Privacy Roundup #0087 • October 2013
October 2013 was dominated by fresh Snowden documents that exposed mass NSA surveillance across allied nations, alongside major data breaches at Adobe and Experian and a wave of legislative pushback.
1. Unsealed court records reveal the FBI demanded Lavabit's encryption keys
Newly unsealed documents showed that the FBI had ordered Lavabit, the encrypted email provider used by Edward Snowden, to hand over its private SSL keys. Founder Ladar Levison resisted because surrendering the keys would have exposed every customer, and he chose to shut the service rather than comply.
2. Silk Road is seized and Ross Ulbricht is arrested
Federal agents shut down the Silk Road dark web marketplace and arrested Ross Ulbricht, the man accused of running it under the alias Dread Pirate Roberts. Investigators traced his identity through early forum posts and a username that linked back to his real email address.
→ www.infosecurity-magazine.com
3. Adobe confirms a breach exposing source code and customer data
Adobe disclosed that attackers had stolen source code for products including Acrobat and ColdFusion along with payment data on millions of customers. The figure later rose to at least 38 million accounts, making it one of the largest breaches of the year.
4. Snowden documents detail NSA and GCHQ attacks on Tor
The Guardian published documents showing that the NSA and GCHQ had repeatedly tried to break the anonymity of Tor users. One presentation titled "Tor Stinks" conceded that the agencies could not de-anonymise all users, while a technique named EgotisticalGiraffe exploited a Firefox flaw to identify targets.
5. NSA harvests hundreds of millions of email address books
A Washington Post report revealed that the NSA was collecting contact lists from personal email and instant messaging accounts worldwide, many belonging to Americans. On a single sampled day the agency gathered nearly half a million address books from services including Yahoo, Hotmail and Gmail.
6. Hidden backdoor found in D-Link router firmware
A researcher discovered that several D-Link routers contained a backdoor that bypassed authentication when the browser used a particular user agent string. The string read as "Edit by joel backdoor" when reversed, suggesting it had been left in deliberately.
7. NSA hacked the email of Mexico's president
Der Spiegel reported that the NSA had hacked an email account used by then Mexican President Felipe Calderon and members of his cabinet. The Mexican foreign ministry called the practice unacceptable and against both Mexican and international law.
8. Experian sold consumer data to an identity theft service
Brian Krebs reported that a Vietnamese fraudster had bought records on millions of Americans directly from a firm owned by Experian. The scammer posed as a private investigator and resold the data through an underground identity theft service for almost ten months.
9. Le Monde reveals the NSA collected 70 million French phone records
French newspaper Le Monde reported that the NSA had gathered data on more than 70 million phone calls in France within a single month. The surveillance reportedly reached politicians and business figures, and France summoned the United States ambassador in response.
10. Aaron's settles FTC charges over webcam spyware on rental computers
The Federal Trade Commission settled with rent-to-own retailer Aaron's over software installed on rental computers that secretly photographed customers. The webcams captured images of people in their homes, including some in states of undress, without their knowledge.
11. Researchers warn that LinkedIn Intro hijacks email
Security firm Bishop Fox warned that LinkedIn's new Intro app rerouted all of a user's email through LinkedIn servers. The firm described the design as a man-in-the-middle attack that could break encrypted messages and expose private correspondence.
12. European Parliament votes to suspend the SWIFT data deal
The European Parliament adopted a resolution calling for the suspension of the agreement that shared financial messaging data with the United States. Members cited Snowden documents suggesting the NSA had gained unauthorised access to SWIFT payment records.
13. Germany summons the US ambassador over Merkel phone tapping
Germany summoned the United States ambassador after Der Spiegel reported that the NSA may have monitored Chancellor Angela Merkel's mobile phone. Merkel telephoned President Obama directly and called the alleged practice a serious breach of trust.
14. NSA monitored the phones of 35 world leaders
The Guardian reported that a Snowden document described NSA surveillance of the phone numbers of as many as 35 world leaders. The numbers were handed to the agency by other US government officials, although the document admitted the effort yielded little useful intelligence.
→ phys.org
15. El Mundo reports the NSA tracked 60 million Spanish calls
Spanish newspaper El Mundo published documents indicating that the NSA had collected metadata on 60 million phone calls in Spain in one month. The disclosure followed similar reports from France and Germany and deepened the diplomatic strain across Europe.
16. The USA Freedom Act is introduced to curb NSA collection
Representative Jim Sensenbrenner and Senator Patrick Leahy introduced the USA Freedom Act to end the bulk collection of Americans' phone records. The bill sought to amend Section 215 of the Patriot Act and to create a privacy advocate at the secret surveillance court.
17. MongoHQ breach cascades into a hack of Buffer users
Database host MongoHQ disclosed a breach after attackers gained access to an internal support tool using a reused password. The intrusion exposed customer credentials and led directly to the hijacking of social media accounts managed through the Buffer service.
18. NSA infiltrated the links between Google and Yahoo data centres
The Washington Post reported on a programme called MUSCULAR through which the NSA and GCHQ tapped the private fibre links connecting Google and Yahoo data centres. The agencies copied entire data flows, sending millions of records each day back to NSA headquarters.
19. Senate committee approves the FISA Improvements Act
Senator Dianne Feinstein's FISA Improvements Act passed the Senate Intelligence Committee, taking a markedly different approach to the USA Freedom Act. The bill would have written the bulk phone records programme into law while adding limits on data retention and access.
20. Australian embassies revealed as part of a US spy network
Fairfax media reported that Australian embassies across Asia secretly housed interception equipment under the Stateroom programme. The hidden facilities intercepted phone and internet traffic from countries including Indonesia, Thailand and Malaysia for the Five Eyes alliance.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: