Archive for the ‘Miscellaneous’ Category

Microsoft has managed to do what a roomful of secretive, three-letter government agencies have wanted to do for years: get the whistleblowing, government-document sharing site Cryptome shut down.

Microsoft dropped a DMCA notice alleging copyright infringement on Cryptome’s proprietor John Young on Tuesday after he posted a Microsoft surveillance compliance document that the company gives to law enforcement agents seeking information on Microsoft users. Young filed a counterclaim on Wednesday — arguing he had a fair use to publishing the document, a full day before the Thursday deadline set by his hosting provider, Network Solutions.

Regardless, Cryptome was shut down by Network Solutions and its domain name locked on Wednesday — shuttering a site that thumbed its nose at the government since 1996 — posting thousands of documents that the feds would prefer never saw the light of day.

Microsoft did not return a call for comment by press time.

The 22-page document (.pdf) contains no trade secrets, but will tell Microsoft users things they didn’t know. (You can read it directly on your own computer from the above link, or read it inline below.)

For instance, Xbox Live records every IP address you ever use to login and stores them for perpetuity. While that’s going to be creepy for some, there’s an upside if your house gets robbed, according to the document: “If your investigation involves a stolen Xbox console, if the console serial number or Xbox LIVE user gamertag is provided and the console has been connected to the Internet, IP connection records may be available.”

The Microsoft® Online Services Global Criminal Compliance Handbook (.pdf) also goes so far as to provide sample language for subpoenas and diagrams on how to understand server logs.

Other things you might not know and which Microsoft (sometimes oddly) doesn’t want you to know?

Microsoft retains only the last 10 login records for Windows Live ID. As for your instant messages, it tells police that it keeps no record of what anyone says over Microsoft Messenger - though it will turn over who is on your buddy list.

And if you like to use Microsoft’s social networking products — like its old-school Group mailing list or its Facebook-like Spaces product, be aware that it’s very social when it comes to law enforcement or court subpoenas.

As Microsoft tells potential subpoenaees, “when you are looking for information on a specific incident like a photo posting or message posting, please request all group content and logs. We cannot retrieve single incident data.” The same holds for Spaces — if you are interested in a single picture, just request the entire thing. Call it Subpoena 2.0.

The compliance handbook is just the latest in a series of leaks of similar documents from other companies. Yahoo, like Microsoft, reacted as if its secret sauce had somehow been spilled by letting curious users know the hows and whys of how the companies deal with lawful surveillance requests. Google, for all its crusading for internet freedom, refuses to say how often law enforcement comes searching for user data.

The one company who has had a stand-up policy for years is the Cox Communications’ ISP, which has had this information and their price list public for years.

But hypocrisy is the name of the game for giant internet companies like Yahoo, Microsoft and Google that want us to entrust large portions of our lives to Gmail, Yahoo Mail, Buzz, Xbox, Hotmail, Messenger, Google Groups. When it comes to the most basic information about how, why and how often our data is subpoenaed and collected without our knowledge, these online innovators resort to lawyers, abusive legal process and double-talk.

Photo: Emma Swann

See Also:

• Yahoo, Verizon: Our Spy Capabilities Would ‘Shock’, ‘Confuse …
• Yahoo Issues Takedown Notice for Spying Price List
• Google Talks Transparency, But Hides Surveillance Stats

A federal grand jury is indicting two Southern California men accused of using peer-to-peer file sharing software to hijack unsuspecting victims’ money, including paychecks from five Department of Defense employees.

The defendants, San Diego federal prosecutors say, from 2005 and 2006 accessed the passwords and repeatedly logged into a DOD online payroll system known as “DFAS MyPay” to redirect paychecks to prepaid credit cards – about $20,000 in all. The accused obtained the passwords after the victims erroneously made them available on peer-to-peer networks, including Limewire and Bearshare.

Tuesday’s unsealed indictments charge Jeffrey Girandola and Kajohn Phommavong, both of whom remain jailed pending their next court appearance, expected in January. Girandola is in San Diego County Jail pending unrelated, state identity theft charges, the authorities said.

The victims’ identities were not disclosed.

The duo is charged with conspiracy, computer fraud, access device fraud and identity theft. (.pdf)

Photo: TW Collins

See Also:

• Supreme Court: Feds Abusing Identity Theft Law
• Stolen Wallets, Not Hacks, Cause the Most ID Theft? Debunked
• U.S. Identity Theft Convictions Increase 26 Percent, Feds Say …
• Startup Plans to Solve Online Identity Theft, But Does Anyone Care?
• Feds Swoop In on Nationwide Pickpocket, I.D. Theft Ring
• Judge Rules LifeLock's Fraud Alert Service Illegal
• The Pros and Cons of LifeLock

Office Space actor Ron Livingston has filed a lawsuit against an anonymous Wikipedia editor for repeatedly altering his entry on the free encyclopedia to claim Livingston is gay.

Livingston suspects the same vandal of posing as the actor in a phony Facebook profile.

Neither Facebook nor Wikipedia are named in the suit. Under the Communications Decency Act, such sites enjoy immunity from most types of lawsuits stemming from the actions of their users.

Actor Ron Livingston is not amused he is being called gay on Facebook and Wikipedia

But that does not mean the anonymous person or persons who wrote the allegedly defamatory statements are immune from being outed and hauled into court.

Livingston’s lawsuit against “John Doe” will likely give him the power to subpoena Wikipedia and Facebook to find out the real perpetrator or perpetrators.

The most recent high-profile outing of an anonymous writer came in April, when the identity of the author of the “Skanks in NYC” blog was unmasked after calling model Liskula Cohen a “psychotic, lying, whoring… skank.”

The Livingston lawsuit claims the anonymous Wikipedia editor is guilty of “despicable acts.” The suit alleges libel, invasion of privacy and, among other things, breach of publicity rights.

The Wikipedia entry, for example, says the 42-year-old Livingston was married Nov. 2 to Rosemarie Dewitt “although he is gay and officially confermed (sic) it in TMZ he is gay and darn proud.”

Continue Reading “Office Space Actor Sues Anonymous Wikipedia Vandal” »

Federal prosecutions of criminal counterfeiting and copyright infringement cases have jumped over the past five years, as have IP-related prison terms, according to a Justice Department report.

The congressionally required report reviewed dozens of cases involving counterfeited pharmaceutical drugs, toothpaste, oil pipeline couplings, sports jerseys, DVDs and software. Movie camcording was also included.

The increases in sentences and prosecutions came even though one-third fewer IP cases were referred to federal authorities for prosecution (.pdf). There were 565 referrals in 2004 and 365 in 2008, the last year for which figures were compiled, according to data compiled in The PRO-IP ACT First Annual Report 2008-2009.

Continue Reading “Feds Prosecuting More Counterfeiters, IP Pirates” »

The federal court system charged the Department of Justice more than $4 million in 2009 for access to its electronic court filing system, which is composed entirely of documents in the public domain.

That’s according to government documents made public through a Freedom of Information Act request by open government advocate Carl Malamud (pictured right). Malamud sought the information to prove that an open source repository of U.S. legal materials — a project called Law.gov — could eventually save the government a billion dollars.

The Administrative Office of the U.S. Courts runs the search system known as Public Access to Court Electronic Records, or PACER. PACER charges citizens, journalists, corporate lawyers and even the Attorney General $.08 per page to look at court filings in U.S. District Courts. The system pulled in nearly $50 million in 2006. The contract between the PACER office and the Justice Department began in 2002 with a charge of $800,000, which quickly rose to more than $4.2 million in 2009.

PACER is a buggy, barebones system with an interface seemingly designed in 1995. Though all the court documents it indexes are in the public record, the U.S. Court system refuses to make them available for bulk download. PACER also does not cover tax courts or the Supreme Court. (Disclosure: Wired.com nurtures a hefty PACER bill).

To cover the gaps, the Justice Department paid West Publishing, a giant legal publisher, $5 million in 2005. That contract promised the DOJ online access to the opinions of the Supreme Court, tax courts records, appeals court decisions and bankruptcy court. Also covered were state laws and court rules, the Congressional record, the U.S. code and federal public laws.

West, and its competitor, Lexis Nexis, buy court data in bulk, reformat it and add proprietary citation codes. They then license the database of public documents at high rates to libraries, law firms and government agencies. Even the U.S. Court system pays West’s high license fees to access public court documents that West purchased from it.

The Justice Department isn’t alone in paying for access to court documents for PACER. In fact, it seems to be standard operating policy. The IRS, for example, spent $950,000 in 2008 (.pdf) to see the same documents.

Continue Reading “DOJ Pays $4M a Year to Read Public Court Documents” »

The document-leaking site Wikileaks says it’s preparing to release 500,000 intercepted wireless pager messages from a 24-hour period encompassing the September 11, 2001 terrorist attacks.

Site operators say they plan to start rolling out the texts beginning at 3:00 a.m. New York time, paced to display as they were broadcast at the corresponding time on September 11, 2001. American Airlines Flight 11 crashed into the World Trade Center’s North Tower at 8:46 a.m., and United Airlines Flight 175 hit the South Tower 17 minutes later.

“Text pagers are mostly carried by persons operating in an official capacity,” reads the description on the site. “Messages in the archive range from Pentagon and New York Police Department exchanges, to computers reporting faults to their operators as the World Trade Center collapsed.”

A sample of the alphanumeric pages appeared on the site Tuesday night.

Continue Reading “Wikileaks Says It Has Half-a-Million 9/11 Pager Messages” »

Federal authorities can resume combing through the notebooks, memory cards and computers of a twittering anarchist being investigated for violating an anti-rioting law, a federal judge in Brooklyn ruled Monday.

U.S. district court judge Dora L. Irizzary found no reason to throw out the government’s search of the home of a 41-year old social worker who used the micro-publishing service Twitter to help anti-globalization protestors at the recent G-20 convention, clearing the way for the feds to look through the evidence they collected. Madison and his attorney sought to have his possessions returned unexamined, on the grounds the search violated his constitutional rights to free speech.

The Joint Terrorism Task Force raided Elliott Madison’s house in a dawn raid on October 1, seizing myriad computers, unpublished manuscripts, phones and books from the social worker, his urban planner wife and his housemates. The materials were seized as evidence in a federal grand jury investigation of whether Madison violated a rarely-used federal statute that makes it a crime to help rioters.

Madison, an anarchist and prolific writer, seems to have drawn the attention of New York’s U.S. Attorney’s office after he was arrested in a Pittsburgh motel room on September 24 for legally listening to a police scanner and then tweeting the information. During the G-20 summit, heavily armed police officers reacted to the anti-globalization protesters with tear gas, sonic weapons, rubber bullets and mass arrests. Madison was in jail during the height of the confrontation, charged with criminal use of a communication facility.

When protesters in Iran similarly used Twitter to organize anti-government rallies, the U.S. State Department hailed the micro-blogging service as a boon to democracy.

Continue Reading “Fed’s Search of Twittering Anarchist Upheld” »

California Governor Arnold Schwarzenegger is ticked off.

He’s tired of signing bills that don’t address the pet causes he deems important. So when another unworthy bill crossed his desk recently for signing — addressing funding issues for the Port of San Francisco — the guv vetoed it and sent lawmakers a little note saying why. Only the note said a little more than lawmakers were expecting.

Buried in the text was a hidden message directed at State Assemblyman Tom Ammiano, author of the bill, according to the San Francisco Bay Guardian.

Ammiano had strongly criticized the governor in early October and reportedly told Schwarzenegger at the time to “kiss my gay ass.” Schwarzenegger’s veto letter, issued a couple of days later, reads:

Missed the hidden code? The Bay Guardian has helpfully picked it out:

When asked by the Guardian if the message was intentional, Schwarzenegger’s spokesman said only, “what a strange coincidence.” The paper noted that he was “clearly being sarcastic.”

A spokesman for the governor told Threat Level that he’d been receiving a number of calls about the letter and hadn’t yet decided whether they were going to release a statement about it.

UPDATE 6:15 PST: The governor’s office decided it would make a statement, of sorts, after all. Spokesman Aaron McLear told Threat Level the hidden message was just “a strange coincidence,” repeating the response given to the Bay Guardian. He added that the governor’s office had written other letters that also had hidden words spelled out in them. When asked for examples of what was spelled out in those letters, he replied “soap,” “poet,” “ear.”

“When you do so many veto messages that’s bound to happen,” he said.

He promised to send examples of those other letters.

Remember when the global economic crisis was supposed to drive legions of desperate, unemployed computer programmers into cybercrime? It turns out the real threat comes from unemployed advertising agents.

Scammers posing as the well-known ad agency Spark-SMG tricked Gawker Media into running a fake Suzuki ad last week that served malicious code, according to a report in Silicon Alley Insider. A similar scam hit the New York Times in September. Unlike the newspaper, Gawker has released the e-mails it exchanged with the scammers, and the messages show just how confidently the perps navigated the ad-buy process.

“We are only interested in standard IAB banner sizes right now as that’s what we have sign off for,” wrote fake person George Delarosa, at one point in the negotiations. “Please whip up a proposal and let’s try and get a rush on getting something going as we are in need of some major imps by the end of the month as we are under-delivering on our monthly impression levels for September.”

I’d rather voluntarily install the malware then read that paragraph again. But it does show that the scamsters — who are probably behind the Times attack as well — know exactly what they’re doing. In addition to the authentic prose, the crooks backed their play with a working phone number in a Chicago area code, where the real Spark is based, and a copycat domain name.

“Whoever it is definitely worked in online ad sales at some point ,” an anonymous Gawker salesperson wrote the Insider.

Continue Reading “Cybercrooks Trick Gawker Into Serving Malware-Laced Ad” »

The Nuclear Regulatory Commission is asking the operators of America’s 66 nuclear power plants to voluntarily upgrade the on-site monitoring systems that report plant conditions to the government.

That upgrade to the 16-year-old Emergency Response Data System? Replacing telephone dial-up modems with VPN appliances.

The Emergency Response Data System probably doesn't use acoustic couplers.

“Licensees currently use analog modulator/demodulators (modems) to establish point-to-point data connections,” the NRC wrote in a memo (.pdf) to plant operators late last month. “Although this technology was state of the art when ERDS was first implemented, it is now obsolete, and replacement equipment is no longer available.”

The NRC notes several advantages to doing away with dial-up. For one, in a crisis all the plants could report data to the NRC’s Maryland headquarters simultaneously, without the hassle of busy signals. In addition, “The use of modems inherently introduces cyber security vulnerabilities to the systems to which they are attached.”

The ERDS ties into plant computer systems to give the NRC’s 24-hour Operations Center a “near real-time” view of plant conditions around the country, according to NRC regulations — including reactor core and coolant conditions, and radioactivity release rates.

As of May 1, 2009, operators of 19 plants had expressed interest in getting rid of their modems. One hopes the other 47 will soon follow those early adopters.

Next year, I hear they’re getting cable.

Top image: The Trojan nuclear power plant, courtesy Oregon.gov. Modem photo courtesy SecretLondon123.