Timesdelhi.com

December 12, 2018
Category archive

Federal Bureau of Investigation

Metacert’ Cryptonite can catch phishing links in your email

in api/apple inc/Artificial Intelligence/Bank of America/ceo/chat room/cryptocurrencies/cybersecurity startup/Delhi/digital audio/e-commerce/Economy/email/ethereum/Federal Bureau of Investigation/Finance/gmail/India/internet culture/iPhone/iTunes/itunes ping/Mac Mail/mobile device/mobile devices/money/Outlook/Paul Walsh/PayPal/Politics/Samsung/slack/social media/TC/Wells Fargo by

Metacert, founded by Paul Walsh, originally began as a way to watch chat rooms for fake Ethereum scams. Walsh, who was an early experimenter in cryptocurrencies, grew frustrated when he saw hackers dumping fake links into chat rooms, resulting in users regularly losing cash to scammers.

Now Walsh has expanded his software to email. A new product built for email will show little green or red shields next to links, confirming that a link is what it appears to be. A fake link would appear red while a real PayPal link, say, would appear green. The plugin works with Apple’s Mail app on the iPhone and is called Cryptonite.

“The system utilizes the MetaCert Protocol infrastructure/registry,” said Walsh. “It contains 10 billion classified URLs. This is at the core of all of MetaCert’s products and services. It’s a single API that’s used to protect over 1 million crypto people on Telegram via a security bot and it’s the same API that powers the integration that turned off phishing for the crypto world in 2017. Even when links are shortened? MetaCert unfurls them until it finds the real destination site, and then checks the Protocol to see if it’s verified, unknown or classified as phishing. It does all this in less that 300ms.”

Walsh is also working on a system to scan for Fake News in the wild using a similar technology to his anti-phishing solution. The company is raising currently and is working on a utility token.

Walsh sees his first customers as enterprise and expects IT shops to implement the software to show employees which links are allowed, i.e. company or partner links, and which ones are bad.

“It’s likely we will approach this top down and bottom up, which is unusual for enterprise security solutions. But ours is an enterprise service that anyone can install on their phone in less than a minute,” he said. “SMEs isn’t typically a target market for email security companies but we believe we can address this massive market with a solution that’s not scary to setup and expensive to support. More research is required though, to see if our hypothesis is right.”

“With MetaCert’s security, training is reduced to a single sentence ‘if it doesn’t have a green shield, assume it’s not safe,” said Walsh.

News Source = techcrunch.com

A simple solution to end the encryption debate

in Atlanta/Column/computer security/computing/crypto wars/cryptography/Cyberwarfare/Delhi/encryption/executive/Federal Bureau of Investigation/India/law enforcement/mobile devices/mobile security/Politics/smartphone/smartphones/Symphony Communications by

Criminals and terrorists, like millions of others, rely on smartphone encryption to protect the information on their mobile devices. But unlike most of us, the data on their phones could endanger lives and pose a great threat to national security.

The challenge for law enforcement, and for us as a society, is how to reconcile the advantages of gaining access to the plans of dangerous individuals with the cost of opening a door to the lives of everyone else. It is the modern manifestation of the age-old conflict between privacy versus security, playing out in our pockets and palms.

One-size-fits all technological solutions, like a manufacturer-built universal backdoor tool for smartphones, likely create more dangers than they prevent. While no solution will be perfect, the best ways to square data access with security concerns require a more nuanced approach that rely on non-technological procedures.

The FBI has increasingly pressed the case that criminals and terrorists use smartphone security measures to avoid detection and investigation, arguing for a technological, cryptographic solution to stop these bad actors from “going dark.” In fact, there are recent reports that the Executive Branch is engaged in discussions to compel manufacturers to build technological tools so law enforcement can read otherwise-encrypted data on smartphones.

But the FBI is also tasked with protecting our nation against cyber threats. Encryption has a critical role in protecting our digital systems against compromises by hackers and thieves. And of course, a centralized data access tool would be a prime target for hackers and criminals. As recent events prove – from the 2016 elections to the recent ransomware attack against government computers in Atlanta – the problem will likely only become worse. Anything that weakens our cyber defenses will only make it more challenging for authorities to balance these “dual mandates” of cybersecurity and law enforcement access.

There is also the problem of internal threats: when they have access to customer data, service providers themselves can misuse or sell it without permission. Once someone’s data is out of their control, they have very limited means to protect it against exploitation. The current, growing scandal around the data harvesting practices on social networking platforms illustrates this risk. Indeed, our company Symphony Communications, a strongly encrypted messaging platform, was formed in the wake of a data misuse scandal by a service provider in the financial services sector.

(Photo by Chip Somodevilla/Getty Images)

So how do we help law enforcement without making data privacy even thornier than it already is? A potential solution is through a non-technological method, sensitive to the needs of all parties involved, that can sometimes solve the tension between government access and data protection while preventing abuse by service providers.

Agreements between some of our clients and the New York State Department of Financial Services (“NYSDFS”), proved popular enough that FBI Director Wray recently pointed to them as a model of “responsible encryption” that solves the problem of “going dark” without compromising robust encryption critical to our nation’s business infrastructure.

The solution requires storage of encryption keys — the codes needed to decrypt data — with third party custodians. Those custodians would not keep these client’s encryption keys. Rather, they give the access tool to clients, and then clients can choose how to use it and to whom they wish to give access. A core component of strong digital security is that a service provider should not have access to client’s unencrypted data nor control over a client’s encryption keys.

The distinction is crucial. This solution is not technological, like backdoor access built by manufacturers or service providers, but a human solution built around customer control.  Such arrangements provide robust protection from criminals hacking the service, but they also prevent customer data harvesting by service providers.

Where clients choose their own custodians, they may subject those custodians to their own, rigorous security requirements. The clients can even split their encryption keys into multiple pieces distributed over different third parties, so that no one custodian can access a client’s data without the cooperation of the others.

This solution protects against hacking and espionage while safeguarding against the misuse of customer content by the service provider. But it is not a model that supports service provider or manufacturer built back doors; our approach keeps the encryption key control in clients’ hands, not ours or the government’s.

A custodial mechanism that utilizes customer-selected third parties is not the answer to every part of the cybersecurity and privacy dilemma. Indeed, it is hard to imagine that this dilemma will submit to a single solution, especially a purely technological one. Our experience shows that reasonable, effective solutions can exist. Technological features are core to such solutions, but just as critical are non-technological considerations. Advancing purely technical answers – no matter how inventive – without working through the checks, balances and risks of implementation would be a mistake.

News Source = techcrunch.com

The United States needs a Department of Cybersecurity

in China/Column/computer security/Congress/cyberattack/cybercrime/Cyberwarfare/Delhi/department of defense/Department of Homeland Security/department of justice/executive/Federal Bureau of Investigation/Government/hacking/India/national security/Politics/Russia/San Francisco/Security/spy/United States/Washington by

This week over 40,000 security professionals will attend RSA in San Francisco to see the latest cyber technologies on display and discuss key issues. No topic will be higher on the agenda than the Russian sponsored hack of the American 2016 election with debate about why the country has done so little to respond and what measures should be taken to deter future attempts at subverting our democracy.

For good reason. There is now clear evidence of Russian interference in the election with Special Counsel Mueller’s 37-page indictment of 13 Russians yet the attack on US sovereignty and stability has gone largely unanswered.  The $120 million set aside by Congress to address the Russian attacks remains unspent. We expelled Russian diplomats but only under international pressure after the poisoning of a former Russian spy and his daughter.

Recent sanctions are unlikely to change the behavior of the Putin administration. To put it bluntly, we have done nothing of substance to address our vulnerability to foreign cyberattacks. Meanwhile, our enemies gain in technological capability, sophistication and impact.

Along with the Russians, the Chinese, North Koreans, Iranians and newly derived nation states use cyber techniques on a daily basis to further their efforts to gain advantage on the geopolitical stage. It is a conscious decision by these governments that a proactive cyber program advances their goals while limiting the United States.

Krisztian Bocsi/Bloomberg via Getty Images

We were once dominant in this realm both technically and with our knowledge and skillsets. That playing field has been leveled and we sit idly by without the will or focus to try and regain the advantage. This is unacceptable, untenable and will ultimately lead to potentially dire consequences.

In March of this year, the US CyberCommand released  a vision paper called “Achieve and Maintain Cyberspace Superiority.” It is a call to action to unleash the country’s cyber warriors to fight  for our national security in concert with all other diplomatic and economic powers available to the United States.

It’s a start but a vision statement is not enough.  Without a proper organizational structure, the United States will never achieve operational excellence in its cyber endeavors.  Today we are organized to fail.  Our capabilities are distributed across so many different parts of the government that they are overwhelmed with bureaucracy, inefficiency and dilution of talent.

The Department of Homeland Security is responsible for national protection including prevention, mitigation and recovery from cyber attacks. The FBI, under the umbrella of the Department of Justice,  has lead responsibility for investigation and enforcement. The Department of Defense, including US CyberCommand, is in charge of national defense.  In addition, each of the various military branches  have their own cyber units. No one who wanted to win would organize a critical  capability in such a distributed and disbursed manner.

How could our law makers know what policy to pass? How do we recruit and train the best of the best in an organization, when it might just be a rotation through a military branch? How can we instantly share knowledge that benefits all when these groups don’t even talk to one another? Our current approach does not and cannot work.

Image courtesy of Colin Anderson

What is needed is a sixteenth branch of the Executive — a Department of Cybersecurity — that  would assemble the country’s best talent and resources to operate under a single umbrella and a single coherent policy.  By uniting our cyber efforts we would make the best use of limited resources and ensure seamless communications across all elements dealing in cyberspace. The department would  act on behalf of the government and the private sector to protect against cyberthreats and, when needed, go on offense.

As with physical defense, sometimes that means diplomacy or sanctions, and sometimes it means executing missions to cripple an enemy’s cyber-operations. We  have the technological capabilities, we have the talent, we know what to do but unless all of this firepower is unified and aimed at the enemy we might as well have nothing.

When a Department of Cybersecurity is discussed in Washington, it is usually rejected because of the number of agencies and departments affected. This is code for loss of budget and personnel. We must rise above turf battles if we are to have a shot at waging an effective cyber war. There are some who have raised concerns about coordination on offensive actions but they can be addressed by a clear chain of command with the Defense Department to avoid the potential of a larger conflict.

We must also not be thrown by comparisons to the Department of Homeland Security and conclude a Cybersecurity department would face the same challenges. DHS was 22 different agencies thrust into one. A Department of Cybersecurity would be built around a common set of skills, people and know-how all working on a common issue and goal. Very different.

Strengthening our cyberdefense is as vital as having a powerful standing army to defend ourselves and our allies. Russia, China and others have invested in their cyberwar capabilities to exploit our systems almost at will.

Counterpunching those efforts requires our own national mandate executed with Cabinet level authority. If we don’t bestow this level of importance to the fight and set ourselves up to win, interference in US elections will not only be repeated …  such acts will seem trivial in comparison to what could and is likely to happen.

News Source = techcrunch.com

Is America’s national security Facebook and Google’s problem?

in AI/alibaba/alibaba group/Amazon/America/Artificial Intelligence/Baidu/Beijing/big data/ceo/China/cloud computing/Column/computing/Congress/Delhi/digital media/Director/electronics/Europe/executive/Facebook/facial recognition/Federal Bureau of Investigation/genomics/Getty-Images/Google/India/Kai-fu Lee/Mark Zuckerberg/Microsoft/New-York-Times/oil/online/Pentagon/Politics/president/Russia/senate/Sinovation Ventures/social media/Technology/Tencent/Trump/Trump administration/United States/Washington DC/world wide web by

Outrage that Facebook made the private data of over 87 million of its U.S. users available to the Trump campaign has stoked fears of big US-based technology companies are tracking our every move and misusing our personal data to manipulate us without adequate transparency, oversight, or regulation.

These legitimate concerns about the privacy threat these companies potentially pose must be balanced by an appreciation of the important role data-optimizing companies like these play in promoting our national security.

In his testimony to the combined US Senate Commerce and Judiciary Committees, Facebook CEO Mark Zuckerberg was not wrong to present his company as a last line of defense in an “ongoing arms race” with Russia and others seeking to spread disinformation and manipulate political and economic systems in the US and around the world.

The vast majority of the two billion Facebook users live outside the United States, Zuckerberg argued, and the US should be thinking of Facebook and other American companies competing with foreign rivals in “strategic and competitive” terms. Although the American public and US political leaders are rightly grappling with critical issues of privacy, we will harm ourselves if we don’t recognize the validity of Zuckerberg’s national security argument.

Facebook CEO and founder Mark Zuckerberg testifies during a US House Committee on Energy and Commerce hearing about Facebook on Capitol Hill in Washington, DC, April 11, 2018. (Photo: SAUL LOEB/AFP/Getty Images)

Examples are everywhere of big tech companies increasingly being seen as a threat. US President Trump has been on a rampage against Amazon, and multiple media outlets have called for the company to be broken up as a monopoly. A recent New York Times article, “The Case Against Google,” argued that Google is stifling competition and innovation and suggested it might be broken up as a monopoly. “It’s time to break up Facebook,” Politico argued, calling Facebook “a deeply untransparent, out-of-control company that encroaches on its users’ privacy, resists regulatory oversight and fails to police known bad actors when they abuse its platform.” US Senator Bill Nelson made a similar point when he asserted during the Senate hearings that “if Facebook and other online companies will not or cannot fix the privacy invasions, then we are going to have to. We, the Congress.”

While many concerns like these are valid, seeing big US technology companies solely in the context of fears about privacy misses the point that these companies play a far broader strategic role in America’s growing geopolitical rivalry with foreign adversaries. And while Russia is rising as a threat in cyberspace, China represents a more powerful and strategic rival in the 21st century tech convergence arms race.

Data is to the 21st century what oil was to the 20th, a key asset for driving wealth, power, and competitiveness. Only companies with access to the best algorithms and the biggest and highest quality data sets will be able to glean the insights and develop the models driving innovation forward. As Facebook’s failure to protect its users’ private information shows, these date pools are both extremely powerful and can be abused. But because countries with the leading AI and pooled data platforms will have the most thriving economies, big technology platforms are playing a more important national security role than ever in our increasingly big data-driven world.

 

BEIJING, CHINA – 2017/07/08: Robots dance for the audience on the expo. On Jul. 8th, Beijing International Consumer electronics Expo was held in Beijing China National Convention Center. (Photo by Zhang Peng/LightRocket via Getty Images)

China, which has set a goal of becoming “the world’s primary AI innovation center” by 2025, occupying “the commanding heights of AI technology” by 2030, and the “global leader” in “comprehensive national strength and international influence” by 2050, understands this. To build a world-beating AI industry, Beijing has kept American tech giants out of the Chinese market for years and stolen their intellectual property while putting massive resources into developing its own strategic technology sectors in close collaboration with national champion companies like Baidu, Alibaba, and Tencent.

Examples of China’s progress are everywhere.

Close to a billion Chinese people use Tencent’s instant communication and cashless platforms. In October 2017, Alibaba announced a three-year investment of $15 billion for developing and integrating AI and cloud-computing technologies that will power the smart cities and smart hospitals of the future. Beijing is investing $9.2 billion in the golden combination of AI and genomics to lead personalized health research to new heights. More ominously, Alibaba is prototyping a new form of ubiquitous surveillance that deploys millions of cameras equipped with facial recognition within testbed cities and another Chinese company, Cloud Walk, is using facial recognition to track individuals’ behaviors and assess their predisposition to commit a crime.

In all of these areas, China is ensuring that individual privacy protections do not get in the way of bringing together the massive data sets Chinese companies will need to lead the world. As Beijing well understands, training technologists, amassing massive high-quality data sets, and accumulating patents are key to competitive and security advantage in the 21st century.

“In the age of AI, a U.S.-China duopoly is not just inevitable, it has already arrived,” said Kai-Fu Lee, founder and CEO of Beijing-based technology investment firm Sinovation Ventures and a former top executive at Microsoft and Google. The United States should absolutely not follow China’s lead and disregard the privacy protections of our citizens. Instead, we must follow Europe’s lead and do significantly more to enhance them. But we also cannot blind ourselves to the critical importance of amassing big data sets for driving innovation, competitiveness, and national power in the future.

UNITED STATES – SEPTEMBER 24: Aerial view of the Pentagon building photographed on Sept. 24, 2017. (Photo By Bill Clark/CQ Roll Call)

In its 2017 unclassified budget, the Pentagon spent about $7.4 billion on AI, big data and cloud-computing, a tiny fraction of America’s overall expenditure on AI. Clearly, winning the future will not be a government activity alone, but there is a big role government can and must play. Even though Google remains the most important AI company in the world, the U.S. still crucially lacks a coordinated national strategy on AI and emerging digital technologies. While the Trump administration has gutted the white house Office of Science and Technology Policy, proposed massive cuts to US science funding, and engaged in a sniping contest with American tech giants, the Chinese government has outlined a “military-civilian integration development strategy” to harness AI to enhance Chinese national power.

FBI Director Christopher Wray correctly pointed out that America has now entered a “whole of society” rivalry with China. If the United States thinks of our technology champions solely within our domestic national framework, we might spur some types of innovation at home while stifling other innovations that big American companies with large teams and big data sets may be better able to realize.

America will be more innovative the more we nurture a healthy ecosystem of big, AI driven companies while also empowering smaller startups and others using blockchain and other technologies to access large and disparate data pools. Because breaking up US technology giants without a sufficient analysis of both the national and international implications of this step could deal a body blow to American prosperity and global power in the 21st century, extreme caution is in order.

America’s largest technology companies cannot and should not be dragooned to participate in America’s growing geopolitical rivalry with China. Based on recent protests by Google employees against the company’s collaboration with the US defense department analyzing military drone footage, perhaps they will not.

But it would be self-defeating for American policymakers to not at least partly consider America’s tech giants in the context of the important role they play in America’s national security. America definitely needs significantly stronger regulation to foster innovation and protect privacy and civil liberties but breaking up America’s tech giants without appreciating the broader role they are serving to strengthen our national competitiveness and security would be a tragic mistake.

News Source = techcrunch.com

Fed up with Facebook, activists find new ways to defend their movements

in Cambridge Analytica/ceo/Column/computing/Congress/Data Mining/Delhi/digital media/Electronic Frontier Foundation/Facebook/facial recognition/Federal Bureau of Investigation/house energy and commerce committee/India/law enforcement/Mark Zuckerberg/Politics/president/social media/social media platforms/social media surveillance/Software/Trump/United States by

In the wake of revelations that the personal information of as many as 87 million Facebook users was used by data analysis firm Cambridge Analytica in 2016 for political purposes, reports indicate Facebook will contribute raw, anonymized data to a new Social Data Initiative via what is described as an independent, transparent and peer–reviewed process.

Will greater data sharing place the information of communities of color at greater risk? Or will making aggregated user data available data better inform our understanding of social media’s impact on society? Caught between these questions are activists of color and the vulnerable communities they represent.

Activists of color weren’t surprised by the Cambridge Analytica revelations. This scandal is only the latest in a string of worrisome disclosures about the use of social media by third parties, from foreign governments and electoral candidates to law enforcement agencies, to spy on the activities of users – especially immigrant, Black and other vulnerable communities.

With half of all U.S. adults already in police facial recognition databases and the 2018 midterm election season upon us, the issue of political data mining feels urgent to Black activists. “We are tracked by data mining companies that have contracts with law enforcement that profile and criminalize us. This works in tandem with designations like ‘Black Identity Extremism’, a made up term by the FBI to attack Black organizers,” said Janaya Khan, a Black Lives Matter activist and organizer with the national civil rights group Color of Change.

A supporter of a handful of protesters from the activist group the Raging Nannies who gathered outside of Facebook to demand greater data protection, Electronic Frontier Foundation Organizer Nathan Sheard, also raised concerns, “Facebook has a responsibility to its users.” He goes on to note that, “By default their [user] info should be kept secure.” Yet user information on Facebook remains extraordinarily vulnerable and far too available to third parties, without the consent of Facebook users.

Congress has joined the chorus of voices seeking answers. Mark Zuckerberg, Facebook Founder and CEO will testify at a joint hearing before the Senate Judiciary and Senate Commerce, Science, and Transportation committees on Tuesday, April 10 at 2:15 pm Eastern time. He’ll be back on Capitol Hill the following day for another hearing before the House Energy and Commerce Committee on Wednesday, April 11, at 10 am ET.

Congress’ failure to protect the data of vulnerable users has created real world fears for immigrant rights activists working tirelessly to protect undocumented families facing a wave of deportation under President Trump. Co-founder and Executive Director of United We Dream, Cristina Jimenez explains, “Our movement is led by undocumented immigrants and people of color, and under Trump we’ve seen our members targeted in phishing attacks online and chased by white supremacists out in the streets.”

These conditions have prompted some to delete Facebook, which must be done skillfully to ensure all personal data has actually been removed. Given that two–thirds of Americans get their news from platforms like Facebook, the likelihood that users will delete the social media giant is low. For others, the call to action is for Congress to pass laws that require greater data protection in order for Facebook to operate in the U.S. — which can take time.

Activists from the movements for Black lives, immigrant rights, Muslim freedom, and others protesting to save their lives, protect their families, or defend their environment and land can’t wait for data protection. These activists and the technologists who support them have come together to create a resource for keeping their accounts secure and to protect their critical work: defendourmovements.org.

Activists like Southwest Organizing Project activist Roberto Roibal are already responding to the site.

The site, which includes a help desk and crowd-sourced knowledge base, was built to provide activists at the greatest risk of surveillance with culturally relevant digital safety tips, tools and support, vetted by technologists that understand and are participants in social movements. Its launch is accompanied by ongoing digital security trainings nationwide. Together, these tools and trainings offer a starting place for securing social movements in an increasingly frightening political environment.

After all, the Cambridge Analytica debacle is far from the first time corporations and government institutions have used Facebook and other social media platforms to spy on the most vulnerable in our society.

Just last month The Intercept reported that the Immigration and Customs Enforcement agency has also been using Facebook to do its “extreme vetting” dirty work, and it’s been confirmed that Russian government officials utilized multiple social media platforms to influence the 2016 election. And in that same year, Facebook, Instagram, and Twitter were forced to update their platforms after providing user’s data to Geofeedia – a social media surveillance company which marketed its tools to police officers nationwide, in order to monitor protesters and activists of color.

The ACLU has outlined immediate steps Facebook should take in response to this latest privacy disclosures, including implementing better auditing procedures and enforcement of its policies for developers, but the fight to preserve our right to resist online will continue regardless. The human rights organization Witness also chimed in with a thoughtful analysis of next steps the company could take.

Beyond the urgent need for digital security, what movement leaders understand is that if they don’t create these tools, no one else will. Activists cannot wait for Facebook and Mark Zuckerberg to change.

Hacker and security specialist Matt Mitchell said, “ All movements have those who secure the fight because they believe in it. They are the ones folks trust, the ones who sacrifice over and over again. They put time and love into the struggle. Belonging is what brings them to this work.  Look, people working for justice and freedom have adversaries who work nine to five to slow things down. We’re being secured 24/7 by our organizing. That’s why we will win.”

We are the ones we’ve been waiting for. In a time when it is hard to tell what’s real and what’s not, digital security grounded in authentic relationships can make all the difference.

Learn more at DefendOurMovements.org or mediajustice.org

News Source = techcrunch.com

Go to Top