Daily Archives: October 9, 2011

German government-created Trojan horse program secretly spying on Web users without their consent

Chaos Computer Club: German gov’t software can spy on citizens

MSNBC | Oct 8, 2011

By Bob Sullivan

A well-regarded Germany-based hacker group claims a German government-created Trojan horse program is capable of secretly spying on Web users without their consent.

The group says on its website that it obtained and analyzed a piece of software that is supposed to be a “lawful interception” program designed to listen in on Internet-based phone calls as part of a legal wiretap, but its capabilities go far beyond legal bounds.

The program is capable of logging keystrokes, activating Webcams, monitoring Web users’ activities and sending mountains of data to government officials, the club said.

To cover its tracks, the data is routed through rented servers located in the United States, the club alleges.

“To avoid revealing the location of the command and control server, all data is redirected through a rented dedicated server in a data center in the USA,” the Club said on its website.

The German government has yet to comment on the findings, but already, antivirus companies are reacting to them. Security firm F-Secure will detect and disable the alleged government monitoring software if found on clients’ computers, it announced on Saturday.

“Yes, it is possible the Trojan found by CCC is written by the German government. We just can’t confirm that,” said Mikko Hypponen, F-Secure’s chief technology officer, via Twitter.

The program, labeled a “backdoor” because it can open a computer to surreptitious access, targets certain applications for keylogging, including Firefox, Skype, MSN Messenger, ICQ and others, according to F-Secure.

“We do not know who created this backdoor and what it was used for,” Hypponen wrote on F-Secure’s blog. “(But) We have no reason to suspect CCC’s findings.”

German courts have long allowed use of a backdoor program known as “Bundestrojan” — “federal Trojan,” in English — which permits government investigators to listen in on Skype-based phone calls as part of a legal wiretap order.  Skype and other kinds of Internet phone calls that can be encrypted are particularly troubling for law enforcement, because they can be used by suspects to evade wiretaps.

After a court battle in 2008, Bundestrojan was ruled legal as long as it screened only very specific communications — essentially, Internet telephone calls.

But the Chaos Computer Club announced Saturday that it had obtained a copy of what it believed was a copy Bundestrojan, and that the program has capabilities that go far beyond legal wiretapping. In addition to keylogging and screen shots, the software is also capable of remote control and upgrade.

“This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown Trojan is possible in practice – or even desired…. The Trojan’s developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court,” said the club on its site. “Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case, functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system.”

The club also criticized security measures put in place by programmers of the alleged Trojan. Poor encryption implementation means a malicious third-party could intercept the government communications, or take control of government-infected machines, it said.

“This complete control over the infected  PC – owing to the poor craftsmanship that went into this trojan –  is open not just to the agency that put it there, but to everyone,” the club said. “The security level this trojan leaves the infected systems in is comparable to it setting all passwords to ‘1234.’ ”

Worse yet, the flaws make it possible to place false evidence on a suspect’s computer.

“(This) puts the whole rationale for this method of investigation into question,” the club said.

The well-regarded hacker group, founded in the 1970s, didn’t say where it had obtained the program, but said it had analyzed several different copies. It said the German Ministry of the Interior had been informed about the findings, and the club publicly demand that the German government stop using the program and initiate its self-destruction capabilities.

While Bundestrojan is designed to tap communications of suspects after a government official obtain permission from a German court, there is no technical reason that the software could not be used on U.S. citizens traveling in Germany, or even on Web users who are outside of Germany.

Government use of voice-over-IP monitoring software first came to light in 2006 when the Swiss government announced it was considering software written by Swiss-based ERA IT Solutions. At the time, Switzerland said the program’s use would require a court order.

Antivirus companies have long held that they would detect and disable any such government-monitoring software found on users’ machines. That public stance dates from 2001, when an msnbc.com report revealed that the FBI had developed a Trojan called Magic Lantern, which had capabilities similar to Bundestrojan.  F-Secure’s policy statement on Bundestrojan references Magic Lantern.

Still, the firm said it has not yet faced a direct confrontation with a government agency over the policy.

“We have never before analyzed a sample that has been suspected to be governmental backdoor,” it said Saturday. “We have also never been asked by any government to avoid detecting their backdoors.”

The Chaos Computer Club used the announcement to make a generic plea for less electronic monitoring by government officials.

“The (government) should put an end to the ever-growing expansion of computer spying that has been getting out of hand in recent years, and finally come up with an unambiguous definition for the digital privacy sphere and with a way to protect it effectively,” it said.  “Unfortunately, for too long the (government) has been guided by demands for technical surveillance, not by values like freedom or the question of how to protect our values in a digital world. It is now obvious that he is no longer able to oversee the technology, let alone control it.”

Den busters: Children in tears after park officials pull down their camps…because they might harm the insects


Just having fun: Children have had their dens pulled down in Richmond Park

Daily Mail | Oct 9, 2011

By Ian Gallagher

Children have been left distraught after seeing their makeshift dens torn down by park officials – because the camps harm insects.

The destruction took place in historic Richmond Park in South-West London, where it has long been a tradition for children to build hide-outs using fallen tree branches in an area called Spankers Hill Wood.

But last week the wigwam-style dens were pulled down after being deemed unsafe by officials, who also claimed they threatened the habitat of rare beetles.

One mother described how her seven-year-old son was left in tears as park employees moved in without warning.

‘We were at an ice-cream kiosk when six men jumped out of a van wearing high-visibility jackets,’ said the woman, from nearby Kingston-upon-Thames.

‘They were all over the den like ants, pulling it down. They also destroyed others nearby. My son and his friend were shouting, trying to get them to stop, but they carried on and then drove off.

‘The boys were upset. It was ridiculous – building dens is one of the great innocent pleasures of childhood. They were only using dead wood and branches that were lying on the ground. The den was only small and not in the least bit dangerous.’

The mother added: ‘The man at the kiosk said workers came round on a regular basis to take the camps down. He said he’d heard it was for safety reasons.

‘We’re forever being told about the dangers of children spending too much time in front of computers and televisions, yet this is what happens when they play outside. It’s such a shame because Richmond Park is a
wonderful place for them.’

The workers took down the dens opposite a mobile snack bar, where several benches and tables allow parents to relax as they watch
their children play safely on the edge of a wood.

Richmond Park has strict rules banning barbecues and prohibiting cyclists from some areas.

One park worker said: ‘You can’t stop children falling out of trees and pulling branches off. It’s not that big a deal. Perhaps they should
concentrate on the cyclists who regularly break the speed limit.’

Psychologists and education experts say it is essential for children to be allowed the freedom to explore and create their own  adventures in the open air, particularly when many spend hours cooped up at home watching television or playing electronic games.

Play England, run by the National Children’s Bureau charity, was recently awarded £500,000 of National Lottery funding for a project to encourage children to become more aware of the natural world.

Research has shown that less than 25 per cent of children regularly play outside, compared with more than 50 per cent of their parents when they were young.

Play England’s Mick Conway said: ‘It is a myth that children prefer indoor-based play activities. Playing in a park or riding a bike are far more popular with children than computer games.’

Richmond Park, one of London’s Royal Parks, has been designated a Site of Special Scientific Interest because of its wildlife, including rare
species such as the cardinal click beetle and the stag beetle. Deer also roam its 2,500 acres.

A Royal Parks spokesman said: ‘We recognise the benefits of natural play activities, but for the safety of visitors we have to dismantle dens if there is a risk they could collapse.

‘Visitors should not disturb dead wood on the ground as this is home to invertebrates, which are important to the park’s biodiversity.’

Low temperature and snowfall records to be broken across the UK this winter


Cars battle snowy weather in December last year. Britain is just weeks away from being in the grip of freezing temperatures as low as -20C, forecasters have predicted

Brrr-ace yourselves! Britain to shiver in -20C in WEEKS as councils stockpile extra grit

Snow already falling in Scotland

Temperatures in London today are 16.5C lower than last week

Daily Mail | Oct 8, 2011

By Emily Allen

Britain is just weeks away from being in the grip of temperatures as low as -20C, forecasters have predicted.

Parts of Britain already saw snow this week, with two inches falling in the Cairngorms in Scotland.

The rest of Britain is being warned to brace itself for wintry conditions and falling snow from the beginning of November.

And it looks like the colder weather is already on its way – as temperatures today plunged in certain areas to just 8C – a staggering 21.5C below last weekend’s record highs – with the wind chill making it feel decidedly colder.

In central London today readings of 13C were recorded, in Macduff, Aberdeenshire, the mercury plummeted to 8C, while Plymouth, in Devon, was comparatively basking in 16C of heat.

The warning of freezing weather comes as a survey from council leaders reveals local authorities are stockpiling thousands of tonnes of extra road salt this year in anticipation of another white winter.

James Madden, long-range forecaster for Exacta Weather, said: ‘I expect the most frequent and heavy snowfalls to occur across many parts of the UK during November, December and January at present.

‘I initially expect frequent and significant snowfalls across many northern regions and Scotland throughout this winter.

‘Any earlier snowfall is likely to be more confined to northern and western parts of the UK, although large scale low pressure systems also offer the potential for significant snowfalls to many parts of the UK.

‘I also expect November, December, January and February to feature largely below-average temperatures across many parts of the UK, it is likely that temperature and snowfall records will be broken within this defined time frame.’

Some shops are already planning ahead for the bad weather. Halfords has ordered in 10,000 plastic sledges in anticipation of the big freeze.

Research by the Local Government Association (LGA), which represents more than 350 councils in England and Wales, shows on average local authorities aim to have 1,500 tonnes more salt at the ready to treat roads and pavements than they did at the start of October 2010.

Each council spread about 3,900 tonnes of salt, on average, last year, while this year councils are armed with about 4,900 tonnes.

In total, an estimated 1.4million tonnes of salt is expected to be stockpiled this year.

Many authorities faced criticism last winter as the nation’s motorists battled dangerous roads caused by freezing temperatures, many becoming stranded.
Thousands of roads were left untreated as salt stocks plummeted and councils were forced to prioritise.

Cllr Peter Box, Chairman of the Local Government Association’s Economy and Transport Board, said: ‘Councils have a huge and important role to play in keeping the country running and know there is no room for complacency.

‘Treating the roads means children can still get to school safely, their parents can get to work, care workers can reach those in need, ambulances and police can tend to emergencies, and the wheels of business don’t grind to a halt.

‘Local authorities have been hard at work making preparations for this winter ever since the end of the last one and keeping the roads open will be our number one priority.

‘This year councils have more salt and better plans in place to make it go further while even more volunteers and community groups have been lined up to help with the great gritting effort.’

The Met Office is forecasting cloudy and cool weather today with some rain. Highs of 15C are anticipated in the west country with lows of 9C in parts of Scotland.

Outbreaks of rain are expected across the majority of the country tomorrow and into Monday.

DARPA Harnessing “Crowd Wisdom” to Develop New “Perch and Stare” Robot Spy Drones

DARPA Harnessing Crowd Wisdom to Develop New Perch and Stare UAVs

Wired | Oct 9, 2011

DAPRPA is seeking the wisdom of the crowds to innovate with new concepts for micro drones that will be able to perch and stare on the battlefield. Photo: DARPA

Different services of the U.S. military are working on different solutions providing persistent intelligence surveillance and reconnaissance (ISR) supporting the warfighter with miniature autonomous vehicles designed for ‘Perch and Stare’ mission profile. One of the most mature programs, the Shrike recently unveiled by Aerovironment was developed under Defense Advanced Research Programs Agency (DARPA) funding to develop a Stealthy Persistent Perch and Stare (SP2S) capability. But Jim McCormick, a program manager at the Defense Advanced Research Projects Agency (DARPA) believes that commercial off-the shelf (COTS) technology harnessed by the innovation of the ‘crowd’ could yield new capabilities that could benefit the warfighter even beyond these military funded programs. “we feel there is more potential there, and the current capability is still not ready for procurement. We hope that the crowd source will be able to overcome these barriers.” McCormick said, adding that 93 teams have already joined, some of them are foreign “Our focus is on innovation, regardless to where it comes from”.

Vertical take off and landing, transition from flight mode to observation mode, while maneuvering around obstacles are basic requirements. DARPA expects teams to demonstrate higher level of autonomy and automation, particularly in transition modes, obstacle avoidance and ‘follow-me’ flight mode, supporting operations on the move. The payload to be used should be able to identify persons or activities of interest up to 100 feet away with real-time video transmission monitored at a distance of two miles. Communications should be able to support non line of site, Total observation time may require up to three hours of pictures and/or video to document the facts. The vehicle should maintain low acoustic and visual signature to minimize probability of detection. The entire air vehicle must fit within a rucksack and a single person traveling by foot must be able to carry and operate the vehicle without assistance.

UAVforge, Crowdsourcing for UAV Innovation

For this program DARPA has collaborated with the U.S. Navy Space and Naval Warfare Systems center Atlantic PM DARPA to launch ‘UAVForge’, a global crowd sourcing competition to design, build, and fly advanced small unmanned air vehicle (UAV) systems. The winning team will get $100,000 prize to build 15 examples of the winning design to be evaluated by the military by spring 2012 at Camp Lejeune N.C. Teams can qualify for the competition until October 25, 2011. Voting for the winning teams will commence from Oct 27 till Nov 2, 2011.

DARPA has already employed a similar design contest designing and building a Crowd-Driven Combat Support Vehicle Prototype in 98 Days.

Guns From ATF “Operation Fast and Furious” Found in Home of Mexican Drug Cartel Enforcer

Fox News | Oct 9, 2011

WASHINGTON –  Assault weapons lost under the Fast and Furious gun surveillance program have been found in the Mexican home of the alleged leader of a massive drug cartel, according to The Los Angeles Times.

Forty high-powered assault weapons were found in the Ciudad Juarez home of Jose Antonio Torres Marrufo, a “feared” leader of the Sinaloa drug cartel in that city, according to the Times. The Sinaloa cartel is considered the most powerful drug trafficking organization in the world.

“These Fast and Furious guns were going to Sinaloans, and they are killing everyone down there,” one knowledgeable US government source told the Times.

The guns were part of a stash of weapons that went missing in Operation Fast and Furious, which was initiated in October 2009. Under the program, federal agents from the Bureau of Alcohol, Tobacco, Firearms and Explosives encouraged gun stores throughout the southwestern US to sell weapons to known and suspected straw buyers in the hopes of tracking them to Mexican drug cartels.

Related

Instead, more than 2,000 weapons were trafficked along the US-Mexico border, many to the Sinaloa cartel, and some guns were used in violent crimes in Mexico.

The House Oversight and Government Affairs Committee is planning to subpoena Attorney General Eric Holder this week to determine who in the Justice Department knew about the program and the missing guns, FOXNews.com reported Sunday. Holder maintains he knew nothing of the botched program until April.

Mexican police found the guns in Torres Marrufo’s home in April 2011, but the suspected cartel member was not home at the time.

Torres Marrufo, who has eluded capture, has been indicted in El Paso. He is alleged to be the enforcer for Sinaloa cartel chief Joaquin “Chapo” Guzman.

China seeks profit, shuns politics, in Afghanistan

A Chinese consortium in 2008 won Afghanistan’s first major mining contract, a deal to develop the Aynak copper deposits.

By Zhou Xin

Reuters | Oct 4, 2011

China Metallurgical Group acquired a 30-year lease to the Aynak copper mines

(Reuters) – The Chinese passengers boarding the weekly Ariana Flight 332 from the remote western city of Urumqi to Kabul speak volumes about ties between a rising China, the world’s number two economy, and its desperately poor and unstable neighbour, Afghanistan.

Of at least nine Chinese, six were heading for a China-funded copper mine, two were working for a Chinese telecom equipment maker and one was the boss of a Chinese restaurant, struggling to check in several boxes of illicit supplies, from alcohol to frozen pork.

“The situation is not as bad as news reports suggest, and I am hoping to make money,” said Li Xiaofeng, the restaurant owner, who is from the eastern Chinese province of Zhejiang and opened his restaurant in Kabul last year.

He is contributing to a tiny but growing trade flow between China and Afghanistan, which many in Kabul hope could be the country’s financial salvation as Western troops head home.

Bilateral trade between China and Afghanistan is currently just a fraction of trade with other “stans” — the turnover of $114.9 million in the year through July was 2 percent of Sino-Pakistan trade.

But the rich mineral reserves lying untapped in Afghanistan after decades of war are a tempting and potentially lucrative lure for resource-hungry China, whose companies have already shown an ability to operate profitably in hostile environments.

Related

China Unveils First Gold ATM

A Chinese consortium in 2008 won Afghanistan’s first major mining contract, a deal to develop the Aynak copper deposits.

The state-owned parent company of Metallurgical Corp of China Ltd (MCC) and China’s largest copper producer, Jiangxi Copper, are developing the mine, estimated to hold up to nine million tonnes.

The project is the biggest component of plans to wean Afghanistan off foreign aid that currently makes up most of the government budget. But progress has been slower than expected.

“Officials in Kabul always said yes, but on the site, there are always a lot of problems to handle,” one MCC official, who asked for anonymity, told Reuters.

MCC said in a statement that construction workers were currently idle as archaeological preservation works on a Buddhist monastery were under way.

NO POLITICAL, MILITARY COMMITMENT

The slow development may actually suit some officials back in Beijing, who are anxious to avoid a military or security role in the central Asian country.

China wants to stay out of the diplomatic spotlight in Afghanistan, said He Ming, deputy dean at East China Normal University’s international studies college, who recently held an academic conference on Afghanistan.

“It’s quite dangerous for China to play an active role in Afghanistan,” he said, referring to the expense and controversy that followed most foreign intervention in Afghanistan in recent decades — whether Soviet or Western-led.

“It’s okay for Chinese companies to start up projects there, but if you are talking about political influence … I don’t think China has the necessary conditions and abilities.”

Beijing’s ambiguous attitude to Kabul shows in official hesitance to open the border with Afghanistan. The frontier lies on a remote 76-km (47-mile) stretch of land at the end of the narrow valleys of the Wakhan Corridor.

But a dirt road leading up near China’s side of a high pass — reputedly used by Marco Polo — is not matched on the Afghan side, where farmers and herders still live much as they did centuries ago.

China fears the spread of Islamic militancy from Afghanistan into its restive Western Xinjiang region, home to millions of Uighur Muslims, and instability in Afghanistan.

So it has an interest in Afghanistan’s future, but has also watched the Soviet Union and the United States flounder there. As a result, Beijing plans to steer well clear of serious political or military engagement.

“China hopes there will be peace in Afghanistan, but as for what conditions there should be for peace, China has no seat on the negotiating table,” said Ye Hailin, a researcher with the Chinese Academy of Social Sciences in Beijing.

He added that Pakistan, rather than Afghanistan, was always Beijing’s top choice for exerting influence in the region.

“In China, the phrase ‘Af-Pak’ does not exist,” he said, referring to a term often used by Western diplomats and policy-makers, who consider the neighbours and their problems so closely linked they should be tackled together.

“Pakistan is a big Muslim sovereign nation; Afghanistan is a war-torn country eagerly awaiting reconstruction.”

RESOURCE HUNT MUST GO ON

But the wait-and-see stance of Beijing when it comes to politics and security has not deterred Chinese firms’ hunt for precious resources and profit.

In September, the China National Petroleum Corp (CNPC), China’s state-owned oil giant, was chosen as a preferred bidder for an oil field in northern Afghanistan.

“China has no choice, it has to go out to find resources to ensure energy security,” said Lin Boqiang, director of think-tank the Center for Chinese Energy Economics Research.

“For China’s state oil giants, they know clearly that they must take the risks, including risks in Afghanistan.”

Chinese firms already have a stake in nearly 40 projects in Afghanistan, with contracts worth nearly $500 million at the end of June, according to Wu Gangchen, the commercial counselor at the Chinese Embassy.

“Reconstruction means markets, reconstruction means opportunity,” Wu was quoted as saying in a recent interview with Beijing-based newspaper the International Business Daily.

He urged Chinese investors to keep their eyes open for possible deals in Afghanistan, particularly in the sectors of “energy, infrastructure, trade, service and processing.”

CNPC appears to agree, and if it can finalise its intended oil deal with Kabul as expected in mid-October, it would be a good news for national airline Ariana as well. On the sunny Thursday flight, only about a third of the seats were taken.