According to Germany’s Interior Minister Thomas de Maiziere, in the first half of this year a new department for protecting internet resources, The National Cyber Defence Centre will be created.

This centre will be run by the Department for IT Security (BSI), which already carries out similar functions.

This project was first discussed in the summer of 2010, when the Stuxnet virus was discovered. The virus’s attack on Iran did not affect Germany, but this was enough for the authorities to realise that the country’s infrastructure was not prepared for such a threat.

It is proposed that the National Cyber Defence Centre will be invested with authority by the intelligence agencies and the police, which will give it the greatest ability to combat hacker attacks. By the way, such power has already caused a large number of political arguments. For example, the Free Democratic Party of Germany argues that the creation of a body with such a range of powers is contrary to the law.

Microsoft initiated a lawsuit to prevent one of its managers from assuming a position in a competing company.

According to Microsoft, Michael Michevsky, their former manager, copied a large number of internal documents prior to leaving Microsoft and intended to disclose them to Salesforce, the company’s direct competitor.

The court agreed to the argumentation of the plaintiff and issued a court order prohibiting Michael to assume the position of a vice president at the competing company.

Microsoft representatives insist that the actions of their former employee are in breach of the non-disclosure and non-compete agreements that he signed at the time he was hired.
The summons also states that Michevsky copied over 900 files with over 25,000 pages of text (around 600 MB) to his laptop. These documents allegedly contained confidential information about the company’s marketing strategy and copyright-protected items.

Salesforce refused to comment on this incident.

This new device for capturing traffic with a large number of wireless devices (including keyboards, various remote controls, medical equipment and other devices), works based on open source software and is called Keykeriki version 2.

It captures the whole flow of wireless data using Nordic Semiconductor chips. The device was developed by specialists from Dreamlab Technologies and costs only $100.

Keykeriki is not only a device sniffer. Unlike the first version it not only has a function for capturing packets, but also the ability to inject signals, that is to control remotely the observed devices.

At the CanSecWest conference, company developers demonstrated a fully fledged attack on a system using Keykeriki. The attack began by capturing the signal from a wireless Microsoft keyboard, then its XOR encryption signal was hacked and it was possible to fully control the computer to which it was attached.

Experts believe that such actions would lead to a successful result, and if more secure encryption was used it would only need a little bit more time.

RapLeaf, a US-based company, has been successfully working in the area of social network monitoring (SMM) for several years and has accumulated significant experience in collecting and analyzing these data. In other words, the core of this business is the collection of comprehensive information about Internet users and selling it to interested third parties.

At the moment, RapLeaf’s database contains information about a huge number of uses – over one billion.

The main purpose of this information is obvious: ads and improvement of advertising efficiency through more accurate targeting. Ironically, these services are especially popular among politicians and public figures.

The company even got involved in a minor political scandal at the end of the past year when Wall Street Journal reporters noticed a rapid growth of the amount of finely targeted ads served to specific users. An investigation conducted by WSJ revealed that Jim Bender, a republican candidate, used RapLeaf’s services during his election campaign.

From a legal standpoint, RapLeaf has no right to store users’ names in its databases, but it’s not particularly important at the moment: the law does not prohibit storing the identifiers of users’ social network accounts that can be used to obtain actual users’ names.

Apparently, this data is not mined from social networks only. When a user registers on one of RepLeaf’s affiliate sites, it sets a user cookie that enables its owners to quickly and reliably collect information about this user.

Note that such monitoring activities can and are used for “positive” and “peaceful” purposes as well. For instance, there is a project that uses similar methods and aims at creating a system capable of recognizing the behavioral patterns of people with signs of depression who can potentially commit a suicide or hurt others.

Japan has always been notorious for the industriousness of its people and the amount of time they spend at their workplaces, as well as ignorance of privacy-related matters both among employers and employees.

Employee monitoring using GPS-enabled mobile devices has been commonly practiced here for years. The technology is used for tracking the location of truck drivers, sales agents and even flight attendants.

This time, KDDI Corporation of Japan suggests using built-in phone accelerometers for more accurate recognition of users’ activities. The system correctly identifies such actions as walking up and down the stairs and room cleaning operations, for example.

The solution can be used practically anywhere. For instance, it can automatically send a notification to a company’s manager that a janitor or loader is having an excessively long break.

Russia is still pursuing the nation-wide integration and acceptance of its own navigation system, GLONASS, although without considerable success. Its developers plan to use it for child, employee, prisoner and vehicle monitoring. Russian mobile carriers have already started offering navigation services allowing companies to track the location of vehicles and employees using satellite navigation devices and mobile phones.

In the meantime, Russian bloggers suggested a rather original method of employee monitoring. To use this method, a company would need to hire a courier equipped with a digital camera, a wireless headset and a 3G-enabled mobile phone.

Once the “video courier” arrives at a construction site, for example, he or she can simply turn the camera on and show the management around the place – directly and without using fancy satellite equipment.

Most of us see nothing criminal in a situation where one of the spouses reads the other’s email or SMS messages. Jealous and insecure types periodically peeked into their spouses’ pockets centuries before computers and cell phones were invented.

However, this situation may drastically change in the US thanks to their precedent system and a trial taking place these days.

The wife of the defendant, 33-year-old Leon Walker, used her husband’s laptop. Apparently, it wasn’t hard for him to steal the password for her Gmail account. When the wife wasn’t home, Leon periodically read her mail.

When he discovered that she was going to go back to her ex-husband, they had a fight and he told her how he got this information.

The woman called the police and accused her husband of breaking into her email account. Despite their relationship, the prosecution insisted on 5 years for the husband for violating privacy laws. Lawyers estimate his chances of clearing himself of the charge as fairly low.

If Walker eventually gets convicted, an important precedent will be created that will be used by judges in similar cases in the future. And there can be a quite a few of them.

The conflict between CyberSpy Software and the US Federal Trade Commission has been settled outside the courtroom. The conflict was caused by the developer’s violation of fair trade rules during the sales of RemoteSpy, its keylogging tool.

RemoteSpy was positioned as a comprehensive and impossible-to-detect spyware tool that was supplied with detailed installation instructions, including those for unauthorized installation.

The program is a typical keylogger with all the features of this type of programs: discreet interception of key presses, creation of screenshots, logging of IM chats and browsing history.

Despite the developers’ efforts, the program is still classified by many anti-virus tools as potentially dangerous spyware. For example, Kaspersky Labs software identifies it as riskware — a program capable of inflicting damage if used for illegal purposes.

The FTC forbade the use of provocative ad statements inciting users to use the program for illegal purposes. Consumers must be informed in advance about the responsibility for misusing this kind of software.

On the other hand, products must identify themselves in the system and have a functional installer with an option that allows the user to cancel the installation process. This will make illegal use highly problematic and won’t be an obstruction to using the program for legal purposes.

Once CyberSpy Software made the necessary changes in the product, the FTC allowed the company to resume the sales of RemoteSpy.

The French press are reporting on public disquiet concerning mass telephone conversation tapping. A lot of politicians and journalists are openly declaring that their telephones were tapped.

Phone tapping is officially illegal in France, but many organisations involved in economic espionage often use their capabilities for other aims. For example, phone tapping politicians.

In addition, today functional equipment and software for illegal phone tapping are available to all. Both can be easily bought over the internet.

More »

Viviane Reding, the European Union commissioner for information society and media, called to European leaders with an attempt to draw their attention to the problem of gradual loss of users’ control over the distribution of their personal data.

She explained that the users’ inability to control the distribution of their personal data is not just a serious problem, but also a violation of the private data protection law adopted back in 1995.

Her address also covers the necessity of creating more up-to-date laws protecting personal data, revision of the current legislation and creation of tools that will enable users to remove any references to their personalia on the Internet.

Confidential information published online (in social networks and various online services) can seriously affect people’s lives. Such precedents have already resulted in job losses, divorces and other serious problems.
Today, removal of the information published online is an incredibly complex (if at all feasible) task, since information can spread absolutely unpredictably.

The European Commission has already started discussing this problem. The draft version of the document that is supposed to minimize the collection and storing of personal users’ data on the Internet is expected to be released in 2011.

A major scandal concerning the leaking of personal data has hit Japan. More than 100 documents containing secret information were made available 28 October on a server located in Luxembourg. Japanese authorities consider this leak to be extremely dangerous and suspect that it was done deliberately.

The documents that were made available contained fairly detailed information on people taking part in Japanese anti-terrorism activities around the world. There was also data on security measures taken for the G8 summit in Tokyo and personal data on police officers and lists of people suspected of links with terrorists.

Although most of these documents covered 2007 to 2009, a lot of people, whose names are found in these documents, have expressed their anger to the authorities. So far there has been no official comment on the continuing investigation of the incident.