Saturday, July 31, 2010

FTC's List of Corporate Privacy Abusers Shows Advertisers Can't Be Trusted With Data Security

Jim Edwards writes on the CBS Business Network:

The FTC yesterday published a list of companies that used unfair, deceptive, false or misleading claims about consumer privacy that caused “substantial consumer injury,” and the names on it will surprise you. Sure, many of the companies are mortgage scammers and spam phishers. But lots of them are household and blue-chip brands such as Twitter, TJ Maxx, Microsoft, and Dave & Busters.

The list proves that advertisers cannot be trusted to regulate themselves when it comes to tracking and targeting consumers on the web or on mobile devices. There are currently few rules controlling how advertisers can use personal information gathered from consumers electronically, and if self regulation worked the FTC would not have brought action against these companies for privacy abuses.

More here.

Hat-tip: Donna's SecurityFlash

Friday, July 30, 2010

FBI Access to e-Mail, Web Data Raises Privacy Fear

An AP newswire article by Pete Yost, via, reports:

Invasion of privacy in the Internet age. Expanding the reach of law enforcement to snoop on e-mail traffic or on Web surfing. Those are among the criticisms being aimed at the FBI as it tries to update a key surveillance law.

With its proposed amendment, is the Obama administration merely clarifying a statute or expanding it? Only time and a suddenly on guard Congress will tell.

Federal law requires communications providers to produce records in counterintelligence investigations to the FBI, which doesn't need a judge's approval and court order to get them.

They can be obtained merely with the signature of a special agent in charge of any FBI field office and there is no need even for a suspicion of wrongdoing, merely that the records would be relevant in a counterintelligence or counterterrorism investigation. The person whose records the government wants doesn't even need to be a suspect.

The bureau's use of these so-called national security letters to gather information has a checkered history.

More here.

Google, CIA Invest in 'Future' of Web Monitoring

Noah Shachtman writes on Danger Room:

The investment arms of the CIA and Google are both backing a company that monitors the web in real time — and says it uses that information to predict the future.

The company is called Recorded Future, and it scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents — both present and still-to-come. In a white paper, the company says its temporal analytics engine “goes beyond search” by “looking at the ‘invisible links’ between documents that talk about the same, or related, entities and events.”

The idea is to figure out for each incident who was involved, where it happened and when it might go down. Recorded Future then plots that chatter, showing online “momentum” for any given event.

“The cool thing is, you can actually predict the curve, in many cases,” says company CEO Christopher Ahlberg, a former Swedish Army Ranger with a PhD in computer science.

Which naturally makes the 16-person Cambridge, Massachusetts, firm attractive to Google Ventures, the search giant’s investment division, and to In-Q-Tel, which handles similar duties for the CIA and the wider intelligence community.

More here.

Wednesday, July 28, 2010

FBI: Mastermind of Botnet Nabbed

An AP newswire article by Lolita C. Baldor, via, reports:

International authorities have arrested a computer hacker believed responsible for creating the malicious computer code that infected as many as 12 million computers, invading major banks and corporations around the world, FBI officials told The Associated Press on Tuesday.

A 23-year-old Slovenian known as Iserdo was snagged in Maribor, Slovenia, after a lengthy investigation by Slovenian Criminal Police there along with FBI and Spanish authorities.

His arrest comes about five months after Spanish police broke up the massive cyber scam, arresting three of the alleged ringleaders who operated the so-called Mariposa botnet, stealing credit cards and online banking credentials. The botnet — a network of infected computers — appeared in December 2008 and infected more than half of the Fortune 1,000 companies and at least 40 major banks.

Jeffrey Troy, the FBI's deputy assistant director for the cyber division, said Tuesday that Iserdo's arrest is a major break in the investigation. He said it will take the alleged cyber mastermind off the street and prevent him from updating the malicious software code or somehow regaining control of computers that are still infected.

Officials declined to release Iserdo's real name and the exact charges filed against him, but said the arrest took place about 10 days ago and the man has been released on bond.

More here.