Google technology catches out man accused of uploading over 3,000 child porn images and he is arrested by the FBI
Daily Mail / UK November 24, 2013
Google’s efforts to block child pornography snared a victim earlier in November when a California man was arrested, accused of uploading over 3,000 pornographic images online.
Raul Gonzales, 40, identified in criminal complaint on November 6, was recently arrested by the FBI in Woodland, as reported by CBS.
Yet the investigation against him started in March, when Google’s ‘hashing’ technology detected images that Gonzales had added to their photo sharing site Picasa.
The web giant then alerted the National Center for Missing and Exploited Children, which discovered more images uploaded by Gonzalez to Tumblr.
The FBI then took over the investigation. Disturbingly, CBS also reported that the agency found pictures of a 9-year-old child who is close to the family.
The station also said that Gonzales had admitted to sexually assaulting this child.
Google’s servers are able to search through images uploaded online. Algorithm technology can detect possible examples of child pornography.
Once such images are found it is examined by a human employee to check that the photo depicts abuse and not something more innocent, like a child at bathtime.
Every offending picture can then be tagged with a particular digital fingerprint, which shows up if the image is reloaded online elsewhere.
Following UK Prime Minister David Cameron’s recent efforts to tackle child pornography, Google Chief Executive Eric Schmidt wrote an op-ed in the Daily Mail on the issue.
In that article, Schmidt explained the ways in which his company was using technology to take on the disturbing problem:
Cleaning up search:
We’ve fine tuned Google Search to prevent links to child sexual abuse material from appearing in our results.
While no algorithm is perfect – and Google cannot prevent paedophiles adding new images to the web – these changes have cleaned up the results for over 100,000 queries that might be related to the sexual abuse of kids.
As important, we will soon roll out these changes in more than 150 languages, so the impact will be truly global.
We’re now showing warnings – from both Google and charities – at the top of our search results for more than 13,000 queries.
These alerts make clear that child sexual abuse is illegal and offer advice on where to get help.
Detection and removal:
There’s no quick technical fix when it comes to detecting child sexual abuse imagery.
This is because computers can’t reliably distinguish between innocent pictures of kids at bathtime and genuine abuse. So we always need to have a person review the images.
Once that is done – and we know the pictures are illegal – each image is given a unique digital fingerprint.
This enables our computers to identify those pictures whenever they appear on our systems. And Microsoft deserves a lot of credit for developing and sharing its picture detection technology.
But paedophiles are increasingly filming their crimes. So our engineers at YouTube have created a new technology to identify these videos.
We’re already testing it at Google, and in the new year we hope to make it available to other internet companies and child safety organisations.
There are many organisations working to fight the sexual exploitation of kids online – and we want to ensure they have the best technical support.
So Google plans to second computer engineers to both the Internet Watch Foundation (IWF) here in Britain and the US National Center for Missing and Exploited Children (NCMEC). We also plan to fund internships for other engineers at these organisations.
Google finishes 2,048-bit security upgrade for Web privacy
Prodded by “concerns about overbroad government surveillance,” Google beat an end-of-year deadline to retire Web certificates with less secure 1,024-bit encryption keys.
C/NET News by Stephen Shankland November 19, 2013
Never again are you going to get a Google Web site whose security certificate is protected with comparatively weak 1,024-bit encryption.
The Net giant has secured all its certificates with 2,048-bit RSA encryption keys or better, Google security engineer Dan Dulay said in a blog post Monday. Certificates are used to set up encrypted communications between a Web server and Web browser.
That means two things. First, traffic will be harder to decrypt since 1,024-bit keys aren’t in use at Google anymore. Second, retiring the 1,024-bit keys means the computing industry can retire the technology altogether by declaring such keys untrustworthy.
Google has been aggressively moving to stronger encryption because of U.S. government surveillance by the National Security Agency. According to documents leaked by former NSA contractor Edward Snowden, the agency gathered bulk data off Internet taps, including unencrypted data sent between company data centers on its own network, and actively worked to undermine encryption.
Google said it beat its internal end-of-year deadline for the 2,048-bit move. It’s also moved to encrypt its internal data transfer between data centers, a move that Yahoo also is making.
In other words, the Net’s technology giants are working actively to make surveillance, authorized or not, significantly harder.
“Worry in Silicon Valley/Puget Sound: furor over NSA will cost billions cuz foreign customers fear US companies can’t guarantee security,” tweeted Strobe Talbott, president of analyst firm Brookings Institution, referring to the geographic regions where tech powers such as Google, Facebook, Yahoo, Microsoft, Twitter, Apple, LinkedIn, and Amazon are located.
Google Begs Court to Reconsider Ruling That Wi-Fi Sniffing Is Wiretapping
WIRED / Threat Level by David Kravets September 25, 2013
Google is asking a federal appeals court to reconsider a recent ruling finding Google potentially liable for wiretapping when it secretly intercepted data on open Wi-Fi routers.
The Mountain View-based company said the September 10 decision by the 9th U.S. Circuit Court of Appeals will create “confusion” (.pdf) about which over-the-air signals are protected by the Wiretap Act, including broadcast television.
The case concerns nearly a dozen combined lawsuits seeking damages from Google for eavesdropping on open Wi-Fi networks from its Street View mapping cars. The vehicles, which rolled through neighborhoods around the world, were equipped with Wi-Fi–sniffing hardware to record the names and MAC addresses of routers to improve Google location-specific services. But the cars also gathered snippets of content.
The search giant petitioned the San Francisco-based appeals court to reconsider its decision that allowed the case to proceed at trial — a ruling that upended Google’s defense.
Google claimed it is was legal to intercept data from unencrypted, or non-password-protected Wi-Fi networks. Google said open Wi-Fi networks are “radio communications” like AM/FM radio, citizens’ band and police and fire bands, and are “readily accessible” to the general public and exempt from the Wiretap Act — a position the appeals court rejected.
“This error is exceptionally important. It promises to have a substantial, long-lasting effect on the application of the Wiretap Act in an environment of rapid technological change. If allowed to stand, the panel’s ruling will create confusion about the Wiretap Act’s prohibitions, threaten the development of new radio-based technologies, and raise questions about whether activities that Congress intended to protect may now be deemed unlawful,” Google wrote the appeals court late Monday.
The court has the option of rejecting Google’s petition. Or, it could rehear the case with the same three-judge panel or decide the issue en banc with an 11-judge panel. The 9th Circuit is the nation’s largest appeals court, and covers Arizona, California, Montana, Alaska, Hawaii, Idaho, Oregon, Washington and Nevada.
Google said the decision makes it unclear whether intercepting broadcast television might be deemed wiretapping, as might the interception of “public safety communications” or “any marine or aeronautical communications systems.”
“That makes no sense, will create confusion about what radio-based signals can be lawfully received, and is not what Congress intended,” Google wrote in its petition.
Google was sniffing packets of data on unsecured Wi-Fi networks in about a dozen countries over a three-year period, until German privacy authorities began questioning in 2010 what data Google’s Street View cars were collecting. Google, along with other companies, use databases of Wi-Fi networks and their locations to augment or replace GPS when attempting to figure out the location of a computer or mobile device. Google had claimed the lawsuit was “without merit,” and has abandoned the practice of payload sniffing from open networks.
The flap, meanwhile, has wide-ranging implications for the millions who use open, unencrypted Wi-Fi networks at coffee shops, restaurants or any other businesses that try to attract customers by providing free Wi-Fi.
Hanni Fakhoury, an Electronic Frontier Foundation staff attorney, said the court’s decision had some pluses and minuses. One fallout is that security researchers face the risk of civil penalties or even criminal prosecution for intentionally capturing payload data traveling over open Wi-Fi networks.
On the other hand, the decision also provides a strong argument that the feds and other law enforcement agencies that want to spy on data transmitted over unencrypted Wi-Fi will need to get a wiretap order to do so. We’ve seen the government use a device called a ‘moocherhunter’ without a search warrant to read Wi-Fi signals to figure out who’s connecting to a particular wireless router. This decision suggests that to the extent the government uses a device like this (or even a ‘stingray’ to the extent it can capture Wi-Fi signals) to capture payload data — even if just to determine a person’s location—they’ll need a wiretap order to do so. That’s good news since wiretap orders are harder to get than a search warrant.
Ironically, the Federal Communications Commission last year cleared Google of wrongdoing in connection to it secretly intercepting Americans’ data on unencrypted Wi-Fi routers.
The commission said that, between 2008 and 2010, “Google’s Street View cars collected names, addresses, telephone numbers, URL’s, passwords, e-mail, text messages, medical records, video and audio files, and other information from internet users in the United States.”
The commission, however, fined Google $25,000 for stonewalling the investigation.
Hacker Pleads Guilty to Selling FBI Access to U.S. Supercomputers
WIRED by David Kravets August 27, 2013
A 24-year-old Pennsylvania hacker pleaded guilty today to accusations he tried to sell access to Energy Department supercomputers he unlawfully accessed.
The defendant, who remains free pending a November sentencing date, faces as much as 18 months behind bars under a plea deal (.pdf) with Massachusetts federal authorities.
Among other exploits, Andrew James Miller pleaded guilty to propositioning an undercover Federal Bureau of Investigation agent during an online chat to pay him $50,000 for “root” access to the supercomputers at the National Energy Research Scientific Computing Center at the Lawrence Berkeley National Lab California.
Using the handle “Green,” he pasted during the chat that he had proof of access, the government said in an indictment. The research center, which houses some of the world’s most powerful computers, offers high-end computing power for Energy Department-approved projects.
The defendant, a member of the hacking group Underground Intelligence Agency, was arrested and indicted (.pdf) in June. A fellow member of the group, Robert Burns, who went by the handle “Intel,” assisted authorities with the prosecution, court documents show.
Miller gained access to the supercomputers via hacking into a Japanese university that had connections to those computers, the government said. Miller told FBI agents that he also had access to the supercomputers via Harvard University and the University of California at Davis.
The feds never paid him the $50,000, according to court records. (.pdf)
According to court documents, the defendant bragged to FBI agents online that he had broken into the corporate servers of American Express, Yahoo, Google, Adobe, WordPress and other companies and universities.
The authorities said they paid him $1,000, via Western Union, for access to the entire corporate network of RNKTel, a Massachusetts-based telco.
“According to RNKTel, with that administrator-level access, a bad actor could not only have accessed RNKTel’s confidential business records but could also have altered customer accounts to obtain, for free, the telecommunication services that RNKTel sells to its customers,” prosecutors said.
For $1,200, the FBI bought from Miller a database of thousands of log-in credentials of the ISP Layered Tech of Texas. Miller also sold the FBI — for $1,000 — access to the domain of the Domino’s Pizza chain, according to court records.
Tech firms squirm over their role in Prism surveillance
PC World by Ellen Messmer July 28, 2013
The disclosures about the National Security Agency’s massive global surveillance by Edward Snowden, the former information-technology contractor who’s now wanted by the U.S. government for treason, is hitting the U.S. high-tech industry hard as it tries to explain its involvement in the NSA data-collection program.
Last week, a gaggle of 22 large U.S. high-tech firms—including Apple, Facebook, Google, Microsoft, and Yahoo which have acknowledged they participate in NSA data-gathering efforts in some form, if not exactly as Snowden and some press reports have described it—begged to be freed from the secrecy about it in their pleading, public letter to President Obama, NSA director Keith Alexander, and a dozen members of Congress.
The July 18 A letter from America’s high-tech powerhouses, which was also signed by almost three dozen nonprofit and trade organizations as well as six venture-capital firms, begged for “greater transparency around national security-related requests by the US government to Internet, telephone, and web-based service providers” in terms of how much information the government demands on high-tech customers and subscriber accounts and how.
The letter begged for the U.S. government to make the amount of requests the government makes related to national security for individual customer information public.
“This information about how and how often the government is using these legal authorities is important to the American people, who are entitled to have an informed public debate about the appropriateness of those authorities and their use, and to international users of US-based service providers who are concerned about the privacy and security of their communications.,” the letter to President Obama, Congress, the NSA director and Director of National Intelligence, stated yesterday.
Firms on the defensive
The revelations last month from Snowden about NSA’s extensive involvement in U.S. high-tech firms for purposes of information collection has suddenly put the U.S. high-tech industry on the defensive as they struggle to offer an explanation about all this to their global users while still bound by secrecy under the U.S. Patriot Act. There’s no indication yet from the White House or others in government that any change in the NSA spying program, which relies on the participation of U.S.-based firms, will change.
“This should be debated in a public setting,” said John Dickson, principal at security firm Denim Group and a former U.S. Air Force officer, about the situation in which NSA’s global surveillance is tied so clearly to U.S.-based companies. He noted the U.S. government has actually said little but the media much.
This is all putting tremendous pressure on the U.S. high-tech industry, especially abroad in Europe where privacy questions may be making U.S. industry seem less competitive. This week Brad Smith, Microsoft general counsel and executive vice president, legal and corporate affairs at Microsoft, A issued a public statement that sought to clarify Microsoft’s participation in the U.S. government’s content gathering methods.
“”Recent leaked documents have focused on the addition of HTTPS encryption to Outlook.com instant messaging, which is designed to make this content more secure as it travels across the Internet,” Microsoft counsel Smith wrote. “To be clear, we do not provide any government with the ability to break the encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency.”
Microsoft’s SkyDrive and Skype A is handled somewhat similarly in terms of government requests, Smith said. As far as enterprise and document storage for business customers, “we take steps to redirect the government to the customer directly, and we notify the customer unless we are legally prohibited from doing so,” Smith stated in his July 16 post. “We have never provided any government with customer data from any of our business or government customers for national security purposes.”
Smith added Microsoft got four requests related to law enforcement in 2012. “We do not provide any government with the ability to break the encryption used between our business customers and their data in the cloud, nor do we provide the government with the encryption keys.”
Is Prism even effective anymore?
In the meantime, it’s safe to assume in this NSA leaks debacle that “the bad guys have switched tactics” and probably wouldn’t use U.S.-based high-tech services, Dickson points out. And in this atmosphere of rising cyber-nationalism, the possible role of China’s government and its own high-tech industry have to be asked, too, he noted.
Former head of the U.S. Central Intelligence Agency and the NSA, Gen. Michael Hayden, recently charged forward on that topic in an interview with The Australian Financial Review.
Hayden said he believes that China-based network vendor Huawei conducted clandestine activities and shared with the Chinese state “intimate and sensitive knowledge of the foreign telecommunications systems it is involved with.” According to the published report, Gen. Hayden said the Huawei is a significant security threat to Australia and the U.S., has spied for the Chinese government, and intelligence agencies have evidence of this.
A Huawei spokesman, John Suffolk, Huawei’s global cyber security officer, is quoted by the Australian publication yesterday as calling Hayden’s remarks “unsubstantiated and defamatory” and that any critics of the company should present any evidence publicly.In an opinion piece on CNN.com today, Gen. Hayden railed openly against Edward Snowden as a national security threat, saying he “fled to China with several computers’ worth of data from NSANET, one of the most highly classified and sensitive networks in American intelligence.”
Hayden acknowledged that one aspect of the fallout from Snowden’s leaks is that “the undeniable economic punishment that will be inflicted on American businesses for simply complying with American law.”
Hayden’s remarks on CNN also seem to sarcastically criticize the Europeans now complaining about the NSA activities and how they may violate European data-privacy laws. “Others, most notably in Europe, will rend their garments in faux shock and outrage that these firms have done this, all the while ignoring that these very same companies, along with their European counterparts, behave the same way when confronted with the lawful demands of the European states.”
Hayden continued: “The real purpose of those complaints is competitive economic advantage, putting added burdens on or even disqualifying American firms competing in Europe for the big data and cloud services that are at the cutting edge of the global IT industry.”
As if all this weren’t enough, former President Jimmy Carter also spoke out yesterday on NSA global surveillance, suggesting the NSA data collection practices were harming democracy. Former president Carter also said Edward Snowden’s revelations didn’t really harm national security and and was actually “beneficial” because “they inform the public.”