Tag Archives: Espionage

Carrier IQ’s Opt-Out Data Collection Patent

ZDNet writes here about an Carrier IQ patent that outlines keylogging and ability to target individual devices . Which is interesting. But Carrier IQ owns a dozen patents, including this one, which to me is much more interesting. This patent indicates what Carrier IQ software could do—not what it does—but it is revealing nonetheless:

A communication device and a data server record and collect events and event-related data to create an activity record. A user of the communication device may request that events and related data be recorded and collected using a configuration option on the communication device or through an interaction with the data server. Data are grouped into data sets and uploaded to the data server either automatically or upon user approval. The data server uses the uploaded data to create an activity record which the user may access through a website. The user uploads additional data which are associated with the activity record. In some instances, the data server embeds a link pointing to the additional data in an entry in the activity record corresponding to an event associated with the additional data.

Basically this patent offers a way for a “user”—which could be either the user of the device or the service—to have a record of everything they do:

image

While most of the patent is clearly about a product that would create a ‘lifestream’ for the user—where they can access all the things they’ve done with the device, including photos etc, in one tidy presentation, there’s clearly more to it than that. Buried in the patent are indications that it could do all this without the user asking it to. It’s paragraph 0023 which I think is most interesting:

A user of a mobile device requests that events and event-related data be collected by a data server and data collection begins. Alternately, data collection may be a default setting which is turned off only when the device user requests that data collection not occur. In yet another embodiment, a request from a server can initiate, pause, or stop data collection. The mobile device is configured to record events performed by the mobile device as well as event-related data. Typical events that the mobile device records include making or receiving a phone call; sending or receiving a message, including text, audio, photograph, video, email and multimedia messages; recorded voice data, voice messages, taking a photograph; recording the device’s location; receiving and playing an FM or satellite radio broadcast; connecting to an 802.11 or Bluetooth access point; and using other device applications. The data most often related to an event include at least one of: the time, date and location of an event. However, other event-related data include a filename, a mobile device number (MDN) and a contact name. Commonly, the mobile device records events and provides a time, date and location stamp for each event. The events and event-related data can be recorded in sequence and can be stored on the mobile device.

This seems to suggest that

  • basically all activity on the phone can be logged
  • the software can be turned on by default
  • the software can be turned on and off from the server

All this information would be grouped together and uploaded either with the user’s permission or without it:

[0025] The mobile devices may be configured to store one or more data sets and upload the data sets to the data server. In one embodiment, the data sets are uploaded automatically without user intervention, while in other embodiments the mobile device presents a query to the user beforehand. When the mobile device is ready to upload one or more sessions to the data server, a pop-up screen or dialog may appear and present the user with various options. Three such options include (1) delete session, (2) defer and ask again and (3) upload now. The user interface may present the query every time a session is ready to upload, or the user may be permitted to select multiple sessions for deletion, a later reminder or upload all at once. In another embodiments, the uploading of sessions may occur automatically without user intervention. Uploads may also be configured to occur when the user is less likely to be using the device.

This point—about the option to collect such data without the user’s say-so—is confirmed in [0030]:

Although typically the device and the server do not record, upload and collect data unless the user requests it, in other embodiments the communication device and the server automatically record, upload and collect data until the user affirmatively requests otherwise.

And in [0046]:

In embodiments where participation in the data collection services is the default configuration for a mobile device (e.g., an “opt-out” model), it is not necessary to receive a request from a user prior to recording data.

An ‘opt-out’ model is hard to visualize if this is a product that is a user-centric lifestream.

While patents only tell part of the story, there’s no evidence of any such consumer-facing product on Carrier IQ’s website, so one has to assume these capabilities have been, or could be, wrapped into their carrier-centric services. In that sense, I think there’s plenty of interest in here.

Former Soviet Bloc, Allies, Under Lurid Attack

Trend Micro researchers David Sancho and Nart Villeneuve have written up an interesting attack they’ve dubbed LURID on diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in the former Soviet bloc and its allies. (Only China was not a Soviet bloc member or ally in the list, and it was the least affected by the attack.)

Although they don’t say, or speculate, about the attacker, it’s not hard to conclude who might be particularly interested in what the attacks are able to dig up:

Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets.

Russia had 1,063 IP addresses hit in the attacks; Kazakhstan, 325; Ukraine, 102; Vietnam, 93; Uzbekistan; 88; Belarus, 67; India, 66; Kyrgyzstan, 49; Mongolia, 42; and China, 39.

The campaign has been going for at least a year, and has infected some 1,465 computers in 61 countries with more than 300 targeted attacks.

Dark Reading quotes Jamz Yaneza, a research director at Trend Micro, as saying it’s probably a case of industrial espionage. But who by? ”This seems to be a notable attack in that respect: It doesn’t target Western countries or states. It seems to be the reverse this time,” Yaneza says.

Other tidbits from the Dark Reading report: Definitely not out of Russia, according to Yaneza. David Perry, global director of education at Trend Micro, says could be out of China or U.S., but no evidence of either. So it could be either hacktivists or industrial espionage. Yaneza says attackers stole Word files and spreadsheets, not financial information. “A lot of the targets seemed to be government-based,” he says.

My tuppennies’ worth? Seems unlikely to be hactivists, at least the type we think of. This was a concerted campaign, specifically aimed to get certain documents. Much more likely to be either industrial espionage or pure espionage. Which means we might have reached the stage where groups of hackers are conducting these attacks because a market exists for the product retrieved. Or had we already gotten there, and just not known it?

Either way, Russia and its former allies are now in the crosshairs.

More reading:

Massive malware attacks uncovered in former USSR | thinq_

Cyberspy attacks targeting Russians traced back to UK and US • The Register

Taking Shady RAT to the Next Level

I know I’ve drawn attention to this before, but the timeline of McAfee’s Operation Shady RAT by Dmitri Alperovitch raises questions again about WikiLeaks’ original data.

Alperovitch points out that their data goes back to mid-2006:

We have collected logs that reveal the full extent of the victim population since mid-2006 when the log collection began. Note that the actual intrusion activity may have begun well before that time but that is the earliest evidence we have for the start of the compromises.

This was around the time that Julian Assange was building up the content that, he recounted in emails at the time, that his hard drives were filling up with eavesdropped documents:

We have received over 1 million documents from 13 countries, despite not having publicly launched yet! (Wikileaks Leak, Jan, 2007)

Although Assange has since denied the material came from eavesdropping, it seems clear that it was, until McAfee’s report, the earliest example of a significant trove of documents and emails stolen by China-based hackers. This may have been the same channel stumbled upon a year later by Egerstad (Dan Egerstad’s Tor exit nodes get him arrested and proves a point I made in July | ZDNet).

There were, however, reports in mid 2006 of largescale theft of documents: State Dept (May), and NIPRNet (June), US War College (Sept) and German organisations (October).

I would like to see more data from McAfee and, in the interests of transparency, at least the metadata from the still unrevealed WikiLeaks stash in order to do some note comparing and triangulation. I’d also like to see this material compared with the groundbreaking work by three young Taiwanese white hats, who have sifted through malware samples to try to group together some of these APTs: APT Secrets in Asia – InSun的日志 – 网易博客.

The work has just begun.

Data, WikiLeaks and War

I’m not going to get into the rights and wrongs of the WikiLeaks thing. Nor am I going to look at the bigger implications for the balance of power between governed and governing, and between the U.S. and its allies and foes. Others have written much better than I can on these topics.

I want to look at what the cables tell us about the sorting, sifting and accessing of this information. In short, what does this tell us about how the world’s most powerful nation organized some of its most prized data?

To start, with, I want to revisit a conversation I had sitting in the garden of a Kabul pub called the Gandermack a few weeks back when it struck me: the biggest problem facing NATO in winning the war in Afghanistan is data.

I was talking to a buff security guy—very buff, in fact, as my female companions kept remarking—who was what might have once been a rare breed, but are now in big demand in Afghanistan. He was a former marine (I think), but was also a computer guy with an anthropology or sociology degree under his black belt somewhere. This guy knew his stuff.

And he was telling the NATO forces where they were going wrong: data management.

The problem, he explained, is not that there isn’t enough of it. It’s that there’s too much of it, and it’s not being shared in a useful way. Connections are not being made. Soldiers are drowning in intelligence.

All the allied forces in Afghanistan have their own data systems. But, I was told, there’s no system to make sense of it. Nor is there one to share it. So data collected by a garrison from one country in one part of the country is not accessible by any of the other 48 nations.

On the surface it seems this problem was fixed. In the wake of 9/11 U.S. departments were told to stop being so secretive. Which is why we got to WikiLeaks–one guy apparently able to access millions of classified documents from pretty much every corner of the planet. If he could do then so could thousands of other people. And, one would have to assume, so could more than a few people who weren’t supposed to have access. To give you an idea of the trove unearthed, WikiLeaks has released about 1,000 so far, meaning it’s going to take them nearly seven years to get all the cables out. Cable fatigue, anyone?

So, it would seem that the solution to the problem of not having enough pooled information is to just let anyone have it. But that, it turns out, isn’t enough. That’s because what we see from the WikiLeaks material is how old it looks.

I spent much of the early 1980s trawling through this kind of thing as a history student. Of course, they were all declassified documents going back to the 1950s, but the language was remarkably similar, the structure, the tone, the topics, the look and feel. A diplomatic cable in 2010 looks a lot like a cable from 50 years ago. In the meantime communication has gone from the telegraph to the fax to email to blogs to the iphone to twitter to Facebook.

This, to me, is the problem. It’s not that we’ve suddenly glimpsed inside another world: We would have seen a lot of this stuff at some point anyway, though it’s useful to see it earlier. Actually we can take some succour from the fact that diplomats seem to be doing a pretty good job of reporting on the countries they’re posted to. Journalists shouldn’t be surprised; we’ve relied on diplomats for a while. (And they might rightly feel somewhat aggrieved we now do this to them.)

No, the problem that WikiLeaks unearths is that the most powerful nation on earth doesn’t seem to have any better way of working with all this information than anyone else. Each cable has some header material—who it’s intended for, who it’s by, and when it was written. Then there’s a line called TAGS, which, in true U.S. bureaucratic style doesn’t actually mean tags but “Traffic Analysis by Geography and Subject”—a state department system to organize and manage the cables. Many are two letter country or regional tags—US, AF, PK etc—while others are four letter subject tags—from AADP for Automated Data Processing to PREL for external political relations, or SMIG for immigration related terms.

Of course there’s nothing wrong with this—the tag list is updated regularly (that last one seems to be in January 2008). You can filter a search by, say, a combination of countries, a subject tag and then what’s called a program tag, which always begins with K, such as KPAO for Public Affairs Office.

This is all very well, but it’s very dark ages. The trouble is, as my buff friend in the Kabul garden points out, there’s not much out there that’s better. A CIA or State Department analyst may use a computer to sift through the tags and other metadata, but that seems to be the only real difference between him and his Mum or Dad 50 years before.

My buff friend made a comparison with the political officer in today’s ISAF with a political officer (sometimes called an agent) back in the days of the British Raj. Back then the swashbuckling fella would ride a horse, sleep on the ground and know the Afghan hinterlands like the back of his hand, often riding alone, sipping tea with local chieftains to collect intelligence and use it to effect change (in this case meaning extend the already bulging British sphere of influence.) He would know the ins and outs of local tribal rivalries, who hated whom, etc. All of it stored in his head or in little notebooks.

His modern equivalent may actually have the same information, but it’ll be gleaned from the occasional photo opportunity, a squillion intelligence reports, all suitably tagged, and perhaps footage from a couple of drones. If the chieftain he’s interested in coopting straddles a regional command, chances are that he won’t be able to access anyone else’s information on him–assuming they have any.

In short, the problem in the military and diplomatic world is the same we’re facing in the open world. We have a lot more information than we can use—or keep track of—and it’s not necessarily making us any smarter. Computers haven’t helped us understand stuff better—they’ve just helped us collect, share, and lose more of it.

I must confess I’ve not made much progress on this myself. My main contribution is persuading a researcher friend to use a program called PersonalBrain, which helps you to join the dots between people, things, organisations, whatever you’re trying to figure out. It’s all manual though, which puts people off: What you mean I have to make the connections myself? Well, yes. Computers aren’t magic.

Yet. It’s clear to me that 10 years down the track, I hope, we’ll finally get that writing in prose, and then adding a hierarchy of labels to a document, is no longer the way to go. Instead, we’ll be writing into live forms that make connections as we write, annotate on the fly, draw spindly threads to other parts of our text, and make everything come to life. I will be able to pull into the document visuals, audio, other people, old records, chronologies, maps, and work with the data in three dimensions.

If this sounds familiar, it’s probably because it sounds like science fiction, something like Minority Report. But it’s not; it’s a glimpse inside the mind of our imperial political agent; how he would make those connections because they were all in his head—neurons firing transmitters, axons alive, binding synapses.

If I were the U.S. government, I would take Cablegate as a wake up call. Not at the affrontery of this humiliation, but as a chance to rethink how its data is being gathered and made use of. Cablegate tells us that the world of the cable is over.

Singapore Details ‘Waves’ of Cyberattacks

Officials and delegates from APEC economies were targeted ahead of last year’s Singapore meeting with malware-laden emails faked so they appeared to have been sent by Singapore government officials on the Organising Committee.

Singapore officials have said the attacks were not the first on the country. Although Singapore regularly highlights threats to national security—including Islamic terrorism—the admission that it has been the victim of cyber attacks is, according to the Straits Times, its most detailed account.

Although it’s hard to read too much into the statements made to judge who may have been behind the attacks, it’s interesting that Singapore is drawing attention to this—not least because there’s bound to be speculation about just this point. The current flood of WikiLeaks cables about this very issue is a coincidence. But the description of the attacks fits a pattern familiar to security experts:

Between September and November 2009 APEC officials, and delegates of several APEC economies were targeted with Trojan-laden emails “with the aim of infiltrating their computers and extracting privileged information.” There were at least seven waves of such attacks, focusing on members of the APEC organising committe and APEC delegates whose email addresses were published on websites or in APEC mailing lists. (APEC, Asia-Pacific Economic Cooperation, is a forum for 21 regional economies set up in 1989. Singapore hosted meetings throughout 2009 culminating in a leaders’ meeting in Singapore from November 14-15.) 

The attacks were first mentioned in a speech by Ho Peng Kee, Senior Minister Of State For Law & Home Affairs, who told a seminar on Sept 28 that “Singapore has its fair share of cyber attacks.” More details were  added in an internal but publicly accessible Ministry of Home Affairs magazine, the Home Team Journal, by Loh Phin Juay, head of the Singapore Infocomm Technology Security Authority and reported in the Straits Times on Saturday, December 4.  (The Straits Times called the perpetrators “cyberterrorists”.)

Loh wrote in the magazine article that “between 2004 and 2005, the Singapore government saw waves of Trojan email attacks which were commonly referred to as the Trojan Riler attacks.” The attacks came in four waves over a span of two years, he said, in the form of more than 900 emails targeting officials in several ministries.  

Loh Phin Juay said that the first two waves in the 2009 attacks used PowerPoint and PDF attachments to emails puportedly warning about possible terrorist attacks on the meeting. A subsequent wave included “legitimate information relevant to the APEC 2009 meetings”—in this case an invitation to an actual APEC symposium.

Some of the malicious emails “contained details of actual APEC events (date, time, venue) not known to the general public.” This suggests to me that either the first wave was successful in gaining access to some sensitive information, or, less likely, that those perpetrating the attack were already privy to it (raising the question why they didn’t use that information in the first wave.) Both officials said no significant disruption was caused by the APEC attack.

Singapore last year set up a special body, the Singapore Infocomm Technology Security Authority (SITSA), “to safeguard Singapore against infocomm technology (IT) security threats. SITSA will be the national specialist authority overseeing operational IT security. SITSA’s mission is to secure Singapore’s IT environment, especially vis-à-vis external threats to national security such as cyber-terrorism and cyber-espionage.”

Neither official speculates about the origin of the attacks. In his speech Ho Peng Kee referred separately to Operation Aurora, a cyber attack from mid 2009 to December 2009 on dozens of Western companies including Google, which alleged the attacks began in China. Loh Phin Juay referred in his article to GhostNet, a cyber espionage network which had its command and control network based in China and which penetrated government and embassy computers in a number of countries, including some in Southeast Asia. (Singapore was not mentioned in reports of the compromised computers.)

But he writes that “to date, the perpetrators of GhostNet remain unknown,” and neither man links the Singapore attacks to either event. The Trojan Riler was, according to Symantec, first discovered on September 8, 2004; It has been associated with corporate espionage but also the GhostNet attacks.

A pale white man shows us what journalism is

My weekly Loose Wire Service column.

Is the Internet replacing journalism?

It’s a question that popped up as I gazed at the blurred, distorted web-stream of a press conference from London by the founder of WikiLeaks, a website designed to “protect whistleblowers, journalists and activists who have sensitive materials to communicate to the public”.

On the podium there’s Julian Assange. You can’t make a guy like this up. White haired, articulate and defensive, aloof and grungy, specific and then sweepingly angry. Fascinating. In a world of people obsessed by the shininess of their iPhones, Assange is either a throwback to the past or a gulf of fresh air.

WikiLeaks, which has been around for a few years but has, with the release of mounds of classified data about the Afghan War, come center stage.

Assange doesn’t mince his words. He shrugs off questions he doesn’t like by pointing his face elsewhere and saying “I don’t find that question interesting.” He berates journalists for not doing their job — never

something to endear an interviewee to the writer.
But in some ways he’s right. We haven’t been doing our job. We’ve not chased down enough stories, put enough bad guys behind bars (celebrities don’t really count.) His broadsides may be more blunderbuss than surgical strike, but he does have a point. Journalism is a funny game. And it’s changing.

Asked why he chose to work with three major news outlets to release the Afghan data, he said it was the only way to get heard. He pointed out that he’d put out masses of interesting leaks on spending on the Afghan war previously and hardly a single journalist had picked it up.

Hence the — inspired — notion of creating a bit of noise around the material this time around. After all, any journalist can tell you the value of the material is less intrinsic than extrinsic: Who else is looking for it, who else has got it, and if so can we publish it before them.

Sad but true. We media tend to only value something if a competitor does. A bit like kids in the schoolyard. By giving it to three major outlets — New York Times, The Guardian, Der Spiegel — Assange ensured there was not only a triple splash but also the matchers from their competitors.

So Assange is right. But that’s always been like that. Assange is part of — and has identified — a much deeper trend that may be more significant than all the hand-wringing about the future of the media.

You see, we’ve been looking at media at something that just needs a leg-up. We readily admit the business model of the media is imploding.

But very little discussion of journalism centers on whether journalism itself might be broken. Assange — and others – believe it is.

The argument goes like this.

The model whereby media made a lot of money as monopolistic enterprises — fleecing advertisers at one end, asking subscribers to pay out at the other, keeping a death grip on the spigot of public, official or company information in the middle — has gone. We know that.

But what we don’t perhaps realize is that the Internet itself has changed the way that information moves around. I’m not just talking about one person saying something on Twitter, and everyone else online reporting it.

I’m talking about what news is. We journalists define news in an odd way — as I said above, we attach value to it based on how others value it, meaning that we tend to see news as a kind of product to grab.

The Internet has changed that. It’s turned news into some more amorphous, that can be assembled from many parts.

Assange and his colleagues at WikiLeaks don’t just act as a clearing house for leaked data. They add extraordinary value to it.

Don’t believe me? Read a piece in The New Yorker in June, about the months spent on cracking the code on, and then editing video shot in Iraq.

In a more modest way this is being done every day by bloggers and folk online, who build news out of small parts they piece together —some data here, a report there, a graphic to make sense of it. None of these separate parts might be considered news, but they come together to make it so.

Assange calls WikiLeaks a stateless news organization. Dave Winer, an Internet guru, points out that this pretty much is what the blogosphere is as well. And he’s right. WikiLeaks works based on donations and collaborative effort. Crowd-sourcing, if you will.

I agree with all this, and I think it’s great. This is happening in lots of interesting places — such as Indonesia, where social media has mobilized public opinion in ways that traditional media has failed.

But what of journalism, then?

Jeff Jarvis, a future-of-media pundit, asked the editor of The Guardian, one of the three papers that WikiLeak gave the data too first, whether The Guardian should have been doing the digging.

He said no; his reporters add value by analyzing it. “I think the Afghan leaks make the case for journalism,” Alan Rusbridger told Jarvis. “We had the people and expertise to make sense of it.”

That’s true. As far as it goes. I tell my students, editors, colleagues, anyone who will listen, that our future lies not so much in reporting first but adding sense first. And no question, The Guardian has done some great stuff with the data. But this is a sad admission of failure — of The Guardian, of reporting, of our profession.

We should be looking at WikiLeaks and learning whatever lessons we can from it. WikiLeaks’ genius is manifold: It has somehow found a way to persuade people, at great risk to themselves, to send it reams of secrets. The WikiLeaks people do this by taking that data seriously, but they also maintain a healthy paranoia about everyone — including themselves — which ensures that sources are protected.

Then they work on adding value to that data. Rusbridger’s comments are, frankly, patronizing about WikiLeaks’ role in this and previous episodes.

We journalists need to go back to our drawing boards and think hard about how WikiLeaks and the Warholesque Assange have managed to not only shake up governments, but our industry, by leveraging the disparate and motivated forces of the Internet.

We could start by redefining the base currency of our profession — what news, what a scoop, what an exclusive is. Maybe it’s the small pieces around us, joined together.

Nightmare on Spyware Street

A case in Connecticut has exposed the legal dangers of not protecting your computer against spyware, as well as our vulnerability at the hands of incompetent law-enforcement officers.

Teacher Julie Amero found herself in a nightmare after spyware on her school computer popped up pornographic images in front of students. Instead of realising this was spyware at work, the state accused her of putting them there and forcing her pupils to watch.

In June of 2007, Judge Hillary B. Strackbein tossed out Amero’s conviction on charges that she intentionally caused a stream of “pop-up” pornography on the computer in her classroom and allowed students to view it. Confronted with evidence compiled by forensic computer experts, Strackbein ordered a new trial, saying the conviction was based on “erroneous” and “false information.”

But since that dramatic reversal, local officials, police and state prosecutors were unwilling to admit that a mistake may have been made — even after computer experts from around the country demonstrated that Amero’s computer had been infected by “spyware.”

It seems the nightmare may be coming to an end, but not without a price. She’s had to admit to one misdemeanour charge and surrender her teaching licence. She’s also been hospitalized for stress and heart problems.

The lesson? This was a school computer, and it seems the school failed to install the necessary updates and protection to prevent the spyware from loading itself. That’s probably something Amero should be exploring with her lawyers.

But there’s a bigger issue. We need, as individuals, to take more reponsibility for the computers we use—to learn the basics of protecting them from attacks, and to be able to at least identify what the problem is when something like this happens. It may have taken a techie guy to clean the computer in this case (I admit spyware is really hard to get rid of) but knowing, roughly, what the problem is should be the bare minimum of our working knowledge of the computers we use.

Connecticut drops felony charges against Julie Amero, four years after her arrest – Rick Green | CT Confidential

links for 2008-09-15

Is That a Virus on Your Phone or a New Business Model?

This week’s WSJ.com column (subscription only) is about mobile viruses — or the lack of them. First off I talked about CommWarrior, the virus any of you with a Symbian phone and Bluetooth switched no will have been pinged with anywhere in the world.

CommWarrior isn’t new: It has been around since March 2005. But this isn’t much comfort if you find yourself — as a lunch companion and I did — bombarded by a dozen attempts to infect our phones before the first course had arrived. So is CommWarrior just the thin end of a long wedge? Yes, if you listen to the Internet-security industry. “I can personally assure you that mobile threats are reality, and we have to start taking our mobile security seriously,” says Eric Everson, who admittedly has a stake in talking up the threat, given that he is founder of Atlanta-based MyMobiSafe, which offers cellphone antivirus protection at $4 a month.

But the security industry has been saying this for years about viruses — usually lumped together under the catchall “malware” — and, despite lots of scare stories, I couldn’t find any compelling evidence that they are actually causing us problems beyond those I experienced in the Italian restaurant.

For reasons of space quite a bit of material had to be dropped, so I’m adding it here for anyone who’s interested. Apologies to those sources who didn’t get their voices heard.

Symantec, F-Secure Security Labs and other antivirus companies call FlexiSPY a virus (though, strictly speaking, it’s a Trojan, meaning it must be installed by the user, who thinks the program does something harmless). “In terms of damaging the user, the most serious issue at the moment is commercial spyware applications such as FlexiSPY,” says Peter Harrison, of a new U.K.-based mobile-security company, UMU Ltd.

Not surprisingly, however, Mr. Raihan isn’t happy to have his product identified and removed by cellphone antivirus software, though he says his protests have fallen on deaf ears. “We are a godsend to them,” he says of the mobile antivirus companies. “They are fear-mongering as there is not a significant problem with viruses in the mobile space.”

Technorati Tags: , , , ,

Getting Data Past Borders

Bruce Schneier uses reports that Sudan is searching all laptops being brought into the country to sound a warning: “Your privacy rights when trying to enter a country are minimal, and this kind of thing could happen anywhere… If you’re bringing a laptop across an international border, you should clean off all unnecessary files and encrypt the rest.”

Some commenters take the discussion a bit further, pointing out this may not be enough. Officials may demand you decrypt your files, so a better way would be to encrypt your data in an unpartitioned portion of your hard drive using something called TrueCrypt, which creates a “virtual encrypted disk” within a file (for Windows and Linux.)

Others suggest that this might not be enough, and that it may be better to use some kind of steganography (hiding data within innocent data, like a photo or music file.) It goes without saying that whatever you do encrypt you should have backed up somewhere safe back home. Another option is not to have anything on your laptop and to download what you need once you’re in country, but unless you have a private network you can do this on, chances are your downloads will be monitored.

This is all not as fanciful or infrequent as it sounds. One poster, Abbas Halai, said he had on three occasions entering the U.S. been asked to login to his laptop and then leave the room.