Privacy Advocates Cite NSA Hack as Vindication of Apple’s Fight With FBI
Privacy advocates have claimed the breach of hacking tools and exploits apparently stolen from the National Security Agency has vindicated Apple’s stance in its dispute with the FBI earlier this year.
Last week, reports emerged that hackers had allegedly stolen a cache of the NSA’s top espionage tools and offered to sell them to the highest bidder.
The malware was linked to the “Equation Group”, a secretive team of cyber spies widely believed to be associated with the NSA and its state partners. The hacking collective that stole the malware posted two sets of files, including a free sample of the stolen data, which dates back to 2013, and a second encrypted file whose decryption key went up for sale in a bitcoin auction. Many saw the auction as a stunt.
But the the attack code posted by the hackers appeared to be real, according to former NSA personnel who worked in the agency’s hacking division, known as Tailored Access Operations (TAO).
“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke to The Washington Post on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”
“It’s a big deal,” said Dave Aitel, an ex-NSA research scientist and CEO of penetration testing firm Immunity. “We’d be panicking.” Whistle-blowing website Wikileaks tweeted that it also had the data and would release it “in due course”.
News of the leak has been closely followed by technology companies, many of whom pushed back against the U.S. Senate Intelligence Committee’s attempts to force them to provide “technical assistance” to government investigators seeking locked data.
The failed attempt to enact legislation came after Apple publicly clashed with the FBI over the government agency’s insistence that it create a “back door” to its iPhone software.
Apple: If we’re forced to build a tool to hack iPhones, someone will steal it.
FBI: Nonsense.
Russia: We just published NSA’s hacking tools— Christopher Soghoian (@csoghoian) August 17, 2016
The FBI claimed the software was needed to break into the iPhone owned by Syed Farook, one of the shooters in the December attack in San Bernardino, California. Apple refused to comply with the request, claiming that the code would lead to weaker smartphone encryption and inevitably get into the wrong hands.
Now, after a top-secret archive of some of the NSA’s own exploits having been leaked online, privacy advocates are suggesting Apple’s stance has been vindicated.
“The component of the government that is supposed to be absolutely best at keeping secrets didn’t manage to keep this secret effectively,” said Nate Cardozo, a senior staff attorney with the Electronic Frontier Foundation who spoke to Business Insider.
The NSA’s stance on vulnerabilities seems to be based on the premise that secrets will never get out. That no one will ever discover the same bug, that no one will ever use the same bug, that there will never be a leak. We know for a fact, that at least in this case, that’s not true.
Ex-NSA scientist Aitel believes the most likely scenario is that an insider walked out of a secure area with this data on a USB key, which could have been sold or stolen. “No one puts their exploits on a [command-and-control] server,” Aitel said. “That’s not a thing.”
Another possibility suggested by NSA whistleblower Edward Snowden is that the malware toolkit was stolen from a “staging server” or segregated network outside the walls of the NSA, where it was used for conducting attacks. Snowden has also pointed to Russia as the chief suspect behind the leak.
News of the hack has also raised new questions about the legalities of government hacking, since many of the “zero day” exploits included in the leak have never been disclosed to the companies whose hardware is affected.
A policy framework called the Vulnerabilities Equities Process outlines how and when the state should disclose a vulnerability to an affected company if the larger security risk is greater than the reward it could yield. The FBI has informed Apple of security flaws in older versions of iOS and OS X in the past under the VEP framework.
However, Cardozo argues that the rules are “completely broken” because the VEP guidance is a non-binding policy created by the Obama administration, rather than an executive order or law. “We need rules, and right now there aren’t any,” Cardozo said. “Or at least none that work.”
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Tag: Apple-FBI
Discuss this article in our forums
Samsung Could Sell Refurbished Smartphones in the U.S. By Next Year
Samsung is planning to launch a new program selling refurbished used versions of its smartphones as early as next year, according to sources who spoke to Reuters.
The Korean tech firm is seeking ways to sustain its earnings after the company posted its best profits for two years following a restructuring of its mobile lineup. With the smartphone market plateauing, Samsung hopes that selling the returned handsets as part of its upgrade programs will help it maximize cost efficiency and keep its operating margins above 10 percent, reports Reuters.
The discounted handsets are said to be coming to customers tied to upgrade programs in markets like the U.S. and South Korea, however there’s no official word on how much the discount will be, or which countries the program is coming to.
Apple already sells used phones in several markets including the U.S., but was recently blocked from selling refurbished handsets in India, where high-end devices are beyond most buyers.
Reuters notes that an iPhone has a re-sale value of around 69 percent of its original price after about one year from launch, while Samsung’s flagship Galaxy sells for 51 percent of the original price in the U.S. market, according to BNP Paribas.
The program is likely to attract customers previously put off by the high price of Samsung’s high-end smartphones, some of which cost up to $800. Selling the used phones in growing markets like India could also be a big hit for Samsung, while offering them in China could could help the company prevent market share encroachment by Chinese rivals, many of which offer low-cost alternatives.
Tag: Samsung
Discuss this article in our forums
Reuters: Samsung to sell refurbished high-end phones
Samsung is preparing an official refurbished phone program, according to Reuters, which could launch “as early as next year.” The scheme would offer premium handsets — think the Galaxy S and Galaxy Note line — at a discount for customers that can’t afford them at full price. Most of the phones would be sourced from its one-year upgrade program, available in places like the US and South Korea, which gives super-fans an easier way to trade-in and acquire the latest handsets. It’s not clear, however, how much the new discounts will come to, or where the scheme will be offered.
A used phone program would give Samsung an additional revenue stream and maximize its returns on each individual handset. After all, the company would be selling the phone twice — once as new, the second as used — with presumably minimal repair costs. Since the Galaxy S6 and S6 Edge, Samsung has stumbled on a design philosophy that far outstrips its previous efforts. (Remember the band-aid Galaxy S5?) The superior hardware, coupled with a slightly more hands-off approach to Android skinning, has culminated in some extremely desirable smartphones. But they’re expensive — the Galaxy Note 7 starts at around $850 in the US.
While Samsung has a ton of devices that hit cheaper price-points, it’s the Galaxy S7 and Note 7 — and their most immediate predecessors — that can best compete with the competition from Huawei, Xiaomi and OnePlus. Refurbished phone sales could cannibalise Samsung’s own mid-range offerings, but they would also shore up its stake in the overall smartphone market. And for the consumer, it would be just another option when buyinh a new handset. A win-win for everyone but Samsung’s competition — especially HTC, which is already struggling to sell its best phones.
Source: Reuters
Sony PlayStation 4 Slim photos appear, as report suggests two PS4 consoles to launch in September
Sony is hosting an event to announce something about PlayStation on 7 September, but in a flurry of leaks, some of that news might have escaped early.
Sony confirmed the launch event on 10 August, inviting media to a New York launch saying that it would be relating to “the PlayStation business”. For some time, the launch of an upgraded 4K capable PlayStation has been rumoured.
The Wall Street Journal has reported that we could be expecting two consoles to launch at the New York event: the rumoured PlayStation Neo, or PS4K, as well as a new “standard model.”
While all attention has been on a future high-powered console, no one expected a “Slim” model to be announced as well. Sony has a history of revamping consoles, usually with a launch of the Slim with a lower price to attract those yet to jump on the PS platform.
To add colour to this twisted tale, a new design of PlayStation 4 appeared on auction site Gumtree over the weekend, revealing a Marmite design. In slightly suspicious circumstances, the unreleased console has been listed for sale and bought.
The buyer then continued to share photos of the new console via Twitter, although has so far failed to show it powered on. It could be an elaborate hoax and entirely fake, but if it is, it has been cleverly done, providing a little entertainment for the expectant PlayStation masses.
@GameOverGreggy @MarsRSA Anything for you Greg 😉 pic.twitter.com/ZRH66i9qRr
— shortman82 (@shortmaneighty2) August 21, 2016
Sony is expected to respond to the moves by Microsoft with the new Xbox One S. The new Xbox slims down the design and adds 4K capability, offering an Ultra HD Blu-ray player, support for HDR gaming and 4K streaming services from the likes of Netflix – all at an aggressive price.
The reports from this little exposé suggest that the new PS4 Slim has the same capabilities as the existing PS4, rather than offering any sort of upgrade.
We’ll know everything on 7 September, until then, we’ve been keeping track of all the PlayStation Neo rumours for you to stay up to date.
- Sony PlayStation 4K: What is PS4.5/Neo, when is it coming and what will it offer?
- Xbox One S vs PlayStation Neo (PS4K): What’s the rumoured difference?
‘Big City Stories’ is a free-to-play city builder for PS4
Hellfire Games’ Big City Stories is looking to combine the best parts of city-building games like Sim City or Cities: Skylines with the open-world mechanics of an MMO. The result? An awesome-looking PlayStation 4 exclusive.
Big City Stories will feature some additional mechanics city-building sims don’t typically offer, like the ability to drop down from a bird’s-eye view to see your city at street level without loading time. You can get an up-close-and-personal view of the skyscrapers and structures you’re building, but what good would that do without seeing the people hanging out in the city?
The game will offer customizable avatars with various clothing items and emotes, a vehicle system with cars you can actually drive, mini-games, and stunt ramps scattered throughout the city. Not only will you be able to create your own cities, but you can get down in them and explore, too. Your friends can come hang out in the spaces you’ve created thanks to persistent spaces and come to your city even when you’re offline as well.
Big City Stories is slated for an August 23rd launch in the US, and then it’ll be slowly rolling out to other locations as well. It’s The Sims meets Second Life, basically. Who knew?
Source: PlayStation Blog
Gene editing records ‘memories’ in human DNA
Scientists have been recording data in DNA for a while, but it has usually involved bacteria and other simple organisms. MIT, however, just took a big leap forward. Its researchers have used the CRISPR gene editing technique to record histories in human cell DNA for the first time. They’ve crafted a gene circuit that only expresses an enzyme when it’s near a key immune cell molecule, building up mutations the more it’s exposed to that molecule. All you have to do to extract “memories” is to sequence those genes. They’ll tell you whether or not there was a lot of inflammation, for instance.
It’s not limited to one input, either. The MIT team found that they could produce multiple RNA strands in response to specific conditions, such as the presence of a certain medicine.
You probably won’t see this approach used in humans any time soon. Sorry, your medical history won’t be written in your genes. However, it could be extremely helpful for studies. Scientists could better track the development of an animal from embryo to adulthood, and understand the advancement of cancer or infections. Think of this more as a stepping stone for other discoveries than anything else.
Source: MIT News
Samsung could be readying a Batman-themed Galaxy Note 7 Injustice edition
After launching the Batman-themed Galaxy S7 edge Injustice Edition, it looks like Samsung will bring out a limited edition variant of the Galaxy Note 7 with the same color scheme. Leaked images on Weibo showcase a Note 7 with golden accents around the home button and the camera housing and a Batman logo at the back. The images also reveal a custom theme that’s based on Injustice: Gods Among Us.
Samsung is rolling out a Galaxy Note 7 with 6GB of RAM and 128GB storage for Chinese customers, and it is likely that the Batman-themed variant will offer increased memory and flash storage. There’s no mention if the model will make its way Stateside, but the Galaxy S7 edge Injustice Edition never made its way to the country.
Either way, with the Note 7 launching in China later this week (August 26, if you’re interested), we should have more details on pricing and availability of the Injustice edition shortly. If the S7 edge Injustice model is any indication, it won’t be cheap.
Samsung Galaxy Note 7
- Samsung Galaxy Note 7 review
- The latest Galaxy Note 7 news!
- Here are all four Note 7 colors
- Complete Galaxy Note 7 specs
- Join the Note 7 discussion in the forums!
Verizon
AT&T
T-Mobile
Sprint
Lyft suspends its Bay Area carpooling service
Lyft has learned a valuable lesson from one of its most recent ventures: the carpooling biz is tough to get into. The company is “pausing” the carpooling service it launched for the Bay Area just a few months ago, and according to Forbes, it’s all because it wasn’t able to entice enough drivers to sign up for it. Lyft presented the program as a way to earn between $4 and $10 per ride just by picking up people going the same way. Unfortunately, things didn’t work out, and the company reportedly told the team behind the offering that they’ll be transferred to other divisions.
Based on the statement its spokesperson gave Forbes, though, Lyft hasn’t fully given up on the feature, and it plans to continue operating its other carpooling product called Line.
“While we think a scheduled carpool feature is the right long-term strategy, it is too soon to scale to a meaningful level where supply matches demand. We learned a lot and will apply it to new and existing projects — like Lyft Line — as we drive our vision forward to solve pain points in commuting.”
Lyft isn’t the only ride-sharing company that offers carpooling as an option. As Kristen Bill learned after an awkward car ride, Uber has one as well, and it still exists. TechCrunch also mentioned that a Bay Area-based carpool-only company called Scoop is still around and doing great.
Source: Forbes
Here’s how the NSA spied on Cisco firewalls for years
Edward Snowden leaks revealed that the NSA had the ability to spy on Cisco firewall traffic for years, but just how did the agency do it? We now have a clearer idea. An analysis of data from the Equation Group hack shows that the NSA used a specialized tool, BenignCertain, that uses an exploit in Cisco’s Internet Key Exchange implementation to extract encryption keys and read otherwise secure virtual private network data. Cisco has confirmed that the attack can compromise multiple versions of its old PIX firewalls, which were last supported in 2009.
The issue doesn’t crop up in PIX 7.0 or in Cisco’s newer Adaptive Security Appliance, but that isn’t going to reassure many security experts. Ars Technica warns that there appear to be over 15,000 networks still clinging on to PIX, and there’s a real possibility that many of them are vulnerable. Other platforms have comparable security holes, too, suggesting that the NSA might have snooped on many VPNs. To make matters worse, the Equation Group breach lets any would-be hacker use the exploit. While the past surveillance is alarming, you may need to worry more about everyday criminals going forward.
Via: Ars Technica
Source: Musalbas, Cisco
Tokyo 2020’s Olympics pitch: Mario, Pac-man and co.
In case you didn’t notice, the Olympics is wrapping up in Rio, and sports fans now have an endure a whole three years and 11 months until the next one, which happens to be in Tokyo. Japan’s Olympic committee decided to highlight that fact by transforming the country’s Prime Minister into Mario (naturally), showcasing its distinctive skyline (swoon!), showing some of its athletes you’ve probably never heard of (sorry!) and a bunch video game and anime characters. It’s all backed by a punchy jazz soundtrack, and is likely to give you goosebumps, although I wonder why the creative team wasn’t able to book Pikachu in time.
The teaser looks to focus on its cultural contributions — and that’s cleverly meant recruiting from its video-game heritage and manga history. (By the way, Doraemon is the blue robot cat thing — he’s big in Asia.) Hopefully, Tokyo 2020 will have the technological chops to bring half these characters to life for its own opening ceremony. Augmented reality might work by then, who knows.
Via: Twitter (@lmfaofa)
AIVAnet 