Mar 272013
 

Draft bill would make CFAA even worse

The dangerously broad cybercrimes legislation needs changing, but in the opposite direction to new House proposals

Salon
by Natasha Lennard
March 25, 2013

 

Aaron Swartz (Credit: Wikipedia)

Aaron Swartz (Credit: Wikipedia)

 

In recent months, especially in light of Aaron Swartz’s suicide and Andrew ‘Weev’ Aurnheimer’s prison sentencing, calls for reform to or disposal of the Computer Fraud and Abuses Act (CFAA) have amplified to a fever pitch. If a draft cybersecurity bill from the House Judiciary Committee is anything to go by, however, these cries for change have fallen on deaf ears.

As noted here, following Swartz’s death, Rep. Zoe Lofgren proposed legislation, “Aaron’s law,” which aims to stop the government bringing disproportionate charges in cases like Swartz’s. The draft cybersecurity bill circulating on Capitol Hill since last weekend, unlike Lofgren’s, appears to expand the CFAA, not limit it. TechDirt called the proposed bill “so bad that it almost feels like the Judiciary Committee is doing it on purpose as a dig at online activists who have fought back against things like SOPA, CISPA and the CFAA.”

TechDirt highlights one of the most perturbing suggested amendments includes changing the law such that “conspiring” to commit what might be crimes under the CFAA would amount to actually committing the actual acts:

Section 103 of the proposed bill makes a bunch of “changes” to the CFAA, almost all of which expand the CFAA, rather than limit it. For example, they make a small change to subsection (b) in 18 USC 1030(the CFAA) such that it will now read:

Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided for the completed offense in subsection (c) of this section.

All they did was add the “for the completed offense,” to that sentence. That may seem like a minor change at first, but it would now mean that they can claim that anyone who talked about doing something (“conspires to commit”) that violates the CFAA shall now be punished the same as if they had “completed” the offense. And, considering just how broad the CFAA is, think about how ridiculous that might become.

TechDirt also notes that the proposed bill ratchets up the penalties one can receive for CFAA infractions and makes it easier for the government to seize goods.

The amended legislation would, however, adjust what it means to break the law by “exceeding authorized access” to a computer — this is a small step in the right direction. Via TechDirt:

Under the old CFAA, “accessing a computer without authorization” and “exceeding authorized access” were lumped together as a a form of breaking the law. The new bill keeps the basic terms of accessing a computer without authorization the same and just ever so slightly trims back the “crime” of exceeding authorized access… While it’s good to see them ever so slightly roll back the issue of “exceeding authorized access,” it still seems broad enough that all sorts of activities that shouldn’t be seen as criminal would easily get lumped in here by aggressive prosecutors.

Demand Progress, an advocacy group founded by Aaron Swartz, was swift to condemn the content of the draft bill. “This proposal is a giant leap in the wrong direction and demonstrates a disturbing lack of understanding about computers, the internet and the modern economy.  Already the outdated Consumer Fraud and Abuse Act is used by overzealous lawyers to prosecute routine computer activity. If enacted this proposal could end computer security research in the United States and drive innovation and creativity overseas,” said executive director David Segal.

Direct Link:  http://www.salon.com/2013/03/25/draft_bill_would_make_cfaa_even_worse/

Oct 152012
 

SOPA reincarnates to hold your computer hostage

Summary: We all thought SOPA was dead, but new ransomware claims differently. Want your computer back? You’ll pay the SOPA fee.

ZD Net News
By Charlie Osborne for Zero Day

ICE – Homeland Security Investigations Warning Notice

 

SOPA. The dearly-beloved anti-piracy bill rightfully quashed before it reared its ugly head and became signed into U.S. law. It only took months of worldwide protests, tech media outrage, site blackouts and the occasional satirical video or two.

A huge sigh of relief spread through the technology community when the bill was discarded — at least for the moment. However, enterprising virus developers have piggy-backed on to the fear that copyright infringement and court cases produce for the general public — using the recognizable SOPA branding to lure victims into parting with their hard-earned cash. 

The so-called SOPA cryptovirus which warns users that their IP address is on a copyright infringement blacklist has been discovered. The ‘ransomware’ holds a computer hostage, warning that unless a victim hands over money, data will be wiped. U.S. and Canadian victims have to pay via a MoneyPak prepaid voucher, whereas others have to use Western Union.

Once accused of distributing illegal files, infected users are told they must pay $200 within three days.

 

 

 

soparansom500

 

 

 

The warning screen above says:

If you see a warning.txt or warning screen, it means your IP address was included in S.O.P.A. Black List. One or more of the following items were made from your PC:

1. Downloading or distributing audio or video files protected by Copyright Law.

2. Downloading or distributing illegal content (child porn, phishing software, etc.)

3. Downloading or distributing Software protected by Copyright Law.

As a result of these infringements based on Stop Online Piracy Act (H.R. 3261) your PC and files are now blocked.

 

Of course, ransomware must be ignored. As Sophos’ Naked Security points out, simply searching for “Stop Online Piracy Automatic Protection System Removal” will get your data back, without spending a penny. However, something that surprised them was the inclusion of a decryption test service. Sophos’ Chester Wisniewski says that “If you are willing to mail off one of your encrypted documents with your unique ID number the criminals will decrypt it for you to demonstrate they do in fact possess the keys.”

 

 

In the same way that phishing emails often appeal to a victim’s emotions or expectations of a future event — consider the tax rebate, student loan company mistakes or banking communications we receive on a daily basis — it seems that virus makers are also jumping on the social engineering wagon. In both cases, taking a step back and doing your research online before giving out sensitive information or banking details is always the best course of action.

 

Direct Link:  http://www.zdnet.com/sopa-reincarnates-to-hold-your-computer-hostage-7000005684/

Apr 282012
 

#CISPA, #SOPA, #PIPA and #BigLobbying

Center for Responsive Politics
OpenSecrets.org
By Russ Choma
April 27, 2012
In an era when Republicans and Democrats can agree on almost nothing, one issue in the last three months has been providing common ground: rewriting the rules of the Internet. Privacy and free speech advocates have unleashed a groundswell of outrage as they’ve rushed to rally the public against the measures. But corporate backers of the proposals have fought back hard. 
According to an OpenSecrets.org analysis of the most recent lobbying disclosure information, five of the top ten bills that have been lobbied the most intensely so far this year are Internet-related, and most have bipartisan and industry backing. Major cash is being laid out to push their passage.
The most recent bill to stir things up is the Cyber Intelligence and Sharing Protection Act (CISPA), which would allow private companies to share far more data on users with the federal government in what backers say is an effort to improve cybersecurity. Opponents claim it would severely undermine the privacy rights of many Americans. The bill was passed by the House last night and now faces a tougher battle in the Senate (and the threat of a veto by President Obama).  

A list of companies and organizations that have sent letters of support for the bill to the House Intelligence Committee, where the legislation was created, meshes closely with the list of top lobbying groups so far this year — not to mention groups that lobbied on SOPA and PIPA

For example, AT&T, which sent this letter, spent more money lobbying in the first three months of 2012 than any other single corporation ($7 million, second only to the mega-trade organization Chamber of Commerce, which also lobbied on CISPA though to a lesser extent). The telephone utilities industry as a whole, which includes AT&T and Verizon (which sent this letter) spent $15.3 million in the first quarter of this year, increasing its lobbying expenditures by 35 percent over the previous three months. The total laid out for lobbying by the computer/Internet industry, which includes some of the biggest backers of CISPA, SOPA and PIPA, fell 6 percent in the first quarter — but at $32.1 million, the industry was still the sixth-largest spender on lobbying amont all industries so far in 2012.
It’s hard to assess how much each of these companies spent lobbying Congress specifically on CISPA — or other hot-button Internet bills — because many of these companies have a variety of issues they’re pursuing on Capitol Hill, but are required to report just one dollar amount covering everything. AT&T, for instance, spent its $7 million talking to lawmakers about 121 separate pieces of legislation.
But it’s clear that the lobbying firepower on the other side of the issue is a fraction of what supporters have. One of the most vocal opponents of CISPA is the American Civil Liberties Union – which has spent $507,000 lobbying so far this year, a 28 percent increase from the last three months of 2011. But the group used that money to lobby on 109 different bills, almost as many as AT&T. Another group that has taken a prominent stand against CISPA is the American Library Association, which has spent $54,000 so far this year, spread over 56 different pieces of legislation. 
Another indication of the collective influence of backers of CISPA is the amount of money individuals or PACs affiliated with the organizations have given to key lawmakers on the issue. Last week we reported that the bill’s original sponsor, Mike Rogers (R-Mich.), had received $104,000 from groups that lobbied on the bill. With new campaign finance reports filed since that story, OpenSecrets.org data now shows that Rogers has received at least $175,000 from organizations that have lobbied on the bill. That’s about 15 percent of the total $1.1 million he has reported raising this election cycle. The top two groups: defense contractor SAIC (whose PAC has given Rogers $20,000 this election cycle) and Koch Industries (whose PAC has given Rogers over $14,500.)
Check out all of the donations Rogers has received on our profile of him here, and the entire list of organizations that have lobbied on CISPA here on our profile of the legislation.
Apr 282012
 

The FBI Workaround For Private Companies To Share Information With Law Enforcement Without CISPA

FORBES

Kashmir Hill, Forbes Staff

April 26, 2012

 

 

 

 

A debate is currently raging in Washington, D.C. and various politically-engaged spots on the Internet over CISPA, a bill that promises to increase cybersecurity by giving private companies carte blanche to hand over information about cyberthreats they see on their networks. Lawmakers have seemingly decided the best way to fight cybercriminals is to deputize private industry and let companies with unfettered access to the evidence do the bulk of the detective work involved in outing hackers and breaking up botnet rings. That saves the government the trouble of getting pesky subpoenas and warrants as required by the Constitution and privacy laws.

Opponents worry about all kinds of sensitive information being served up to the government on a silver platter given the legal immunity granted to companies in the bill and the murky definitions of what constitutes a “cyber threat.” What has been left out of the debate thus far, though, is the model that CISPA appears in many ways to be based upon. The FBI has been information-sharing with private industry for over a decade without a bill like CISPA in place.

 

 

The NCFTA “functions as a conduit between private industry and law enforcement.”

(Art from the site)

In 1997, long-time FBI agent Dan Larkin helped set up a non-profit based in Pittsburgh that “functions as a conduit between private industry and law enforcement.” Its industry members, which include banks, ISPs, telcos, credit card companies, pharmaceutical companies, and others can hand over cyberthreat information to the non-profit, called the National Cyber Forensics and Training Alliance (NCFTA), which has a legal agreement with the government that allows it to then hand over info to the FBI. Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTA’s office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI.

“We can bring the pieces of intelligence together so we can see what it really is,” says Larkin of the advantage of bringing security specialists from different sectors together.

NCFTA director Ron Plesco lists off his organization’s purpose rotely: “We do information sharing with three goals: ID the cybercrime threat, share toward mitigation, share toward neutralization of threat.”

As part of a non-profit, Plesco could not comment specifically on CISPA, which would, as currently drafted, allow companies to share much richer and more individualized data directly with the government. “We get network data,” says Plesco. “Not PII (personally identifiable information).”

That means the NCFTA can pass along information, for example, about suspicious servers or IP addresses and content from spear-phishing emails that companies are seeing in their networks, but not the names or addresses of those who appear to be affiliated with the schemes.

“We can share what we see and hear with the government,” said Ron Plesco. “We can share in aggregate, but law enforcement has to develop their cases separately and independently.”

“An FBI agent works with [an NCFTA] analyst to get up to speed,” said agent Eric Strom who has been with the embedded FBI unit since 2006 when it was installed in the NCFTA office.

Inhabiting one floor of a building in Pittsburgh and with just 15 permanent employees, the NCFTA is little-known outside of information security circles, though they have been involved in some controversial operations in the past, including Dark Market. Despite the current uproar over how and why information should be shared with the government, most civil liberty groups I spoke with had never heard of the FBI’s on-going collaboration with private industry.

“We’re not in DC. We’re in Pittsburgh. We’re off the Beltway radar,” says Plesco. “Since we’re a non-profit, we don’t get called in to do briefings on the Hill. We don’t have marketing and PR though we do occasionally get thanked in FBI press releases.”

This happened most recently after Operation Ghost Click, the FBI’s takedown of a $14-million botnet ring run by six Estonians. The Estonians had infected over four million computers with DNS-changing malware that routed their computers to rogue DNS servers allowing the cybercriminals to display ads and send traffic to sites that profited them.

Several FBI agents involved in Ghost Click spoke with me about how information sharing through the NCFTA facilitated that investigation.

 

In 2009, an Internet security company, which the FBI prefers not to have named, saw malware affecting a customer and passed it along to the NCFTA. Soon, they got similar reports from another security researcher and an Internet payments company. “Some researcher sees malware or spam, then it leads to something bigger,” said FBI agent Eric Strom. “It generates intelligence and reporting.”

“For a year before the case started, we were seeing spam emanating from networks that they were able to track back to a company called Rove Digital,” said FBI agent Tom Grasso in a separate interview.

The embedded FBI unit builds an initial case with intelligence from the NCFTA and then refers it out to a field office. Strom says they generated 80 cases in 2011, including Ghost Click and Coreflood (another server seizure case). New York agreed to take the Ghost Click case in 2010.

“Historically, businesses would come to FBI a month or two later, which is a lifetime in the cyberworld, and reveal they’d had a problem,” said Strom. With NCFTA, they’re more likely to pass info along in real time. “This gets the fraud investigators from the different companies talking to each other.”

One of the advantages offered by both CISPA and the NCFTA is that private companies don’t just send information into a governmental black hole; they can get information back from the government about ongoing investigations, because they become partners with them.

Grasso started a mailing list with all the folks who had been tracking the malware activity, so they could continue to share information about what they were seeing on their networks.

“We had bimonthly teleconferences with FBI and private industry folks who would come into the office,” says Grasso. He said they had about 25-30 people at each meeting, including fraud and abuse researchers from private companies. and importantly from ISPs such as Cox, Century Link, Qwest, and Verizon (Correction: Representatives from ISPs were involved at a later stage, during meetings to discuss how to keep victims online after rogue DNS servers were seized). “It was the first time we brought private industry people in like that. These folks were giving up so much intel. We wanted them to know it wasn’t going into a black hole.”

As the New York office got close to taking the ring down through working with law enforcement in Estonia, they realized that people with infected computers would lose Internet access when the FBI seized the rogue servers that were operating out of New York and Chicago. The NCFTA collaboration came in handy again.

“We needed a solution to keep people online,” said Grasso. The malware had changed IP addresses to redirect infected computers to the DNS servers that were about to be seized. “We knew we couldn’t get on people’s computers and change the IP addresses back.”

So the FBI had to arrange for temporary servers so that 500,000 people in the U.S. wouldn’t suddenly lose their Internet service. “Running DNS servers is tricky because you see browser activity,” said Grasso. So they decided the FBI shouldn’t run the servers directly. Instead they had a third party ISP, ICS, run them. “The servers are recording the IP addresses of infected computers and those are being given to ISPs so they can notify users.”

(That ends soon, though, so make sure your computer isn’t infected or you lose service come July.)

Operation Ghost Click earned the NCFTA quiet raves. And quiet is how they like it to be.

 

It’s worth paying some attention now, though, to highlight that CISPA and the idea of information sharing are not a novel approach to cybersecurity.

“Information sharing is already going on,” said Allan Friedman, a technology fellow at the Brookings Institute, who pointed also to ISAC — a sector specific information sharing program set up by Bill Clinton in the 90s. “As we expand it, we need to understand what has failed and what has been successful.”

And to understand that, we perhaps need closer looks and more exposure of information sharing that’s already happening. It’s rather shocking that Congress has not called anyone from the NCFTA to the Hill to testify about how they function and how CISPA would change what they can do, or even make the need for a non-profit to facilitate information handovers obsolete.

 

 

 

MORE STORIES:

 

 

Adrian Kingsley-Hughes  / Contributor
Dave Thier  / Contributor
Larry Downes  / Contributor

Direct Link:  http://www.forbes.com/sites/kashmirhill/2012/04/26/the-fbi-workaround-for-private-companies-to-share-information-with-law-enforcement-without-cispa/

Mar 042012
 

Anonymous, Decentralized and Uncensored File-Sharing is Booming

 

Gizmodo.com

By Ernesto – TorrentFreak

March  4, 2012

 

 

Image via Shutterstock/John David Bigi III

 

The file-sharing landscape is slowly adjusting in response to the continued push for more anti-piracy tools, the final Pirate Bay verdict, and the raids and arrests in the Megaupload case. Faced with uncertainty and drastic changes at file-sharing sites, many users are searching for secure, private and uncensored file-sharing clients. Despite the image its name suggests, RetroShare is one such future-proof client.

The avalanche of negative file-sharing news over the past weeks hasn’t gone unnoticed to users and site operators.

From SOPA to Megaupload, there is a growing uncertainly about the future of sharing.

While many BitTorrent sites and cyberlockers continue to operate as usual, there is a growing group of users who are expanding their horizons to see what other means of sharing are available if the worst case scenario becomes reality.

Anonymous, decentralized and uncensored are the key and most sought-after features. For some this means signing up with a VPN to make their BitTorrent sharing more private, but new clients are also generating interest.

Earlier this month we wrote about Tribler, a decentralized (not anonymous) BitTorrent client that makes torrent sites obsolete. We’ve covered Tribler for more than half a decade, but it was only after our most recent post that it really took off with more than a hundred thousand downloads in a few days.

But there are more file-sharing tools that are specifically built to withstand outside attacks. Some even add anonymity into the mix. RetroShare is such a private and uncensored file-sharing client, and the developers have also noticed a significant boom in users recently.

The RetroShare network allows people to create a private and encrypted file-sharing network. Users add friends by exchanging PGP certificates with people they trust. All the communication is encrypted using OpenSSL and files that are downloaded from strangers always go through a trusted friend.

In other words, it’s a true Darknet and virtually impossible to monitor by outsiders.

RetroShare founder DrBob told us that while the software has been around since 2006, all of a sudden there’s been a surge in downloads. “The interest in RetroShare has massively shot up over the last two months,” he said.

“In January our downloads tripled when interest in SOPA was at its peak. It more than doubled again in February, when cyberlockers disabled sharing or shut down entirely. At the moment we are getting 10 times more downloads than in December 2011.”
RetroShare’s downloads at Sourceforge

 

RetroShare’s founder believes that there is an increased need for security, privacy and freedom among file-sharers, features that are at the core of his application.

“RetroShare is about creating a private space on the Internet. A social collaboration network where you can share anything you want. A space that is free from the prying eyes of governments, corporations and advertisers. This is vitally important as our freedom on the Internet is under increasing threat,” DrBob told TorrentFreak.

“RetroShare is free from censorship: like Facebook banning ‘obscene’ breast-feeding photographs. A network that allows you to use any pseudonym, without insisting on knowing your real name. A network where you will not face the threat of jail, or being banned from entry into a country for an innocent tweet.”

It’s impossible to accurately predict what file-sharing will look like 5 years from now. But, a safe assumption is that anonymity will play a more central role than it ever has.

Recent crackdowns have made operators of central file-sharing sites and services more cautious of copyright infringement. Some even went as far as shutting down voluntarily, like BTjunkie.

In the long run this might drive more casual downloaders to legitimate alternatives, if these are available. Those who keep on sharing could move to smaller communities, darknets, and anonymous connections.

 

Related Stories

 

 

Direct Link:  http://gizmodo.com/5890312/anonymous-decentralized-and-uncensored-file+sharing-is-booming?popular=true