06.14.15
Posted in Europe, Patents at 6:48 pm by Dr. Roy Schestowitz
An institution full of abuse at many levels and multiple departments
Summary: The blackhat methods of the EPO (e.g. keyloggers) were approved internally by the so-called data protection officer of the EPO, according to new leaks
THE EPO spying scandal is merely the latest among many scandals (we were among the first to report these). It’s the result of the EPO’s desperate attempts to muzzle critics. According to newly-leaked documents from Germany, “the so-called data protection officer of the EPO signed off on keylogging, hidden cameras” (blatant violations of European privacy laws), which means that he is very much like Microsoft's so-called (bogus) privacy chiefs, not the ones Microsoft fired for actually trying to ensure privacy (i.e. doing their job).
“On Friday,” says the bearer of the leaked document, “the data protection officer of the state of Bavaria (whose capital is Munich, where the EPO is headquartered) was quoted by a newspaper (English translation here) with the suggestion “that an external data protection supervisor be assigned to the EPO because the internal inspectors are not independent enough and in the absence of any action matters are likely to get out of hand.” It has become known that the EPO used keyloggers and hidden cameras in its internal investigations of what may actually just have been the exercise of one or more people’s freedom of speech with respect to the EPO’s Jack Warner, vice president Željko Topić. After Mr. Topić lost a court ruling in his country of origin (Croatia), can be accused of pretty bad stuff. The Bavarian data privacy commissioner was spot-on: while the EPO does have a “data protection officer,” that person is just a dictator’s minion with no say over anything important.”
“It’s the result of the EPO’s desperate attempts to muzzle critics.”For an institution that goes as far as keyloggers, with approval from high-level officials, it may not seem radical to hire Control Risks, mercenaries of the British government (with special spy connections). “Control Risks” is of course a very nice euphemism, which one of our readers initially described as the “private security company hired by EPO” (that was before much was known about it).
Control Risks is of course unlikely to find out much of use by reading this site. What they are after must be identities of sources and at no point will they succeed, unless they think that the reporters and sources are very dumb (the same poor assumption police often makes about felons). We know that they even spy on our IRC channels, which is rather pathetic use of their time (and European taxpayers’ money). As counter-intuitive as it may first seem, the transparency of the channels is what makes them useless for blackmail or exploitation by spies. In other words, knowing that everything there is visible (not just to moles/intruders and leakers) discourages bad behaviour or self-incriminating communication therein. There are no secrets there and people in the channels don’t have an illusion of privacy. Now, compare that to what Wikileaks had done before an FBI mole from Iceland leaked the logs. We advise Control Risks to step back and we wish to tell EPO (in the Netherlands) that we are seeing (and banning) its IP addresses that have been hammering on this site. We know what you are up to.
In order to secure future reference of the leaked material we are adding it below as JPEG (just large enough to be legible). It is possible that the Sepp Blatter equivalent at the EPO is actually Željko Topić, not King Battistelli. What the EPO needs is a sacrificial lamb, not more coverup. The longer it goes on for, the more embarrassing it will become. Keyloggers and hidden cameras should be installed on (or pointed at) Topić’s PC, not everyone who works at the EPO. █
Permalink
Send this to a friend
Posted in Microsoft, Windows at 6:07 pm by Dr. Roy Schestowitz
Summary: A look at lesser-explored aspects of the so-called OPN hack [sic], especially the systems involved
IN AN EFFORT to understand what repeatedly happened in the undoubtedly significant Office of Personnel Management (OPM) data breach/es [2-8], leaving aside the lack of concrete evidence of Chinese role [1], we tried to understand which platform was to blame. In the case of Sony it was reportedly a Microsoft Windows machine acting as the culprit or attack vector, just like Stuxnet in Iran with similar attempts against North Korea (there are still more articles about it).
“Hundreds of millions of credit card numbers got snatched from Windows.”NSA leaks were due to Microsoft SharePoint (Snowden gained access to the so-called ‘crown jewels’). As we last noted in an article about words from Kaspersky (still in headlines for it [9-12]), Windows is inherently not secure. Commercial targets of data breached that we wrote about before serve to show this. We gave readers a lot of examples over the years. Hundreds of millions of credit card numbers got snatched from Windows. the cost was enormous, but the role of Windows wasn’t ever emphasised in the corporate press.
Rebecca Abrahams published an article co-authored by Dr. Stephen Bryen, Founder & CTO of FortressFone Technologies. Unlike many other articles which point a finger at China (with little to actually back this accusation with), Abrahams does call out Windows and sheds light on what OPM uses:
Second, the government is very slow to improve security on its computers and networks. Many of the computers the government is using are antique. For example OPM still has 12-year old Windows XT as an operating system for its computers. Microsoft no longer supports XT and any vulnerability that develops is the problem of the user, not of the supplier. But even if the old stuff was upgraded it won’t help much because the systems are really clumsy amalgams of disparate parts which as a “system,” have never been properly vetted for security.
So there we go. Windows. We’re hardly surprised to say the least. The author probably means NT or XP (14 years old, not 12, unlike Server 2003), but does it matter much? Any version of Windows, no matter how old, is not secure. It’s not even designed to be secure. █
Related/contextual items from the news:
-
Out of ulterior motives, some US media and politicians have developed a habit of scapegoating China for any alleged cyber attack on the United States. Such groundless accusations would surely harm mutual trust between the two big powers of today’s world.
-
Last week, the human resources arm of the US government, the Office of Personnel Management (OPM) admitted that it had been victim of a massive data breach, where hackers stole personal data belonging to as many as 4 million government workers.
-
We already described how the recent hack into the US federal government’s Office of Personnel Management (OPM) appears to be much more serious than was initially reported. The hack, likely by Chinese state hackers, appear to have obtained basically detailed personal info on all current and many former federal government employees.
-
China-linked hackers appear to have gained access to sensitive background information submitted by US intelligence and military personnel for security clearances that could potentially expose them to blackmail, the Associated Press reported on Friday.
In a report citing several US officials, the news agency said that data on nearly all of the millions of US security-clearance holders, including the Central Intelligence Agency (CIA), National Security Agency (NSA) and military special operations personnel, were potentially exposed in the attack on the Office of Personnel Management (OPM).
-
And yet… this is the same federal government telling us that it wants more access to everyone else’s data to “protect” us from “cybersecurity threats” — and that encryption is bad? Yikes.
-
A second data breach at the US Office of Personnel Management has compromised even more sensitive information about government employees than the first breach that was revealed earlier this week, sources claim. It’s possible at least 14 million Americans have chapter and verse on their lives leaked, we’re told.
The Associated Press reports that hackers with close ties to China are believed to have obtained extensive background information on intelligence-linked government staffers – from CIA agents and NSA spies to military special ops – who have applied for security clearances.
Among the records believed to have leaked from a compromised database are copies of Standard Form 86 [PDF], a questionnaire that is given to anyone who applies for a national security position, and is typically verified via interviews and background checks.
-
-
Earlier this week, we noted that Senator Mitch McConnell, hot off of his huge flop in trying to preserve the NSA’s surveillance powers, had promised to insert the dangerous “cybersecurity” bill CISA directly into the NDAA (National Defense Authorization Act). As we discussed, while many have long suspected that CISA (and CISPA before it) were surveillance bills draped in “cybersecurity” clothing, the recent Snowden revelations that the NSA is using Section 702 “upstream” collection for “cybersecurity” issues revealed how CISA would massively expand the NSA’s ability to warrantlessly wiretap Americans’ communications.
-
-
-
Moscow-based antivirus firm Kaspersky Lab, famous for uncovering state-sponsored cyberattacks, today dropped its biggest bombshell yet: Its own computer networks were hit by state-sponsored hackers, probably working for Israeli intelligence or the U.S. National Security Agency. The same malware also attacked hotels that hosted ongoing top-level negotiations to curb Iran’s nuclear program.
-
When Israeli Prime Minister Benjamin Netanyahu met with Google chairman Eric Schmidt on Tuesday afternoon, he boasted about Israel’s “robust hi-tech and cyber industries.” According to The Jerusalem Post, “Netanyahu also noted that ‘Israel was making great efforts to diversify the markets with which it is trading in the technological field.’”
Just how diversified and developed Israeli hi-tech innovation has become was revealed the very next morning, when the Russian cyber-security firm Kaspersky Labs, which claims more than 400 million users internationally, announced that sophisticated spyware with the hallmarks of Israeli origin (although no country was explicitly identified) had targeted three European hotels that had been venues for negotiations over Iran’s nuclear program.
Wednesday’s Wall Street Journal, one of the first news sources to break the story, reported that Kaspersky itself had been hacked by malware whose code was remarkably similar to that of a virus attributed to Israel. Code-named “Duqu” because it used the letters DQ in the names of the files it created, the malware had first been detected in 2011. On Thursday, Symantec, another cyber-security firm, announced it too had discovered Duqu 2 on its global network, striking undisclosed telecommunication sites in Europe, North Africa, Hong Kong, and Southeast Asia. It said that Duqu 2 is much more difficult to detect that its predecessor because it lives exclusively in the memory of the computers it infects, rather than writing files to a drive or disk.
Permalink
Send this to a friend
Posted in Deception, Free/Libre Software, Microsoft at 5:28 pm by Dr. Roy Schestowitz
Treating ‘Open Source’ like a trash can or a wastebasket
Summary: Microsoft is hoping to achieve/get some positive karma (the openwashing effect) by putting a Windows tool that has essentially been abandoned (or made obsolete) in the ‘Open Source’ domain
Using “Abandoned Software” (AS) to label Microsoft “Open Source” (OS) isn’t a novel concept. It has been done by Microsoft before, even if the “OS” part too was altogether bogus (look but do not touch).
Microsoft appears to be pulling that card again, labelling Windows Live Writer (yes, remember “Live”? And it’s a Windows-only tool!) “Open Source”. As one site put it: “It is not updated regularly; the last update we ever saw for the device was back in 2012. Microsoft has not updated it since. Although there are users you [sic] are loyal and used the app religiously. Last month the live posts to Google’s Blogger platform stopped and it was then that it became vocal.”
Here is how IDG put it:
Microsoft will breathe life into Windows Live Writer by open sourcing the eight-year-old blog-publishing tool, a company manager said earlier this week.
What next? Making “KIN” and/or “Zune” something open-ish? If that’s the best Microsoft can do, then it is clearly too stubborn to ever leave the proprietary addiction. More openwashing of Microsoft this month is part of a familiar PR recipe… █
Permalink
Send this to a friend
Posted in GNU/Linux, Microsoft at 5:02 pm by Dr. Roy Schestowitz
Summary: The story of Nokia’s Moonraker, the baby which got knifed before birth, reportedly because of Microsoft’s pressure
WHEN Nokia was killed by Microsoft it wasn’t a slow death. A lot of Nokia’s products got killed almost immediately, especially anything which involved Linux. Yes, because “Microsoft loves Linux,” according to Microsoft’s CEO. Whenever Nokia tried new initiatives involving Linux at their core (there were several such initiatives) these quickly got shot at the back of the neck. Some staff left or was pushed out (see Jolla for example), leaving in Nokia only those loyal enough to Microsoft. According to a couple of new reports, one of which from a Microsoft booster and another from a Microsoft-sympathetic site, Microsoft killed a non-Windows smartwatch from Nokia. To quote the Microsoft booster:
The Verge reports that, according to its sources, Microsoft killed off the Moonraker watch when it bought Nokia, as Band had more sensors. While Moonraker could do things such as turn on the screen when you raise your arm and turn it off when you lower it, this apparently didn’t compare with the breadth of sensors found in the Band.
[...]
While Google and Apple smartwatches both run operating systems that are closely related to their phone platforms, Band is believed to run software that’s substantially lighter weight. While this allows Band to be smaller than full smartwatches, it also limits its utility as an app platform. Similar to the Apple Watch’s WatchKit (but unlike the forthcoming native SDK), Band apps run on the paired phone, using the Band itself only as a display device.
Nokia could have beat the rest of the market to it, but since Windows is laughably bloated and unsuitable for any watch-sized device, Microsoft could just not let it be. █
“A lot of people make that analogy that competing with Bill Gates is like playing hardball. I’d say it’s more like a knife fight.”
–Gary Clow, famous Microsoft victim
Permalink
Send this to a friend
Content is available under CC-BY-SA