• In the wake of reports that the NSA had been monitoring her mobile phone (possibly since 2002), German Chancellor Angela Merkel undertakes a delicate balancing act, verbally rebuking the alleged behavior while calling for continued collaboration on an EU-U.S. free-trade deal. Although Martin Schulz, the president of the European Parliament, had called for suspension of the trade talks, all twenty-eight EU nations declined. There was some talk in Germany of balkanizing some of its internet service providers’ traffic flows.
  • On Oct. 23rd, the United States assures Germany that it was not currently monitoring the Chancellor’s phone and would not do so; however it declined to comment on whether it had monitored her phone in the past. The NSA denies reports that President Obama had been briefed on the program in 2010.
  • The Snowden documents also indicate that the NSA had monitored the phones of dozens of other world leaders, even going so far as to encourage U.S. officials to share their foreign contacts’ phone numbers with the agency.
  • As the press continues to publish new documents leaked by Edward Snowden, NSA chief Keith Alexander calls for “courts” and “policymakers” to stop the “selling” of NSA documents in the press. [H/T Jay Ackroyd]
  • A U.S. Attorney in the Eastern District of New York indicts six Romanians and one Albanian in an internet fraud ring which raked in over $3 million selling nonexistent cars, boats, and luxury goods. All seven remain at large, and Interpol has issued a ‘Red Notice’ for the arrest of the ringleader.
  • In a civil case, an Idaho federal judge issues an ex parte temporary restraining order (TRO) providing for the seizure and copying of the defendant’s hard drive, largely based on the defendant’s self-identification as a “hacker.” While we appreciate the citation to JETLaw, we also think it is worth considering (1) the longstanding controversy (see also Bruce Schneier) over the meaning of the word “hacker,” as well as (2) the difference between black hat hackers (who illegally break into secured systems or software without permission) and white hat hackers (who legally break into secured systems or software, either with permission or on their own computer systems). We need white hats to help us make our defenses better, and it appears as though white The defendant’s firm, South Fork Security, appears to be intimating that it is a white hat security consultant, so while I would support the court’s reliance on this self-identification as “hackers” to infer that the defendant had the technical ability to permanently erase its digital evidence, I don’t think the court should have relied on this statement to infer its intent to do so. Maybe there should be a per se rule allowing for this sort of TRO whenever anyone is accused of stealing source code and has the ability to erase the evidence, but that should apply equally to all defendants large enough to have an information security staff or profitable enough to hire information security consultants, not just those willing to describe themselves as (impliedly white hat) “hackers.” [Side note: does this imply that DoE was reinventing the wheel of intrusion detection (just in a SCADA environment)? If so, why not use something else commercially or freely available?] [H/T SANS]
  • Aaron’s, Inc., a national rental and rent-to-own company, reaches a settlement with the FTC. It had been using webcam captures, keystroke loggers, and screen captures to spy on its customers [PDF]. Under the consent agreement, Aaron’s will be prohibited from using certain kinds of monitoring technologies, and must provide clear notice for any other monitoring of rented items. [H/T SANS]
  • In the lawsuit against the NCAA for improperly licensing player likenesses, brought by Ed O’Bannon, the judge denied the NCAA’s motion to dismiss, opening the door to possible class certification.
  • Former Vice President Dick Cheney revealed that he had had the wireless connection in his implanted defibrillator disabled in 2007 to prevent hackers from breaking into it. Wise move. While the “internet of things” is not un-secure-able, we are only now getting around to securing it. [H/T SANS]

UPDATE 10/29/2013: In the Idaho TRO case above, both parties have now had the opportunity to brief the issues (at least as far as they reach the TRO). The court’s treatment has been fair, and while it will be retaining the image of the defendant’s hard drive (for now), it has also dissolved part of the restraining order. The case is ongoing.

–Brad Edmondson

Image Source

Comments are closed.