Privacy Roundup #0089 • December 2013
December 2013 was dominated by fresh Snowden disclosures on location tracking, cookies and hardware implants, a landmark court ruling against bulk metadata, a presidential review panel and the Target mega breach.
1. NSA tracks cellphone locations worldwide under CO-TRAVELER
Snowden documents revealed that the NSA gathers nearly five billion records a day on the whereabouts of mobile phones around the globe. The CO-TRAVELER programme correlates movements to map who meets whom, sweeping up location data on hundreds of millions of devices.
2. Microsoft moves to encrypt customer data against government snooping
Microsoft announced that it would encrypt customer content moving between users and its servers and between its own data centres by default. The company also pledged to notify business and government customers of legal demands and to challenge gag orders in court.
3. JPMorgan Chase warns 465,000 prepaid card holders of breach
JPMorgan Chase told around 465,000 holders of prepaid cash cards that their personal information may have been accessed by hackers who breached its UCard website. The cards were used by corporations for payroll and by government agencies for tax refunds and benefits.
4. Microsoft and partners disrupt the ZeroAccess botnet
Microsoft's Digital Crimes Unit, working with the FBI and Europol, disrupted the ZeroAccess botnet that had infected more than two million computers. The network hijacked search results and committed click fraud thought to cost online advertisers around 2.7 million dollars each month.
5. NSA and GCHQ spied inside online games such as World of Warcraft
A joint report by ProPublica, The New York Times and The Guardian revealed that British and American spies infiltrated virtual worlds including World of Warcraft and Second Life. Operatives created avatars to monitor players and tried to recruit informers, though no counter-terrorism successes were shown.
6. Eight tech giants call on government to reform surveillance
AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo joined forces to demand reform of government surveillance laws. The coalition launched the Reform Government Surveillance site and ran full page newspaper advertisements urging Washington to lead.
7. NSA uses Google cookies to pinpoint targets for hacking
The Washington Post reported that the NSA piggybacks on advertising tracking files, notably Google's PREF cookie, to identify browsers for surveillance and hacking. The cookies act as homing beacons that let operatives single out individual computers to implant spyware.
8. Federal judge rules NSA bulk phone records likely unconstitutional
In Klayman v Obama, US District Judge Richard Leon held that the NSA's bulk collection of phone metadata most likely violates the Fourth Amendment. He called the technology "almost Orwellian" and noted that the government cited no instance where it had stopped an imminent attack.
9. CBS faces criticism over its 60 Minutes report on the NSA
A 60 Minutes segment featuring NSA leaders drew heavy criticism for repeating agency claims without challenge. Sceptics ridiculed the so-called BIOS plot, an alleged Chinese scheme said to be capable of taking down the United States economy.
10. Snowden publishes an open letter to the people of Brazil
Edward Snowden issued an open letter to Brazilians offering to help investigate NSA spying and hinting at a request for permanent asylum. He argued that the surveillance was about economic espionage, social control and diplomatic manipulation rather than security.
11. Target investigates a breach affecting 40 million cards
Brian Krebs broke the news that Target was investigating a major breach of its point of sale systems. The retailer confirmed that around forty million credit and debit card accounts were compromised between late November and mid December 2013.
12. Presidential review panel urges sweeping NSA reform
The President's Review Group delivered 46 recommendations to rein in NSA collection. It called for an end to government storage of Americans' phone records and advised against bugging the phones of friendly foreign leaders.
13. UN General Assembly backs the right to privacy in the digital age
The 193 member General Assembly unanimously adopted Resolution 68/167, introduced by Brazil and Germany. It affirmed that the rights people hold offline must also be protected online and urged states to review surveillance laws.
14. Reuters reports a secret 10 million dollar NSA deal with RSA
Joseph Menn reported for Reuters that the NSA paid RSA ten million dollars to make a flawed random number generator the default in its BSAFE library. The Dual EC DRBG algorithm had long been suspected of containing a backdoor advantageous to the agency.
15. Der Spiegel exposes the NSA ANT catalogue of hardware implants
Der Spiegel published details of the NSA's ANT catalogue, a list of bespoke spying tools available to its Tailored Access Operations unit. The hardware ranged from a thirty dollar rigged monitor cable to gear capable of bugging machines from Cisco, Juniper, Dell and Apple.
16. Hackers publish 4.6 million Snapchat usernames and phone numbers
A site called SnapchatDB published the usernames and phone numbers of 4.6 million Snapchat accounts. The hackers said they acted to pressure the company into fixing a flaw that researchers had already disclosed.
17. Android Flashlight App Developer Settles FTC Charges It Deceived Consumers
The Federal Trade Commission announced that Goldenshores Technologies, maker of the Brightest Flashlight Free app, had agreed to settle charges that it deceived consumers over the sharing of their data. Its privacy policy failed to disclose that the app transmitted precise location and a unique device identifier to advertising networks and other third parties.
18. Revealed: How the NSA Targets Italy
An L'Espresso investigation by Glenn Greenwald and Stefania Maurizi set out fresh Snowden documents showing how the NSA targeted Italy. The files described Special Collection Service sites in Rome and Milan that monitored Italian government communications and swept up metadata on millions of telephone calls.
19. European Parliament inquiry sets out preliminary surveillance conclusions
The lead MEP on the Parliament's inquiry into NSA surveillance presented preliminary conclusions on EU citizens' rights. The Civil Liberties Committee signalled that a transatlantic trade deal should be withheld unless data protection concerns were addressed.
20. Verizon to publish its first transparency report on government data demands
Verizon announced that it would become the first major American telecommunications company to release a transparency report. The disclosure, welcomed by the EFF, was set to detail the law enforcement requests the carrier received for its customers' data.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: