Goverment IT News

US Petition Demands Internet As Unalienable Right

US petitioners hope to vaquish SOPA by protecting Web access as a constitutional right

On  by Iris Cheerin 0

A US group has officially petitioned the US Government to amend the constitution and make Internet connectivity an unalienable right.

Using the White House’s We The People tool, more than 6,500 users have signed a petition to protect Americans from laws that may potentially censor the Internet.

We will not be silenced

Citing the SOPA (Stop Online Piracy Act), E-PARASITE (Enforcing and Protecting American Rights Against Sites Intent on Theft and Exploitation) and PROTECT IP (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act) acts, petitioners claim that “The United States Government is actively attempting to pass legislation to censor Internet.”

While SOPA, reminiscent of the UK’s own Digital Economy Act (DEA), moves toward ratification, it has already been widely lambasted in the press for its lack of understanding of how the Internet works and the potential harm it may do. This, at a time when many countries, including Spain and Finland,  have joined public opinion by moving towards guarantees of Internet connectivity for their citizens. Even UK Foreign Secretary, William Hague, recently acknowledged its importance.

Despite this trend, and the numerous campaigns against this Act, petitioners fear that if they do not do more than simply prevent this particular act from being passed, “Future Acts of similar nature will oppress our rights. By signing this petition, you are demanding the Obama Administration to add an amendment to the Constitution that limits the power of the Government from being able to censor the Internet.”

We the people allows users to start or join petitions and have their voices heard by law-makers. The site currently has 123 active petitions from the serious, to ones requesting cookies.

Articles on TechWeekEurope are available in Google Currents and in the AppStore

Goverment IT Networking News

Virgin Launches Big Red Internet Business Package

Fill your boots, says Virgin, as 1Gbps and 100Mbps fibre links tumble in price

On  by Peter Judge 0

Virgin Media Business will today launch a flat rate business Ethernet-on-fibre service which offers “more bandwidth than you think you need,” with uncontended, symmetrical services at 100Mbps or 1Gbps.

The service uses the core network that Virgin has built on the assets of the former cable companies and will offer the services at a “small premium” to businesses currently on 10Mbps or 100Mbps leased lines, according to a Virgin executive. The service can be offered at a lower price than competing leased line services because the bandwidth that it uses would otherwise go to waste, as the amount of traffic on a consumer network drops dramatically during working hours.

“Fill your boots!”

“It’s dedicated fibre, symmetric and uncontended,” said Mark Heraghty, managing director of Virgin Media Business. “Fill your boots!”

The 100Mbps service costs £12,000 per year, or £13,000 for a managed service, while the 1Gbps service costs £22,000 or £25,000 for a managed service which includes router installation and proactive network management.

The service is for directly-connected users, and not for resellers, and can be installed within 60 days from order. Although this sounds a long time, the local loop connection to the user can involve digging up the road; being able to afford a higher speed to start with should mean that is a one-off cost and a one-off delay, Virgin Media spokespeople pointed out.

Virgin Media Business has a very strong fibre network, which was built up by NTL and TeleWest and is mostly used by consumers in the evening, explained chief operating officer Andrew Barron: “It’s bankrupted two companies – it’s our pride and joy!” Big Red Internet is able to offer an uncontended service on that during the day.

Long-term perspective

Since taking over the ntl and TeleWest brands, Virgin first sorted out its customer service, and then got its balance sheet under control, said Barron. “We can fund and finance projects, and take a long-term perspective.”

While Virgin Media has been rolling out 50Mbps, using the DOCSYS standard, to large parts of the country, and promising 100Mbps broadband using fibre-to the-cabinet, Virgin Media Business has launched Ethernet extension services up to 10Gbps. The Big Red Internet offering takes that service and simplifies it, said Barron.

“We are an asset-based carrier,” said Barron. “It effectively costs us nothing to offer this service.” The peak demand from Virgin consumers is around 10pm at night, and the network is largely empty during the day. “Our competitors build networks dimensioned around business-to-business, and buy access from BT,” he said.

The company has promised to divulge prices before customers are asked to start putting down real money for the service – the service will be available in managed and unmanaged versions.

Universal access and fast broadband

At the launch event, Barron claimed that Virgin’s broadband roll-out had now met the government’s original target for fast broadband in Stephen Carter’s Broadband Britain report, but providing universal access at 2Mbps would be trickier.  “Universal access means reaching areas which are not economical,” said Barron. “If the government lets us use unconventional methods such as using electricity poles, we will push ahead as fast as it is economic to do so.”

Goverment IT News Security

Wikileaks: Chinese Government Ordered Google Hack

US embassy documents say a Chinese Politburo member ordered attacks on Google

The Chinese government ordered the hack against Google in January, and backed many other acts of cyber-warfare, according to the US Embassy cables revealed by Wikileaks.

Wikileaks sparked a diplomatic crisis this weekend by releasing more than 250,000  confidential cables from its embassies round the world. Along with Arab leaders urging strikes on Iran’s nuclear plants, and embarassing assessments of foreign leaders, the massive leak shed new light on the incident in January, when Google was subject to hacking from within China.

Hack ordered by Politburo member?

The hack in January, which prompted Google to leave China temporarily, was “orchestrated by a senior member of the Politburo who typed his own name into the global version of the search engine and found articles criticising him personally,” according to a source in China, The Guardian reports.

The campaign used “government operatives, private security experts and Internet outlaws recruited by the Chinese government,” and was part of a concerted pattern of Chinese official hacking dating back to 2002, whose targets included other businesses, the US government and its allies, and the Dalai Lama.

Earlier this month, it was revealed that, in April, 15 percent of Internet traffic was routed through China, an incident which raised fears of further Chinese interventions.

The material in the cables is embarassing to the US government and, in the case of the Google hack, adds evidence to back existing suspicions, rather than providing any proof. Wikileaks is posting 251,000 documents from 274 embassies dating back to 1996, in an action which it says “reveals the contradictions between the US’s public persona and what it says behind closed doors”.

The Chinese hack on Google was alleged to have stolen Google’s source code, and is believed to have originated from two Chinese colleges. Google stopped re-routing its traffic away from China in June.

Goverment IT News Security

Zeus v3 Trojan Steals £675,000 From UK Bank

A new variant of the Zeus trojan has cost the customers of one British bank £675,000 in unauthorised withdrawals over the last month

Cyber-criminals based in Eastern Europe have stolen £675,000 from a British bank, using a new version of the infamous Zeus Trojan that cannot be detected by traditional firewalls.

According to security researchers at M86 Security, Zeus v3 spreads through legitimate websites and online advertising to infect victims’ computers. Once the Trojan is successfully installed on a PC, it lies dormant until the user connects to their online banking page. It then transfers the user’s banking login ID, date of birth, and a security number to a command and control server, enabling the hackers to break into the account.

About 3,000 online customers of an unnamed British bank have fallen victim to the cyber-criminals since 5 July, with each losing between £1,000 and £3,000, the experts claimed. However, money transfers are only carried out if the hacked account balance is bigger than £800. M86 claims that the attack is still progressing.

Bradley Anstis, vice-president of technical strategy at M86, explained that this latest version of the malware is “extremely sophisticated”, and is able to avoid detection by using the Secure Sockets Layer (SSL) protocol to communicate with the command and control centres.

UK bank accounts targeted

Only last week, researchers at security softeware maker Trusteer uncovered a large botnet of 100,000 computers built using a different variant of the Zeus malware. Again, almost all of the infected machines were thought to be in the UK.

After infecting the computers with Zeus 2, the botnet pilfered all kinds of user data, ranging from login information for banks to credit and debit card numbers and browser cookies.

“This is just one out of many Zeus 2 botnets operating all over the world,” said Amit Klein, Trusteer’s chief technology officer, at the time. “What is especially worrying is that this botnet doesn’t just stop at user IDs and passwords. By harvesting client side certificates and cookies, the cybercriminals can extract a lot of extra information on the user that can be used to augment their illegal access to those users’ online accounts.”

The Metropolitan Police Service’s Police Central E-Crime Unit (PCeU) also recently arrested six people as part of a suspected online banking fraud. The arrests took place across London and Ireland, and concerned the theft of credit cards, as well as personal information and banking details.

It is thought that more than 10,000 online bank accounts and 10,000 credit cards were compromised in phishing attacks, and the bank account take-over fraud amounted to approximately £1.14 million, with £358,000 stolen successfully.

Cyber crime budget cuts

The UK government recently axed plans for an increase in funding to the Metropolitan Police’s cyber crime unit. With online fraud and other electronic crimes becoming increasingly commonplace, the Police Central e-crime Unit had been hoping for extra funding from the Home Office for training and equipment purposes. However the extra funding was cut as part of the coalition government’s £6 billion deficit reduction plans.

“There is concern that at the moment the cyber crime authorities are pretty pitifully funded for the level of crime that is going on,” said Graham Cluley, senior technology consultant at Sophos, speaking to eWEEK Europe last week. “I think the one thing we can be sure of is that the cyber criminals aren’t cutting their investment in this kind of crime. We are seeing more attacks than ever before. We see 60,000 pieces of new malware every single day, which is simply staggering, but that’s the level of crime that we’re seeing. So companies need to keep on top of this problem.”

Goverment IT News Security

Europe Holds Cyber-Warfare Test

The Cyber Europe 2010 will simulate an attack designed to cut Europe’s nations off from one another

Europe’s cyber security experts are staging a simulated cyber-attack on critical services today, across several EU member states.

The “Cyber Europe 2010″ test will test Europe’s readiness for an attack which attempts to paralyse online services so internet connectivity is gradually lost between European countries. It follows the announcement of measures to strengthen and modernise the European Network and Information Security Agency (ENISA) to combat cyber warfare.

Testing links between states

Details of the exercise are being kept under wraps, but ENISA has been at pains to emphasise that this is not an operational test like the US Department of Homeland Security’s Cyber Storm, a series of week-long multi-million dollar tests of America’s attack-readiness.

“Our budget is in the order of hundred of Euros,” said an ENISA spokesman, adding that the test will not involve critical sectors, or industry and will not test response capabilities. Above all it will not carry the risk of a real network crash – it just tests how well agencies can share information.

By contrast, the US Cyber Storm III exercise, one month ago, was an operational exercise, which included industry and cost millions of dollars, the spokesman said.

During the exercise, through the day, one country after another will face fictitious access problems, and will co-operate on a response, testing their communications in the process. The exercise has been developed since November 2009, and will be followed by more complex scenarios, eventually going all the way to global tests.

“This exercise to test Europe’s preparedness against cyber threats is an important first step towards working together to combat potential online threats to essential infrastructure and ensuring citizens and businesses feel safe and secure online,” said Neelie Kroes, vice president of the European Commission for the Digital Agenda,
who is visiting the UK’s cyber-attack centre during the simulation exercise,

The exercise is based on fears that a denial of service attack by hackers could effectively put all major cross-country connections in Europeout of action, and make it difficult for businesses and citizens to access services such as eGovernment. In such an attack, the plan is to re-route communications.

Yesterday saw evidence that the fears are based on reality. The state of Myanmar (formerly Burma) was virtually cut off with a distributed denial of service (DDoS) attack. In the UK, Home Secretary Theresa May has promised increased support for cyber-warfare measures following warnings from the head of GCHQ that Britain faces “credible” cyber-attack threats.

Goverment IT News Security

Most Consumers Support Government Cyber-Spying

Sixty-three percent of people believe that it is acceptable for their government to spy on another country’s computer systems

Nearly two thirds of computer users globally believe that it is acceptable for their country to spy on other nations by hacking or installing malware, according to Sophos’s mid-year 2010 Security Threat Report, with 23 percent claiming to support this action even during peace time.

One in 14 respondents to the survey claimed to believe that crippling denial of service (DDoS) attacks against another country’s communication or financial websites – like the one used to target Russian banks earlier this year – are acceptable during peace time. Nearly half said such an attack was only acceptable when two countries were at war, and 44 percent said it was never acceptable.

Graham Cluley

“I think there might be an attitude of all’s fair in love and war,” said Graham Cluley, senior technology consultant at Sophos, speaking to eWEEK Europe. “There’s always been one rule for your country and another rule for your citizens.

“But it goes one stage further when you begin to ask, is it all right to launch attacks against communication systems and financial systems?” he added. “You can image the chaos that would ensue if there were organised denial of service attacks on a regular basis, purely to give your country an economic advantage.”

All’s fair in love and war

Cluley believes the attitudes of respondents are largely down to an ingrained cynicism about the role of governments in war. Governments have always spied on each other, and “used every dirty trick in the book” to do so, said Cluley. “Why wouldn’t they use the Internet to do this as well? If it’s your country’s interests at heart, and if they’re protecting your country, then you might think, ‘I don’t really care what they do’.”

Perhaps more surprisingly, 32 percent of respondents to Sophos’s survey said that countries should also be allowed to plant malware and hack into private foreign companies in order to spy for economic advantage.

“It’s kind of curious, because these are the people that have got no time for hackers and the bad guys at all, but seem to think it’s all right for countries to do this,” said Cluley. “I think they need to remember that, one day, it might be a country attacking your company’s network, and trying to infiltrate it, and how are you going to feel about it then?”

Malware-hosting websites

The Security Threat Report also found that the US is still has the majority (42.29 percent) of malware-hosting websites. These are websites that have been set up with the intention of infecting visitors, or legitimate websites that have been compromised by hackers. The UK was sixth on the list, with 2.41 percent hosted in this country.

According to Cluley, many of these websites are legitimate ones that have been targeted by hackers. “Businesses could end up infecting their customers, leaving them open to fraud,” he warned. Some hackers also use aggressive search engine optimisation techniques to push infected websites to the top of search results.

This news could be of particular concern, in light of the fact that the UK government recently axed plans for an increase in funding to the Metropolitan Police’s cyber crime unit. With online fraud and other electronic crimes becoming increasingly commonplace, the Police Central e-crime Unit had been hoping for extra funding from the Home Office for training and equipment purposes. However the extra funding was cut as part of the coalition government’s £6 billion deficit reduction plans.

“There is concern that at the moment the cyber crime authorities are pretty pitifully funded for the level of crime that is going on,” said Cluley. “I think the one thing we can be sure of is that the cyber criminals aren’t cutting their investment in this kind of crime. We are seeing more attacks than ever before. We see 60,000 pieces of new malware every single day, which is simply staggering, but that’s the level of crime that we’re seeing. So companies need to keep on top of this problem.”