Latvia resists hacker extradition

2 August 2013 Last updated at 06:29 ET

Latvia is resisting calls to extradite a man the US alleges wrote a computer virus used to steal millions.

In January, Latvian Deniss Calovskis was named by the US as one of the creators of the Gozi virus.

Latvian courts have twice rejected US extradition requests and its foreign minister has now backed their stance.

In a statement, he said the potential jail term Mr Calovskis faced was too severe for the crimes he is alleged to have committed.

The US began its campaign to extradite two of the three men alleged to have used Gozi soon after publicly accusing the trio of infecting more than one million computers with the virus and stealing data that was then used to plunder bank accounts.

They ran a "modern-day bank robbery ring, that required neither a gun or a mask", said US attorney Preet Bharara in January.

Romanian Mihai Ionut Paunescu and Russian national Nikita Kuzmin were named as the co-creators of Gozi. Mr Kuzmin is already in jail in the US following his arrest in May 2011 on separate hacking and fraud charges. Extradition proceedings against Mr Paunescu are currently on hold pending an appeal.

In a message posted to the website of Latvia's Foreign Ministry, minister Edgars Rinkevics said Latvian law guaranteed that people who broke the law suffered only "proportionate punishment".

Mr Rinkevics said the US sought a jail term for Mr Calovskis that exceeded 60 years.

Continue reading the main story

In my view, such a penalty is disproportionate to the amount, and so far no-one has been able to conclusively dispel my fears that it might be otherwise"

End Quote Latvian minister Edgars Rinkevics

While he could not take a view on whether Mr Calovskis broke the law or not, the jail term amounted to an effective life sentence, he wrote.

"In my view, such a penalty is disproportionate to the amount, and so far no-one has been able to conclusively dispel my fears that it might be otherwise," he said.

In addition, he said, there were questions over whether any of the crimes Mr Calovskis is alleged to have committed actually took place on US soil. The trans-national nature of much cyber crime would make it hard to prove his involvement, wrote Mr Rinkevics.

Finally, said the minister, if Mr Calovskis was found guilty there was no reason why he could not serve a sentence for his crimes in his native Latvia.

Security analyst Graham Cluley said Gozi was a very successful trojan that pilfered huge sums from bank accounts.

"If you caught a criminal who stole sums like that in traditional bank robberies, you would expect them to have the book thrown at them and wouldn't be surprised if they ended up with a serious criminal sentence," he said.

"It's important to see more co-operation internationally to bring internet criminals to justice, and a consistency in the treatment and sentencing of convicted hackers," he added.

"It's necessary when investigations cross national boundaries that proper legal processes are followed, which can mean it takes a lot of time and effort to get a result," said Mr Cluley.

09.10 | 0 komentar | Read More

Apple faces e-book clamp down

2 August 2013 Last updated at 11:51 ET

US regulators have called for Apple to be forced to cancel certain e-book contracts with major publishers.

They added Apple should be hit with a five-year ban on entering distribution contracts deemed anti-competitive.

The move follows a court ruling in July that Apple conspired with five firms to fix the price of e-books.

The court found Apple had encouraged publishers to set the price of their e-books, rather than allowing retailers to decide the price.

Prosecutors said this was aimed at Amazon - a rival e-book retailer that charged lower prices than Apple was able to offer.

As a result, Amazon's typical price of $9.99 for a best-seller rose to $12.99 or $14.99 after the launch of the iPad, they said.

Following the court ruling Apple said it would appeal against and fight "false allegations".

The Department of Justice and 33 State Attorneys General submitted their 'remedy' to the court ahead of a hearing on 9 August.

"The court found that Apple's illegal conduct deprived consumers of the benefits of e-book price competition and forced them to pay substantially higher prices," said Bill Baer, Assistant Attorney General in charge of the Department of Justice's Antitrust Division.

"Under the department's proposed order, Apple's illegal conduct will cease and Apple and its senior executives will be prevented from conspiring to thwart competition in the future."

The regulators also called for Apple to offer links to other e-book retailers like Amazon and Barnes & Noble for two years, so consumers who bought e-books on their iPads and iPhones could compare Apple's prices with those of its competitors.

They said this would "reset competition to the conditions that existed before the conspiracy".

The publishers who had such contracts with Apple were Hachette Book Group (USA), HarperCollins Publishers L.L.C., Holtzbrinck Publishers LLC, which does business as Macmillan, Penguin Group (USA) Inc. and Simon & Schuster.

Penguin settled its case for $75m (£49m). Hachette, HarperCollins and Simon & Schuster created a $69m fund for refunds to consumers, while Macmillan settled for $26m.

09.10 | 0 komentar | Read More

UK smartphone users wary of 4G

2 August 2013 Last updated at 12:02 ET

Many people in the UK see no reason to upgrade to 4G mobile services, according to Ofcom research.

Just under a quarter of UK smartphone users have no intention of signing up to 4G, according to an Ofcom report.

Although many people are aware of the existence of 4G mobile data services, they have no immediate plans to upgrade.

People are unsure of the benefits of 4G and may have been put off by jargon, according to analysts.

According to Ofcom, over half of all people in the UK own a smartphone and their research found that 22% of people with smartphones strongly disagree that they will sign up to 4G in the future.

Almost two thirds of smartphone users are unsure about upgrading, or are unlikely to upgrade in the coming year, Ofcom said in its 2013 Communications Market Report.

Part of people's reluctance to upgrade may be because of the binding nature of their mobile contracts. Three in 10 smartphone users said they would like to upgrade to 4G, but are waiting until their current contract expires to avoid termination charges, said Ofcom.

Many people are unsure of the benefits 4G can give, said research director Jessica Ekholm of technology analyst house Gartner.

"4G is new and doesn't mean much to consumers," said Ms Ekholm. "Any technology is intangible - people ask: 'What does it mean to me?'"

She added that people will not become enthusiastic about 4G until they hold a handset and experience faster mobile internet speeds.

People being exposed to 4G will give them an appetite for 4G services, she explained.

"It needs to go viral. It needs people's friends and family to say '4G is fantastic'."

Acronym soup

Mobile operators have not done a good job of explaining how 4G can help in people's lives, relying on technical terms such as 'LTE' and 'megabits per second' to explain benefits, said Ekholm.

"At the moment it's acronym soup."

People also may have been put off 4G by higher data tariffs, she said.

4G services are generally more expensive than 3G. Consumer uptake will happen when 4G pricing comes down to 3G level, said Ms Ekholm.

Continue reading the main story

Eventually we will all be using 4G. It's like moving from dial-up to broadband."

End Quote Matthew Howett Ovum analyst

Mobile operator EE is the only company in the UK to offer 4G at present, although O2, Vodafone and 3 all plan to offer 4G.

EE data plans have come down in price since it launched 4G services in October 2012, but the company does not plan to price 4G on a par with its 3G services.

EE will keep its 4G services on a premium tariff, the BBC understands.

The company said that people's awareness of 4G will increase and that 4G uptake will pick up pace.

"Awareness and adoption of 4G is growing at a significant rate already and this can only accelerate as other operators finally begin marketing the service too," said an EE spokesperson.

EE said that Ofcom's figures were derived from a survey conducted in April 2013, and that it had launched its 4G services in October 2012, giving people only half a year to have formed an opinion on 4G.

EE had 687,000 4G customers the end of June 2013, and expects to have one million customers by the end of the year, said the spokesperson.

4G benefits

Consumers and businesses will see the benefits of 4G in time, according to analyst Matthew Howett of independent consultancy firm Ovum.

4G gives consistently faster and more reliable service for video and music streaming, mobile gaming, and sending emails with large attachments, said Mr Howett.

"Eventually we will all be using 4G. It's like moving from dial-up to broadband," he added.

09.10 | 0 komentar | Read More

PM's online porn plan 'ridiculous'

3 August 2013 Last updated at 04:08 ET

David Cameron's plan to protect children from obscene material online has been dismissed as "absolutely ridiculous" by one of his advisers.

The prime minister announced last month major web providers had agreed to block internet pornography to new customers unless households opt to access it.

But Wikipedia co-founder Jimmy Wales told Channel 4 News the idea "won't work".

He said police should be given more resources to enforce existing laws.

Mr Wales said: "It's an absolutely ridiculous idea. It won't work. The software you would use to implement this doesn't work.

"Additionally when we use cases of a paedophile who's been addicted to child porn videos online, you realise all that Cameron's rules would require him to do is opt in and say, 'Yes, I would like porn please'."

'Flash and snooping'

Mr Wales, who co-founded online encyclopaedia Wikipedia in 2001, said problems like online child abuse, hacking social media sites and abusive or threatening messages could be tackled without the introduction of new legislation.

Responding to calls for tougher regulation of the internet, he said: "For me, what's interesting about criminal gangs hacking into people's Facebook account is that all of that activity is already illegal.

"I can't think of any new laws that would actually help with that. What would help is actual enforcement.

"My view is that instead of spending literally billions of pounds, billions of dollars, snooping on ordinary people and gathering up all of this data in an apparently fruitless search for terrorists, we should devote a significant proportion of that to dealing with the real criminal issues online - people stealing credit card numbers, hacking into websites and things like that.

"Unfortunately we're not seeing a lot of that. We see a lot of flash and a lot of snooping. But this is, at the end of the day, going to take an investment in real, solid police work."

The PM said last month that an agreement with internet service providers (ISPs) meant that by the end of 2014 every new broadband contract will ask customers to opt in to receive adult content, while existing customers will be contacted and asked to decide whether to use the "family-friendly" filters.

The deal is with the the UK's biggest ISPs - BT, Virgin, Sky and TalkTalk - who account for around 90% of UK internet users.

'History of rules'

Mr Cameron also called on search engines like Google to "blacklist" terms used by paedophiles to hunt for child abuse images.

He said the companies would "rewire their technology" to protect children - but the lack of further detail on the proposals led some experts to suggest they would be unworkable.

Mr Wales said micro-blogging website Twitter should make it easier for users to report abuse, but rejected calls for tighter regulation of the social network after abusive messages, including rape threats and bomb threats, were sent to female users.

He said: "When you think about rules about verbal threats, human society has a long history of rules and laws around this, and those rules and laws are very well thought-out. They deal with complicated cases.

"I do think that Twitter has needed in the past to do more to give people more control of the environment, to allow faster means for people to complain and to have people behaving badly exposed, blocked or arrested as necessary.

"But it is not like we don't have a law against threatening people. We do, and people are quite rightly being called up on this."

Mr Wales was unveiled as an unpaid Whitehall adviser with a brief to advise civil servants on open access to information online in March 2012.

09.10 | 0 komentar | Read More

Apple iPhone patent ban overturned

4 August 2013 Last updated at 06:47 ET

A ban on sales of older models of Apple's iPad and iPhone in the US has been overturned by the Obama administration.

In June, the US International Trade Commission (ITC) ruled that Apple infringed a patent of rival Samsung.

President Barack Obama's trade representative has now vetoed that decision because of its "effect on competitive conditions in the US economy".

Such a veto is a relatively rare event.

The patent related to 3G wireless technology and the ability to transmit multiple services correctly and at the same time. The ITC ordered a halt on all imports and sales on AT&T-sold models of the iPhone 4, iPhone 3, iPhone 3GS as well as the iPad 3G and iPad 2 3G. Some of those devices are no longer on sale in the US.

Such patents are called "standard essential patents" and they cover technology that must be used to comply with standards set by the industry as a whole.

Import-ban orders from the ITC are subject to review by Mr Obama, and he had 60 days to veto the decision.

His trade representative, Michael Froman, said that the administration was concerned about the use of essential patents in litigation.

Apple welcomed the news and applauded Mr Obama "for standing up for innovation". It added: "Samsung was wrong to abuse the patent system in this way."

Korea's Samsung responded: "The ITC's decision correctly recognised that Samsung has been negotiating in good faith and that Apple remains unwilling to take a licence."

Apple and Samsung are in the midst of a global patent war. Last year, a court ruled that Samsung owed Apple $1bn in damages for infringing Apple patents, an award that was later slashed to $598.9m.

An appeal in that case is due to be heard soon.

09.10 | 0 komentar | Read More

Bomb threat tweet sent to Mary Beard

4 August 2013 Last updated at 07:39 ET

The classicist and TV presenter Mary Beard has been sent a bomb threat on Twitter hours after the UK boss of the social networking site apologised to women who have experienced abuse.

Prof Beard, who has faced abuse on Twitter previously, told the BBC she had reported the new message to police.

It used similar wording to a tweet sent earlier to a number of women, some of whom have also received rape threats.

A number of Twitter users say they are boycotting the site for 24 hours.

Prof Beard spoke earlier this year about the online abuse she had received after appearing on the BBC's Question Time.

And this week said she revealed she had received an apology from a so-called Twitter troll who sent her an offensive message on Monday, after she retweeted the remark.

'Particularly unpleasant'

Writing on Twitter on Saturday, Prof Beard said the bomb threat was reported to "make sure" another case was logged by police.

Prof Beard told BBC Radio 5 live: "I think it is scary and it has got to stop.

"To be honest I didn't actually intellectually feel I was in danger but I thought I was being harassed and I thought I was being harassed in a particularly unpleasant way."

A Twitter spokeswoman said the company did not comment on individual accounts.

On Friday, the Metropolitan Police said its central e-crime unit was investigating allegations by eight people of "harassment, malicious communication or bomb threats" suffered on Twitter.

Two people have been arrested in relation to rape threats against Labour MP Stella Creasy and feminist campaigner Caroline Criado-Perez, who received the messages after a campaign to have Jane Austen on the new £10 note.

The Guardian's Hadley Freeman, the Independent's Grace Dent and Time magazine's Catherine Mayer all said they had received identical bomb threats on Wednesday.

The Twitter boycott began at midnight and was proposed by the journalist Caitlin Moran as a way of doing "something symbolic" on International Friendship Day in the wake of the escalating incidents of abuse on Twitter.

In a blog entry, Ms Moran, who herself received an abusive tweet on Saturday, said the boycott was being staged in a "spirit of solidarity - to show what Twitter would be like if the trolls over-run this place".

Updated rule

Twitter UK boss Tony Wang has said the threats were "simply not acceptable" and pledged to do more to tackle abusive behaviour.

Continue reading the main story

The abuse they've received is simply not acceptable. It's not acceptable in the real world, and it's not acceptable on Twitter"

End Quote Tony Wang Twitter UK general manager

The revelations of threats sparked a backlash online, with more than 125,000 people backing a petition calling for Twitter to add an easy-to-use "report abuse" button to tweets.

Twitter has updated its rules and confirmed it would roll out an in-tweet "report abuse" button already available on the Apple iOS Twitter app to all platforms, including desktops.

In a series of tweets, Twitter UK general manager Mr Wang said: "I personally apologize to the women who have experienced abuse on Twitter and for what they have gone through.

"The abuse they've received is simply not acceptable. It's not acceptable in the real world, and it's not acceptable on Twitter.

"There is more we can and will be doing to protect our users against abuse. That is our commitment."

In an earlier message posted on the Twitter UK blog, the company's senior director for trust and safety, Del Harvey, and Mr Wang said the company had clarified its anti-harassment policy in light of feedback from customers.

Twitter has clarified its guidance on abuse and spam - reiterating that users "may not engage in targeted abuse or harassment".

The bosses said in the blog that additional staff were being added to the teams that handle reports of abuse and the company was working with the UK Safer Internet Centre, which promotes the safe and responsible use of technology.

09.10 | 0 komentar | Read More

Lab-grown burger to be unveiled

4 August 2013 Last updated at 22:31 ET By Pallab Ghosh Science correspondent, BBC News

Please turn on JavaScript. Media requires JavaScript to play.

Professor Mark Post of Maastricht University explains how he and his colleagues made the world's first lab-grown burger

The world's first lab-grown burger is to be unveiled and eaten at a news conference in London on Monday.

Scientists took cells from a cow and, at an institute in the Netherlands, turned them into strips of muscle which they combined to make a patty.

Researchers say the technology could be a sustainable way of meeting what they say is a growing demand for meat.

Critics say that eating less meat would be an easier way to tackle predicted food shortages.

BBC News has been granted exclusive access to the laboratory where the meat was grown in a project costing £215,000.

Prof Mark Post of Maastricht University, the scientist behind the burger, said: "Later today we are going to present the world's first hamburger made in a lab from cells. We are doing that because livestock production is not good for the environment, it is not going to meet demand for the world and it is not good for animals".

But Prof Tara Garnett, head of the Food Policy Research Network at Oxford University, said decision-makers needed to look beyond technological solutions.

"We have a situation where 1.4 billion people in the world are overweight and obese, and at the same time one billion people worldwide go to bed hungry," she said.

"That's just weird and unacceptable. The solutions don't just lie with producing more food but changing the systems of supply and access and affordability so not just more food but better food gets to the people who need it."

Continue reading the main story

"Start Quote

We are doing this because livestock production is not good for the environment, it is not going to meet demand for the world and it is not good for animals""

End Quote Prof Mark Post Maastricht University

Stem cells are the body's "master cells", the templates from which specialised tissue, such as nerve or skin cells develop.

Most institutes working in this area are trying to grow human tissue for transplantation, to replace worn out or diseased muscle, nerve cells or cartilage.

Prof Post wants to use similar techniques to grow muscle and fat for food.

This might sound a little creepy to some - but Prof Post is no Dr Frankenstein. He's normal and likeable; when he talks about his project there is a gleam in his eye.

He starts with stem cells extracted from cow muscle tissue. In the laboratory, these are cultured with nutrients and growth promoting chemicals to help them develop and multiply. Three weeks later, there are more than a million stem cells which are put into smaller dishes where they coalesce into small strips of muscle about a centimetre long and a few millimetres thick.

These strips are collected into small pellets which are frozen. When there are enough, they are defrosted and compacted into a patty just before being cooked.

The scientists have tried to make the meat - which is initially white in colour - as authentic as possible. Helen Breewood, who is working with Prof Post, makes the lab-grown muscle look red by adding the naturally occurring compound myoglobin.

Please turn on JavaScript. Media requires JavaScript to play.

How would lab grown meat go down? The BBC's Pallab Ghosh asked the clientele of Duggie's Dogs hot dog restaurant in downtown Vancouver

Continue reading the main story

"Start Quote

A lot of people consider lab-grown meat repulsive. But if they consider what goes into producing normal meat in a slaughter house I think they would also find that repulsive"

End Quote Helen Breewood Project scientist and vegetarian

"If it doesn't look like normal meat, if it doesn't taste like normal meat, it's not... going to be a viable replacement," she told me.

Currently, this is a work in progress. The burger to be revealed on Monday will be coloured red with beetroot juice. The researchers have also added breadcrumbs, caramel and saffron, which will add add to the taste.

At the moment, scientists can only make small pieces of meat; larger ones would require artificial circulatory systems to distribute nutrients and oxygen.

Prof Post said initial sampling suggests the burger will not taste great, but he expected it to be "good enough". The meat will be tasted a team which includes Josh Schonwald, a food writer from Chicago, and Richard McGowan, a chef from Cornwall.

Animal suffering

Ms Breewood is a vegetarian because she believes meat production to be waste of resources, but says she would eat lab-grown meat.

"A lot of people consider lab-grown meat repulsive at first. But if they consider what goes into producing normal meat in a slaughter house I think they would also find that repulsive," she said.

In a statement, animal welfare campaigners People for the Ethical Treatment of Animals (Peta) said: "[Lab-grown meat] will spell the end of lorries full of cows and chickens, abattoirs and factory farming. It will reduce carbon emissions, conserve water and make the food supply safer."

But food writer Sybil Kapoor said she felt "uneasy": "The further you go from a normal, natural diet the more potential risks people can run in terms of health and other issues," she said.

The latest United Nations Food and Agriculture Organization report on the future of agriculture indicates that most of the predicted growth in demand for meat from China and Brazil has already happened and many Indians are wedded to their largely vegetarian diets for cultural and culinary reasons.

So lab grown meat might turn out to be a technological solution in search of a problem.

Follow Pallab on Twitter @bbcpallab

09.10 | 0 komentar | Read More

Toilet users warned of tech flaw

5 August 2013 Last updated at 07:39 ET By Zoe Kleinman Technology reporter, BBC News

A luxury toilet controlled by a smartphone app is vulnerable to attack, according to security experts.

Retailing for up to $5,686 (£3,821), the Satis toilet includes automatic flushing, bidet spray, music and fragrance release.

The toilet, manufactured by Japanese firm Lixil, is controlled via an Android app called My Satis.

But a hardware flaw means any phone with the app could activate any of the toilets, researchers say.

The toilet uses bluetooth to receive instructions via the app, but the Pin code for every model is hardwired to be four zeros (0000), meaning that it cannot be reset and can be activated by any phone with the My Satis app, a report by Trustwave's Spiderlabs information security experts reveals.

"An attacker could simply download the My Satis application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner," it says in its report.

"Attackers could [also] cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to [the] user."

The limited range of bluetooth means that anyone wishing to carry out such an attack would need to be fairly close to the toilet itself, said security expert Graham Cluley.

"It's easy to see how a practical joker might be able to trick his neighbours into thinking his toilet is possessed as it squirts water and blows warm air unexpectedly on their intended victim, but it's hard to imagine how serious hardened cybercriminals would be interested in this security hole," he told the BBC.

"Although this vulnerability seems largely harmless, what's clear is that companies building household appliances need to have security in mind just as much as computer manufacturers."

09.10 | 0 komentar | Read More

Servers hacked to host abuse images

5 August 2013 Last updated at 10:23 ET By Jo Deahl BBC 5Live

Dozens of businesses have been hacked and their computer servers used to host images of child sexual abuse, the Internet Watch Foundation has said.

The charity said legal pornographic sites had also been attacked to redirect users to the illegal material.

The offending material was sometimes accompanied by malware, it said.

The IWF told BBC Radio 5 live it had received 227 reports about the trend over the past six weeks. Some complaints involved the same examples.

Hijacked links

Cambridge-based IWF described the images as showing "the worst of the worst" sexual abuse.

They included images of newborn babies and the rape and violent sexual abuse of very young children, it said.

The charity gave the example of one case in which a furniture business had had the servers it used breached.

It said the attackers had created an "orphan folder" on the computers and then uploaded hundreds of offending images to it - effectively creating a new section on the retailer's website which was not linked to any of its other pages.

Continue reading the main story

We hadn't seen significant numbers of hacked websites for around two years, and then suddenly in June we started seeing this happening more and more"

End Quote Sarah Smith IWF

The charity said the hackers then hijacked links on "adult" sites so that if a visitor clicked on one of the affected pornographic images or videos they would be directed to the offending material.

It said more than two dozen businesses across the world had had the servers they used compromised, in addition to the furniture seller.

Administrators of the sites involved might be unaware of the problem until someone complained, the IWF added.

"We hadn't seen significant numbers of hacked websites for around two years, and then suddenly in June we started seeing this happening more and more," said the IWF's technical researcher, Sarah Smith.

"We speculate that the motivation behind the hacking is to distribute malware, specifically a Trojan.

"The IWF specialises in removing online child sexual abuse images rather than tracking malware distributors.

"However, you can imagine that an internet user would be worried about taking their malware-infected computer to be fixed knowing it was a folder of child sexual abuse images which caused the problems.

"We know that those people whose computers have been infected were not looking for the criminal content though."

She added that the charity had passed on the information to the police and sister hotlines in other countries.

Children's charity the NSPCC urged anyone coming across abuse images to report them immediately, saying "something like 16% of men in particular" were failing to do so.

"We really encourage them to report it because potentially you'll then have a thumbnail of that image somewhere hidden in your computer system even if you only clicked on it for one second," said spokeswoman Claire Lilley.

Rise in reports

The issue of online images showing the sexual abuse of children has made headlines in recent months after the convictions of Stuart Hazell and Mark Bridger for the murders of Tia Sharp and April Jones.

Both Hazell and Bridger were known to have sought out and viewed child abuse images online.

The IWF said the Hazell and Bridger cases had led to a 42% increase in the number of reports it had received in the past three months, compared with the same period last year.

In June, representatives of a number of internet companies, including Google, Microsoft and Twitter, were summoned to a meeting in Whitehall by Culture Secretary Maria Miller and urged to do more to clamp down on child abuse images on the web.

09.10 | 0 komentar | Read More

Dark net child abuse sites breached

5 August 2013 Last updated at 12:00 ET

A service accused of helping distribute child abuse images on a hidden part of the internet has been compromised.

Sites using service provider Freedom Hosting to deliver their material have had code added to their pages, which could be used to reveal the identities of people visiting them.

Freedom Hosting delivered sites via Tor, a network designed to keep net activity anonymous.

The news has led some to claim that Tor no longer offers a "safe option".

"This challenges the assumption people have made that Tor is a simple way of maintaining your anonymity online," Alan Woodward, chief technology officer at security advisors Charteris, told the BBC.

"The bottom line is that is not guaranteed even if you think you are taking the right steps to hide your identity. This is the first time we've seen somebody looking to unmask people rather than just security researchers discussing the possibility."

Continue reading the main story

Invented by the US Naval Research Laboratory to help people use the web without being traced, Tor (The Onion Router) aids anonymity in two ways.

First, it can be used to browse the world wide web anonymously. It does this by routing traffic through many separate encrypted layers to hide the data identifiers that prove useful in police investigations.

Second, there are hidden sites on Tor that use the .onion domain suffix. These are effectively websites but, as they sit on Tor, are almost impervious to investigation.

Although many media reports about Tor have focused on how it is used to spread pornography and images of child abuse as well as to sell drugs via sites such as the Silk Road, it is also used for many legitimate means.

Journalists and whistle-blowers use it to communicate with each other, with the New Yorker magazine's Strongbox being one example of a "dead drop" service based on the technology.

It is also used by military and law enforcement officers to gather intelligence.

The project's developers also suggest it be used as a way for people wishing to research Aids, birth control or religion anonymously in areas where information on such topics is restricted.

Tor has been funded by, among others, the EFF, Google, Human Rights Watch and the US National Science Foundation.

Mr Woodward added that the way the added code had been designed suggested a US law enforcement agency was behind the breach.

Tor users expressed mixed feelings about the news.

"This exploit targets kiddie porn viewers only. If that's not you, you have nothing to worry about," suggested one.

An "exploit" refers to software that makes programs, websites and other code do something they were not originally designed to do.

But another said: "This week it's child porn, next week it may be a whistle-blower or an activist."

Malware attack

News of the action was confirmed by an administrator of the Tor Project on its blog.

It said that over the weekend people had contacted it to say that a large number of sites using Tor, which were hidden from other net users, had gone offline simultaneously.

"The current news indicates that someone has exploited the software behind Freedom Hosting," it said.

"From what is known so far, the breach was used to configure the server in a way that it injects some sort of Javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect users' computers."

Freedom Hosting was previously targeted by the Anonymous hacktivist collective, whose members temporarily forced it offline in 2011 after claiming it was the largest host of material showing child abuse on Tor.

The Daily Dot news site reports that paedophiles continued to use the hosting service and have been warning each other of the breach since the news emerged.

They also told each other to stop using TorMail, a service used to allow people to send and receive email anonymously, which used Freedom Hosting's servers.

Freedom Hosting also provided access to HackBB, a hacking-themed discussion forum, and the Hidden Wiki, an encyclopaedia of Tor and other dark nets.

The hosting service's terms and conditions had stated that illegal activities were not allowed on the sites it supported, but added that it was "not responsible" for its users' actions.

Tor's developers have stressed that "the person, or persons, who run Freedom Hosting are in no way affiliated or connected to The Tor Project".

Law enforcers

Analysis of the Javascript exploit suggests that it takes advantage of a vulnerability in Firefox 17, which meant that people using that version of Mozilla's browser could be identified, despite the protections built into Tor.

"It appears to connect the machine using the compromised browser to an address which appears to originate from Reston, Virginia, US, and sends the hostname and MAC [media access control] address of the machine," Mr Woodward said.

"Unlike IP [internet protocol] addresses, media access control addresses are considered unique to a particular piece of hardware, although they can be spoofed under certain circumstances.

"It seems unlikely that the malware was written by criminals as the information it is sending back to its masters is of little use to anyone other than law enforcement agencies who are trying to track down machines that are using the Tor network to remain anonymous."

Irish arrest

News of the breach came shortly after the Irish Times reported that a 28-year-old Dublin-based man had been arrested and accused by the FBI of being "the largest facilitator of child porn on the planet".

It said that Eric Eoin Marques faces allegations that he had aided and abetted a conspiracy to advertise material showing the abuse of prepubescent children.

The paper reported that the US authorities are seeking his extradition on four charges.

It said the judge in the case ruled that while Mr Marques was entitled to the presumption of innocence, he should remain in custody pending a further hearing because he posed a flight risk.

A spokesman for the FBI told the BBC: "An individual has been arrested in Ireland as part of an ongoing criminal investigation in the United States. Because this is matter is ongoing, longstanding Department of Justice Policy prohibits us from discussing this matter further."

09.10 | 0 komentar | Read More