This week’s headline story: Is the NSA Distributing Spyware?
The most recently leaked documents from Edward Snowden indicate that the US National Security agency has installed spyware on more than 50,000 computer networks around the world in order to to steal sensitive information. The report leaked to the Dutch newspaper NRC claims that the attacks were conducted by Tailored Access Operations – or TAO, the cyberwarfare intelligence gathering unit of the NSA. According to The Washington Post, TAO custom-builds software attacks and has software templates to break into common brands of routers, switches and firewalls. Malware-planting operations are conducted under a US$652 million project code-named “GENIE,” the French newspaper Le Monde has reported.
Standard encryption tools such as SSL can no longer insure privacy on the Internet. SSL is the encryption used for https connections on the web. Leaked documents have made it clear that the NSA is recording high volumes of encrypted Internet traffic and retaining it for later cryptanalysis. And it’s hardly the only one: Iran, North Korea, and China all store vast amounts of Internet traffic. More recently, Saudi Arabia has been actively trying to intercept mobile data for Twitter and other communication tools. Governments which are able to obtain the decryption key from the provider through court order or hacking, can easily decrypt millions of past communications sent through the provider.
Tech companies in the U.S. and elsewhere are turning to stronger forms of encryption to block government spying. Twitter and Microsoft have joined Google, Mozilla and Facebook in announcing efforts to bolster user privacy through advanced encryption technologies such as Perfect Forward Secrecy or PFS. PFS ensures that even if an organization recording web traffic gets access to a company’s private keys, it cannot go back and unscramble past communications all at once.PFC encrypts each web session with an ephemeral key that is discarded once the session is over. A determined adversary could still decrypt past communications, but with PFS the keys for each individual session would have to be cracked to read the sessions’ contents, making the process much, much more difficult.
- NSA’s Malware Infection Spree Leaves Network Managers Powerless [Ecommerce Times]
- NSA reportedly compromised more than 50,000 networks worldwide [Computerworld]
- Report: NSA Has Infected 50,000 Networks with Spyware [NewsFactor]
- Twitter Toughening Its Security to Thwart Government Snoops [NYTimes]
- Twitter Beefs Up Encryption Against NSA Snooping [NewsFactor]
- Microsoft, suspecting NSA spying, to ramp up efforts to encrypt its Internet traffic [Washington Post]
- Yahoo to Tie Up Data With Neat Encryption Bow [Ecommerce Times]
and elsewhere in Tech News.
- A Surge in Value for Bitcoin and Currencies Similar to It [NYTimes]
The unregulated digital currency known as Bitcoin has jumped in value in recent days. A week ago Bitcoin was trading at about $615, but over the past week it passed $1,000 on Mt.Gox, the leading Bitcoin exchange, setting a new high. This pushed Bitcoin’s market capitalization to over $11 billion. It’s not just Bitcoin that is enjoying a jump in value, other digital currencies are doing the same. Litecoin, Peercoin, Namecoin, Feathercoin, Megacion, and Infinicoin are all up double-digit percentage points, as well. The rise in pricing is most likely happening concurrently with the rise in attention. There are now more than 1.6 million references to Bitcoin in Google News, which monitors major news outlets around the world. So, is this yet another Internet bubble? Or is the financial industry in for a major paradigm shift?
- Obama administration says achieves key goal of fixing HealthCare.gov [Reuters]
Two months after the disastrous launch of a key component of President Barack Obama’s healthcare law, administration officials said they had achieved their goal of getting HealthCare.gov operating smoothly by December 1. The administration’s key achievement was to increase site capacity to 50,000 simultaneous users, which would allow HealthCare.gov to handle a minimum of 800,000 users per day. This should allow uninsured Americans from 36 states to apply for coverage by the initial December 23 deadline.