Blog

  • Piracy Infographic

    posted by Keito
    2012-10-02 18:38:18
  • The Looming Revolt

    posted by Keito
    2012-09-29 17:49:32
  • CleanIT – Leak shows plans for large-scale, undemocratic surveillance of all communications

    posted by Keito
    2012-09-26 20:48:25
    'A leaked document from the CleanIT project shows just how far internal discussions in that initiative have drifted away from its publicly stated aims, as well as the most fundamental legal rules that underpin European democracy and the rule of law.

    The European Commission-funded CleanIT project claims that it wants to fight terrorism through voluntary self-regulatory measures that defends the rule of law.

    The initial meetings of the initiative, with their directionless and ill-informed discussions about doing “something” to solve unidentified online “terrorist” problems were mainly attended by filtering companies, who saw an interesting business opportunity. Their work has paid off, with numerous proposals for filtering by companies and governments, proposals for liability in case sufficiently intrusive filtering is not used, and calls for increased funding by governments of new filtering technologies.

    The leaked document contradicts a letter sent from CleanIT Coordinator But Klaasen to Dutch NGO Bits of Freedom in April of this year, which explained that the project would first identify problems before making policy proposals. The promise to defend the rule of law has been abandoned. There appears never to have been a plan to identify a specific problem to be solved – instead the initiative has become little more than a protection racket (use filtering or be held liable for terrorist offences) for the online security industry.

    The proposals urge Internet companies to ban unwelcome activity through their terms of service, but advise that these “should not be very detailed”. This already widespread approach results, for example, in Microsoft (as a wholly typical example of current industry practice) having terms of service that would ban pictures of the always trouserless Donald Duck as potential pornography (“depicts nudity of any sort ... in non-human forms such as cartoons”). The leaked paper also contradicts the assertion in the letter that the project “does not aim to restrict behaviour that is not forbidden by law” - the whole point of prohibiting content in terms of service that is theoretically prohibited by law, is to permit extra-judicial vigilantism by private companies, otherwise the democratically justified law would be enough. Worse, the only way for a company to be sure of banning everything that is banned by law, is to use terms that are more broad, less well defined and less predictable than real law.

    Moving still further into the realm of the absurd, the leaked document proposes the use of terms of service to remove content “which is fully legal”... although this is up to the “ethical or business” priorities of the company in question what they remove. In other words, if Donald Duck is displeasing to the police, they would welcome, but don't explicitly demand, ISPs banning his behaviour in their terms of service. Cooperative ISPs would then be rewarded by being prioritised in state-funded calls for tender.

    CleanIT (terrorism), financed by DG Home Affairs of the European Commission is duplicating much of the work of the CEO Coalition (child protection), which is financed by DG Communications Networks of the European Commission. Both are, independently and without coordination, developing policies on issues such as reporting buttons and flagging of possibly illegal material. Both CleanIT and the CEO Coalition are duplicating each other's work on creating “voluntary” rules for notification and removal of possibly illegal content and are jointly duplicating the evidence-based policy work being done by DG Internal Market of the European Commission, which recently completed a consultation on this subject. Both have also been discussing upload filtering, to monitor all content being put online by European citizens.

    CleanIT wants binding engagements from internet companies to carry out surveillance, to block and to filter (albeit only at “end user” - meaning local network - level). It wants a network of trusted online informants and, contrary to everything that they have ever said, they also want new, stricter legislation from Member States.

    Unsurprisingly, in EDRi's discussions with both law enforcement agencies and industry about CleanIT, the word that appears with most frequency is “incompetence”.

    The document linked below is distributed to participants on a “need to know” basis – we are sharing the document because citizens need to know what is being proposed.

    Key measures being proposed:

    -Removal of any legislation preventing filtering/surveillance of employees' Internet connections
    -Law enforcement authorities should be able to have content removed “without following the more labour-intensive and formal procedures for 'notice and action'”
    -“Knowingly” providing links to “terrorist content” (the draft does not refer to content which has been ruled to be illegal by a court, but undefined “terrorist content” in general) will be an offence “just like” the terrorist
    -Legal underpinning of “real name” rules to prevent anonymous use of online services
    -ISPs to be held liable for not making “reasonable” efforts to use technological surveillance to identify (undefined) “terrorist” use of the Internet
    -Companies providing end-user filtering systems and their customers should be liable for failing to report “illegal” activity identified by the filter
    -Customers should also be held liable for “knowingly” sending a report of content which is not illegal
    -Governments should use the helpfulness of ISPs as a criterion for awarding public contracts
    -The proposal on blocking lists contradict each other, on the one hand providing comprehensive details for each piece of illegal content and judicial references, but then saying that the owner can appeal (although if there was already a judicial ruling, the legal process would already have been at an end) and that filtering such be based on the “output” of the proposed content regulation body, the “European Advisory Foundation”
    -Blocking or “warning” systems should be implemented by social media platforms – somehow it will be both illegal to provide (undefined) “Internet services” to “terrorist persons” and legal to knowingly provide access to illegal content, while “warning” the end-user that they are accessing illegal content
    -The anonymity of individuals reporting (possibly) illegal content must be preserved... yet their IP address must be logged to permit them to be prosecuted if it is suspected that they are reporting legal content deliberately and to permit reliable informants' reports to be processed more quickly
    -Companies should implement upload filters to monitor uploaded content to make sure that content that is removed – or content that is similar to what is removed – is not re-uploaded
    -It proposes that content should not be removed in all cases but “blocked” (i.e. make inaccessible by the hosting provider – not “blocked” in the access provider sense) and, in other cases, left available online but with the domain name removed.'

    Leaked document: http://www.edri.org/files/cleanIT_sept2012.pdf

    CleanIT Project website: http://www.cleanitproject.eu/
  • Slow-moving rocks better odds that life crashed to Earth from space

    posted by Keito
    2012-09-25 21:44:22
    'Microorganisms that crashed to Earth embedded in the fragments of distant planets might have been the sprouts of life on this one, according to new research from Princeton University, the University of Arizona and the Centro de Astrobiología (CAB) in Spain.

    The researchers report in the journal Astrobiology that under certain conditions there is a high probability that life came to Earth — or spread from Earth to other planets — during the solar system's infancy when Earth and its planetary neighbors orbiting other stars would have been close enough to each other to exchange lots of solid material. The work will be presented at the 2012 European Planetary Science Congress on Sept. 25.

    The findings provide the strongest support yet for "lithopanspermia," the idea that basic life forms are distributed throughout the universe via meteorite-like planetary fragments cast forth by disruptions such as volcanic eruptions and collisions with other matter. Eventually, another planetary system's gravity traps these roaming rocks, which can result in a mingling that transfers any living cargo.

    Previous research on this possible phenomenon suggests that the speed with which solid matter hurtles through the cosmos makes the chances of being snagged by another object highly unlikely. But the Princeton, Arizona and CAB researchers reconsidered lithopanspermia under a low-velocity process called weak transfer wherein solid materials meander out of the orbit of one large object and happen into the orbit of another. In this case, the researchers factored in velocities 50 times slower than previous estimates, or about 100 meters per second.

    Using the star cluster in which our sun was born as a model, the team conducted simulations showing that at these lower speeds the transfer of solid material from one star's planetary system to another could have been far more likely than previously thought, explained first author Edward Belbruno, a mathematician and visiting research collaborator in Princeton's Department of Astrophysical Sciences who developed the principles of weak transfer.

    The researchers suggest that of all the boulders cast off from our solar system and its closest neighbor, five to 12 out of 10,000 could have been captured by the other. Earlier simulations had suggested chances as slim as one in a million.

    "Our work says the opposite of most previous work," Belbruno said. "It says that lithopanspermia might have been very likely, and it may be the first paper to demonstrate that. If this mechanism is true, it has implications for life in the universe as a whole. This could have happened anywhere."

    Co-authors Amaya Moro-Martín, an astronomer at CAB and a Princeton visiting research collaborator in astrophysical sciences, and Renu Malhotra, a professor of planetary sciences at Arizona, noted that low velocities offer very high probabilities for the exchange of solid material via weak transfer, and also found that the timing of such an exchange could be compatible with the actual development of the solar system, as well as with the earliest known emergence of life on Earth. Dmitry Savransky, a Princeton mechanical and aerospace engineering doctoral student, conducted the simulations.

    The researchers report that the solar system and its nearest planetary-system neighbor could have swapped rocks at least 100 trillion times well before the sun struck out from its native star cluster. Furthermore, existing rock evidence shows that basic life forms could indeed date from the sun's birth cluster days — and have been hardy enough to survive an interstellar journey and eventual impact.

    "The conclusion from our work," Moro-Martín said, "is that the weak transfer mechanism makes lithopanspermia a viable hypothesis because it would have allowed large quantities of solid material to be exchanged between planetary systems, and involves timescales that could potentially allow the survival of microorganisms embedded in large boulders."

    ### All about velocities

    The Princeton-Arizona-CAB paper cites two previous studies that present the odds of solid matter from one planetary system being captured by another as being more or less dismal.

    The first, a 2003 paper published in Astrobiology by Jay Melosh, a Purdue University earth and atmospheric sciences professor, questioned the probability that meteorites have ever escaped a terrestrial planet in Earth's solar system and wound up on a terrestrial planet in another system. The report concluded that the chances — about one in 10,000, or 0.01 percent — are "overwhelmingly unlikely" considering the speed a meteorite would need to travel (about six kilometers per second) and the roominess of space.

    Belbruno and his co-authors calculated that under this scenario of high velocities and dispersed planetary systems, the probability of solid material from any planetary system striking another falls to as little as five in 100,000, or 0.005 percent.

    Star birth clusters, which are tightly confined groups of stars and planetary systems, were introduced as a possible setting for lithopanspermia in a 2005 Astrobiology paper by David Spergel, Princeton's Charles A. Young Professor of Astronomy on the Class of 1897 Foundation and chair of astrophysical sciences, and University of Michigan physics professor Fred Adams.

    Factoring in velocities of two to five kilometers per second, Spergel and Adams found that the chances of an exchange of life-bearing rocks between star systems clustered in groups of 30 to 1,000 could be as unlikely as one in a million to as good as one in 1,000, or 0.0001 to 0.1 percent, respectively. Spergel and Adams, however, limited their study to binary stars — or planetary systems with two stars — which might elevate star-to-star solid matter exchanges, Moro-Martín said.

    Nonetheless, in clusters similar to those considered by Spergel and Adams, weak transfer involves relative velocities of no more than one kilometer per second, which substantially increases the probability of capture by other stars in the cluster. In other words, star clusters provide an ideal setting for weak transfer, Belbruno said.

    Chaotic in nature, weak transfer happens when a slow moving object such as a meteorite wanders into the outer edge of the gravitational pull of a larger object with a low relative velocity, such as a star or massive Jupiter-like planet. The smaller object partially orbits the large object, but the larger object has only a loose grip on it. This means the smaller object can escape and be propelled into space, drifting until it is pulled in by another large object.

    Belbruno first demonstrated weak transfer with the Japanese lunar probe Hiten in 1991. A mechanical malfunction left the probe with insufficient fuel to enter the moon's orbit the traditional way, which is to approach at a high speed then fire retrorockets to slow down. Instead, Belbruno designed a weak-transfer trajectory that got the probe into orbit around the moon using a minimal amount of fuel.

    Adams, co-author of the 2005 paper with Spergel, said that the work by Belbruno and his co-authors succeeds at pulling together the various factors of earlier lithopanspermia models and adding a substantial new element — chaos. Adams is familiar with the study but had no role in it.

    "This paper takes the type of calculations that have been done before and makes an important generalization of previous work," Adams said. "Their work on chaos in this context also carries the subject forward. They make a careful assessment of a process that is dynamically quite complicated and chaotic in nature.

    "They are breaking new ground from the viewpoint of dynamical astrophysics," Adams said. "Regarding the problem of lithopanspermia, this type of weak capture and weak escape is interesting because it allows for the ejection speeds to be small, and these slow speeds allow for higher probabilities of rock capture. To say it another way, chaos, in part, enhances the prospects for lithopanspermia."

    ### To the simulator!

    Star birth clusters satisfy two requirements for weak transfer, Moro-Martín said. First, the sending and receiving planetary systems must contain a massive planet that captures the passing solid matter in the weak-gravity boundary between itself and its parent star. Earth's solar system qualifies, and several other stars in the sun's birth cluster would too.

    Second, both planetary systems must have low relative velocities. In the sun's stellar cluster, between 1,000 and 10,000 stars were gravitationally bound to one another for hundreds of millions of years, each with a velocity of no more than a sluggish one kilometer per second, Moro-Martín said.

    The team simulated 5 million trajectories between single-star planetary systems — in a cluster with 4,300 stars — under three conditions: the solid matter's "source" and "target" stars were both the same mass as the sun; the target star was only half the sun's mass; or the source star was half the sun's mass.

    The odds of a star capturing solid matter from another planetary system under these three scenarios are 15 (0.15 percent), five (0.05 percent) and 12 (0.12 percent) in 10,000, respectively, the researchers report — probabilities that exceed those under the conditions proposed by Melosh by a factor of 1 billion.

    To estimate the actual amount of solid matter that could have been exchanged between the sun and its nearest star neighbor, the researchers used data and models pertaining to the movement and formation of asteroids, the Kuiper Belt — the solar system's massive outer ring of asteroids — and the Oort Cloud, a hypothesized collection of comets, ice and other matter about one light year from Earth's sun widely believed to be a primary source of comets and meteorites.

    The researchers used this data to conclude that during a period of 10 million to 90 million years, anywhere between 100 trillion to 30 quadrillion solid matter objects weighing more than 10 kilograms transferred between the sun and its nearest cluster neighbor. Of these, some 200 billion rocks from early Earth could have been whisked away via weak transfer.

    For lithopanspermia to happen, however, microorganisms first have to survive the long, radiation-soaked journey through space.

    Moro-Martín and Malhotra consulted a 2009 paper an international team published in the Astrophysical Journal that determined how long microorganisms could survive in space based on the size of the solid matter hosting them. That group's computer simulations showed that survival times ranged from 12 million years for a boulder up to 3 centimeters (roughly one inch) in diameter, to 500 million years for a solid objects 2.67 meters (nearly nine feet) across.

    The researchers estimated that under weak transfer, solid matter that had escaped one planet would need tens of millions of years to finally collide with another one. This falls within the lifespan of the sun's birth cluster, but means that lithopanspermia by weak transfer would have been limited to planetary fragments at least one meter, or about three feet, in size.

    ### Matching the theory with life

    As for the actual transfer of life, the researchers suggest that roughly 300 million lithopanspermia events could have occurred between our solar system and the closest planetary system.

    But even if microorganisms survived the trip to Earth, the planet had to be ready to receive them. The researchers reference rock-dating evidence suggesting that the Earth contained water when the solar system was only 288 million years old and that very early life might have emerged before the solar system was 718 million years old.

    The sun's birth cluster — assumed to be roughly the same age as the Earth's solar system — slowly broke apart when the solar system was approximately 135 million to 535 million years old, Moro-Martín said. In addition, the sun could have been ripe for weak transfer up to 700 million years after the solar system formed.

    So, if life arose on Earth shortly after surface water was available, there were possibly about 400 million years when life could have journeyed from the Earth to another habitable world, and vice versa, the researchers report. If life had an early start in other planetary systems and developed before the sun's birth cluster dispersed, life on Earth may have originated beyond our solar system.

    The paper stops short of calculating the likelihood of extrasolar life taking root on a terrestrial planet such as Earth, but the higher probability the researchers determined for solid-matter transfer makes that a more worthwhile pursuit, Moro-Martín said.

    "Our study stops when the solid matter is trapped by the second planetary system, but for lithopanspermia to be completed it actually needs to land on a terrestrial planet where life could flourish," Moro-Martín said. "The study of the probability of landing on a terrestrial planet is work that we now know is worth doing because large quantities of solid material originating from the first planetary system may be trapped by the second planetary system, waiting to land on a terrestrial planet.

    "Our study does not prove lithopanspermia actually took place," Moro-Martín said, "but it indicates that it is an open possibility."

    The paper, "Chaotic Exchange of Solid Material between Planetary Systems: Implications for Lithopanspermia," was published Sept. 12 by Astrobiology, and was supported by grants from NASA, the National Science Foundation and the Ministry of Science and Innovation in Spain.

    https://www.princeton.edu/main/news/archive/S34/82/42M30/index.xml?section=topstories
  • Kaspersky researcher cracks Flame malware password

    posted by Keito
    2012-09-22 22:45:42
    'Researchers have cracked the password protecting a server that controlled the Flame espionage botnet giving them access to the malware control panel to learn more about how the network functioned and who might be behind it.

    Kaspersky analyst Dmitry Bestuzhev cracked the hash for the password Sept. 17 just hours after Symantec put out a public request for help getting into the control panel for Flame, which infected thousands of computers in the Mideast.

    27934e96d90d06818674b98bec7230fa - was resolved to the plain text password 900gage!@# by Bestuzhev.

    Symantec said it tried to break the hash with brute force attacks but failed. Flame has been investigated by a joint effort of Symantec, ITU-IMPACT and CERT-Bund/BSI.

    Meanwhile, researchers at Symantec report that Flame was being developed at least as long ago as 2006, four years before its Flamer's compilation date of 2010 and well before the initial deployment of the first Flame command and control server March 18 of this year.

    By May, Flame had been discovered and owners of infected computers in Iran and other Mideast countries were cleaning up. The malware itself also executed a suicide command in May to purge itself from infected computers.

    The command and control server also routinely wiped out its log files, which successfully obliterated evidence of who might be behind the attacks. "Considering that logging was disabled and data was wiped clean in such a thorough manner, the remaining clues make it virtually impossible to determine the entity behind the campaign," the Symantec report says.

    Despite Flame being neutralized earlier this year, more undiscovered variants may exist, the report concludes. Evidence for this is that the command and control module can employ four protocols to communicate with compromised clients, three of which are in use. "The existence of three supported protocols, along with one protocol under development, confirms the C&C server's requirement to communicate with multiple evolutions (variants) of W32.Flamer or additional cyberespionage malware families currently unknown to the public."

    A sophisticated support team ran the spy network that gathered data from infected computers and uploaded it to command servers, the Symantec report says. The team had three distinct roles - server admins, operators who sent and received data from infected client machines and coordinators who planned attacks and gathered stolen data.

    "This separation of operational and attacker visibility and roles indicates that this is the work of a highly organized and sophisticated group," the report authors conclude.

    The servers gathered the data encrypted then passed it along to be decrypted offline. Each infected machine had its own encryption key.

    Evidence from one of its command and control servers indicates the server can talk to at least four other pieces of malicious code that researchers believe are either undiscovered Flame variants or completely separate attacks, according to a Symantec report.

    This is accomplished with a versatile Web application called Newsforyou supported by a MySQL database that could be used as a component for other attacks.

    Researchers also discovered a set of commands the server could execute including one that wipes log files in an effort to minimize forensic evidence should the server be compromised. It also cleaned out files of stolen data in order to keep disk space free.

    "The Newsforyou application is written in PHP and contains the primary command-and-control functionality split into two parts," the report says, "the main module and the control panel." The main module includes sending encryption packages to infected clients, uploading data from infected clients, and archiving when unloading files.

    The application resembles a news or blog application, perhaps in an effort to avoid detection by automated or causal inspection, the researchers say.

    PHP source code for Newsforyou included notes that identified four authors - D***, H*****, O****** and R*** - who had varying degrees of involvement. D*** and H***** edited the most files and so had the most input. "O****** and R*** were tasked with database and cleanup operations and could easily have had little or no understanding of the inner workings of the application," the report says. ". It is likely D*** and O****** knew each other, as they both worked on the same files and during a similar time period in December 2006."

    Newsforyou employed both public key and symmetric key encryption depending on the type of data being encrypted. News files intended for clients were encrypted with symmetric keys while stolen data was encrypted using public/private key pairs.

    Despite Flame being exposed in May, the evidence left behind in compromised command and control servers indicates the overall spying project it was part of is still alive. "There is little doubt that the larger project involving cyber-espionage tools, such as Flamer, will continue to evolve and retrieve information from the designated targets," the report says.'