‘Heartbleed’ bug puts encrypted data in danger

Trust in the Internet took a major blow as alarm spread that software commonly used to encrypt and secure online transactions could wind up giving away the store.

Computer security specialists, website masters, and fans of online privacy were worriedly abuzz with word of a freshly-discovered flaw in online data-scrambling software that hackers can turn to their advantage.

A bug dubbed “Heartbleed” in OpenSSL encryption software lets attackers illicitly retrieve passwords and other bits of information from working memory on computer servers, according to cyber-defense specialists at Fox-IT. Continue reading “‘Heartbleed’ bug puts encrypted data in danger”

Largest single personal data hack ever? 360mn stolen account credentials found online

 

Published time: March 01, 2014 01:31

Reuters / Kacper Pempel

 

Reuters / Kacper Pempel

 

A cyber security firm has reported a “mind boggling” cache of stolen credentials which has been put up for sale on online black markets. A total of 360 million accounts were affected in a series of hacks, one of which seems to be the biggest in history.

Alex Holden, chief information security officer of Hold Security LLC, said that the firm had uncovered the data over the past three weeks.

He said that 360 million personal account records were obtained in separate attacks, but one single attack seems to have obtained some 105 million records which could make it the biggest single data breach to date, Reuters reports. “The sheer volume is overwhelming,” said Holden in a statement on Tuesday. Continue reading “Largest single personal data hack ever? 360mn stolen account credentials found online”

Yahoo webcam images from millions of users intercepted by GCHQ

• Optic Nerve program collected Yahoo webcam images in bulk • 1.8m users targeted by UK agency in six-month period alone • Yahoo: ‘A whole new level of violation of our users’ privacy’ • Material included large quantity of sexually explicit images

and  theguardian.com,              Thursday 27 February 2014 11.16 EST

Yahoo webcam image.

The GCHQ program saved one image every five minutes from the users’ feeds. Photograph: Chris Jackson/Getty Images

Britain’s surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.

GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.

In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.

Yahoo reacted furiously to the webcam interception when approached by the Guardian. The company denied any prior knowledge of the program, accusing the agencies of “a whole new level of violation of our users’ privacy“. Continue reading “Yahoo webcam images from millions of users intercepted by GCHQ”

Microsoft, Facebook, Google and Yahoo release US surveillance requests

• Tech giants turn over data from tens of thousands of accounts • Limited disclosure part of transparency deal made last month

in Washington and in New York

theguardian.com,    Monday 3 February 2014 16.40 EST

Microsoft, Twitter, Google and Facebook all want to give greater disclosure of Fisa requests
Microsoft, Twitter, Google and Facebook all participate in the NSA’s Prism effort. Photograph: Pichi Chuang/Reuters

Tens of thousands of accounts associated with customers of Microsoft, Google, Facebook and Yahoo have their data turned over to US government authorities every six months as the result of secret court orders, the tech giants disclosed for the first time on Monday. Continue reading “Microsoft, Facebook, Google and Yahoo release US surveillance requests”

Millions of visitors to Yahoo.com hit by huge malware attack

  • Ads from Yahoo are redirecting users to sites that install a host of different malware
  • IT security firm Fox IT estimates that up to 29,000 computers per hour were affected
  • Yahoo says it is aware of the problem and working to fix it

By Alex Greig

UPDATED:          11:41 EST, 5 January 2014

Visitors to Yahoo.com over the past week may have been affected by malware coming from the site’s ads.

According to online security firm Fox IT based in the Netherlands, users who clicked on ads from the site were redirected to sites that exploited vulnerabilities in Java and installed a host of different malware.

‘Clients visiting yahoo.com received advertisements served by ads.yahoo.com,’ the internet security firm posted on its blog. ‘Some of the advertisements are malicious.’

Homepage: Yahoo users may have been affected by malwareHomepage: Yahoo users may have been affected by malware Continue reading “Millions of visitors to Yahoo.com hit by huge malware attack”

Snowden document reveals key role of companies in NSA data collection

ScreenHunter_97 Nov. 02 10.15

NSA leverages relationships with commercial partners to collect vast quantities of data from fibre-optic cables, file shows

Tapping fibre-optic cables – see the NSA slide

NSA HQ at Fort Meade, Maryland

Yahoo, Microsoft and Google deny they co-operate voluntarily with the intelligence agencies. Photograph: Paul J Richards/AFP

The key role private companies play in National Security Agency surveillance programs is detailed in a top-secret document provided to the Guardian by whistleblower Edward Snowden and published for the first time on Friday.

One slide in the undated PowerPoint presentation, published as part of the Guardian’s NSA Files: Decoded project, illustrates the number of intelligence reports being generated from data collected from the companies.

In the five weeks from June 5 2010, the period covered by the document, data from Yahoo generated by far the most reports, followed by Microsoft and then Google.

Between them, the three companies accounted for more than 2,000 reports in that period – all but a tiny fraction of the total produced under one of the NSA‘s main foreign intelligence authorities, the Fisa Amendents Act (FAA).

It is unclear how the information in the NSA slide relates to the companies’ own transparency reports, which document the number of requests for information received from authorities around the world.

Yahoo, Microsoft and Google deny they co-operate voluntarily with the intelligence agencies, and say they hand over data only after being forced to do so when served with warrants. The NSA told the Guardian that the companies’ co-operation was “legally compelled”.

But this week the Washington Post reported that the NSA and its UK equivalent GCHQ has been secretly intercepting the main communication links carrying Google and Yahoo users’ data around the world, and could collect information “at will” from among hundreds of millions of user accounts.

The NSA’s ability to collect vast quantities of data from the fibre-optic cables relies on relationships with the companies, the document published on Friday shows.

The presentation, titled “Corporate Partner Access” was prepared by the agency’s Special Source Operations division, which is responsible for running those programs.

In an opening section that deals primarily with the telecom companies, the SSO baldly sets out its mission: “Leverage unique key corporate partnerships to gain access to high-capacity international fiber-optic cables, switches and/or routes throughout the world.”

The NSA is helped by the fact that much of the world’s communications traffic passes through the US or its close ally the UK – what the agencies refer to as “home-field advantage”.

The new revelations come at a time of increasing strain in relations between the intelligence community and the private sector. Google and Yahoo reacted angrily on Wednesday to the Washington Post’s report on the interception of their data.

The Guardian approached all three companies for comment on the latest document.

“This points out once again the need for greater transparency,” a Google spokesman said.

He referred to a letter the company and other Silicon Valley giants sent to the Senate judiciary committee on Thursday. “The volume and complexity of the information that has been disclosed in recent months has created significant confusion here and around the world, making it more difficult to identify appropriate policy prescriptions,” the letter said.

A Microsoft spokesperson said: “We are deeply disturbed by these allegations, and if true they represent a significant breach of trust by the US and UK governments. It is clear that there need to be serious reforms to better protect customer privacy.”

Yahoo had not responded by the time of publication.

The companies are also fighting through the courts to be allowed to release more detailed figures for the number of data requests they handle from US intelligence agencies. Along with AOL, Apple and Facebook, they wrote to the Senate judiciary committee this week calling for greater transparency and “substantial” reform of the NSA.

Google, the first to publish a transparency report, has reported US authorities’ requests for user data increased by 85% between 2010 and 2012 (from 8,888 in 2010 to 16,407 in 2012). But the vast majority of those are requests from local law enforcement looking for information about potential drug traffickers, fraudsters and other domestic criminal activity.

Legally compelled NSA request relating to foreign terrorist targets, which none of the firms are allowed to disclose, are thought to represent a tiny fraction of the overall figure.

While the internet companies are listed by name in the NSA document, the telecoms companies are hidden behind covernames.

The names of these “corporate partners” are so sensitive that they are classified as “ECI” – Exceptionally Controlled Information – a higher classification level than the Snowden documents cover. Artifice, Lithium and Serenade are listed in other documents as covernames for SSO corporate partners, while Steelknight is described as an NSA partner facility.

In a statement defending its surveillance programs, the NSA said: “What NSA does is collect the communications of targets of foreign intelligence value, irrespective of the provider that carries them. US service provider communications make use of the same information superhighways as a variety of other commercial service providers.

“NSA must understand and take that into account in order to eliminate information that is not related to foreign intelligence.

“NSA works with a number of partners and allies in meeting its foreign-intelligence mission goals, and in every case those operations comply with US law and with the applicable laws under which those partners and allies operate.”

UPDATE: Microsoft issued a further statement after publication of the Guardian’s story. A spokesperson said: “Microsoft only discloses customer data when served with valid legal orders and in June we published a complete view of the volume of orders we received from the US government.

“But it is clear that much more transparency is needed to help the companies and their customers understand these issues.”

http://www.theguardian.com/world/2013/nov/01/nsa-data-collection-tech-firms

NSA ‘broke into Yahoo and Google data centers to obtain millions of records every day’… and leaked doodle shows how spy agency did it with a smiley face

  • The Washington Post cites documents  leaked by Edward Snowden
  • In 30 days, the NSA gleaned 180 million  new records including text, audio and video – and who sent it to whom and when  they sent it
  • NSA: Claims that we collect data this way  are not true

By  Associated Press and Daily Mail Reporter

PUBLISHED: 12:53 EST, 30  October 2013 |  UPDATED: 14:16 EST, 30 October 2013

The National Security Agency has secretly  broken into the Yahoo and Google data centers around the world to steal hundreds  of millions of records, it was reported today.

Every day, the NSA sends millions of records  from Yahoo and Google internal networks to data warehouses at the  agency’s Fort  Meade, Maryland headquarters, the Washington Post reported, citing documents  leaked by former NSA contractor Edward Snowden.

The documents include a slide from an agency  presentation  entitled ‘Google Cloud Exploitation’, featuring a sketch showing  where  the ‘Public Internet’ meets the internal ‘Google Cloud’ of user data.

On the sketch, a note adds that encryption is  ‘added and remove here!’ and the artist then jots a smiley face – in what the  Post calls a ‘cheeky  celebration of victory over Google security’.

Leaked: In a slide from an NSA presentation, a sketch shows where the 'Public Internet' meets the 'Google Cloud' user data - with a smiley face to celebrate getting around the secure links 

Leaked: In a slide from an NSA presentation, a sketch  shows where the ‘Public Internet’ meets the ‘Google Cloud’ user data – with a  smiley face to celebrate getting around the secure links

 

‘Two engineers with close ties to Google  exploded in profanity when they saw the drawing,’ the Post reported.

In the 30 days after January 9, field  collectors processed and sent back more than 180 million new records – ranging  from ‘metadata’, which would indicate who sent or received emails and  when, to  content such as text, audio and video.

Both companies said they had not given the  NSA permission to do so and where not aware of the activity.

The NSA’s principal tool to exploit the data  links is a project called MUSCULAR, operated jointly with the agency’s British  counterpart, GCHQ.

The program uses an unnamed  telecommunications provider giving secret access to a cable for Google and  Yahoo to pass unencrypted traffic between their  servers.

the National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world 

Seized: The NSA has reportedly secretly broken into main  communications links that connect Yahoo and Google data centers around the  world. This photo shows a Google data center in Hamina, Finland

The Post said NSA and GCHQ are copying entire  data flows across fiber-optic cables that carry information between the data  centers of the Silicon Valley giants.

The NSA’s leader, Gen. Keith Alexander said  he was unaware of the report, adding that the NSA is not authorized to access  data centers and must go through a court process to obtain it.

‘The assertion that we collect vast  quantities of U.S. persons’ data from this type of collection is also not true,’  a spokeswoman added, Politico reported.

The report comes despite the companies saying  their servers are closely guarded and strictly audited. According to Google,  buildings housing its servers are guarded around-the-clock and secured with  heat-sensitive cameras and biometric verification.

In a statement to the Post, Google  said it  was ‘troubled by allegations of the government intercepting  traffic between our  data centers, and we are not aware of this  activity’.

At Yahoo a  spokeswoman added: ‘We have  strict controls in place to protect the  security of our data centers, and we  have not given access to our data  centers to the NSA or to any other government  agency.’

White House officials and the Office of  the  Director of National Intelligence, which oversees the NSA, declined  to comment,  the Post said.

Revelations: The information was obtained by former NSA contractor, Edward Snowden 

Revelations: The information was obtained by former NSA  contractor, Edward Snowden

The NSA already collects data from Google,  Yahoo and other technology  companies under another program known as PRISM –  details of which were  revealed by Snowden earlier this year.

The program legally compels the companies to  provide the agency with information that matches court-approved search  terms.

The collection of data by MUSCULAR would be  illegal in the U.S., but the operations take place overseas, where the NSA can  presume anyone using a foreign data link is a foreigner, the Post  said.

Read more: http://www.dailymail.co.uk/news/article-2480411/NSA-broke-Yahoo-Google-data-centers-obtain-millions-records.html#ixzz2jGZlavR4 Follow us: @MailOnline on Twitter | DailyMail on Facebook

How The NSA Deploys Malware: An In-Depth Look at the New Revelations

We’ve long suspected that the NSA, the world’s premiere spy agency, was pretty good at breaking into computers. But now, thanks to an article by security expert Bruce Schneier—who is working with the Guardian to go through the Snowden documents—we have a much more detailed view of how the NSA uses exploits in order to infect the computers of targeted users. The template for attacking people with malware used by the NSA is in widespread use by criminals and fraudsters, as well as foreign intelligence agencies, so it’s important to understand and defend against this threat to avoid being a victim to the plethora of attackers out there.

How Does Malware Work Exactly?

 

Deploying malware over the web generally involves two steps. First, as an attacker, you have to get your victim to visit a website under your control. Second, you have to get software—known as malware—installed on the victim’s computer in order to gain control of that machine. This formula isn’t universal, but is often how web-based malware attacks proceed.

 

In order to accomplish the first step of getting a user to visit a site under your control, an attacker might email the victim text that contains a link to the website in question, in a so-called phishing attack. The NSA reportedly uses phishing attacks sometimes, but we’ve learned that this step usually proceeds via a so-called “man-in-the-middle” attack.1 The NSA controls a set of servers codenamed “Quantum” that sit on the Internet backbone, and these servers are used to redirect targets away from their intended destinations to still other NSA-controlled servers that are responsible for the injection of malware. So, for example, if a targeted user visits “yahoo.com”, the target’s browser will display the ordinary Yahoo! landing page but will actually be communicating with a server controlled by the NSA. This malicious version of Yahoo!’s website will tell the victim’s browser to make a request in a background to another server controlled by the NSA which is used to deploy malware.

 

Once a victim visits a malicious website, how does the attacker actually infect the computer? Perhaps the most straightforward method is to trick the user into downloading and running software. A cleverly designed pop-up advertisement may convince a user to download and install the attacker’s malware, for example.

 

But this method does not always work, and relies on a user taking action to download and run software. Instead, attackers can exploit software vulnerabilities in the browser that the victim is using in order to gain access to her computer. When a victim’s browser loads a website, the software has to perform tasks like parsing text given to it by the server, and will often load browser plugins like Flash that run code given to it by the server, in addition to executing Javascript code given to it by the server. But browser software—which is becoming increasingly complex as the web gains more functionality—doesn’t work perfectly. Like all software, it has bugs, and sometimes those bugs are exploitable security vulnerabilities that allow an attacker to gain access to a victim’s computer just because a particular website was visited. Once browser vendors discover vulnerabilities, they are generally patched, but sometimes a user has out of date software that is still vulnerable to known attack. Other times, the vulnerabilities are known only to the attacker and not to the browser vendor; these are called zero-day vulnerabilities.

 

The NSA has a set of servers on the public Internet with the code name “FoxAcid” used to deploy malware. Once their Quantum servers redirect targets to a specially crafted URL hosted on a FoxAcid server, software on that FoxAcid server selects from a toolkit of exploits in order to gain access to the user’s computer. Presumably this toolkit has both known public exploits that rely on a user’s software being out of date, as well as zero-day exploits which are generally saved for high value targets.2 The agency then reportedly uses this initial malware to install longer lasting malware.

 

Once an attacker has successfully infected a victim with malware, the attacker generally has full access to the user’s machines: she can record key strokes (which will reveal passwords and other sensitive information), turn on a web cam, or read any data on the victim’s computer.

 

What Can Users Do To Protect Themselves?

 

We hope that these revelations spur browser vendors to action, both to harden their systems against exploits, and to attempt to detect and block the malware URLs used by the FoxAcid servers.

In the meantime, users concerned about their security should practice good security hygiene. Always keep your software up to date—especially browser plugins like Flash that require manual updates. Make sure you can distinguish between legitimate updates and pop-up ads that masquerade as software updates. Never click a suspicious looking link in an email.

For users who want to go an extra step towards being more secure—and we think everyone should be in this camp—consider making plugins like Flash and Java “click-to-play” so that they are not executed on any given web page until you affirmatively click them. For Chromium and Chrome, this option is available in Settings => Show Advanced Settings => Privacy => Content Settings => Plug-ins. For Firefox, this functionality is available by installing a browser Add-On like “Click to Play per-element”. Plugins can also be uninstalled or turned off completely. Users should also use ad blocking software to stop unnecessary web requests to third party advertisers and web trackers, and our HTTPS Everywhere add-on in order to encrypt connections to websites with HTTPS as much as possible.

 

Finally, for users who are willing to notice some more pain when browsing the web, consider using an add-on like NotScripts (Chrome) or NoScript (Firefox) to limit the execution of scripts. This means you will have to click to allow scripts to run, and since Javascript is very prevalent, you will have to click a lot. For Firefox users, RequestPolicy is another useful add-on that stops third-party resources from loading on a page by default. Once again, as third-party resources are popular, this will disrupt ordinary browsing a fair amount. Finally, for the ultra paranoid, HTTP Nowhere will disable all HTTP traffic completely, forcing your browsing experience to be entirely encrypted, and making it so that only websites that offer an HTTPS connection are available to browse.

 

Conclusion

 

The NSA’s system for deploying malware isn’t particularly novel, but getting some insight into how it works should help users and browser and software vendors better defend against these types of attacks, making us all safer against criminals, foreign intelligence agencies, and a host of attackers. That’s why we think it’s critical that the NSA come clean about its capabilities and where the common security holes are—our online security depends on it.

https://www.eff.org/deeplinks/2013/10/how-nsa-deploys-malware-new-revelations

Yahoo chief Marissa Mayer said she feared winding up in prison for TREASON if she refused to comply with US spy demands for data

Yahoo CEO fears defying NSA could mean prison

12   Sep   2013
SAN FRANCISCO (AFP)

Yahoo chief Marissa Mayer said she feared winding up in prison for treason if she refused to comply with US spy demands for data.

Her comments came after being asked what she is doing to protect Yahoo users from “tyrannical government” during an on-stage interview at a TechCrunch Disrupt conference in San Francisco.

Mayer said Yahoo scrutinizes and fights US government data requests stamped with the authority of a Foreign Intelligence Surveillance Court, but when the company losses battles it must do as directed or risk being branded a traitor.

Data requests authorized by the court come with an order barring anyone at the company receiving the request from disclosing anything about them, even their existence.

“If you don’t comply, it is treason,” Mayer said when asked why she couldn’t just spill details of requests by US spy agencies for information about Yahoo users.

“We can’t talk about it because it is classified,” she continued. “Releasing classified information is treason, and you are incarcerated. In terms of protecting our users, it makes more sense to work within the system.”

Yahoo CEO Marissa Mayer speaks during the 2013 TechCrunch Disrupt conference on September 11, 2013 in San Francisco, California. The TechCruch Disrupt Conference runs through September 11. Justin Sullivan/Getty Images/AFP

Yahoo, Google, Facebook, and Microsoft are among Internet firms pushing for permission to disclose more details to users about demands for data made in the name of fighting terrorism or other threats.

Technology titans have been eager to bolster the trust of its users by making it clearer what has actually been demanded by and disclosed to US authorities.

“It is our government’s job to protect all of us and also protect our freedoms and protect the economy and protect companies,” said Facebook co-founder and chief Mark Zuckerberg said at TechCrunch Disrupt on Wednesday.

“Frankly, I think the government blew it.”

US intelligence officials declassified documents Tuesday revealing the National Security Agency violated privacy rules for three years when it sifted through phone records of Americans with no suspected links to terrorists.

The revelations raised fresh questions about the NSA’s ability to manage the massive amount of data it collects and whether the US government is able to safeguard the privacy of its citizens.

Yahoo, Google, Facebook, and Microsoft are among Internet firms pushing for permission to disclose more details to users about demands for data made in the name of fighting terrorism or other threats.

The government was forced to disclose the documents by a judge’s order after a Freedom of Information lawsuit filed by the Electronic Frontier Foundation, a non-profit group promoting digital privacy rights and free speech.

The foundation called the release of the documents a “victory” for transparency but intelligence officials said the papers illustrated how the spy service had made unintentional “mistakes” that were rectified under strict judicial oversight.

The release came after the scale of NSA spying was exposed in a series of bombshell media leaks in recent months by former US intelligence contractor Edward Snowden, who has been granted temporary asylum in Russia.

Documents divulged by Snowden have shown the NSA conducts a massive electronic dragnet, including trawling through phone records and online traffic, that has sometimes flouted privacy laws.

The declassified documents released on Tuesday shed light on friction between the NSA and the court, with judges castigating the agency for failing to abide by their orders and misrepresenting the nature of their data collection.

http://www.afp.com/en/news/topstories/yahoo-ceo-fears-defying-nsa-could-mean-prison

NSA paid millions to cover Prism compliance costs for tech companies

• Top-secret files show first evidence of financial relationship • Prism companies include Google and Yahoo, says NSA • Costs were incurred after 2011 Fisa court ruling

 

PRISM: 'really freaky'.

The material provides the first evidence of a financial relationship between the tech companies and the NSA.

The National Security Agency paid millions of dollars to cover the costs of major internet companies involved in the Prism surveillance program after a court ruled that some of the agency’s activities were unconstitutional, according to top-secret material passed to the Guardian.

The technology companies, which the NSA says includes Google, Yahoo, Microsoft and Facebook, incurred the costs to meet new certification demands in the wake of the ruling from the Foreign Intelligence Surveillance (Fisa) court.

The October 2011 judgment, which was declassified on Wednesday by the Obama administration, found that the NSA’s inability to separate purely domestic communications from foreign traffic violated the fourth amendment.

While the ruling did not concern the Prism program directly, documents passed to the Guardian by whistleblower Edward Snowden describe the problems the decision created for the agency and the efforts required to bring operations into compliance. The material provides the first evidence of a financial relationship between the tech companies and the NSA.

The intelligence agency requires the Fisa court to sign annual “certifications” that provide the legal framework for surveillance operations. But in the wake of the court judgment these were only being renewed on a temporary basis while the agency worked on a solution to the processes that had been ruled illegal.

An NSA newsletter entry, marked top secret and dated December 2012, discloses the huge costs this entailed. “Last year’s problems resulted in multiple extensions to the certifications’ expiration dates which cost millions of dollars for Prism providers to implement each successive extension – costs covered by Special Source Operations,” it says.

Fisa 1

An NSA newsletter entry dated December 2012 disclosing the costs of new certification demands. Photograph: guardian.co.ukSpecial Source Operations, described by Snowden as the “crown jewel” of the NSA, handles all surveillance programs, such as Prism, that rely on “corporate partnerships” with telecoms and internet providers to access communications data.

The disclosure that taxpayers’ money was used to cover the companies’ compliance costs raises new questions over the relationship between Silicon Valley and the NSA. Since the existence of the program was first revealed by the Guardian and the Washington Post on June 6, the companies have repeatedly denied all knowledge of it and insisted they only hand over user data in response to specific legal requests from the authorities.

An earlier newsletter, which is undated, states that the Prism providers were all given new certifications within days of the Fisa court ruling. “All Prism providers, except Yahoo and Google, were successfully transitioned to the new certifications. We expect Yahoo and Google to complete transitioning by Friday 6 October.”

Fisa 2                An earlier undated newsletter after the Fisa court ruling on certifications. Photograph: guardian.co.ukThe Guardian invited the companies to respond to the new material and asked each one specific questions about the scale of the costs they incurred, the form of the reimbursement and whether they had received any other payments from the NSA in relation to the Prism program.

A Yahoo spokesperson said: “Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law.”

Asked about the reimbursement of costs relating to compliance with Fisa court certifications, Facebook responded by saying it had “never received any compensation in connection with responding to a government data request”.

Google did not answer any of the specific questions put to it, and provided only a general statement denying it had joined Prism or any other surveillance program. It added: “We await the US government’s response to our petition to publish more national security request data, which will show that our compliance with American national security laws falls far short of the wild claims still being made in the press today.”

Microsoft declined to give a response on the record.

The responses further expose the gap between how the NSA describes the operation of its Prism collection program and what the companies themselves say.

Prism operates under section 702 of the Fisa Amendments Act, which authorises the NSA to target without a warrant the communications of foreign nationals believed to be not on US soil.

But Snowden’s revelations have shown that US emails and calls are collected in large quantities in the course of these 702 operations, either deliberately because the individual has been in contact with a foreign intelligence target or inadvertently because the NSA is unable to separate out purely domestic communications.

Last week, the Washington Post revealed documents from Snowden that showed the NSA breached privacy rules thousands of times a year, in the face of repeated assurances from Barack Obama and other senior intelligence figures that there was no evidence of unauthorised surveillance of Americans.

The newly declassified court ruling, by then chief Fisa judge John Bates, also revealed serious issues with how the NSA handled the US communications it was sweeping up under its foreign intelligence authorisations.

The judgment revealed that the NSA was collecting up to 56,000 wholly US internet communications per year in the three years until the court intervened. Bates also rebuked the agency for misrepresenting the true scope of a major collection program for the third time in three years.

The NSA newsletters say the agency’s response to the ruling was to work on a “conservative solution in which higher-risk collection would be sequestered”. At the same time, one entry states, the NSA’s general counsel was considering filing an appeal.

The Guardian informed the White House, the NSA and the office of the director of national intelligence that it planned to publish the documents and asked whether the spy agency routinely covered all the costs of the Prism providers and what the annual cost was to the US.

The NSA declined to comment beyond requesting the redaction of the name of an individual staffer in one of the documents.

UPDATE: After publication, Microsoft issued a statement to the Guardian on Friday afternoon.

A spokesperson for Microsoft, which seeks reimbursement from the government on a case-by-case basis, said: “Microsoft only complies with court orders because it is legally ordered to, not because it is reimbursed for the work. We could have a more informed discussion of these issues if providers could share additional information, including aggregate statistics on the number of any national security orders they may receive.”

 

http://www.theguardian.com/world/2013/aug/23/nsa-prism-costs-tech-companies-paid

Internet Companies Paid Millions for Spying Activity

By NICK DIVITO

 

(CN) – The National Security Agency paid millions of dollars to Internet companies like Google, Yahoo!, Microsoft and Facebook to cover costs of its PRISM surveillance program, according to secret documents obtained by The Guardian and published on its website.

The money was paid even after the agency’s activities were ruled unconstitutional by a secret court known as the Foreign Intelligence Surveillance Court, according the documents provided to the newspaper by Edward Snowden.

The so-called FISC court was to sign annual “certifications” of approval, but such certifications were only renewed temporarily while the agency sought a solution to what was ruled to be the over-collection of information that FISC Judge John Bates ruled unconstitutional on Oct. 3, 2013.

The order and two others by Bates were declassified two days ago.

“Last year’s problems resulted in multiple extensions to the Certifications’ expiration dates which cost millions of dollars for PRISM providers to implement each successive extension — costs covered by Special Source Operations,” said a December 2012 memo posted by the English newspaper.

Special Source Operations oversees the agency’s surveillance programs, including PRISM., to off-set costs associated with accessing Internet providers’ data, the paper reported.

The Internet companies have repeatedly denied any knowledge of the surveillance program.

An undated newsletter, also posted on Friday, says PRISM providers were given new “certifications” within days of the FISC ruling.

“All Prism providers, except Yahoo and Google, were successfully were successfully transitioned to the new certifications,” the memo reads. “We expect Yahoo and Google to complete transitioning by Friday 6 Oct.”

A Yahoo! Spokesman told The Guardian that it has requested reimbursement from the federal government for costs incurred to respond to requests. Google gave the paper only a “general statement” denying it had joined PRISM.

Microsoft told the paper that it only complies with court orders for information because it is ordered to, not because it is reimbursed on a case-by-case basis.

Bates’ October 2011 ruling showed that the NSA had collected up to 56,000 communications a year in three years. He accused the agency of misrepresenting the real scope of the program and collecting data that went beyond what was represented: domestic communications from foreign traffic.

The NSA has disclosed that it gathered 250 million Internet communications a year, and that 9 percent of those come from “upstream channels” of up to 25 million emails a year.

On Monday, the American Civil Liberties Union, which sued the federal government in Manhattan Federal Court over its alleged spying activities, is expected to provide the court an opening brief for preliminary injunction. The government, meanwhile, is expected to provide a motion to dismiss.

http://www.courthousenews.com/2013/08/23/60564.htm

Link to Anonymous Leaked PRISM-related NSA docs

EEV: Always Click with Caution

Link to Anonymous leaks more PRISM-related NSA docs

Primary Page: http://thedocs.hostzi.com/

Forget phones, PRISM plan shows internet firms give NSA everything

Microsoft, Google, Apple and Yahoo! and others open their legs servers

By Iain Thomson in San Francisco

Posted in Security, 7th June 2013 00:23 GMT

It has been a rough 24 hours for the US National Security Agency. First a leaked court order [1] (and the political reaction [2]) showed that the agency routinely harvests US mobile-use data, and now a new document has been uncovered that claims to show the larger internet companies do the same thing.

A 41-page presentation [3], given in April this year and obtained [4] by the Washington Post, details the PRISM project, a system described as being the largest single source of information for NSA analytic reports. PRISM apparently gives the NSA access to email, chat logs, any stored data, VoIP traffic, files transfers, social networking data, and the ominously named “Special Projects”.

Nine companies are currently part of PRISM. Microsoft was the first firm to sign up on Sept 11, 2007, with Yahoo! coming in the following year, the presentation states. Google and Facebook joined in 2009, the following year YouTube got on board, followed by Skype (before Redmond took it over) and AOL in 2011.

Apple held out for five years, but signed up in October last year, and video chat room provider PalTalk is also on board, with DropBox billed as coming soon. Twitter is conspicuous in its absence from the presentation’s list – which is reassuring – but given the other big names apparently playing ball, the social networking firm’s stand makes little difference.

The claimed PRISM participantsThe claimed PRISM participants

According to the Post, the presentations states that data from PRISM made it into 1,477 presidential briefing articles last year and is used in one out of seven NSA intelligence reports. The NSA’s searches are supposed to target non-US citizens, it appears, but an analysts was told “it’s nothing to worry about” if US data got purloined.

El Reg has contacted companies named in the report and has receive few answers. Microsoft says a statement is being prepared and only Google was prepared to go on the record.

“Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data,” it said in a statement.

Meanwhile, Apple told CNBC “We have never heard of PRISM. We do not provide any government agency with direct access to our servers,” with Facebook also denying it allows “direct access” to its servers.

But you can do a lot of twisting with language – as Bill Clinton showed with his quibbling over the meaning of the word “is [5]” during the Monica Lewinsky saga. Every government agent this hack has talked to says the US government never spies on its own people, but is it spying if this data collection is legal?

The Verizon scandal, and not the accusations of PRISM, makes a statement by the Director of National Intelligence James Clapper in congressional testimony [6] somewhat suspect.

Clapper was asked by Senator Ron Wyden (D-OR) if the NSA collected information on millions or hundreds of millions of Americans. “Not wittingly,” was Clapper’s reply. “There are cases where they could inadvertently perhaps collect, but not wittingly.” Those words now sound rather hollow. ®

Stanford University raises $1 Billion in Donations

PDF Print E-mail
Wednesday, 20 February 2013
Stanford University has set a new record for college fundraising, becoming the first school to collect more than $1 billion in a single year, according to a report released Wednesday.

.
For the eighth straight year, Stanford ranked first in the Council for Aid to Education’s annual college fundraising survey, which shows that elite institutions continue to grab a disproportionate share of donor dollars.
In the 2012 fiscal year, roughly 3,500 U.S. colleges and universities raised $31 billion, 2.3 percent more than the previous year. The record was set in 2008 when schools took in $31.6 billion before fundraising dropped during the height of the financial crisis.

.
“We’re climbing out of the doldrums,” said survey director Ann Kaplan. “We haven’t returned to the high point of 2008, but we’re approaching it. I think you can say that about a lot of industries.”

.
Topping the list was Stanford at $1.035 billion, followed by Harvard University at $650 million, Yale University at $544 million, the University of Southern California at $492 million and Columbia University at $490 million.

.
The top 10 fundraising colleges collected $5.3 billion, or 17 percent, of the $31 billion, even though they represent only 0.3 percent of the 3,500 accredited, nonprofit schools included in the survey.

.
Stanford benefited from a surge in donations at the end of its multi-year Stanford Challenge fundraising campaign, which netted $6.2 billion. It also benefited from the successful launch of a $1 billion campaign for its medical school and hospitals.

.
The 10-campus University of California system raised $1.56 billion, which doesn’t include money collected by its individual campuses. UC Berkeley was the leading fundraiser among all public universities, taking in $405 million.

.
Located in the heart of Silicon Valley, Stanford’s alumni list includes the founders of major tech companies like Yahoo Inc. who have given to the school in recent years.
Stanford raised 46 percent more in its 2012 fiscal year than the $709 million it collected in 2011 and surpassed its previous record of $911 million set in 2006. The $1.035 billion haul is equal to nearly $56,000 for each of its roughly 18,500 undergraduate and graduate students, though much of the money will be used for research and construction.
By contrast, San Jose State University, a public college 20 miles away, raised $14 million, which is equal to $450 for each of its 31,000 students.

.
Stanford received donations from nearly 79,000 donors, including $100 million of a $150 million gift from Silicon Valley investor Robert King and his wife Dorothy to establish the Stanford Institute for Innovation in Developing Economies.

.
“We are in awe and remain humbled by this kind of response. It was a remarkable showing of generosity,” said Martin Shell, Stanford’s vice president for development. “Higher education for most people represents hope for a better future, and donors want to invest in that.”

.

http://macedoniaonline.eu/content/view/22762/61/

 

Was he murdered? Mystery death of American engineer working in Singapore on cutting-edge military technology ‘who had deep misgivings about his work’

  • Shane Todd, an American working on an  18-month assignment in Singapore, was found hanged in his apartment in June  2012
  • Family claims he was murdered and Singapore  police refuse to accept help from FBI
  • Todds also recovered hard drive with backup  data from son’s project
  • Dr Todd was doing research on high-tech  chemical and was collaborating with Chinese company, according to  report

By  Beth Stebner

PUBLISHED: 13:10 EST, 18  February 2013 |  UPDATED: 14:38 EST, 18 February 2013

k
Suspicious: Shane Todd was found dead in his Singapore  apartment last summer; he apparently hanged himself, but his family claims he  was murdered

The hanging death of an American electronics  engineer in Singapore last summer has ignited an international mystery, after  his family and girlfriend developed suspicions that he may have been murdered  the week before he was scheduled to return home to the U.S.

The family of Shane Todd visited his  apartment in the Chinatown district of Singapore days after they received news  of his June 2012 death, saying that their son had misgivings about some of the  work he was doing for the company.

Dr Todd, 31, was slated to return to the U.S.  after completing an 18-month stint at the Institute of Microelectronics, and his  family is now desperately searching for how – and why – their son is  dead.

A February 15 piece published in the Financial Times magazine tells of how Mr Todd’s parents, Mary and Rick Todd, traveled from Montana to  Singapore days after their son’s death on June 23, 2012.

Mrs Todd told the magazine in no uncertain  terms: ‘We think our son was murdered.’

The Todds did not immediately respond to a  request sent by MailOnline.

According to the magazine, the Todds, joined  by their sons, John and Dylan, went to see where Shane had spent his last hours.

His parents have said he was murdered because  of his involvement in the project, which they say involved exporting sensitive  military technology to China.

IME did not immediately respond to  MailOnline’s request for comment.

The family told the FT that they discovered  several things awry at Dr Todd’s Colonial-era apartment.

Piles of laundry were neatly folded and ready  to be packed in suitcases, packed moving boxes littered the apartment, and his  plane ticket back to the States was sitting on his dining room table.

k
Family matters: Mary and Rick Todd, center, went to  Singapore with sons John, back left, and Dylan, far right, to look into the  death of Shane, back right; Chet Todd and his wife

The Singapore police report from last summer  states that Mr Todd – who stood more than 6ft and 200 pounds – constructed a  sort of noose by bolting a pulley to the bathroom wall and wrapping a strap  through the contraption.

However, when the Todd family arrived days  later, they were appalled to find that their late son’s front door was unlocked,  there was no crime tap indicating an active investigation, and more importantly  – no bolts drilled into the bathroom.

The Singapore Police released a statement  today in response to the FT article, reading in part: ‘The police investigate  all unnatural death cases thoroughly, working closely with the pathologist and  other relevant experts, and no prior assumptions are made on the cause of  death,’ according to Yahoo! Singapore.

The FT article also states that the FBI  bureau in Singapore has volunteered their forensic help on two separate  occasions, but said that the local police had declined their help.

An FBI source in Washington told the paper  that they could do nothing to help the investigation until the Singapore Police  formally accepted their assistance.

In the statement, Singapore police added: ‘Since the death of Mr Shane Todd, the Police have engaged and assisted the family without impending the objectivity of our investigation process. We will continue to do so. Police have also kept the American Embassy and FBI informed of this case.’

The family also recovered a hard drive with  backup data from his time at IME. The FT gave information on the hard drive to  Professor Sir Colin Humphreys to analyze. The professor works as the director of  research at Cambridge University’s Centre for Gallium Nitride.

k
Trimming the tree: The Todd brothers at Christmas,  decorating the family tree from their parents’ home in Montana

According to the centre’s website, the  chemical, known as GaN, is ‘probably the most important semiconductor material  since silicon.’

The chemical is used in many of today’s  high-tech products, from Blu-ray players to hybrid electric cars, and can  withstand heat to much higher capacity than silicone. It is the building blocks  for blue light-emitting diodes (LEDs).

Sir Colin told the FT that the data on Dr  Todd’s hard drive was fore a high-electron mobility transistor made from GaN,  adding that the project had applications for both the military and commercial  use.

Singapore police said they were still  investigating the death of Dr Todd and would submit their evidence to a coroner.  Singaporean pathologists concluded in an autopsy last June that he died by  hanging in his Singapore flat.

k
Chemicals: Dr Todd was working with Gallium Nitrate  (GaN), a synthetic material used in many high-tech objects like Blu-ray players  and hybrid electric cars

‘IME approached Huawei on one occasion to  cooperate with them in the GaN field, but we decided not to accept, and  consequently do not have any cooperation with IME related to GaN,’ Huawei said  in a statement.

Huawei said that the development of GaN  technology was commonplace across the telecommunications industry.

Interviews with the family, colleagues and  friends revealed conflicting views on Dr Todd’s state of mind before his death,  the nature of his work and how he died.

Colleagues said that he was increasingly  depressed in his last few months, but said that his concerns appeared to centre  on a sense of failure about his work, and an ambivalence about returning to the  United States.

k
On assignment: Dr Todd lived in the Chinatown district  of Singapore; here the skyline is pictured

Researchers in unrelated fields have also  questioned how, if his work was so sensitive, he was able to take home computer  files from his office.

IME is part of a network of research  institutes managed by government-run Agency for Science, Technology and  Research, or A*Star.

A former A*Star researcher now working in the  United States pointed out that IME and other A*Star institutes were not military  research organizations.

Huawei is one of the world’s largest  telecommunication equipment companies, but has been blocked from some projects  in Australia and deemed a security risk by the U.S. congress on the grounds that  its equipment could be used for spying, according to Reuters.

Huawei has routinely denied such accusations  and has said it is not linked to the Chinese government.

Dr Todd’s parents said in interviews in July  that Singapore police and IME had failed to properly investigate his death after  his body was found hanging from a door in his Singapore apartment on the evening  of June 24, two days after he quit IME.

Singapore police say they have handled the  case as they have handled other cases, and their procedures follow high  international standards. They said in such cases of unnatural death, ‘no prior  assumptions’ were made about the cause.

k
Big business: Huawei is one of the world’s largest  telecommunication equipment companies, but has been deemed a security risk by  the U.S. congress on the grounds that its equipment could be used for  spying

Mrs Todd said in a telephone interview with  Reuters last July that he had been scared.

‘I had been talking to him for months for at  least an hour every week and he told us he was afraid of being murdered because  of his contacts with the Chinese government,’ she said.

‘He quit his job because of it.’

Huawei declined to say whether they had been  working on other projects with IME. Colleagues said shortly after Todd’s death  that he had told them at one point he had been working on a project with Huawei  but that it was not sensitive or high-level in nature.

One described it as carrying out ‘measurement  test reports’ of semiconductors.

The FT said that Dr Todd had been involved in  proposing a joint project with Huawei.

While it did not say whether the project was  approved, it quoted his parents as saying that subsequently he complained to  them of being asked to do things with a Chinese company he did not identify that  made him uncomfortable.

Dr Todd was described in his obituary as an  avid baseball player and a brilliant scientific mind. He earned his PhD in  Electrical Engineering from the University of Santa Barbara.

Reuters  contributed to this report.

Read more: http://www.dailymail.co.uk/news/article-2280635/Shane-Todd-Death-American-engineer-Singapore-working-Gallium-Nitrate-project.html#ixzz2LJW5dskl Follow us: @MailOnline on Twitter | DailyMail on Facebook

McCain claims ‘massive cover-up’ on Benghazi

Senior Media Reporter

By | The Ticket – 1 hr 35 mins ago

(NBC)

While discussing the contentious confirmation hearings for defense secretary nominee Chuck Hagel, things got a bit heated on Sunday’s “Meet The Press” when Sen. John McCain referred to the lack of information from the White House surrounding the Sept. 11, 2012 attacks in Benghazi as a “massive cover-up.”

“There are so many answers we don’t know,” McCain told host David Gregory. “We’ve had two movies about getting bin Laden and we don’t even know who the people were who were evacuated from the consulate the day after the [Benghazi] attack. So there are many, many questions. So we’ve had a massive cover-up on the part of the administration.”

Gregory then pressed McCain on what the Arizona senator meant by “a massive cover-up.”

“I’m asking you, do you care whether four Americans died?” McCain said. “And shouldn’t people be held accountable for the fact that four Americans died?”

“Well, what you said was the cover-up–a cover-up of what?” Gregory asked.

“Of the information concerning the deaths of four brave Americans,” McCain replied. “The information has not been forthcoming. You obviously believe that it has. I know that it hasn’t. And I’ll be glad to send you a list of the questions that have not been answered, including ‘What did the president do and who did he talk to the night of the attack on Benghazi?'”

McCain continued: “Why did the president for two weeks, for two weeks during the heat of the campaign continue to say he didn’t know whether it was a terrorist attack or not? Is it because it interfered with the line ‘Al Qaeda has [been] decimated’? And ‘everything’s fine in that in that part of the world’? Maybe. We don’t know. But we need the answers. Then we’ll reach conclusions. But we have not received the answers. And that’s a fact.”

Earlier, the former Republican presidential nominee said he expects Hagel to be confirmed as defense secretary even though he doesn’t plan to vote for him.

“I don’t believe he is qualified,” McCain said. “But I don’t believe that we should hold up his nomination any further.”

http://news.yahoo.com/blogs/ticket/mccain-massive-cover-benghazi-193426972–politics.html#

 

Yahoo! email! hijack! exploit!… Yours! for! $700!

Cybercrook: It’s a bargain, guys… They usually cost way more

By John LeydenGet more from this author

Posted in Security, 27th November 2012 10:58 GMT

Free whitepaper – The Benefits of a Hybrid Security Architecture

A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts, according to a hacker who is offering to sell an alleged zero-day vulnerability exploit for $700.

The cybercrook, who uses the online nickname TheHell, knocked up a video to market the exploit which he is attempting to sell through Darkode, an underground cybercrime bazaar. The clip was captured and reposted on YouTube by security blogger Brian Krebs.

The video explains that the attack works by tricking a victim into clicking on a maliciously crafted link. This link supposedly exploits a cross-site scripting bug to steal the victim’s Yahoo! mail cookies, which a cybercrook can later use to log into and hijack compromised Yahoo! webmail accounts.

TheHell claims the exploit works on all browsers and is a bargain at the not inconsiderable sum of $700.

I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers. And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!

Yahoo! is investigating the alleged vulnerability, following a tip-off from Krebs. The video advertising the exploit fails to explain which vulnerable URL would trigger the attack, something that’s proving a little hard to pin down.

Yahoo!’s director of security, Ramses Martinez, told Krebs: “Fixing it is easy, most XSS are corrected by simple code change. … Once we figure out the offending URL we can have new code deployed in a few hours at most.”

Yahoo! has yet to respond to our request for an update on the situation. We’ll update this story as and when we hear more.

XSS flaws are a perennial web security problem that are a permanent fixture in the Open Web Application Security Project’s (OWASP) list of Top 10 Application Security Risks. Top tips for guarding against this class of vulnerability by OWASP can be found here.

Xssed.com, a site that collates reported XSS attacks, has several previous examples of XSS flaws on Yahoo! pages and hundreds of examples of flaws on other sites. Scripting bugs vary greatly in their potency, so judging impact by numbers alone is bound to be misleading.

More commentary on the Yahoo! webmail flaws and cross-site scripting more generally can be found in a blog post by Lisa Vaas for the Sophos Naked Security blog here. ®

http://www.theregister.co.uk/2012/11/27/yahoo_email_hijack/

Did hackers uncover Petraeus’ saucy affair webmails before FBI? And How they may of Hacked it

Engineering Evil: Need second confirmation

Biographer minx previously exposed in Stratfor caper

By John LeydenGet more from this author

Posted in Security, 12th November 2012 17:24 GMT

 

FBI agents may not have been the first to rumble the affair between CIA director David Petraeus and his biographer that led to the four-star general’s resignation on Friday.

Anyone with a copy of the leaked Stratfor databases, a half-decent PC, some political nous and a barrel of luck could have uncovered the fling months ago, it has emerged.

Paula Broadwell, the former spy chief’s mistress and biographer, was a customer of Stratfor, the private intelligence outfit that was attacked by Anonymous hackers last year. Buried in the megabytes of subsequently leaked information was Broadwell’s Yahoo! email address and her hashed Stratfor login password.

A security researcher says he spent the weekend recovering her original password from the MD5 hash, or at least a passphrase that will generate an identical hash value, using a brute-force approach and 17 hours of number-crunching on his computer. If the password is indeed the same one she used for Stratfor, and she also used it for her Yahoo! account, then anyone before now could have used the information at hand to compromise her webmail and follow a trail of messages to her illicit liaison with America’s spook supremo.

How a top general came to fall on his sword

Petraeus, 60, resigned on Friday after the Feds discovered his dalliance with Broadwell, a married 40-year-old former military officer. An FBI probe was launched months ago when another woman alleged Broadwell had sent her “harassing” emails, the New York Times reports. This is contrary to earlier reports suggesting agents began monitoring on the spy boss’s personal Gmail account over concerns it had been compromised by Chinese hackers.

An anonymous “senior US military official” named Jill Kelley, a 37-year-old from Tampa in Florida, as the woman who complained to the FBI; she is an executive on the State Department’s liaison to the military’s Joint Special Operations Command, and is known to both Petraeus and Broadwell.

It is alleged Broadwell used her paulabroadwell@yahoo.com address to send unpleasant emails to Kelley, possibly perceiving her as a love rival, that included extracts of sexually suggestive messages copied from a Gmail account setup by Petraeus. The emails sent to Kelley warned her to “stay away from” the general, the Wall Street Journal claims. This linked the complaint to Petraeus, a breadcrumb trail picked up by investigators – and potentially anyone else who was able to log into the Yahoo! account.

Cracking her Stratfor password – and potentially unlocking her Yahoo! inbox too

Broadwell’s Stratfor password was fairly strong; if it was one character longer, it would have been beyond the grasp of security researcher Robert Graham of Errata Security. He used a cracking utility called oclHashcat and a GPU accelerator to brute force the original password from its MD5 hash value, or at least a phrase that would generate the same value, eventually finding out the password after 17 hours of exhaustive crunching.

It is possible she used the same combination of eight characters elsewhere, perhaps even for her Yahoo! account. This would have given anyone who cracked her password a way to access her webmail, assuming they had decided to target Broadwell months before she hit the headlines.

However, Graham can find no reference to the password after a Google search, suggesting that if a hacker had compromised the password then it wasn’t an Anonymous or LulzSec bod, who often like to brag in public and reveal stolen credentials.

Graham said his exercise in cracking Broadwell’s password was justified because her account and password had already been blown.

Meanwhile some are beginning to speculate that Google’s location tracking of IP addresses of Gmail accounts might have betrayed the identity of the adulterous CIA chief. The Atlantic reports Petraeus used a pseudonym to set up his private Google mail account, but this didn’t prevent his identity from being gleaned by investigators monitoring Broadwell’s email accounts. It is believed that rather than exchanging emails, the two lovers swapped explicit messages using shared access to the same Gmail account.

Tinker, tailor, shagger, spy

‪Petraeus‬’ affair with Broadwell began after the former architect of the US counterinsurgency strategy in Iraq retired from the military and joined the CIA last year, according to a former aide.

‪Petraeus has been married ‬for ‪37 years to Holly Petraeus and the couple have two children, including a son serving in Afghanistan.‬ Justice Department and high-level administration officials, including Attorney General Eric Holder, have reportedly been aware of the investigation into Broadwell since spring but things only came to a head over the last fortnight.

FBI agents interviewed Petraeus, who admitted the fling. A report was submitted to Director of National Intelligence James Clapper last week by the Feds. They noted no crime had been committed‪, ‬but the spy chief‪ nonetheless‬ understood his position was untenable.

In a resignation statement, ‪Petraeus‬ said:

Yesterday afternoon, I went to the White House and asked the President to be allowed, for personal reasons, to resign from my position as D/CIA. After being married for over 37 years, I showed extremely poor judgment by engaging in an extramarital affair. Such behavior is unacceptable, both as a husband and as the leader of an organization such as ours. This afternoon, the President graciously accepted my resignation.

Lawmakers left in the dark are beginning to raise questions over the Petraeus affair and the timing of his resignation days before an important hearing. ‪Petraeus‬ was due to testify before Congress regarding the Obama administration’s handling of a terrorist attack in Benghazi that led to the death of four Americans, including US ambassador Chris Steven.

“We received no advanced notice. It was like a lightning bolt,” said Democratic Senator Dianne Feinstein of California, who heads the Senate Intelligence Committee, AP reports.

Some commentators are upset ‪Petraeus has been obliged to resign‬ for behaviour that in other Western countries may have passed almost without notice. Predictably the whole business has quickly become a butt of jokes.

Patriot hacker ‏th3j35t3r joked: “Give Petraeus a break, having sex w/ ur biographer is unquestionably more exciting than having sex w/ ur autobiographer. Right ‪#assange‬?” ®

http://www.theregister.co.uk/2012/11/12/cia_boss_resignation_webmail_intrigue/

Could Google disappear? Analysts warn of Google’s demise if the search engine fails to improve mobile advertising

  • Google shares dropped nearly 10 percent over  the course of two days, wiping out more than $24 billion from the company’s  value
  • Plunge in share prices followed weak  earnings report showing a 20 percent decline in profits compared to the same  quarter last year
  • Analysts say the drop in earnings is driven  by a an advertising problem that will continue to worsen for Google

By Hayley Peterson, Hugo Gye, Louise Boyle and Peter Campbell

PUBLISHED:10:21 EST, 20  October 2012| UPDATED:10:43 EST, 20 October 2012

 

As Google suffers a catastrophic nose-dive in  its market value, analysts are already predicting its demise as the world’s lead  Internet search engine.

‘[Google] could disappear in five to eight  years and disappear in the sense that Yahoo used to be the king of search,’ said  Eric Jackson, the founder and managing member of Ironfire Capital, a  technology-focused hedge fund. ‘Now, for all intents and purposes, Yahoo has  disappeared,’ he said on CNBCFriday.

Google’s stock value plunged a hair-raising  10 percent this week — wiping out more than $24 billion from the company’s  value — after its third-quarter earnings report, which revealed a 20 percent  drop in profits over last year, was accidentally released three hours earlier  than planned on Thursday.

The profit losses were driven by a decline in  advertising revenue, according to its earnings report. The amount that  advertisers paid Google on a click-per-click basis fell 15 percent.

Advertising revenues are falling — and will  continue to fall — for Internet companies because consumers are increasingly  migrating to mobile applications and advertisers aren’t willing to pay as much  for a mobile ad.

‘I keep saying Facebook isn’t the only one  that has a mobile issue — Google does, too,’ Colin Gillis, an analyst for  Boston Consulting Group, told CNBC.com. ‘If you are  an investor in Facebook, mobile is priced into earnings. I don’t think mobile in  Google is priced in.’

Advertisers aren’t willing to pay as much for  mobile advertising because the platform is not as effective as advertising on a  desktop or laptop computer, analysts said.

Other companies, such as Apple, will get  ahead of Google in attracting advertisers to their mobile applications and  Google’s dominance will eventually start to shrink, Jackson predicted.

‘I think that there is a big opportunity  right now for someone to step forward and assert themselves for a new way of  getting people information for doing search in a mobile world,’ Jackson said. ‘I  don’t think typing in a blue box is the ideal format for a mobile world. And I  think the best opportunity out there to displace Google in this area is probably  Apple’s Siri.’

For now however, despite its drop in  earnings, Google remains dominant in online advertising with a 74.5 percent  share of the U.S. search ad market, according to data from eMarketer.

Shares in Apple, the only technology company  larger than Google in market value, fell by around 2.8 per cent during trading  on Friday.

Scroll down for  video

Tumble: After crashing on Thursday, the share price fell even further when markets opened on Friday 

Tumble: After crashing on Thursday, the share price fell  even further when markets opened on Friday

Facebook, which is another technology stock  heavily dependent on advertising for its revenues, saw its shares fall by 0.5  per cent during trading.

The Dow Jones index of trading on Wall Street  dipped more than 200 points.

 

Google blamed its printers for releasing the  results by accident. Speculation was mounting on Friday night that Google could  make a legal claim against R.R. Donnelley, the company it pays to put out its  financial results.

Blunder: A press release was prematurely issued on Thursday with the line 'awaiting quote from Larry' in reference to Google co-founder Larry Page 

Blunder: A press release was prematurely issued on  Thursday with the line ‘awaiting quote from Larry’ in reference to Google  co-founder Larry Page

It was quickly obvious that a mistake  had  been made – the second paragraph of the filing said ‘PENDING LARRY  QUOTE’  instead of an actual quote from Google CEO Larry Page – but it  was not clear  why.

The company could have a negligence  claim to  recover any additional costs it incurred in responding to the  incident,  according to Reed Kathrein at U.S. law firm Hagens Berman.

But any shareholders looking to  recoup lost  investments would not have a legal case because there was ‘no fraudulent intent’ in the early release, he added.

Google’s troubles  were shared by the markets  as a whole – the Nasdaq market of technology  stocks fell by more than two per  cent, while the Dow Jones index was  down 1.5 per cent.

The  contagion also spread to Europe, with  Britain’s FTSE 100 closing 0.3 per cent lower and the leading French and German  markets both down nearly  one per cent.

Google later said on its blog that Donnelley had filed a draft of the document  without authorization.

Respected financier David Buik, who  has  studied the stock markets for 50 years and works for investment firm Cantor  Index, said: ‘Nothing has ever come remotely close to this.

‘The bubble has burst. After Google’s  meteoric rise something like this was always bound to happen.’

Trading in Google stock was halted when its  shares fell by nine per cent in  just eight minutes following the release of its  disappointing earnings  report.

Analyst at GFT Markets Fawad Razaqzada, told Mail Online: ‘The closing price was around $695 a  share – the  last time it was this low was as recently as September 13. So, assuming a  shareholder had bought before this date they would still  be in profit.

‘But if they had bought in the last  five  weeks they would now be sitting on a loss. Google’s shares also  traded around  these levels in November 2007, reaching a high of  $747.24.’

WHY WAS SO RELEASE OF  THE  RESULTS EARLY SUCH A DISASTER?

There’s an old saying that markets don’t like  surprises, and negative results being published early is a prime  example.

Even though the statistics are bad for Google  whenever they are published, the early release did not give the internet giant  the opportunity to explain why the figures were so disappointing or manage  market expectations.

Usually earnings reports come with a numerous  conference calls and briefings between the firm’s management and investors,  traders and journalists to give content to the figures an reassure the markets.

Without the briefings, the numbers are left  to speak for themselves.

The plunge prompted worries that a  second  dot.com crash could be on the way.

Google’s troubles coincided  with a steady  fall in Facebook’s share price and the ongoing struggles of newer start-ups such  as Groupon and Zynga.

Tech industry experts warned that the stark  fall in advertising rates could hit other Internet giants.

‘It was just too rapid a deceleration,’ said  Brian Wieser, an analyst at Pivotal Research Group commenting on  Google.

He said the results pointed to a weakening  online advertising environment  that would affect many ad-based internet firms,  adding: ‘Many of the  same underlying trends drive Facebook  advertising.’

The Google disaster came as Mark  Zuckerberg  openly acknowledged last month that Facebook’s stock market  launch damaged the  company’s image.

He told a tech conference in San Francisco:  ‘The performance of the stock has obviously been disappointing.’

One of the mistakes that Zuckerberg  pointed  out was that Facebook spent too long focusing on their HTML  platform for the  web as opposed to adapting and improving the product  for mobile devices which  he now firmly believes is the future of the  network.

He said that they underestimated ‘how  fundamentally good mobile is’ for their growth.

 

Larry Page graphic

THE PRINTING FIRM THAT COST  GOOGLE $24BILLION

R.R. Donnelley has become the world’s  large commercial printer in the last two decades, having bought up a string of  other businesses.

The Chicago-based firm has published Penguin  Classics and paperbacks from the Twilight vampire series as well as the  best-selling Idiot’s Guide books.

R.R. Donnelley & Sons Co handles  thousands of securities filings a year for corporate clients in a routine  process that is invisible to most investors.

Google issued a statement blaming Donnelley,  its filing agent, after the Internet search company’s quarterly results were  released by the U.S. Securities and Exchange Commission hours ahead of  schedule.

Donnelley shares lost more than 5 percent  after Google started pointing the finger.

The company did not respond to a call for  comment, but issued a statement to CNBC in which it said it was investigating  the circumstances of the release.

Best known as a provider of printing  services, Donnelley is also the top SEC filing agent in the country, handling  more than 75,000 submissions this year as of mid-October, according to  SECInfo.com.

Filing agents like Donnelley take paper  documents and convert them for submission to the SEC in the appropriate format.  The company also owns the filing portal EDGAR Online.

It ranks 249 in the list of Fortune 500 of  America’s largest corporations with about 58,000 employees.
Can they be sued?

‘Everyone is trying to figure out if there’s  any legal issue with respect to R.R. Donnelley. Google is halted, Donnelley is  down big-time on the news since they’re allegedly not supposed to have released  the information,” said Michael Matousek, senior trader at U.S. Global Investors  in San Antonio.

But one plaintiffs lawyer who sues companies  on behalf of investors said shareholders would not have a claim against either  Google or R.R. Donnelley because the earnings disclosure was likely a  mistake.

‘There’s no fraudulent intent here,’ said  Reed Kathrein with Hagens Berman.

R.R. Donnelley may not be entirely off the  hook with Google, however. The company could have a negligence claim to recover  any additional costs it incurred in responding to the incident, Kathrein  said.

Any potential damages against R.R. Donnelley  could be limited, though, by the contract between the two  companies.

‘I basically live on my mobile device,’  Zuckerberg said. ‘You know the  founders letter in the S-1? I wrote that on my  phone. I do everything on my phone.’

Analysts blamed the poor performance by  Google on its $12.5billion (£8billion) acquisition of  Motorola, the struggling  cellphone manufacturer which has been left  behind by its more fashionable  rivals.

Another problem for the company, which is  overwhelmingly reliant on  search-based advertising for its revenue, is that  advertisers have  slashed payments to the search giant as consumers turn towards  mobile  devices.

‘The core business seems to have slowed down  pretty significantly, which is shocking. I  don’t think anybody saw this,’ said  Sameet Sinha, analyst at B Riley.

‘The only conclusion l can look at is – search is happening more and more  outside of Google, meaning people are  searching more through apps than  through Google search. That could indicate a  secular change, especially  when it comes to e-commerce searches.

‘The big fear has always been – what if  people decide just to go straight to Amazon and do their searches? And  potentially that’s what could be  happening.’

Digital  marketing analyst Gary Buchan warned  that Google’s struggles could  continue over the short term, saying: ‘There are  probably a few ugly  reports in the pipeline yet.’

He told MailOnline: ‘Around 95 per cent of  Google’s income comes from its  advertising services, and while many big brands  are maintaining their  budgets and are being aggressive to win new customers in  the current  economic climate, a large proportion of the search engine’s  advertisers  are small businesses who are more exposed.

‘If they’re feeling the pinch, small  businesses have to cut costs somewhere and often the first thing to go is  marketing.’

But Mr Buchan insisted that such a ubiquitous  company would recover  eventually: ‘Bing might be dreaming otherwise, but this  is nothing more  than a blip.

Google’s third-quarter profits fell  20 per  cent on a year earlier to $2.18billion (£1.35billion) – well  below analysts’  expectations.

The dire results were due to be issued after  the markets had finished trading for the day.

But because they were released early,  investors were able to dump their stock and send the shares into a  nosedive.

Adding to the chaos, a major trading website  appeared to have crashed as investors sought to make sense of the  situation.

Google’s stock fell $68.19, or nine per cent,  to $687.30 before trading was halted to give shareholders a chance to digest the  news amid fears of a massive crash.

Troubled: The press release which sent Google's shares plunging - it was quickly obvious that a mistake had been made - the second paragraph of the filing said 'PENDING LARRY QUOTE' instead of an actual quote from Google CEO Larry Page 

Troubled: The press release which sent Google’s shares  plunging – the ‘PENDING LARRY QUOTE’ can be seen in the second paragraph of the  filing

Internal workings: Behind the scenes at Google's data centres. The company suffered a stock market plunge today after years of growth 

Internal workings: Behind the scenes at Google’s data  centres. The company suffered a stock market plunge today after years of  growth

The firm was losing more than $45 million for  every second it was being traded before the shutdown, which was  requested by  Google itself.
It is unclear how much of the plunge  was attributable to  the surprise leak of the report, as the  exceptionally poor results would almost  certainly have triggered some  fall in the firm’s value.
When trading  reopened around two hours  later, the share price failed to recover  significantly, crawling up one  percentage point to $695.00.
The fiasco  brings to an end an  incredible growth story that has seen the company’s worth  balloon to  become the most valuable technology firm after iPhone maker  Apple.The company did not explain why its  earnings had been so disappointing.

Surprise: The company's profits fell by 20 per cent year-on-year - way below analysts' expectations 

Surprise: The company’s profits fell by 20 per cent  year-on-year – way below analysts’ expectations

The report comes at a crucial juncture for  Google, which is preparing to  embark on a number of high-profile new projects  such as Google Glass, a  tiny computer fitted to a pair of spectacles, and the  $250 Chromebook  laptop which was released today.

The stock market disaster  overshadowed the  Chromebook launch in San Francisco with several  reporters running out of the  event to cover what had happened.

Google’s earnings report had been scheduled  for release at 4.30pm on Thursday, after the end of regular trading.

The PENDING LARRY QUOTE’ at the beginning of the premature press release, quickly went  viral.

It became a hashtag on Twitter as jokes ran  riot, along with #google and #oops.

Adding to an appalling day for the company,  YouTube, the video-sharing site  owned by Google, appeared to crash completely  for several minutes on  Thursday afternoon.

WHERE DID IT ALL GO  WRONG?

The main reason for Google’s fall in profits  is its $12.5billion purchase of Motorola, the struggling cellphone  manufacturer.

The division lost more than $500million over  the quarter, prompting aggressive cost-cutting measures.

However, the web giant is also suffering in  its core business, search-related  advertising, as the income received for every ad clicked on fell by 15  per cent in just three months.

The future may be no brighter for the firm,  as it is set to plow millions into new  ventures such as virtual-reality glasses and driverless  cars.

And some analysts have predicted a bleak  outlook as web users turn away from Google and start using alternative  search methods such as Facebooks and mobile  apps.

Mr Page later issued a comment  arguing that  the company had enjoyed ‘a strong quarter’, adding: ‘We had a strong quarter.  Revenue was up 45 percent year-on-year, and, at just  fourteen years old, we  cleared our first $14billion revenue quarter.

‘I am also really excited about the progress  we’re making creating a  beautifully simple, intuitive Google experience across  all devices.’

Google issued a statement blaming R.R.  Donnelley, the Chicago-based company that  prints its financial documents, for  the early release.

‘Earlier this morning RR Donnelley, the  financial printer, informed us that they had filed our draft 8-K earnings  statement without authorization,’ the  Google statement read.

‘We have ceased trading on NASDAQ  while we  work to finalize the document. Once it’s finalised we will  release our  earnings, resume trading on Nasdaq and hold our earnings  call as  normal.’

Donnelley’s shares fell by more than  five  per cent following the blunder as the firm blamed its screw-up on ‘human error’  and promised to launch an  investigation to ‘determine how this event took  place’.

Reed Kathrein, of law firm Hagens Berman,  said Google could have a  negligence claim against Donnelley to recover any  costs it sustained in  the incident.

The  Chicago-based firm has printed Penguin  Classics and paperbacks from the  Twilight vampire series as well as the  best-selling Idiot’s Guide books.

Over the past two decades, it has bought up a  string of other firms to become the world’s largest commercial printer.

On its website, Donnelley boasts of working  with more than 60,000  customers worldwide ‘to develop custom communications  solutions that  reduce costs, drive top line growth, enhance ROI and ensure  compliance’.

It ranks 249 in the list of Fortune 500 of  America’s largest corporations with about 58,000 employees.

Grim news: Google is attempting to turn its fortunes around with projects such as the driverless car and the digital glasses worn here by co-founder Sergey Brin 

Grim news: Google is attempting to turn its fortunes  around with projects such as the driverless car and the digital glasses worn  here by co-founder Sergey Brin

R.R. Donnelley also reported a downturn in  business earlier this year as more readers chose digitial devices over books.

It has closed plants and laid off workers but  share prices have slumped since 2007. Between May 31, 2011 and February stocked  dropped from $21.34 to $11.25.

In a regulatory filing, Google said it earned  $2.18billion, or $6.53 per share, during the three months ending in September.

That compared with net income of  $2.73billion, or $8.33 per share, last year.

The earnings would have been $9.03 per share,  if not for Google’s  accounting costs for employee stock compensation and  restructuring  charges related to the acquisition of Motorola.

Google’s filings with the Securities &  Exchange Commission  also revealed a worrying drop in the amount of money the  technology  giant receives for each advert users click on its  websites.

Its average income per click fell 15 per cent  over the three months to the  end of September, sparking fears that it is losing  traction with  advertisers.

Google has been working on non-search products such as its Google Glass concept for augmented reality spectacles.

 

Burden? But some analysts blame the expenditure on these  non-core projects for the firm’s fall in profits

The slowly growth in ad revenue is driven by  the growing use of smartphones and tablet  computers to access the  internet.

The ads are more difficult to see on  smartphones, in particular, so  marketers are not willing to pay as much for  those commercial messages  as they do for ads that are seen by people on  personal computers.

And people relying on mobile devices tend to  use specially designed  applications that are not as receptive to Google’s ads  as web browsers  are

Read more: http://www.dailymail.co.uk/news/article-2220635/Could-Google-disappear-Analysts-warn-search-engines-demise-fails-improve-mobile-advertising.html#ixzz29rUB6a7i Follow us: @MailOnline on Twitter | DailyMail on Facebook