Wednesday, August 27, 2014

SECURITY - NSA's Secret 'Google'

"The Surveillance Engine:  How the NSA Built Its Own Secret Google" by Ryan Gallagher, The Intercept 8/25/2014

Excerpt

The National Security Agency is secretly providing data to nearly two dozen U.S. government agencies with a “Google-like” search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats, according to classified documents obtained by The Intercept.

The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies.  Planning documents for ICREACH, as the search engine is called, cite the Federal Bureau of Investigation and the Drug Enforcement Administration as key participants.

ICREACH contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing.  Details about its existence are contained in the archive of materials provided to The Intercept by NSA whistleblower Edward Snowden.

Earlier revelations sourced to the Snowden documents have exposed a multitude of NSA programs for collecting large volumes of communications.  The NSA has acknowledged that it shares some of its collected data with domestic agencies like the FBI, but details about the method and scope of its sharing have remained shrouded in secrecy.

ICREACH has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work, according to a 2010 memo.  A planning document from 2007 lists the DEA, FBI, Central Intelligence Agency, and the Defense Intelligence Agency as core members.  Information shared through ICREACH can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs.

The creation of ICREACH represented a landmark moment in the history of classified U.S. government surveillance, according to the NSA documents.

“The ICREACH team delivered the first-ever wholesale sharing of communications metadata within the U.S. Intelligence Community,” noted a top-secret memo dated December 2007.  “This team began over two years ago with a basic concept compelled by the IC’s increasing need for communications metadata and NSA’s ability to collect, process and store vast amounts of communications metadata related to worldwide intelligence targets.”

The search tool was designed to be the largest system for internally sharing secret surveillance records in the United States, capable of handling two to five billion new records every day, including more than 30 different kinds of metadata on emails, phone calls, faxes, internet chats, and text messages, as well as location information collected from cellphones.  Metadata reveals information about a communication — such as the “to” and “from” parts of an email, and the time and date it was sent, or the phone numbers someone called and when they called — but not the content of the message or audio of the call.

Monday, August 11, 2014

INTERNET - Criminals Steal 1.2 Billion Web Credentials

"After criminals steal 1.2 billion web credentials, how to protect personal info from data breaches" PBS NewsHour 8/6/2014

Excerpt

GWEN IFILL (NewsHour):  Computer hacking and the breaches of privacy that come with them are becoming a regular and unwelcome feature of our wired world.

Now The New York Times and a security firm based in the Midwest are reporting a massive one that includes the collection of more than a billion username and password combinations and more than 500 million e-mail addresses.  What’s more, the perpetrators appear to be a shadowy Russian crime ring.

Details, including the names of the victims, are hard to come by.  But the news has raised eyebrows around the world.  So, how serious is it?

For that, we turn to Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, a Web security firm.

Mr. Alperovitch, tell us just in context of all these other breaches we have had in the past year, say, how — relative to those, how big is this?

DMITRI ALPEROVITCH, CrowdStrike:  Well, the number is certainly striking; 1.2 billion credentials is a lot.  In the past, we have seen some big breaches that numbered in the hundreds of millions.

But this is certainly the biggest one that I — that I can remember.

LINUX - More Cities and Nations Ditch Microsoft

"Turin to Be First Italian City to Adopt Ubuntu, Unshackle from the 'Tyranny of Proprietary Software'" by Silviu Stahie, SoftPedia 8/8/2014

Turin wants to be the first city in Italy to switch completely to open source and Ubuntu and entirely ditch all the Microsoft products.

The number of local authorities that decide to switch to open source to match the IT needs of a city is slowly increasing and now it looks like the city of Turin in Italy is also doing the same thing.

One of the main tools that are available for the local governments to decrease the public spending is to make some changes when it comes to upgrading the proprietary software.  Usually, this procedure costs a lot of money and the only way that you can save funds is to adopt open source solutions.

In the case of Turin, that can be done by adopting Ubuntu, which is a Linux distribution developed by Canonical and which has complete support for the Italian language.  Ubuntu is a free operating system and it's supported for a period of five years.  Even when the support ends, the IT department only has to upgrade to the next release.

According to a report on repubblica.it, Turin wants to become the first city in Italy to move completely to open source for its 8,300 PCs used by the local authorities.

“The transition will begin this fall and it will take a year and a half to complete.  It will become the first Italian open source city and we'll to get a saving on expenses for the computers that will go 20-40 percent compared to today,” says one of the managers of the project, Gianmarco Montanari.

“If we abandon proprietary software we will save €6 million ($8 million) in five years.  The initial investment is low but, once installed programs and taught employees how to use them, the system will go ahead on its own feet, allowing the city to lower the cost even more,” notes the director of Information Systems, Sandro Golzio.

The complete price of migrating the PCs from a version of Windows to another, together with the Office suite, would cost the city €22 million ($29.5 million) over a five-year span, but with the adoption of Ubuntu, that price will go down to €16 million ($21,4 million).

A flurry of cities in Europe are doing similar things.  In Germany, the city of Munich has already finished the transition to their own Linux distribution, and in Toulouse, France, the process is ongoing and it will be over in a couple of years.