Seven in 10 people say the “dark net” – an anonymous online home to both criminals and activists afraid of government snooping – should be shut down, according to a global Ipsos poll released on Tuesday.
The findings, from a poll of at least 1,000 people in each of 24 countries, come as policymakers and technology companies argue over whether digital privacy should be curbed to help regulators and law enforcement more easily thwart hackers and other digital threats.
The U.S. Justice Department is currently trying to force Apple Inc to write software to allow access to an iPhone used by San Bernardino, California shooter Rizwan Farook.
The dark net refers to an area of the Internet only accessible via special web browsers that ensure anonymity, where content is hidden and data typically encrypted.
The Ipsos poll was commissioned the Waterloo, Ontario-based Centre for International Governance Innovation (CIGI). The think tank is part of a commission seeking to shape Internet governance.
The question asked in the poll pointed out the dark net’s anonymity can protect journalists, human rights activists, dissidents and whistleblowers, but also hide child abuse networks and illegal marketplaces selling weapons and narcotics.
The portion of respondents who either strongly agreed or somewhat agreed it should be shuttered ranged between 61 percent and 85 percent, with support strongest in Indonesia, India, Egypt and Mexico and weakest in Sweden, South Korea and Kenya.
Other countries polled included Pakistan, Australia, the United States, France, Germany, Turkey, and Tunisia.
“The public clearly wants law enforcement to have the tools to do its job. But if you flip it around and say should they have access to your data they tend to feel differently,” said Fen Osler Hampson, director of the global security and politics program at CIGI.
Only 38 percent of all respondents said they trust that their online activities are not monitored.
Hampson said public concern about online privacy will likely grow as more and more cars, appliances and infrastructure connect to online networks.
There are worries that Tor could either be technically subverted or subject to court orders, which could force the project to turn over critical information that would undermine its security, similar to the standoff between Apple and the U.S. Department of Justice.
Tor developers are now designing the system in such a way that many people can verify if code has been changed and “eliminate single points of failure,” wrote Mike Perry, lead developer of the Tor Browser.
Over the last few years, Tor has concentrated on enabling users to take its source code and create their “deterministic builds” of Tor that can be verified using the organization’s public cryptographic keys and other public copies of the application.
“Even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue,” Perry wrote. “From an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered.”
Two cryptographic keys would be required for a tampered version of the Tor Browser to be distributed without at least initially tripping security checks: the SSL/TLS key that secures the connection between a user and Tor Project servers plus the key used to sign a software update.
“Right now, two keys are required, and those keys are not accessible by the same people,” Perry wrote in a Q&A near the end of the post. “They are also secured in different ways.”
Even if an attacker obtained the keys, in theory people would be able to check the software’s hash and figure out if it may have been tampered with.
Tor, short for The Onion Router, is a network that provides more anonymous browsing across the Internet using a customized Firefox Web browser. The project was started by the U.S. Naval Research Laboratory but is now maintained by the nonprofit Tor Project.
Web browsing traffic is encrypted and routed through random proxy servers, making it harder to figure out the true IP address of a computer. Tor is a critical tool for activists and dissidents, as it provides a stronger layer of privacy and anonymity.
Activist investor Jana Partners is urging Qualcomm Inc to consider spinning off its chip unit from its patent-licensing business to boost the chipmaker’s sagging stock price, the Wall Street Journal reported, citing a quarterly letter that will be sent to Jana investors on Monday.
Jana, one of Qualcomm’s largest shareholders, is also calling on the company to cut costs, accelerate stock buybacks and make changes to its executive pay structure, financial reporting and board of directors, the newspaper said.
Qualcomm said last month it would buy back up to $15 billion of shares and raise its quarterly dividend. The company also said it would continue to return at least 75 percent of its free cash flow to shareholders annually.
In the letter, Jana said the buyback is a positive step but Qualcomm needs to do more to capitalize on its strong position in the chip market. It said Qualcomm’s chip business is essentially worthless at the company’s present market value, the Journal reported.
While the majority of Qualcomm’s revenue comes from selling so-called baseband chips that enable phones to communicate with carrier networks, most of its profit comes from licensing patents for its widespread CDMA cellphone technology.
Earlier this year, Qualcomm’s longtime customer Samsung Electronics Co opted to use an internally developed processor for its new Galaxy S6 smartphone rather than Qualcomm’s latest Snapdragon mobile chip.
Jana executives and Qualcomm’s management have held private discussions since late last year, the Journal said, citing a person familiar with the conversations. In the letter, Jana described the talks as constructive.
U.S. civil rights leader Rev. Jesse Jackson is urging Twitter to release its employee diversity information, which its Silicon Valley peers such as Google, Yahoo, LinkedIn and Facebook have already done.
The Rainbow Push Coalition, founded by Jackson, has also asked Twitter to signal its commitment to inclusion by hosting a public community forum to address the company’s plan to recruit and retain more African American talent.
The coalition and black empowerment group, ColorOfChange.org, plans to launch a Twitter-based campaign to challenge the company, the coalition said in a statement late last week.
On Friday at the Netroots Nation conference in Detroit, ColorofChange will lead a “Black Twitter” plenary session where activists will push out the petition campaign over Twitter and other social media.
Tech companies have been under pressure to release employee diversity data since Jackson took up the campaign to highlight the underrepresentation of African-Americans in Silicon Valley companies, starting with a delegation to Hewlett-Packard’s annual meeting of shareholders.
“….Twitter has remained silent, resisting and refusing to publicly disclose its EEO-1 workforce diversity/inclusion data,” according to the joint petition by the coalition and ColorOfChange.org.
The diversity reports are typically filed with the U.S. Equal Employment Opportunity Commission and companies are not required to make the information public.
Twitter has not commented on the matter.
The U.S. Supreme Court has decided not to review a lawsuit challenging the U.S. National Security Agency’s collection of U.S. phone records filed by a conservative activist, despite a lower court’s ruling that the program may be illegal.
The court, without comment, denied the request by activist and former federal prosecutor Larry Klayman, along with Charles and Mary Strange, to immediately hear their case against U.S. President Barack Obama, U.S. Attorney General Eric Holder, NSA Director Keith Alexander, Verizon Communications and Roger Vinson, the judge who signed the order allowing the surveillance.
Klayman had appealed the case directly to the Supreme Court after Judge Richard Leon of the U.S. District Court for the District of Columbia stayed his decision suspending the NSA program, pending appeal by the government.
The case has generated significant attention, with Leon ruling in December that the NSA’s large-scale telephone records collection program likely violates the U.S. Constitution.
Leon wrote that the plaintiffs’ reasonable expectation of privacy may be violated when the government “indiscriminately collects their telephone metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains all of that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets.”
Obama has since talked about ending the phone-records collection program, and several lawmakers have backed legislation that would end the program, but it remains in effect.
The DOJ declined to comment on the Supreme Court’s decision.
Klayman, founder of Judicial Watch, did not immediately respond to a request for comments on the Supreme Court’s decision. The Stranges are parents of Michael Strange, a Navy SEAL who was killed when his helicopter was shot down by Taliban fighters.
Syria’s civil war and political strife in Egypt have given birth to new battlegrounds on the Web and driven a surge in cyber attacks in the Middle East, according to a leading Internet security company.
More than half of incidents in the Gulf this year were so-called “hacktivist” attacks – which account for only a quarter of cybercrime globally – as politically motivated programmers sabotaged opposing groups or institutions, executives from Intel Corp’s software security division McAfee said on Tuesday.
“It’s mostly bringing down websites and defacing them with political messages – there has been a huge increase in cyber attacks in the Middle East,” Christiaan Beek, McAfee director for incident response forensics in Europe, Middle East and Africa (EMEA), told Reuters.
He attributed the attacks to the conflict in Syria, political turmoil in Egypt and the activities of hacking collective Anonymous.
“It’s difficult for people to protest in the street in the Middle East and so defacing websites and denial of service (DOS) attacks are a way to protest instead,” said Beek.
DOS attacks flood an organization’s website causing it to crash, but usually do little lasting damage.
The Syrian Electronic Army (SEA), a hacking group loyal to the government of President Bashar al-Assad, defaced an Internet recruiting site for the U.S. Marine Corps on Monday and recently targeted the New York Times website and Twitter, as well other websites within the Middle East.
Beek described SEA as similar to Anonymous.
“There’s a group leading operations, with a support group of other people that can help,” said Beek.
McAfee opened a centre in Dubai on Monday to deal with the rising threat of Internet sabotage in the region, the most serious of which are attacks to extract proprietary information from companies or governments or those that cause lasting damage to critical infrastructure.
Cyber attacks are mostly focused on Saudi Arabia, the world’s largest oil exporter, Qatar, the top liquefied natural gas supplier, and Dubai, which is the region’s financial, commercial and aviation hub, said Gert-Jan Schenk, McAfee president for EMEA.
“It’s where the wealth and critical infrastructure is concentrated,” he said.
The “Shamoon” virus last year targeted Saudi Aramco, the world’s largest oil company, damaging about 30,000 computers in what may have been the most destructive attack against the private sector.
“Ten years ago, it was all about trying to infect as many people as possible,” added Schenk. “Today we see more and more attacks being focused on very small groups of people. Sometimes malware is developed for a specific department in a specific company.”
Israel isn’t too happy after thousands of its citizens’ credit card details were posted online by a hacker, according to Reuters. The country said it was one of the worst attacks it has faced and compared the security breach to a terrorist operation.
Danny Ayalon, deputy foreign minister of Israel said it was “a breach of sovereignty comparable to a terrorist operation, and must be treated as such”.
“Israel has active capabilities for striking at those who are trying to harm it, and no agency or hacker will be immune from retaliatory action,” he added.
Commercial web sites were the focus of the attack and Ayalon said that Israel hasn’t ruled out the possibility that the hacking was carried out by a “more organised and sophisticated” group rather than just one person.
The hacker, known as 0xomar, claims to have leaked personal information about more than 400,000 Israelis. However, credit card companies said 25,000 credit card numbers had been posted and some were expired.
The Haaretz newspaper claimed that the hacker had been tracked down by an unnamed blogger who discovered him to be a 19 year old United Arab Emirates student studying and working in Mexico.
The Chaos Computer Club wants to create a censorship free internet by sticking its own satillites in space. Hackers at the Chaos Computer Club’s Chaos Communication Congress in Berlin proposed an initiative called the Hackerspace Global Grid (HGG), which aims to create and freely make available satellite based communication.
The group also says it wants to stick a hacker on the moon in 23 years, but their first goal is to deal with threats to the Internet like the proposed Stop Online Piracy Act (SOPA), by creating an “uncensorable Internet in space.” The project builds off of an earlier idea by Nick Farr in August for a Hacker Space Program.Armin Bauer is working on the communications infrastructure for the project with his team.
His background is with the Constellation platform that uses Internet-connected computers for aerospace related research. It is developing an idea for a network of low-cost ground stations for when the project gets low-orbit satellites up there. The stations would be there to pinpoint satellites and facilitate sending data back to earth.
Not sure where they will get the satellites from.
Security expert Professor Stefan Katzenbeisser of Technische Universität Darmstadt told a security conference in Berlin that the GSM-R which is being installed in train networks makes them vulnerable to hackers.
Katzenbeisser said that the new system was vulnerable to “Denial of Service” attacks and, while trains could not crash, service could be disrupted for quite some time. Speaking to the Chaos Communication Congress he said that Network Rail is currently installing GSM-R across the British railway network.
It uses the similar technical standards to 2G mobile networks and is due to replace older signalling technology in southern England next year, and throughout the whole country in 2014. But train switching systems, which enable trains to be guided from one track to another at a railway junction, have historically been separate from the online world. If they were connected to the internet as they are in GSM-R they could be hit by Denial of Service attacks.
At the moment Britain trains can grind to a halt for things on the line ranging from frost, ice and leaves.
Vulnerability in a very popular wireless technology could allow hackers to gain remote control of mobile devices And instruct them to send text messages or make calls, according to an expert on cellular phone security.
They could use the vulnerability in the GSM network technology, which is used by billions of people in about 80 percent of the global mobile market, to make calls or send texts to expensive, premium phone and messaging services in scams, said Karsten Nohl, head of Germany’s Security Research Labs.
Similar attacks against a small number of smartphones have been done before, but the new attack could expose any cellphone using GSM technology.
“We can do it to hundreds of thousands of phones in a short timeframe,” Nohl told Reuters in advance of a presentation at a hacking convention in Berlin on Tuesday.
The convention takes place just days after U.S. security think tank Strategic Forecasting Inc (Stratfor) said its website had been hacked and that some of the names of corporate subscribers had been made public. Activist hacker group Anonymous claimed responsibility.
Attacks on corporate landline phone systems are fairly common, often involving bogus premium-service phone lines that hackers set up across Eastern Europe, Africa and Asia.
Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified.
The phone users typically don’t identify the problem until after they receive their bills and telecommunications carriers often end up footing at least some of the costs.
Even though Nohl will not present details of attack at the conference, he said hackers will usually replicate the code needed for attacks within a few weeks.
Mobile networks of Germany’s T-Mobile and France’s SFR offer their clients best protection against online criminals wanting to intercept their calls or track their movements, shows a new ranking Nohl will demonstrate at his presentation.
The new ranking, at gsmmap.org, lets consumers to see how their operators are performing and lets anyone to participate in measurement of their carriers’ security.
The U.S. State Department is putting its money where its mouth is, according to the Daily Mail. It is funding the creation of an application that will allow pro-democracy activists to delete all incriminating evidence on their mobile phones with a single click while sending out an alert to their fellow activists.
The “panic button” will send out a text message to everyone in the user’s address book, then erase both that address book and the phone’s call history. This will be an important tool, given how thoroughly governments go through dissident’s communications devices as a matter of course these days.
As “wired” as the world is, many of the most oppressive regimes have spent more money, including “aid” money, on their own personal pursuits rather than in establishing working infrastructure, so mobile communications are the default for activists.
“The initiative is part of Secretary of State Hillary Clinton’s push to expand Internet freedoms,” wrote the Mail, “because of the crucial role Facebook and Twitter has had in fueling pro-democracy movements in Iran, Egypt, Tunisia and elsewhere.”
Since 2008, the U.S. government has spent $50 million on firewall workarounds and other tools for busting through censorship. Whether it’s been of any real on-the-ground value, is another discussion.