A large group of activists comprised of organizations, journalists, lawyers and regular Internet users issued an open letter to Skype’s current owner, Microsoft. This letter focused on the confidentiality of Skype communications. They believe that the service’s confidentiality policy is somewhat fuzzy and the description of possible interactions with third parties and law enforcement agencies is insufficient.

Microsoft’s agreement with China’s TOM Оnline on the creation of a custom version of Skype for Chinese users was especially criticized. This version had a special filter that blocked specific messages. And since this version was identical to the regular one, it meant that any Skype user could eventually be monitored.

Activists reckon that the main reason for such changes in Skype policies is the recent acquisition of the company by Microsoft. That is why it is now held responsible for letting the public know about the ways the service works with confidential data and interacts with law enforcement agencies.

Microsoft employees confirmed the receipt of the letter and promised to issue an official response to these questions.

Experts of the U.S. Federal Trade Commission are convinced that the technological progress has reached such a stage that we must revise the rules of protecting children’s online privacy.

This document was adopted in 1998 and obliged ISP’s to provide a certain level of protection for confidential information about children under 13.

FTC believes that most parents today are not fully aware of what information is being collected about their children, where it is stored and for what purpose. This is especially true for social networks, mobile platforms and various applications.

Amendments to COPPA contain several definitions of new terms that appeared since the adoption of the original document. The very notion of “personal data” has also been revised and redefined by including geolocation data, photos and videos.

The full list of proposed amendments is available on FTC’s website.

Reuters reports that charges have been pressed by the US government against Bo Zhang, a 32-year-old China-born programmer. He is accused of illegally copying the source code of government-owned software that cost $9.5 mln to develop, to an external hard drive.

When the leak was discovered, the programmer was a part-time employee of the U.S. Federal Reserve Bank, which helped him get access to the source code of the software developed for the US Department of the Treasury.

The compromised program, called Government-wide Accounting and Reporting Program (GWA), was developed for monitoring the money transfers made by the US government and reporting to a variety of government agencies and organizations.

Once the leak was discovered, the bank initiated an internal investigation and handed the results over to the police. As the result, Bo Zhang was arrested on January 18.

The FBI did not find any signs of espionage and he was released on bail. The trial will take place on February 17 and if he is found guilty (he is being charged with the theft of government property), he may be sentenced to up to 10 years of prison.

Data mining (deep data analysis) — a collective term used for a set of methods for detecting previously unknown, unusual, interpretable and practically useful knowledge in arrays of data that can be used for making decisions in various fields of human activities.

It’s common knowledge that complete privacy in today’s world is a utopian concept: our names appear in different kinds of lists and reports on a daily basis. We pay for goods and services with credit cards, use mobile phones, buy tickets… And when it comes to the Internet, we leave a colossal number of tracks: from the addresses of visited pages to search engine queries – everything can be intercepted, logged and stored in a single database.

The primary purpose of data mining lies in the analysis of huge amounts of data in such databases (involving special analytical patterns).

For instance, there is nothing suspicious about money being transferred from one account to another. Or about somebody buying a plane ticket to a large city. Or buying a large shipment of fertilizers. Or, let’s say, buying a kitchen timer or several cheap mobile phones from an online store. However, if all of these purchases were made by a single person, the local anti-terror force should definitely take a closer look.

It would seem that combining so many heterogeneous pieces of information is an immensely complex task. However, such a system is absolutely possible and may have been in operation for some time now.

The Total Information Awareness program was developed by the Pentagon from 2002 through 2003 and was aimed at detecting suspicious behavioral patterns. Following a number of public protests, it was renamed to Terrorism Information Awareness (TIA) and became nearly completely confidential. The report of the Department of Homeland Security mentions three active programs of this type. Similar solutions are being developed by other countries as well: China, the United Kingdom, Israel and Germany.

The legitimacy of such analysis is a matter of harsh public debate and none of the parties has been able to decide whether security is more important than privacy (or vice versa). And while the debate is in full swing, data collection and analysis are booming on the Internet – the Law hasn’t fully set foot on this land yet.

We did not announce any changes we made in our programs for a long time while we were releasing new versions. Therefore, today we decided to hold a slight review and recall everything.

One of the most important updates was the development of a module for protecting financial information. This is a special script that automatically searches for lines in the program’s logs that are similar to credit card numbers, and deletes them from the monitoring journal. Screenshots made at that moment are also deleted.

These protective mechanisms work only in cases when this is possible and do not guarantee protection in absolutely all cases. The script is gradually being improved to minimize false alarms and errors. It cannot be turned off since its very existence carries out legislative norms.

For the programs Employee Monitor and Terminal Monitor, due to many requests from the users, a feature was added of configuring log storage in a local or network folder specified by the user.

A lot of work was done to improve the support of the latest versions of internet browsers (Opera, Firefox).

There was an improvement to message monitoring in Facebook, the social network.

The Turkish and Polish languages were added to the program interface.

Two of the largest private forums used by professional credit card fraudsters and spammers were hacked on 18 February.

Forum topics, information on thousands of registered users and private correspondence were all stolen and passed on to leading companies combating online fraud (RSA, Anti Money Laundering Alliance, IISFA) and to European, Russian and American law enforcement agencies.

The first forum to be hacked was the well known cybercrime forum “MAZA.la” (also known as “MAZAFAKA”). The forum members main activities and the topics discussed can be put into the following categories:

• document forgery,
• sale of stolen internet service records,
• spam,
• virus creation,
• laundering of illegally gained money.

It seemed to be impossible to enter this forum. It was completely private, and it was only possible to register if you had several authoritative backers who were already registered. The forum was protected by the most up to date security solutions: digital security certificates, an anti phishing filter and the server was located in Taiwan.

On 18 February the forum was attacked by hackers and the forum’s database (more than 2000 users) was stolen and handed over to law enforcement agencies.

Following this another similar forum, “Direct Connection”, was also successfully attacked.

Analysts now suggest that a struggle has begun between Russian carders and spammers for influence in the cybercrime world. However, there are no details or any evidence that this may be the case.

There have long been rumours that the GSM mobile phone standard (or even the devices themselves) contains undocumented features. However, up to now such technology had never been used in any country in the world by special services for collecting information.

This makes perfect sense. The technology would become useless if criminals knew about it.

However, it had to happen one day. At the beginning of this year, the first court case was held where location data obtained using undocumented GPS enabled mobile phone features was used as evidence. A secret request was sent via the mobile phone operator to the telephones, which then sent their location coordinates to the operator. Rumours of this capability can be considered to be confirmed.

As could be expected, this secret technology was not used against minor fraudsters, copyright violators or paedophiles but against a serious national security threat.

At the beginning of the year, in the Netherlands, 12 Somali illegal immigrants were arrested in seven different locations in this way. Four of them were planning a terrorist attack in the country. Access to the private data of the accused was authorised by a court order.

According to Germany’s Interior Minister Thomas de Maiziere, in the first half of this year a new department for protecting internet resources, The National Cyber Defence Centre will be created.

This centre will be run by the Department for IT Security (BSI), which already carries out similar functions.

This project was first discussed in the summer of 2010, when the Stuxnet virus was discovered. The virus’s attack on Iran did not affect Germany, but this was enough for the authorities to realise that the country’s infrastructure was not prepared for such a threat.

It is proposed that the National Cyber Defence Centre will be invested with authority by the intelligence agencies and the police, which will give it the greatest ability to combat hacker attacks. By the way, such power has already caused a large number of political arguments. For example, the Free Democratic Party of Germany argues that the creation of a body with such a range of powers is contrary to the law.

RapLeaf, a US-based company, has been successfully working in the area of social network monitoring (SMM) for several years and has accumulated significant experience in collecting and analyzing these data. In other words, the core of this business is the collection of comprehensive information about Internet users and selling it to interested third parties.

At the moment, RapLeaf’s database contains information about a huge number of uses – over one billion.

The main purpose of this information is obvious: ads and improvement of advertising efficiency through more accurate targeting. Ironically, these services are especially popular among politicians and public figures.

The company even got involved in a minor political scandal at the end of the past year when Wall Street Journal reporters noticed a rapid growth of the amount of finely targeted ads served to specific users. An investigation conducted by WSJ revealed that Jim Bender, a republican candidate, used RapLeaf’s services during his election campaign.

From a legal standpoint, RapLeaf has no right to store users’ names in its databases, but it’s not particularly important at the moment: the law does not prohibit storing the identifiers of users’ social network accounts that can be used to obtain actual users’ names.

Apparently, this data is not mined from social networks only. When a user registers on one of RepLeaf’s affiliate sites, it sets a user cookie that enables its owners to quickly and reliably collect information about this user.

Note that such monitoring activities can and are used for “positive” and “peaceful” purposes as well. For instance, there is a project that uses similar methods and aims at creating a system capable of recognizing the behavioral patterns of people with signs of depression who can potentially commit a suicide or hurt others.

It’s not a secret that a lion’s share of viruses and other types of malware are contracted on sites featuring adult content – erotic and pornographic materials. However, major publishers rarely cross this line, as the risk of losing sales and reputation is too high.

Mainstream Media International, the owner of YouPorn, a popular porn “tube”, chose another way of making money on its visitors: theft of the users’ browsing history.

These activities became the ground for a collective lawsuit against the company filed by site visitors accusing the company of eavesdropping and violation of privacy. The lawsuit specifically stated that all monitoring was intentional and that the JavaScript that copied browsing history records was obfuscated.

Obfuscation is a method of making the source code of a program unreadable and extremely hard to analyze while completely preserving its functionality.

Information collected using such methods has its price and this price is quite high. Knowing what sites users visited and what content they viewed allows companies to create better targeted paid products or services.

As a rule, such statistical data are purchased by advertising companies and ad networks interested in improving the accuracy of their campaigns and serving more relevant ads.

If the suit is satisfied, Mainstream Media International can be seriously punished for violating a number of laws, including the federal computer fraud and abuse statute, the computer crimes law of California, the competition and consumer rights laws.