Government Employees Fooled by Greeting Card Trojan

email from uncle samThe U.S. Government seems to be leaking a lot these days. After the WikiLeaks scandal, and the leak of the plan to stop leaks, we’ve heard about another leak. Two days before Christmas, an unknown number of government employees opened a greeting email that looked like it was from the White House. Normally, that’s no big deal, but this email contained a surprise gift.

Here’s what it said:

As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we’re profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.

Greeting card:

hxxp://xtremedefenceforce.com/[omitted]
hxxp://elvis.com.au/[omitted]

Merry Christmas!
___________________________________________
Executive Office of the President of the United States
The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500

People clicking on the links in this phishing email, downloaded a trojan called ZeuS. If they installed it, their computers proceeded to send out all of the Word and Excel documents to a hacker’s website. It appears that this hacker only wanted information that he could later sell.

Here’s what the greeting card website looked like.

trojan-ecard from krebsonsecurity.com

(image from KrebsOnSecurity)

I don’t think I should have to tell everyone this, but you should never have to download a greeting card. If you are asked to do this, exit the web page immediately.

Someone should have told the government employees about stuff like this. Very sensitive documents were stolen because the employees didn’t know about the high-risk practice of downloading from unknown websites.

Some of the documents were identified as coming from such places as the National Science Foundation, the Massachusetts State Police, the Financial Action Task Force, the Millennium Challenge Corporation, and many other .gov sites.

The US Government is now proposing that people use an Internet ID card to protect their privacy. Would you trust them to know how to guard   your private information?

[via krebsonsecurity]

U.S. Orders Twitter to Hand Over WikiLeaks Private Messages

New information about a U.S. case against WikiLeaks has recently been revealed. The U.S. Department of Justice (DOJ) issued a secret subpoena to Twitter on December 14th. The subpoena orders Twitter Inc. to release private messages and other information about accounts owned by Julian Assange and others involved with WikiLeaks.

View the subpoena

The subpoena wasn’t public knowledge, because  Twitter was ordered not to reveal it, since it was “relevant to an ongoing criminal investigation“.   On January 5th,   the subpoena was unsealed due to legal pressure by Twitter.

Twitter declined to say much on the matter, except that its policy is to notify its users of government requests for information, when it can do so.

In a statement, Assange is quoted as saying If the Iranian government was to attempt to coercively obtain this information from journalists and activists of foreign nations, human rights groups around the world would speak out.

twitter2Twitter is based in San Francisco California, and it’s not likely that they would have responded to an information request from Iran. However, the U.S. DOJ has the legal authority to make Twitter cough up this data. It’s clear that Twitter will do so, despite their efforts to open it up to public review.

Google and Facebook have very likely received similar requests, but have not responded to reporters asking about this topic. It’s speculated that they’ve also gotten gag orders to remain quiet, but didn’t fight them as well as Twitter.

(Sources: TechCrunch, CBS News and others)

Julian Assange Threatens To Open Pandora’s Box

Julian Assange has finally managed foolproof insurance so that the US government cannot want him dead now. He has threatened to name key Arab leaders with CIA ties, a move that will seriously jeopardize American efforts and strongholds in the Middle East.

According to this report from Business Insider, the CIA Arab ties were claimed by Assange in an Al-Jazeera interview. He has also claimed that there are files waiting and set to leak automatically in case Assange is captured or killed. If the leak happens, there can be massive turmoil in world politics. Political ties will break and many American secret operatives in the Middle East will be compromised.

After this move, Julian Assange has been condemned as dangerous by even more people since the documents that will be released in case of his capture are critical for security. Assange has also revealed some fact on Arab leaders saying,

We have more files dealing with defense issues of Central Europe, but I or my staff didn’t have the time to go through all of them. What is being published by the five media partners of WikiLeaks are publishing only those details which they think are interesting for their readers. There are some Arab officials who are stealing’ oil of their countries. We need these media partners to focus more on this issue.

FCC Regulators Impose Net Neutrality – What is it?

[United States]

fcc-sealOn Tuesday this week, a panel of 5 regulators in the FCC (Federal Communications Commission) voted to impose Net Neutrality rules on internet service providers. As you may know, the FCC is a U.S. agency that regulates communications of many types, such as telephone, cellular phone, radio, cable tv, wireless internet and others. The members of the commission are political appointees, and are not elected by a vote of any kind. The commission also enjoys a great deal of independence from Congressional authority.

The main idea around Net Neutrality is that internet service providers should provide open and unrestricted access to all of their customers. In the past, providers such as Comcast have slowed down access to certain types of information such as Bittorrent streams. Net Neutrality is also proposed to stop the service providers from charging extra money based on band-width use. Others are saying that Net Neutrality isn’t enough, and all internet access should be free to the public.

While the ideas behind Net Neutrality sound beneficial to the average consumer, many people have raised concerns that any government involvement is going to clamp down on the inherent freedom of the internet. As we’ve seen already, governments are the worst abusers of internet freedom. Countries such as Iran, North Korea and China are famous for imposing severe restrictions on data entering their countries. The U.S. government has already shown a heavy hand when they shut down over 80 websites for copyright infringement, and tried to shut down the WikiLeaks web site.

Internet freedom and privacy organizations are typically afraid to support any regulation of the internet, even inside the U.S. borders. For example, the Electronic Freedom Foundation (EFF) has serious questions:

What is the basis for the FCC’s authority, and is there a reasonable limiting principle to it? Is the basis on which the FCC is claiming it can regulate, one that has real limits for future decisions … ?

Personally, I have to oppose the idea of Net Neutrality. Allowing the FCC or any government body to regulate access to the internet is risky. Once they get in, it’s nearly impossible to keep them out. Technology changes, companies come and go, but government commissions and regulations seem to last forever.

The internet is not broken, and it doesn’t need fixed.

We’ve seen the internet service providers respond to criticism. They will typically do what their customers want them to do. We vote with our money. If we don’t like a provider, in most cases, we can switch to another. I fear the real possibilities of biased political involvement and corruption.

Unfortunately, we may not have any further choice on this issue. The FCC, which isn’t responsible to any American voter, may succeed in it’s bid to regulate the internet inside the United States.

Here is a video from Reason.TV that explains my feelings on this issue a little better than my words.

.

If you don’t agree with my position on Net Neutrality … feel free to comment below.


WikiLeaks App Gets Ousted From Apple’s AppStore

Igor Barinov, developer of the WikiLeaks app, has received notification that Apple has removed his controversial app from their AppStore. It stores no content and doesn’t break any apparent laws it merely gives easy access to diplomatic cables that were provided by WikiLeaks and the ability to follow their Twitter account. The app was available for 3 days for $1.99 before it was taken down.

It is quite possible that the reason Apple removed it is because in accordance with their ToS and policy on donations (Section 21), an application has to be free in order to collect donations and they can only be collected in specific ways. Hopefully this is not another take-down for being closely “related” to WikiLeaks, and the author can re-submit his application with in-app donations.

TradeLeaks Wants To Be Wikileaks For Business Whistleblowers, Failure Awaits

By now the word must bring several thoughts to your mind. Sensitive government documents and cables have made their way to this popular/un-popular site and through it to the hands of several news publications and the common man in the end.

TradeLeaks Logo

However, what about businesses? Do they have secrets to hide from us? Well, just like Julian Assange, another Australian business entrepreneur has Ruslan Kogan has unveiled TradeLeaks.com, a whistleblowing website that will make retail and trade open and transparent.

Just like Wikileaks, TradeLeaks will provide a simple way for consumers and whistleblowers within organizations to anonymously leak information, revealing any dodgy business practices of retail and trade around the world. However, there are several problems as I see it with TradeLeaks. Here are some of my views about them.

First of all, I am not sure how anonymous these leaks will be since they use an online web form on an unsecure network (read non-HTTPS) which might leak out a lot of information to the website and anyone who wants to snoop in to.  They also use Analytic tracking software from several services on the leak submission page. Wikileaks does complete anonymous submission through methods they have perfected over the years.

Secondly, There is no verification of information except for public votes and comments. This is exactly opposite of what Wikileaks does. The site’s about page says:

We do not independently assess the veracity of any information posted on our website. Rather, we rely on users to assess the merits of all information posted through posting reply comments and queries, and by rating the quality of the information posted. This verification process does not mean that all information posted will automatically be true, rather it means that users ought to independently assess each piece of information to satisfy their own minds of its veracity

Boom, that is a deal-breaker for me. How could you just not verify information while you call yourself a whistleblower website?

Thirdly, anyone can use the second fault to post false information about another company. Thanks to search engines like Google, such information could quickly make it to search engines and also kick in Google’s algorithm’s to block them in SERPs because of bad business reviews.

Fourthly, there are hundreds of sites including Ripoff Report, FTC Complaints among others which allow users to post bad experiences with any company. TradeLeaks looks more like a consumer complaint site to me rather than a whistleblowing website. The few postings on the current site strongly suggest that.

I am not against TradeLeaks or what they are looking to do, and yes they are just starting out. However, considering all these arguments, my judgment about TradeLeaks is that it is bound to fail for reasons beyond it’s vision. What do you think?

Julian Assange Mosaic Shows People He Exposed Through Wikileaks

The controversy is not going anywhere soon and though Mark Zuckerberg beat Julian Assange who was also nominated for Time Person of the year, he is definitely become famous day by day.

Julian Assnge Mosaic

Over the past few years Wikileaks has exposed several documents which have embarrassed quite a few people. Now some creative people at Kay Circle have taken around 300 people effected by Wikileaks document leaks and created a mosaic that represents a picture of Julian Assange.

If you are a fan of him, you can go ahead and download a large copy of the mosaic appearing above from Kay Circle.

Is PayPal Freezing Accounts that Donate to WikiLeaks?

Earlier today, at Reddit.com, a person by the nickname HelloKevin11 posted the following thread.

Paypal shut my account today because my business donated money to wikileaks.

I go to log into my business account, and it’s locked. The girl on the phone told me it’s because my account handles a large amount of money (it’s a biz account), I recently sent a lot of money ($4000) overseas, and I also sent money to wikileaks. My account is being investigated for illegal activities and I have to account for what the money was used for. They want invoices and such …

wikileaksWe’ve covered many topics about WikiLeaks in the last few months. We’ve also posted plenty of stories about problems with PayPal accounts. However, this one might potentially impact the most internet users. I have not been able to confirm that this is the truth yet, but if it is, I have to ask this question.

Is PayPal an instrument of the United States’ war on terrorism?

Does any user of PayPal now have to worry that big brotheris watching over their shoulder as they buy and sell products online? How far does the reach of the US State Department extend? Will people in France, England and India have to worry about their accounts being frozen? What charitable causes will be targeted next? Can I safely donate money to the Electronic Frontier Foundation?

HelloKevin’s post already has nearly 1000 comments. The comments are ranging all over the map, with most of them containing at least a hint of outrage. According to Kevin, he’ll be contacting PayPal by phone on Monday to ask for a verbal explanation. He intends to record the conversation.

Until then, all we have are lots of unanswered questions.


PayPal Says US Department Did Not Contact Them About Wikileaks

Looks like PayPal is playing a safe game. After suffering a DDoS account on their blog by 4Chan Anon members, PayPal has now come up with a new blog post explaining on why they blocked the Wikileaks account.

The account was again reviewed last week after the U.S. Department of State publicized a letter to WikiLeaks on November 27, stating that WikiLeaks may be in possession of documents that were provided in violation of U.S. law.  PayPal was not contacted by any government organization in the U.S. or abroad. We restricted the account based on our Acceptable Use Policy review.  Ultimately, our difficult decision was based on a belief that the WikiLeaks website was encouraging sources to release classified material, which is likely a violation of law by the source.

It turns out that PayPal had also blocked the Wikileaks account back in 2008 and 2009 too because of unacceptable policies used by . PayPal had also reviewed the Wikileaks account last week after the U.S. Department of State publicized a letter to Wikileaks on November 27, however, they have clearly mentioned that no U.S. or other government representatives had contacted them earlier.

PayPal has been notorious about locking and blocking accounts without proper notices, so this might just be another ploy to pacify people about where they stand.

Back in February 2010, PayPal had stopped personal payments to and from India without properly notifying users. Many users including me were upset about that issue, you can read my sentiments about the PayPal issue back then.  Nevertheless, whether it is something PayPal did themselves or based on some Governments’ directive, the damage has already been done. Looks like Wikileaks is taking a lot of people down this time.

Twitter Suspends Operation Payback Account, Will 4Chan Attack Twitter Now?

has suspended the account of the Anon "Operation Payback" team @Anon_Operation. This account was being used by the Anon team to send out messages on when they were going to hack which site.

Operation Payback Twitter Account Suspended

Quite recently Anon took down Visa.com and had flashed several messages on Twitter about the operation. Now as SAI is reporting, the account has been suspended by Twitter.

Twitter was one of the targets for Anon to attack, because they thought they were censoring content from the trending topics. However, Twitter has denied those claims, but the suspension of the "Operation Payback" account could enrage the members of Anon who might possibly DDoS Twitter.

Start bracing yourself for some Twitter downtime.

Update: Operation Payback is now back on Twitter as @Anon_Operationn

Update 2: The original @Anon_Operation account is now back up. There was a tweet from the account which said that the deletion was accidental.