Security Bullet In
Communiques from the security front, sir
Thursday 30 October 2008, 5:39 PM
Gibson: Is McKinnon still here?
You wouldn't expect one of the FBI agents involved in the case of Gary McKinnon to have much sympathy with the alleged Nasa hacker. Ed Gibson, who now works for Microsoft as its security adviser to the UK, in a previous life worked as an FBI legal attache in the UK, and was involved in McKinnon's controversial plea bargaining process.
McKinnon is accused of "the biggest military hack of all time" for accessing US military computers, and faces almost certain extradition. McKinnon, who claims he was looking for evidence of UFOs, has never denied accessing the military computers, but denies deliberately deleting files and causing damage. He was recently diagnosed with Asperger's Syndrome, a condition on the autistic spectrum.
The temperature at an RSA Conference Europe press event plummeted when I raised the subject of McKinnon's probable extradition with Gibson. I asked the ex-FBI agent whether he thought Gary McKinnon's Asperger's diagnosis should have any bearing on whether or not McKinnon should be extradited. Gibson replied:
"I think Jacqui Smith made the determination -- the Asperger's diagnosis shouldn't have any bearing [on whether McKinnon is extradited]," said Gibson. "Is he still here?"
When I said that yes, McKinnon was still here, Gibson said: "Why?" I said that his defence lawyers were seeking a judicial review of Home Secretary Jacqui Smith's decision to extradite the self-confessed hacker, given his Asperger's diagnosis.
The already chilly atmosphere in the press room dropped still further when I quizzed Gibson as to his role in the plea bargaining. Gibson is believed to have told Karen Todner, McKinnon's solicitor, that the New Jersey authorities were determined to see McKinnon "fry" for his alleged crimes, should he be extradited. New Jersey has the death penalty.
When I asked Gibson whether he had threatened that McKinnon could "fry", Gibson muttered: "That was never said. The court records are really clear."
I was curious as to whether that was correct, so I gave Karen Todner a ring. She told me she had sworn an affadavit that Gibson had said McKinnon could "fry", while Gibson had sworn an affadavit that he hadn't said that.
"[Gibson] later sent me an email insisting he hadn't said that," said Todner.
Hmmm, sounds to me that it still isn't "really clear" exactly what was said at all.
McKinnon is accused of "the biggest military hack of all time" for accessing US military computers, and faces almost certain extradition. McKinnon, who claims he was looking for evidence of UFOs, has never denied accessing the military computers, but denies deliberately deleting files and causing damage. He was recently diagnosed with Asperger's Syndrome, a condition on the autistic spectrum.
The temperature at an RSA Conference Europe press event plummeted when I raised the subject of McKinnon's probable extradition with Gibson. I asked the ex-FBI agent whether he thought Gary McKinnon's Asperger's diagnosis should have any bearing on whether or not McKinnon should be extradited. Gibson replied:
"I think Jacqui Smith made the determination -- the Asperger's diagnosis shouldn't have any bearing [on whether McKinnon is extradited]," said Gibson. "Is he still here?"
When I said that yes, McKinnon was still here, Gibson said: "Why?" I said that his defence lawyers were seeking a judicial review of Home Secretary Jacqui Smith's decision to extradite the self-confessed hacker, given his Asperger's diagnosis.
The already chilly atmosphere in the press room dropped still further when I quizzed Gibson as to his role in the plea bargaining. Gibson is believed to have told Karen Todner, McKinnon's solicitor, that the New Jersey authorities were determined to see McKinnon "fry" for his alleged crimes, should he be extradited. New Jersey has the death penalty.
When I asked Gibson whether he had threatened that McKinnon could "fry", Gibson muttered: "That was never said. The court records are really clear."
I was curious as to whether that was correct, so I gave Karen Todner a ring. She told me she had sworn an affadavit that Gibson had said McKinnon could "fry", while Gibson had sworn an affadavit that he hadn't said that.
"[Gibson] later sent me an email insisting he hadn't said that," said Todner.
Hmmm, sounds to me that it still isn't "really clear" exactly what was said at all.
Monday 20 October 2008, 2:16 PM
Passport needed for mobile phone purchases?
The Sunday Times reported (on Sunday) that passports will be needed to register mobile phones, after which mobile users' details will be collated on a centralised government database.
This would supposedly cut a loophole out of the upcoming Communications Data Bill, which the Home Office has proposed should include a centralised database of details of all communications, including phone, email, and web-surfing habits. The loophole being that pay-as-you-go customers would still effectively be anonymous, hence the idea that people use their passports when buying a phone.
This idea is so patently full of holes that it's worse than useless. IT managers at corporates are in charge of hundreds, even thousands of corporate devices. Would they have to register all of their employees on a centralised government database, if they use work mobile devices?
Members of the Jericho Forum, a group of corporate security officers who wrestle with identity management problems daily, said the idea just wouldn't work.
"For corporates this would be incredibly difficult to work, because you cannot guarantee who the user is," said a Jericho Forum spokesperson.
How about the rest of the population? Surely this kind of measure would just encourage a thriving black market in mobile phones for criminals and terrorists, while infringing on the civil liberties of innocent UK citizens? In other words, infringe on privacy while providing inadequate security?
So, bad idea. However, the plot thickens. When I rang up the Home Office to check the veracity of the Sunday Times story, the Home Office categorically denied that the story was correct.
"It's not true," said a Home Office spokesperson. "There is no basis for this story." The Home Office also sent me a statement:
"The communications revolution has been rapid in this country and because of changes in technology the way in which we collect communications data needs to change too. If it does not we will lose this vital capability that we currently have and that we all take for granted in fighting and solving crime," said the statement.
"Of course there is a balance between privacy and our liberty which is why we have said we will be consulting on this and seeking a political consensus. No decisions have been taken and we will be consulting in the New Year," the Home Office added.
The Sunday Times also reported that Vodafone was making "contingency plans" just in case the government decided to bring in its database and register all mobile users.
However, when I rang up Vodafone it also categorically denied that the story was true.
"Vodafone does not support mandatory registration for its pre-pay customers and has not made any 'contingency plans' to start requiring registration for the purposes of a Government data collection scheme," said Vodafone. "Pre-pay services hold an important role in terms of preventing a digital divide in communications. There is no need for a credit check and if customers do not have a permanent base, or a passport, they are not excluded from using these services."
So how could the Sunday Times, a respectable publication, have got it so wrong? Well my gut feeling is that it didn't get anything wrong at all.
It may come as a shock to you, oh wide-eyed innocent reader, that the media can be used and manipulated in many ways. One of the ways that a government body such as, say GCHQ, can test the popularity of a proposal is by "leaking" it to the press. If the story sinks without trace the government has an idea it can probably get away with including it in legislation. If it creates an uproar then the government can drop the idea, while denying that the story was ever true.
My feeling is, and bear in mind this is conjecture, is that GCHQ punted the idea to the Sunday Times to test the water. If Sunday Times readers, on the whole a fairly intelligent and non-hysterical lot, get het up about the story, followed by the rest of the press, then the Home Office can turn around and deny the story was correct. GCHQ using the Sunday Times as an unofficial YouGov, if you like.
This would supposedly cut a loophole out of the upcoming Communications Data Bill, which the Home Office has proposed should include a centralised database of details of all communications, including phone, email, and web-surfing habits. The loophole being that pay-as-you-go customers would still effectively be anonymous, hence the idea that people use their passports when buying a phone.
This idea is so patently full of holes that it's worse than useless. IT managers at corporates are in charge of hundreds, even thousands of corporate devices. Would they have to register all of their employees on a centralised government database, if they use work mobile devices?
Members of the Jericho Forum, a group of corporate security officers who wrestle with identity management problems daily, said the idea just wouldn't work.
"For corporates this would be incredibly difficult to work, because you cannot guarantee who the user is," said a Jericho Forum spokesperson.
How about the rest of the population? Surely this kind of measure would just encourage a thriving black market in mobile phones for criminals and terrorists, while infringing on the civil liberties of innocent UK citizens? In other words, infringe on privacy while providing inadequate security?
So, bad idea. However, the plot thickens. When I rang up the Home Office to check the veracity of the Sunday Times story, the Home Office categorically denied that the story was correct.
"It's not true," said a Home Office spokesperson. "There is no basis for this story." The Home Office also sent me a statement:
"The communications revolution has been rapid in this country and because of changes in technology the way in which we collect communications data needs to change too. If it does not we will lose this vital capability that we currently have and that we all take for granted in fighting and solving crime," said the statement.
"Of course there is a balance between privacy and our liberty which is why we have said we will be consulting on this and seeking a political consensus. No decisions have been taken and we will be consulting in the New Year," the Home Office added.
The Sunday Times also reported that Vodafone was making "contingency plans" just in case the government decided to bring in its database and register all mobile users.
However, when I rang up Vodafone it also categorically denied that the story was true.
"Vodafone does not support mandatory registration for its pre-pay customers and has not made any 'contingency plans' to start requiring registration for the purposes of a Government data collection scheme," said Vodafone. "Pre-pay services hold an important role in terms of preventing a digital divide in communications. There is no need for a credit check and if customers do not have a permanent base, or a passport, they are not excluded from using these services."
So how could the Sunday Times, a respectable publication, have got it so wrong? Well my gut feeling is that it didn't get anything wrong at all.
It may come as a shock to you, oh wide-eyed innocent reader, that the media can be used and manipulated in many ways. One of the ways that a government body such as, say GCHQ, can test the popularity of a proposal is by "leaking" it to the press. If the story sinks without trace the government has an idea it can probably get away with including it in legislation. If it creates an uproar then the government can drop the idea, while denying that the story was ever true.
My feeling is, and bear in mind this is conjecture, is that GCHQ punted the idea to the Sunday Times to test the water. If Sunday Times readers, on the whole a fairly intelligent and non-hysterical lot, get het up about the story, followed by the rest of the press, then the Home Office can turn around and deny the story was correct. GCHQ using the Sunday Times as an unofficial YouGov, if you like.
Wednesday 15 October 2008, 5:15 PM
Toshiba developing quantum repeater
Toshiba is developing a device it hopes will allow for global quantum key distribution.
The company is developing a quantum repeater, a device to regenerate a quantum key once quantum entanglement has been split into channels for transmission.
"The device is under development," said Andrew Shields, group leader of Toshiba's quantum information technology group. "We have a European collaboration."
Shields said that another technology important for extending the range of quantum key distribution was the use of satellites, but his team was focused on fibre-optics.
The company is developing a quantum repeater, a device to regenerate a quantum key once quantum entanglement has been split into channels for transmission.
"The device is under development," said Andrew Shields, group leader of Toshiba's quantum information technology group. "We have a European collaboration."
Shields said that another technology important for extending the range of quantum key distribution was the use of satellites, but his team was focused on fibre-optics.
Monday 13 October 2008, 6:03 PM
Nasa hacker loses last-ditch appeal
Self-confessed Nasa hacker Gary McKinnon has lost his appeal to Home Secretary Jacqui Smith against extradition to the US.
In an email sent to ZDNet.co.uk on Monday, McKinnon's solicitor Karen Todner said that McKinnon's legal team would now consider "further judicial remedy".
"The secretary of state has advised [via] treasury solicitors that despite Mr McKinnon's diagnosis with Asperger's Syndrome, she will now be making arrangements for his extradition," stated Todner. "We are now considering whether Mr McKinnon has any further judicial remedy, and we are urgently investigating this issue."
Todner told ZDNet.co.uk in September that her office was preparing a further appeal to the High Court should the appeal to the Home Secretary fail.
McKinnon has been accused by the US of hacking US military networks, including the Pentagon, and causing extensive damage. McKinnon has always denied harming any networks, claiming that initially he was searching for UFOs.
In an email sent to ZDNet.co.uk on Monday, McKinnon's solicitor Karen Todner said that McKinnon's legal team would now consider "further judicial remedy".
"The secretary of state has advised [via] treasury solicitors that despite Mr McKinnon's diagnosis with Asperger's Syndrome, she will now be making arrangements for his extradition," stated Todner. "We are now considering whether Mr McKinnon has any further judicial remedy, and we are urgently investigating this issue."
Todner told ZDNet.co.uk in September that her office was preparing a further appeal to the High Court should the appeal to the Home Secretary fail.
McKinnon has been accused by the US of hacking US military networks, including the Pentagon, and causing extensive damage. McKinnon has always denied harming any networks, claiming that initially he was searching for UFOs.
Monday 13 October 2008, 5:20 PM
Up to 1.7m MoD personal details missing
The potential number of people affected by the the loss of a hard disk containing MoD details could be a high as 1.7 million, defence minister Bob Ainsworth told parliament on Monday.
In a written statement to MPs, Ainsworth said that up to 1.7 million people who had enquired about joining up could have had their details compromised.
"The hard drive had been used with the TAFMIS recruitment system and may, in the worst case, contain details relating to 1.7 million individuals who have enquired about joining the Armed Forces," wrote Ainsworth.
Sensitive information that could have been lost includes such as next of kin details, passport and National Insurance numbers, drivers' licence and bank details, and NHS number, said Ainsworth.
The loss of the removable disk by IT contractor EDS was reported last week.
In a written statement to MPs, Ainsworth said that up to 1.7 million people who had enquired about joining up could have had their details compromised.
"The hard drive had been used with the TAFMIS recruitment system and may, in the worst case, contain details relating to 1.7 million individuals who have enquired about joining the Armed Forces," wrote Ainsworth.
Sensitive information that could have been lost includes such as next of kin details, passport and National Insurance numbers, drivers' licence and bank details, and NHS number, said Ainsworth.
The loss of the removable disk by IT contractor EDS was reported last week.
Previous
