Privacy Roundup #0033 • April 2009
April 2009 was dominated by botnets, worms and government surveillance, as Conficker stirred, Twitter buckled under self-spreading scripts, and Britain and the United States pressed ahead with plans to log everyone's communications.
1. Conficker botnet stirs to push an update to infected machines
The long-feared Conficker worm passed its 1 April trigger date without disaster, but a week later the botnet began distributing a fresh payload over its peer-to-peer network. The new variant spread to machines already carrying earlier strains of the malware, confirming that the criminals behind it still held the controls.
2. Conficker turns infected PCs into spam and scareware machines
Once the botnet woke up, it set about making money for its owners in the most predictable way. Infected computers began spewing junk mail through the Waledac component and pushing a fake antivirus product called Spyware Protect 2009, which demanded almost fifty dollars to remove threats that did not exist.
3. StalkDaily worm overruns Twitter over the Easter weekend
A self-replicating cross-site scripting attack tore through Twitter, forcing anyone who viewed an infected profile to post messages promoting a site called StalkDaily. Administrators deleted more than ten thousand tweets as at least three similar worms made the rounds over roughly thirty-six hours.
4. Twitter worm author is rewarded with a security job
Michael Mooney, the seventeen-year-old who admitted writing the worms, was offered a job in security analysis and web development by a small software firm. Security researchers condemned the move, warning that it told young people the way to get hired was to do something irresponsible.
5. Obama justice department adopts Bush line on warrantless wiretapping
The new administration filed a motion to dismiss the Electronic Frontier Foundation's Jewel v. NSA case, invoking the state secrets privilege exactly as its predecessor had done. It went further still, arguing that the government could never be sued for surveillance that broke federal privacy statutes.
6. Reports of spies in the US power grid draw scepticism
A widely repeated story claimed that foreign cyberspies had buried software inside the American electrical grid to enable future sabotage. Bruce Schneier dismissed the piece as hype and fear-mongering, noting that it contained almost no verifiable facts and arrived conveniently during budget season.
7. US Congress examines the privacy threat of deep packet inspection
A House subcommittee held a hearing on the use of deep packet inspection by internet providers for targeted advertising. The chairman warned that the technology's potential to intrude on privacy was nothing short of frightening.
8. Tories warn of a back door to Britain's communications überdatabase
Conservative peers raised the alarm that an incoming European data retention rule might be used to build a mass surveillance system without further parliamentary scrutiny. A former director of public prosecutions described the proposed central store of email, web and telephone records as a potential hellhouse.
9. Brussels begins legal action against Britain over Phorm
The European Commission opened infringement proceedings against the United Kingdom for failing to enforce privacy law against the Phorm advertising system. The case followed secret trials in which BT analysed customer web traffic without consent.
10. Wikipedia opts out of Phorm's profiling
The Wikimedia Foundation asked to be excluded from scanning by the Phorm and BT Webwise system, following the lead set by Amazon. The foundation said it regarded the profiling of its visitors' behaviour by a third party as an infringement of their privacy.
11. British spy chiefs admit weighing deep packet inspection
The security minister told Parliament that officials working on the Interception Modernisation Programme were considering how deep packet inspection equipment might support the lawful interception of communications. It was the first time the government had publicly acknowledged its interest in the technology.
12. Home Office asks providers to shoulder mass surveillance
A formal consultation dropped the idea of a single central warehouse and instead proposed forcing communications providers to store and process records of who contacts whom. Critics warned the plan would still capture every website visit, instant message, tweet and glance at a social network.
13. Swedish web traffic plunges as the IPRED law takes effect
Sweden's new anti-piracy law took effect on 1 April, allowing copyright holders to compel internet providers to hand over the identities of suspected file sharers. Internet traffic fell by roughly thirty per cent within hours, a drop attributed to the threat of being unmasked.
14. Pirate Bay founders found guilty in Stockholm
A Swedish court convicted the four men behind The Pirate Bay of assisting copyright infringement, handing each a one-year prison sentence and a heavy fine. The verdict turned attention to how identifying data and IP addresses would be used to pursue ordinary file sharers.
15. Facebook's terms-of-service vote dismissed as a con trick
A privacy advocate called Facebook's first user vote on its governing documents a complete joke, arguing that the thirty per cent turnout needed to make it binding would never be reached. The criticism underlined how little real control users had over the rules covering their data.
16. Villagers block a Google Street View car in Broughton
Residents of the English village of Broughton formed a human chain to turn away a Street View vehicle photographing their homes. They cited fears about privacy and burglary, forcing the car to abandon its run.
17. Street View captures Madrid sex workers despite face-blurring
Google's mapping cameras photographed people working the streets of central Madrid, exposing the limits of the company's automatic privacy controls. The face-blurring software functioned, but it did nothing to obscure the rest of the subjects caught on camera.
18. Phishers hit Facebook to harvest passwords
A worm spread fraudulent messages urging users to log in at a fake Facebook page hosted at FBAction.net, then stole the credentials they entered. The attackers wanted the passwords because people so often reuse them across many sites.
19. Virginia fusion centre labels universities a terrorist threat
A leaked threat assessment from the state-run intelligence centre described historically black colleges and a wide range of activist groups as potential nodes for radicalisation. The governor ordered an investigation as civil liberties campaigners warned that fusion centres were becoming a breeding ground for overzealous police intelligence.
20. French hacker breaks into Twitter's administration system
A hacker using the name Hacker Croll cracked a Twitter employee's email account, recovered an administrative password and gained access to the internal tools behind celebrity profiles. The breach exposed email addresses, phone numbers and block lists for accounts including those of Barack Obama and Britney Spears.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: