosing to share their thoughts. The difference is that the FBI needs a warrant but Facebook can proceed without permission from anyone.

Why does Facebook care anyway? Das and Kramer argue that self-censorship can be bad because it withholds valuable information. If someone chooses not to post, they claim, "[Facebook] loses value from the lack of content generation." After all, Facebook shows you ads based on what you post. Furthermore, they argue that it’s not fair if someone decides not to post because he doesn't want to spam his hundreds of friends—a few people could be interested in the message. "Consider, for example, the college student who wants to promote a social event for a special interest group, but does not for fear of spamming his other friends—some of who may, in fact, appreciate his efforts,” they write.

This paternalistic view isn’t abstract. Facebook studies this because the more its engineers understand about self-censorship, the more precisely they can fine-tune their system to minimize self-censorship’s prevalence. This goal—designing Facebook to decrease self-censorship—is explicit in the paper.

So Facebook considers your thoughtful discretion about what to post as bad, because it withholds value from Facebook and from other users. Facebook monitors those unposted thoughts to better understand them, in order to build a system that minimizes this deliberate behavior. This feels dangerously close to “ALL THAT HAPPENS MUST BE KNOWN,” a motto of the eponymous dystopian Internet company in Dave Eggers’ recent novel The Circle.
http://www.slate.com/articles/techno... _publish.html





Lawsuit Accuses IBM of Hiding China Risks Amid NSA Spy Scandal
Jonathan Stempel

IBM Corp has been sued by a shareholder who accused it of concealing how its ties to what became a major U.S. spying scandal reduced business in China and ultimately caused its market value to plunge more than $12 billion.

IBM lobbied Congress hard to pass a law letting it share personal data of customers in China and elsewhere with the U.S. National Security Agency in a bid to protect its intellectual property rights, according to a complaint filed in the U.S. District Court in Manhattan.

The plaintiff in the complaint, Louisiana Sheriffs' Pension & Relief Fund, said this threatened IBM hardware sales in China, particularly given a program known as Prism that let the NSA spy on that country through technology companies such as IBM.

The Baton Rouge pension fund said the revelation of Prism and related disclosures by former NSA contractor Edward Snowden caused Chinese businesses and China's government to abruptly cut ties with the world's largest technology services provider.

It said this led IBM on October 16 to post disappointing third-quarter results, including drops in China of 22 percent in sales and 40 percent in hardware sales.

While quarterly profit rose 6 percent, revenue dropped 4 percent and fell well below analyst forecasts.

IBM shares fell 6.4 percent on October 17, wiping out $12.9 billion of the Armonk, New York-based company's market value.

The lawsuit names IBM, Chief Executive Virginia Rometty and Chief Financial Officer Mark Loughridge as defendants, and says they should be held liable for the company's failure to reveal sooner the risks of its lobbying and its NSA ties.

"These allegations are ludicrous and irresponsible and IBM will vigorously defend itself in court," IBM spokesman Doug Shelton said in an e-mailThe

Louisiana fund is represented by Bernstein, Litowitz, Berger & Grossmann, a prominent class-action specialist law firm. It seeks class-action status on behalf of shareholders from June 25 to October 16, 2013, and damages for shareholder losses.

Loughridge is retiring as CFO this month at age 60, which IBM calls its traditional retirement age. Martin Schroeter, who has been IBM's head of global finance, is replacing him.

The case is Louisiana Sheriffs' Pension & Relief Fund v. International Business Machines Corp et al, U.S. District Court, Southern District of New York, No. 13-08818.

(Editing by Andrew Hay and Matt Driskill)
http://www.reuters.com/article/2013/...9BB1BP20131213





Revealed: Spy Agencies' Covert Push to Infiltrate Virtual World of Online Games

NSA and GCHQ collect gamers' chats and deploy real-life agents into World of Warcraft and Second Life
James Ball

To the National Security Agency analyst writing a briefing to his superiors, the situation was clear: their current surveillance efforts were lacking something. The agency's impressive arsenal of cable taps and sophisticated hacking attacks was not enough. What it really needed was a horde of undercover Orcs.

That vision of spycraft sparked a concerted drive by the NSA and its UK sister agency GCHQ to infiltrate the massive communities playing online games, according to secret documents disclosed by whistleblower Edward Snowden.

The files were obtained by the Guardian and are being published on Monday in partnership with the New York Times and ProPublica.

The agencies, the documents show, have built mass-collection capabilities against the Xbox Live console network, which boasts more than 48 million players. Real-life agents have been deployed into virtual realms, from those Orc hordes in World of Warcraft to the human avatars of Second Life. There were attempts, too, to recruit potential informants from the games' tech-friendly users.

Online gaming is big business, attracting tens of millions of users world wide who inhabit their digital worlds as make-believe characters, living and competing with the avatars of other players. What the intelligence agencies feared, however, was that among these clans of innocent elves and goblins, terrorists were lurking.

The NSA document, written in 2008 and titled Exploiting Terrorist Use of Games & Virtual Environments, stressed the risk of leaving games communities under-monitored, describing them as a "target-rich communications network" where intelligence targets could "hide in plain sight".

Games, the analyst wrote "are an opportunity!". According to the briefing notes, so many different US intelligence agents were conducting operations inside games that a "deconfliction" group was required to ensure they weren't spying on, or interfering with, each other.

If properly exploited, games could produce vast amounts of intelligence, according to the the NSA document. They could be used as a window for hacking attacks, to build pictures of people's social networks through "buddylists and interaction", to make approaches by undercover agents, and to obtain target identifiers (such as profile photos), geolocation, and collection of communications.

The ability to extract communications from talk channels in games would be necessary, the NSA paper argued, because of the potential for them to be used to communicate anonymously: Second Life was enabling anonymous texts and planning to introduce voice calls, while game noticeboards could, it states, be used to share information on the web addresses of terrorism forums.

Given that gaming consoles often include voice headsets, video cameras, and other identifiers, the potential for joining together biometric information with activities was also an exciting one.

But the documents contain no indication that the surveillance ever foiled any terrorism plots, nor is there any clear evidence that terror groups were using the virtual communities to communicate as the intelligence agencies confidently predicted.

The operations raise concerns about the privacy of gamers. It is unclear how the agencies accessed their data, or how many communications were collected. Nor is it clear how the NSA ensured that it was not monitoring innocent Americans whose identity and nationality may have been concealed behind their virtual avatar.

The California-based producer of World of Warcraft said neither the NSA nor GCHQ had sought its permission to gather intelligence inside the game. "We are unaware of any surveillance taking place," said a spokesman for Blizzard Entertainment. "If it was, it would have been done without our knowledge or permission."

Microsoft declined to comment on the latest revelations, as did Philip Rosedale, the founder of Second Life and former CEO of Linden Lab, the game's operator. The company's executives did not respond to requests for comment.

The NSA declined to comment on the surveillance of games. A spokesman for GCHQ said the agency did not "confirm or deny" the revelations but added: "All GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that its activities are authorised, necessary and proportionate, and there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Intelligence and Security Committee."

Though the spy agencies might have been relatively late to virtual worlds and the communities forming there, once the idea had been mooted, they joined in enthusiastically.

In May 2007, the then-chief operating officer of Second Life gave a "brown bag lunch" address at the NSA explaining how his game gave the government "the opportunity to understand the motivation, context and consequent behaviours of non-Americans through observation, without leaving US soil".

One problem the paper's unnamed author and others in the agency faced in making their case – and avoiding suspicion their goal was merely trying to play computer games at work without getting fired – was the difficulty of proving terrorists were even thinking about using games to communicate.

A 2007 invitation to a secret internal briefing noted "terrorists use online games – but perhaps not for their amusement. They are suspected of using them to communicate secretly and to transfer funds." But the agencies had yet to find any evidence to support their suspicions.

The same still seemed to hold true a year later, albeit with a measure of progress: games data that had been found in connection with IPs, email addresses and similar information linked to terrorist groups.

"Al-Qaida terrorist target selectors and … have been found associated with XboxLive, Second Life, World of Warcraft, and other GVEs [Games and Virtual Environments]," the document notes. "Other targets include Chinese hackers, an Iranian nuclear scientist, Hizballah, and Hamas members."

However, that information wasn not enough to show terrorists are hiding out as pixels to discuss their next plot. Such data could merely mean someone else in an internet café was gaming, or a shared computer had previously been used to play games.

That lack of knowledge of whether terrorists were actually plotting online emerges in the document's recommendations: "The amount of GVEs in the world is growing but the specific ones that CT [counter-terrorism] needs to be methodically discovered and validated," it stated. "Only then can we find evidence that GVEs are being used for operational uses."

Not actually knowing whether terrorists were playing games was not enough to keep the intelligence agencies out of them, however. According to the document, GCHQ – the UK's equivalent to the NSA – already had a "vigorous effort" to exploit games, including "exploitation modules" against Xbox Live and World of Warcraft.

That NSA effort, based in the agency's New Mission Development Centre in the Menwith Hill UK air force base in North Yorkshire, was already paying dividends by May 2008.

At the request of GCHQ, the NSA had begun a deliberate effort to extract World of Warcraft metadata from their troves of intelligence, and trying to link "accounts, characters and guilds" to Islamic extremism and arms dealing efforts. A later memo noted that among the game's active subscribers were "telecom engineers, embassy drivers, scientists, the military and other intelligence agencies".

The UK agency did not stop at World of Warcraft, though: by September a memo noted GCHQ had "successfully been able to get the discussions between different game players on Xbox Live".

Meanwhile, the FBI, CIA, and the Defense Humint Service were all running human intelligence operations – undercover agents – within the virtual world of Second Life. In fact, so crowded were the virtual worlds with staff from the different agencies, that there was a need to try to "deconflict" their efforts – or, in other words, to make sure each agency wasn't just duplicating what the others were doing.

By the end of 2008, such human intelligence efforts had produced at least one usable piece of intelligence, according to the documents: following the successful takedown of a website used to trade stolen credit card details, the fraudsters moved to Second Life – and GCHQ followed, having gained their first "operational deployment" into the virtual world. This, they noted, put them in touch with an "avatar [game character] who helpfully volunteered information on the target group's latest activities".

Second Life continued to occupy the intelligence agencies' thoughts throughout 2009. One memo noted the game's economy was "essentially unregulated" and so "will almost certainly be used as a venue for terrorist laundering and will, with certainty, be used for terrorist propaganda and recruitment".

In reality, Second Life's surreal and uneven virtual world failed to attract or maintain the promised mass-audience, and attention (and its userbase) waned, though the game lives on.

The agencies had other concerns about games, beyond their potential use by terrorists to communicate. Much like the pressure groups that worry about the effect of computer games on the minds of children, the NSA expressed concerns that games could be used to "reinforce prejudices and cultural stereotypes", noting that Hezbollah had produced a game called Special Forces 2.

According to the document, Hezbollah's "press section acknowledges [the game] is used for recruitment and training", serving as a "radicalising medium" with the ultimate goal of becoming a "suicide martyr". Despite the game's disturbing connotations, the "fun factor" of the game cannot be discounted, it states. As Special Forces 2 retails for $10, it concludes, the game also serves to "fund terrorist operations".

Hezbollah is not, however, the only organizsation to have considered using games for recruiting. As the NSA document acknowledges: they got the idea from the US army.

"America's Army is a US army-produced game that is free [to] download from its recruitment page," says the NSA, noting the game is "acknowledged to be so good at this the army no longer needs to use it for recruitment, they use it for training".
http://www.theguardian.com/world/201...ft-second-life





U.S. Tech Companies Call for More Controls on Surveillance

Eight major U.S. web companies, including Apple, Google and Facebook, made a joint call on Monday for tighter controls on how governments collect personal data, intensifying the furor over online surveillance.

In an open letter to U.S. President Barack Obama and Congress, the companies said recent revelations showed the balance had tipped too far in favor of the state in many countries and away from the individual.

In June, former National Security Agency (NSA) contractor Edward Snowden exposed top secret government surveillance programs that tap into communications on cables linking technology companies' various data centers overseas.

After Snowden's disclosure, many of the big Internet companies warned that American businesses may lose revenue abroad as distrustful customers switched to local alternatives.

"We understand that governments have a duty to protect their citizens," said the letter from the eight firms which also included Microsoft Corp, Twitter, LinkedIn Corp, Yahoo Inc and AOL Inc.

"But this summer's revelations highlighted the urgent need to reform government surveillance practices worldwide.

"The balance in many countries has tipped too far in favor of the state and away from the rights of the individual - rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It's time for a change."

Several of the eight companies, which have a combined market capitalization of nearly $1.4 trillion, have responded by publicizing their decision to boost encryption and security on their sites.

TRUST AT RISK

The companies have detailed their 'Reform Government Surveillance' campaign on a website, calling on the U.S. government to take the lead by limiting how much user information a government can collect. r.reuters.com/guk35v

"People won't use technology they don't trust," Microsoft General Counsel Brad Smith said on the website. "Governments have put this trust at risk, and governments need to help restore it."

The campaign also calls on governments to limit surveillance to specific, known users and not to collect data in bulk, and asks that companies have the right to publish the number and nature of government demands for user information.

"The security of users' data is critical, which is why we've invested so much in encryption and fight for transparency around government requests for information," Google Chief Executive Larry Page said on the website.

"This is undermined by the apparent wholesale collection of data, in secret and without independent oversight, by many governments around the world. It's time for reform and we urge the U.S. government to lead the way."

Obama last week said he intended to propose NSA reforms to reassure Americans that their privacy was not being violated by the agency.

British-based campaign group Big Brother Watch welcomed the move by the Internet groups and said surveillance laws in Britain, the U.S. and many other countries were no longer fit for the Internet age.

"This statement of principles, by some of the world's biggest companies, is a watershed moment and one that cannot go ignored in any country that regards itself as a democracy," it said.

(Writing by Kate Holton in London; additional reporting by Chris Peters and Rohit T.K. in Bangalore.; Editing by Louise Ireland)
http://www.reuters.com/article/2013/...9B807K20131209





This White House Petition on Internet Privacy Now Requires a Response
Brian Fung

Over 100,000 people have signed onto a WethePeople petition asking President Obama to support changes in a 27-year-old privacy law called the Electronic Communications Privacy Act (ECPA). The law, which was written in 1986, and long before Gmail and Facebook, allows the seizing of e-mail and other digital communications without a warrant. Critics say it doesn't provide enough privacy protections for online communications.

"Americans are deeply concerned about NSA surveillance," the petition reads. "But the NSA’s not the only problem. An outdated law says the IRS and hundreds of other agencies can read our communications without a warrant."

Crossing the 100,000-signature threshold means that the White House must now issue a response to the petitioners, though there's no telling when that might come.

The petition narrowly made Thursday's deadline with several hundred extra signatures to spare (and more are still coming in).

Proponents of revising the ECPA say that in the wake of this year's NSA revelations, Congress must pass an update to ECPA that raises the legal barriers to online snooping by law enforcement. Under the current rules, only a subpoena, not a search warrant, is required to gain access to e-mail older than 180 days — even as archiving mails rather than deleting them has grown more popular over time. Other information that's potentially subject to easy collection include posts on social media and mobile geolocation data.

While the Senate Judiciary Committee has approved an ECPA reform bill already, it's still waiting for a vote by the full Senate.
http://www.washingtonpost.com/blogs/...es-a-response/





Obama Panel Said to Urge N.S.A. Curbs
David E. Sanger

A presidential advisory committee charged with examining the operations of the National Security Agency has concluded that a program to collect data on every phone call made in the United States should continue, though under broad new restraints that would be intended to increase privacy protections, according to officials with knowledge of the report’s contents.

The committee’s report, the officials said, also argues in favor of codifying and publicly announcing the steps the United States will take to protect the privacy of foreign citizens whose telephone records, Internet communications or movements are collected by the N.S.A. But it is unclear how far that effort would go, and intelligence officials have argued strenuously that they should be under few restrictions when tapping the communications of non-Americans abroad, who do not have constitutional protections under the Fourth Amendment.

The advisory group is also expected to recommend that senior White House officials, including the president, directly review the list of foreign leaders whose communications are routinely monitored by the N.S.A. President Obama recently apologized to Chancellor Angela Merkel of Germany for the N.S.A.’s monitoring of her calls over the past decade, promising that the actions had been halted and would not resume. But he refused to make the same promise to the leaders of Mexico and Brazil.

Administration officials say the White House has already taken over supervision of that program. “We’re not leaving it to Jim Clapper anymore,” said one official, referring to the director of national intelligence, who appears to have been the highest official to review the programs regularly.

But resistance from the intelligence agencies is likely. In an interview two months ago, Gen. Keith B. Alexander, the soon-to-retire director of the N.S.A. and the commander of the military’s Cyber Command, suggested that a major cutback in American spying on foreign nationals would be naďve. And officials who have examined the N.S.A.’s programs say they have been surprised at how infrequently the agency has been challenged to weigh the intelligence benefits of its foreign collection operations against the damage that could be done if the programs were exposed.

One of the expected recommendations is that the White House conduct a regular review of those collection activities, the way covert action by the C.I.A. is reviewed annually.

Another likely recommendation, officials say, is the creation of an organization of legal advocates who, like public defenders, would argue against lawyers for the N.S.A. and other government organizations in front of the Foreign Intelligence Surveillance Court, the nation’s secret court that oversees the collection of telephone and Internet “metadata” and of wiretapping aimed at terrorism and espionage suspects. Mr. Obama has already hinted that he objects to the absence of any adversarial procedures in front of the court’s judges.

But even if the N.S.A.’s activities are curtailed, it may be hard to convince Americans — or Germans, Mexicans and Brazilians — that the agency’s practices had changed. In part, that may depend on how much public transparency is built into programs that the government has spent years cloaking.

The advisory report offers the first signs that the revelations by Edward J. Snowden, the former N.S.A. contractor who took thousands of documents from the agency’s archives and has given some of them to news organizations, may lead to changes in the programs he exposed. While Mr. Snowden has been widely condemned in Washington for violating his oaths to protect secrets, and for taking up asylum in Russia instead of facing prosecution, it now appears likely that his disclosures will lead to the result he told interviewers he was seeking.

Caitlin Hayden, the spokeswoman for the National Security Council, declined to discuss any specific recommendations of the panel. “Our review is looking across the board at our intelligence gathering to ensure that as we gather intelligence, we are properly accounting for both the security of our citizens and our allies, and the privacy concerns shared by Americans and citizens around the world,” she said. “We need to ensure that our intelligence resources are most effectively supporting our foreign policy and national security objectives — that we are more effectively weighing the risks and rewards of our activities.”

She added that the review was especially focused on “examining whether we have the appropriate posture when it comes to heads of state; how we coordinate with our closest allies and partners; and what further guiding principles or constraints might be appropriate for our efforts.”

The five-person advisory group of intelligence and legal experts, several of whom have long connections to Mr. Obama, is expected to deliver its lengthy, unclassified report to the White House by this weekend. Among its members are Richard A. Clarke, who served in the Clinton administration and both Bush administrations and has become an expert on digital conflict; Michael J. Morell, a former deputy director of the C.I.A.; and Cass R. Sunstein, a Harvard Law School professor who served in the Obama White House and is married to Samantha Power, the ambassador to the United Nations.

Two leading legal academics are also members: Peter Swire, an expert in privacy law, and Geoffrey R. Stone, a constitutional law expert and a former dean of the University of Chicago Law School, where Mr. Obama once taught.

Members of the advisory group have declined to talk about their recommendations until the report is published. But fragmentary accounts of their main conclusions have begun to seep out, as word has spread of a preliminary briefing they gave to Mr. Obama’s top advisers. Two officials said that the advisers had gone further to challenge the intelligence agencies’ ways of doing business than they had expected.

“There’s going to be a lot of pushback to some of their ideas,” said one person familiar with the contents, who declined to go into detail. Another said that the report was “still being fine-tuned,” and that elements of the recommendations may change.

As a senator, Mr. Obama was critical of the Bush administration’s efforts to extend the N.S.A.’s surveillance powers, but as president he has embraced most of the programs begun during Mr. Bush’s time, including the bulk collection of telephone metadata. Only one major N.S.A. program, involving the bulk collection of metadata from about 1 percent of all emails sent inside the United States, is known to have been ended during Mr. Obama’s presidency.

Once it is delivered to the White House, the report is expected to feed into another review being conducted by national security officials across the administration. Mr. Obama has indicated that he plans to announce a range of changes, though officials say that is not likely to happen until early next year. At some point, officials say, the advisory group’s entire report will be made public.

In an interview last week on MSNBC, Mr. Obama said, “I’ll be proposing some self-restraint on the N.S.A., and, you know, to initiate some reforms that can give people more confidence.” But he gave no details.

Mr. Obama asked the advisory group to determine whether the N.S.A. had overreached, putting new programs in place because it had the technological capability, rather than weighing the costs to privacy. “What’s coming back is a report that says we can’t dismantle these programs, but we need to change the way almost all of them operate,” said one official familiar with the advisory group’s instructions.

So far, the intelligence agencies have largely opposed most proposals for major changes in the programs that they developed after the Sept. 11, 2001, attacks. For example, General Alexander has told Congress that it would not be possible to dismantle the bulk collection of data about American telephone calls until there was an efficient way to search quickly for data held by communications companies like AT&T and Verizon. Many of those companies do not retain the information for more than 18 months, and say they do not want to take on the burden and legal liabilities of holding it longer.

But General Alexander suggested in the interview two months ago that it may be several years before the United States can develop technology that would make it unnecessary for the government to amass that data in its own storage sites.
http://www.nytimes.com/2013/12/13/wo...nsa-curbs.html





NSA Review to Leave Spying Programs Largely Unchanged, Reports Say

• Panel to propose bulk surveillance continue – with some curbs
• Adviser calls apparent decision to leave core intact 'shameful'

Spencer Ackerman

A participant in a White House-sponsored review of surveillance activities described as “shameful” an apparent decision to leave most of the National Security Agency’s controversial bulk spying intact.

Sascha Meinrath, director of the Open Technology Institute, said Friday that the review panel he advised is at risk of missing an opportunity to restore confidence in US surveillance practices.

“The review group was searching for ways to make the most modest pivot necessary to continue business as usual,” Meinrath said.

Headed by the CIA’s former deputy director, Michael Morrell, the review is expected to deliver its report to President Barack Obama on Sunday, the White House confirmed, although it is less clear when and how substantially its report will be available to the public.

National security council spokeswoman Caitlin Hayden said she would have no further comment “on a report that is not yet final and hasn’t yet been submitted to the White House”.

Should the review group’s report resemble descriptions that leaked late Thursday, the report “does nothing to alter the lack of trust the global populace has for what the US is doing, and nothing to restore our reputation as an ethical internet steward,” said Meinrath, who met with the advisory panel and White House officials twice to discuss the bulk surveillance programs that have sparked international outrage.

Leaks about the review group’s expected recommendations to the New York Times and Wall Street Journal strengthened Meinrath and other participants’ long-standing suspicions that much of the NSA’s sweeping spy powers would survive. The Times quoted an anonymous official familiar with the group saying its report “says we can’t dismantle these programs, but we need to change the way almost all of them operate”.

According to the leaks, the review group will recommend that bulk collection of every American’s phone call data continue, possibly by the phone companies instead of the NSA, with tighter restrictions than the “reasonable, articulable suspicion” standard for searching through them that the NSA currently employs. Less clear is whether the review will recommend removing authorities NSA possesses to allow searches for Americans’ identifying information in its vast databases of foreign communications content.

The leaks in the New York Times and Wall Street Journal suggested that the review group will do less to restrain the bulk spying on foreign nationals that is a more traditional NSA activity, although the Journal referred to additional privacy safeguards. For surveillance of foreign leaders, the group looks likely to recommend such spying be personally approved by the president or White House officials.

Revelations that the NSA spies on allied leaders yielded a diplomatic outcry after German chancellor Angela Merkel personally raised the issue with Obama. Dianne Feinstein, the Senate intelligence committee chairwoman who has sponsored a bill preserving and in some cases expanding the bulk collection efforts, declared herself “totally opposed” to spying on allied leaders.

The report also appears to embrace the idea of allowing a privacy advocate to contest government collection requests before the secret surveillance panel known as the Fisa court, a key reform sought by congressional privacy advocates.

But the White House rejected a more controversial proposal that would split the technologically sophisticated NSA from the military's relatively new cyber command, which is tasked with protecting the military's data networks and launching wartime cyberattacks. Keeping the NSA director in charge of cyber command is "the most effective approach to accomplishing both agencies’ missions", Hayden told the Washington Post. The decision likely indicates the NSA will continue to be run by a military officer, unless an unusual bureaucratic arrangement is found.

On Wednesday, NSA director Keith Alexander, the army general who will retire in the spring after leading the agency for eight years, strongly defended the bulk collection of phone data as necessary to detect future domestic terrorist attacks. “There is no other way we know of to connect the dots,” Alexander told the Senate judiciary committee.

For months, the NSA and other intelligence officials have said they were open to the idea of letting phone companies conduct the bulk retention of data – although they have warned that doing so is technologically cumbersome – provided the bulk data pool continues. The NSA has maintained strong, secret ties with the phone companies since its inception in 1952.

Michelle Richardson, the ACLU’s surveillance lobbyist, said the organization would wait for a public release of the report to evaluate its merits, but said the group’s support depended on how far the review panel went in curbing “bulk suspicionless spying or not”.

“To the extent that they, like Feinstein, codify existing practices, we’ll oppose it,” Richardson said, “but if they make substantial reforms about protecting this very sensitive data, it’s on the right track.”

Jim Harper of the libertarian Cato Institute warned that the phone companies’ retention of bulk domestic phone data was a “non-starter”.

“Is secretly violating Americans’ communications privacy really rewarded by a policy requiring the violation of Americans’ communications privacy?” Harper wrote in a Friday blogpost.

Lurking in the background of the White House’s internal review is a heated legislative battle over ending bulk surveillance.

Civil libertarians in both parties and both houses of Congress are backing a bill, the USA Freedom Act, that would prevent the NSA's bulk collection of Americans’ data without individualized, court-approved suspicion of wrongdoing. The Obama administration has yet to take a formal position on the bill, which supporters claim has 120 congressional co-sponsors but has yet to pass.

It is unclear whether the bill’s proponents will be satisfied by requiring the bulk preservation of phone data by the phone companies. Currently the phone companies retain the data for 18 months, while the NSA desires a data pool comprised of information spanning between three and five years.

Obama has publicly portrayed the surveillance review process as substantial and inclusive of all equities in a debate he did not expect to have pre-Snowden.

In an MSNBC interview last week, Obama said the review heard from “a whole bunch of folks, civil libertarians and lawyers and others to examine what's being done”, and predicted proposing “some self-restraint on the NSA and to initiate some reforms that can give people more confidence”.

Yet the anticipated surveillance report appears to stop short of desires for reforms expressed in a little-noticed public-comments section on the review group’s website – which is nestled within the director of national intelligence’s online home.

Richard Barnblace, who described himself as having nearly avoided death or injury in this year’s Boston Marathon bombing, commented: “The NSA’s desire to collect ever more data is a prime example of the Haystack Fallacy: the absurd notion that you will find more needles by piling on more hay.”

“We need the same level of confidence in our electronic privacy as in we do in our physical homes,” wrote Cyprien Noel of California.

Some commenters discussed technical shortcomings of the NSA’s now-public geolocation activities, describing them as inevitably and mistakenly collecting data domestically.

“If the NSA were to mistakenly classify domestic servers as outside the United States, even at low rates, it would acquire a substantial amount of purely domestic internet traffic,” wrote Jonathan Mayer of Stanford University’s department of computer science.

The Open Technology Institute’s Meinrath said he told White House chief of staff Denis McDonough that the bulk surveillance revelations represented a “reputational crisis” for the US. “I think the Obama administration is going to be shocked in their own special way by just how little impact this has in turning around public perception of what they’re doing,” he said.

“I think what they’re going to find is when the initial dust settles from this attempt to spin the story is that people are going to be quick to realize this is not meaningful reform, this is not a bold new direction, and it is not going to do much to rein in a surveillance regime run amok.”
http://www.theguardian.com/world/201...ed-reports-say





By Cracking Cellphone Code, NSA has Capacity for Decoding Private Conversations
Craig Timberg and Ashkan Soltani

The cellphone encryption technology used most widely across the world can be easily defeated by the National Security Agency, an internal document shows, giving the agency the means to decode most of the billions of calls and texts that travel over public airwaves every day.

While the military and law enforcement agencies long have been able to hack into individual cellphones, the NSA’s capability appears to be far more sweeping because of the agency’s global signals collection operation. The agency’s ability to crack encryption used by the majority of cellphones in the world offers it wide-ranging powers to listen in on private conversations.

U.S. law prohibits the NSA from collecting the content of conversations between Americans without a court order. But experts say that if the NSA has developed the capacity to easily decode encrypted cellphone conversations, then other nations likely can do the same through their own intelligence services, potentially to Americans’ calls, as well.

Encryption experts have complained for years that the most commonly used technology, known as A5/1, is vulnerable and have urged providers to upgrade to newer systems that are much harder to crack. Most companies worldwide have not done so, even as controversy has intensified in recent months over NSA collection of cellphone traffic, including of such world leaders as German Chancellor Angela Merkel.

The extent of the NSA’s collection of cellphone signals and its use of tools to decode encryption are not clear from a top-secret document provided by former contractor Edward Snowden. But it states that the agency “can process encrypted A5/1” even when the agency has not acquired an encryption key, which unscrambles communications so that they are readable.

Experts say the agency may also be able to decode newer forms of encryption, but only with a much heavier investment in time and computing power, making mass surveillance of cellphone conversations less practical.

“At that point, you can still listen to any [individual person’s] phone call, but not everybody’s,” said Karsten Nohl, chief scientist at Security Research Labs in Berlin.

The vulnerability outlined in the NSA document concerns encryption developed in the 1980s but still used widely by cellphones that rely on technology called second-generation (2G) GSM. It is dominant in most of the world but less so in the wealthiest nations, including the United States, where newer networks such as 3G and 4G increasingly provide faster speeds and better encryption, industry officials say.

But even where such updated networks are available, they are not always used, because many phones often still rely on 2G networks to make or receive calls. More than 80 percent of cellphones worldwide use weak or no encryption for at least some of their calls, Nohl said. Hackers also can trick phones into using these less-secure networks, even when better ones are available. When a phone indicates a 3G or 4G network, a voice call might actually be carried over an older frequency and susceptible to decoding by the NSA.

The document does not make clear if the encryption in another major cellphone technology — called CDMA and used by Verizon, Sprint and a small number of foreign companies — has been broken by the NSA as well. The document also does not specify whether the NSA can decode data flows from cellular devices, which typically are encrypted using different technology.

The NSA has repeatedly stressed that its data collection efforts are aimed at overseas targets, whose legal protections are much lower than U.S. citizens’. When questioned for this story, the agency issued a statement, saying: “Throughout history nations have used encryption to protect their secrets, and today terrorists, cyber criminals, human traffickers and others also use technology to hide their activities. The Intelligence Community tries to counter that in order to understand the intent of foreign adversaries and prevent them from bringing harm to Americans and allies.”

German news magazine Der Spiegel reported in October that a listening station atop the U.S. Embassy in Berlin allowed the NSA to spy on Merkel’s cellphone calls. It also reported that the NSA’s Special Collection Service runs similar operations from 80 U.S. embassies and other government facilities worldwide. These revelations — and especially reports about eavesdropping on the calls of friendly foreign leaders — have caused serious diplomatic fallouts for the Obama administration.

Cellphone conversations long have been much easier to intercept than ones conducted on traditional telephones because the signals are broadcast through the air, making for easy collection. Police scanners and even some older televisions once were able to routinely pick up people talking on their cellphones, as a Florida couple did in 1996 when they recorded an overheard conversation involving then-House Speaker Newt Gingrich.

Digital transmission and encryption have become almost universally available in the United States, and they are now standard throughout much of the world. Governments typically dictate what kind of encryption technology, if any, can be deployed by cellphone service providers. As a result, cellular communications in some nations, including China, feature weak encryption or none at all.

A5/1 has been repeatedly cracked by researchers in demonstration projects for more than a decade.

The encryption technology “was designed 30 years ago, and you wouldn’t expect a 30-year-old car to have the latest safety mechanisms,” said David Wagner, a computer scientist at the University of California at Berkeley.

Collecting cellphone signals has become such a common tactic for intelligence, military and law enforcement work worldwide that several companies market devices specifically for that purpose.

Some are capable of mimicking cell towers to trick individual phones into directing all communications to the interception devices in a way that automatically defeats encryption. USA Today reported Monday that at least 25 police departments in the United States own such devices, the most popular of which go by the brand name Harris StingRay. Experts say they are in widespread use by governments overseas, as well.

Even more common, however, are what experts call “passive” collection devices, in which cell signals are secretly gathered by antennas that do not mimic cellphone towers or connect directly with individual phones. These systems collect signals that are then decoded in order for the content of the calls or texts to be understood by analysts.

Matthew Blaze, a University of Pennsylvania cryptology expert, said the weakness of A5/1 encryption is “a pretty sweeping, large vulnerability” that helps the NSA listen to cellphone calls overseas and likely also allows foreign governments to listen to the calls of Americans.

“If the NSA knows how to do this, presumably other intelligence agencies, which may be more hostile to the United States, have discovered how to do this, too,” he said.

Journalists Marc Ambinder and D.B. Grady reported in their 2013 book “Deep State: Inside the Government Secrecy Industry” that the FBI “has quietly removed from several Washington, D.C.- area cell phone towers, transmitters that fed all data to wire rooms at foreign embassies.”

The FBI declined to comment on that report.

Upgrading an entire network to better encryption provides substantially more privacy for users. Nohl, the German cryptographer, said that breaking a newer form of encryption, called A5/3, requires 100,000 times more computing power than breaking A5/1. But upgrading entire networks is an expensive, time-consuming undertaking that likely would cause interruptions in service for some customers as individual phones would be forced to switch to the new technology.

Amid the uproar over NSA’s eavesdropping on Merkel’s phone, two of the leading German cellphone service providers have announced that they are adopting the newer, stronger A5/3 encryption for their 2G networks.

They “are now doing it after not doing so for 10 years,” said Nohl, who long had urged such a move. “So, thank you, NSA.”

One of those companies, Deutsche Telekom, is the majority shareholder of T-Mobile. T-Mobile said in a statement this week that it was “continuously implementing advanced security technologies in accordance with worldwide recognized and trusted standards” but declined to say whether it uses A5/3 technology or plans to do so for its 2G networks in the United States.

AT&T, the largest provider of GSM cellphone services in the country, said it was deploying A5/3 encryption for parts of its network. “AT&T always protects its customers with the best encryption possible in line with what their device will support,” it said in a statement.

The company already deploys stronger encryption on its 3G and 4G networks, but customers may still wind up using 2G networks in congested areas or places where fewer cell towers are available.

Even with strong encryption, the protection exists only from a phone to the cell tower, after which point the communications are decrypted for transmission on a company’s internal data network. Interception is possible on those internal links, as The Washington Post reported last week. Leading technology companies, including Google and Microsoft, have announced plans in recent months to encrypt the links between their data centers to better protect their users from government surveillance and criminal hackers.
http://www.washingtonpost.com/busine...c5f_story.html





The UK Government Is Already Censoring The Global Internet

The new intellectual property crime unit PIPCU uses threats, not due process, to get copyright-infringing domains off the Internet
Max Smolaks

Today, a special police unit can decide that a certain website needs to disappear from the Internet, and threaten its domain name registrar into revoking the address “until further notice”, without any legal basis whatsoever.

The name of the unit is PIPCU (Police Intellectual Property Crime Unit) and it has just reported on the success of Operation Creative – a three month long campaign that resulted in 40 websites accused of copyright infringement shutting down, or at least moving to a new Web address.

None of the administrators of the 40 now-defunct websites, nor their registrars, were served with a court order. Welcome to our bright, corporate-owned future.

Looking at you, PIPCU

Here’s how it works: investigators employed by notorious copyright protection vehicles like the British Phonographic Industry (BPI) and the Federation Against Copyright Theft (FACT) scour the Internet, looking for websites that share copyrighted content.

Next, they forward this ‘intelligence’ to PIPCU, which then decides whether or not it will attempt to take down the site. If the website gets on the blacklist, the unit will write to the alleged offender, politely asking them to stop making money from piracy. If that doesn’t work (I don’t think it ever does), PIPCU will ask a network of over 60 advertisers to stop placing banners and bankrolling a pirate resource.

Finally, after a certain period of time, the unit will send a letter to the site’s registrar, asking it to suspend the domain name. Instead of a court order, this peculiar document refers to an outdated section of ICANN’s Registrar Accreditation Agreement, which states that such accreditation can be terminated if the organisation is found to have ‘permitted illegal activity in the registration or use of domain names’.

In other words, it’s a threat. PIPCU is implying that it can get the registrar’s accreditation revoked unless it suspends the suspected site.

The letter also asks the registrar to redirect users to 83.138.166.114 – a page which displays a PIPCU statement, along with the banners of copyright protection groups and legal content providers. Some would call it free advertising.

Sure, PIPCU has plenty of other responsibilities – like arresting the people that facilitate “illegal broadcasts” of Premier League matches, or cracking down on sales of counterfeit Windows DVDs. However, it is Operation Creative that truly shows the formidable capabilities of this new organisation.
Power Trip

There are several major problems with Operation Creative, the obvious one being the lack of any legal framework. The recent blocking of the Pirate Bay, Kickass-Torrents and other well-known pirate websites was initiated through the courts. In contrast, PIPCU sends out its letters without having any legal authority to act.

There is another major difference – unlike earlier anti-piracy campaigns, this one targets domain name registrars and not Internet service providers (ISPs) , which means its effects are not limited to the UK. That’s right, the actions of the new unit amount to policing the Internet, and not just at home, but worldwide.

Unlike in China, where the government is censoring local content it deems detrimental to the well-being of the state, in the UK, the new police unit serves the interests of copyright holders – in other words, media and software corporations. And while it’s important to protect the creative industries, which contribute six percent of the country’s GDP, abandoning due process in the hunt for the pirates puts the authorities on a slippery slope.

If we don’t ring alarm bells now, and we get used to the idea of websites disappearing from the Web on a whim, after a while the same tools could be applied to silence government critics.

An essential part of Operation Creative was the attempt to dismantle the funding networks around pirate resources. The idea backfired spectacularly. Data provided by PIPCU reveals that while the amount of legitimate advertising decreased by 12 percent, the number of links leading to dangerous or explicit websites grew by 39 percent, as the administrators rushed to fill empty spaces with cheaper banners.

In other words, the operation did nothing to stop the flow of illegal cash, but it succeeded in making pirate websites even less safe. According to research published by Ofcom in September, one in six UK Internet users aged over 12 consumes at least one item of online content illegally every three months – that’s at least ten million people in greater risk of a malware attack in this country alone, thanks to the new police unit.

There is one group of people that can stop this madness before it’s too late – the domain name registrars themselves. In the middle of October, Mark Jeftovic, CEO of the Canadian hosting company EasyDNS, vocally refused to comply with a request from PIPCU. Has he suffered the wrath of the British authorities? Nope. Was EasyDNS’s accreditation revoked? No. Is the company still in business? Oh yes.

EasyDNS doesn’t just maintain several domain names on the PIPCU blacklist, it has actually taken in websites banished by other registrars, including the ever-popular extratorrent.com. The company is currently arguing with Verisign about releasing another three domain names stuck in legal limbo.

According to Jeftovic, taking domains down without a valid reason goes against every DNS rule in the book. If more registrars follow this example, PIPCU could be forced to change its tactics.
http://www.techweekeurope.co.uk/comm...nternet-133799
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

December 7th, November 30th, November 23rd, November 16th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 06:25 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)