AMITIAE - Tuesday 10 December 2013
Cassandra: Security Services, Personal Security and Other Risks
By Graham K. Rogers
Having looked at Echelon, which was an earlier collaboration between the fives states (Australia, Canada, New Zealand, UK and USA), some of the revelations have not been too surprising to me: as the internet took over from telephone systems as the major medium of communication (albeit with many ways in which that communication works), security services were bound to switch their attention to online links.
Links to those articles on Echelon are:
The NSA (and others) saw the gift and accepted it with open hands. In the climate of the time, the NSA and others expanded surveillance and tended to ignore many of the legal and constitutional constraints that should have kept them in check, including lying to the (perceived) rubber-stamp FISA court that was set up.
A recent example that came to light, is the idea that not only are emails being monitored, phone calls checked and online transactions copied for later reference (not read, so not really illegal, the NSA claims), but that there are also online games that security services both monitor and perhaps infiltrate, like World of Warcraft.
Several publications have put out the news that WoW and other games, including Second Life (whose former CTO is an ex-military officer with top secret clearance) have been used by the NSA and other agencies from as long ago as 2007, according to a report by Tim Cushing on TechDirt.
The idea (severely criticised in the article) is that terrorists may communicate or shift cash using the online technology that the games provide. The online communities may also be where potential recruits could be identified by the terrorists. It sounds to me like the NSA are still watching reruns of Matthew Broderick in War Games: the only place that the real world and reality seem to meet is within their own minds.
I was reminded of a NSA document - covering OS X 10.6 - freely available on the internet that suggested, even when Snow Leopard was current, that one way to make sure the camera could not be used was to place a Band-Aid (or something similar) over the lens.
Despite the blanking out of the lens, the document suggested that the best way to secure the iSight camera was to have it removed. That would fix it. They obviously knew more than we did back then, although if you look at the screenshot on the right, this will need some refining.
While we are on the NSA and their limited view of the world, we were interested to see a move from several tech companies a couple of days ago who had all signed an initiative to put the surveillance genie back in its bottle and to insist that the government learns to control the NSA and other such agencies. Fat chance I say: it is these guys who run the government, not the other way round.
I do not see a pressing need for a virus checker on OS X as the system itself prevents self-installation (definition of a virus) of any software. The last figures I have seen concerning viruses for OS X, puts the figure at less than 1: the same as it ever was. Systems before OS X were different and then there were reported to be some 80 or 90 viruses.
A couple of items from Net Security put those comments in some more perspective. The first concerns the rise in the number and types of attacks that Macs may be vulnerable to and includes a video that shows how Google protects its Macs (and Google has lots of Macs).
The other item concerns phishing, which is something that users need to keep their eyes open for all the time. Zeljka Zorz writes on the latest PayPal phishing email and this includes some advice on ways that such hoaxes may be more easily identified. I am so careful about this that I never click on any link in a PayPal email: even those that are legitimate. I go to my secure account using a browser instead.
As a note, although it is a public holiday in Thailand today, the nice guy in the over-smart polyester pants and cream shoes, who tells everyone that the Grand Palace is closed, is lying and the tuk-tuk driver he is working with will take those who get caught on a trip round some expensive shops in the hopes that the tourists will spend lots of money. They still catch several every day.
There is a thriving market in lookalikes: knock-offs that seem a bargain at the time. Apple took the phones for testing to an independent lab in the USA (with the cooperation of Thai authorities) and the results later appeared, albeit quietly. There were videos too and some are still online. With those results, these videos are perhaps more damaging to the complainant and reporter than to Apple.
That is not the view that Samsung takes. When a young man who goes by the dubious name of Ghostlyrich (sounds like a company I have heard of) experienced a burning Galaxy S4, he complained. Samsung (understandably) wanted some proof, so Ghostlyrich posted a video to YouTube.
This is where it goes awry. Electronista reports that part of the terms of settlement included removal of the video and "other extreme terms . . . which included never discussing the incident with anyone. . . ." He refused. And he added a second video (with some naughty words) which garnered almost half a million hits. Samsung has so far said nothing. In this case, silence may not be golden.
Mind you, as Gostlyrich has had service problem with an iPhone and an Xbox, both of which were treated positively, there could be more to this than meets the eye.
Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs.
For further information, e-mail to