Saturday, December 4, 2010

26th Nov 10 Security round up of the week that was

Dangers of Social Networking

A news report blamed Face book and Twitter for 1 in 5 divorces in US as there is a spike in the number of cases that use tweets, posts, pictures from these sites as evidence against cheating. Privacy in social networks has always been a concern given inadequate privacy settings, technical glitches and advertising interests. Increasingly with over 500 million users social networking sites are a defacto social meeting place, so much so that dating activity on dating sites has started to drop.

Recommendation: - Limit information on social networks and ensure that privacy settings are set knowingly. Social networks are safe if used carefully.

Speaking of dating, there is always a hidden danger in a face to face meeting with a person you met online. The outcome may always be risky as the anonymity behind social networks mask criminals and antisocial elements behind plagiarized images of pretty faces. In two separate instances these turned perilous when boys who went for face to face meetings with girls they met online, ended up in the clutches of criminals. One boy was drugged, robbed of all valuables and end up in an intensive care unit and the other robbed and beaten severely.

Recommendation: - Online chatting though it may seem harmless can result in physical dangers during face to face contact. Teenagers are most susceptible. Such contact may also result in cyber harassment, blackmail and bullying. Social networks are safe if used carefully.

Loose Talk

Talking in the GYM has become life threatening. Conversations between groups of Builders and Jewelers in a Mumbai GYM were reportedly picked up by the underworld through a network of GYM Trainers who listened in. The underworld issued extortion demands, which if not met, resulted in physical threats, intimidation through random firing outside builder’s offices or in some cases assassination.

Recommendation: Ensure that confidential matters are discussed in closed rooms and not open places. One does not know who maybe listening. Tone down any tendency to be loud on phones or to discuss confidential issues in public places

Legal Interception and Privacy

In the Indian 2G Telecom scam, spectrum was allegedly sold to unqualified buyers at a low price resulting in an enormous loss to the exchequer. Taped conversations between a political lobbyist and industrialists, media and politicians intercepted by investigators were released on You Tube and via the media. Out of 5000 recordings a newspaper report stated 104 were out in public. The recordings damaged the reputation of top industrialists, telecom firms, journalists and politicians as many conversations leaked were unrelated to the scam. .
The interception of the lobbyist’s phone calls was legally done by the investigation body under Section 5 of the Indian Telegraph Act. But several questions arise.
• How did these leaks occur?
• Did they occur through the investigation agency or the service provider where the calls were intercepted?
• Were the conversation leaked to fuel media pressure or to damage the reputation of firms and its senior employees?
• Are our procedures for protecting intercepted information adequate or in need of an overhaul?
• Do we have a process for background checks of people doing the interceptions?
• How limited is the role of the telecom service provider given the lack of technical knowhow on the systems used for interception by the investigators?
• Are there third parties other than the investigators and service provider who may have access to these tapes?
A leading industrialist has filed a plea for privacy in the Supreme Court and investigations are on into the source of the leaks. I hope that we have enforcement of laws that punishes such acts in India.

Recommendation: - Phone conversations may not be as secure as one imagines them to be. Increasingly new technology is being made available where hackers can intercept calls over the air. The protocols used by GSM networks are old and proprietary.

WikiLeaks – The Saga continues

Julian Assange is on the run. Equipped with a laptop and a cell connection he continues to manage his Wikileaks empire even with an Interpol Red Alert on him, and a massive site denial of service attack by Jester, a so called political hacker. This has not stopped the distribution of a new round of documents on US policy. Amazon the cloud based service provider which hosted WikiLeaks has taken down the site from its US servers, perhaps under pressure from the government to curb distribution.
A CNN news statement titled, “Government Agencies warn employees not to look at WikiLeaks” stated that the White House Office of Management and Budget sent a memo Friday afternoon forbidding federal government employees and contractors from accessing classified documents publicly available on WikiLeaks and other websites using computers or devices like BlackBerrys and smart phones. The memo, explains that the publishing by WikiLeaks does "not alter the documents' classified status or automatically result in declassification of the documents.

Speak about closing the coop once the birds have flown.

Recommendation: The US and perhaps other governments are vigorously attempting to curb the leaks. In today’s Internet age, even with vast resources at their disposal, shutting up WikiLeaks has not been successful. Governments will need to enhance their information classification policies and back them up with technical security controls to prevent leaks occurring rather than control them later. I trust this incident does not affect Internet free speech and give added impetuous to governments imposing regulations on its use.

A biography from Julian will be a best seller or a sensational movie.

Read my earlier blog post debating the ethical angle of hacktivism

No comments:

Post a Comment