German States Used Malware to Spy on Their Citizens [Privacy]

By Brian Barrett Oct 11, 2011 4:21 PM 12,071 39

It sounds like the plot of a mid-tier thriller, but it actually happened: German governments have been deploying state-sponsored malware to spy on its citizens... for two years. And the trojan they used is serious business.

It's not clear how many people the German states of Bavaria, Baden-Württemberg, Brandenburg, Schleswig-Holstein, Lower Saxony, Brandenburg, and North Rhine-Westphalia spied on through their computers, but the fact that such a wide swath of the country was subject to the mere possibility of governmental cyber-surveillance is disturbing enough. The trojan in question, nicknamed R2D2, doesn't mess around:

Once installed, the trojan's operators could load and execute programs on the host computer. If that wasn't distressing enough, the program was also capable of capturing voice data, keystrokes, and imagery from infected computers. Analysis of the trojan showed that it could also activate a computer's webcam or microphone, turning the infected computer into an all-purpose spying machine.

Details are still somewhat hazy, but the more you hear the worse it gets: the company that made R2D2 says they also sold the program to Austria, the Netherlands, and Switzerland, and the Chaos Computer Club—which first identified the malware as state-sponsored—believes it could easily be hijacked by third-party users.

Even scarier? The program may well actually be legal under German legislation, passed in 2008, that allows for digital wiretaps of an unspecified nature.

In the movie version, this ends with recriminations and systems brought down and barrel-chested heroes and maybe a triumphant flugelhorn blast. In real life? Still unfolding. But I'm guessing it's more a series of inquiries, a few vague empty-suited apologies. And an earned paranoia that leaves a mighty stain. [Slashdot via Geekosystem]

Related Stories

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

New Yorkers Are Posting Creepy Cell Phone Pics of Hot Guys on the Subway Online [Privacy]

This summary is not available. Please click here to view the post.

There Will Be No More Warrantless Cell Phone Searches in California [Privacy]

Californians can finally breathe easy for having regained their privacy rights. A new law passed by the state Assembly bans the warrantless search of not just cell phones, but all portables that could conceivably send a message. Count your iPads safe, too.

California residents have run the risk of having the electronics searched without a warrant since January, when a ruling from the California Supreme Court deemed it legal for police officers to rummage through your phone after an arrest. This new law upholds their right to privacy, and guarantees that an officer must request a warrant before a search is conducted.

California now joins states like Ohio that banned the practice a long time ago. Three cheers for common sense, guys. [CNN]

Image Credit: timothy OLeary/Shutterstock

Related Stories

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Which Telecoms Store Your Data the Longest? Secret Memo Tells All [Privacy]

The nation's major mobile-phone providers are keeping a treasure trove of sensitive data on their customers, according to newly-released Justice Department internal memo that for the first time reveals the data retention policies of America's largest telecoms.

The single-page Department of Justice document, "Retention Periods of Major Cellular Service Providers," (.pdf) is a guide for law enforcement agencies looking to get information—like customer IP addresses, call logs, text messages and web surfing habits—out of U.S. telecom companies, including AT&T, Sprint, T-Mobile and Verizon.

The document, marked "Law Enforcement Use Only" and dated August 2010, illustrates there are some significant differences in how long carriers retain your data.

Verizon, for example, keeps a list of everyone you've exchanged text messages with for the past year, according to the document.  But  T-Mobile stores the same data up to five years. It's 18 months for Sprint, and seven years for AT&T.

That makes Verizon appear to have the most privacy-friendly policy. Except that Verizon is alone in retaining the actual contents of text messages. It allegedly stores the messages for five days, while T-Mobile, AT&T, and Sprint don't store them at all.

The document was unearthed by the American Civil Liberties Union of North Carolina via a Freedom of Information Act claim. (After the group  gave a copy to Wired.com, we also discovered it in two other places on the internet by searching its title.)

"People who are upset that Facebook is storing all their information should be really concerned that their cell phone is tracking them everywhere they've been," said Catherine Crump, an ACLU staff attorney. "The government has this information because it wants to engage in surveillance."

The biggest difference in retention surrounds so-called cell-site data. That is information detailing a phone's movement history via its connections to mobile phone towers while its traveling.

Verizon keeps that data on a one-year rolling basis; T-Mobile for "a year or more;" Sprint up to two years, and AT&T indefinitely, from July 2008.

The document also includes retention policies for Nextel and Virgin Mobile. They have folded into the Sprint network.

The document release comes two months before the Supreme Court hears a case testing the government's argument that it may use GPS devices to monitor a suspect's every movement without a warrant. And the disclosure comes a month ahead of the 25th anniversary of the Electronic Privacy Communications Act, an outdated law that the government often invokes against targets to obtain, without a warrant, the data the Justice Department document describes.

"I don't think there there is anything on this list the government would concede requires a warrant," said Kevin Bankston, a staff attorney with the Electronic Frontier Foundation. "This brings cellular retention practices out of the shadows, so we can have a rational discussion about how the law needs to be changed when it comes to the privacy of our records."

Sen. Patrick Leahy (D-Vermont) has proposed legislation to alter the Electronic Privacy Communications Act to protect Americans from warrantless intrusions. Debate on the issue is expected to heat up as the anniversary nears, and the Justice Department document likely will take center stage.

Infographics: Michael Cerwonka/Wired.com. Cell tower photo courtesy Locomotive8/Flickr

Wired.com has been expanding the hive mind with technology, science and geek culture news since 1995. Related Stories

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.