Posts tagged ‘Censorship’

TorrentFreak: Beating Internet Censors With BitTorrent’s Maelstrom Browser

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

bittorrent-logoSan Francisco-based BitTorrent Inc. already has a few popular applications in its catalog, including uTorrent and Sync. However, with its new “people-powered” browser it hopes to spark another revolution.

Project Maelstrom, as it’s called, is still in the early stages of development but the company has decided to push a Beta out to the public so developers can start building tools and services around it.

In short, Maelstrom takes Google’s Chromium framework and stuffs a powerful BitTorrent engine under the hood, meaning that torrents can be played directly from the browser. More excitingly, however, Maelstrom also supports torrent-powered websites that no longer have to rely on central servers.

By simply publishing a website in a torrent format the website will be accessible if others are sharing it. This can be assisted by web-seeds but also completely peer-to-peer.

For example, earlier this week Wikileaks published a controversial archive of documents and emails that leaked after the Sony hack. If the hosting provider was forced to take the files down they would disappear but with Maelstrom-supported sites, users would be able to keep it online.

The same is true for torrent sites such as The Pirate Bay, which suffered weeks of downtime recently after the site’s servers were raided.

BitTorrent powered page
meal

At the moment there are very few websites that support Maelstrom. There is an early WordPress plugin and others are experimenting with it as well, but wider adoption will need some time.

That said, traditional magnet links work too, so people can play video and audio from regular torrent sites directly in the browser.

BitTorrent Inc. informs TF that the main goal is to provide a new and open publishing platform. It’s now up to developers to use it to their advantage.

“We believe in providing an alternative means for publishing that is neutral and that gives ownership back to those publishers. But one of our biggest goals with this release is just to get it out and into the hands of developers and see what emerges,” Maelstrom’s project lead Rob Velasquez says.

And in that respect momentum is building. BitTorrent Inc. says that a community of more than 10,000 developers and 3,500 publishers has already been established, with tools to bring more on board now available via Github.

While Maelstrom can bypass Internet censors, it’s good to keep in mind that all shared files are visible to the public. Maelstrom is caching accessed content to keep it seeded, so using a VPN might not be a bad idea. After all, users leave a trail of their browsing history behind.

On the upside, Maelstrom can be more private for publishers as they don’t have to share any personal details with hosting companies or domain registrars.

“The BitTorrent protocol remains the same, but it does mean that you no longer have to hand over personal, private data to domain registrars or hosting companies to put up a simple website,” Velasquez notes.

The idea for a BitTorrent-powered browser is not new. The Pirate Bay started work on a related project last year with the aim of keeping the site online even if its servers were raided.

It will be interesting to see if Maelstrom can get some traction. There’s still a long way to go, but the idea of an open and censorship-free web does sound appealing.

With a Mac version still under a development, Project Maelstrom (beta) can be downloaded for Windows here.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Music Industry Wants Cross Border Pirate Site Blocks

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

stop-blockedIn recent years blockades of “pirate” websites have spread across Europe and elsewhere. In the UK, for example, more than 100 websites are currently blocked by the major ISPs.

In recent weeks alone several new countries adopted similar measures, Australia, Spain and Portugal included.

Opponents of this censorship route often argue that the measures are ineffective, and that people simply move to other sites. However, in its latest Digital Music Report music industry group IFPI disagrees, pointing at research conducted in the UK.

“Website blocking has proved effective where applied,” IFPI writes, noting that the number of UK visits to “all BitTorrent” sites dropped from 20 million in April 2012 to 11 million two years later.

effblock

The key to an effective blocking strategy is to target not just one, but all leading pirate sites.

“While blocking an individual site does not have a significant impact on overall traffic to unlicensed services, once a number of leading sites are
blocked then there is a major impact,” IFPI argues.

For now, however, courts have shown to be among the biggest hurdles. It can sometimes take years before these cases reach a conclusion, and the same requests have to be made in all countries.

To streamline the process, copyright holders now want blocking injunctions to apply across borders, starting in the European Union.

“The recording industry continues to call for website blocking legislation where it does not already exist. In countries where there is already a legal basis for blocking, procedures can be slow and burdensome,” IFPI writes.

“For example, within the EU, blocking The Pirate Bay has meant taking multiple legal actions in different member states and rights holders are calling for injunctions to have cross-border effect.”

In addition to website blockades the music industry also stresses that other stakeholders should do more to help fight piracy. Search engines should prioritize legal services, for example, and advertisers and payment processors should cut their ties with pirate sites.

While IFPI’s numbers suggests that BitTorrent piracy has decreased globally, it still remains a significant problem. The group estimates that there are still four billion pirated music downloads per year on BitTorrent alone.

In other words, there’s plenty of blocking to be done before it’s no longer an issue, if that point will ever be reached.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Schneier on Security: China’s Great Cannon

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Citizen Lab has issued a report on China’s “Great Cannon” attack tool, used in the recent DDoS attack against GitHub.

We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the “Great Cannon.” The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.

The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users. Specifically, the Cannon manipulates the traffic of “bystander” systems outside China, silently programming their browsers to create a massive DDoS attack. While employed for a highly visible attack in this case, the Great Cannon clearly has the capability for use in a manner similar to the NSA’s QUANTUM system, affording China the opportunity to deliver exploits targeting any foreign computer that communicates with any China-based website not fully utilizing HTTPS.

It’s kind of hard for the US to complain about this kind of thing, since we do it too.

More stories. Hacker News thread.

Krebs on Security: Don’t Be Fodder for China’s ‘Great Cannon’

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

China has been actively diverting unencrypted Web traffic destined for its top online search service — Baidu.com — so that some visitors from outside of the country were unwittingly enlisted in a novel and unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools, according to research released this week.

The findings, published in a joint paper today by researchers with University of Toronto’s Citizen LabCitizen Lab, the International Computer Science Institute (ICSI) and the University of California, Berkeley, track a remarkable development in China’s increasingly public display of its evolving cyber warfare prowess.

“Their willingness to be so public mystifies me,” said Nicholas Weaver, a researcher at the ICSI who helped dig through the clues about the mysterious attack. “But it does appear to be a very public statement about their capabilities.”

greatcannon

Earlier this month, Github — an open-source code repository — and greatfire.org, which distributes software to help Chinese citizens evade censorship restrictions enacted by the so-called “Great Firewall of China,” found themselves on the receiving end of a massive and constantly-changing attack apparently designed to prevent people from being able to access the sites.

Experts have long known that China’s Great Firewall is capable of blocking Web surfers from within the country from accessing online sites that host content which is deemed prohibited by the Chinese government. But according to researchers, this latest censorship innovation targeted Web surfers from outside the country who were requesting various pages associated with Baidu, such that Internet traffic from a small percentage of surfers outside the country was quietly redirected toward Github and greatfire.org.

This attack method, which the researchers have dubbed the “Great Cannon,” works by intercepting non-Chinese traffic to Baidu Web properties, Weaver explained.

“It only intercepts traffic to a certain set of Internet addresses, and then only looks for specific script requests. About 98 percent of the time it sends the Web request straight on to Baidu, but about two percent of the time it says, ‘Okay, I’m going to drop the request going to Baidu,’ and instead it directly provides the malicious reply, replying with a bit of Javascript which causes the user’s browser to participate in a DOS attack, Weaver said.

The researchers said they tracked the attack for several days after Github apparently figured out how to filter the malicious traffic, which relied on malicious Javascript files that were served to visitors outside of China that were browsing various Baidu properties.

Chillingly, the report concludes that Chinese censors could just have easily served malicious code to exploit known Web browser vulnerabilities.

“With a minor tweak in the code, they could have provided exploits to targeted [Internet addresses], so that instead of intercepting all traffic to Baidu, they would serve malware attacks to those visitors,” Weaver said.

Interestingly, this type of attack is not unprecedented. According to documents leaked by National Security Agency whistleblower Edward Snowden, the NSA and British intelligence services used a system dubbed “QUANTUM” to inject content and modify Web results for individual targets that appeared to be coming from a pre-selected range of Internet addresses.

“The Chinese government can credibly say the United States has done similar things in the past,” Weaver said. “They can’t say we’ve done large scale DDoS attacks, but the Chinese government can honestly state that the U.S. has modified traffic in-flight to attack and exploit systems.”

Weaver said the attacks from the Great Cannon don’t succeed when people are browsing Chinese sites with a Web address that begins with “https://”, meaning that regular Internet users can limit their exposure to these attacks by insisting that all Internet communications are routed over “https” versus unencrypted “http://” connections in their browsers. A number of third-party browser plug-ins — such as https-everywhere — can help people accomplish this goal.

“The lesson here is encrypt all the things all the time always,” Weaver said. “If you have to worry about a nation state adversary and if they can see an unencrypted web request that they can tie to your identity, they can use that as a vehicle for attack. This has always been the case, but it’s now practice.”

But Bill Marczak, a research fellow with Citizen Lab, said relying on an always-on encryption strategy is not a foolproof counter to this attack, because plug-ins like https-anywhere will still serve regular unencrypted content when Web sites refuse to or don’t offer the same content over an encrypted connection. What’s more, many Web sites draw content from a variety of sources online, meaning that the Great Cannon attack could succeed merely by drawing on resources provided by online ad networks that serve ads on a variety of Web sites from a dizzying array of sources.

“Some of the scripts being injected in this attack are from online ad networks,” Marczak said. “But certainly this kind of attack suggests a far more aggressive use of https where available.”

For a deep dive into the research referenced in this story, check out this link.

Errata Security: Pin-pointing China’s attack against GitHub

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

For the past week, the website “GitHub” has been under attack by China. In this post, I pin-point where the attack is coming from by doing an http-traceroute.

GitHub is a key infrastructure website for the Internet, being the largest host of open-source projects, most famously Linux. (I host my code there). It’s also a popular blogging platform.

Among the zillions of projects are https://github.com/greatfire and https://github.com/cn-nytimes. These are mirrors (copies) of the websites http://greatfire.org and http://cn.nytimes.com. GreatFire provides tools for circumventing China’s Internet censorship, the NYTimes contains news stories China wants censored.

China blocks the offending websites, but it cannot easily block the GitHub mirrors. Its choices are either to block or allow everything on GitHub. Since GitHub is key infrastructure for open-source, blocking GitHub is not really a viable option.

Therefore, China chose another option, to flood those specific GitHub URLs with traffic in order to pressure GitHub into removing those pages. This is a stupid policy decision, of course, since Americans are quite touchy on the subject and are unlikely to comply with such pressure. It’s likely GitHub itself can resolve the issue, as there are a zillion ways to respond. If not, other companies (like CloudFlare) would leap to their defense.

The big question is attribution. Is this attack authorized by the Chinese government? Or is it the work of rogue hackers?

The company Netresec in Sweden partially answered this problem by figuring out most of the details of the hack. The way the attack worked is that some man-in-the-middle device intercepted web requests coming into China from elsewhere in the world, and then replaced the content with JavaScript code that would attack GitHub. Specifically, they intercepted requests to Baidu’s analytics. The search-engine Baidu is the Google of China, and it runs analytics software like Google in order to track advertising. Everyone outside China visiting internal pages would then run this JavaScript to attack GitHub. Since the attack appears to be coming “from everywhere”, it’s impractical for GitHub to block the attack.

Netresec could clearly identify that a man-in-the-middle was happening by looking at the TTL fields in the packets. TTL, or time-to-live, is a field in all Internet packets that tracks the age of the packet. Each time a router forwards a packet, one is subtracted from the field. When it reaches zero, the packet is discarded. This prevents routing loops from endlessly forwarding packets around in circle.

Many systems send packets with a starting TTL of 64. Thus, when a packet arrives with a value of 46, you know that that there are 18 hops between you and the sender (64 – 18 = 46).

What Netresec found was a situation shown in the following picture. This picture shows a sequence of packets to and from the server. My packets sent to the Baidu server have a TTL of 64, the starting value I send with. The first response from the server has a value of 46 — because while they transmitted the packet with a value of 64, it was reduced by 18 by the time it arrived at my computer. After I send the web request, I get weird TTLs in response, with values of 98 and 99. These obviously did not come from the original server, but some intermediate man-in-the-middle device.

I know this man-in-the-middle is somewhere between me and Baidu, but where? To answer that, we use the concept of traceroute.

Traceroute is a real cool trick. Instead of sending packets with a TTL of 64, the tool sends them with a TTL of 1, then 2, then 3, and so on. Because the TTL is so low, they won’t reach their destination. Instead, the TTL will eventually reach 0, and routers along the way will drop them. When routers do this, they send back a notification packet called a Time-Exceeded message — using the router’s Internet address. Thus, I can collect all these packets and map the routers between me and a target.

The tool that does this is shown below, where I traceroute to the Baidu server from my machine:

The second column is time. As you can see, it takes almost 80-milliseconds for my packets to reach Los Angeles, and then the delay jumps to 230-milliseconds to reach China. Also note that I can’t quite reach the server, as there is a firewall after hop 16 that is blocking traceroute from working.

So where along this route is the man-in-the-middle interception happening? To answer this question, I had write some code. I wrote my own little traceroute tool. Instead of sending a single packet, it first established a connection with normal TTLs, so that it would reach all the way to the target server. Then, when it sent the web request packet, it used a smaller TTL, so it would get dropped before reaching the server — but hopefully after the man-in-the-middle saw it. By doing these with varying TTLs, I should be able to discover at which hop the evil device is lurking.

I found that the device lurks between 11 and 12 hops. The web request packets sent with a TTL of 11 are not seen, while packets with TTL of 12 are, generating a response, as shown below:

The black line above shows the packet I sent, with a TTL of 12. The orange line (and the two packets above it) show the packets received from the man-in-the-middle device. When I send packets with a TTL of 11, I never get a response from that evil device.

By looking at the IP addresses in the traceroute, we can conclusive prove that the man-in-the-middle device is located on the backbone of China Unicom, a major service provider in China.

The next step is to traceroute in the other direction, from China to a blocked address, such as the http://www.nytimes.com address at 170.149.168.130. Using the website http://www.linkwan.net/tr.htm, I get the following:

This shows that the Great Firewall runs inside the China Unicom infrastructure.

Conclusion

Using my custom http-traceroute, I’ve proven that the man-in-the-middle machine attacking GitHub is located on or near the Great Firewall of China. While many explanations are possible, such as hackers breaking into these machines, the overwhelmingly most likely suspect for the source of the GitHub attacks is the Chinese government.

This is important evidence for our government. It’ll be interesting to see how they respond to these attacks — attacks by a nation state against key United States Internet infrastructure.

TorrentFreak: Pirate Bay To Open Its Own .PIRATE Domain Name Registry

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate bayThe Pirate Bay’s parent company Reservella Ltd. has started the registration process for a new gTLD with a .PIRATE extension.

Responding to increased pressure from the MPAA and RIAA on the domain name industry, the torrent site hopes to break away from the rules and regulations which forced it to move to several new domains in recent years.

“We can no longer trust third party services and registries, who are under immense pressure from the copyright lobby. So we decided to apply for our very own gTLD and be a true Pirate registry,” TPB’s Winston informs TF.

The new registration is currently being processed by the Internet Corporation for Assigned Names and Numbers (ICANN), the main oversight body for the Internet’s global domain name system which accepts new gTLD proposals.

.PIRATE application
pirapri1

If the new TLD is finalized the Pirate Bay team plans to open registrations to the public. While it has to agree to some oversight formalities and ICANN agreements, the .PIRATE domains are expected to be less prone to censorship.

“The ultimate goal is to create a true PIRATE hydra. This means that we will allow other sites to register .PIRATE domain names too. Staying true to our pirate roots the domains can be registered anonymously without charge,” Winston tells us.

The Pirate Bay crew has prepared the application in secret, setting the wheels in motion nearly a year ago. Ideally, the process would have been finished by late January but a police raid and persistent hosting problems caused some delay.

“Things are looking good so far, but we’re not there yet. Fingers crossed. Let’s hope nothing foolish happens,” Winston concludes.

For the time being, however, The Pirate Bay will continue operating from the Swedish based .SE domain name. A transition to the .PIRATE domain is expected to take place this summer, at the earliest.

The MPAA and RIAA couldn’t be reached for a comment on today’s news, but it’s expected that they will do everything within their power to block Pirate Bay’s deviant plans.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

The Hacker Factor Blog: Chinese Sayings

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

I recently blogged about Google ending support for Google Code. I had pointed out that the recommended solution was to move from Google Code to Github and that we should hope Github doesn’t go away anytime soon. I swear that was just a snide comment and not displaying any insider knowledge of what happened next…

About a week later, GitHub announced that they were under a very large scale denial-of-service attack. According to GitHub’s blog:

The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.

The folks at TechCrunch elaborated on the targeted attack:

Specifically, security experts report that the attackers were redirecting search traffic from overseas users of the Chinese search engine Baidu, and were targeting two pages in particular. One page was run by Greatfire.org, a site that reports on the government censorship in China, and the other linked to a copy of the New York Times’ Chinese language website.

To put things into perspective, the denial of service attack last year against my own site lasted 24 hours and prevented the public from accessing the server. This attack against GitHub appears to have recently ended — after 118 hours! And the attack only caused short outages. (I am very impressed at Github’s ability to withstand a massive network attack like this.)

Chinese Proverb: A cornered dog will jump over the wall.

In a press conference yesterday, Chinese officials were asked about the network attack. (Note: This quote comes from a web page posted in English on a Chinese government web site.)

Q: First, officials from Puntland, Somalia said that more and more ships from Iran, the ROK and China are involved in illegal fishing off the Somali waters. UN officials said that the rise of illegal fishing may lead to rampant piracy. Has China asked its fishermen to stop illegal fishing? Second, a report says that a US website was under hacker attack, and the source of the attack was from China. How do you respond?

A: On your first question, the Chinese government is opposed to illegal fishing, and we have been asking Chinese citizens to fish in accordance with the law. We also hope countries concerned can take tangible steps to safeguard the security and rights and interests of the Chinese fishermen.

On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I’d like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner.

As ZDNet noted, China’s Foreign Ministry spokesperson Hua Chunying did not deny the attack. Moreover, Hua tried to spin it as if China was the victim.

Chinese Proverb: An offender sues the victim first.

I watch the logs on my web server very closely. I regularly see network attacks against the server. Most attacks are from automated bots looking for known vulnerabilities. However, occasionally there are manual attacks or novel 0-day attacks. (None have been successful, but I still keep an eye on the server.)

Geolocating a network address back to a source is relatively straightforward. You start with the network address of the client and you reference some public data that maps addresses to locations. Identifying the country is relatively easy. Identifying the city or something more specific may be less accurate. Typically, if a network address traces to “Denver, Colorado”, what it really means is “in or near Denver, Colorado” — it may be Aurora, Littleton, Boulder, or even Colorado Springs, but it’s probably not Pueblo, Ted’s Place, or anywhere outside Colorado.

Of course, hostile attackers could use proxies. But those kind of attacks typically do not use network addresses from the same subnets.

At FotoForensics, a solid 60% all network attacks come from addresses that geolocate to China. The next largest countries (20% and 10% respectively) are from the United States and Russia. With the USA, attacks typically come from everywhere — there is no particular subnet or hosting location. These attacks likely represent infected computers and botnets. In contrast, Russia is usually isolated to specific network addresses. But China? I see entire subnets attacking my site. When one address gets banned, another address in the same subnet continues where the last one left off.

Recently I noticed that the attacks from China follow one of two patterns.

Attack Pattern #1: “Scan bot”
A bot first attacks my secure-shell (ssh) server. It tries a couple of brute-force login attempts as “root” and then gets banned. Immediately after the ban (within 2 seconds), there is a web bot from a different network address in China that accesses “/” or “/favicon.ico”. I know this is a bot because a real user’s client would download my logo image, style sheet, and other dependency files.

I’m not sure what the Chinese web bot is looking for, but I suspect that it is something in the HTTP header. If they see it, then they will likely attack. And since I’m not seeing the web attack, I must not be returning whatever it is they are looking for.

Attack Pattern #2: “The Follow-up”
My site gets visitors from all over the world. But in any given hour, I may only receive a small sample of countries using my online service. I may go hours without a legitimate user accessing FotoForensics from China. But when they do, there seems to be a consistent pattern.

First, the user accesses my site. This is harmless and they use the site as intended. Then, between 5 and 15 minutes later, a bot from a different subnet in China will attempt to attack my ssh server.

For example…
A user at 111.186.106.xx (Kunming, CN) used my site at 29/Mar/2015:08:51:44 -0600.
This was followed by an attack against my ssh server from 221.229.166.28 (Shancheng, CN).

On 29/Mar/2015:06:34:45, a user at 180.76.6.xx (Beijing, CN) visited my site. This was followed by ssh attacks from 58.218.204.241 (Shancheng, CN).

The attacks in my logs look like:

root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)

I checked these attack addresses against various DNS blacklists that track network attacks. Every single one of these addresses are known attackers. For example, CBL.AbuseAt.org lists 221.229.166.28, 221.229.166.30 and 221.229.166.254 as known hostile addresses that perform network attacks. The site Blocklist.de also lists them as known attackers. And websworld.org shows similar ssh attacks coming from these addresses as well as a ton of other Chinese network addresses. (Currently Websworld lists 62 addresses that have attacked their ssh servers — 58 of them are from China.)

It has reached the point where I have blacklisted entire subnets from China that have only been used to attack my server. For example, I have banned 211.229.166.0/24 since many of the addresses in that range have attacked my server and none have been used for legitimate uses.

I find this second attack pattern to be very disturbing and very consistent. First a user in China accesses my site, and then an attack comes in 5-15 minutes later. It is disturbing because it appears that the Chinese government actively tracks every web site their citizens access, and then they queue up the site for a follow-up attack.

If this were just a botnet, then it would not be predictable. However, it is very predictable. If nobody from China visits my site in an hour, then there are none of these ssh attacks from China. As soon as someone from China visits my site, I can expect and receive an attack within 15 minutes.

The second question becomes: is this the Chinese government or someone else? To answer that, we just need to look at the users who visit my site. In order to queue up these attacks, “someone” must be able to watch all traffic out of China. As far as I can tell, only the Chinese government is configured to watch all packets that leave their country. An individual user can monitor their local subnet, but not the entire country. A compromised router can monitor a region, but not the entire country. So either all of China has been compromised and is being used to attack everyone, or the Chinese government is actively monitoring all traffic and queuing up sites to attack. (The third option is that this is a very long-term and consistent coincidence. But a 100% predictability rate over weeks does not seem coincidental to me.)

Chinese Proverb: A thief cries “Stop thief!”

The Chinese government is well-known for performing cyber attacks. Some of the attacks are espionage, while others attempt to identify dissidents. I can only assume that these latest attacks are China’s new method to automate compromises, identify critics, and silence online voices.

The Chinese official said, “it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it”. Whether it is a long-term denial of service that tries to silence voices or wide-spread network attacks, there is no question whether these attacks trace to China or whether the Chinese government permits these attacks. In my case, these attacks are not speculation; they form a consistent, repeatable, and predictable pattern. I also have no doubt that if the Github security staff say the attacks trace to China, then it came from China. Since the Chinese government attempts to filter all content in and out of their country, it is reasonable to believe that they could mitigate or stop these attacks if they wanted it stopped.

The only thing odd is the Chinese official saying that she finds it “odd” that these attacks keep being blamed on China. Perhaps the Foreign Ministry spokesperson should adopt a British idiom: “if the cap fits, wear it.

The Hacker Factor Blog: Chinese Sayings

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

I recently blogged about Google ending support for Google Code. I had pointed out that the recommended solution was to move from Google Code to Github and that we should hope Github doesn’t go away anytime soon. I swear that was just a snide comment and not displaying any insider knowledge of what happened next…

About a week later, GitHub announced that they were under a very large scale denial-of-service attack. According to GitHub’s blog:

The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.

The folks at TechCrunch elaborated on the targeted attack:

Specifically, security experts report that the attackers were redirecting search traffic from overseas users of the Chinese search engine Baidu, and were targeting two pages in particular. One page was run by Greatfire.org, a site that reports on the government censorship in China, and the other linked to a copy of the New York Times’ Chinese language website.

To put things into perspective, the denial of service attack last year against my own site lasted 24 hours and prevented the public from accessing the server. This attack against GitHub appears to have recently ended — after 118 hours! And the attack only caused short outages. (I am very impressed at Github’s ability to withstand a massive network attack like this.)

Chinese Proverb: A cornered dog will jump over the wall.

In a press conference yesterday, Chinese officials were asked about the network attack. (Note: This quote comes from a web page posted in English on a Chinese government web site.)

Q: First, officials from Puntland, Somalia said that more and more ships from Iran, the ROK and China are involved in illegal fishing off the Somali waters. UN officials said that the rise of illegal fishing may lead to rampant piracy. Has China asked its fishermen to stop illegal fishing? Second, a report says that a US website was under hacker attack, and the source of the attack was from China. How do you respond?

A: On your first question, the Chinese government is opposed to illegal fishing, and we have been asking Chinese citizens to fish in accordance with the law. We also hope countries concerned can take tangible steps to safeguard the security and rights and interests of the Chinese fishermen.

On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I’d like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner.

As ZDNet noted, China’s Foreign Ministry spokesperson Hua Chunying did not deny the attack. Moreover, Hua tried to spin it as if China was the victim.

Chinese Proverb: An offender sues the victim first.

I watch the logs on my web server very closely. I regularly see network attacks against the server. Most attacks are from automated bots looking for known vulnerabilities. However, occasionally there are manual attacks or novel 0-day attacks. (None have been successful, but I still keep an eye on the server.)

Geolocating a network address back to a source is relatively straightforward. You start with the network address of the client and you reference some public data that maps addresses to locations. Identifying the country is relatively easy. Identifying the city or something more specific may be less accurate. Typically, if a network address traces to “Denver, Colorado”, what it really means is “in or near Denver, Colorado” — it may be Aurora, Littleton, Boulder, or even Colorado Springs, but it’s probably not Pueblo, Ted’s Place, or anywhere outside Colorado.

Of course, hostile attackers could use proxies. But those kind of attacks typically do not use network addresses from the same subnets.

At FotoForensics, a solid 60% all network attacks come from addresses that geolocate to China. The next largest countries (20% and 10% respectively) are from the United States and Russia. With the USA, attacks typically come from everywhere — there is no particular subnet or hosting location. These attacks likely represent infected computers and botnets. In contrast, Russia is usually isolated to specific network addresses. But China? I see entire subnets attacking my site. When one address gets banned, another address in the same subnet continues where the last one left off.

Recently I noticed that the attacks from China follow one of two patterns.

Attack Pattern #1: “Scan bot”
A bot first attacks my secure-shell (ssh) server. It tries a couple of brute-force login attempts as “root” and then gets banned. Immediately after the ban (within 2 seconds), there is a web bot from a different network address in China that accesses “/” or “/favicon.ico”. I know this is a bot because a real user’s client would download my logo image, style sheet, and other dependency files.

I’m not sure what the Chinese web bot is looking for, but I suspect that it is something in the HTTP header. If they see it, then they will likely attack. And since I’m not seeing the web attack, I must not be returning whatever it is they are looking for.

Attack Pattern #2: “The Follow-up”
My site gets visitors from all over the world. But in any given hour, I may only receive a small sample of countries using my online service. I may go hours without a legitimate user accessing FotoForensics from China. But when they do, there seems to be a consistent pattern.

First, the user accesses my site. This is harmless and they use the site as intended. Then, between 5 and 15 minutes later, a bot from a different subnet in China will attempt to attack my ssh server.

For example…
A user at 111.186.106.xx (Kunming, CN) used my site at 29/Mar/2015:08:51:44 -0600.
This was followed by an attack against my ssh server from 221.229.166.28 (Shancheng, CN).

On 29/Mar/2015:06:34:45, a user at 180.76.6.xx (Beijing, CN) visited my site. This was followed by ssh attacks from 58.218.204.241 (Shancheng, CN).

The attacks in my logs look like:

root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)

I checked these attack addresses against various DNS blacklists that track network attacks. Every single one of these addresses are known attackers. For example, CBL.AbuseAt.org lists 221.229.166.28, 221.229.166.30 and 221.229.166.254 as known hostile addresses that perform network attacks. The site Blocklist.de also lists them as known attackers. And websworld.org shows similar ssh attacks coming from these addresses as well as a ton of other Chinese network addresses. (Currently Websworld lists 62 addresses that have attacked their ssh servers — 58 of them are from China.)

It has reached the point where I have blacklisted entire subnets from China that have only been used to attack my server. For example, I have banned 211.229.166.0/24 since many of the addresses in that range have attacked my server and none have been used for legitimate uses.

I find this second attack pattern to be very disturbing and very consistent. First a user in China accesses my site, and then an attack comes in 5-15 minutes later. It is disturbing because it appears that the Chinese government actively tracks every web site their citizens access, and then they queue up the site for a follow-up attack.

If this were just a botnet, then it would not be predictable. However, it is very predictable. If nobody from China visits my site in an hour, then there are none of these ssh attacks from China. As soon as someone from China visits my site, I can expect and receive an attack within 15 minutes.

The second question becomes: is this the Chinese government or someone else? To answer that, we just need to look at the users who visit my site. In order to queue up these attacks, “someone” must be able to watch all traffic out of China. As far as I can tell, only the Chinese government is configured to watch all packets that leave their country. An individual user can monitor their local subnet, but not the entire country. A compromised router can monitor a region, but not the entire country. So either all of China has been compromised and is being used to attack everyone, or the Chinese government is actively monitoring all traffic and queuing up sites to attack. (The third option is that this is a very long-term and consistent coincidence. But a 100% predictability rate over weeks does not seem coincidental to me.)

Chinese Proverb: A thief cries “Stop thief!”

The Chinese government is well-known for performing cyber attacks. Some of the attacks are espionage, while others attempt to identify dissidents. I can only assume that these latest attacks are China’s new method to automate compromises, identify critics, and silence online voices.

The Chinese official said, “it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it”. Whether it is a long-term denial of service that tries to silence voices or wide-spread network attacks, there is no question whether these attacks trace to China or whether the Chinese government permits these attacks. In my case, these attacks are not speculation; they form a consistent, repeatable, and predictable pattern. I also have no doubt that if the Github security staff say the attacks trace to China, then it came from China. Since the Chinese government attempts to filter all content in and out of their country, it is reasonable to believe that they could mitigate or stop these attacks if they wanted it stopped.

The only thing odd is the Chinese official saying that she finds it “odd” that these attacks keep being blamed on China. Perhaps the Foreign Ministry spokesperson should adopt a British idiom: “if the cap fits, wear it.

The Hacker Factor Blog: Chinese Sayings

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

I recently blogged about Google ending support for Google Code. I had pointed out that the recommended solution was to move from Google Code to Github and that we should hope Github doesn’t go away anytime soon. I swear that was just a snide comment and not displaying any insider knowledge of what happened next…

About a week later, GitHub announced that they were under a very large scale denial-of-service attack. According to GitHub’s blog:

The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.

The folks at TechCrunch elaborated on the targeted attack:

Specifically, security experts report that the attackers were redirecting search traffic from overseas users of the Chinese search engine Baidu, and were targeting two pages in particular. One page was run by Greatfire.org, a site that reports on the government censorship in China, and the other linked to a copy of the New York Times’ Chinese language website.

To put things into perspective, the denial of service attack last year against my own site lasted 24 hours and prevented the public from accessing the server. This attack against GitHub appears to have recently ended — after 118 hours! And the attack only caused short outages. (I am very impressed at Github’s ability to withstand a massive network attack like this.)

Chinese Proverb: A cornered dog will jump over the wall.

In a press conference yesterday, Chinese officials were asked about the network attack. (Note: This quote comes from a web page posted in English on a Chinese government web site.)

Q: First, officials from Puntland, Somalia said that more and more ships from Iran, the ROK and China are involved in illegal fishing off the Somali waters. UN officials said that the rise of illegal fishing may lead to rampant piracy. Has China asked its fishermen to stop illegal fishing? Second, a report says that a US website was under hacker attack, and the source of the attack was from China. How do you respond?

A: On your first question, the Chinese government is opposed to illegal fishing, and we have been asking Chinese citizens to fish in accordance with the law. We also hope countries concerned can take tangible steps to safeguard the security and rights and interests of the Chinese fishermen.

On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I’d like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner.

As ZDNet noted, China’s Foreign Ministry spokesperson Hua Chunying did not deny the attack. Moreover, Hua tried to spin it as if China was the victim.

Chinese Proverb: An offender sues the victim first.

I watch the logs on my web server very closely. I regularly see network attacks against the server. Most attacks are from automated bots looking for known vulnerabilities. However, occasionally there are manual attacks or novel 0-day attacks. (None have been successful, but I still keep an eye on the server.)

Geolocating a network address back to a source is relatively straightforward. You start with the network address of the client and you reference some public data that maps addresses to locations. Identifying the country is relatively easy. Identifying the city or something more specific may be less accurate. Typically, if a network address traces to “Denver, Colorado”, what it really means is “in or near Denver, Colorado” — it may be Aurora, Littleton, Boulder, or even Colorado Springs, but it’s probably not Pueblo, Ted’s Place, or anywhere outside Colorado.

Of course, hostile attackers could use proxies. But those kind of attacks typically do not use network addresses from the same subnets.

At FotoForensics, a solid 60% all network attacks come from addresses that geolocate to China. The next largest countries (20% and 10% respectively) are from the United States and Russia. With the USA, attacks typically come from everywhere — there is no particular subnet or hosting location. These attacks likely represent infected computers and botnets. In contrast, Russia is usually isolated to specific network addresses. But China? I see entire subnets attacking my site. When one address gets banned, another address in the same subnet continues where the last one left off.

Recently I noticed that the attacks from China follow one of two patterns.

Attack Pattern #1: “Scan bot”
A bot first attacks my secure-shell (ssh) server. It tries a couple of brute-force login attempts as “root” and then gets banned. Immediately after the ban (within 2 seconds), there is a web bot from a different network address in China that accesses “/” or “/favicon.ico”. I know this is a bot because a real user’s client would download my logo image, style sheet, and other dependency files.

I’m not sure what the Chinese web bot is looking for, but I suspect that it is something in the HTTP header. If they see it, then they will likely attack. And since I’m not seeing the web attack, I must not be returning whatever it is they are looking for.

Attack Pattern #2: “The Follow-up”
My site gets visitors from all over the world. But in any given hour, I may only receive a small sample of countries using my online service. I may go hours without a legitimate user accessing FotoForensics from China. But when they do, there seems to be a consistent pattern.

First, the user accesses my site. This is harmless and they use the site as intended. Then, between 5 and 15 minutes later, a bot from a different subnet in China will attempt to attack my ssh server.

For example…
A user at 111.186.106.xx (Kunming, CN) used my site at 29/Mar/2015:08:51:44 -0600.
This was followed by an attack against my ssh server from 221.229.166.28 (Shancheng, CN).

On 29/Mar/2015:06:34:45, a user at 180.76.6.xx (Beijing, CN) visited my site. This was followed by ssh attacks from 58.218.204.241 (Shancheng, CN).

The attacks in my logs look like:

root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)

I checked these attack addresses against various DNS blacklists that track network attacks. Every single one of these addresses are known attackers. For example, CBL.AbuseAt.org lists 221.229.166.28, 221.229.166.30 and 221.229.166.254 as known hostile addresses that perform network attacks. The site Blocklist.de also lists them as known attackers. And websworld.org shows similar ssh attacks coming from these addresses as well as a ton of other Chinese network addresses. (Currently Websworld lists 62 addresses that have attacked their ssh servers — 58 of them are from China.)

It has reached the point where I have blacklisted entire subnets from China that have only been used to attack my server. For example, I have banned 211.229.166.0/24 since many of the addresses in that range have attacked my server and none have been used for legitimate uses.

I find this second attack pattern to be very disturbing and very consistent. First a user in China accesses my site, and then an attack comes in 5-15 minutes later. It is disturbing because it appears that the Chinese government actively tracks every web site their citizens access, and then they queue up the site for a follow-up attack.

If this were just a botnet, then it would not be predictable. However, it is very predictable. If nobody from China visits my site in an hour, then there are none of these ssh attacks from China. As soon as someone from China visits my site, I can expect and receive an attack within 15 minutes.

The second question becomes: is this the Chinese government or someone else? To answer that, we just need to look at the users who visit my site. In order to queue up these attacks, “someone” must be able to watch all traffic out of China. As far as I can tell, only the Chinese government is configured to watch all packets that leave their country. An individual user can monitor their local subnet, but not the entire country. A compromised router can monitor a region, but not the entire country. So either all of China has been compromised and is being used to attack everyone, or the Chinese government is actively monitoring all traffic and queuing up sites to attack. (The third option is that this is a very long-term and consistent coincidence. But a 100% predictability rate over weeks does not seem coincidental to me.)

Chinese Proverb: A thief cries “Stop thief!”

The Chinese government is well-known for performing cyber attacks. Some of the attacks are espionage, while others attempt to identify dissidents. I can only assume that these latest attacks are China’s new method to automate compromises, identify critics, and silence online voices.

The Chinese official said, “it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it”. Whether it is a long-term denial of service that tries to silence voices or wide-spread network attacks, there is no question whether these attacks trace to China or whether the Chinese government permits these attacks. In my case, these attacks are not speculation; they form a consistent, repeatable, and predictable pattern. I also have no doubt that if the Github security staff say the attacks trace to China, then it came from China. Since the Chinese government attempts to filter all content in and out of their country, it is reasonable to believe that they could mitigate or stop these attacks if they wanted it stopped.

The only thing odd is the Chinese official saying that she finds it “odd” that these attacks keep being blamed on China. Perhaps the Foreign Ministry spokesperson should adopt a British idiom: “if the cap fits, wear it.

The Hacker Factor Blog: Bull in a China Shop

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

This has been a really long Monday. (“But it’s Thursday!” I know. But when customers call, I answer.)

If you are involved in computer security, online privacy, or cyber defense, then there is one country that is almost unanimously associated with “evil”: China. Beyond their human rights abuses and massive pollution problems are issues with online censorship, plagiarism, cyber espionage, spam, and constant network attacks. My own servers see far more attacks coming from China than any other country. It’s to the point where I’ve considered banning all of China from accessing my sites.

Yet, China just made news about something that I completely agree with: they fined Procter and Gamble (P&G) 980,000 yuan (about $1 million) for false advertising.

The news reports are pretty straightforward. If you’re selling Crest toothpaste that makes teeth whiter, then do not photoshop the ads to make the teeth whiter. This is the same logic that the UK used back in 2009 when they banned an Olay advertisement featuring Twiggy; if you’re selling makeup to make eyes look better, then don’t use Photoshop to make the eyes look better. And yes, Olay is another P&G product.

Smile!

I went looking online for sample pictures of Crest toothpaste ads from China. As it turns out, The Internet Archive has a lot of their ads archived. Here’s a few of them from Crest’s homepage:

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_01.jpg

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_05.jpg

https://web.archive.org/web/20130425174611im_/http://image.crest.com.cn/images/home/home_banner_img07.jpg

https://web.archive.org/web/20130728074116im_/http://image.crest.com.cn/images/home/home_banner_img03.jpg

In each case, the pictures and coloring has been touched up. Including making the teeth whiter. The public FotoForensics analysis only identifies Photoshop (in the metadata), touching up, and low quality (ELA), but not the color correction. Hue analysis identifies the color alterations.

I don’t know if any of these are the pictures that China evaluated, but I am convinced that P&G digitally altered the alleged product results.

Shine on!

According to the news reports, China has a similar stance regarding photoshop in advertisements as I do.

An official of the Shanghai regulator said digital enhancement can only be used in adverts in which the changes were irrelevant, such as making the sky more blue in a car ad, Xinhua reported.

I have been saying for years that advertisers can change anything they want except for the item being advertised. When an advertisement for a dress digitally alters the dress, they give the impression that you will look gorgeous in the clothing. But with the digital alterations, they are actually saying, “you will never look this good because you are not photoshopped.” It is a bait-and-switch. They show you a picture of one thing, but then deliver something different.

(Heh… Wouldn’t it be funny if every purchase at Victoria’s Secret included a digital camera and a copy of Photoshop?)

Rinse and Repeat

Although the various news reports focus on P&G, a few mentioned other companies that were also fined. For example, China Economic Review said that Volkswagen and Nikon were also fined. However, the BBC suggested that China is only imposing fines on foreign brands.

I find this accusation from the BBC to be very interesting. While looking for pictures of Crest products in China, I came across this ad from Alibaba:

http://i00.i.aliimg.com/photo/v0/60026425160/Crest_3d_dental_care_tooth_teeth_whitening.jpg

There’s a couple of issues here. First, Onuge is not Crest — they are Crest’s Chinese competitor. Yet Onuge’s colorful logo and packaging looks very similar to Crest. The URL to the picture on Alibaba does not even mention Onuge — it says “Crest”. Even Onuge advertisements claim to have “Crest Supreme Quality“. This seems to be an intentional effort to cause confusion in the marketplace and to make consumers think that Onuge is Crest. (If this were in the United States, I think Crest would have strong grounds for copyright infringement.)

And just like Crest, Onuge digitally altered the teeth to appear whiter. However, I can find no mention of Onuge being fined for false advertisement.

Government Incentive

In addition to the BBC’s findings, the Wall Street Journal pointed out a serious reporting issue. WSJ found that the report from Xinhua (Chinese news outlet) did not mention that the fine was a year old! This is not a recent story — it is just recently being promoted in the media.

If the findings from the BBC and WSJ are correct, then the fine and news report may be less about consumer protection and more about political influence and an attempt to degrade foreign product reputations in the Chinese marketplace.

However, this idea of steep fines really got me thinking… If governments began to levy fines for digitally altered products in advertisements, then the amount of revenue to the government should be a viable option in lieu of minor tax increases. Local, state, and federal governments could bring in revenue from bait-and-switch advertisements. Advertisers would stop modifying product photos and consumers would begin to see products as they really are. This seems like a win-win for consumers and taxpayers.

The Hacker Factor Blog: Bull in a China Shop

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

This has been a really long Monday. (“But it’s Thursday!” I know. But when customers call, I answer.)

If you are involved in computer security, online privacy, or cyber defense, then there is one country that is almost unanimously associated with “evil”: China. Beyond their human rights abuses and massive pollution problems are issues with online censorship, plagiarism, cyber espionage, spam, and constant network attacks. My own servers see far more attacks coming from China than any other country. It’s to the point where I’ve considered banning all of China from accessing my sites.

Yet, China just made news about something that I completely agree with: they fined Procter and Gamble (P&G) 980,000 yuan (about $1 million) for false advertising.

The news reports are pretty straightforward. If you’re selling Crest toothpaste that makes teeth whiter, then do not photoshop the ads to make the teeth whiter. This is the same logic that the UK used back in 2009 when they banned an Olay advertisement featuring Twiggy; if you’re selling makeup to make eyes look better, then don’t use Photoshop to make the eyes look better. And yes, Olay is another P&G product.

Smile!

I went looking online for sample pictures of Crest toothpaste ads from China. As it turns out, The Internet Archive has a lot of their ads archived. Here’s a few of them from Crest’s homepage:

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_01.jpg

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_05.jpg

https://web.archive.org/web/20130425174611im_/http://image.crest.com.cn/images/home/home_banner_img07.jpg

https://web.archive.org/web/20130728074116im_/http://image.crest.com.cn/images/home/home_banner_img03.jpg

In each case, the pictures and coloring has been touched up. Including making the teeth whiter. The public FotoForensics analysis only identifies Photoshop (in the metadata), touching up, and low quality (ELA), but not the color correction. Hue analysis identifies the color alterations.

I don’t know if any of these are the pictures that China evaluated, but I am convinced that P&G digitally altered the alleged product results.

Shine on!

According to the news reports, China has a similar stance regarding photoshop in advertisements as I do.

An official of the Shanghai regulator said digital enhancement can only be used in adverts in which the changes were irrelevant, such as making the sky more blue in a car ad, Xinhua reported.

I have been saying for years that advertisers can change anything they want except for the item being advertised. When an advertisement for a dress digitally alters the dress, they give the impression that you will look gorgeous in the clothing. But with the digital alterations, they are actually saying, “you will never look this good because you are not photoshopped.” It is a bait-and-switch. They show you a picture of one thing, but then deliver something different.

(Heh… Wouldn’t it be funny if every purchase at Victoria’s Secret included a digital camera and a copy of Photoshop?)

Rinse and Repeat

Although the various news reports focus on P&G, a few mentioned other companies that were also fined. For example, China Economic Review said that Volkswagen and Nikon were also fined. However, the BBC suggested that China is only imposing fines on foreign brands.

I find this accusation from the BBC to be very interesting. While looking for pictures of Crest products in China, I came across this ad from Alibaba:

http://i00.i.aliimg.com/photo/v0/60026425160/Crest_3d_dental_care_tooth_teeth_whitening.jpg

There’s a couple of issues here. First, Onuge is not Crest — they are Crest’s Chinese competitor. Yet Onuge’s colorful logo and packaging looks very similar to Crest. The URL to the picture on Alibaba does not even mention Onuge — it says “Crest”. Even Onuge advertisements claim to have “Crest Supreme Quality“. This seems to be an intentional effort to cause confusion in the marketplace and to make consumers think that Onuge is Crest. (If this were in the United States, I think Crest would have strong grounds for copyright infringement.)

And just like Crest, Onuge digitally altered the teeth to appear whiter. However, I can find no mention of Onuge being fined for false advertisement.

Government Incentive

In addition to the BBC’s findings, the Wall Street Journal pointed out a serious reporting issue. WSJ found that the report from Xinhua (Chinese news outlet) did not mention that the fine was a year old! This is not a recent story — it is just recently being promoted in the media.

If the findings from the BBC and WSJ are correct, then the fine and news report may be less about consumer protection and more about political influence and an attempt to degrade foreign product reputations in the Chinese marketplace.

However, this idea of steep fines really got me thinking… If governments began to levy fines for digitally altered products in advertisements, then the amount of revenue to the government should be a viable option in lieu of minor tax increases. Local, state, and federal governments could bring in revenue from bait-and-switch advertisements. Advertisers would stop modifying product photos and consumers would begin to see products as they really are. This seems like a win-win for consumers and taxpayers.

The Hacker Factor Blog: Bull in a China Shop

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

This has been a really long Monday. (“But it’s Thursday!” I know. But when customers call, I answer.)

If you are involved in computer security, online privacy, or cyber defense, then there is one country that is almost unanimously associated with “evil”: China. Beyond their human rights abuses and massive pollution problems are issues with online censorship, plagiarism, cyber espionage, spam, and constant network attacks. My own servers see far more attacks coming from China than any other country. It’s to the point where I’ve considered banning all of China from accessing my sites.

Yet, China just made news about something that I completely agree with: they fined Procter and Gamble (P&G) 980,000 yuan (about $1 million) for false advertising.

The news reports are pretty straightforward. If you’re selling Crest toothpaste that makes teeth whiter, then do not photoshop the ads to make the teeth whiter. This is the same logic that the UK used back in 2009 when they banned an Olay advertisement featuring Twiggy; if you’re selling makeup to make eyes look better, then don’t use Photoshop to make the eyes look better. And yes, Olay is another P&G product.

Smile!

I went looking online for sample pictures of Crest toothpaste ads from China. As it turns out, The Internet Archive has a lot of their ads archived. Here’s a few of them from Crest’s homepage:

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_01.jpg

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_05.jpg

https://web.archive.org/web/20130425174611im_/http://image.crest.com.cn/images/home/home_banner_img07.jpg

https://web.archive.org/web/20130728074116im_/http://image.crest.com.cn/images/home/home_banner_img03.jpg

In each case, the pictures and coloring has been touched up. Including making the teeth whiter. The public FotoForensics analysis only identifies Photoshop (in the metadata), touching up, and low quality (ELA), but not the color correction. Hue analysis identifies the color alterations.

I don’t know if any of these are the pictures that China evaluated, but I am convinced that P&G digitally altered the alleged product results.

Shine on!

According to the news reports, China has a similar stance regarding photoshop in advertisements as I do.

An official of the Shanghai regulator said digital enhancement can only be used in adverts in which the changes were irrelevant, such as making the sky more blue in a car ad, Xinhua reported.

I have been saying for years that advertisers can change anything they want except for the item being advertised. When an advertisement for a dress digitally alters the dress, they give the impression that you will look gorgeous in the clothing. But with the digital alterations, they are actually saying, “you will never look this good because you are not photoshopped.” It is a bait-and-switch. They show you a picture of one thing, but then deliver something different.

(Heh… Wouldn’t it be funny if every purchase at Victoria’s Secret included a digital camera and a copy of Photoshop?)

Rinse and Repeat

Although the various news reports focus on P&G, a few mentioned other companies that were also fined. For example, China Economic Review said that Volkswagen and Nikon were also fined. However, the BBC suggested that China is only imposing fines on foreign brands.

I find this accusation from the BBC to be very interesting. While looking for pictures of Crest products in China, I came across this ad from Alibaba:

http://i00.i.aliimg.com/photo/v0/60026425160/Crest_3d_dental_care_tooth_teeth_whitening.jpg

There’s a couple of issues here. First, Onuge is not Crest — they are Crest’s Chinese competitor. Yet Onuge’s colorful logo and packaging looks very similar to Crest. The URL to the picture on Alibaba does not even mention Onuge — it says “Crest”. Even Onuge advertisements claim to have “Crest Supreme Quality“. This seems to be an intentional effort to cause confusion in the marketplace and to make consumers think that Onuge is Crest. (If this were in the United States, I think Crest would have strong grounds for copyright infringement.)

And just like Crest, Onuge digitally altered the teeth to appear whiter. However, I can find no mention of Onuge being fined for false advertisement.

Government Incentive

In addition to the BBC’s findings, the Wall Street Journal pointed out a serious reporting issue. WSJ found that the report from Xinhua (Chinese news outlet) did not mention that the fine was a year old! This is not a recent story — it is just recently being promoted in the media.

If the findings from the BBC and WSJ are correct, then the fine and news report may be less about consumer protection and more about political influence and an attempt to degrade foreign product reputations in the Chinese marketplace.

However, this idea of steep fines really got me thinking… If governments began to levy fines for digitally altered products in advertisements, then the amount of revenue to the government should be a viable option in lieu of minor tax increases. Local, state, and federal governments could bring in revenue from bait-and-switch advertisements. Advertisers would stop modifying product photos and consumers would begin to see products as they really are. This seems like a win-win for consumers and taxpayers.

TorrentFreak: UK ISPs Quietly Block Sites That List Pirate Bay Proxies

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate bayFollowing a series of High Court orders, six UK ISPs are required to block access to many of the world’s largest torrent sites and streaming portals.

The blocks are somewhat effective, at least in preventing subscribers from accessing the domains directly. However, there are also plenty of workarounds.

For many sites that are blocked one or more proxy sites emerge. These proxies allow people to access the blocked sites and effectively bypass the restrictions put in place by the court.

The copyright holders are not happy with these loopholes and have asked ISPs to add the proxies to their filters, which they have done on several occasions.

However, restricting access to proxies did not provide a silver bullet either as new ones continue to appear. This week the blocking efforts were stepped up a notch and are now targeting sites that merely provide an overview of various Pirate Bay proxies.

In other words, UK ISPs now restrict access to sites for linking to Pirate Bay proxies.

Among the blocked sites are piratebayproxy.co.uk, piratebayproxylist.com and ukbay.org. Both sites are currently inaccessible on Virgin Media and TalkTalk, and other providers are expected to follow suit.

virginblock

TF spoke with Dan, the operator of UKBay.org, who’s baffled by the newly implemented blockade. He moved his site to a new domain to make the site accessible again, for the time being at least.

“The new blocks are unbelievable and totally unreasonable. To block a site that simply links to another site just shows the level of censorship we are allowing ISP’s to get away with,” Dan says.

“UKBay is not even a PirateBay proxy. It simply provides links to proxies. If they continue blocking sites, that link to sites, that link to sites.. there’l be nothing left,” he adds.

One of the other blocked sites, piratebayproxy.co.uk, doesn’t have any direct links to infringing material. Instead, it provides an overview of short Pirate Bay news articles while listing the URLs of various proxies on the side.

Apparently, providing information about Pirate Bay proxies already warrants a spot on the UK blocklist.

tpbproxy

It is not a secret that the High Court orders give copyright holders the option to continually update the list of infringing domains. However, it’s questionable whether this should also include sites that do not link to any infringing material.

To our knowledge, it is the first time that this has happened.

The new additions were made as part of an existing High Court order that allowed copyright holders to block The Pirate Bay, a Virgin Media spokesperson informs us.

“Under the conditions of the original court order, the rightsholders have the authority to change the specific URLs or IP addresses that must be blocked by all major ISPs – not just Virgin Media. Such changes happen on a regular basis. There is no ‎extension or amendment to the original court order,” Virgin says.

As with earlier updates, the most recent changes are being made without a public announcement, which means that we don’t know precisely how many sites were added. We will update this article if more details arise.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Schneier on Security: <i>Data and Goliath</i>’s Big Idea

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Data and Goliath is a book about surveillance, both government and corporate. It’s an exploration in three parts: what’s happening, why it matters, and what to do about it. This is a big and important issue, and one that I’ve been working on for decades now. We’ve been on a headlong path of more and more surveillance, fueled by fear­–of terrorism mostly­–on the government side, and convenience on the corporate side. My goal was to step back and say “wait a minute; does any of this make sense?” I’m proud of the book, and hope it will contribute to the debate.

But there’s a big idea here too, and that’s the balance between group interest and self-interest. Data about us is individually private, and at the same time valuable to all us collectively. How do we decide between the two? If President Obama tells us that we have to sacrifice the privacy of our data to keep our society safe from terrorism, how do we decide if that’s a good trade-off? If Google and Facebook offer us free services in exchange for allowing them to build intimate dossiers on us, how do know whether to take the deal?

There are a lot of these sorts of deals on offer. Wayz gives us real-time traffic information, but does it by collecting the location data of everyone using the service. The medical community wants our detailed health data to perform all sorts of health studies and to get early warning of pandemics. The government wants to know all about you to better deliver social services. Google wants to know everything about you for marketing purposes, but will “pay” you with free search, free e-mail, and the like.

Here’s another one I describe in the book: “Social media researcher Reynol Junco analyzes the study habits of his students. Many textbooks are online, and the textbook websites collect an enormous amount of data about how­–and how often­–students interact with the course material. Junco augments that information with surveillance of his students’ other computer activities. This is incredibly invasive research, but its duration is limited and he is gaining new understanding about how both good and bad students study­–and has developed interventions aimed at improving how students learn. Did the group benefit of this study outweigh the individual privacy interest of the subjects who took part in it?”

Again and again, it’s the same trade-off: individual value versus group value.

I believe this is the fundamental issue of the information age, and solving it means careful thinking about the specific issues and a moral analysis of how they affect our core values.

You can see that in some of the debate today. I know hardened privacy advocates who think it should be a crime for people to withhold their medical data from the pool of information. I know people who are fine with pretty much any corporate surveillance but want to prohibit all government surveillance, and others who advocate the exact opposite.

When possible, we need to figure out how to get the best of both: how to design systems that make use of our data collectively to benefit society as a whole, while at the same time protecting people individually.

The world isn’t waiting; decisions about surveillance are being made for us­–often in secret. If we don’t figure this out for ourselves, others will decide what they want to do with us and our data. And we don’t want that. I say: “We don’t want the FBI and NSA to secretly decide what levels of government surveillance are the default on our cell phones; we want Congress to decide matters like these in an open and public debate. We don’t want the governments of China and Russia to decide what censorship capabilities are built into the Internet; we want an international standards body to make those decisions. We don’t want Facebook to decide the extent of privacy we enjoy amongst our friends; we want to decide for ourselves.”

In my last chapter, I write: “Data is the pollution problem of the information age, and protecting privacy is the environmental challenge. Almost all computers produce personal information. It stays around, festering. How we deal with it­–how we contain it and how we dispose of it­–is central to the health of our information economy. Just as we look back today at the early decades of the industrial age and wonder how our ancestors could have ignored pollution in their rush to build an industrial world, our grandchildren will look back at us during these early decades of the information age and judge us on how we addressed the challenge of data collection and misuse.”

That’s it; that’s our big challenge. Some of our data is best shared with others. Some of it can be ‘processed’­–anonymized, maybe­–before reuse. Some of it needs to be disposed of properly, either immediately or after a time. And some of it should be saved forever. Knowing what data goes where is a balancing act between group and self-interest, a trade-off that will continually change as technology changes, and one that we will be debating for decades to come.

This essay previously appeared on John Scalzi’s blog Whatever.

TorrentFreak: Google Slams MPAA Censorship Efforts After Court ‘Victory’

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

mpaa-logoWith help from the MPAA, Mississippi State Attorney General Jim Hood launched a secret campaign to revive SOPA-like censorship efforts in the United States.

The MPAA and Hood want Internet services to bring website blocking and search engine filtering back to the table after the controversial law failed to pass.

The plan became public through various emails that were released in the Sony Pictures leaks and in a response Google said that it was “deeply concerned” about the developments.

To counter the looming threat Google filed a complaint against Hood last December, asking the court to prevent Hood from enforcing a subpoena that addresses Google’s failure to take down or block access to illegal content, including pirate sites.

This week Google scored its first victory in the case (pdf) as U.S. District Judge Wingate granted a preliminary injunction to put the subpoena on hold.

This means that Hood can’t yet use the investigative powers that were granted in the subpoena. In addition, the injunction also prohibits Hood from filing civil or criminal charges, at least for the time being.

While the Court still has to rule on the merits of the case Google is happy with the first “win.” What stands out most, however, is Google slamming the MPAA’s efforts to censor the Internet.

“We’re pleased with the court’s ruling, which recognizes that the MPAA’s long-running campaign to censor the Web — which started with SOPA — is contrary to federal law,” Google’s general counsel Kent Walker notes.

While the MPAA wasn’t mentioned in the court’s decision, Google wants to make it clear that they see the Hollywood group as the driving force behind Hood’s “censorship” campaign.

Google’s harsh words are illustrative of the worsening relationship between the search giant and the Hollywood lobby group.

After a previous clash, a top executive at Google’s policy department told the MPAA that his company would no longer “speak or do business” with the movie group.

Thus far, the MPAA has remained relatively silent on the court case, at least in public. But given the stakes at hand it’s probably all hands on deck behind the scenes.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: NBC Universal Tries to Censor TorrentFreak’s News About Leaked Films

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

censorshipEarlier this year an unprecedented flood of leaked movies hit the net, including screener copies of popular titles such as American Sniper, Selma and Unbroken.

Hoping to steer people away from these unauthorized copies the copyright holders sent out thousands of takedown notices.

These efforts generally target URLs of torrent sites, cyberlockers and streaming services that link to the unauthorized movies. However, some requests go a little further, targeting news publications such as the one you’re reading at the moment.

Last week NBC Universal sent a series of takedown notices to Google including one for the leaked movie “Unbroken.” Aside from the usual suspects, the list of allegedly infringing URLs also included our recent coverage of the screener leaks.

As with the other pages, NBC Universal urged Google to remove our news report from its search results.

tfcensor1

Luckily, Google appears to have whitelisted our domain name so the search giant didn’t comply with the request. However, other sites may not be so lucky and could have their articles removed.

The overreaching takedown request doesn’t appear to be an isolated incident. Two days earlier NBC Universal sent another takedown notice targeting our coverage of the “Taken 3″ leak.

tfcensor2

But there’s more. Aside from our news articles there are also other dubious claims in the notices, such as the request to remove a live concert from the band “Unbroken.”

The question remains whether NBC Universal intentionally targeted our news articles our not.

While the latter seems to be the most likely explanation, it doesn’t change the fact that the overbroad censorship requests go too far.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Tumblr Censors “Torrent” Related Tags and Searches

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

tumblrnopostsIt appears that piracy is becoming a growing concern for micro-blogging platform Tumblr.

Earlier this week users panicked following an increase in takedown notices, which resulted in the termination of several blogs.

While this uproar was rather public, there are also better concealed changes that seem to target pirated content. Tumblr’s decision to hide posts mentioning the word “torrent” for example.

Those who search the site for “torrent” related queries will notice that there are no results displayed, even though there are plenty of posts mentioning the word. The same is true for posts tagged with “torrent.”

Tumblr is hiding the results in question from both public and logged in users but the latter can make the posts show up if they switch off the “safe mode” lock on the right hand side of the screen.

Below is what the search results for “Ubuntu Torrent” currently look like.

No torrents allowed
tumblr-torrent

Tumblr’s “safe mode” was turned on by default over a year ago to hide offensive “adult oriented” content from the public view. The same filter also blocks words such as “penis” for the same reason.

Needless to say, not all “torrent” posts are offensive or damaging to children’s eyes. A Vuze developer who highlighted the issue notes that other uses of the dictionary word are less threatening.

“Amusingly, the first result for us is pictures of water flowing over rocks.. so, non-adults feel safe, Tumblr will protect you against pictures of the outdoors,” the developer writes on Tumblr.

“Although, it is true that a torrent is a VIOLENT stream of liquid. And we should all be protecting our children against violence,” he adds.

It’s not clear whether the word “torrent” has been banned over piracy concerns or whether its frequent association with porn is the reason for the ban.

In any case, Tumblr’s filter is also hiding plenty of legitimate content, showing once again that Internet censorship is a slippery slope.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

The Hacker Factor Blog: All For The Better

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Back in 2013, I reported on a picture that I found to be digitally modified. Little did I know, I had inadvertently stepped into a major controversy about photojournalism. As the controversy continued, I tried to raised awareness of the digital manipulation problem that World Press Photo seemed to ignore. I now believe that I helped World Press Photo to see that they should (1) require camera-originals in their evaluation process, (2) use forensics to evaluate pictures for unacceptable modifications, (3) move away from constantly awarding middle-east war photos, and (4) start leading by example.

We have a winner!

A few days ago, World Press Photo (WPP) announced their 2015 winner. At face value, the controversy this year was probably supposed to be on the subject matter: Mads Nissen’s photo was on homophobia in Russia. However, that is not the thing that is getting press coverage. The press coverage is focused on one of WPP’s surprising revelations. Specifically, 20% of the finalists were disqualified due to excessive digital alterations. As reported at PetaPixel:

“Our contest rules clearly state that the content of the image should not be altered,” says Managing Director Lars Boering, “This year’s jury was very disappointed to discover how careless some photographers had been in post-processing their files for the contest. When this meant a material addition or subtraction in the content of the image, it lead to the images being rejected from the contest.”

“It seems some photographers can’t resist the temptation to aesthetically enhance their images during post-processing either by removing small details to ‘clean up’ an image, or sometimes by excessive toning that constitutes a material change to the image,” he says. “Both types of retouching clearly compromise the integrity of the image.”

This was the core of the debate two years ago, when I pointed out in excruciating detail how the 2013 winner digitally altered his photo. Back then, WPP claimed to support journalistic standards. However, they did not enforce this requirement. It wasn’t until after the public shaming that WPP adopted the requirement for camera-originals during the finalist stage.

(I’d say “I told you so”, but I’m not that petty.)

Bad Sportsmanlike Conduct

Through the use of forensics and evaluating the camera-original pictures, WPP managed to identify unacceptable modifications and ruled out 20% of the finalists. This is a huge result. It shows how big the problem is and how important it is to closely monitor photos in the media. As they say in the security world, “trust, but verify.”

It does not surprise me that some genres experience digital alterations more than others. The British Journal of Photography noted that this year’s WPP “Sports Stories category was so badly affected that the jury were unable to award a third prize.” They quoted WPP’s Lars Boering as adding, “I don’t want to say it is just sports photography because in every category was affected, [b]ut after the penultimate round, after we had awarded the first and second place, there was nothing left. All the other images had been removed.” The winning sports picture was also digitally enhanced a little, but not enough to be disqualified.

Ironically, this sports photo is a good picture, but it basically won by default since all but two pictures were disqualified. I’m sure Bao Tailiang is a good photographer, but coming in first out of two contestants doesn’t seem like a significant win. (Or to put it another way, if I had submitted a decent sports photo that was camera-original, then I could have come in third without trying!)

Predicting Change

In my 14-May-2013 blog entry, I showed a pattern in how WPP selects their winners. I wrote:

I also noticed that most of the recent winners are photos that feature the Middle East. This includes the winners announced in 2003, 2006, 2007, and 2009-2013. That’s 7 out of 11 years, and 100% over the last 5 years. This seems like quite a coincidence. If you really want to win, consider submitting a photo related to the Middle East — it will greatly improve your chances. (In contrast, very few of BuzzFeed’s “40 most powerful photos every taken” feature the Middle East. Instead, they feature photos from all over the world.)

I know that the people who run WPP read my blog. When someone predicts how you will react, the natural reaction is to change the result in order to break the predictive model. In 2014, WPP awarded a non-war picture in Africa. Their 2015 picture is on homosexual rights in Russia. They completely turned their decision process away from their war-based bias.

And for anyone who thinks this change is coincidental, consider this quote from an interview Lars Boering did with Time, where Time explicitly mentioned the 2013 controversy:

TIME LightBox: In recent years, World Press Photo has been the recipient of much criticism in the industry, especially when the integrity of one winning image was, wrongly, put into question in 2013. What are you planning to do to change the perception that World Press Photo is a monolithic organization that doesn’t take a stand?

Lars Boering: I think World Press Photo is a fantastic organization with a great reach. It plays an important role in the international photographic community. People think highly of it. But, in the past, it’s been neutral and hasn’t had a strong opinion about [issues affecting photographers]. In 2015, we can’t [continue like that]. People expect us to have an opinion and to discuss and debate what’s going on, to be part of finding the solution for photographers and visual storytellers on issues around the future of photography, censorship, freedom of speech, etc. We need to be part of the conversation, and we should be able to work together with a lot of important organizations in this industry to make sure that we’re, in a way, going in the right direction. We can’t be in control, but we can be part of the future.

When I read this, I think he means that they didn’t care about the photo’s subject, so they kept the same meaning every year (war is bad, war is bad, war is bad). This concept of changing the message was repeated by Vogue‘s Alessia Glaviano about this year’s winner:

“The photo has a message about love being an answer in the context of all that is going on in the world,” says Alessia Glaviano, senior editor at Vogue and one of the judges for this year’s awards. “It is about love as a global issue, in a way that transcends homosexuality. It sends out a strong message to the world, not just about homosexuality, but about equality, about gender, about being black or white, about all of the issues related to minorities.”

Continuing Change

Back in 2013 (and earlier), WPP permitted digital alterations and failed to uphold journalistic standards. In my blog entries, I repeatedly called for WPP to step up and lead by example. They should use their influence and address the issues related to digital alterations that are rampant in today’s photojournalism.

This year, WPP seems to have adopted this concept. Lars Boering said, “Over the coming months, we will be engaging in further dialogue with the international photojournalistic community to explore what we can learn from all this, and how we can create a deeper understanding of issues involved in the application of post-processing standards in professional photojournalism. Together we should find common ground about these standards and find out how they are changing. We will take the lead on this as it is a great concern to World Press Photo. We want to keep the standards high.” (Hey Lars — You know how to contact me…)

If only WPP would identify their “independent experts” who evaluated the photos. Back in 2013, WPP represented contractors/vendors who worked for the contest’s chairman (and one of WPP’s sponsors) as “independent experts“. (Direct contractors who have an incentive to make the chairman and sponsor look good are not “independent”.) In 2014 and 2015, WPP didn’t identify them at all.

WPP has made a lot of changes and it is all for the better. I am looking forward to the new standards for photojournalism.

Thanks to Xenon, Markus, and Lou for the WPP links.

The Hacker Factor Blog: All For The Better

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Back in 2013, I reported on a picture that I found to be digitally modified. Little did I know, I had inadvertently stepped into a major controversy about photojournalism. As the controversy continued, I tried to raised awareness of the digital manipulation problem that World Press Photo seemed to ignore. I now believe that I helped World Press Photo to see that they should (1) require camera-originals in their evaluation process, (2) use forensics to evaluate pictures for unacceptable modifications, (3) move away from constantly awarding middle-east war photos, and (4) start leading by example.

We have a winner!

A few days ago, World Press Photo (WPP) announced their 2015 winner. At face value, the controversy this year was probably supposed to be on the subject matter: Mads Nissen’s photo was on homophobia in Russia. However, that is not the thing that is getting press coverage. The press coverage is focused on one of WPP’s surprising revelations. Specifically, 20% of the finalists were disqualified due to excessive digital alterations. As reported at PetaPixel:

“Our contest rules clearly state that the content of the image should not be altered,” says Managing Director Lars Boering, “This year’s jury was very disappointed to discover how careless some photographers had been in post-processing their files for the contest. When this meant a material addition or subtraction in the content of the image, it lead to the images being rejected from the contest.”

“It seems some photographers can’t resist the temptation to aesthetically enhance their images during post-processing either by removing small details to ‘clean up’ an image, or sometimes by excessive toning that constitutes a material change to the image,” he says. “Both types of retouching clearly compromise the integrity of the image.”

This was the core of the debate two years ago, when I pointed out in excruciating detail how the 2013 winner digitally altered his photo. Back then, WPP claimed to support journalistic standards. However, they did not enforce this requirement. It wasn’t until after the public shaming that WPP adopted the requirement for camera-originals during the finalist stage.

(I’d say “I told you so”, but I’m not that petty.)

Bad Sportsmanlike Conduct

Through the use of forensics and evaluating the camera-original pictures, WPP managed to identify unacceptable modifications and ruled out 20% of the finalists. This is a huge result. It shows how big the problem is and how important it is to closely monitor photos in the media. As they say in the security world, “trust, but verify.”

It does not surprise me that some genres experience digital alterations more than others. The British Journal of Photography noted that this year’s WPP “Sports Stories category was so badly affected that the jury were unable to award a third prize.” They quoted WPP’s Lars Boering as adding, “I don’t want to say it is just sports photography because in every category was affected, [b]ut after the penultimate round, after we had awarded the first and second place, there was nothing left. All the other images had been removed.” The winning sports picture was also digitally enhanced a little, but not enough to be disqualified.

Ironically, this sports photo is a good picture, but it basically won by default since all but two pictures were disqualified. I’m sure Bao Tailiang is a good photographer, but coming in first out of two contestants doesn’t seem like a significant win. (Or to put it another way, if I had submitted a decent sports photo that was camera-original, then I could have come in third without trying!)

Predicting Change

In my 14-May-2013 blog entry, I showed a pattern in how WPP selects their winners. I wrote:

I also noticed that most of the recent winners are photos that feature the Middle East. This includes the winners announced in 2003, 2006, 2007, and 2009-2013. That’s 7 out of 11 years, and 100% over the last 5 years. This seems like quite a coincidence. If you really want to win, consider submitting a photo related to the Middle East — it will greatly improve your chances. (In contrast, very few of BuzzFeed’s “40 most powerful photos every taken” feature the Middle East. Instead, they feature photos from all over the world.)

I know that the people who run WPP read my blog. When someone predicts how you will react, the natural reaction is to change the result in order to break the predictive model. In 2014, WPP awarded a non-war picture in Africa. Their 2015 picture is on homosexual rights in Russia. They completely turned their decision process away from their war-based bias.

And for anyone who thinks this change is coincidental, consider this quote from an interview Lars Boering did with Time, where Time explicitly mentioned the 2013 controversy:

TIME LightBox: In recent years, World Press Photo has been the recipient of much criticism in the industry, especially when the integrity of one winning image was, wrongly, put into question in 2013. What are you planning to do to change the perception that World Press Photo is a monolithic organization that doesn’t take a stand?

Lars Boering: I think World Press Photo is a fantastic organization with a great reach. It plays an important role in the international photographic community. People think highly of it. But, in the past, it’s been neutral and hasn’t had a strong opinion about [issues affecting photographers]. In 2015, we can’t [continue like that]. People expect us to have an opinion and to discuss and debate what’s going on, to be part of finding the solution for photographers and visual storytellers on issues around the future of photography, censorship, freedom of speech, etc. We need to be part of the conversation, and we should be able to work together with a lot of important organizations in this industry to make sure that we’re, in a way, going in the right direction. We can’t be in control, but we can be part of the future.

When I read this, I think he means that they didn’t care about the photo’s subject, so they kept the same meaning every year (war is bad, war is bad, war is bad). This concept of changing the message was repeated by Vogue‘s Alessia Glaviano about this year’s winner:

“The photo has a message about love being an answer in the context of all that is going on in the world,” says Alessia Glaviano, senior editor at Vogue and one of the judges for this year’s awards. “It is about love as a global issue, in a way that transcends homosexuality. It sends out a strong message to the world, not just about homosexuality, but about equality, about gender, about being black or white, about all of the issues related to minorities.”

Continuing Change

Back in 2013 (and earlier), WPP permitted digital alterations and failed to uphold journalistic standards. In my blog entries, I repeatedly called for WPP to step up and lead by example. They should use their influence and address the issues related to digital alterations that are rampant in today’s photojournalism.

This year, WPP seems to have adopted this concept. Lars Boering said, “Over the coming months, we will be engaging in further dialogue with the international photojournalistic community to explore what we can learn from all this, and how we can create a deeper understanding of issues involved in the application of post-processing standards in professional photojournalism. Together we should find common ground about these standards and find out how they are changing. We will take the lead on this as it is a great concern to World Press Photo. We want to keep the standards high.” (Hey Lars — You know how to contact me…)

If only WPP would identify their “independent experts” who evaluated the photos. Back in 2013, WPP represented contractors/vendors who worked for the contest’s chairman (and one of WPP’s sponsors) as “independent experts“. (Direct contractors who have an incentive to make the chairman and sponsor look good are not “independent”.) In 2014 and 2015, WPP didn’t identify them at all.

WPP has made a lot of changes and it is all for the better. I am looking forward to the new standards for photojournalism.

Thanks to Xenon, Markus, and Lou for the WPP links.

The Hacker Factor Blog: All For The Better

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Back in 2013, I reported on a picture that I found to be digitally modified. Little did I know, I had inadvertently stepped into a major controversy about photojournalism. As the controversy continued, I tried to raised awareness of the digital manipulation problem that World Press Photo seemed to ignore. I now believe that I helped World Press Photo to see that they should (1) require camera-originals in their evaluation process, (2) use forensics to evaluate pictures for unacceptable modifications, (3) move away from constantly awarding middle-east war photos, and (4) start leading by example.

We have a winner!

A few days ago, World Press Photo (WPP) announced their 2015 winner. At face value, the controversy this year was probably supposed to be on the subject matter: Mads Nissen’s photo was on homophobia in Russia. However, that is not the thing that is getting press coverage. The press coverage is focused on one of WPP’s surprising revelations. Specifically, 20% of the finalists were disqualified due to excessive digital alterations. As reported at PetaPixel:

“Our contest rules clearly state that the content of the image should not be altered,” says Managing Director Lars Boering, “This year’s jury was very disappointed to discover how careless some photographers had been in post-processing their files for the contest. When this meant a material addition or subtraction in the content of the image, it lead to the images being rejected from the contest.”

“It seems some photographers can’t resist the temptation to aesthetically enhance their images during post-processing either by removing small details to ‘clean up’ an image, or sometimes by excessive toning that constitutes a material change to the image,” he says. “Both types of retouching clearly compromise the integrity of the image.”

This was the core of the debate two years ago, when I pointed out in excruciating detail how the 2013 winner digitally altered his photo. Back then, WPP claimed to support journalistic standards. However, they did not enforce this requirement. It wasn’t until after the public shaming that WPP adopted the requirement for camera-originals during the finalist stage.

(I’d say “I told you so”, but I’m not that petty.)

Bad Sportsmanlike Conduct

Through the use of forensics and evaluating the camera-original pictures, WPP managed to identify unacceptable modifications and ruled out 20% of the finalists. This is a huge result. It shows how big the problem is and how important it is to closely monitor photos in the media. As they say in the security world, “trust, but verify.”

It does not surprise me that some genres experience digital alterations more than others. The British Journal of Photography noted that this year’s WPP “Sports Stories category was so badly affected that the jury were unable to award a third prize.” They quoted WPP’s Lars Boering as adding, “I don’t want to say it is just sports photography because in every category was affected, [b]ut after the penultimate round, after we had awarded the first and second place, there was nothing left. All the other images had been removed.” The winning sports picture was also digitally enhanced a little, but not enough to be disqualified.

Ironically, this sports photo is a good picture, but it basically won by default since all but two pictures were disqualified. I’m sure Bao Tailiang is a good photographer, but coming in first out of two contestants doesn’t seem like a significant win. (Or to put it another way, if I had submitted a decent sports photo that was camera-original, then I could have come in third without trying!)

Predicting Change

In my 14-May-2013 blog entry, I showed a pattern in how WPP selects their winners. I wrote:

I also noticed that most of the recent winners are photos that feature the Middle East. This includes the winners announced in 2003, 2006, 2007, and 2009-2013. That’s 7 out of 11 years, and 100% over the last 5 years. This seems like quite a coincidence. If you really want to win, consider submitting a photo related to the Middle East — it will greatly improve your chances. (In contrast, very few of BuzzFeed’s “40 most powerful photos every taken” feature the Middle East. Instead, they feature photos from all over the world.)

I know that the people who run WPP read my blog. When someone predicts how you will react, the natural reaction is to change the result in order to break the predictive model. In 2014, WPP awarded a non-war picture in Africa. Their 2015 picture is on homosexual rights in Russia. They completely turned their decision process away from their war-based bias.

And for anyone who thinks this change is coincidental, consider this quote from an interview Lars Boering did with Time, where Time explicitly mentioned the 2013 controversy:

TIME LightBox: In recent years, World Press Photo has been the recipient of much criticism in the industry, especially when the integrity of one winning image was, wrongly, put into question in 2013. What are you planning to do to change the perception that World Press Photo is a monolithic organization that doesn’t take a stand?

Lars Boering: I think World Press Photo is a fantastic organization with a great reach. It plays an important role in the international photographic community. People think highly of it. But, in the past, it’s been neutral and hasn’t had a strong opinion about [issues affecting photographers]. In 2015, we can’t [continue like that]. People expect us to have an opinion and to discuss and debate what’s going on, to be part of finding the solution for photographers and visual storytellers on issues around the future of photography, censorship, freedom of speech, etc. We need to be part of the conversation, and we should be able to work together with a lot of important organizations in this industry to make sure that we’re, in a way, going in the right direction. We can’t be in control, but we can be part of the future.

When I read this, I think he means that they didn’t care about the photo’s subject, so they kept the same meaning every year (war is bad, war is bad, war is bad). This concept of changing the message was repeated by Vogue‘s Alessia Glaviano about this year’s winner:

“The photo has a message about love being an answer in the context of all that is going on in the world,” says Alessia Glaviano, senior editor at Vogue and one of the judges for this year’s awards. “It is about love as a global issue, in a way that transcends homosexuality. It sends out a strong message to the world, not just about homosexuality, but about equality, about gender, about being black or white, about all of the issues related to minorities.”

Continuing Change

Back in 2013 (and earlier), WPP permitted digital alterations and failed to uphold journalistic standards. In my blog entries, I repeatedly called for WPP to step up and lead by example. They should use their influence and address the issues related to digital alterations that are rampant in today’s photojournalism.

This year, WPP seems to have adopted this concept. Lars Boering said, “Over the coming months, we will be engaging in further dialogue with the international photojournalistic community to explore what we can learn from all this, and how we can create a deeper understanding of issues involved in the application of post-processing standards in professional photojournalism. Together we should find common ground about these standards and find out how they are changing. We will take the lead on this as it is a great concern to World Press Photo. We want to keep the standards high.” (Hey Lars — You know how to contact me…)

If only WPP would identify their “independent experts” who evaluated the photos. Back in 2013, WPP represented contractors/vendors who worked for the contest’s chairman (and one of WPP’s sponsors) as “independent experts“. (Direct contractors who have an incentive to make the chairman and sponsor look good are not “independent”.) In 2014 and 2015, WPP didn’t identify them at all.

WPP has made a lot of changes and it is all for the better. I am looking forward to the new standards for photojournalism.

Thanks to Xenon, Markus, and Lou for the WPP links.

TorrentFreak: Steam Censors Kickass.to Mentions in Chat Client

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

steamWith millions of active users Steam is not just a game distribution platform, but also a social network and a communication tool.

Many people use Steam’s instant messaging tool for chats with friends. About games of course, but also about lots of other stuff.

Interestingly, it appears that Steam doesn’t want its users to talk about certain topics. When the popular torrent site KickassTorrents went offline earlier this week, one Steam user noticed that his messages on the topic were being censored.

“There is no warning or blocked message notification. The messages simply disappeared,” we were told.

After running some tests, which have been replicated by TF, it’s clear that messages mentioning the Kickass.to domain name are not coming through. It’s not just the domain that’s censored, but the entire message.

Below is an example of the vanishing text where the user sent the following three lines.

steamcensored1. The next line may be missing
2. A line mentioning Kickass.to
3. Was there a line 2

The person on the other end of the conversation only sees line 1 and 3, without a warning or notification that the second line was not sent.

It’s unclear why Steam is censoring these conversations. TorrentFreak contacted Valve to find out more about the disappearing chats, but at the time of publication we have yet to receive a response.

It would be easy to conclude that the copyright infringing links on Kickass.to are the reason, but then it’s strange that The Pirate Bay and all other torrent sites are not affected.

Interestingly, however, kickass.to seems to be the only one that’s affected right now. Other domains including Kickass.so and Torrentz.eu are flagged by Steam as potentially malicious, and users get a warning if they attempt to open them. These domains do show up in private chats though.

steammal

Without a comment from Valve the true reason for the awkward censorship measures remains unknown. It is clear though, that Steam is keeping a close eye on what people talk about.

That by itself is already quite concerning.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Google Chrome Dragged Into Internet Censorship Fight

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

chromeHelped by the MPAA, Mississippi State Attorney General Jim Hood launched a secret campaign to revive SOPA-like censorship efforts in the United States.

The MPAA and Hood want Internet services to bring website blocking and search engine filtering back to the table after the controversial law failed to pass.

The plan became public through various emails that were released in the Sony Pictures leaks and in a response Google said that it was “deeply concerned” about the developments.

To counter the looming threat Google filed a complaint against Hood last December, asking the court to quash a pending subpoena that addresses Google’s failure to take down or block access to illegal content, including pirate sites.

Recognizing the importance of this case, several interested parties have written to the court to share their concerns. There’s been support for both parties with some siding with Google and others backing Hood.

In a joint amicus curae brief (pdf) the Consumer Electronics Association (CEA), Computer & Communications Association (CCIA) and
advocacy organization Engine warn that Hood’s efforts endanger free speech and innovation.

“No public official should have discretion to filter the Internet. Where the public official is one of fifty state attorneys general, the danger to free speech and to innovation is even more profound,” they write.

According to the tech groups it would be impossible for Internet services to screen and police the Internet for questionable content.

“Internet businesses rely not only on the ability to communicate freely with their consumers, but also on the ability to give the public ways to communicate with each other. This communication, at the speed of the Internet, is impossible to pre-screen.”

Not everyone agrees with this position though. On the other side of the argument we find outfits such as Stop Child Predators, Digital Citizens Alliance, Taylor Hooton Foundation and Ryan United.

In their brief they point out that Google’s services are used to facilitate criminal practices such as illegal drug sales and piracy. Blocking content may also be needed to protect children from other threats.

“Google’s YouTube service has been used by those seeking to sell steroids and other illegal drugs online,” they warn, adding that the video platform is also “routinely used to distribute other content that is harmful to minors, such as videos regarding ‘How to Buy Smokes Under-Age’, and ‘Best Fake ID Service Around’.

Going a step further, the groups also suggest that Google should filter content in its Chrome browser. The brief mentions that Google recently removed Pirate Bay apps from its Play Store, but failed to block the site in search results or Chrome.

“In December 2014, responding to the crackdown on leading filesharing website PirateBay, Google removed a file-sharing application from its mobile software store, but reports indicate that Google has continued to allow access to the same and similar sites through its search engine and Chrome browser,” they write.

The Attorney General should be allowed to thoroughly investigate these threats and do something about it, the groups add.

“It is simply not tenable to suggest that the top law enforcement officials of each state are powerless even to investigate whether search engines or other intermediaries such as Google are being used—knowingly or unknowingly—to facilitate the distribution of illegal content…”

In addition to the examples above, several other organizations submitted amicus briefs arguing why the subpoena should or shouldn’t be allowed under the First Amendment and Section 230 of the CDA, including the International AntiCounterfeiting Coalition, EFF, the Center for Democracy & Technology and Public Knowledge.

Considering the stakes at hand, both sides will leave no resource untapped to defend their positions. In any event, this is certainly not the last time we’ll hear of the case.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: In Memory Of The Liberties Lost In The War on Piracy

This post was syndicated from: TorrentFreak and was written by: Rick Falkvinge. Original post: at TorrentFreak

copyright-brandedThere are a couple of things we of the net generation knew all along in the so-called piracy debate that started.

The first of those things is that the copyright industry had a medical case of severe rectocranial inversion when they made the sloppy business assumption that an unlicensed copy of a movie or a piece of music was equivalent to a lost sale.

The second of those things is that it wouldn’t have mattered even if it were true (which it wasn’t), because no industry gets to eliminate fundamental civil liberties like the private letter, completely regardless of whether the continued existence of civil liberties means they can make money or not.

So we of the net generation knew all along that the copyright industry was not only wrong and stupid, but also that their assertion was – or should have been – irrelevant in the first place.

However, the copyright industry was absolutely determined to prevent people from discussing and sharing interesting things (which is what file-sharing amounts to), damn the consequences to civil liberties and society at large to hell. If you put it this way – what kind of measures would it take to physically and legally prevent people from discussing the things they want in private? – you should arrive at conclusions which make hairs rise on your arms. The measures required would amount to something beyond Orwellian, and that’s exactly what the copyright industry demanded.

Unfortunately and tragically, the politicians didn’t understand what the copyright monopoly was asking for. They regarded the Internet as some kind of novel and regulatable toy, and not as the space for private correspondence that it is. When you mistake a private conversation arena for something completely different, and regulate it like any ordinary commercial toy, disaster to civil liberties is just around the corner.

That’s exactly what happened. But what would you expect when lawmakers get their e-mail printed for them by their secretaries (yes, really), and still think they understand what the internet is.

Last week, we saw that the entire initial business assumption – that unlicensed manufacturing of music and movies had been the root cause of the collapse of profit – was utterly wrong. With unlicensed file-sharing reduced to a mere 4% in Norway, without a significant effect on revenues, it’s trivial to observe that file-sharing was never a business problem in the first place. To the contrary, we of the net generation assert confidently that sharing has a positive – not negative – correlation with sales.

So the copyright industry has successfully lobbied for laws that ban people from sharing and discussing interesting things in private, and done so from the sloppiest conceivable of false business assumptions. As a result of this dimwitted business sense combined with diehard foolhardiness, we’re left with nowhere to talk or walk in private.

It’s helpful to remember what rights have been lost to this dumb crusade, when you compare to the analog equivalent:

The right to communicate anonymously has been lost, due to the copyright industry’s lobbying. This was so fundamental a right – putting up anonymous posters – that the United States would not exist without it (see the Federalist Papers which were anonymously posted everywhere).

We no longer have the right to modify, rebuild, and repurpose our own possessions, because we may do so with an intent of discussing interesting things with our friends.cameraspy

Mail carriers no longer have messenger immunity, something that had otherwise been a sacred constant between the Roman Empire and the Dimwitted Copyright Industry.

We no longer have the legal right to point at or give directions to interesting places if what happens in that location breaks a law somewhere. (Just to illustrate the special treatment of the copyright industry here, compare this to the fact that Wikipedia has a helpful page on nuclear weapons design.)

The copyright industry has been given the right to write its own laws thanks to an intentional legal loophole that prohibits us from circumventing digital restriction measures, even when those measures prevent still-legal uses of our own possessions.

The right to send private letters is being lost, due to a long-standing tirade. The copyright industry has successfully lobbied the largest correspondence carriers today – Facebook and the like – to just ban anything they don’t like. Not long ago, if you posted a link to The Pirate Bay on Facebook, you would be interrupted by a message saying that you had discussed a forbidden subject. Imagine that happening in an old-fashioned phonecall or a conversation in the street, and you’ll realize what a horrifying development it is.

A diary has extensive protection in law against search and seizure in most legislations. However, a computer – which is far more sensitive – does not. After all, it may contain a copy of a bad movie.

The right to be presumed innocent has been lost, thanks to the copyright industry’s lobbying for things like Data Retention – laws that log all our conversations pre-emptively, whom we talk to and from where and when and how, just in case it was found out later that the copyright industry didn’t like what we discussed.

The right to have laws enforced by dedicated law enforcement has been lost – the copyright industry has successfully lobbied for laws that give them a fast lane past the slow judiciary with its irritating “due process” and other nonsense, when it comes to forcefully enforcing their commercial monopolies against dangerous single mothers. The copyright industry specifically intended to use this in combination with Data Retention above.

Did you know the copyright industry has even sued Internet Service Providers with the demand to install wiretapping-and-censorship equipment in the deepest of their switches, effectively demanding to wiretap and censor an entire country? We’re not talking about the NSA or GCHQ here, but a private dimwitted industry that are going on a crusade against its evil customers?

This is just a short list of examples. There are many more.

And these civil liberties – vital, fundamental civil liberties that aren’t passing from our parents to our children – were lost because of a damn dimwitted sloppy business assumption that turned out to be 180 degrees wrong. It’s beyond depressing. It’s enraging.

About The Author

Rick Falkvinge is a regular columnist on TorrentFreak, sharing his thoughts every other week. He is the founder of the Swedish and first Pirate Party, a whisky aficionado, and a low-altitude motorcycle pilot. His blog at falkvinge.net focuses on information policy.

Book Falkvinge as speaker?

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Amazon Bans BitTorrent App FrostWire Over Piracy Concerns

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

fwlogoTaking “infringing” apps out of popular app stores is one of Hollywood’s key anti-piracy priorities for the years to come.

Various copyright holder groups frequently report “piracy-enabling” apps to Apple, Google, Microsoft and Amazon, alongside requests for the stores to take them offline.

The stores themselves also screen for potentially problematic software. Apple, for example, has notoriously banned all BitTorrent related apps.

This week, Amazon is following in Apple’s footsteps by banning one of the most used BitTorrent clients from its store. The Android version of FrostWire had been listed for well over a year but Amazon recently had a change of heart.

FrostWire developer Angel Leon tells TF that the app was removed without prior warning. When he asked the company for additional details, he was told that Amazon sees his app as a pirate tool.

“In reviewing your app, we determined that it can be used to facilitate the piracy or illegal download of content. Any facilitation of piracy or illegal downloads is not allowed in our program,” Amazon’s support team writes.

fw-mail

Leon was baffled by the response. FrostWire had been a member of the Developer Select program for over a year and always made sure to avoid any links to piracy. On the contrary, FrostWire was actively promoting Creative Commons downloads and other legal content.

“We have never promoted illegal file sharing, we actually promote creative commons downloads, and free legal downloads from soundcloud, archive.org. The app is also a full blown music player, but none of this probably counts,” Leon tells us.

“Web browsers and email clients are still there, programs that also fall in the category of being ‘used to facilitate the piracy or illegal download of content’,” he adds, pointing out the arbitrary decision.

While it’s not clear why Amazon changed its stance towards FrostWire, it wouldn’t be a surprise if pressure from copyright holders played a role.

FrostWire’s developer believes that the mobile developer industry may have to come up with a less censorship prone store in the future. There’s a need for a decentralized app store that secures the interests of both iOS and Android developers.

For now, Leon hopes that other stores will be less eager to pull the plug on perfectly legal apps. While it may seem to be a small decision for the stores, having a popular app removed can ruin a developer’s entire business.

The beauty of FrostWire and other BitTorrent clients is that they offer the freedom to share files with people from all over the world without being censored. Restricting access to apps that make this possible will harm society, Leon believes.

“This is a freedom which eventually protects society from the likes of totalitarian governments, something some of us at FrostWire have lived first hand in Latin America, something that forced me and so many Venezuelans to leave our countries and start again from scratch in the US,” Leon concludes.

Despite being banned from Amazon’s store, Kindle users will still be able to get updates via the FrostWire website. A special installer for Kindle will be available soon.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Krebs on Security: Spreading the Disease and Selling the Cure

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

When Karim Rattani isn’t manning the till at the local Subway franchise in his adopted hometown of Cartersville, Ga., he’s usually tinkering with code. The 21-year-old Pakistani native is the lead programmer for two very different yet complementary online services: One lets people launch powerful attacks that can knock Web sites, businesses and other targets offline for hours at a time; the other is a Web hosting service designed to help companies weather such assaults.

Grimbooter

Grimbooter

Rattani helps run two different “booter” or “stresser” services – grimbooter[dot]com, and restricted-stresser[dot]info. He also works on TheHosted[dot]me, a Web hosting firm marketed to Web sites looking for protection from the very attacks he helps to launch.

As part of an ongoing series on booter services, I reached out to Rattani via his Facebook account (which was replete with images linking to fake Youtube sites that foist malicious software disguised as Adobe’s Flash Player plugin). It turns out, the same Google Wallet is used to accept payment for all three services, and that wallet traced back to Rattani.

In a Facebook chat, Rattani claimed he doesn’t run the companies, but merely accepts Google Wallet payments for them and then wires the money (minus his cut) to a young man named Danial Rajput — his business partner back in Karachi. Rajput declined to be interviewed for this story.

The work that Rattani does for these booter services brings in roughly $2,500 a month — far more than he could ever hope to make in a month slinging sandwiches. Asked whether he sees a conflict of interest in his work, Rattani was ambivalent.

“It is kind of [a conflict], but if my friend won’t sell [the service], someone else will,” he said.

Rattani and his partner are among an increasing number of young men who sell legally murky DDoS-for-hire services. The proprietors of these services market them as purely for Web site administrators to “stress test” their sites to ensure they can handle high volumes of visitors.

But that argument is about as convincing as a prostitute trying to pass herself off as an escort. The owner of the attack services (the aforementioned Mr. Rajput) advertises them at hackforums[dot]net, an English language forum where tons of low-skilled hackers hang and out and rent such attack services to prove their “skills” and toughness to others. Indeed, in his own first post on Hackforums in 2012, Rajput states that “my aim is to provide the best quality vps [virtual private server] for ddosing :P”.

Damon McCoy, an assistant professor of computer science at George Mason University, said the number of these DDoS-for-hire services has skyrocketed over the past two years. Nearly all of these services allow customers to pay for attacks using PayPal or Google Wallet, even though doing so violates the terms of service spelled out by those payment networks.

“The main reason they are becoming an increasing problem is that they are profitable,” McCoy said. “They are also easy to setup using leaked code for other booters, increasing demand from gamers and other customers, decreasing cost of attack infrastructure that can be amplified using common DDoS attacks. Also, it is relatively low-risk to operate a booter service when using rented attack servers instead of botnets.”

The booter services are proliferating thanks mainly to free services offered by CloudFlare, a content distribution network that offers gratis DDoS protection for virtually all of the booter services currently online. That includes the Lizardstresser, the attack service launched by the same Lizard Squad (a.k.a. Loser Squad) criminals whose assaults knocked the Microsoft Xbox and Sony Playstation networks offline on Christmas Day 2014.

The sad truth is that most booter services probably would not be able to remain in business without CloudFlare’s free service. That’s because outside of CloudFlare, real DDoS protection services are expensive, and just about the only thing booter service customers enjoy attacking more than Minecraft and online gaming sites are, well, other booter services.

For example, looking at the (now leaked) back-end database for the LizardStresser, we can see that TheHosted and its various properties were targeted for attacks repeatedly by one of the Loser Squad’s more prominent members.

The Web site crimeflare.com, which tracks abusive sites that hide behind CloudFlare, has cataloged more than 200 DDoS-for-hire sites using CloudFlare. For its part, CloudFlare’s owners have rather vehemently resisted the notion of blocking booter services from using the company’s services, saying that doing so would lead CloudFlare down a “slippery slope of censorship.”

As I observed in a previous story about booters, CloudFlare CEO Matthew Prince has noted that while Cloudflare will respond to legal process and subpoenas from law enforcement to take sites offline, “sometimes we have court orders that order us to not take sites down.” Indeed, one such example was CarderProfit, a Cloudflare-protected carding forum that turned out to be an elaborate sting operation set up by the FBI.

I suppose it’s encouraging that prior to CloudFlare, Prince was co-creators of Project Honey Pot, which bills itself as the largest open-source community dedicated to tracking online fraud and abuse. In hacking and computer terminology, a honeypot is a trap set to detect, deflect or otherwise counteract attempts at unauthorized use or abuse of information systems.

It may well turn out to be the case that federal investigators are allowing these myriad booter services to remain in operation so that they can gather copious evidence for future criminal prosecutions against their owners and users. In the meantime, however, it will continue to be possible to purchase powerful DDoS attacks with little more than a credit card or prepaid debit card.