Wired

Newly uncovered components of a digital surveillance tool used by more than 60 governments worldwide provide a rare glimpse at the extensive ways law enforcement and intelligence agencies use the tool to surreptitiously record and steal data from mobile phones.

The modules, made by the Italian company Hacking Team, were uncovered by researchers working independently of each other at Kaspersky Lab in Russia and the Citizen Lab at the University of Toronto’s Munk School of Global Affairs in Canada, who say the findings provide great insight into the trade craft behind Hacking Team’s tools.

The new components target Android, iOS, Windows Mobile, and BlackBerry users and are part of Hacking Team’s larger suite of tools used for targeting desktop computers and laptops. But the iOS and Android modules provide cops and spooks with a robust menu of features to give them complete dominion over targeted phones.

This is the first time that the modules used to spy on mobile phone users have been uncovered in the wild and reverse-engineered. Kaspersky has tracked more than 350 command-and-control servers created for this purpose in more than 40 countries. While Kaspersky found only one or two servers in most of these countries, the researchers found 64 in the United States -- by far the most. Kazakhstan followed with 49, Ecuador with 35 and the United Kingdom with 32.

As Kaspersky notes, it makes little sense for governments to maintain their command servers in foreign countries where they run the risk of losing control over the servers.

[Commentary] Privileged companies -- including Google, Facebook, and Netflix -- already benefit from what are essentially Internet fast lanes, and this has been the case for years.

Such web giants -- and others -- now have direct connections to big Internet service providers like Comcast and Verizon, and they run dedicated computer servers deep inside these ISPs. In technical lingo, these are known as “peering connections” and “content delivery servers,” and they’re a vital part of the way the internet works.

The concepts driving today’s net neutrality debate caught on because the Internet used to operate differently -- and because they were easy for consumers to understand. In many respects, these concepts were vitally important to the evolution of the Internet over the past decades. But in today’s world, they don’t address the real issue with the country’s ISPs, and if we spend too much time worried about fast lanes, we could hurt the net’s progress rather than help it.

When Google announced Project Loon on June 15, 2013, a lot of people were skeptical. But Google reports that since then, it has been able to extend balloon flight times and add mobile connectivity to the service.

As a result, Google’s expectations are flying even higher than the 60,000-foot strata where its balloons live. “This is the poster child for Google X,” says Astro Teller, who heads the division. “The balloons are delivering 10x more bandwidth, 10x steer-ability, and are staying up 10x as long. That’s the kind of progress that can only happen a few more times until we’re in a problematically good place.”

Since the first public test flights in New Zealand, Google’s balloons have clocked over a million and half kilometers.

Google made a different kind of advance with Loon when it added the capability to send data using the LTE spectrum -- making it possible for people to connect directly to the Internet with their mobile phones. (Loon’s original Wi-Fi connection required a base station and a special antenna.) Using LTE also helped Google boost the capacity of its connections. Recent Loon payloads are providing as much as 22 MB/sec to a ground antenna and 5 MB/sec to a handset.

An algorithm has been developed to automatically recognise human gestures or activities in videos in order to describe what is taking place.

MIT postdoc Hamed Pirsiavash and his former thesis advisor Deva Remanan from the University of California at Irvine have used natural language processing techniques in order to improve computers' ability to search for particular actions within videos -- whether it's making tea, playing tennis or weightlifting.

The activity-recognising algorithm is faster than previous versions and is able to make good guesses at partially completed actions, meaning it can handle streaming video. Natural language processing has been applied to computer vision in order to break down the different components involved in any action in the same way that sentences are divided down into different elements.

The researchers essentially came up with a type of grammar for human movement, dividing up one main action into a series of subactions. As a video plays, the algorithm constructs a set of hypotheses about which subactions are being depicted and where, and ranks them according to probability. As the video progresses, it can eliminate hypotheses that don't conform to the grammatical rules, which then dramatically reduces the number of possibilities.

Pirsiavesh believes that the system may have medical applications, including checking that physiotherapy exercises are being carried out correctly or the extent to which motor function in patients with neurological damage has returned.

[Commentary] Well, the last meeting of the Federal Communications Commission was certainly a lot of sound and fury signifying next to nothing.

FCC Chairman Tom Wheeler, despite weeks of backlash, still wants to allow Internet Service Providers like Comcast and Verizon to “offer” different levels of service to Internet companies, although he refused to call them a “fast lane” and a “slow lane” and refused to recognize how those arrangements up the food chain affect consumers and a neutral Internet.

His concession to those of us who value a neutral Internet is to allow it on a case-by-case basis, guaranteeing that nothing will ever get settled, and Internet companies will be allowed to bleed money. Sure, the FCC will ask whether the telecommunications services that carry Internet content should be regulated like utilities (Title II of the Communications Act), and there will be people who make an argument for it.

But here’s the rub. The damage is already done. It was done months ago. And the FCC did nothing to stop it. Regardless of what rule the FCC finally approves, and defends through the years of court challenges, it already established the bad precedent that big ISPs can cause traffic congestion, demand tribute to fix it, and get away with it.

American law enforcement has long advocated for universal “kill switches” in cellphones to cut down on mobile device thefts. Now the Department of Justice argues that the same remote locking and data-wiping technology represents a threat to police investigations -- one that means they should be free to search phones without a warrant.

In a brief filed to the US Supreme Court in the case of alleged Boston drug dealer Brima Wurie, the Justice Department argues that police should be free to warrantlessly search cellphones taken from suspects immediately at the time of arrest, rather than risk letting the suspect or his associates lock or remotely wipe the phone before it can be searched.

The statement responds to briefs made to the court by the Center for Democracy and Technology and the Electronic Frontier Foundation arguing that warrantless searches of cellphones for evidence represents a serious violation of the suspect’s privacy beyond that of a usual warrantless search of a suspect’s pockets, backpack, or car interior.

When ex-government contractor Edward Snowden exposed the National Security Agency’s widespread efforts to eavesdrop on the internet, encryption was the one thing that gave us comfort.

Even Snowden touted encryption as a saving grace in the face of the spy agency’s snooping. “Encryption works,” the whistleblower said in June 2013. “Properly implemented strong crypto systems are one of the few things that you can rely on.”

But Snowden also warned that crypto systems aren’t always properly implemented. “Unfortunately,” he said, “endpoint security is so terrifically weak that NSA can frequently find ways around it.”

Since the Heartbleed bug has existed for two years, it raises obvious questions about whether the NSA or other spy agencies were exploiting it before its discovery. Now that caveat has hit home -- in a big way -- when researchers revealed Heartbleed, a two-year-old security hole involving the OpenSSL software many websites use to encrypt traffic.

“It would not at all surprise me if the NSA had discovered this long before the rest of us had,” Matt Blaze, cryptographer and computer security professor at the University of Pennsylvania says. “It’s certainly something that the NSA would find extremely useful in their arsenal.” So far, though, there’s no evidence to suggest this is the case. For one thing, the bug did not affect every website.

The biggest US Internet wiretapping program outside the National Security Agency may be headed to the Supreme Court. Google is asking the high court to rule on the legality of the company’s past sniffing of unencrypted Wi-Fi traffic in neighborhoods around the country as part of its Street View program. If the Supreme Court hears the case and eventually rules that unencrypted Wi-Fi sniffing is legal, that might be seen as a boon to criminals who eavesdrop on public access points to sniff out passwords or credit card numbers. But Google ingeniously argues that the 9th Circuit’s ruling is actually bad for computer security, because it could bar legitimate security scanning.

The National Security Agency’s global spy operation may seem unstoppable, but there’s at least one target that has proven to be a formidable obstacle: the Chinese communications technology firm Huawei, whose growth could threaten the agency’s much-publicized digital spying powers.

An unfamiliar name to American consumers, Huawei produces products that are swiftly being installed in the Internet backbone in many regions of the world, displacing some of the western-built equipment that the NSA knows -- and presumably knows how to exploit -- so well. That obstacle is growing bigger each year as routers and other networking equipment made by Huawei Technologies and its offshoot, Huawei Marine Networks, become more ubiquitous. The NSA and other US agencies have long been concerned that the Chinese government or military -- Huawei’s founder is a former officer in the People’s Liberation Army -- may have installed backdoors in Huawei equipment, enabling it for surveillance. But an even bigger concern is that with the growing ubiquity of Huawei products, the NSA’s own surveillance network could grow dark in areas where the equipment is used. For that reason, as the latest Snowden revelations showed, the spy agency reportedly hacked Huawei as part of an operation launched in 2007. The plan involved stealing source code for some of Huawei’s products in the hope of finding vulnerabilities. Such security holes could allow the NSA to exploit the products and spy on traffic in countries where Huawei equipment is used -- such as Iran, Afghanistan, Pakistan, Kenya, and Cuba. “Many of our targets communicate over Huawei-produced products,” an internal NSA document obtained by Snowden noted in 2010, according to the New York Times. “We want to make sure that we know how to exploit these products … to gain access to networks of interest” around the world.

[Commentary] The US government announced, in a smart front-footed move, that it intends to release oversight of its long-treasured Internet Assigned Numbers Authority (IANA) contract under which the US Commerce Department contracts Internet Corporation for Assigned Names and Numbers (ICANN), a private US company, to perform key Internet administration tasks.

This prescriptive, carefully-limited announcement is the long-awaited fulfilment of a promise made 16 years ago when ICANN first came into being, and it would be the first time since the net's inception that the US government would abandon formal oversight. Of course, US vested interests in ICANN as a US-based company, subject to US law, and partial to US industry, remain, as does the almighty US technical and economic leverage over the digital ecosystem.

Contrary to reactions by US conservatives, this recent move barely diminishes that control, at least not immediately. Instead, it marks an early strategic play by the US to control future discussions of net governance. What it changes, to uncertain ends, is the balance of power between US public and private interests. We are moving inexorably towards a situation where enormous amounts of control are centered in private hands, often beyond the scope of effective regulation. This should be a matter of great concern.

[Powles researches and writes on law, science and technology at the University of Cambridge]