CHARLOTTE (AP) – Officials in the Vermont
town of Charlotte say they found listening devices in the Town Hall
that would have allowed someone to eavesdrop on both public and
private town business sessions.
Town Planner and
Selectboard assistant Dean Bloch says the bugs were discovered in
October during a retrofit of a dropped ceiling.
Shelburne Police, who serve Charlotte, say the devices weren’t
working and they could have been up to 10 years old.
Officer Chris Morrell said that the spying
device were “primitive.” He says the two microphones were connected
to battery-powered, wireless transmitters that might have carried a
signal into the parking lot.
SAN FRANCISCO – A federal judge on Tuesday ordered the U.S. government to pay more than $2.5 million in attorney fees and damages after he concluded investigators wiretapped the phones of a suspected terrorist organization without a warrant.
U.S. District Court Judge Vaughn Walker said the attorneys for the Ashland, Ore., chapter of the now-defunct Al-Haramain Islamic Foundation should receive $2.5 million for waging its nearly five-year legal challenge to the Bush administration’s so-called Terrorist Surveillance Program.
Walker also awarded $20,400 each to Wendell Belew and Asim Ghafoor, two of the foundation’s Washington D.C.-based lawyers. They had their phone conversations with Al-Haramain principals monitored, the judge said.
“The system worked,” Ghafoor said. “And we really hope that the government lets this stand and writes it off as a bad program from a previous administration..”
Earlier this year the judge found that investigators illegally intercepted the electronic communications without warrants. Government lawyers have refused throughout the litigation to disclose whether investigators eavesdropped, “although the fact of such surveillance is not in doubt,” the judge concluded.
The Department of Justice lawyer who defended the program in court for the Bush administration and then the Obama administration, Anthony J. Coppolino, didn’t return a phone call late Tuesday.
The judge refused to award any punitive damages, saying the investigators didn’t act in bad faith in following the guidelines of the controversial program exposed by the New York Times in 2005.
“The record shows that the government had reason to believe that Al-Haramain supported acts of terrorism and that critical intelligence could be obtained by monitoring Al-Haramain,” the judge said.
The Treasury Department froze the assets of the Ashland chapter and declared it a “specially designated global terrorist” on Sept. 9, 2004. Treasury officials believe the Ashland chapter delivered $150,000 overseas to “support terrorist activities by the Chechen mujahideen,” the judge concluded.
Pete Seda was convicted in October of tax fraud and conspiracy for helping another official of Al-Haramain smuggle the $150,000 out of the U.S. to Saudi Arabia in 2000. Seda’s lawyers are preparing an appeal.
The eavesdropping was initially discovered when Treasury Department officials mistakenly turned over a document to Al-Haramain lawyers that appeared to be a top-secret call log.
Even though lawyers were ordered to give back the document and not rely on it in the lawsuit, they were still able to convince Walker with other evidence that they were warrantless wiretap targets.
Generally, government investigators are required to obtain search warrants signed by judges to eavesdrop on domestic phone calls, e-mail traffic and other electronic communications. But Bush authorized the surveillance program shortly after 9/11, allowing the National Security Agency to bypass the courts and intercept electronic communications believed connected to al-Qaida.
The 802.11n standard was ratified in 2009 and WiFi really took off in 2010, with support showing up in an array of consumer electronic devices. Unfortunately security related issues escalated right along with growing acceptance. Here’s a look back at the WiFi security issues that emerged this year.
Virtual WiFi leads to rogue access points: The Windows 7 virtual WiFi capability, or soft AP, became popular in the early part of 2010, with users downloading millions of copies of free programs such as Connectify to exploit feature. But it didn’t take long for security experts to see the danger and warn organizations about the possibility of employees creating possible rogue access points using virtual WiFi. These rogue APs can create a hole in your network security and allow an unauthorized user to “ghost ride” into the corporate network. This type of access can be difficult to notice using traditional wire-side techniques, so experts advocated watching carefully for the appearance of rogue APs while upgrading machines to Windows 7.
MiFi gains popularity: Steve Jobs experienced a WiFi malfunction during the iPhone 4 launch in June 2010. An examination after the fact revealed that around 500 mobile hotspot networks were in use, supporting some 1,000 WiFi devices. This incident brought to light the security issues that can crop up from use of MiFi, and experts suggest using dedicated monitoring solutions capable of detecting these unauthorized devices on a 24×7 basis.
Google’s WiFi snooping controversy: In the middle of 2010 Google admitted that their cars used to collect Street View information also mistakenly collected payload data from unsecured WiFi networks. Many viewed the act as a privacy breach because the data collected included personal information such as email, passwords, fragments of files, browsed Internet data, pictures, video clips, etc. The controversy was a major black eye for Google but served as a big wake up call for all those WiFi users who still haven’t secured their WiFi networks.
Russian spies and peer-to-peer WiFi links: The use of private, adhoc WiFi networks for secret communication came to light when the FBI arrested a group of Russian spies who were using the tools to privately transfer data. Such adhoc WiFi networks set up links between WiFi users without using a centralized WiFi router. Corporations are advised to deploy monitoring tools that can snoop out such connections.
Fake WiFi stealing data from smartphones: Security experts discover that using a smartphone’s WiFi capability to access an open or public network can lead to a vulnerability if the user doesn’t tell the phone to forget the network. Users that don’t follow this advice are in danger of getting trapped into a fake WiFi network by someone with malicious intents. Once trapped, users can end up leaking passwords and other private data, and might be at risk of malware and worms.
Hole196 uncovered for WPA/WPA WiFi networks: The name Hole196 was used for the vulnerability that was uncovered at security conferences in Las Vegas in July by AirTight Networks. The vulnerability was mainly targeted at WPA2 (using AES encryption) WiFi networks configured with 802.1x Authentication mechanism. Before Hole196 showed up, such networks were considered some of the most secure WiFi deployments around. With Hole196, these networks can be subjected to a fatal insider attack, where an insider can bypass the WPA2 private key encryption and 802.1x authentication to scan devices for vulnerabilities, install malware and steal personal or confidential corporate information. Although specially targeted at WPA (AES)/802.1x networks, the vulnerability also applies to the WPA/WPA2-PSK networks.
The folks that found Hole196 say exploiting the vulnerability is simple and the attack isn’t detected by traditional wire-side IDS/IPS systems. Being an insider attack, the importance of Hole196 was downplayed by some experts, but reports point out that, with the rise of insider attacks, Hole196 is now considered important. Security experts strongly advocate the use of a comprehensive WIPS solution.
Firesheep turns layman into WiFi hackers: Firesheep, the Firefox extension developed by Eric Butler, was released for public use in late 2010. Since then it has gained tremendous attention because it has almost automated the task of hacking over insecure WiFi networks such as hotspots. With Firesheep and a compatible WiFi client card, a malicious user just needs a single click to see the details of various people in his/her vicinity, visiting their respective accounts on websites (using unencrypted after-login session), such as Facebook, Twitter, Amazon, etc.
Another click and the malicious user can log into these sites, meaning even laymen can become hackers. Security experts remind people to exercise extra precaution while enjoying unsecured WiFi connections. The world is hoping Firesheep’s popularity will motivate the popular social network websites to take further steps to protect user security.
Smartphone as WiFi attacker: The year 2010 witnessed the release of many new high end smartphones but these devices are now being seen as active threats. While attackers previously needed to carry a notebook to eavesdrop on WiFi links or launch sophisticated WiFi attacks, they can now perform these tasks using a high end smartphone.
Reviewing the list of WiFi security issues that came up in 2010, it can be expected that 2011 will witness more of the same. With new WiFi attack vectors emerging, corporations will realize they need additional layers of security that can provide active protection.
About the author: Ajay Kumar Gupta is presently working with an enterprise dealing in WiFi security products. He has been in the field of wireless security for more than five years and is a frequent contributor to leading security magazines and blogs. He holds a master’s of technology degree from IIT Bombay in India.
To catch a criminal, sometimes you have to think like one.
So researchers on the trail of cybercrooks that use armies of infected computers, known as botnets, to send out spam e-mail or to attack websites are building botnets of their own. Fortunately, the new approach is being tested using a high-powered computing cluster that is safely isolated from the Internet.
“We set up what we thought would be the closest to a botnet in the wild,” says Pierre-Marc Bureau, a researcher with computer security firm ESET, part of the project led by a team at Ecole Polytechnique de Montreal with collaborators at Nancy University, France, and Carlton University, Canada. “To our knowledge, this is the first such realistic experiment,” he says.
Over 3,000 copies of Windows XP were installed on a cluster of 98 servers at Ecole Polytechnique. Each virtual computer system was wrapped in software that linked it up to the others as if it were an individual computer connected to the Internet or a local network. Every system was also infected with the Waledac worm, a piece of now well understood and largely vanquished software that at the start of 2010 was estimated by Microsoft to control hundreds of thousands of computers and to send out 1.5 billion spam messages a day.
The team mimicked the control structure needed to take charge of a Waledac botnet, in which a central command-and-control server sends orders to a handful of bots that then spread those instructions to other machines.
In recent years, researchers have developed techniques to eavesdrop on live botnet communications and even to inject messages into these communications. Building a complete botnet in an experimental environment allows much more freedom, though, says Bureau. “When you experiment on a live botnet, you may provoke a bad reaction from its owner that harms infected machines,” he explains, and then “you are also potentially controlling the machines of innocent users, which has ethical and legal problems.”
Having their own botnet also gave the researchers the luxury of being able to observe it inside and out as it operated normally or was attacked by someone trying to disable the network, and also to run multiple trials that yielded statistically significant results.
It was, Bureau says, something of a challenge to convince the owner of a cluster worth around $1 million that installing malware onto it was a good idea.
Allegations that the FBI surreptitiously placed a back door into the OpenBSD operating system have alarmed the computer security community, prompting calls for an audit of the source code and claims that the charges must be a hoax.
The report surfaced in e-mail made public yesterday from a former government contractor, who alleged that he worked with the FBI to implement “a number of back doors” in OpenBSD, which has a reputation for high security and is used in some commercial products.
Gregory Perry, the former chief technologist at the now-defunct contractor Network Security Technology, or NETSEC, said he’s disclosing this information now because his 10-year confidentiality agreement with the FBI has expired. The e-mail was sent to OpenBSD founder Theo de Raadt, who posted it publicly.
“I cashed out of the company shortly after the FBI project,” Perry told CNET today. “At that time there were significant legal barriers between domestic law enforcement and [the Department of Defense], and [this project] was in clear violation of that.” He said the project was a “circa 1999 joint research and development project between the FBI and the NSA,” which is part of the Defense Department.
The OpenBSD project, which was once funded by DARPA but had its funding yanked in 2003 for unspecified reasons, says that it takes an “uncompromising view toward increased security.” The code is used in Microsoft’s Windows Services for Unix and firewalls including ones sold by Calyptix Security, Germany’s Swapspace.de, and Switzerland’s Apsis GmbH.
In national security circles, it’s an open secret that the U.S. government likes to implant back doors in encryption products.
That’s what the FBI proposed in September, although it also claimed that the crypto-back doors would be used only through a legal process. So did the Clinton administration, in what was its first technology initiative in the early 1990s, which became known as the Clipper Chip.
(Credit:
Openbsd.org)
If implemented correctly using a strong algorithm, modern encryption tools are believed to be so secure that even the NSA’s phalanxes of supercomputers are unable to decrypt messages or stored data. One report noted that, even in the 1990s, the FBI was unable to successfully decrypt communications from some wiretaps, and a report this year said it could not decrypt hard drives using the AES algorithm with a 256-bit key.
E.J. Hilbert, a former FBI agent, indicated in a note on Twitter last night that the OpenBSD “experiment” happened but was unsuccessful.
The Justice Department did not respond to a request from CNET yesterday for comment.
NETSEC, the now-defunct contractor, boasted at the time that it was a top provider of computer security services to the Justice Department, the Treasury Department, the National Science Foundation, and unnamed intelligence agencies. A 2002 NSF document (PDF) says NETSEC was “a contractor that NSF utilizes for computer forensics” that performed an investigation of whether data “deleted from an internal NSF server” amounted to a malicious act or not.
A snapshot of the NETSEC Web page from August 2000 from Archive.org shows that the company touted its close ties with the NSA. The founders created the company to build “upon practices developed while employed at the National Security Agency (NSA) and Department of Defense (DoD), the methodologies utilized at NETSEC today are widely regarded as the best anywhere,” it says.
On the OpenBSD technical mailing list, reaction was concerned but skeptical. One post suggested that the best way to insert a back door would be to leak information about the cryptographic key through the network, perhaps through what’s known as a side channel attack. (A 2000 paper describes that technique as using information about the specific implementation of the algorithm to break a cipher, in much the same way that radiation from a computer monitor can leak information about what’s on the screen. Secure environments use TEMPEST shielding to block that particular side channel.)
A 1999 New York Times article written by Peter Wayner about the Clinton administration’s encryption policies, which quoted Perry about OpenBSD, noted that the “the Naval Research Lab in Virginia is using OpenBSD as a foundation of its new IPv6 project.”
Perry told CNET that he hired Jason Wright “at NETSEC as a security researcher, he was basically paid to develop full time for the OpenBSD platform.” In the e-mail to de Raadt, Perry added that “Jason Wright and several other developers were responsible for those back doors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC.”
Wright’s LinkedIn profile lists him as a “senior developer” at the OpenBSD project and a cybersecurity engineer at the Idaho National Laboratory, and previously a software engineer at NETSEC. He did not respond to a request for comment.
A decades-long push for back doors While the OpenBSD allegations may never be fully proved or disproved, it’s clear that the federal government has a long history of pressing for back doors into products or networks for eavesdropping purposes. The Bush administration-era controversy over pressuring ATT to open its network–in apparent violation of federal law–is a recent example.
Louis Tordella, the longest-serving deputy director of the NSA, acknowledged overseeing a similar project to intercept telegrams as recently as the 1970s. It relied on the major telegraph companies, including Western Union, secretly turning over copies of all messages sent to or from the United States.
“All of the big international carriers were involved, but none of ’em ever got a nickel for what they did,” Tordella said before his death in 1996, according to a history written by L. Britt Snider, a Senate aide who became the CIA’s inspector general.
The telegraph interception operation was called Project Shamrock. It involved a courier making daily trips from the NSA’s headquarters in Fort Meade, Md., to New York to retrieve digital copies of the telegrams on magnetic tape.
Like the eavesdropping system authorized by President Bush, Project Shamrock had a “watch list” of people in the U.S. whose conversations would be identified and plucked out of the ether by NSA computers. It was intended to be used for foreign intelligence purposes.
Then-President Richard Nixon, plagued by anti-Vietnam protests and worried about foreign influence, ordered that Project Shamrock’s electronic ear be turned inward to eavesdrop on American citizens. In 1969, Nixon met with the heads of the NSA, CIA and FBI and authorized a program to intercept “the communications of U.S. citizens using international facilities,” meaning international calls, according to James Bamford’s 2001 book titled “Body of Secrets.”
Nixon later withdrew the formal authorization, but informally, police and intelligence agencies kept adding names to the watch list. At its peak, 600 American citizens appeared on the list, including singer Joan Baez, pediatrician Benjamin Spock, actress Jane Fonda, and the Rev. Martin Luther King Jr.
Another apparent example of NSA and industry cooperation became public in 1995. The Baltimore Sun reported that for decades NSA had rigged the encryption products of Crypto AG, a Swiss firm, so U.S. eavesdroppers could easily break their codes.
The six-part story, based on interviews with former employees and company documents, said Crypto AG sold its compromised security products to some 120 countries, including prime U.S. intelligence targets such as Iran, Iraq, Libya and Yugoslavia. (Crypto AG disputed the allegations.)
