P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 31-12-14, 07:26 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - January 3rd, 2015

Since 2002


































"Before we did this study, it was certainly my view that the dark net is a good thing." – Gareth Owen






































January 3rd, 2015




Happy Public Domain Day: Here are the Works that Copyright Extension Stole from You in 2015
Cory Doctorow

Jennifer Jenkins writes, "What could have been entering the public domain in the US on January 1, 2015? Under the law that existed until 1978 -- Works from 1958. The films 'Attack of the 50 Foot Woman,' 'Cat on a Hot Tin Roof,' and 'Gigi,' the books 'Our Man in Havana,' 'The Once and Future King,' and 'Things Fall Apart,' the songs 'All I Have to Do Is Dream' and 'Yakety Yak,' and more -- What is entering the public domain this January 1? Not a single published work."

* Chinua Achebe, Things Fall Apart
* Hannah Arendt, The Human Condition
* Isaac Asimov (writing as Paul French), Lucky Starr and the Rings of Saturn
* Simone de Beauvoir, Mémoires d’une jeune fille rangée (Memoirs of a Dutiful Daughter)
* Michael Bond, A Bear Called Paddington, with illustrations by Peggy Fortnum
* Eugene Burdick and William Lederer, The Ugly American
* Truman Capote, Breakfast at Tiffany’s
* Agatha Christie, Ordeal by Innocence
* John Kenneth Galbraith, The Affluent Society
* Graham Greene, Our Man in Havana
* Dr. Martin Luther King, Jr., Stride Toward Freedom: The Montgomery Story
* Claude Lévi-Strauss, Anthropologie Structurale (Structural Anthropology)2
* Mary Renault, The King Must Die
* Dr. Seuss, Yertle the Turtle and Other Stories
* T.H. White, The Once and Future King

They truly are not of this world. What a trove of books—imagine these being freely available to students and educators around the world. You would be free to translate these books into other languages, create Braille or audio versions for visually impaired readers (if you think that publishers wouldn’t object to this, you would be wrong), or adapt them for theater or film. You could read them online or buy cheaper print editions, because others were free to republish them. (Empirical studies have shown that public domain books are less expensive, available in more editions and formats, and more likely to be in print—see here, here, and here.) Imagine a digital Library of Alexandria containing all of the world’s books from 1958 and earlier, where, thanks to technology, you can search, link, annotate, copy and paste. (Google Books has brought us closer to this reality, but for copyrighted books where there is no separate agreement with the copyright holder, it only shows three short snippets, not the whole book.) You could use these books in your own stories—The Once and Future King was free to draw upon Sir Thomas Malory's Le Morte d'Arthur (a compilation of King Arthur legends) because Malory’s work was in the public domain. One tale inspires another. That is how the public domain feeds creativity. Instead of seeing these literary works enter the public domain in 2015, we will have to wait until 2054.
http://boingboing.net/2014/12/31/hap...-day-here.html
http://web.law.duke.edu/cspd/publicd.../2015/pre-1976





Apps, eBooks, and Album Downloads Are About to Get More Expensive in Europe

New legislation is making internet companies fork out more tax, and consumers will likely pay the price
James Vincent

Sweeping changes to EU tax law could see the price of apps, ebooks, and MP3s raised throughout Europe by an average of 6.5 percent. The new legislation — known as Directive 2008/8/EC — comes into force on January 1st and is intended to shut down a tax loophole being used by big firms to charge less VAT (value added tax) on digital goods. Although not many individuals will be happy about the prospect of paying more for their games and movies, proponents of the bill say it will level the playing field between small and large companies and create a fairer market. Critics reply that the compliance costs will ruin small businesses.

"Big internet firms currently book their sales from low-tax countries"

As the law currently stands, businesses selling digital goods in Europe only have to charge customers the VAT of the country the firms are based in. This allows companies like Amazon, Microsoft, Apple, and Google to set up small offices in countries with favorable VAT rates and register all their European sales there.

Luxembourg, for example, is a tiny nation just 82 kilometers long, but its low VAT rates on ebooks (just 3 percent) mean that it’s home to Amazon’s European "headquarters." The company's 500 Luxembourg staff may pale in comparison to the size of its London operation (where it is currently building a 600,000 sq ft office with a planned capacity of 5,000) but all Amazon sales made in Europe are nonetheless routed through Luxembourg. By forcing the retailer to charge VAT on ebooks at local rates (20 percent in the UK for example), the EU says it's making it easier for smaller, local companies to compete with the American giant.

"It's expected that companies will simply pass the costs on to consumers"

Google Play, iTunes, and all of Amazon's digital stores will be affected by the changes, but it will be up to individual rights holders — that could be developers, music labels, or movie studios — to decide what to do with their prices. Although there's no consensus about what will happen, it's broadly expected that it's the customers that will have to absorb the new VAT rates. A cartoon appearing in the Financial Times in February summed up the business world's likely reaction: "This is either going to cost us, or the consumer. Give me a nanosecond to decide which..."

An album download that currently costs £11.99 ($18.65) based on Luxembourg's 15 percent VAT rate will cost £13.78 ($21.44) when adjusted to the UK's local rate of 20 percent. This 5 percent increase is only slightly below the average. Only Malta, Cyprus, and Germany are lower (18 percent, 19 percent, and 19 percent respectively) and most countries charge nearer to 22 percent, with Hungary home to the highest rates (27 percent). Some shoppers however, might be in for a pleasant surprise: Google's digital stores are based in Ireland where VAT is 23 percent.

"Google Play might actually get cheaper for some shoppers — it's currently based in Ireland where VAT is 23 percent"

A multitude of rates is not going to affect consumers, but many small business owners and sole traders say that the costs and administrative burdens will be crippling, with some 34,000 businesses affected in the UK alone. However, the EU directive also stipulates that governments set up "one-stop shops" to deal with the admin for these companies. In the UK, micro-businesses have complained that this means losing their VAT-exempt status (applicable if they sell less than £81,000 annually) but the government has replied that they can avoid this if they split their businesses to EU and UK-only divisions. It seems that there is no way of avoiding some administrative burden for companies of all sizes — but at least it can be tackled in one go. For customers, however, it might be a while longer until the full effect of the changes are felt.
http://www.theverge.com/2014/12/23/7...l-goods-europe





Illegal Downloaders Beware, You May Get a Shock in 2015

Canadians accustomed to illegally downloading copyrighted material without facing consequences could be in for a shock this year.

The final piece of the federal Copyright Modernization Act took effect on Jan. 1, requiring Internet service providers (ISPs) and website hosts to relay letters from copyright holders to customers associated with the unique Internet Protocol (IP) address where the illegal downloading is alleged to have occurred.

While such notices do not carry any immediate legal ramifications, Internet lawyer Allen Mendelsohn told CTV’s Canada AM that they do serve as “a warning” that a copyright holder has noticed illegal downloading activity at your IP address, and could decide to sue.

The law does not include a stipulation that the customer must stop downloading the material or remove it from any websites to which they may have posted, but it does allow a copyright holder to sue individuals. Lawsuits could seek up to $5,000 for downloading copyrighted material for personal use, and up to $20,000 for a download that led to commercial gain.

While the cost of litigation, and the relatively small return, could discourage copyright holders from suing, Mendelsohn notes it could be more worthwhile to sue a large number of people at once.

The ISP or website host must also keep the notification letters for six months, should the copyright holder decide to sue. However, the ISP or website host cannot hand over your personal information unless a lawsuit is launched.

In the meantime, receiving such a letter may be enough to compel the customer to stop downloading copyrighted material, he said.

Customers should expect to receive a notice via email, Mendelsohn said.
http://www.ctvnews.ca/sci-tech/illeg...2015-1.2169729





Vinyl’s Revival is Now a Phenomenon on Both Sides of the Atlantic
Tim Ingham

Vinyl album sales smashed records on both sides of the Atlantic in 2014, as a format that recently seemed on its last legs hit astonishing new heights.

Music Business Worldwide‘s analysis of the past decade shows just how miraculous vinyl’s recovery has been.

In the UK in 2014, vinyl album sales totalled 1.3m – six times bigger than its tally just five years earlier (2009). In fact, 2014 provided the most vinyl albums sales in the UK since 1995 – nearly 20 years ago.

In the US, vinyl sales have quadrupled in the past five years, narrowly missing out on a 10m sales milestone in 2014. Amazingly, the year’s 9.2m vinyl sales haul is the biggest since Nielsen Soundscan records began in 1993 – by some distance.

To put the achievement into context, the biggest annual US vinyl sales performance in the 10 years after Nielsen started monitoring the market (1993-2003) stood at 1.5m in the year 2000 – six times smaller than 2014’s tally.

In the US in 2006, when annual sales hit an 11-year low of 858,000. Over in the UK, it would take another year to hit rock bottom: in 2007, just 205,000 vinyl albums were sold in the year. In both countries, vinyl’s share of the total albums market was less than 1%.

Then something very unlikely started to happen – and has continued to happen ever since.

The US has experienced strong vinyl growth every year since 2007, when a million 12″ albums were sold for the first time in three years. The UK has seen similar consumer patterns, starting a year in 2008.

But the most astonishing moment in the story of vinyl’s rebirth has come in the last two years, when its popularity has exploded to a phenomenal degree.

In the US, sales in both 2014 and 2013 towered over any other point in Nielsen Soundscan history. 2013’s 6.1m figure represented a 33% jump on 2012, while 2014’s record-breaking 9.2m tally was up another 52%

Annual UK sales were up a whopping 101% in 2013 to 781,000, while 2014 saw a further 65% climb to 1.3m.

Vinyl’s market share of all album sales was 3.6% in the US in 2014, while in the UK it claimed 2%.

At the current rate of growth, annual vinyl album unit sales could hit 13m in the US next year and break the 2m barrier in the UK – figures which would have seemed little more than a fantasy just a few years ago.
http://www.musicbusinessworldwide.co...-the-atlantic/





Could Cryptocurrency Improve P2P File Sharing?
Danny Bradbury

The Pirate Bay may never make it to its teenage years.

The popular file sharing site, launched in 2003, was recently taken offline following a raid by Swedish police. It’s a sad event for a site that is supposed to be all about unassailable file sharing. Though resurrected versions of The Pirate Bay may already be back up online, the latest interruption to its service raises a host a questions.

What does this raid mean for decentralised P2P filesharing? Can the same technologies that underpin cryptocurrencies help sustain or even enhance decentralised P2P filesharing networks like The Pirate Bay?

A way around ISPs

P2P filesharing networks work by enabling lots of computers on the Internet to share files with each other. Most of the P2P networks today use the BitTorrent protocol.

BitTorrent has some superficial similarities to cryptocurrencies like bitcoin: namely, it’s a protocol offering decentralised communications among autonomous nodes in a network.

There are several potential problems for people wanting to use BitTorrent networks. The first is that visitors to sites like The Pirate Bay may be blocked by their own ISPs, possibly at the behest of governments or industry lobby groups.

“I don’t think a decentralised service offers a way around ISPs,” said Nick Lambert, COO at MaidSafe, which focuses on distributed secure file storage. “When the SAFE Network launches, which is the most decentralised service I have heard of as it doesn’t have a blockchain, it is still not immune from ISPs.”

Theoretically, users could do away with ISPs altogether with a decentralised mesh network using bitcoin as an incentive to participate. Lambert points to Libernet, a bitcoin-funded mesh networking concept, as a way to dodge ISPs altogether. This is more of a theoretical solution than a practical one at present, though.

“The quest to find a replacement for ISPs is something that many people would like to see, but unfortunately I think a really viable solution is a wee bit off,” he concluded.

The other potential problem for filesharing users is that even if their ISPs let them visit sites like The Pirate Bay, local law enforcement may take those sites down at the source, as happened with The Pirate Bay. However, this may be less of an issue than expected, because The Pirate Bay wasn’t actually sharing the files itself. Instead, it was simply an index, maintaining a database of those files.

“Despite the warning message, most of these users will still download their file successfully, since BitTorrent trackers have already been made mostly redundant by a global P2P network, which can be referred to as ‘the BitTorrent DHT’,” said Andrew Miller, a computer science PhD student at the University of Maryland. Miller is a key contributor to permacoin, a project designed to use blockchain technology to archive data across thousands of computers.

How BitTorrent file sharing works

To understand this concept, we must delve into how BitTorrent works.

In a BitTorrent network, files are made available for others to download in a process called seeding. Files are seeded by computers called peers, and anyone’s computer can be made into a peer simply by downloading an appropriate software client and connecting it to the Internet. Computers on the network that download files from seeders are called leeches, and it’s common for a peer to be both a seeder and a leech at the same time.

Seeded files are carved up into many individually-downloadable segments. This has three advantages.

First, if one peer containing a file becomes unavailable during a download, other seeders will still be available to deliver the segments that a leech is missing. Second, multiple segments can be downloaded from different seeders at once, making it easier to retrieve files quickly. Finally, leeches can quickly become seeders themselves, by seeding the files that they have already downloaded. This contributes to the overall health of the network and the availability of files.

In the early days of BitTorrent, peers on the network found each other using tracker files, which contained a constantly-updated list of which peers held which file segments.

The Pirate Bay used to be a centralised tracker service for BitTorrent files. For each downloadable file, it would host a downloadable tracker file with a .torrent extension.

Trackerless torrents

In 2009, The Pirate Bay switched off its centralised tracking service. Instead, it switched to trackerless torrents. These use a variety of mechanisms to enable people to find their files. The most common is the distributed hash table (DHT) technology that Miller describes. It enables peers in the network to hold partial lists of other peers that are hosting particular file segments. Another mechanism, Peer Exchange, enables BitTorrent clients to ask other peers in the network directly which peers they are connected to.

Consequently, The Pirate Bay moved from being a source of downloadable trackers, to a directory of magnet links. Unlike trackers, magnet links didn’t tell a peer where to find a file. Instead, it contained cryptographically hashed information about the content of a particular downloadable file, effectively telling a client what to look for. A BitTorrent client referencing a magnet link connects to its peers using distributed hash tables and asks them who is seeding that file.

When sites like The Pirate Bay stopped sharing files, they stopped being necessary for the continued operation of the file sharing network. Instead, the real heavy lifting has long since moved to the client, and the distributed hash tables. Nevertheless, those sites did provide a useful way to easily find shared files online.

One way to sustain that ease of use, rather than relying on people manually sharing links, may be to decentralise the publishing of file information itself. This is something that distributed hash tables are useful for. OpenBazaar, which is a decentralised marketplace allowing people to list their own goods and services, uses DHTs to get that information out. Projects like OpenBazaar suggest that it’s possible for autonomous nodes in a global network to publish information of their own for everything from trading to P2P lending.

Other projects, like Triblr, have already implemented distributing searching for file sharing.

Using cryptocurrency to improve performance

So, cryptocurrency’s underlying technologies may not be needed to save file sharing, or the indexing of information about currently-available files. Nevertheless, there may be room for cryptocurrency to improve the performance of these filesharing networks.

“One of the innovative things in bitcoin is its use of built-in virtual currency for incentives in its network,” said Miller.

BitTorrent also has a built-in incentive mechanism, Miller points out. Those peers that seed files are rewarded with faster downloads, while peers that seed fewer or no files will find that the frequency of file segments they can download from another peer are artificially limited, or ‘choked off’.

This incentive mechanism leaves new peers with a problem: they have nothing to seed, so their downloads may be slower. The BitTorrent protocol uses ‘optimistic unchoking’, in which a random peer is selected for unthrottled downloads, on the assumption that it may pay off.

“Overall, the BitTorrent network consists of volunteers. Perhaps BitTorrent would work even better if you could offer to pay your peers for their service,” said Miller. In such a scheme, a leeching peer without file segments to trade could potentially pay a seeding peer to unchoke it, increasing its download performance, and using the blockchain to track it all.

A fluffier long tail

There’s a nuance here. Popular files such as the latest viral video or Hollywood blockbuster would probably do quite well without a paid quality of service download, as there would be enough seeders to satisfy even a new leecher.

“I think this approach would have the most potential for the ‘long tail’ of files such as personal backups (that only concern one person) or niche files (which, currently, are less likely to have active seeders),” Miller said.

The long tail is a distribution in which a small number of items outrank the rest in popularity (the long tail would be the yellow part in the diagram below).

A term highlighted by Wired editor Chris Anderson’s popular book of the same name, it applies to content in the Internet age. A small number of popular mainstream items will be downloaded the most, while other, more obscure content will be viewed by far fewer people. However, there are far more of these less popular items, creating the ‘long tail’.

BitTorrent networks have their own version of the long tail, giving rise to something known as the seeder promotion problem. Seeders often discontinue their file seeding after they have downloaded their own content. While there will always be enough seeders for a popular file, there may be only one or two seeds for that obscure public domain Norwegian documentary on the cultural history of lutefisk that you’ve been dying to watch. If you start leeching from the handful of seeders for that item and they become unavailable, you’ll be stuck without the full file download.

Using a cryptocurrency as an incentive could be a way to ‘fluff out’ the long tail, by encouraging more people to share less popular items. It could reward peers with a form of stored value. They could use in the future to purchase their own priority download status for segments of a different file, or, if the cryptocurrency was traded on exchanges, they could cash out.

Tackling fraudulent peer attacks

There’s another potential use for cryptocurrency technologies in file sharing networks, Miller said: as a form of protection from attack.

Media companies have hired firms to disrupt filesharing networks using a variety of methods, including using fake seeders. These seeders may transmit incomplete blocks, or upload poor-quality or broken files.

“The rating system used by Pirate Bay and other sites is important for combatting this, but it's potentially fragile,” Miller said. “It's possible that if such attacks become much more advanced in the future, then blockchain technology may lead to more robust defenses.”

The blockchain might become a way to store downloads and information about the quality of particular files or peers, for example. An internal cryptocurrency could even be used as a form of reputation system to reward genuine sharers and punish fraudulent ones.

For now, such ideas remain theoretical, and BitTorrent continues along its current successful path without any of these blockchain enhancements. But technology disrupts wherever it can. If the need arises, the technology is certainly there.
http://www.coindesk.com/could-crypto...-file-sharing/





Future Alert: Wealth Sharing May Become the New File Sharing
Amanda B. Johnson

I’ve been venturing into new subreddits lately (after patronizing /r/Bitcoin almost exclusively for a year). This branching out lead me to /r/cryptocurrency, where I stumbled upon a sort of manifesto for the decentralization of all the things. It’s compelling. Here’s a breakdown of the main points of the full piece, written by redditor aliensyntax.

Unconscious Acts of Rebellion

“When file-sharing began on the internet, a process of disruption of the economic powers was initiated. This almost unconscious act of rebellion of average people sharing together was the first experiment we conducted in the transfer of wealth between the old regime and the emerging global society of the internet.”

And it was file sharing that threw into light the question of what actually qualifies as property. Before digitization, property could only be given to another at a loss to one’s own self. If I give you my Jeff Beck vinyl record, I no longer have that record. But in making a digital copy of the music, I can send you the full album and still have it for myself also. With the Internet, suddenly we can share things with others and still keep them for ourselves, too.

“This innocuous act of piracy has since been endlessly stigmatized by the so-called productive members of society. Their campaign to control the internet (SOPA, PIPA, et al.) and consumer behaviour (arresting file-sharers, raiding the torrent scene, the burning of library.nu, along with the recent attack on the piratebay) have all met with tremendous resistance among the general community of savvy internet users.”

But rather than see file sharing as the immense wealth-creating tool it is, established parties like Hollywood financiers, lawyers and state bureaucrats instead choose to claim that actual property is being “stolen” when consumers share files. Their revenue models are “entering a kind of epileptic seizure, violently lashing out for survival. This process will only continue accelerating until they commit economic suicide.”
Politicians, Lawyers and Bankers Are Terrified

“If all this wasn’t enough, we also thought up the brilliant idea of cryptocoins. With this we are establishing a completely new form of economic system. Politicians, lawyers, the bankers, just about all of them are terrified about the implications of this. They put it on the front page of every major newspaper as if they can they can control the public perception with their Orwellian rhetoric.”

It’s no coincidence that Bitcoin is repeatedly smeared by “mainstream” media outlets. It’s well-known that, for example, CNN is paid and/or pressured by state bureaucrats to promote some pieces of news and suppress others.

Legacy industries failing to adapt to shifts in consumer preferences include entertainment and publishing, along with banking. Politics and its ever-attendant lawyering aren’t really industries at all. As Richard Grant said, “Government is force, and politics is the process of deciding who gets to use it on whom. This is not the best way to solve problems.”

And with the total flip-flop in publishing that’s taken place via the internet, we finally know enough to have these kinds of discussions. Legacy newspapers and news channels are being replaced by blogs that are not influenced by bureaucrats or corporations. Talking heads covered in makeup are no longer considered to be the most trusted authorities anymore. They’re being replaced by knowledgeable individuals who blog from their homes.

“They can no longer frame the debate. With this development the economy will liquefy into the public domain. It’s only a matter of time before this house of cards collapses.”

The State as a Benevolent Master

“We needed to place our trust in a benevolent master. Unfortunately, the master is himself a selfish animal.”

In defense of a state, many like to quote James Madison, who said that if men were angels, we would need no government.

But if it’s true that men are not angels, isn’t that the most compelling reason to not have a government? If people have tendencies toward evil, wouldn’t making some of them masters over others exacerbate their evil tendencies? If men are not angels, isn’t the best course of action to make nobody a master over others?

Or as CoinTelegraph’s Carlo Caraluzzo phrased it, who will regulate the regulators? In the words of aliensyntax:

“What was meant to serve the people became the instrument of its enslavement.”

The Revolution Will Be Decentralized

“New platforms are beginning to emerge that will allow us [to] construct completely decentralized applications that will enable just about anything we can put our minds to: open governance, anonymous collaboration, voting systems, financial instruments, crowdfunding, property claims, and various other kinds of consensus-making contracts and agreements.”

Many make the mistake that anarchists wish for chaos. That they have no interest in order or rules. But this assumption is based on the falsehood that without a state, there can be no order.

Crypto protocols are proving to us every single day that order is quite capable of arising from non-governmental organizations—that, in fact, the very best kind of order arises from anarchy. States did not invent crowdfunding, while cryptocurrency is perfecting it. States did not invent property rights, while cryptocurrency is making the establishment of them seamless and irrevocable. States did not invent financial instruments, while cryptocurrency is making them available to all, both rich and poor.

“These systems are poised to give us true freedom over our lives if we just think to use them for this purpose.”

A Totally Anonymous Egalitarian Society

“If we collectively work together as we already do all across the web, we will see the dawn of a totally anonymous egalitarian society.”

And what is the benefit of online anonymity, anyway? If we’ve learned anything from the Silk Road and Pirate Bay attacks, it’s that there are some people who simply will not leave free people alone. These attackers need a name and a face to launch an attack. And online anonymity denies them the information they need to attack free people.

Furthermore, as cryptocurrency eliminates the need to trust a third party, identity becomes less and less necessary (and even totally undesirable) in online commerce.

“Out of the ashes of the old system we will create a new one that is infinitely more valuable. It’s time to fight for a massively decentralized stateless society founded on just principles of distribution. It’s time to make wealth-sharing the new file-sharing.”
http://cointelegraph.com/news/113206...w-file-sharing





Warrant for Raid on Kim Dotcom Legal, New Zealand Supreme Court Rules

Dotcom and his compatriots will have to pay $27,000 to Attorney General
Megan Geuss

New Zealand’s Supreme Court ruled on Tuesday (PDF) that warrants granted by the Court of Aukland in 2012 to search Kim Dotcom were legal. Warrants to search Dotcom compatriots Finn Batato, Mathias Ortmann, and Bram van der Kolk were also upheld. Dotcom et. al were ordered to pay NZ$35,000 (about US$27,000) to New Zealand's Attorney General for legal costs.

Judges say police were permitted to seize items they took from Kim Dotcom's house in 2012.
In 2012, the United States federal government accused Dotcom of racketeering, copyright infringement, and money laundering in connection with his website Megaupload, which the US contends encouraged people to share pirated copies of music and movies.

The thrust of Dotcom’s argument against the search warrants was that they were overly broad and "authorized search and seizure of material likely to include that which was irrelevant and private.” In 2012, Ars reported that "New Zealand police cut their way through locks and into Dotcom's 'panic room,' seized 18 luxury vehicles, secured NZ$11 million in cash from his bank accounts, and grabbed 150TB of data from 135 of Dotcom's digital devices.” The United States had requested the search warrants under the Mutual Assistance in Criminal Matters Act.

Over the last three years, the case challenging the search warrants has moved through New Zealand’s High Court to the Court of Appeal and now finally to the Supreme Court. Early after the raid on Dotcom’s New Zealand mansion, High Court Judge Helen Winkelmann ruled the raid illegal and said the warrants facilitated a “miscarriage of justice.”

Those early wins for Dotcom were fleeting, however, with the Court of Appeal overturning Winkelman’s decision in February 2014.

The Supreme Court agreed four to one with the Court of Appeal that, although the warrants were flawed in form, those flaws did not make the warrants invalid. While the warrants "could have been drafted rather more precisely,” the Supreme Court’s ruling reads, the criminal activity that the US accused Kim Dotcom of "is extensive and is alleged to have been carried out through what, outwardly, resembled a legitimate large-scale cloud storage facility.” The ruling continues:

Through the New Zealand Police, the United States authorities sought and obtained warrants to search for and seize material, including computers, relevant to that alleged offending. The computers were plainly relevant to the offending alleged, although some of their contents were undoubtedly irrelevant. As a practical matter, the computers would have to be taken offsite to enable cloning and search for relevant material.

Accordingly, we agree with the Court of Appeal that the appellants were reasonably able to understand what the warrants related to and that the police were adequately informed of what they should be looking for. Any issues relating to matters such as the way the search of the computers was conducted or the handling of irrelevant material should be addressed through other processes.


Kim Dotcom’s legal battles extend across many fronts, and, taken as a whole, the proceedings constitute one of the most expensive cases in New Zealand history.

Most recently, in October of this year, New Zealand’s Court of Appeals ruled that Dotcom had to reveal his financial assets to the Hollywood studios that are suing him for piracy. A month later, Dotcom told a London tech conference that he was “officially broke” after transferring his remaining assets to his wife and kids. At the same time, prosecutors asked New Zealand courts to throw Dotcom back in jail in advance of his 2015 extradition hearing, calling him a "flight risk.” That bid was thwarted in early December, and Dotcom will remain free on bail.
http://arstechnica.com/tech-policy/2...e-court-rules/





Three Rival Hacking Groups Including Lizard Squad Call Ceasefire After Admitting Attack on Xbox and Playstation Gamers Took it 'a Notch Too Far'
Stephanie Linning

• Vincent Omari was named by rival group as being member of Lizard Squad
• Group claimed responsibility for hacking PlayStation and Xbox networks
• Mr Omari, 22, denied accusation saying it was 'case of mistaken identity'
• Tweets believed to have been posted by him said he 'represented' group
• A YouTube video appears to show rival hackers agreeing a ceasefire
• The FBI is said to be investigating an alleged member of the Lizard Squad

Three rival hacking groups have called a ceasefire after admitting their Christmas attack on Xbox and Playstation gamers 'took it too far'.

The attack - said to be carried out by a group called Lizard Squad, among others - left 160 million users unable to use their consoles, including children who had just received them as Christmas presents.

Microsoft's Xbox live which has more than 40 million subscribers was disabled for around 24hrs.

Meanwhile, some of Sony's 110 million users were still reporting problems on Sunday afternoon.

Sky News reports that Lizard Squad, rival hackers from the Anonymous group, Finest Squad group, and controversial internet entrepreneur Kim Dotcom debated the attack in a video uploaded to YouTube.

A hacker from the Anonymous group said: 'We care about the status of Xbox and Playstation, and we want to make sure that gamers stay connected for as long as possible.

Kim Dotcom said the attack had overshadowed good work of hackers.

'I think that this attack on Christmas and on kids around the world, the hacker image has suffered,' he said.

'I think we should talk about the impact that this attack had on kids worldwide and I want to make sure that we leave this call with some conclusions and agreements that this type of thing won't happen again.

'Hacking is one thing but taking down an entire gaming network when people have just got their Christmas gifts is taking it a notch too far.'

At the end of the video, the groups declare a 'ceasefire'.

It has emerged that the FBI is investigating an alleged member of the Lizard Squad hacking group.

The teenager is said to be named Julius Kivimaki and who goes by 'ryanc' online. Kivimaki is said to be 16 or 17 years old and lives in Finland, DailyDot.com reports.

The comments come after British man who was named as one of the hackers who carried out the Christmas Day cyber attack on game consoles is believed to have posted online about his fears of 'ending up in jail'.

Vincent Omari was last night said by a rival group to be a member of Lizard Squad, which has claimed responsibility for hacking into the PlayStation and Xbox networks.

About 160 million users were left unable to use their consoles, including children who had just received them as Christmas presents.

Last night Mr Omari, 22, denied the accusation. Speaking outside his parents' home in Twickenham, South-West London, he said: 'I am not a member of Lizard Squad. I am not one of the hackers. It is a case of mistaken identity.'

However, in messages believed to have been posted by Omari, a Twitter user with the tag @VinnSec admitted he was the 'spokesperson for the group', adding that police knew about cyber attack 'and they have all my info if needed'.

Another tweet from the account read: 'Let's see what happens next, I wonder if I'll end up in jail for representing lizardsquad.'

Earlier, Mr Omari spoke to Sky News and presented himself as 'an independent security analyst', without any suggestion of him being a member of the hacking group.

However, on BBC Radio 5 Live, an unnamed man with an identical voice who said he had just turned 22 admitted being part of the attack. Mr Omari turned 22 on Christmas Eve.

A second Lizard Squad member has been identified online as a 16-year-old grammar schoolboy in Kent.

Meanwhile, a Finnish man in the hacking group claimed the attack was simply designed to expose the poor security of PlayStation and Xbox.

Calling himself Ryan, he said just three people masterminded the attack and felt no guilt at forcing 'a couple of kids to spend their time with their families instead of playing games.' Ryan told Sky News: 'We have a massive capability to take down networks like this.

During a television interview at the weekend, a man who went by the name 'Ryan' (pictured) said he and a small group launched the Christmas Day cyber attack on the computer games consoles. A notorious group of hackers called Lizard Squad said it carried out the hack 'for the laughs', and to expose poor online security

'One of the big aspects was raising awareness regarding the low state of computer security at these companies. These companies make tens of millions every month from subscriber fees – they should have more funding to be able to protect against these attacks.'

The Xbox status page said yesterday that Microsoft services had been restored, while Sony's PlayStation said it was getting to grips with the issue.

The hacking meant that downloaded games could not be played and gamers could not compete against others around the world.

Ryan said: 'It is sort of a game for us, I have to admit. I completely understand that it's a bit unethical.'

Meanwhile, another hacking gang has published details of more than 13,000 users of websites including those run by PlayStation, Xbox and Amazon.

The group posted username and password details as well as credit-card numbers and expiry dates. They left a message on Twitter saying they had done it 'for the Lulz', meaning 'for laughs'.
http://www.dailymail.co.uk/news/arti...Christmas.html





Access to Gmail Is Blocked in China After Months of Disruption
Edward Wong and Kiki Zhao

The Chinese government appears to have blocked the ability of people in China to gain access to Google’s email service through third-party email clients, which many Chinese and foreigners had been relying on to use their Gmail accounts after an earlier blocking effort by officials, according to Internet analysts and users in China.

The blocking began last Friday and has ignited anger and frustration among many Internet users in China. Data from Google shows traffic to Gmail dropping to zero from Chinese servers.

The new step in blocking Gmail has consequences that go well beyond making it difficult for users to access personal emails. Some foreign companies use Gmail as their corporate email service, for example. Now, the companies will have to ensure that their employees have software known as VPNs, or virtual private networks, to access Gmail.

That software allows users to bypass the Chinese Internet censorship controls commonly known as the Great Firewall, but the authorities also attempt to inhibit the software.

People in China began noticing the new blocking method over the weekend, as their phones, tablets and computers failed to download emails from Gmail accounts if the users did not have VPN software switched on. Until now, the devices had been able to download Gmail to clients like Apple Mail or Microsoft’s Outlook. Those clients use the protocols IMAP, POP3 and SMTP to download the emails.

For months, that has been the most common way for people in China to keep using Gmail. The Chinese government had blocked access to the Gmail website and other Google websites around the 25th anniversary of the June 4, 1989, protests and fatal government response in Tiananmen Square.

Google has for years been a target of the Chinese government, and some official publications have cited the company as one component of a Western conspiracy to undermine China. For example, Chinese officials had insisted Google censor its search results, a request that angered some top executives at Google, and they refused to comply. Chinese companies like Baidu, which has a popular search engine here, benefit from the official crackdown on Google.

Chinese and foreign Internet users in China expressed their frustration on Monday at the government’s new blocking measures.

“They shouldn’t have blocked Google or Gmail; it’s against the spirit of the Internet,” Yuan Shengang, the chief executive of Netentsec, a Beijing-based cybersecurity company, said in a telephone interview.

One Chinese technology news website, 36kr, said in an article on the disruption that “such complete access failure to Gmail has no precedent.”

Luo Zhiqiu, a lecturer in English at Nanjing University, wrote on his microblog on Sunday that “it’s a critical moment for many students who are currently applying for overseas universities.”

“Their contact emails are Gmails,” he wrote. “Such blockage brings great inconvenience. Many years later, when they will consider whether they should go back to China, this experience might lead them to choose, without hesitation, not to return.”

A Foreign Ministry spokeswoman, Hua Chunying, was asked at a regularly scheduled news conference in Beijing about the blocking. She said she knew nothing about it.

“China has consistently had a welcoming and supportive attitude towards foreign investors doing legitimate business here,” she said. “We will, as always, provide an open, transparent and good environment for foreign companies in China.”

Last Thursday, Red Flag, a theoretical Communist Party journal, published an article by two scholars from the National Defense University that called for greater regulation and monitoring of Internet use in China. The article said foreign organizations or companies, including the United States State Department, were constantly looking for ways to help Internet users in China “break through the Internet,” or get around China’s censorship controls. China needed to take “powerful measures,” including cutting off the distribution of software that allows users to get around the controls, wrote the authors, Zhao Zhouxian and Xu Zhidong.

In November, Lu Wei, the top Internet regulator in China, presided over a conference in Zhejiang Province that had some attendees from foreign technology companies; Mr. Lu stressed the need for nations to have “Internet sovereignty,” meaning the countries should be able to create and control their own online space.

This month, Mr. Lu went to the United States to visit technology companies there on what was billed as a fact-finding mission.

He met separately with Eric Schmidt, executive chairman of Google; Mark Zuckerberg, the founder of Facebook; Jeff Bezos, chief executive of Amazon; and Tim Cook, chief executive of Apple.

While giving Mr. Lu a tour of Facebook’s headquarters in California, Mr. Zuckerberg pointed out a copy of the book “Xi Jinping: The Governance of China” on his desk. Mr. Xi is the Chinese president and head of the Communist Party, and the book is a collection of his speeches and essays. Facebook is blocked in China, and Mr. Zuckerberg has said he would like to have Facebook unblocked and do business in the country.

Chinese authorities blocked the websites of The New York Times and Bloomberg News after both news organizations published separate stories in 2012 on the family wealth of party leaders. Those websites remain blocked and cannot be seen without VPN software that gets around the Great Firewall.

Shanshan Wang contributed research.
http://www.nytimes.com/2014/12/30/te...isruption.html





Pastebin, Dailymotion, Github Blocked After DoT Order: Report
Anupam Saxena

A number of Indian users are reporting they're not able to access websites such as Pastebin, DailyMotion and Github while accessing the internet through providers such as BSNL and Vodafone.

The block was first reported by Pastebin, a website where you can store text online for a set period of time, through its social media accounts on December 19. In a follow-up post on December 26, the site posted that it was still blocked in India on the directions of the Indian government.

A number of users also posted about the blocks on Reddit threads confirming that the sites have been blocked by Vodafone, BSNL and Hathway, among others.

http://t.co/e3zRKnJJQO seems to have been blocked in India. If you are from India and unable to visit Pastebin, please email us.
— Pastebin.com (@pastebin) December 19, 2014

It now appears that the blocks are being carried out on the instructions of DoT (Department of Telecom). The telecom body reportedly issued a notification regarding the same on December 17. A screenshot of the circular has been posted on Twitter by Pranesh Prakash. The notification mentions that 32 URLs including Pastebin, video sharing sites Vimeo and DailyMotion, Internet archive site archive.org and Github.com( a web-based software code repository), have been blocked under Section 69A of the Information Technology Act, 2000. DoT has also asked ISPs to submit compliance reports. However, we have not been able to verify the authenticity of the circular.

Insane! Govt orders blocking of 32 websites including @internetarchive @vimeo @github @pastebin #censorship #FoEx pic.twitter.com/F75ngSGohJ
— Pranesh Prakash (@pranesh_prakash) December 31, 2014

At the time of writing this story, we could not access Pastebin, DailyMotion and Github on Vodafone 3G and our office network that has access via dedicated lines. Vodafone is not displaying any errors and is simply blocking access. However, a number of users report that they're getting an error that says 'the site is blocked as per the instructions of Competent Authority.' However, we were able to access all the websites on Airtel 3G.
http://timesofindia.indiatimes.com/t...w/45701713.cms





Email Encryption Grew Tremendously, but Still Needs Work: 2014 in Review
Jacob Hoffman-Andrews

What if there were one thing we could do today to make it harder for the NSA and other intelligence agencies to eavesdrop on millions of people's email communications, without users having to change their habits at all?

There is. It's called STARTTLS for email, a standard for encrypting email communications. 2014 saw more and more email providers implementing it.

STARTTLS for email is described as server-to-server encryption, because it protects your email from eavesdroppers on the Internet, but not from your email provider, who runs the servers that send and receive your email. Server-to-server encryption is contrasted with end-to-end encryption like PGP and S/MIME, which additionally protect your email contents against snooping by your email provider. Both are valuable and we encourage the use of both.

The spread of server-to-server encryption is especially encouraging because it protects the metadata– who you speak with and when– that NSA collects even from Internet users suspected of no crime. As we and others have said before, the metadata is the message.

A year ago, when we published the first Encrypt the Web report, only four of the eighteen companies we surveyed protected their email with STARTTLS encryption. Today, thanks in part to EFF's involvement, more than twice as many of those companies do, reflecting implementations from Amazon, Microsoft, Yahoo, Facebook, Twitter, and LinkedIn. You can check your own email provider at starttls.info.

Those implementations, and many more from providers not listed, are reflected in much higher observed rates of protected email. Gmail reports 77% of their outbound email is successfully encrypted with STARTTLS, and Facebook encrypts 95% of their outbound mail.

But STARTTLS does have its major weaknesses. The initial handshake is subject to downgrade attacks that remove the necessary flags, so we began work on the STARTTLS Everywhere project, to provide an out-of-band channel so servers know when not to downgrade. In November, we described reports of the downgrade attack in the wild, with at least two ISPs intercepting email connections to remove encryption. In the coming year, we will step up the pressure on ISPs to stop this sort of interference with their customers' data.

End-to-end email encryption also saw big news this year with Google announcing a browser extension to provide PGP encryption in Gmail, and Yahoo committed to adapt it for their own webmail product. PGP email has historically suffered from being difficult to use, but dedicated engineering resources from these companies, as well as community-funded free software projects like LEAP and Mailpile, promise to make end-to-end encryption easier in 2015.
https://www.eff.org/deeplinks/2014/1...rk-2014-review





Web Freedom Is Seen as a Growing Global Issue
Vindu Goel and Andrew E. Kramer

Government censorship of the Internet is a cat-and-mouse game. And despite more aggressive tactics in recent months, the cats have been largely frustrated while the mice wriggle away.

But this year, the challenges for Silicon Valley will mount, with Russia and Turkey in particular trying to tighten controls on foreign-based Internet companies. Major American companies like Facebook, Twitter and Google are increasingly being put in the tricky position of figuring out which laws and orders to comply with around the world — and which to ignore or contest.

On Wednesday, Russia’s president, Vladimir V. Putin, signed the latest version of a personal data law that will require companies to store data about Russian users on computers inside the country, where it will be easier for the government to get access to it. With few companies expected to comply with the law, which goes into effect Sept. 1, a confrontation may well erupt.

The clumsiness of current censorship efforts was apparent in mid-December, when Russia’s Internet regulator demanded that Facebook remove a page that was promoting an anti-government rally. After Facebook blocked the page for its 10 million or so Russian users, dozens of copycat pages popped up and the word spread on other social networks like Twitter. That created even more publicity for the planned Jan. 15 event, intended to protest the sentencing of Aleksei A. Navalny, a leading opposition figure.

Anton Nosik, a prominent Russian blogger whose work has been censored by regulators, said it was absurd for a government to think it could easily stamp out an article or video when it can be copied or found elsewhere with a few clicks. “The reader wants to see what he was prevented from seeing,” Mr. Nosik said in an interview. “All that blocking doesn’t work.”

Instead, that prompted the government to switch tactics, moving Mr. Navalny’s sentencing to Dec. 30 with little notice in an attempt to diminish protests.

The Turkish government faced similar embarrassment when it tried to stop the dissemination of leaked documents and audio recordings on Twitter in March. The administration of Recep Tayyip Erdogan, who was then prime minister and is now president, ordered the shutdown of Twitter within Turkey after the company refused to block the posts, which implicated government officials in a corruption investigation.

Not only did the government lose a court fight on the issue, but while Twitter was blocked, legions of Turkish users taught one another technical tricks to evade the ban, even spray-painting the instructions on the walls of buildings.

“We all became hackers,” Asli Tunc, a professor of communication at Istanbul Bilgi University, said in a phone interview. “And we all got on Twitter.”

Despite such victories for free-speech advocates, governments around the world are stepping up their efforts to control the Internet, escalating the confrontation.

“The trendlines are consistent,” Colin Crowell, Twitter’s global vice president of public policy, said in a phone interview. “There are more and more requests for removal of information.”

Pakistan, for example, bombarded Facebook with nearly 1,800 requests to take down content in the first half of 2014, according to the company’s most recent transparency report. Google’s YouTube video service has long been blocked there. And the government briefly succeeding in getting Twitter to block certain “blasphemous” or “unethical” tweets last year until the company re-examined Pakistani law and determined the requests didn’t meet legal requirements.

It’s not just autocratic regimes that are pressing for limits on free speech. In the European Union, a court ruling last year established a “right to be forgotten,” allowing residents to ask search engines like Google to remove links to negative material about them. Now privacy regulators want Google to also delete the links from search results on the non-European versions of its service because anyone in Europe can easily get access to the alternate sites.

Free-speech activists view Facebook, the world’s largest social network with 1.35 billion monthly users, as the company most inclined to work with governments and do whatever is necessary to keep its service up and running.

Last spring, while Twitter was blocked in Turkey and YouTube was shut down, Facebook removed contested content and continued to operate. It has a dedicated team of outside lawyers who field censorship requests from the Turkish government and then recommend to corporate officials whether content should be blocked.

“Facebook can be quite important to the people who use it, so we try to make sure it remains accessible,” a company spokesman said. “We aggressively push back on unlawful or overly broad government requests.”

Twitter, which has about 284 million monthly users, styles itself as the world’s town square and a global champion of free speech, conforming to the letter of censorship laws while winking at workaround strategies, like users changing the location listed on their profile to evade specific blocks that apply in a particular country.

For Turkey’s opposition movement, Professor Tunc said, Twitter “basically created an opening, a refreshing alternative, especially during the protests. And they know that. They act like a defender of freedom.”

As the biggest player, Google, whose YouTube service seems to draw the particular ire of foreign governments, has been forced into fights on many fronts. It is still viewed by many as a hero for its decision to pull out of China in 2010 rather than continue to censor search results there.

The company explained its philosophy at that time: “We have a bias in favor of people’s right to free expression. We are driven by a belief that more information means more choice, more freedom and ultimately more power for the individual.”

While China remains a thorn in the side of most Western Internet companies — Facebook and Twitter are basically blocked there — Russia is the current flash point in the censorship wars.

Over the summer, the Russian government began demanding that anyone with at least 3,000 daily visitors follow rules similar to those applying to a media company and face content restrictions. So far, Twitter and Facebook are simply passing those requests along to their users without making sure anyone complies. Many do not, but so far the Russian government has not pressed the issue.

But the pressure may intensify later this year. Starting Sept. 1, foreign technology companies are supposed to store data about Russian users on computers located in Russia and make a software key available to the government that could be used to unscramble and monitor private Internet communications.

That would give the government leverage in showdowns with tech companies, since it could simply raid the facility or arrest local employees.

Most Western technology companies have no data centers in Russia and no plans to change that.

“Our data centers are all in the United States,” said Mr. Crowell of Twitter. “It’s unlikely that our first data center outside the United States will be in Russia.”

Google, whose search engine is the No. 2 player in Russia after the local Yandex service, has gone further, announcing recently that it will close its engineering offices in Russia. Although the company said it had been consolidating such offices globally, one factor in the closure is the risk of a raid by Russian authorities.

“If what’s going to happen is that Russians will show up and stick an AK-47 in an engineer’s nostril, Google is going to make sure that no one in Russia has a Google engineering logon,” said Ross J. Anderson, a professor of security engineering at Cambridge University in Britain, who studies privacy and censorship issues and did some work for Google in the past.

A Google spokesman declined to comment on its Russia strategy, saying only, “We are deeply committed to our Russian users and customers and we have a dedicated team in Russia working to support them.”

Twitter and Facebook have more room to maneuver. With far fewer users in Russia and virtually no advertising there, they can resist the government’s demands with fewer repercussions.

Robert Shlegel, a member of the Russian Parliament active in shaping the Kremlin’s Internet policies, said in a phone interview that the Russian regulations were in many ways a response to the revelations of the former American intelligence contractor, Edward J. Snowden, about American government spying through Silicon Valley companies.

“This problem was created by the United States,” Mr. Shlegel said. Mr. Snowden lives in Russia, which granted him residency as the United States government sought to arrest him for his leaks.

Russia’s first preference, Mr. Shlegel said, is to persuade other nations to form a common, international set of rules for social networking sites and crowdsourced news, clarifying when countries could block pages to comply with national laws.

He said that Russian authorities had no intention of blocking American Internet companies for failing to follow the data storage law. “What we need to do is have a dialogue,” he said.

And given Western sanctions and the collapse in the ruble’s value, Russia needs foreign business support, at least in part to prevent its online economy from grinding to a halt. If strictly enforced, the personal data law, for example, would close most Internet hotel and airline bookings, sending Russians to stand in line at travel agencies instead.

Mr. Nosik, the Russian blogger, said that the country’s Internet regulator, Roskomnadzor, was unlikely to ban American companies like Facebook, if only for fear that millions of Russians who suddenly lost access to years of photographs, family memories, love letters and contacts with friends would blame the Kremlin.

Only Mr. Putin could decide to cut off access, he said. “The moment Putin wants it done, it will be done within minutes and no law will be required,” Mr. Nosik said. “On the other hand, so long as Putin doesn’t give the command to block them, they will not be blocked.”

Vindu Goel reported from San Francisco and Andrew E. Kramer from Moscow.
http://www.nytimes.com/2015/01/02/bu...e-in-2015.html





NSA has VPNs in Vulcan Death Grip—No, Really, that’s What They Call it

VPN traffic repositories used to find keys, crack encryption of target traffic.
Sean Gallagher

The National Security Agency’s Office of Target Pursuit (OTP) maintains a team of engineers dedicated to cracking the encrypted traffic of virtual private networks (VPNs) and has developed tools that could potentially uncloak the traffic in the majority of VPNs used to secure traffic passing over the Internet today, according to documents published this week by the German news magazine Der Speigel. A slide deck from a presentation by a member of OTP’s VPN Exploitation Team, dated September 13, 2010, details the process the NSA used at that time to attack VPNs—including tools with names drawn from Star Trek and other bits of popular culture.

OTP’s VPN exploit team had members assigned to branches focused on specific regional teams, as well as a “Cross-Target Support Branch” and a custom development team for building specialized VPN exploits. At the regional level, the VPN team representatives acted as liaisons to analysts, providing information on new VPN attacks and gathering requirements for specific targets to be used in developing new ones.

While some VPN technologies—specifically, those based on the Point-to-Point Protocol (PPTP)—have previously been identified as being vulnerable because of the way they exchange keys at the beginning of a VPN session, others have generally been assumed to be safer from scrutiny. But in 2010, the NSA had already developed tools to attack the most commonly used VPN encryption schemes: Secure Shell (SSH), Internet Protocol Security (IPSec), and Secure Socket Layer (SSL) encryption.

The NSA has a specific repository for capturing VPN metadata called TOYGRIPPE. The repository stores information on VPN sessions between systems of interest, including their “fingerprints” for specific machines and which VPN services they’ve connected to, their key exchanges, and other connection data. VPN “fingerprints” can also be extracted from XKEYSCORE, the NSA’s distributed “big data” store of all recently captured Internet traffic, to be used in identifying targets and developing an attack. Because XKEYSCORE includes data from “untasked” sources—people and systems not designated as under surveillance—the OTP VPN Exploitation Team’s presentation requested, “Try to avoid relying on (XKEYSCORE) workflows due to legal and logistical issues.” But XKEYSCORE, it was noted, is best for attacks on SSH traffic.

Analysis of TOYGRIPPE and XKEYSCORE data, as well as from “daily VPN exploits,” is fed into BLEAKINQUIRY—a metadata database of “potentially exploitable” VPNs. This database can be searched by NSA analysts for addresses matching targeted individuals or systems and to generate requests for the VPN Exploit crew to convert the "potentially" into an actuality.

When an IPSec VPN is identified and “tasked” by NSA analysts, according to the presentation, a “full take” of its traffic is stored in VULCANDEATHGRIP, a VPN data repository. There are similar, separate repositories for PPTP and SSL VPN traffic dubbed FOURSCORE and VULCANMINDMELD, respectively.

The data is then replayed from the repositories through a set of attack scripts, which use sets of preshared keys (PSKs) harvested from sources such as exploited routers and stored in a key database called CORALREEF. Other attack methods are used to attempt to recover the PSK for each VPN session. If the traffic is of interest, successfully cracked VPNs are then processed by a system called TURTLEPOWER and sorted into the NSA’s XKEYSCORE full-traffic database, and extracted content is pushed to the PINWALE “digital network intelligence” content database.

But for those that aren’t successfully cracked, the VPN Exploit Team’s presentation noted, the team works to “turn that frown upside down” by doing more data collection—trying to capture IPSec Internet Key Exchange (IKE) and Encapsulating Security Payload (ESP) traffic during VPN handshakes to help build better attacks. In cases where the keys just can’t be recovered, the VPN Exploit Team will “contact our friends for help”— gathering more information on the systems of interest from other data collection sites or doing an end-run by calling on Tailored Access Operations to “create access points” through exploits of one of the endpoints of the VPN connection.
http://arstechnica.com/tech-policy/2...-they-call-it/





Inside the NSA's War on Internet Security

US and British intelligence agencies undertake every effort imaginable to crack all types of encrypted Internet communication. The cloud, it seems, is full of holes. The good news: New Snowden documents show that some forms of encryption still cause problems for the NSA.

When Christmas approaches, the spies of the Five Eyes intelligence services can look forward to a break from the arduous daily work of spying. In addition to their usual job -- attempting to crack encryption all around the world -- they play a game called the "Kryptos Kristmas Kwiz," which involves solving challenging numerical and alphabetical puzzles. The proud winners of the competition are awarded "Kryptos" mugs.

Encryption -- the use of mathematics to protect communications from spying -- is used for electronic transactions of all types, by governments, firms and private users alike. But a look into the archive of whistleblower Edward Snowden shows that not all encryption technologies live up to what they promise.

One example is the encryption featured in Skype, a program used by some 300 million users to conduct Internet video chat that is touted as secure. It isn't really. "Sustained Skype collection began in Feb 2011," reads a National Security Agency (NSA) training document from the archive of whistleblower Edward Snowden. Less than half a year later, in the fall, the code crackers declared their mission accomplished. Since then, data from Skype has been accessible to the NSA's snoops. Software giant Microsoft, which acquired Skype in 2011, said in a statement: "We will not provide governments with direct or unfettered access to customer data or encryption keys." The NSA had been monitoring Skype even before that, but since February 2011, the service has been under order from the secret US Foreign Intelligence Surveillance Court (FISC), to not only supply information to the NSA but also to make itself accessible as a source of data for the agency.

The "sustained Skype collection" is a further step taken by the authority in the arms race between intelligence agencies seeking to deny users of their privacy and those wanting to ensure they are protected. There have also been some victories for privacy, with certain encryption systems proving to be so robust they have been tried and true standards for more than 20 years.

For the NSA, encrypted communication -- or what all other Internet users would call secure communication -- is "a threat". In one internal training document viewed by SPIEGEL, an NSA employee asks: "Did you know that ubiquitous encryption on the Internet is a major threat to NSA's ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware?"

The Snowden documents reveal the encryption programs the NSA has succeeded in cracking, but, importantly, also the ones that are still likely to be secure. Although the documents are around two years old, experts consider it unlikely the agency's digital spies have made much progress in cracking these technologies. "Properly implemented strong crypto systems are one of the few things that you can rely on," Snowden said in June 2013, after fleeing to Hong Kong.

The digitization of society in the past several decades has been accompanied by the broad deployment of cryptography, which is no longer the exclusive realm of secret agents. Whether a person is conducting online banking, Internet shopping or making a phone call, almost every Internet connection today is encrypted in some way. The entire realm of cloud computing -- that is of outsourcing computing tasks to data centers somewhere else, possibly even on the other side of the globe -- relies heavily on cryptographic security systems. Internet activists even hold crypto parties where they teach people who are interested in communicating securely and privately how to encrypt their data.

German officials suggest "consistent encryption"

In Germany, concern about the need for strong encryption goes right up to the highest levels of the government. Chancellor Angela Merkel and her cabinet now communicate using phones incorporating strong encryption. The government has also encouraged members of the German public to take steps to protect their own communication. Michael Hange, the president of the Federal Office for Information Security, has stated: "We suggest cryptography -- that is, consistent encryption."

It's a suggestion unlikely to please some intelligence agencies. After all, the Five Eyes alliance -- the secret services of Britain, Canada, Australia, New Zealand and the United States -- pursue a clear goal: removing the encryption of others on the Internet wherever possible. In 2013, the NSA had a budget of more than $10 billion. According to the US intelligence budget for 2013, the money allocated for the NSA department called Cryptanalysis and Exploitation Services (CES) alone was $34.3 million.

Last year, the Guardian, New York Times and ProPublica reported on the contents of a 2010 presentation on the NSA's BULLRUN decryption program, but left out many specific vulnerabilities. The presentation states that, "for the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies," and "vast amounts of encrypted Internet data which have up till now been discarded are now exploitable." Decryption, it turns out, works retroactively - once a system is broken, the agencies can look back in time in their databases and read stuff they could not read before.

The number of Internet users concerned about privacy online has risen dramatically since the first Snowden revelations. But people who consciously use strong end-to-end encryption to protect their data still represent a minority of the Internet-using population. There are a number of reasons for this: Some believe encryption is too complicated to use. Or they think the intelligence agency experts are already so many steps ahead of them that they can crack any encryption program.

Still Safe from the NSA

This isn't true. As one document from the Snowden archive shows, the NSA had been unsuccessful in attempts to decrypt several communications protocols, at least as of 2012. An NSA presentation for a conference that took place that year lists the encryption programs the Americans failed to crack. In the process, the NSA cryptologists divided their targets into five levels corresponding to the degree of the difficulty of the attack and the outcome, ranging from "trivial" to "catastrophic."

Monitoring a document's path through the Internet is classified as "trivial." Recording Facebook chats is considered a "minor" task, while the level of difficulty involved in decrypting emails sent through Moscow-based Internet service provider "mail.ru" is considered "moderate." Still, all three of those classifications don't appear to pose any significant problems for the NSA.

Things first become troublesome at the fourth level. The presentation states that the NSA encounters "major" problems in its attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor network*, which was developed for surfing the web anonymously. Tor, otherwise known as The Onion Router, is free and open source software that allows users to surf the web through a network of more than 6,000 linked volunteer computers. The software automatically encrypts data in a way that ensures that no single computer in the network has all of a user's information. For surveillance experts, it becomes very difficult to trace the whereabouts of a person who visits a particular website or to attack a specific person while they are using Tor to surf the Web.

The NSA also has "major" problems with Truecrypt, a program for encrypting files on computers. Truecrypt's developers stopped their work on the program last May, prompting speculation about pressures from government agencies. A protocol called Off-the-Record (OTR) for encrypting instant messaging in an end-to-end encryption process also seems to cause the NSA major problems. Both are programs whose source code can be viewed, modified, shared and used by anyone. Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft. Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism -- an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple -- show that the NSA's efforts appear to have been thwarted in these cases: "No decrypt available for this OTR message." This shows that OTR at least sometimes makes communications impossible to read for the NSA.

Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states.

ZRTP, which is used to securely encrypt conversations and text chats on mobile phones, is used in free and open source programs like RedPhone and Signal. "It's satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque," says RedPhone developer Moxie Marlinspike.

Too Robust for Fort Meade

Also, the "Z" in ZRTP stands for one of its developers, Phil Zimmermann, the same man who created Pretty Good Privacy, which is still the most common encryption program for emails and documents in use today. PGP is more than 20 years old, but apparently it remains too robust for the NSA spies to crack. "No decrypt available for this PGP encrypted message," a further document viewed by SPIEGEL states of emails the NSA obtained from Yahoo.

Phil Zimmermann wrote PGP in 1991. The American nuclear weapons freeze activist wanted to create an encryption program that would enable him to securely exchange information with other like-minded individuals. His system quickly became very popular among dissidents around the world. Given its use outside the United States, the US government launched an investigation into Zimmermann during the 1990s for allegedly violating the Arms Export Control Act. Prosecutors argued that making encryption software of such complexity available abroad was illegal. Zimmermann responded by publishing the source code as a book, an act that was constitutionally protected as free speech.

PGP continues to be developed and various versions are available today. The most widely used is GNU Privacy Guard (GnuPG), a program developed by German programmer Werner Koch. One document shows that the Five Eyes intelligence services sometimes use PGP themselves. The fact is that hackers obsessed with privacy and the US authorities have a lot more in common than one might initially believe. The Tor Project*, was originally developed with the support of the US Naval Research Laboratory.

Today, NSA spies and their allies do their best to subvert the system their own military helped conceive, as a number of documents show. Tor deanonymization is obviously high on the list of NSA priorities, but the success achieved here seems limited. One GCHQ document from 2011 even mentions trying to decrypt the agencies' own use of Tor -- as a test case.

To a certain extent, the Snowden documents should provide some level of relief to people who thought nothing could stop the NSA in its unquenchable thirst to collect data. It appears secure channels still exist for communication. Nevertheless, the documents also underscore just how far the intelligence agencies already go in their digital surveillance activities.

Internet security comes at various levels -- and the NSA and its allies obviously are able to "exploit" -- i.e. crack -- several of the most widely used ones on a scale that was previously unimaginable.

VPN Security only Virtual

One example is virtual private networks (VPN), which are often used by companies and institutions operating from multiple offices and locations. A VPN theoretically creates a secure tunnel between two points on the Internet. All data is channeled through that tunnel, protected by cryptography. When it comes to the level of privacy offered here, virtual is the right word, too. This is because the NSA operates a large-scale VPN exploitation project to crack large numbers of connections, allowing it to intercept the data exchanged inside the VPN -- including, for example, the Greek government's use of VPNs. The team responsible for the exploitation of those Greek VPN communications consisted of 12 people, according to an NSA document SPIEGEL has seen.

The NSA also targeted SecurityKiss, a VPN service in Ireland. The following fingerprint for Xkeyscore, the agency's powerful spying tool, was reported to be tested and working against the service:

fingerprint('encryption/securitykiss/x509') = $pkcs and ( ($tcp and from_port(443)) or ($udp and (from_port(123) or from_por (5000) or from_port(5353)) ) ) and (not (ip_subnet('10.0.0.0/8' or '172.16.0.0/12' or '192.168.0.0/16' )) ) and 'RSA Generated Server Certificate'c and 'Dublin1'c and 'GL CA'c;

According to an NSA document dating from late 2009, the agency was processing 1,000 requests an hour to decrypt VPN connections. This number was expected to increase to 100,000 per hour by the end of 2011. The aim was for the system to be able to completely process "at least 20 percent" of these requests, meaning the data traffic would have to be decrypted and reinjected. In other words, by the end of 2011, the NSA's plans called for simultaneously surveilling 20,000 supposedly secure VPN communications per hour.

VPN connections can be based on a number of different protocols. The most widely used ones are called Point-to-Point Tunneling Protocol (PPTP) and Internet Protocol Security (Ipsec). Both seem to pose few problems for the NSA spies if they really want to crack a connection. Experts have considered PPTP insecure for some time now, but it is still in use in many commercial systems. The authors of one NSA presentation boast of a project called FOURSCORE that stores information including decrypted PPTP VPN metadata.

Using a number of different programs, they claim to have succeeded in penetrating numerous networks. Among those surveilled were the Russian carrier Transaero Airlines, Royal Jordanian Airlines as well as Moscow-based telecommunications firm Mir Telematiki. Another success touted is the NSA's surveillance of the internal communications of diplomats and government officials from Afghanistan, Pakistan and Turkey.

Ipsec as a protocol seems to create slightly more trouble for the spies. But the NSA has the resources to actively attack routers involved in the communication process to get to the keys to unlock the encryption rather than trying to break it, courtesy of the unit called Tailored Access Operations: "TAO got on the router through which banking traffic of interest flows," it says in one presentation.

Anything But Secure

Even more vulnerable than VPN systems are the supposedly secure connections ordinary Internet users must rely on all the time for Web applications like financial services, e-commerce or accessing webmail accounts. A lay user can recognize these allegedly secure connections by looking at the address bar in his or her Web browser: With these connections, the first letters of the address there are not just http -- for Hypertext Transfer Protocol -- but https. The "s" stands for "secure". The problem is that there isn't really anything secure about them.

The NSA and its allies routinely intercept such connections -- by the millions. According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012. The intelligence services are particularly interested in the moment when a user types his or her password. By the end of 2012, the system was supposed to be able to "detect the presence of at least 100 password based encryption applications" in each instance some 20,000 times a month.

For its part, Britain's GCHQ collects information about encryption using the TLS and SSL protocols -- the protocols https connections are encrypted with -- in a database called "FLYING PIG." The British spies produce weekly "trends reports" to catalog which services use the most SSL connections and save details about those connections. Sites like Facebook, Twitter, Hotmail, Yahoo and Apple's iCloud service top the charts, and the number of catalogued SSL connections for one week is in the many billions -- for the top 40 sites alone.

Hockey sites monitored

Canada's Communications Security Establishment (CSEC) even monitors sites devoted to the country's national pastime: "We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season," it says in one presentation.

The NSA also has a program with which it claims it can sometimes decrypt the Secure Shell protocol (SSH). This is typically used by systems administrators to log into employees' computers remotely, largely for use in the infrastructure of businesses, core Internet routers and other similarly important systems. The NSA combines the data collected in this manner with other information to leverage access to important systems of interest.

Weakening Cryptographic Standards

But how do the Five-Eyes agencies manage to break all these encryption standards and systems? The short answer is: They use every means available.

One method is consciously weakening the cryptographic standards that are used to implement the respective systems. Documents seen by SPIEGEL show that NSA agents travel to the meetings of the Internet Engineering Task Force (IETF), an organization that develops such standards, to gather information but presumably also to influence the discussions there. "New session policy extensions may improve our ability to passively target two sided communications," says a brief write-up of an IETF meeting in San Diego on an NSA-internal Wiki.

This process of weakening encryption standards has been going on for some time. A classification guide, a document that explains how to classify certain types of secret information, labels "the fact that NSA/CSS makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable" as Top Secret.

Cryptographic systems actively weakened this way or faulty to begin with are then exploited using supercomputers. The NSA maintains a system called Longhaul, an "end-to-end attack orchestration and key recovery service for Data Network Cipher and Data Network Session Cipher traffic." Basically, Longhaul is the place where the NSA looks for ways to break encryption. According to an NSA document, it uses facilities at the Tordella Supercomputer Building at Fort Meade, Maryland, and Oak Ridge Data Center in Oak Ridge, Tennessee. It can pass decrypted data to systems such as Turmoil -- a part of the secret network the NSA operates throughout the world, used to siphon off data. The cover term for the development of these capabilities is Valientsurf. A similar program called Gallantwave is meant to "break tunnel and session ciphers."

In other cases, the spies use their infrastructure to steal cryptographic keys from the configuration files found on Internet routers. A repository called Discoroute contains "router configuration data from passive and active collection" one document states. Active here means hacking or otherwise infiltrating computers, passive refers to collecting data flowing through the Internet with secret NSA-operated computers.

An important part of the Five Eyes' efforts to break encryption on the Internet is the gathering of vast amounts of data. For example, they collect so-called SSL handshakes -- that is, the first exchanges between two computers beginning an SSL connection. A combination of metadata about the connections and metadata from the encryption protocols then help to break the keys which in turn allow reading or recording the now decrypted traffic.

If all else fails, the NSA and its allies resort to brute force: They hack their target's computers or Internet routers to get to the secret encryption -- or they intercept computers on the way to their targets, open them and insert spy gear before they even reach their destination, a process they call interdiction.

A Grave Threat to Security

For the NSA, the breaking of encryption methods represents a constant conflict of interest. The agency and its allies do have their own secret encryption methods for internal use. But the NSA is also tasked with providing the US National Institute of Standards and Technology (NIST) with "technical guidelines in trusted technology" that may be "used in cost-effective systems for protecting sensitive computer data." In other words: Checking cryptographic systems for their value is part of the NSA's job. One encryption standard the NIST explicitly recommends is the Advanced Encryption Standard (AES). The standard is used for a large variety of tasks, from encrypting the PIN numbers of banking cards to hard disk encryption for computers.

One NSA document shows that the agency is actively looking for ways to break the very standard it recommends - this section is marked as "Top Secret" (TS): "Electronic codebooks, such as the Advanced Encryption Standard, are both widely used and difficult to attack cryptanalytically. The NSA has only a handful of in-house techniques. The TUNDRA project investigated a potentially new technique -- the Tau statistic -- to determine its usefulness in codebook analysis."

The fact that large amounts of the cryptographic systems that underpin the entire Internet have been intentionally weakened or broken by the NSA and its allies poses a grave threat to the security of everyone who relies on the Internet -- from individuals looking for privacy to institutions and companies relying on cloud computing. Many of these weaknesses can be exploited by anyone who knows about them -- not just the NSA.

Inside the intelligence community, this danger is widely known: According to a 2011 document, 832 individuals at GCHQ alone were briefed into the BULLRUN project, whose goal is a large-scale assault on Internet security.

Jacob Appelbaum, Aaron Gibson, Christian Grothoff, Andy Müller-Maguhn, Laura Poitras, Michael Sontheimer and Christian Stöcker
http://www.spiegel.de/international/...a-1010361.html





On the New Snowden Documents
Matthew Green

If you don't follow NSA news obsessively, you might have missed yesterday’s massive Snowden document dump from Der Spiegel. The documents provide a great deal of insight into how the NSA breaks our cryptographic systems. I was very lightly involved in looking at some of this material, so I'm glad to see that it's been published (i.e., I can now stop looking over my shoulder).

Unfortunately with so much material, it can be a bit hard to separate the signal from the noise. In this post I’m going to try to do that a little bit -- point out the bits that I think are interesting, the parts that are old news, and the things we should keep an eye on.

Background

Those who read this blog will know that I’ve been wondering for a long time how NSA works its way around our encryption. This isn't an academic question, since it affects just about everyone who uses technology today.

What we've learned since 2013 is that NSA and its partners hoover up vast amounts of Internet traffic from fiber links around the world. Most of this data is plaintext and therefore easy to intercept. But at least some of it is encrypted -- typically protected by protocols such as SSL/TLS or IPSEC.

Conventional wisdom pre-Snowden told us that the increasing use of encryption ought to have shut the agencies out of this data trove. Yet the documents we’ve seen so far indicate that the opposite has happened. Instead, the NSA and GCHQ has somehow been harvesting massive amounts of SSL/TLS and IPSEC traffic, and appear to be making inroads into other technologies such as Tor as well.

How are they doing this? To repeat an old observation, there are basically three ways to crack an encrypted connection:

1. Go after the mathematics. This is expensive and unlikely to work well against modern encryption algorithms (with a few exceptions). The leaked documents give very little evidence of such mathematical breaks — though a bit more on this below.
2. Go after the implementation. The new documents confirm a previously-reported and aggressive effort to undermine commercial cryptographic implementations. The new documents provide context for how important this type of sabotage is to the NSA.
3. Steal the keys. Of course, the easiest way to attack any cryptosystem is simply to steal the keys. Yesterday we received a bit more evidence that this is happening.

I can’t possibly spend time on everything that’s covered by these documents — you should go read them yourself — so below I’m just going to focus on the highlights.

Not so Good Will Hunting

First, the disappointing part. The NSA may be the largest employer of cryptologic mathematicians in the United States, but — if the new story is any indication — those guys really aren’t pulling their weight.

In fact, the only significant piece of cryptanalytic news in the entire stack comes is a 2008 undergraduate research project looking at AES. Sadly, this is about as unexciting as it sounds -- in fact it appears to be nothing more than a summer project by a visiting student. More interesting is the context it gives around the NSA’s efforts to break block ciphers such as AES, including the NSA's view of the difficulty of such cryptanalysis, and confirmation that NSA has some ‘in-house techniques’.

Additionally, the documents include significant evidence that NSA has difficulty decrypting certain types of traffic, including Truecrypt, PGP/GPG, Tor and ZRTP from implementations such as RedPhone. Since these protocols share many of the same underlying cryptographic algorithms — RSA, Diffie-Hellman, ECDH and AES — some are presenting this as evidence that those primitives are cryptographically strong.

As with the AES note above, this ‘good news’ should also be taken with a grain of salt. With a small number of exceptions, it seems increasingly obvious that the Snowden documents are geared towards NSA’s analysts and operations staff. In fact, many of the documents seem geared towards actually protecting knowledge of NSA's cryptanalytic capabilities from NSA's own operational staff (and other Five Eyes partners). As an analyst, it's quite possible you'll never learn why a given intercept was successfully decrypted.

To put this a bit more succinctly: the lack of cryptanalytic red meat in these documents may not truly be representative of the NSA’s capabilities. It may simply be an artifact of Edward Snowden's clearances at the time he left the NSA.

Tor

One of the most surprising aspects of the Snowden documents — to those of us in the security research community anyway — is the NSA’s relative ineptitude when it comes to de-anonymizing users of the Tor anonymous communications network.

The reason for our surprise is twofold. First, Tor was never really designed to stand up against a global passive adversary — that is, an attacker who taps a huge number of communications links. If there’s one thing we’ve learned from the Snowden leaks, the NSA (plus GCHQ) is the very definition of the term. In theory at least, Tor should be a relatively easy target for the agency.

The real surprise, though, is that despite this huge signals intelligence advantage, the NSA has barely even tested their ability to de-anonymize users. In fact, this leak provides the first concrete evidence that NSA is experimenting with traffic confirmation attacks to find the source of Tor connections. Even more surprising, their techniques are relatively naive, even when compared to what’s going on in the ‘research’ community.

This doesn’t mean you should view Tor as secure against the NSA. It seems very obvious that the agency has identified Tor as a high-profile target, and we know they have the resources to make much more headway against the network. The real surprise is that they haven’t tried harder. Maybe they're trying now.

SSL/TLS and IPSEC

A few months ago I wrote a long post speculating about how the NSA breaks SSL/TLS. Because it’s increasingly clear that the NSA does break these protocols, and at relatively large scale.

The new documents don’t tell us much we didn’t already know, but they do confirm the basic outlines of the attack. The first portion requires endpoints around the world that are capable of performing the raw decryption of SSL/TLS sessions provided they know the session keys. The second is a separate infrastructure located on US soil that can recover those session keys when needed.

All of the real magic happens within the key recovery infrastructure. These documents provide the first evidence that a major attack strategy for NSA/GCHQ involves key databases containing the private keys for major sites. For the RSA ciphersuites of TLS, a single private key is sufficient to recover vast amounts of session traffic — in real time or even after the fact.

The interesting question is how the NSA gets those private keys. The easiest answer may be the least technical. A different Snowden leak shows gives some reason to believe that the NSA may have relationships with employees at specific named U.S. entities, and may even operate personnel “under cover”. This would certainly be one way to build a key database.

But even without the James Bond aspect of this, there’s every reason to believe that NSA has other means to exfiltrate RSA keys from operators. During the period in question, we know of at least one vulnerability (Heartbleed) that could have been used to extract private keys from software TLS implementations. There are still other, unreported vulnerabilities that could be used today.

Pretty much everything I said about SSL/TLS also applies to VPN protocols, with the additional detail that many VPNs use broken protocols and relatively poorly-secured pre-shared secrets. The NSA seems positively gleeful about this.

Open Source packages: Redphone, Truecrypt, PGP and OTR

The documents provide at least circumstantial evidence that some open source encryption technologies may thwart NSA surveillance. These include Truecrypt, ZRTP implementations such as RedPhone, PGP implementations, and Off the Record messaging. These packages have a few commonalities:

1. They’re all open source, and relatively well studied by researchers.
2. They’re not used at terribly wide scale (as compared to e.g., SSL or VPNs)
3. They all work on an end-to-end basis and don’t involve service providers, software distributers, or other infrastructure that could be corrupted or attacked.

What’s at least as interesting is which packages are not included on this list. Major corporate encryption protocols such as iMessage make no appearance in these documents, despite the fact that they ostensibly provide end-to-end encryption. This may be nothing. But given all we know about NSA’s access to providers, this is definitely worrying.

A note on the ethics of the leak

Before I finish, it's worth addressing one major issue with this reporting: are we, as citizens, entitled to this information? Would we be safer keeping it all under wraps? And is this all 'activist nonsense'?

This story, more than some others, skates close to a line. I think it's worth talking about why this information is important.

To sum up a complicated issue, we live in a world where targeted surveillance is probably necessary and inevitable. The evidence so far indicates that NSA is very good at this kind of work, despite some notable failures in actually executing on the intelligence it produces.

Unfortunately, the documents released so far also show that a great deal of NSA/GCHQ surveillance is not targeted at all. Vast amounts of data are scooped up indiscriminately, in the hope that some of it will someday prove useful. Worse, the NSA decided that this bulk surveillance justifies its efforts to undermine confidence in many of the security technologies that protect our own information systems. The President's own hand-picked review council has strongly recommended this practice be stopped, but their advice has -- to all appearances -- been largely disregarded. These are matters that are worthy of debate, but this debate that largely hasn't happened.

Unfortunate if we can't enact changes to fix these problems, technology is probably about all that's left. Over the next few years encryption technologies are going to be widely deployed, not only by individuals but also by corporations desperately trying to reassure overseas customers who doubt the integrity of US technology.

In that world, it's important to know what works and doesn't work. Insofar as this story tells us that, it makes us all better off.
http://blog.cryptographyengineering....documents.html





Over 80 Percent of Dark-Web Visits Relate to Pedophilia, Study Finds
Andy Greenberg

The mysterious corner of the Internet known as the Dark Web is designed to defy all attempts to identify its inhabitants. But one group of researchers has attempted to shed new light on what those users are doing under the cover of anonymity. Their findings indicate that an overwhelming majority of their traffic is driven by the Dark Web’s darkest activity: the sexual abuse of children.

At the Chaos Computer Congress in Hamburg, Germany today, University of Portsmouth computer science researcher Gareth Owen will present the results of a six-month probe of the web’s collection of Tor hidden services, which include the stealthy websites that make up the largest chunk of the Dark Web. The study paints an ugly portrait of that Internet underground: drug forums and contraband markets are the largest single category of sites hidden under Tor’s protection, but traffic to them is dwarfed by visits to child abuse sites. More than four out of five Tor hidden services site visits were to online destinations with pedophilia materials, according to Owen’s study. That’s over five times as many as any of the other categories of content that he and his researchers found in their Dark Web survey, such as gambling, bitcoin-related sites or anonymous whistle-blowing.

The researchers’ disturbing statistics could raise doubts among even the staunchest defenders of the Dark Web as a haven for privacy. “Before we did this study, it was certainly my view that the dark net is a good thing,” says Owen. “But it’s hampering the rights of children and creating a place where pedophiles can act with impunity.”

Precisely measuring anything on the Dark Web isn’t easy, and the study’s findings leave some room for dispute. The creators of Tor known as the Tor Project responded to a request for comment from WIRED with a list of alternative factors that could have skewed its results. Law enforcement and anti-abuse groups patrol pedophilia Dark Web sites to measure and track them, for instance, which can count as a “visit.” In some cases, hackers may have launched denial of service attacks against the sites with the aim of taking them offline with a flood of fraudulent visits. Unstable sites that frequently go offline might generate more visit counts. And sites visited through the tool Tor2Web, which is designed to make Tor hidden services more accessible to non-anonymous users, would be underrepresented. All those factors might artificially inflate the number of visits to child abuse sites measured by the University of Portsmouth researchers.1

“We do not know the cause of the high hit count [to child abuse sites] and cannot say with any certainty that it corresponds with humans,” Owen admitted in a response to the Tor Project shared with WIRED, adding that “caution is advised” when drawing conclusions about the study’s results.

Tor executive director Roger Dingledine followed up in a statement to WIRED pointing out that Tor hidden services represent only 2 percent of total traffic over Tor’s anonymizing network. He defended Tor hidden services’ privacy features. “There are important uses for hidden services, such as when human rights activists use them to access Facebook or to blog anonymously,” he wrote, referring to Facebook’s launch of its own hidden service in October. “These uses for hidden services are new and have great potential.”

Here’s how the Portsmouth University study worked: From March until September of this year, the research group ran 40 “relay” computers in the Tor network, the collection of thousands of volunteer machines that bounce users’ encrypted traffic through hops around the world to obscure its origin and destination. These relays allowed them to assemble an unprecedented collection of data about the total number of Tor hidden services online—about 45,000 at any given time—and how much traffic flowed to them. They then used a custom web-crawling program to visit each of the sites they’d found and classify them by content.

The researchers found that a majority of Tor hidden service traffic—the traffic to the 40 most visited sites, in fact—were actually communications from “botnet” computers infected with malware seeking instructions from a hacker-controlled server running Tor. Most of those malware control servers were offline, remnants of defunct malware schemes like the Skynet botnet whose alleged operator was arrested last year.

But take out that automated malware traffic, and 83 percent of the remaining visits to Tor hidden service websites sought sites that Owen’s team classified as related to child abuse. Most of the sites were so explicit as to include the prefix “pedo” in their name. (Owen asked that WIRED not name the sites for fear of driving more visitors to them.) The researchers’ automated web crawler downloaded only text, not pictures, to avoid any illegal possession of child pornographic images or video. “It came as a huge shock to us,” Owen says of his findings. “I don’t think anyone imagined it was on this scale.”

Despite their popularity on the Tor network, child abuse sites represent only about 2 percent of Tor hidden service websites—just a small number of pedophilia sites account for the majority of Dark Web http traffic, according to the study. Drug-related sites and markets like the now-defunct Silk Road 2, Agora or Evolution represented a total of about 24 percent of the sites measured in the study, by contrast. But visits to those sites accounted for only about 5 percent of site requests on the Tor network, by the researchers’ count. Whistleblower sites like SecureDrop and Globaleaks, which allow anonymous users to upload sensitive documents to news organizations, accounted for 5 percent of Tor hidden service sites, but less than a tenth of a percent of site visits.

The study also found that the vast majority of Tor hidden services persist online for only a matter of days or weeks. Less than one in six of the hidden services that was online when Owen’s study began remained online at the end of it. Since the study only attempted to classify sites by content at the end of its six month probe, Tor director Roger Dingledine points out that it could over-represent child abuse sites that remained online longer than other types of sites. “[The study] could either show a lot of people visiting abuse-related hidden services, or it could simply show that abuse-related hidden services are more long-lived than others,” he writes. “We can’t tell from the data.”

The Study Raises the Question: How Dark Is The Dark Web?

Other defenders of the Tor network’s importance as an alternative to the public, privacy-threatened Web will no doubt bristle at Owen’s findings. But even aside from the Tor Project’s arguments about why the study’s findings may be skewed, its results don’t necessarily suggest that Tor is overwhelmingly used for child abuse. What they may instead show is that Tor users who seek child abuse materials use Tor much more often and visit sites much more frequently than those seeking to buy drugs or leak sensitive documents to a journalist.

Nonetheless, the study raises new questions about the darkest subcultures of the Dark Web and law enforcement’s response to them. In November, the FBI and Europol staged a massive bust of Tor hidden services that included dozens of drug and money laundering sites, including three of the six most popular anonymous online drug markets. The takedowns occurred after Owen’s study concluded, so he doesn’t know which of the pedophilia sites he measured may have been caught in that dragnet. None of the site takedowns trumpeted in the FBI and Europol press releases mentioned pedophilia sites, nor did an analysis of the seizures by security researcher Nik Cubrilovic later that month.

In his Chaos Computer Congress talk, Owen also plans to present methods that could be used to block access to certain Tor hidden services. A certain number of carefully configured Tor relays, he says, could be used to alter the “distributed hash table” that acts as a directory for Tor hidden services. That method could block access to a child abuse hidden service, for instance, though Owen says it would require 18 new relays to be added to the Tor network to block any single site. And he was careful to note that he’s merely introducing the possibility of that controversial blocking measure, not actually suggesting it. One of Tor’s central purposes, after all, is to evade censorship, not enable it.

The study could nonetheless lead to difficult questions for the Tor support community. And it could also dramatically shift the larger public conversation around the Dark Web. Law enforcement officials and politicians including New York Senator Chuck Schumer have railed against the use of Tor to enable online drug sales on a mass scale, with little mention of child abuse. Owen’s study is a reminder that criminal content is hiding in the shadows of the Internet that make drug sales look harmless by comparison—and whose consumers may be more active than anyone imagined.
http://www.wired.com/2014/12/80-perc...a-study-finds/





How Laws Restricting Tech Actually Expose Us to Greater Harm
Cory Doctorow

We live in a world made of computers. Your car is a computer that drives down the freeway at 60 mph with you strapped inside. If you live or work in a modern building, computers regulate its temperature and respiration. And we're not just putting our bodies inside computers—we're also putting computers inside our bodies. I recently exchanged words in an airport lounge with a late arrival who wanted to use the sole electrical plug, which I had beat him to, fair and square. “I need to charge my laptop,” I said. “I need to charge my leg,” he said, rolling up his pants to show me his robotic prosthesis. I surrendered the plug.

You and I and everyone who grew up with earbuds? There's a day in our future when we'll have hearing aids, and chances are they won't be retro-hipster beige transistorized analog devices: They'll be computers in our heads.

And that's why the current regulatory paradigm for computers, inherited from the 16-year-old stupidity that is the Digital Millennium Copyright Act, needs to change. As things stand, the law requires that computing devices be designed to sometimes disobey their owners, so that their owners won't do something undesirable. To make this work, we also have to criminalize anything that might help owners change their computers to let the machines do that supposedly undesirable thing.

This approach to controlling digital devices was annoying back in, say, 1995, when we got the DVD player that prevented us from skipping ads or playing an out-of-region disc. But it will be intolerable and deadly dangerous when our 3-D printers, self-driving cars, smart houses, and even parts of our bodies are designed with the same restrictions. Because those restrictions would change the fundamental nature of computers. Speaking in my capacity as a dystopian science fiction writer: This scares the hell out of me.

The general-purpose computer is one of the crowning achievements of industrial society. Prior to its invention, electronic calculating engines were each hardwired to do just one thing, like calculate ballistics tables. John von Neumann's “von Neumann architecture” and Alan Turing's “Turing-complete computer” provided the theoretical basis for building a calculating engine that could run any program that could be expressed in symbolic language. That breakthrough still ripples through society, revolutionizing every corner of our world. When everything is made of computers, an improvement in computers makes everything better.

But there's a terrible corollary to that virtuous cycle: Any law or regulation that undermines computers' utility or security also ripples through all the systems that have been colonized by the general-purpose computer. And therein lies the potential for untold trouble and mischief.

Because while we've spent the past 70 years perfecting the art of building computers that can run every single program, we have no idea how to build a computer that can run every program except the one that infringes copyright or prints out guns or lets a software-based radio be used to confound air-traffic control signals or cranks up the air-conditioning even when the power company sends a peak-load message to it.

The closest approximation we have for “a computer that runs all the programs except the one you don't like” is “a computer that is infected with spyware out of the box.” By spyware I mean operating-system features that monitor the computer owner's commands and cancel them if they're on a blacklist. Think, for example, of image scanners that can detect if you're trying to scan currency and refuse to further process the image. As much as we want to prevent counterfeiting, imposing codes and commands that you can't overrule is a recipe for disaster.

Why? Because for such a system to work, remote parties must have more privileges on it than the owner. And such a security model must hide its operation from the computer's normal processes. When you ask your computer to do something reasonable, you expect it to say, “Yes, master” (or possibly “Are you sure?”), not “I CAN'T LET YOU DO THAT, DAVE.”

If the “I CAN'T LET YOU DO THAT, DAVE” message is being generated by a program on your desktop labeled HAL9000.exe, you will certainly drag that program into the trash. If your computer's list of running programs shows HAL9000.exe lurking in the background like an immigration agent prowling an arrivals hall, looking for sneaky cell phone users to shout at, you will terminate that process with a satisfied click.

If your com- puter decides it can’t let you do some- thing, you’ll certainly want to drag that HAL9000 .exe file to the trash. Matt Dorfman

So the only way to sustain HAL9000.exe and its brethren—the programs that today keep you from installing non-App Store apps on your iPhone and tomorrow will try to stop you from printing gun.stl on your 3-D printer—is to design the computer to hide them from you. And that creates vulnerabilities that make your computer susceptible to malicious hacking. Consider what happened in 2005, when Sony BMG started selling CDs laden with the notorious Sony rootkit, software designed to covertly prevent people from copying music files. Once you put one of Sony BMG's discs into your computer's CD drive, it would change your OS so that files beginning with $sys$ were invisible to the system. The CD then installed spyware that watched for attempts to rip any music CD and silently blocked them. Of course, virus writers quickly understood that millions of PCs were now blind to any file that began with $sys$ and changed the names of their viruses accordingly, putting legions of computers at risk.

Code always has flaws, and those flaws are easy for bad guys to find. But if your computer has deliberately been designed with a blind spot, the bad guys will use it to evade detection by you and your antivirus software. That's why a 3-D printer with anti-gun-printing code isn't a 3-D printer that won't print guns—the bad guys will quickly find a way around that. It's a 3-D printer that is vulnerable to hacking by malware creeps who can use your printer's “security” against you: from bricking your printer to screwing up your prints to introducing subtle structural flaws to simply hijacking the operating system and using it to stage attacks on your whole network.

This business of designing computers to deliberately weasel and lie isn't the worst thing about the war on the general-purpose computer and the effort to bodge together a “Turing-almost-complete” architecture that can run every program except for one that distresses a government, police force, corporation, or spy agency.

No, the worst part is that, like the lady who had to swallow the bird to catch the spider that she'd swallowed to catch the fly, any technical system that stops you from being the master of your computer must be accompanied by laws that criminalize information about its weaknesses. In the age of Google, it simply won't do to have “uninstall HAL9000.exe” return a list of videos explaining how to jailbreak your gadgets, just as videos that explain how to jailbreak your iPhone today could technically be illegal; making and posting them could potentially put their producers (and the sites that host them) at risk of prosecution.

This amounts to a criminal sanction for telling people about vulnerabilities in their own computers. And because today your computer lives in your pocket and has a camera and a microphone and knows all the places you go; and because tomorrow that speeding car/computer probably won't even sport a handbrake, let alone a steering wheel—the need to know about any mode that could be exploited by malicious hackers will only get more urgent. There can be no “lawful interception” capacity for a self-driving car, allowing police to order it to pull over, that wouldn't also let a carjacker compromise your car and drive it to a convenient place to rob, rape, and/or kill you.

If those million-eyed, fast-moving, deep-seated computers are designed to obey their owners; if the policy regulating those computers encourages disclosure of flaws, even if they can be exploited by spies, criminals, and cops; if we're allowed to know how they're configured and permitted to reconfigure them without being overridden by a distant party—then we may enter a science fictional world of unparalleled leisure and excitement.

But if the world's governments continue to insist that wiretapping capacity must be built into every computer; if the state of California continues to insist that cell phones have kill switches allowing remote instructions to be executed on your phone that you can't countermand or even know about; if the entertainment industry continues to insist that the general-purpose computer must be neutered so you can't use it to watch TV the wrong way; if the World Wide Web Consortium continues to infect the core standards of the web itself to allow remote control over your computer against your wishes—then we are in deep, deep trouble.

The Internet isn't just the world's most perfect video-on-demand service. It's not simply a better way to get pornography. It's not merely a tool for planning terrorist attacks. Those are only use cases for the net; what the net is, is the nervous system of the 21st century. It's time we started acting like it.
http://www.wired.com/2014/12/governm...puter-security





Now There's an App For Detecting Government Stingray Cell Phone Trackers
Lily Hay Newman

IMSI catchers, otherwise known as stingrays, are those surveillance tools that masquerade as cell towers and trick mobile phones into connecting, spewing private data in the process. Law-enforcement agencies have been using them for awhile, but there's never been a good way for individuals to detect them. But that was before SnoopSnitch.

Released for Android on Monday, SnoopSnitch scans for radio signals that indicate a transition to a stingray from a legitimate cell tower. The app was created by German security researchers Alex Senier, Karsten Nohl, and Tobias Engel from SRLabs and presented at the Chaos Computer Congress. The group explains, "SnoopSnitch collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates."

Currently, only rooted Android phones with Qualcomm chipsets collect the type of information that the app needs to detect stingrays (a lot of Sony smartphones and Samsung Galaxy handsets have the right chips), but the researchers are working on figuring out how to get the information they need from other configurations as well so the app can support more handsets.

The app can't protect people's phones from connecting to stingrays in the first place, but it can at least let them know that there is surveillance happening in a given area. Nohl told Motherboard that he thinks of SnoopSnitch as a "catcher catcher." He said, "There's no one set of information, taken by itself, that allows you to detect an IMSI catcher, but we do stream analysis of everything that happens on your phone, and can come out with a warning if it crosses a certain threshold."

A stingray protection cloak would be great, but for now just knowing when and where your phone is connecting to them could be useful.
http://www.slate.com/blogs/future_te...stingrays.html





Media Companies (and Executives) on the Hot Seat in 2015
David Carr

THE MEDIA EQUATION

While it’s great news that the economy is (slowly) coming back, it’s important to remember that a rising tide does not necessarily lift all boats. That is especially true in the media industry, where a bad stretch of advertising and extensive challenges to existing business models have clobbered many legacy outfits.

Now that the economic cycle is no longer creating such stiff headwinds, though, excuses will be tough to come by. Next year will not only be a period of continued disruption, but a reckoning as well.

Certain new realities are beyond argument: Clutter is up — more ads, more channels, more content — advertising rates continue to drop, and audiences are programming their own universe in text, video and audio. Consumers don’t want to watch commercials, are fleeing networks, hate reruns, are increasingly bored by reality programming, shun print products and, oh, by the way, don’t want to pay much for content either.

Yikes.

Here at Media Equation H.Q. — which actually consists of me, my cube and some bobble heads — we thought now might be a good time to take stock of companies, businesses and executives who have much to worry about in the coming year.

Here, then, is the Hot Seat list for 2015.

ANYONE RUNNING A MOVIE STUDIO OR A THEATER CHAIN

Never mind hacking, who stole all those moviegoers? Ticket sales at the box office fell 4 percent this year versus last year, and in the first nine months, profits at Regal Entertainment, the No. 1 theater chain, were down 50 percent compared with the previous year. More worrisome still, the Nielsen Company said last week that movie attendance for Americans ages 12 to 24 dropped 15 percent in the first nine months of 2014, compared with the same period a year earlier.

Movies have become a tent-pole business, meaning that they are dependent on blockbusters garnering huge domestic and international box office sales that mint franchises the studios can ride for years. If young people — a critical demographic — are too busy cocooning with their little screens or looking at bigger and bigger ones at home, it’s going to make that corner office on the studio lot feel like a sauna.

PHIL GRIFFIN, PRESIDENT OF MSNBC

Those familiar with television news will tell you that Mr. Griffin is one of the smartest people around, but you wouldn’t know it from MSNBC’s ratings. Stalwarts of the liberal-leaning channel — “The Rachel Maddow Show” and “Morning Joe” — are posting some of their lowest ratings ever and some of the fixes that Mr. Griffin has come up with — Ronan Farrow, anyone? — went nowhere.

Cable news outfits are always compared with Fox News, but that channel is in its own business, which involves grilling and serving red meat to devoted conservatives. With a Democratic president viewed by many as disappointing, and control of both houses belonging to Republicans, liberals are less interested in tuning in to chronic outrage. It’s been said that television news is a business where elections, in the form of ratings, are held every night, and by that measure, MSNBC is losing its base. Eventually, attention will focus on both the overall approach and the leader of the ticket.

PHILIPPE DAUMAN, CHIEF EXECUTIVE OF VIACOM

As head of Viacom, Mr. Dauman makes serious coin — $37.2 million in salary, stock and options last year — which is swell for him, but with big money comes significant expectations. Viacom’s once-storied collection of channels now looks more like stuff you’d find in the bargain bin. Ratings for its networks, including MTV, Comedy Central and Nickelodeon, dropped 15 percent in the quarter that ended in September and while Mr. Dauman rightly points out that Nielsen data failed to capture viewing on other platforms, there is no denying the broader trend.

Nickelodeon, which produces about half of the company’s profits, has been in a pronounced slide, and Comedy Central will have to reboot part of its nightly programming now that Stephen Colbert is headed to CBS. I’m not the only skeptic: Disney’s stock is up almost 25 percent on the year, while Viacom’s dropped 11.75 percent. Sumner Redstone, the chairman of the company and controlling shareholder, is 91 years old and no clear succession is in place, so it’s hard to know exactly where the pressure will come from. But by any objective standard, Mr. Dauman is up against some brutal realities in an increasingly Darwinian cable world.

DEBORAH TURNESS, PRESIDENT OF NBC NEWS

Ms. Turness, a British television news executive, was hired in August 2013 to turn around a division where the “Today” show had fallen from the top of the morning heap and its lead in nightly news was being challenged. She hired Jamie Horowitz, an executive from ESPN, to overhaul the morning show with a great deal of fanfare, and he lasted all of 10 weeks. His firing, after reports of conflicts with talent and executives at the network, was a significant embarrassment for Ms. Turness. And the slow-motion, inelegant dismissal of David Gregory from “Meet the Press” kicked up additional negative chatter about her management approach. Network news is a tough racket to begin with, but Ms. Turness is coming off a big stumble. She will have to dust herself off, because 2015 will be no more kind.

MARK THOMPSON, CHIEF OF THE NEW YORK TIMES COMPANY

The question of how quality news outlets will make enough money to support robust newsroom staffs is not specific to Mr. Thompson, who was brought in as chief executive from the BBC two years ago, but it has deep implications at The Times.

Digital and print news providers face crushing pressure from so-called programmatic sales, which lowers the yield on advertising; the switch to mobile, which is harder to make money from; and the rise of platforms like Facebook, which compete for readers interested in keeping up with the news.

At The Times, more than half the revenue now comes from consumers, not advertisers, and fully half of the digital consumers arrive via mobile devices. But just 10 percent of digital advertising derives from mobile, a disconnect that will create big problems if it lingers.

Although The Times’s metered model opened up a new source of revenue — there are now 875,000 digital-only subscribers — new lower-cost online-subscription approaches like NYT Now have not taken off as hoped. Mr. Thompson has the full confidence of the company’s publisher, Arthur Sulzberger Jr., but declines in print advertising and circulation have created holes in revenue that a recent round of buyouts and layoffs can’t begin to fill. That very tough math will be squarely on Mr. Thompson’s desk in the coming year.

JOSEPH RIPP, CHIEF EXECUTIVE OF TIME INC.

After being cut loose by Time Warner last year, the new publicly traded Time Inc. announced a flurry of digital initiatives and lots of restructuring. But since the spinoff, Time Inc. has lost senior executives, the flagship People brand continues to struggle and talk of acquisitions seems far-fetched. Mr. Ripp puts a brave face on it, pointing to increased digital ad sales, but it becomes more obvious with each passing day that Time Inc., once a symbol of New York publishing might, will probably not continue as a stand-alone magazine company. Look for Mr. Ripp to cut a deal with Meredith next year that will scan as a merger, but is really a sale.

AND THE REST

There is a big list of people and companies that may not be on the hot seat in the calendar year, but who will still be rowing upstream. After some wins with “House of Cards” and “Orange Is the New Black,” Netflix stumbled with “Marco Polo,” an expansive, expensive series that fell flat. With Amazon and others increasingly in the picture, it will take lots of new programming and new hits to stay ahead of the crowd. ... Unless something world-changing is underway, live news is not working on CNN as it once did, and Jeff Zucker, the president of CNN, has yet to crack the code on programming that will help the network escape the tyranny of the news cycle. ... Marissa Mayer has many other problems at Yahoo, but her big foray into news and information looks like a bust. The high-level talent hired as part of the initiative seems to be in witness protection, and analysts are openly discussing a merger with AOL, another longtime behemoth with some identity issues. ... David Cohen, Comcast’s executive vice president and Beltway ambassador, put a great deal of shoulder and rhetoric in pushing through the merger with Time Warner Cable. But what looked like a fait accompli now seems much less so.

Keep in mind I could be wrong about a lot of this speculation, and if I am, my own chair may heat up a bit. In an increasingly fraught environment, no one in media-land can expect to live a life beyond consequence.
http://www.nytimes.com/2014/12/29/bu...t-in-2015.html





Box Office 2014: Moviegoing Hits Two-Decade Low

A number of tentpoles underperformed in North America, helping to fuel the slowdown
Pamela McClintock

The number of people going to the movies in 2014 in North America slipped to its lowest level in two decades.

According to preliminary estimates, roughly 1.26 billion consumers purchased cinema tickets between Jan. 1 and Dec. 31. That's the lowest number since 1.21 billion in 1995 and not that far ahead of 1994 (1.24 billion). The last time admissions fell below the 1.3 billion mark was in 2011, when only 1.28 billion people when to the movies.

Official figures for 2014 won't be released until the National Association of Theater Owners calculates the average movie ticket price for 2014 (that can't happen until the average for the fourth quarter is figured out). However, the average ticket price for 2014 is likely to be at least $8.15, compared to $8.13 for 2013.

Read more Todd McCarthy's 10 Best Films of 2014

Year-over-year, attendance looks to be off 6 percent from 2013, when admissions clocked in at 1.34 billion.

Admissions have fluctuated dramatically over the years, and particularly since the advent of modern-day 3D, which can skew the average ticket price. Moviegoing in North America hit an all-time high in 2002, when 1.57 billion consumers lined up, thanks in part to Spider-Man ($403 million), The Lord of the Rings: The Two Towers ($339.8 million), Star Wars: Episode II — Attack of the Clones ($302.2 million), Harry Potter and the Chamber of Secrets ($262 million) and My Big Fat Greek Wedding ($241.4 million).

Overall revenue for the North American box office in 2014 is expected to finish at roughly $10.36 billion, down 5 percent over 2013 and marking the biggest year-over-year decline in nine years.

If there's any good news, it's that the film business has used the fall and winter — including a prosperous Christmas season — to reverse some of the damage suffered this summer, when revenue tumbled 15 percent over 2013 and hit an eight-year low. Also, a number of smaller films did big business, helping to boost the bottom line, while the international box office is as vibrant as ever.

Read more Best of 2014: Biggest Box Office Surprises

The culprit for malaise in North America?

A number of summer tentpoles underperformed compared to previous installments, including Sony's The Amazing Spider-Man 2 (May 2) and Paramount's Transformers: Age of Extinction (June 27). And while November's The Hunger Games: Mockingjay — Part 1, from Lionsgate, is only the second release of 2014 to cross $300 million after Disney and Marvel's Guardians of the Galaxy (Aug. 1), it still won't match its predecessors, both of which earned north of $400 million domestically. (So far, Guardians is the top earner of 2014 domestically at $332 million, although Mockingjay isn't far behind, grossing north of $306 million to date.)
http://www.hollywoodreporter.com/new...g-hits-760766?





A Q&A with the Hackers Who Say they Helped Break into Sony’s Network
Brian Fung

Lizard Squad. That's the hacker group whose name is suddenly on everyone's lips after it took credit for ruining Christmas for PlayStation and Xbox gamers everywhere.

But in an unusual interview Friday, a self-proclaimed member of the "cyberterrorist" group said Lizard Squad also played a role in the massive attack against Sony Pictures Entertainment. A person identifying himself as a Lizard Squad administrator said the group provided a number of Sony employee logins to Guardians of Peace, the organization that allegedly broke into Sony's network and prompted the film studio to initially withdraw "The Interview" from theaters.

If true, it would be the first open acknowledgement by a Lizard Squad member that the group was involved in the Sony attack. The administrator also conceded that the group went too far in August, when it tweeted a bomb threat to American Airlines, prompting the midflight diversion of a jet carrying Sony executive John Smedley by F-16 fighters. He also shed more light on the group's membership, saying most are based in the European Union and eastern Europe and therefore aren't too worried about FBI investigations into Lizard Squad.

To help show he was a controlling member of the Lizard Squad, the individual published a confirmation tweet from a Twitter account closely associated with the group, @LizardMafia (a message that I saw but unfortunately didn't screen-capture before it got deleted). The administrator gave his name as "a Ryan Cleary," but further questioning revealed he was not the same Ryan Cleary who was convicted of hacking into the CIA and other agencies as part of the hacking group LulzSec. While we may never be able to prove for certain that @LizardMafia and its affiliated Web site actually speak for the real Lizard Squad — or that Lizard Squad is in fact behind the attacks against Sony and Microsoft — I was at least able to determine that "Ryan Cleary" commands a substantial following of people who believe he represents Lizard Squad. (Update: Security researcher Brian Krebs reports he's identified who "Ryan" may be.)

What follows is an edited transcript of our conversation, which was conducted in a private online chatroom.

Brian Fung: So, I guess one of the first questions everyone will want an answer to is… how can we be sure you're Lizard Squad?

Ryan Cleary: Uh, it says this [chatroom] on the Twitter account. [At this point, Cleary turns to another administrator in the chatroom and asks him to add a "confirmation file" to the Lizard Squad Web site.] Also, I e-mailed you to come here.

But let's just say I was some random person who doesn't know a thing about Lizard Squad — wouldn't I assume that somebody unconnected to Lizard Squad could have just made up your e-mail address? Or made up the Twitter account but separately from the folks who are actually running Lizard Squad?

Well, you could verify the e-mail based on the Twitter account. [Cleary turns to the other administrator and again asks for a file to be added to the Web site for verification.] There should be a verification tweet for you on @lizardmafia: https://twitter.com/LizardMafia/stat...64027522445313

All right, thanks.

Okay. Verified enough?

I think so. So the big question surrounding this latest PlayStation Network/Xbox Live incident is, why, and why now? What do you hope to accomplish with it?

Well, one of our biggest goals is to have fun, of course. But we're also exposing massive security issues with these companies people are trusting their personal information with. The customers of these companies should be rather worried.

In this case it seems less like a leak of personal information than an attack that simply makes the services crash. What does overloading a system have to do with security flaws?

Quite a bit. It tells you how much money they've put into securing their systems. Not having people take down your business critical systems like this should be one of your top security priorities. Which it clearly isn't.

So if I understand correctly, you're saying Sony and Microsoft's systems should be able to scale to handle all this incoming traffic.

Absolutely. We told them almost a month before that we'd do this. And yet we had no difficulties dropping them.

How much data are, or were, you throwing at them per second?

About 1.2 [terabits per second].

Are you guys gamers yourselves?

Not really, no. Unless this counts as a game. I guess this is kind of a game for us.

Tell me more.

Well, it's often sort of like a game of chess. Your opponent does something to prevent your attack, and you alter your attack to get around your opponents' defenses.

What do you think Sony and Microsoft's countermove will be?

Good question. So far only Sony has actually tried to defend against us. They made a deal with a large DDoS protection company, Prolexic, after apparently deciding they stood no chance against us in-house.

Microsoft put up no resistance?

None we could detect. And if we can't tell they're trying to stop us, does it even matter?

You guys said you'd hold your fire after you struck a deal with Kim Dotcom. Has he followed through on that deal? Has he produced the vouchers he offered?

Yes, he has.

This could give the impression that you can — if you'll forgive the term — be bought off. Is that concerning?

Well, no.

Care to elaborate?

[A long pause ensues, about 10 minutes.]

Okay so we're not too worried that someone might think we can be "bought off." Being bought off is still a win for us and a loss to someone else. We're not an activist group.

What kind of group are you, would you say? If you had to describe yourself?

Well, we've been humorously describing ourselves as a cyberterrorist group. I mean, referring to us as a hacker/hacking group would probably be the simplest choice.

Some reports suggest you've got links to Guardians of Peace, and possibly to the Islamic State. Can you talk about that for a minute?

[Another long pause, about five minutes.]

Well, we do know some people from the gop. We do not have any links to the IS.

But you didn't work with Guardians of Peace to breach Sony's network and gain access to the e-mails, etc.? In other words, you know some people but weren't involved in the Sony hack surrounding 'The Interview'?

[A seven-minute pause.]

Well, we didn't play a large part in that.

What part did you play?

We handed over some Sony employee logins to them. For the initial hack.

Like, a lot of them? And how did you come by them yourselves?

We came by them ourselves. It was a couple.

[Another pause that's punctuated by several connection errors.]

Let's switch gears — tell me about this Tor zero-day. What's the deal with that? Why are you attacking Tor?

Okay. First of all there's no actual zero day. We're just running an extremely large amount of Tor nodes. I don't believe anyone has done this at such a scale before. I believe we currently control almost 50% of overall Tor network and over 70% of exit nodes.

And what's the goal of this operation?

To make everyone understand how easy this flaw in Tor is to exploit. Right now, if we wanted to — well, not right now but in a few hours — we could redirect most of outgoing Tor traffic to lizardsquad.ru. All the traffic going through the exits which we control, which is 70% of total exits.

So instead of winding up at the site people wanted, they would wind up at a site of your choosing?

Yep. [Since this interview was conducted, developers at the Tor Project have said they were removing Lizard Squad's nodes from the network.]

What else can you tell me about the Tor relay situation?

People involved with the Tor project seem to be largely disregarding the issue as something easy to block. But yes, it is easy to block because we made it easy to block. But if we wanted to, we could do this same attacks from hacked boxes with different IPs [computers with different IP addresses] and use completely randomized info for each node, and add the nodes to the network over the period of a month or so. There'd be no practical way of identifying our nodes.

Making it harder to tell who was conducting the attack, and how to stop it.

The only thing that would be possible would be to know that there is an attack going on, because there'd be an unexpectedly large amount of new nodes entering the network but there'd be no way to identify which of those new nodes are malicious and which aren't so it'd be near impossible to blacklist them.

Earlier on the Tor message board, someone said that Lizard Squad had had an "opsec facepalm" [a breach in operational security that could allow law enforcement to track Lizard Squad members]. Can you respond to that briefly?

That guy is somewhat dumb. I've been talking with him [in the Tor chatroom]. [In the attack,] we set our contact info on our Tor nodes to devin.bharath.AT.lizardmafia. He believes devin.bharath is the name of an actual lizardsquad member, which it isn't. We just decided to use it because someone [tried to out] us as him.

What about the rest of it — his assertion that "most of you are based in the US" and that the FBI is breathing down your neck? Are you worried about law enforcement (particularly U.S. law enforcement)?

No, that's not true. Most of us are based in EU and Eastern Europe.

What kind of pressure has law enforcement had on you there?

Law enforcement really isn't that big of a deal for us here.

Are there hacking operations you've seen that you think go too far?

Only time I think we went a bit too far was the American Airlines incident.

Tell me more.

Well, we accidentally got some F-16s to escort [Sony Online Entertainment president] John Smedley's plane.

And that was too much because…?

Well — didn't expect the fighter jets.

Like, there was the possibility of someone getting hurt, you mean? Or things spiraled a bit out of control?

[A long pause.]

Well, that was going a bit overboard.

I see. Seems like between the initial Sony hack, this latest Xbox Live/PlayStation Network attack, and now Tor, Lizard Squad is increasing its activity. Is this a conscious strategic decision?

Well, we're definitely ramping up our activities. But it's not really a conscious decision.

What do you say to critics who say you're claiming credit for the actions of others?

We don't really pay much attention to those critics, they're all people trying to get their 15 minutes of fame on our expense.

And what else do you have planned?

[A long pause. Cleary apologized and said he was on with the BBC at the moment.]

We don't really have any plans set in stone as of right now.
http://www.washingtonpost.com/blogs/...sonys-network/





Sony Hacking Attack, First a Nuisance, Swiftly Grew Into a Firestorm
Michael Cieply And Brooks Barnes

It was three days before Thanksgiving, the beginning of a quiet week for Sony Pictures. But Michael Lynton, the studio’s chief executive, was nonetheless driving his Volkswagen GTI toward Sony’s lot at 6 a.m. Final planning for corporate meetings in Tokyo was on his agenda — at least until his cellphone rang.

The studio’s chief financial officer, David C. Hendler, was calling to tell his boss that Sony’s computer system had been compromised in a hacking of unknown proportions. To prevent further damage, technicians were debating whether to take Sony Pictures entirely offline.

Shortly after Mr. Lynton reached his office in the stately Thalberg building at Sony headquarters in Culver City, Calif., it became clear that the situation was much more dire. Some of the studio’s 7,000 employees, arriving at work, turned on their computers to find macabre images of Mr. Lynton’s severed head. Sony shut down all computer systems shortly thereafter, including those in overseas offices, leaving the company in the digital dark ages: no voice mail, no corporate email, no production systems.

A handful of old BlackBerrys, located in a storage room in the Thalberg basement, were given to executives. Staff members began to trade text messages using hastily arranged phone trees. Sony’s already lean technical staff began working around the clock, with some people sleeping in company offices that became littered with stale pizza. Administrators hauled out old machines that allowed them to cut physical payroll checks in lieu of electronic direct deposit.

Still, for days the episode was viewed inside Sony as little more than a colossal annoyance. Though Sony executives were quickly in touch with federal law enforcement officials, the company’s initial focus was on setting up jury-rigged systems to let it limp through what was expected to be a few days or weeks of inconvenience. The company’s first statement on the breach, made on Nov. 24, seems almost absurdly bland in retrospect: “We are investigating an I.T. matter.”

In fact, less than three weeks later Sony would be the focal point of a global firestorm over a growing digital attack on its corporate identity and data; its movie “The Interview,” about the fictional assassination of the North Korean leader Kim Jong-un; and its own handling of the ensuing crisis.

Interviews with over two dozen people involved in the episode suggest that Sony — slow to realize the depths of its peril — let its troubles deepen by mounting a public defense only after enormous damage had been done. The initial decision to treat the attack as largely an internal matter reflected Hollywood habit and the executive sang-froid of Mr. Lynton, who can be cool almost to a fault. As Mr. Lynton discovered, however, at a midpoint in the episode, this predicament required a wholly different approach.

In truth, “There is no playbook for us to turn to,” Mr. Lynton told his staff at one point. Mr. Lynton and his colleagues underestimated the ferocity of the interaction between the news media and the hackers as the drama unfolded in December. Hackers released the information to traffic-hungry websites, which published the most embarrassing details, while Sony mostly stayed publicly silent.

Hurt by a misstep when it announced the cancellation of a Christmas Day release for “The Interview,” Sony was knocked about by criticism by the White House, Hollywood stars and others who accused it of capitulating to extortionist threats. The studio’s ultimate success in showing its film in face of a terror threat came after Mr. Lynton’s natural reserve fell more in line with the passion and grit of the studio’s co-chairwoman, Amy Pascal, who was undermined early in the attack by the disclosure of embarrassing personal emails.

The son of a German Jew who served in British intelligence during World War II, Mr. Lynton, 54, had weathered past corporate crises, including an inherited accounting scandal when he ran the Penguin publishing house and a recent attempt by the activist investor Daniel S. Loeb to force change at Sony. But neither of those episodes matched the complexity and surreal twists of the hacking, which ultimately became a test of national will, a referendum on media behavior and a defense of free expression, even of the crudest sort.

“What it amounted to was criminal extortion,” Mr. Lynton said in an interview.

By Dec. 1, a week after Sony discovered the breach, a sense of urgency and horror had penetrated the studio. More than a dozen F.B.I. investigators were setting up shop on the Culver City lot and in a separate Sony facility near the Los Angeles airport called Corporate Pointe, helping Sony deal with one of the worst cyberattacks ever on an American company.

Mountains of documents had been stolen, internal data centers had been wiped clean, and 75 percent of the servers had been destroyed.

Everything and anything had been taken. Contracts. Salary lists. Film budgets. Medical records. Social Security numbers. Personal emails. Five entire movies, including the yet-to-be-released “Annie.”
Michael Lynton, the studio’s chief executive, and his colleagues underestimated the potential for trouble the breach represented, and kept a long and damaging silence.

Later, it would become apparent through files stolen by the hackers and published online that Mr. Lynton and Ms. Pascal had been given an oblique warning. On Nov. 21, in an email signed by “God’s Apstls,” the studio was told to pay money for an unspecified reason by Nov. 24. If the studio did not comply, the bizarre missive said, “Sony Pictures will be bombarded as a whole.”

But the warning either did not find its way to Mr. Lynton or he missed its importance in the daily flood of messages to his inbox. In the first days of the attack, responsibility for which was claimed by a group calling itself “Guardians of Peace,” the notion of North Korean involvement was little more than a paranoid whisper.

In June, a spokesman for North Korea’s Ministry of Foreign Affairs said in a statement said the country would take “a decisive and merciless countermeasure” if the United States government permitted Sony to make its planned Christmas release of the comedy “The Interview.”

At the time, the threat seemed to many almost as absurd as the film, which was not mentioned in early communications from the hackers.

In the gossipy nexus that quickly connected Hollywood’s trade news media with studio insiders and a growing circuit of information technology experts, talk circulated of a “mole” — a Sony employee who was presumed by many to have been instrumental in penetrating the computer systems and spotting the most sensitive data.

The theory of violation by an ex-employee or disgruntled insider persists among computer security experts who remain unpersuaded by the F.B.I.'s focus on evidence pointing toward North Korea, which the agency made public in a news release on Dec. 19.

But senior Sony executives, speaking on the condition of anonymity because the investigation is incomplete, now say the talk of a rogue insider reflects a misunderstanding of the F.B.I.'s initial conclusions about the hacking. Federal investigators, they said, did not strongly suspect an inside job.

Rather, these executives said, the F.B.I. found that the hackers had used digital techniques to steal the credentials and passwords from a systems administrator who had maximum access to Sony’s computer systems. Once in control of the gateways those items opened, theft of information was relatively easy.

Government investigators and Sony’s private security experts traced the hacking through a network of foreign servers and identified malicious software bearing the familiar hallmarks of a hacking gang known as Dark Seoul. Prodded for inside information at a social gathering — long before the F.B.I. announced any conclusions — Doug Belgrad, president of Sony’s motion picture group, responded, “It’s the Koreans.”

As the F.B.I. stepped up its inquiry, the hackers — who still had made no explicit mention of “The Interview” — dropped the first in a series of data bundles that were to prove a feast for websites like Gawker and mainstream services like Bloomberg News for weeks.

And so was set a pattern. Every few days, hackers would dump a vast new group of documents onto anonymous posting sites. Reporters and other parties who had shown an interest in searching the Sony files were then sent email alerts — essentially digital treasure maps from the hackers.
Amy Pascal, co-chairwoman of Sony, offered apologies and outrage as executive emails were dumped online.

The files seemed to fulfill every Hollywood gossip’s fantasy of what is said behind studio walls. Ms. Pascal was caught swapping racially insensitive jokes about President Obama’s presumed taste in African-American films. A top Sony producer, Scott Rudin, was discovered harshly criticizing Angelina Jolie. Mr. Lynton was revealed to be angling for a job at New York University.

Sony technicians privately started fighting back by moving to disrupt access to the data dumps. But the studio — apart from public apologies by Ms. Pascal — was largely silent on the disclosures.

In this, Mr. Lynton was perhaps betrayed by his own cool. While Ms. Pascal alternately wept and raged about the violation, Mr. Lynton assumed the more detached manner that had served him well in the publishing world. Mr. Lynton engaged in debates with lawyers who rendered conflicting opinions as to whether media outlets could in fact be stopped from trading in goods that were, after all, stolen.

As a tough and seasoned executive in her own right, Ms. Pascal brought badly needed expression to emotions that many, perhaps most, Sony employees were feeling. Hoarse and humbled, she would eventually bring colleagues to her side with an address at an all-hands gathering on the Sony lot in which she said: “I’m so terribly sorry. All I can really do now is apologize and ask for your forgiveness.”

Until shortly before that, Mr. Lynton was hesitant about confronting media outlets with legal action. But the lawyer David Boies persuaded him there was a case to be made against free trade in information that was essentially stolen property. Mr. Boies on Dec. 14 began sending legal warnings to about 40 media outlets using the stolen data.

On Dec. 15, while rallying the troops at that gathering on the Sony lot, Mr. Lynton displayed flashes of anger and words of resolve — fighting spirit he had not shown publicly. “Some of the reporting on this situation has been truly outrageous, and is, quite frankly, disgusting,” he said. He urged employees not to read the anticipated next waves of emails, lest they turn on one another.

“I’m concerned, very concerned, that if people continue to read these emails, relationships will be damaged and hurt here at the studio,” he said.

Shortly before 10 a.m. the next day, Dec. 16, the hackers made good on their promise of a “Christmas gift,” delivering thousands of Mr. Lynton’s emails to the posting sites. With the emails came a message that within minutes converted the hacking from corporate annoyance to national threat and fully jolted Sony from defense to offense.

“Soon all the world will see what an awful movie Sony Pictures Entertainment has made,” it said. “The world will be full of fear. Remember the 11th of September 2001.” The message specifically cited “The Interview” and its planned opening.

Unfazed until then by Sony’s problems, exhibitors were instantly galvanized. “When you invoke 9/11, it’s a game changer,” said one theater executive.

Within hours, the National Association of Theater Owners convened a board meeting. Through the day, the exhibitors were briefed by Sony executives (though not by Mr. Lynton), who took a position that infuriated some owners: The studio would not cancel the film, but it would not quarrel with any theater that withdrew it because of security concerns.

“Sony basically punted,” said one theater executive, speaking on the condition of anonymity because of confidentiality strictures. “Frankly,” the executive added, “it’s their movie, and their mess.”

Carmike Cinemas, one of the country’s four largest chains, was the first to withdraw. By the morning of Dec. 17, owners of about 80 percent of the country’s movie theaters — including Regal Entertainment, AMC Entertainment, and Cinemark, already mired in legal fights over a 2012 theater shooting in Colorado — had pulled out.

At the same time, Mr. Lynton was advised by George Rose, who is in charge of human resources, that employees, for the first time since the initial attack, were showing signs of being deeply shaken by the possibility of violence to themselves and to the audience.

That afternoon, Sony dropped “The Interview” from its schedule. In theory, the studio had gotten its way by putting the onus for cancellation on apprehensive theater owners.

But Sony at that moment made a critical error. In a hasty statement, in some cases delivered orally to reporters, the studio said it had “no further release plan” for “The Interview.” In fact, Mr. Lynton had been talking with Google’s chairman, Eric E. Schmidt, and others about an alternative online release — discussions that Google would later confirm publicly. But Sony’s statement was widely interpreted to mean Sony would shelve the movie for good, leaving an impression that it had caved to the hackers and a terrorist threat.

The reaction was swift and furious. Hollywood stars and free speech advocates sharply criticized the decision. On Friday, Dec. 19, President Obama used his final news briefing of the year to rebuke Sony for its handling of the North Korean threat: “We cannot have a dictator imposing censorship in the U.S.” For Mr. Lynton, the president’s remarks became a personal low point in the entire affair. He had expected support from Mr. Obama — of whom Mr. Lynton and his wife, Jamie, were early and ardent backers in 2007. “I would be fibbing to say I wasn’t disappointed,” Mr. Lynton told a CNN interviewer shortly afterward, understating his reaction. (Mr. Lynton had already agreed to the CNN interview and, in fact, watched the president’s news conference from a TV in a CNN lounge.)

“You know, the president and I haven’t spoken,” Mr. Lynton added. “I don’t know exactly whether he understands the sequence of events that led up to the movies’ not being shown in the movie theaters.”

The president’s decision to specifically — and harshly — criticize Sony was not mapped before the news conference, according to two senior American officials. But it was clear to Mr. Obama’s aides and national security staff that the president felt passionately about the issue and was eager to push for the film’s release, the officials said.

Shortly after the president spoke, shocked Sony executives spoke with senior members of the White House staff, asking whether they had known that the president was going to criticize them. The staff members told the executives that nothing had been planned.

In the end, the exchanges were constructive, as administration officials persuaded Sony that an expanded electronic attack was unlikely; that gave the studio cover to tell the distributors and theaters they were very likely safe to show the film. But Mr. Obama played no direct role in pushing deals that, in less than a week, would put “The Interview” online and in 331 smaller theaters.

Sony’s Christmas Eve triumph in announcing an immediate online release of “The Interview” was more fragile than it looked. While Google had been committed for a week, Microsoft and its Xbox service came aboard only late the night before.

In the end, the film may be seen by more viewers than if it had experienced an unimpeded, conventional release, particularly if, as studio executives suspect, those who paid for the film online were joined by friends and family. Sony said “The Interview” generated roughly $15 million in online sales and rentals during its first four days of availability.

Now, five weeks into the episode, Sony’s internal technology is still impaired. Executives estimate that a return to normal is at least five to seven weeks away.

But the studio’s spirit apparently remains intact. Showing up in the Sony cafeteria for lunch last week, as a theatrical release and the Google and Microsoft deals were announced, Mr. Lynton was surrounded by 30 to 40 employees who told him they were proud to be at Sony and to get the movie out.

“If we put our heads down and focus on our work, I honestly think we can recover from this in short order,” Mr. Lynton said on Sunday.
http://www.nytimes.com/2014/12/31/bu...irestorm-.html





‘The Interview’ Brings In $15 Million on Web
Michael Cieply

“The Interview” generated roughly $15 million in online sales and rentals during its first four days of availability, Sony Pictures said on Sunday.

Sony did not say how much of that total represented $6 digital rentals versus $15 sales. The studio said there were about two million transactions over all.

“The Interview,” a farce that depicts the killing of the North Korean leader Kim Jong-un, was withdrawn from a planned theatrical release after major exhibitors declined to show it because of a terror threat. Small theater chains revived the movie in several hundred theaters, while Sony and its business partners simultaneously offered the film online.

The limited theatrical run generated $2.9 million from Thursday to Sunday, according to box office tracking services.

Apple’s iTunes on Sunday joined streaming services owned by Google and Microsoft in offering “The Interview” online. YouTube Movies, the Google Play store and Microsoft’s Xbox, as well as a Sony-owned site, have rented and sold the film since last Wednesday.
http://www.nytimes.com/2014/12/29/bu...nes-store.html





Arctic Fibre Project to Link Japan and U.K.

A 24-terabit-per-second undersea cable will connect Japan and the U.K. and also bring broadband to remote Arctic communities
Amy Nordrum

Meter by meter, a slim vein of fiber-optic cable will soon start snaking its way across the bottom of three oceans and bring the world a few milliseconds closer together. The line will start near Tokyo and cut diagonally across the Pacific, hugging the northern shore of North America and slicing down across the Atlantic to stop just shy of London. Once the cable is live, light will transmit data from one end to the other in just 154 milli#seconds—24 ms less than today’s speediest digital connection between Japan and the United Kingdom. That may not seem like much, but the investors and companies eager to send information—stock trades, wire transfers—are so intent on earning a fraction-of-a-second advantage over competitors that the US $850 million price tag for the approximately 15,600-kilometer cable may well be worth it.

Arctic Fibre, the Toronto-based company building the cable, is the first to try to connect the globe’s economic centers by laying fiber optics through the long-sought #Northwest Passage—the pinhole of open water that warmer temperatures have brought to the Arctic. #British Telecom, China Unicom, Facebook, Google, Microsoft, and #TeliaSonera are watching closely, but so are tens of thousands of Canadians and Alaskans who stand to gain a huge boost in Internet access.

Marine surveys will plot the cable’s route this summer, and the line will be custom built to the surveyors’ specifications. The installation is scheduled to start a year from now, and the cable could be in service by the end of 2016.

Along its route, the cable will pass directly through seven Alaskan communities and cross 25 more communities in Canada. Those connections will bring 57,000 Canadians and 26,500 Alaskans online, most of whom have never before had access to broadband.

“The thing about Alaska is, it’s so big,” says Katie Reeves, program coordinator with Connect Alaska, a broadband advocacy group based in Anchorage. “The distance between communities is hundreds of miles, and there might only be a few people there. They deserve Internet, but it’s hard for [local service provider] GCI or other carriers in the state to justify building out to those communities, because they don’t think they’re going to get a return on their investment.”

Though the United States’ Federal Communications Commission recommends access to download speeds of at least 4 megabits per second, the average download speed in rural areas of Alaska rarely tops 3 Mbps. Plus, there are still 21,000 households and 6,000 businesses without any access to broadband at all.

Across the border in northern Canada, the Internet is sent down from Anik F2, a telecommunications satellite owned by Telesat Canada. On paper, Anik F2 provides access at 5 Mbps, the minimum download speed recommended by Industry Canada, the nation’s economic development agency. But in reality, that connection is often plagued by long delays and poor reliability due to the distance the signal must travel. (In 2011, a technical problem with Anik F2 knocked out service for thousands of people in 39 communities.)

Doug Cunningham, president and CEO of Arctic Fibre, knows this misery all too well: Because upload speeds were too slow, he had to use a courier to send his 227-page environmental report on the cable to the review board in Cambridge Bay, a hamlet in Canada’s most northern province.

“The biggest benefit [of the cable] is really to those residents in communities in Alaska and to the Canadian Arctic who will be released from their satellite captivity,” he says. “For many people in the Canadian North, YouTube is a dream.”

Arctic Fibre, the cable’s owner, will not sell broadband directly to homes and businesses; it will provide only the backbone from which carriers will siphon these services. But the company predicts that prices could be slashed by 75 percent for equivalent service or that northern customers might receive six to seven times as much bandwidth for the current price.

The new broadband will easily transmit classes from the University of Alaska or permit researchers at the Canadian High Arctic Research Station to upload large data sets. Telemedicine recently debuted at four health-care systems, including the U.S. Department of Veterans Affairs in Alaska, and better broadband could keep patients from having to travel hundreds of kilometers to seek services. Access will also be a boon to rural businesses.

All of these benefits stem from a 4-#centimeter cable. Barges will lay it along most of the route. But to prevent a 1,800-km detour by sea, there is a 51-km section that must cross the Boothia Peninsula, a roadless scrap of tundra in northern Canada. Cunningham says that laying this stretch will require stuffing four large reels of cable through the door of a Hercules aircraft, flying onto a remote airstrip, packing the cable onto sleds, and pulling it across a frozen lake. The crew must then snowmobile along the cable’s intended route, cutting a trench about 30 cm deep through permafrost to bury the line.

That’s all far more work than any company would do to just to serve rural communities in the far north. And with an end-to-end capacity of 24 terabits per second, it’s far more than Arctic residents need. After having so little access for so long, they will be awash in broadband. “The capacity is incredible. They’ll never use all of that capacity,” says Desiree Pfeffer of Quintillion Networks, the Alaska-based arm of Arctic Fibre.

Even though the main point of Arctic Fibre is to connect two of the world’s busiest hubs, Cunningham is pleased that his fellow Canadians will benefit from the project. “I’ve been building systems and financing them for over 20 years, and I’m 63 years old, so this is probably one of my last projects and certainly the largest one,” he says. “This is something I’ve come back to Canada to do.”
http://spectrum.ieee.org/telecom/int...k-japan-and-uk





Google to FCC: If You Go with Title II, Don’t Forget Our Favorite Part

Regulating ISPs means Google Fiber should get access to utility poles.
Joe Mullin

The FCC is currently getting public feedback about the possibility of regulating Internet service providers under Title II of the Communications Act. Cable companies are stridently opposed to such rules, but a relatively new competitor in the space, Google, sees an opportunity.

In Google's public comment, filed yesterday with the FCC, the company emphasizes that any such regulation must be careful to confer the benefits of such regulation along with the responsibilities.

The benefit most interesting to Google? Access to utility poles and other infrastructure.

As noted, the Commission has recognized that access to poles, ducts, conduits, and rights-of-way owned or controlled by utilities is essential for broadband deployment," writes Austin Schlick, Google's director of communications law. "Forbearance from allowing [broadband Internet] providers access to available infrastructure under Section 224 would... maintain[] a substantial barrier to network deployment by new providers such as Google Fiber."

The short four-page comment doesn't actually say whether Google supports Title II or not. The Wall Street Journal, which reported on Google's filing earlier today, noted that Google has had trouble getting access to utility poles as it creates its Google Fiber network. AT&T gave Google some trouble over pole access in Austin, Texas.

"If Title II gives Google pole access, then it might really rock the world with broadband access," former FCC Chairman Reed Hundt told the WSJ.

Google declined to comment on the filing.
http://arstechnica.com/tech-policy/2...favorite-part/





Get Ready: The FCC Says it Will Vote on Net Neutrality in February
Brian Fung

Federal regulators looking to place restrictions on Internet providers will introduce and vote on new proposed net neutrality rules in February, Federal Communications Commission officials said Friday.

President Obama's top telecom regulator, Tom Wheeler, told fellow FCC commissioners before the Christmas holiday that he intends to circulate a draft proposal internally next month with an eye toward approving the measure weeks later, said one official who spoke on the condition of anonymity because the agency's deliberations are ongoing. The rules are meant to keep broadband providers such as Verizon and Comcast from speeding up or slowing down some Web sites compared to others.

FCC spokeswoman Kim Hart declined to comment on Wheeler's communications with his colleagues, but confirmed the February timetable, which ends weeks of speculation as to when the FCC would make its next move.

It's still unclear what rules Wheeler has in mind for Internet providers. Analysts and officials close to the agency say that momentum has been building recently for far more aggressive regulations than Wheeler had initially proposed. Advocates of strong net neutrality, including President Obama, have urged the FCC to begin regulating Internet service providers using the same law it uses to oversee telephone companies — Title II of the Communications Act. Industry advocates have resisted that call, saying the FCC should continue to lightly regulate Internet providers under Title I of the act.

Many policy experts widely assumed the new rules would be introduced in the early part of the year after the FCC missed its initial December target. The agency is scheduled to hold its monthly meeting on Feb. 26.

The timing indicates Wheeler does not see the need for more public input on the benefits and drawbacks of using Title II, as earlier reports suggested. It also implies the FCC will not be able to avoid a showdown with Congress over net neutrality. Republican lawmakers are expected to introduce legislation this month to preempt any FCC rule on the subject.
http://www.washingtonpost.com/blogs/...y-in-february/





As Comcast Merger Enters Final Phase, Deal May Be On Thin Ice
Jeff John Roberts

When telecom giant Comcast announced plans in February to swallow its largest rival, Time Warner Cable, the consensus in Washington and on Wall Street was that regulators would let the deal go through. Now, as the final phase of an FCC comment period draws to a close, all bets are off.

Recently, views of the merger have shifted amid growing public concern over the state of U.S. broadband, which is rapidly eclipsing pay TV as consumers’ go-to source for entertainment and information. Meanwhile, Comcast’s rivals have gained momentum in their quest to stop the deal.

The final outcome of the review process involves many wild cards — from the fate of net neutrality to Republican control of Congress — but it’s safe to say for now, based on evidence and experts, that the merger’s chances of passing are lower than they were a few months ago.

A new skepticism

A shift in sentiment over Comcast’s proposed merger has been reflected in both stock market activity and by the behavior of the deal’s opponents.

Investors’ doubt about the merger’s fate can be seen in the fact that share prices of Comcast and Time Warner Cable are still valued as if the companies are separate entities. As the New York Times noted in November, the adjusted share price of two firms should move toward the same value as the close of the merger approaches — but that is not happening.

Corporate opponents, such as Netflix and smaller telecom firms, have recently ramped up their lobbying game, and launched a new anti-merger campaign.

According to sources in Washington, the fact these companies are bankrolling new initiatives like “Stop Mega Comcast” so late in
the process reflects a newfound hope that the FCC or the Justice Department will block the deal. This is a contrast from the summer when merger opponents sometimes conceded in private that they viewed Comcast as too big and too well-connected to stop.

These developments are evidence of the growing skepticism over the deal’s prospects, but they don’t describe the underlying reasons for that skepticism. Those reasons are rooted in evolving views over how regulators should examine the antitrust issues that led to a review of the deal in the first place.

When the deal was announced in February, Comcast sought to preempt antitrust objections by promising that it would divest some cable TV subscribers in order to ensure the combined company would have less than 30 percent of the U.S. market — thereby quelling concerns about monopoly.

The problem is that the monopoly fears surrounding the deal don’t just stem from its potential effect on the cable TV market.

Bully for broadband

“What makes Comcast unique is its power in three different facets — as a programmer, a distributor and an ISP,” Maurice Stucke, an antitrust professor at the University of Tennessee, told me in a recent interview.

According to Stucke, who opposes the merger, Comcast has tried to frame its proposed acquisition of Time Warner Cable through the lens of cable distribution and downplay other dimensions of the deal, especially its potential effect on the market for internet services.

Stucke suggests the combined company would have an unrivaled ability to leverage its broadband connections in order to get exclusive online deals from content providers, or to give special treatment to some websites over others.

In practice, this would see Comcast and its X-1 set-top box acting as a new type of master gatekeeper, determining which apps and websites can be easily accessed by consumers. Indeed, there are signs this is happening already.

“What makes Comcast unique is its power in three different facets — as a programmer, a distributor and an ISP.”

Earlier this year, Comcast demanded that Netflix pay tolls to prevent its internet stream from being degraded. In the future, critics fear, a merger would make it easier for Comcast to exercise the same sort of control over a wide range of other over-the-top internet services, including a standalone HBO. Comcast could one day control online entertainment options in the same way that it currently controls TV channels.

Such fears have led merger opponents to say the FCC or the Justice Department should step in not because of cable TV concentration, but to ensure that Comcast can’t monopolize broadband-based content.

The actual amount of control that a combined Comcast–Time Warner Cable would wield over the internet is in dispute. Comcast claims the merger will not give it a commanding slice of the broadband marketshare, while critics warn the merger will hand the company control of over half the residential high speed connections in the country.

The question now is what the FCC will conclude, and how both the agency and the Justice Department will respond.

So far, FCC Chairman Tom Wheeler has been clear that he believes the U.S. needs more and faster broadband, and that competition is the key to achieving this. This could bode ill for Comcast’s merger plans if Wheeler agrees that the deal is indeed about internet service, not cable TV.

At the same time, Wheeler will have to contend with Comcast’s contention that internet competition should not be defined only by conventional connections, but by other forms of internet access like fiber, next generation DSL or over-the-air offerings from phone carriers and others.

“Anyone who tells you what the future of broadband holds is shooting in the dark. We’ve seen time and again people’s inability to predict what will happen in the real world,” said Christopher Yoo, a law professor at the University of Pennsylvania, who argues that the FCC should leave broadband build-out to the market and let the merger go through.

Entrepreneur Mark Cuban has likewise expressed concern that the FCC might do more harm than good by taking a hands-on role in promoting broadband. Others, however, point out that many consumers have only one realistic option for high speed-broadband and that a Comcast merger would result in these de facto monopolies becoming more entrenched.

Picking battles

Comcast’s proposed merger is facing an unprecedented level of opposition, which will grow more shrill in the wake of a final round of comments that poured in this week from competitors and public interest groups. Meanwhile, a new filing foul-up by Time Warner Cable has forced the agency to slow down the review process for a second time, and the longer the review process drags on, the less likely it will succeed.

While the momentum is on the sides of the opponents, the overall merger process itself is tied not only to the broadband debate, but to the greater game of the FCC and Washington politics. In this context, Chairman Tom Wheeler must take account of an incoming Congress that will be controlled by Republicans, many of whom support the merger.

While the FCC is an independent agency and Wheeler controls three of the five necessary votes to make decisions, any sign that he intends to block the merger could result in a partisan backlash in the form of threats to the FCC budget or a series of subpoenas. People who know Wheeler say he would find the latter possibility — in which he would have to sit before grandstanding minor-league Republicans — especially irksome.

The threat of partisan obstruction also has implications for the FCC’s other agenda items, including a major spectrum auction that Wheeler regards as critical to the country’s broadband future and that he hopes to make part of his legacy. A political blow-up with Republicans could make the auction harder to pull off.

Meanwhile, there is the ongoing dance over net neutrality, and whether the FCC will reclassify broadband providers as so-called Title II common carriers, which, for now, is the only legal path to prevent internet companies — including Comcast and Time Warner Cable — from giving special treatment to some websites over others.

After the White House delivered an unexpected declaration of support for Title II in November, the FCC is expected to go forward with the reclassification process early in 2015. The plans to do so, however, are already drawing howls of protest and political shenanigans from the telecom giants, including Comcast. As a result, a decision to block the merger would make Comcast a double loser, and potentially lead the company to seek political payback against the rest of Wheeler’s agenda. (For now, however, the outcome of the Title II is still up in the air pending the FCC’s decision and recent proposals for a new type of net neutrality legislation.)

A final piece of the political puzzle related to the merger lies with the Justice Department, which could offer the FCC important covering fire but has yet to do so.

Specifically, the Justice Department could declare that it regards the merger as a violation of antitrust laws, and that it intends to sue under the Clayton Act. The legal case for a lawsuit appears to be strong, and the mere threat of legal action would likely be enough to scupper the deal (as occurred when AT&T sought to acquire T-Mobile). But for now the file still lies in the FCC’s lap, in part because it can stop the merger simply by not acting.

Under the law, the FCC must conclude that a cable merger benefits the public before granting approval. In the case of Comcast and Time Warner Cable, the benefits are far from clear, which means the agency can stop the merger by demanding a sky-high host of concessions or simply by sitting on its hands.

Doing either of those things, however, would require Wheeler to absorb the full political backlash, which is why he may be waiting to see if the Justice Department will weigh in.

The end game

Right now, the proposed merger between Comcast and Time Warner Cable still stands a good chance of going through. Yoo, the law professor, and people at Comcast acknowledge that its prospects are not as rosy as before, but are ultimately optimistic about its chances.

The final outcome, though, is likely to be determined by a combination of politics and straight-up policy analysis. At Gigaom, the editorial staff is opposed to the merger on the grounds that it will diminish competition in the market for broadband, and allow Comcast to shoehorn the new era of online entertainment into the old bundle model of cable TV.

But these considerations may not be determinative. The ultimate decision, which is likely to come in February or March, must be made by Chairman Wheeler, and will be shaped in large part by the degree of support he receives from the Justice Department.
https://gigaom.com/2014/12/24/as-com...e-on-thin-ice/





Surprise: TWC and Comcast are the Two Most Hated Companies in America
Zach Epstein

Time Warner Cable and Comcast are two of the largest Internet and pay TV service providers in the country, and they are still pursuing efforts to undergo a merger that would create the single largest ISP in the country. If the merger is successful, that combined entity would also instantly be the most unpopular company in America.

According to the results of an extensive new study that many people will find unsurprising considering the results of similar surveys in the past, Time Warner Cable and Comcast are the two most hated brands in America.

The University of Michigan conducts its American Consumer Satisfaction Index each year in an effort to determine the most beloved and most hated household brands in the United States. Researchers poll Americans over the course of the year and compile the results to give each company included in the study a customer satisfaction score between 0 and 100.

This latest study includes data obtained through more than 70,000 interviews, and it covers 230 different brands.

In 2014, Time Warner Cable found itself on the bottom of the list, having placed not just in the worst position, but in the two worst positions. TWC’s Internet service scored a 54 out of 100, down significantly from the 63 it scored in 2013, and the company’s pay TV service scored a 56 to take the second-lowest spot out of all 230 brands included in the survey.

Comcast’s Internet service took the third-worst spot on the list with a score of 57 out of 100, down from the 62 it scored last year.

Other Internet service providers on the list this year include Verizon FiOS and AT&T Uverse, which scored 71 and 65, respectively. Both of those scores are unchanged compared to 2013. CenturyLink scored a 65, Cox Communications scored a 64 and Charter Communications scored a 61.

Also of note, Walmart scored the lowest among retailers in 2014 with a customer satisfaction score of 71 compared to the 83 achieved by Nordstrom, which was the top-scoring retailer in America.
http://bgr.com/2014/12/30/twc-custom...ction-comcast/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

December 27th December 20th, December 13th, December 6th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 08:12 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)