New tool to help catch child abusers

24 March 2014 Last updated at 00:43 By Mark Ward Technology correspondent, BBC News

Victims of child sexual abuse could soon be identified more quickly thanks to law enforcement agency work on a cloud-based archive of abuse material.

The database has been created to help investigators cope with the vast amount of images abusers typically amass.

It will help police forces quickly check images seized in raids and spot those showing children not seen before.

Forces in the US, UK, Canada, New Zealand and Australia are helping test the database.

Finding victims

Called Project Vic, work on the archive is being co-ordinated by the US Department of Homeland Security and the International Centre for Missing and Exploited Children.

James Cole, a national programme manager at Homeland Security, said the project grew out of the realisation that there was huge duplication of effort among those investigating abusers and the material they trade.

That problem was particularly acute in the US where there were tens of thousands of local police forces and jurisdiction on some crimes shared across local, state and federal agencies.

"We have issues with deconflicting investigations and also big issues with the amount of data that we are seizing," Mr Cole told the BBC.

Across all the crime categories it investigates, Homeland Security seizes "petabytes" of data every year, he said, adding that it was a signature trait of abusers that they amassed large collections of images and videos.

The Project Vic approach uses technologies and software from companies such as Netclean, Hubstream and others to allow investigators to categorise known material. This allows them to concentrate on never-seen-before material and produce a unique summary or "hash" for each new item, said Mr Cole.

"The idea is to allow law enforcement to run data against hash sets that are immediately available through cloud services," he said. "They can interrogate that data in real time and know a lot of things about it very quickly."

Project Vic is also seeking to promote and get backing for a new standards-based image formatting system. This would generate hashes using an open protocol and should make it straightforward to exchange comprehensive sets of hashes domestically and internationally without having to touch or manipulate the data.

Finding unique images more quickly would help police and other agencies focus on victims and material that had never been seen before, said Mr Cole.

"When material is produced you hope to trace it back to an offender and stop them producing or having further opportunities to exploit the child," he said. "We are making great strides in how we do that."

Rich Brown from the International Centre for Missing and Exploited Children, said Project Vic would help work being done globally to tackle abuse crimes.

"Project Vic represents the largest movement of its kind to change the way investigators approach this crime set," said Mr Brown.

Among abusers, material had become a kind of currency, said Mr Cole.

"In well over 90% of our cases there's no money changing hands," he said. "It's the material itself that is highly desirable for offenders. Money does not come into play."

New material has the highest value among abusers and it was incredibly useful to spot it so investigators can focus their efforts on it and work towards freeing victims, he said.

"The way we identify and rescue these children is by putting all that related information together," he said.

Unfortunately, he added, there were also cases in which investigators made little headway and just had to watch victims grow up among abusers.

"Sometimes," he said, "the clues are just not there."

09.11 | 0 komentar | Read More

Hackers thwarted by net timekeepers

20 March 2014 Last updated at 11:45 By Mark Ward Technology correspondent, BBC News

A massive worldwide effort is under way to harden the net's clocks against hack attacks.

The last few months have seen an "explosion" in the number of attacks abusing unprotected time servers, said security company Arbor.

Unprotected network time servers can be used to swamp target computers with huge amounts of data.

About 93% of all the vulnerable servers are now believed to have been patched against attacks.

'Appropriate' use

The attack that paved the way for the rapid rise was carried out by the Derp Trolling hacker group and was aimed at servers for the popular online game League of Legends, said Darren Anstee, a network architect at net monitoring firm Arbor.

That attack took advantage of weaknesses in older versions of the software underlying the network time protocol (NTP). Known as an "NTP reflection" attack, it used several thousand poorly configured computers handling NTP requests to send data to the League of Legend servers.

Around the world about 1.6 million NTP servers were thought to be vulnerable to abuse by attackers, said Harlan Stenn from the Network Time Foundation that helped co-ordinate action to harden servers.

Precise timings are very important to the steady running of the net and many of the services, such as email and e-commerce, that sit on it.

Early 2014 saw the start of an Open NTP initiative that tried to alert people running time servers to the potential for abuse, Mr Stenn told the BBC.

Now, he said, more than 93% of those vulnerable servers had been updated. However, he said, this did leave more than 97,000 still open to abuse. Arbor estimates that it would take 5,000-7,000 NTP servers to mount an overwhelming attack.

The feature that attackers had exploited had been known for a long time in the net time community and was not a problem as long as those servers were used "appropriately", he said.

"This was before spammers, and well before the crackers started using viruses and malware to build bot armies for spamming, phishing, or DDoS attacks," he said.

Distributed Denial of Service (DDoS) attacks are those that try to shut servers down by overwhelming them with data.

The success of the Derp Trolling attack prompted a lot of copycat activity, said Mr Anstee from Arbor.

"Since that event it's gone a bit nuts to an extent and that tends to happen in the attack world when one particular group succeeds," he said. "We've seen an explosion in NTP reflection activity."

NTP reflection attacks can generate hundreds of gigabits of traffic every second, said Mr Anstee, completely overwhelming any server they are aimed at.

The copycat attacks have fed into a spike in the number of "large events", mainly DDoS attacks, that Arbor sees hitting the net, he said.

"Historically we used to see a couple of hundred gigabit events every year," said Mr Anstee. "In February 2014 we tracked 43."

09.11 | 0 komentar | Read More

NSA may release transparency reports

20 March 2014 Last updated at 21:02 By Jane Wakefield Technology reporter, Vancouver

The National Security Agency may release transparency reports on the amount of surveillance it is doing, according to its deputy director.

Speaking at the Ted conference, where leaker Edward Snowden spoke earlier in the week, NSA deputy director Richard Ledgett said Mr Snowden had put people's lives at risk.

He said letting "the bad guys" know NSA's methods made them harder to find.

But he said the agency should do more to reassure people about its work.

He defended the Prism surveillance system, saying it was "hugely relevant" in disrupting terrorist plots.

Mr Ledgett was beamed in to the Ted (Technology, Entertainment and Design) conference taking place in Vancouver via video link, in a similar manner to how Mr Snowden had appeared.

More transparency

He told the audience that he wanted to "inform the discussion with facts" rather than the "half-truths and distortions" he accused Mr Snowden of using.

But, he added, the ex-NSA agent's exposure of its programs and practices had opened up a global debate about the "balance between secrecy and transparency", that the agency wanted to fully engage with.

"There is a proposal to release transparency reports in the same way as the internet companies are doing," said Mr Ledgett.

He admitted that the NSA needed to be more transparent about its processes, authorities and oversight.

"We haven't done a good job on that," he said.

But he emphasised that all the work the agency does has been rubberstamped by the president, federal judges and Congress.

Of Mr Snowden he said: "It shows amazing arrogance that he knows better than the framework of the constitution."

His release of vast amounts of top secret documents outlining the work at the NSA had been hugely damaging, said Mr Ledgett.

"He put people's lives at risk.

"If our adversaries see our methods they will move away from using them. We have evidence that terrorists, smugglers and nation states have moved away. We are losing visibility into what our adversaries are doing," he said.

He said that the agency needed access to the global telecommunications system to monitor the activities of terrorists, traffickers and enemy states.

"It would be great if the bad guys used a corner of the internet. If they had a domain badguys.com, that would be awesome," he said.

"But we are all on the same network. I use the same email service as the terrorists. We need to be able to pick that apart to find what we need."

Along the way it is inevitable that agents will "encounter people going about their business" but the NSA uses what he called "minimisation procedures" to ensure little information is read.

And on the collection of meta-data, which shows when, where and who someone is communicating with, he said: "If you aren't connected to a meta-data target you are not of interest to us."

Possible deal?

The debate about mass surveillance has proved a hit at Ted, with packed audiences for both the Edward Snowden and NSA interviews.

Mr Ledgett received a standing ovation from some but far more stood up at the end of Mr Snowden's interview.

While most of delegates saw the leaks made by Mr Snowden as a positive thing, some questioned making him into a hero.

"By doing that we encourage other young Americans to steal secrets," said one delegate.

Astronaut Chris Hadfield, also a speaker at Ted, tweeted after the debate: "Thought-provoking" while Google co-founder Sergey Brin was seen in deep conversation with Mr Snowden, via the video screen, after his appearance.

As to the fate of Mr Snowden, who said that he has been offered a deal by the US government, Mr Ledgett suggested this may be possible.

"There is a tradition in American jurisprudence of having discussions with people who have committed crimes. There is always room for discussion."

The tagline of Ted is "ideas worth spreading". At the end of the interview, Ted curator Chris Anderson asked Mr Ledgett what his would be.

"Look at the data," replied Mr Ledgett.

09.11 | 0 komentar | Read More

Broadband speed guarantee called for

21 March 2014 Last updated at 00:17

Broadband companies should give customers the speed and service that they pay for, the consumer group Which? has said.

A survey carried out on its behalf claimed that 45% of customers suffer slow download speeds.

Over half of those customers said they experienced slow speeds frequently or all the time.

Ofcom said measures were already in place for customers suffering with speed-related broadband problems.

"The internet is an essential part of modern life, yet millions of us are getting frustratingly slow speeds and having to wait days to get reconnected when things go wrong," said Which? executive director Richard Lloyd.

"It's less superfast broadband, more super-slow service from companies who are expecting people to pay for speeds they may never get."

Ofcom already has a voluntary code of practice on broadband speeds in place that it says ensures customers are protected.

Providers who have signed up to it must give customers a written estimate of their broadband speed at the start of a contract and must allow them to leave a contract without penalty if they receive speeds significantly below the estimate.

Slow downloads

Please turn on JavaScript. Media requires JavaScript to play.

"Ensuring consumers receive a high quality of service from their broadband provider and are fairly treated are high priorities," said an Ofcom spokeswoman.

A mystery shopping exercise carried out by Ofcom revealed that the code was working effectively, she said. However, there were areas where it could be improved and a revised code of practice would be published in the coming months.

Which? said in practice it supported the code but it was voluntary, not compulsory and providers needed to go further. Rather than providing an estimated speed range that a customer could expect to receive, providers should pinpoint a more accurate speed that customers can expect at their home address and provide this in writing.

This written confirmation should be accompanied by information explaining what consumers can do at different speeds - what they could download and how long it would take - and how to test their speed, Which? said.

The customers who took part in the survey were asked if they had experienced buffering or slow downloads when using their broadband connection.

They were not asked if they had measured their own connection speed, which can be done using speed checking websites.

Nor were they asked in what circumstances the slow speeds were experienced - for example, whether several people were sharing the connection to download large files or whether a wired or wireless internet connection was being used.

According to the survey of 2,000 people, a quarter of those who had reported a loss in service said they had had to wait two days to get it fixed, with one in 10 waiting a week or more.

Twenty per cent said they had contacted their internet service provider at least three times when trying to resolve a problem with their broadband connection.

Which? is calling for broadband companies to fix connections as quickly as possible and refund customers for any loss of service.

"Broadband providers need to give customers the right information and take responsibility for resolving problems," said Mr Lloyd.

09.11 | 0 komentar | Read More

MtGox finds 200,000 lost bitcoins

21 March 2014 Last updated at 03:17

Bankrupt Japanese firm MtGox said in a filing that it has found 200,000 lost bitcoins.

The firm said it found the bitcoins - worth around $116m (£70m) - in an old digital wallet from 2011.

That brings the total number of bitcoins the firm lost down to 650,000 from 850,000.

MtGox, formerly the world's largest bitcoin exchange, filed for bankruptcy in February, after it said it lost thousands of bitcoins to hackers.

"MtGox had certain old-format wallets which were used in the past and which, MtGox thought, no longer held any bitcoins," said Mt Gox chief executive Mark Karpeles in the filing.

However, "on March 7, 2014, MtGox confirmed that an old-format wallet which was used prior to June 2011 held a balance of approximately 200,000 bitcoins," he said.

Mr Karpeles said the firm moved the found bitcoins to offline wallets on 14 and 15 March so that they could not be targeted.

At the time of the MtGox theft, about 750,000 customer bitcoins were stolen as well as close to 100,000 of MtGox's own bitcoins.

That amounts to about 7% of all the bitcoins in existence.

MtGox recently won brief bankruptcy protection in the US as the firm's case works its way through Japanese courts.

09.11 | 0 komentar | Read More

Microsoft in email privacy storm

21 March 2014 Last updated at 04:38

Microsoft is caught up in a privacy storm after it admitted it read the Hotmail inbox of a blogger while pursuing a software leak investigation.

On Thursday, the firm acknowledged it read the anonymous blogger's emails in order to identify an employee it suspected of leaking information.

Microsoft owns Hotmail, a free email service now called Outlook.com.

John Frank, deputy general counsel for Microsoft, said it took "extraordinary actions in this case".

While the search was technically legal, he added Microsoft would consult outside counsel in the future.

Legal actions

Microsoft's actions came to light this week as part of a legal case by US prosecutors against an ex-Microsoft employee, Alex Kibalko, who was a Russian native based in the company's Lebanon office.

In 2012, Microsoft had been alerted to the fact that the blogger, whose identity was kept anonymous in the court papers, had been given some stolen lines of code from the not-yet-released Windows 8 operating system.

The blogger then posted screenshots of the unreleased Windows operating system to his blog.

To figure out the source of the leak, Microsoft began an investigation and, as part of that search, looked into the blogger's accounts to find out the name of the employee.

The search was legal because it fell within Microsoft's terms of service which state that the company can access information in accounts that are stored on its "Communication Services", which includes email, chat areas, forums, and other communication facilities.

The terms of service add: "Microsoft reserves the right to review materials posted to the Communication Services and to remove any materials in its sole discretion."

Nonetheless, revelations of the search have led to renewed focus on the privacy violations of technology firms.

It has also left Microsoft in a difficult position, as the firm has often criticised rival Google for its automatic scanning of users' emails in order to serve them with advertising.

09.11 | 0 komentar | Read More

Netflix boss hits out at ISP fees

21 March 2014 Last updated at 13:21

The head of video-streaming service Netflix has hit out at internet service providers (ISPs) for demanding a fee to maintain video streaming quality.

The company recently "reluctantly" made a deal with US ISP Comcast to make sure its videos were streamed faster and more smoothly.

ISPs argue that data-heavy services should share the cost of providing capacity on the networks.

But campaigners argue that this approach stifles innovation.

Influential figures, including the likes of web inventor Sir Tim Berners-Lee, call for what has been termed "net neutrality" - the principle that all data sent and received using the internet should be treated equally.

Some ISPs said that, for services that put a strain on their infrastructure, content providers should be charged.

Net neutrality supporters say that without rules in place, small or start-up organisations will find it harder to break into the market if they cannot afford to pay for priority service.

'Fight goes on'

This was a point of view supported strongly by Reed Hastings, Netflix's chief executive.

"Some big ISPs are extracting a toll because they can - they effectively control access to millions of consumers and are willing to sacrifice the interests of their own customers to press Netflix and others to pay," he wrote in a blog post.

Amid concerns that it would pave the way for other ISPs to demand the same, he defended his company's decision to strike a deal with Comcast.

Please turn on JavaScript. Media requires JavaScript to play.

Reed Hastings, Netflix chief executive: "We are at the very beginning of internet television"

"Netflix believes strong net neutrality is critical, but in the near term we will, in cases, pay the toll to the powerful ISPs to protect our consumer experience."

But he added: "We will continue to fight for the internet the world needs and deserves."

As well as the Comcast deal, Netflix is also in talks with another major US provider, Verizon.

Verizon - backed by several other ISPs - recently won a a court appeal against new rules from the US Federal Communication Commission (FCC) that aimed to ensure net neutrality in the US.

The company said: "The court's decision will allow more room for innovation, and consumers will have more choices to determine for themselves how they access and experience the internet."

The FCC said it would still press for a new law, to "ensure that these networks on which the internet depends continue to provide a free and open platform for innovation and expressions".

09.11 | 0 komentar | Read More

Clinton says US should stay net boss

24 March 2014 Last updated at 10:52

Net freedom could suffer after the US steps back from its role as ultimate overseer of the global network, former US President Bill Clinton has said.

Many of the governments keen to help oversee the net just wanted to use it to silence dissent, he said.

Mr Clinton made his comments during a debate sponsored by his charitable foundation, Clinton Global Initiative.

The US had been a good steward of the net and had helped keep it open and accessible, he said.

Free speech

Mr Clinton said it was clear ongoing revelations about National Security Agency surveillance had fuelled demands for the US to step back from its historical role as net overseer.

But, he added, it was a "tribute" to the US that it had for a long time kept the net "free and open" and a place where people could openly criticise lawmakers and heads of state.

"The internet has flourished in freedom," said Mr Clinton.

"A lot of people who have been trying to take this authority away from the United States want to do it for the sole purpose of cracking down on internet freedom and limiting it and having governments protecting their backsides instead of empowering their people," he said.

In mid-March the US government announced its intention to hand over its power to oversee net policy to an international multi-stakeholder group.

The actions and decisions of that group would be co-ordinated by Icann - the body set up by the US in 1998 to administer the net's addressing system.

"I understand in theory why we would like to have a multi-stakeholder process. I favour that," Mr Clinton said.

"I just know that a lot of these so-called multi-stakeholders are really governments that want to gag people and restrict access to the internet. "

Support for Mr Clinton's fears was given by Wikimedia Foundation boss Jimmy Wales, who shared the platform with the former president.

He also said he was "worried" about net freedom when the US was no longer in charge.

Mr Wales said he was an active member of Icann and regularly attended discussions on how to make the net more sensitive to "local culture".

But, he said, sensitivity was often just another word for censorship and ending American involvement might make it much harder to defeat calls for the net to be more locally malleable.

09.11 | 0 komentar | Read More

Turkish tweets from hidden networks

24 March 2014 Last updated at 13:17 By Zoe Kleinman Technology reporter, BBC News

The Turkish government is "fighting a losing battle" in banning social media network Twitter, experts have said.

Locals continue to tweet via virtual private networks (VPN), anonymous web browser Tor and text messages, said security expert Rik Ferguson.

VPN Hotspot Shield reported a rise in iPhone and Android downloads of over 33,000% in the 24 hours after the ban.

The ban was enforced after allegations of government corruption were shared on the site and not removed by Twitter.

Twitter itself has not commented on the situation but it did post instructions in both English and Turkish explaining how to tweet via text message, which requires no internet access at all.

Ryan Holmes, chief executive of social media manager platform Hootsuite blogged that the firm had experienced three times more traffic than usual from Turkey following the ban.

'Book burning'

The US Department of State has described the act of internet censorship as "21st Century book burning".

"Turkey has nothing to fear in the free-flow of ideas and even criticism represented by Twitter," wrote Doug Frantz, Assistant Secretary of Public Affairs, in a post on the department's official blog.

"Its attempt to block its citizens' access to social media tools should be reversed."

Initially the ban took the form of domain name settings (DNS) redirection, in which users typing in a particular website address are instead redirected to a holding page.

Twitter users were able to circumnavigate the ban simply by using Google's DNS service, typing in Twitter's IP address, a number, rather than spelling out the website address "Twitter.com", and changing some of the basic settings of their internet service provider, said Rik Ferguson, vice-president of security research at Trend Micro.

"It's a bit like choosing which phone book you're going to use," he told the BBC.

"Trying to block communications via the internet is nigh on impossible unless you pull the plug entirely."

Hidden surfers

However now the relevant IP addresses are also being blocked, and so is Google DNS, people in Turkey are increasingly turning to VPNs and anonymous web browser Tor to get online without revealing their location.

It is less complicated than it sounds, Mr Ferguson added.

"VPN requires knowledge and financial investment in the form of a subscription," he said.

"Tor has a reputation of being this complex beast, but that's not strictly true - all you need to do is download the browser bundle."

Ultimately Twitter must abide by the laws of the countries in which it operates, said Mr Ferguson.

"The [Turkish] government is now hopeful about talks with Twitter but the nature of social media is that it's very fluid," he said.

"Who's to say that something is removed and then something else pops up in its place?"

Twitter also faced a dilemma over what to do with the offending content if it did decide to act, he added.

"Do you remove the content entirely or make it inaccessible in the country where it is illegal? If you are deleting content entirely that falls more into the realms of censorship than legal compliance."

09.11 | 0 komentar | Read More

Tax change for music and e-books

24 March 2014 Last updated at 13:45

Digital downloads could be hit by price hikes early next year as they become subject to UK tax rates.

Currently download prices include a levy based on taxes in the country where a business is located.

Big web firms have sited offices in Luxembourg so they can charge at tax rates lower than the UK's 20% VAT.

Closing the loophole could bring in revenues of about £300m in its first year, according to government estimates.

The tax change will apply to downloads of films, music, e-books and smartphone games.

Chancellor George Osborne mentioned the plan to change rates in his Budget speech last week. The plan was first set out in the government's Finance Bill and the change will come into force on 1 January 2015.

The change is part of a wider European Union push to ensure taxes are levied in the country where goods and services are consumed rather than where a business has its head office. The proposal to shift rates in this way was first made in 2008.

Music, book and smartphone game downloads are likely to be affected by the change as the UK VAT rate of 20% on those goods is higher than those in Luxembourg where music, film and game downloads have a 15% tax rate and e-books 3%.

In total, about 34,000 firms will be affected by the change, estimates the Office for Budget Responsibility.

However, the tax switch is likely to have the greatest impact on purchases made via Amazon's web store and Apple's iTunes. It is not clear yet whether the change will mean an increase in prices. Neither Apple nor Amazon has commented on the news.

09.11 | 0 komentar | Read More