Privacy Roundup #0055 • February 2011
February 2011 was dominated by the Anonymous raid on HBGary, fresh proof of corporate surveillance plots, and a browser industry scrambling to define what Do Not Track should mean.
1. HBGary Federal hacked by Anonymous
After chief executive Aaron Barr boasted that he had unmasked the leaders of Anonymous, the group broke into HBGary Federal and dumped tens of thousands of internal emails online. The intruders also seized Barr's Twitter account and wiped his iPad remotely.
2. Leaked emails expose the Team Themis plot to smear unions
ThinkProgress reported that lawyers for the US Chamber of Commerce had solicited HBGary Federal, Palantir and Berico to target progressive groups and labour unions. The leaked proposals described planting false documents and building fake personas to discredit critics.
3. Security firms plotted to discredit WikiLeaks supporters
Emails taken from HBGary revealed a Bank of America-linked scheme to disrupt WikiLeaks and to attack the journalist Glenn Greenwald. Palantir suspended an engineer and apologised after its logo was found on the offending slides.
4. Anonymous claims it holds Stuxnet code
Members of Anonymous announced that the HBGary breach had handed them decompiled Stuxnet code stored on the firm's servers. Researchers cautioned that the group held binaries and disassembly rather than the original source.
5. Aaron Barr resigns as HBGary Federal chief
Aaron Barr stepped down from HBGary Federal at the end of February, saying he needed to rebuild his reputation. His departure followed weeks of fallout from the leaked emails and the surveillance schemes they exposed.
6. Nasdaq admits hackers planted malware on its board portal
Nasdaq confirmed that intruders had repeatedly breached Directors Desk, a web service used by thousands of company directors. The malware could have logged keystrokes and harvested the passwords of senior executives.
7. McAfee details Night Dragon attacks on energy firms
McAfee published research describing coordinated intrusions, traced to China, against at least five global oil and energy companies. The attackers used spear-phishing and remote access tools to steal sensitive bid and operations data.
8. Egypt's internet blackout exposes the danger of weak links
The EFF examined how the Egyptian government had pressured a handful of providers to switch off the internet for five days. The post argued that concentrated infrastructure gives states an easy chokepoint for mass surveillance and censorship.
9. Narus deep packet inspection sold to Egypt's rulers
Reporting and a Sunnyvale protest highlighted that the Boeing subsidiary Narus had supplied deep packet inspection gear to Egypt's state telecom. The technology let authorities read traffic and locate dissidents in real time.
10. Documents reveal the FBI's plan to expand surveillance laws
The EFF obtained records through a freedom of information request detailing the FBI's "Going Dark" strategy to widen wiretap powers. The plan sought changes to CALEA and the Electronic Communications Privacy Act to cover internet services.
11. Anonymous defaces a Westboro Baptist Church website live on air
During a live radio interview, a caller claiming to speak for Anonymous confronted a Westboro spokesperson and defaced one of the church's sites. The group derided the church for trying to goad it into an attack.
12. Facebook moves to share home addresses and phone numbers
Facebook confirmed it would reinstate a feature letting third-party apps request a user's home address and mobile number. Critics warned that the permission dialogue offered no way to share an app without surrendering the contact details.
13. Airport body scanners ignite a fresh privacy debate
Coverage of the TSA's new automated target recognition software fuelled arguments over whether the machines could store images. Privacy advocates warned that the technology's capabilities made the storage question central to its legality.
→ iapp.org
14. Microsoft sends its Do Not Track technology to the W3C
Microsoft submitted the Tracking Protection feature built into the Internet Explorer 9 release candidate to the World Wide Web Consortium. The move sought to standardise a way for users to block third parties from harvesting their browsing data.
15. Three rival approaches to Do Not Track emerge
Google, Microsoft and Mozilla each pushed a different mechanism for letting users opt out of web tracking. The competing designs ranged from browser headers to block lists to cookie-based extensions, with no agreed standard in sight.
16. Governments chip away at privacy on International Privacy Day
The EFF marked the day by contrasting official tributes to data protection with a wave of surveillance measures. It singled out mandatory data retention mandates and weak limits on government access to records held by third parties.
17. Twitter users seek privacy in WikiLeaks case
A federal judge in Virginia heard arguments challenging the December order that compelled Twitter to hand the government account data for three people linked to WikiLeaks. Lawyers for the Icelandic lawmaker Birgitta Jonsdottir and her co-petitioners argued that prosecutors should not gather records of internet communications in secret.
→ phys.org
18. It's Back: FBI Announcing Desire To Wiretap The Internet
At a House hearing the FBI revived its push for a law requiring web mail, social networks and peer-to-peer services to build in interception capabilities. Critics warned that mandated backdoors would not stay secret for long and would hand a ready vulnerability to hackers and hostile states.
19. Google adds two-step verification for ordinary accounts
Google rolled out optional two-step verification to all Gmail users, requiring a one-time code alongside the password. The company framed it as a response to repeated attempts by hostile regimes to break into activists' accounts.
20. eHarmony resets passwords after a database breach
eHarmony urged users to change their passwords after a researcher exploited a SQL injection flaw on its advice subdomain. The leaked data included screen names, email addresses and hashed passwords for tens of thousands of accounts.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: