Welcome to Bennett's Study

From the Author of No Land an Island and Unconscionable

Pondering Alphabetic SOLUTIONS: Peace, Politics, Public Affairs, People Relations

http://www.bennettponderingpeacepoliticssolutions.com/

http://www.bennettponderingpeacepoliticssolutions.com/author/

http://www.bennettponderingpeacepoliticssolutions.com/buy/

UNCONSCIONABLE: http://www.unconscionableusforeignrelations.com/ http://www.unconscionableusforeignrelations.com/author/ http://www.unconscionableusforeignrelations.com/book/ http://www.unconscionableusforeignrelations.com/excerpt/ http://www.unconscionableusforeignrelations.com/contact/ http://www.unconscionableusforeignrelations.com/buy/ SearchTerm=Carolyn+LaDelle+Bennett http://www2.xlibris.com/books/webimages/wd/113472/buy.htm http://www.prweb.com/releases/2014/08UNCONSCIONABLE/prweb12131656.htm http://bookstore.xlibris.com/AdvancedSearch/Default.aspx? http://bookstore.xlibris.com/Products/SKU-000757788/UNCONSCIONABLE.aspx

http://todaysinsight.blogspot.com

Saturday, May 4, 2013

Spying commercialized grows globally threatening activists, dissidents, everybody everywhere

“Technology can work for us [and] happen to us” says Morgan Marquis-Boire
Excerpt, minor edit by Carolyn Bennett

Critical issue: Secreted surveillance

When targeted surveillance is opaque and technological capabilities remain secret, citizens lack the knowledge to fully comprehend the scope and nature of surveillance and lack the ability to challenge it, say the authors of For Their Eyes Only: The Commercialization of Digital Spying.

Report’s authors 
MarCzack
and
Marquis-Boire
Morgan Marquis-Boire (a Security Researcher and Technical Advisor at the Citizen Lab, Munk School of Global Affairs, University of Toronto, working as a Security Engineer at Google specializing in Incident Response, Forensics and Malware Analysis; and serving as a Special Advisor to Google Ideas). 
With Bill MarCzack (a Computer Science Ph.D. student at UC Berkeley, a founding member of Bahrain Watch, a monitoring and advocacy group that seeks to promote effective, accountable, and transparent governance in Bahrain through research and evidence-based activism). 
Claudio GUArnieri (a security researcher at Rapid7, specialized in tracking, dissecting and understanding malware and botnets, also working with and a core member of the non-profit organizations The Honeynet Project and The Shadowserver Foundation; and develops Cuckoo Sandbox and other open source projects). 
John Scott –Railton (a Citizen Lab Fellow conducting research on electronic attacks in MENA, co-developer of the Voices Projects to support the free and secure flow of information from Egypt and Libya during the Arab Spring; his dissertation at UCLA focused on the human security implications of climate change adaptation failure in West Africa).
Their report
  
F
or Their Eyes Only: The Commercialization of Digital Spying “is one of the first extended projects attempting to map out the nature of commercial surveillance software. The work “opens a window into this space, but it remains crucial that the nature and impact of the commercial surveillance market be better understood,” says Morgan Marquis-Boire. “Technical research in this field has only just begun, but it is already clear that the stakes are high.

“The proliferation of increasingly powerful commercial surveillance tools has serious implications not just for dissidents and activists, but for all of us, no matter our citizenship.

Cover of darkness 

“There is extremely limited candor from companies about the nature and scope of the due-diligence performed when sales are contemplated.

“In what has been referred to as ‘permissive’ standard, companies have sometimes stated that they will only sell to states that are not on official blacklists established by the European Union or the United States.

They have been similarly opaque about what actions, if any, they have taken as a consequence of the cases in countries like Morocco, Bahrain, and the UAE where there is strong evidence the tools are being abused.

Intrusion, malware
 
“…While hacking as a means of data-gathering has existed since the inception of the Internet, in the last few years as lawful interception products have grown, so has an industry that provides commercial intrusion and malware.… Once a boutique capability possessed by few nation states, Morgan Marquis-Boire continues:

…commercial intrusion and monitoring tools are now being sold globally for dictator pocket change.

While this technology is frequently marketed as lawful intercept capability, in countries where criminal activity is broadly defined or where dissent is criminalized, these tools are used as a mechanism for repression.

The concept of ‘lawful interception’ does not apply in countries where the rule of law is absent.

With the increased ability of regimes to purchase advanced surveillance capabilities from ‘Western countries,’ this technology has been used to target activists, journalists, dissidents and human rights workers.

An investigation uncovering the use of ‘governmental IT intrusion’ software against a group of Middle Eastern activists last year has grown into a body of research displaying the ubiquity of commercialized surveillance software.

“While there are undoubtedly legitimate uses for targeted surveillance, historical abuses of secret surveillance are manifold.

“When such activity is opaque and technological capabilities remain secret, citizens lack the knowledge to fully comprehend the scope and nature of surveillance and hence lack ability to challenge it.

“Technology can work for us,” Morgan Marquis-Boire writes, “but it can also happen to us.”

FINDINGS

The reported findings of Citizen Lab and Canada Centre for Global Security (Security Studies Munk School of Global Affairs, University of Toronto) were these.

FinSpy Command and Control servers were operating in countries scanned: two servers in Brunei, one in Turkmenistan’s Ministry of Communications, two in Singapore, one in the Netherlands, a new server in Indonesia, and a new server in Bahrain.

Partial replication of earlier findings in a Rapid7 analysis, which reported finding FinSpy Command and Control servers in ten countries: Indonesia, Australia, Qatar, Ethiopia, Czech Republic, Estonia, USA, Mongolia, Latvia, and the UAE; Citizen Lab’s scan  confirmed the presence of FinSpy on all of the servers reported by Rapid7 that were still available to be scanned: FinSpy servers in Indonesia, Ethiopia, USA, Mongolia, and the UAE confirmed; remaining servers were down at time of scanning; the server in the USA appeared to be an IP-layer proxy (e.g., in the style of Network Address Translation)

Citizen Lab
Munk School of Global Affairs
University of Toronto
RECOMMENDATIONS

Citizen Lab recommends that all users run Anti-Virus software, promptly apply (legitimate) updates when they become available, use screen locks, passwords and device encryption (when available).

Do not run untrusted applications and do not allow third parties access to mobile devices.


A
s technology “can … happen to us,” Morgan Marquis-Boire’s hope, as the result of this research, he says, is that it “will help us make an informed decision about what is happening.”



Sources and notes

“For Their Eyes Only: The Commercialization Of Digital Spying” by Morgan Marquis-Boire (a Security Researcher and Technical Advisor at the Citizen Lab, Munk School of Global Affairs, University of Toronto, working as a Security Engineer at Google specializing in Incident Response, Forensics and Malware Analysis; and serving as a Special Advisor to Google Ideas). [Citizen Lab and Canada Centre for Global Security, Security Studies Munk School of Global Affairs, University of Toronto, Wednesday, May 1, 2013], https://citizenlab.org/for-their-eyes-only; Licensed under Creative Commons Attribution 2.0

WITH

Bill MarCzack (a Computer Science Ph.D. student at UC Berkeley, a founding member of Bahrain Watch, a monitoring and advocacy group that seeks to promote effective, accountable, and transparent governance in Bahrain through research and evidence-based activism).

Claudio GUArnieri (a security researcher at Rapid7, specialized in tracking, dissecting and understanding malware and botnets, also working with and a core member of the non-profit organizations The Honeynet Project and The Shadowserver Foundation; and develops Cuckoo Sandbox and other open source projects).

John Scott –Railton (a Citizen Lab Fellow conducting research on electronic attacks in MENA, co-developer of the Voices Projects to support the free and secure flow of information from Egypt and Libya during the Arab Spring; his dissertation at UCLA focused on the human security implications of climate change adaptation failure in West Africa).

https://citizenlab.org/storage/finfisher/final/fortheireyesonly.pdf

ACM TechNews ─ “Software Meant to Fight Crime Is Used to Spy on Dissidents,” by The New York Times, August 31, 2012, http://cacm.acm.org/news/154827-software-meant-to-fight-crime-is-used-to-spy-on-dissidents/fulltext

 “Government-operated spyware on the rise around the world – report,” May 03, 2013 19:51,
http://rt.com/news/citizen-lab-finfisher-wikileaks-spyware-788/

Ref: Gamma Group Finfisher IT intrusion; Citizen Lab; Mozilla Foundation


__________________________________________

Bennett's books are available in New York State independent bookstores: Lift Bridge Bookshop: www.liftbridgebooks.com [Brockport, NY]; Sundance Books: http://www.sundancebooks.com/main.html [Geneseo, NY]; Mood Makers Books: www.moodmakersbooks.com [City of Rochester, NY]; Dog Ears Bookstore and Literary Arts Center: www.enlightenthedog.org/ [Buffalo, NY]; Burlingham Books – ‘Your Local Chapter’: http://burlinghambooks.com/ [Perry, NY 14530]; The Bookworm: http://www.eabookworm.com/ [East Aurora, NY] • See also: World Pulse: Global Issues through the eyes of Women: http://www.worldpulse.com/ http://www.worldpulse.com/pulsewire http://www.facebook.com/#!/bennetts2ndstudy

__________________________________________

1 comment: