The National Police Agency in Japan is apparently asking ISPs in that country to “voluntarily” block the use of Tor, the well-known and widely used system for anonymously surfing the internet.
An expert panel to the NPA, which was looking into measures to combat crimes abusing the Tor system, compiled a report on April 18 stating that blocking online communications at the discretion of site administrators will be effective in preventing such crimes. Based on the recommendation, the NPA will urge the Internet provider industry and other entities to make voluntary efforts to that effect.
This is an extreme and dangerous overreaction. Yes, some people abuse the anonymity of Tor to do illegal things. Just as some people abuse the anonymity of cash to do bad things. But we don’t then outlaw cash because of this. There are many, many reasons why people have good reason to seek out an anonymizing tool like Tor to protect their identity. What if they’re whistle blowing on organized crime or corruption (say) in the police force? As for the fear that it’s being used for criminal activity, that doesn’t mean that police cannot identify them through other means. We’ve seen time and time again people leave digital tracks in other ways when they’re committing crimes. Yes, it makes life more difficult for police, and it means they have to do actual detective work, but that’s what their job is.
Since the beginning of the cybersecurity FUDgasm from Congress, we’ve been asking for proof of the actual problem. All we get are stories about how airplanes might fall from the sky, but not a single, actual example of any serious problem. Recently, some of the rhetoric shifted to how it wasn’t necessarily planes falling from the sky but Chinese hackers eating away at our livelihoods by hacking into computers to get our secrets and destroy our economy. Today, Congress is debating CISPA (in secret) based on this assumption. There’s just one problem: it’s still not true.
The 27 largest companies have now admitted to the SEC that cyberattacks are basically meaningless and have done little to no damage.
The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen.
MetLife Inc., Coca-Cola Co. (KO), and Honeywell International Inc. were among the 100 largest U.S. companies by revenue to disclose online attacks in recent filings with the Securities and Exchange Commission, according to data compiled by Bloomberg. Citigroup Inc. (C) reported “limited losses” while the others said there was no material impact.
So what’s this all really about? It goes back to what we said from the very, very beginning. This is all FUD, engineered by defense contractors looking for a new way to charge the government tons of money, combined with a willing government who sees this as an opportunity to further take away the public’s privacy by claiming that it needs to see into corporate networks to prevent these attacks.
If this was a real problem, wouldn’t we see at least some evidence?
It’s not looking good for the Snooping Bill. The legislation is currently being re-written after serious concerns were raised with the first draft, but I’ve got hold of a letter from privacy campaigners which accuses the government of failing to hold the public consultation that was one of the conditions laid down in the damning report that killed off the first draft. The letter, from Big Brother Watch, Liberty, Open Rights Group and Privacy International, expresses fears that meetings between the organisations and Home Office ministers could be used as evidence that ministers have been consulting on the new legislation. It says…
Ben Hammersley, a Number 10 adviser to the Tech City project, said the draft Communications Data Bill could be turned from a force for good into something more sinister under future governments.
The main aim of the Bill is to give security services like MI5 and GCHQ the ability to monitor email traffic, without actually looking at its content.
However, it is currently being revised after a committee of MPs and peers raised privacy concerns about the bill’s intrusion into people’s lives.
Asked for his views on the new laws, Mr Hammersley said the consequences could be “disastrous” in an interview with Tank magazine.
“I don’t trust future governments,” he said. “The successors of the politicians who put this in place might not be trustworthy.
Three engineers made an app for the ‘Íslendingabók’ database. People can now easily, and on the go, look up how they are related to other Icelanders. And a precious feature, using the bump technology, allows people that meet to just bump their phones together, to instantly see if they are too related to take things any further. The engineers’ slogan for this feature was: "Bump the app before you bump in bed".
From discussion with friends, an extract:
If the definition or example that somehow APT is a ‘newer, better and prolonged method of attack and stealth to obtain the crown jewels’ then what was Kevin Mitnick’s attack on Sun Microsystems?
It’s because Mitnick was an American – not “a Red” – and the net was not infrastructure back then.
In short: since the threat model has moved on from “Commies” now, APT is essentially a racist/jingoistic term for “foreign hacker who is other than us”.
My friend Jon Care says that ‘cloud’ is an irregular noun:
- I have a Private Cloud
- You have a Botnet
- They have a Cyberwarfare Capability / Cyberweapon
…and I am basically thinking that APT is the equivalent third term for government pentester - the second being the eternally-slightly-tarnished Hacker, of course.
ps: obligatory tip for decyber
Under pressure, Defense Secretary Chuck Hagel has canceled the creation of a new military medal for drone operators and cyberwarriors, instead ordering military leaders to develop a pin or device that would be attached to existing medals or ribbons. Mr. Hagel’s predecessor, Leon E. Panetta, created the Distinguished Warfare Medal for service members like drone operators and cyberwarriors who have a major effect on a military operation but never set foot in the combat zone. Some veterans and lawmakers complained that it should not be ranked higher than traditional combat medals like the Bronze Star. On Monday, Mr. Hagel said that while those troops’ achievements should be recognized, the award should not be a stand-alone medal.
Normality is being gradually restored.