CyberLaw Blog

Archive for March, 2009

Worm strikes Commons computer network

Parliamentary computers have been infected by the Conficker worm, like an estimated 10m PCs worldwide – and experts fear next week will see problems worsen

The House of Commons internal computer network has been infected by the ‘Conficker’ worm that has also infected millions of Windows PCs around the world, and has had to ban its users from attaching outside storage – such as USB ‘memory sticks’ – in case it gets reinfected.

The revelation is an embarrassment for the organisation running the network, which contains nearly 1,000 computers, because Microsoft issued a fix for the weakness that leaves PCs vulnerable in October – meaning that they have been lax in applying necessary security fixes. MessageLabs, owned by Symantec, is understood to be responsible for the antivirus and antispam filtering of communications with the network.

A memo sent out in the House of Commons network on Tuesday night warned that ‘the Parliamentary network has been affected by a virus known as conficker. This virus affects users by slowing down the Network and by locking out some accounts.’ It instructs users to leave computers turned on – so that they can have the malware removed – and that unauthorised computers be removed from the network.

Memory sticks, which can be used to transfer the worm accidentally between computer networks, have also been banned while the system is cleansed.

None of MessageLabs, the Parliamentary Information Communications and Technology helpdesk or a spokeswoman nominated by PICT had responded to requests for comment when this story was filed.

Security experts are meanwhile trying to work out whether the Conficker worm, which has infected roughly 10m Windows PCs around the world, will devastate the internet on 1 April, when it is due to seek out an update to its controlling software from the unknown group that wrote the original infecting code.

Antivirus companies have managed to decode enough of the code of the program – also known as ‘downadup’ – to realise that from next Wednesday it will start to check 50,000 randomly-named domains which might be registered in any one 110 different countries, seeking one site that will have been set up to issue it with new instructions.

That marks a step up from earlier versions of the worm, which used to check 250 sites per day – but which was defeated because in an unprecedented effort, a multinational industry security team managed to block all of the potential domains, including a number in China.

The fears are that the update might instruct the infected machines to start an all-out attack on major sites such as Google, Yahoo or Amazon – all of which have been targets of ‘denial of service’ attacks by large groups of infected computers, known as ‘botnets’, in the past.

But it is more likely that the computers will simply get updated orders to carry on sending out spam emails, or hosting ‘phishing’ sites – which look like official bank or credit card sites but are fake, and collect information to send to the botnet’s owner.

The worm seems to have been developed by Chinese hackers, but its purpose is not clear. It has spread to millions of PCs, often in corporate organisations, by exploiting a flaw in older versions of Microsoft’s Internet Explorer browser.

In February, Microsoft put a $250,000 bounty on the head of the writer, or writers, of Conficker: ‘The Conficker worm is a criminal attack. People who write this malware have to be held accountable,’ said George Stathakopoulos, of Microsoft’s Trustworthy Computing Group.

‘We don’t know who’s behind this worm, but they seem to be pretty professional in what they do,’ noted F-Secure, one of the antivirus companies that was first to spot the worm. The worm uses a cryptographic system called the MD6 hash algorithm, which encodes its content using a secure new system that has proven impossible for antivirus teams to break.

But others think it will be less dramatic. ‘What happens on April Fool’s day is anyone’s guess,’ noted Vinoo Thomas of McAfee. ‘But what have we learnt from history? From the days of [the] Michelangelo [virus, in 1992] to the recent Blaster, SoBig, Sober and Kamasutra worms, the hype surrounding the activation or payload dates of major Internet worms have only turned out to be damn squibs.’

Rick Wesson, of the industry team that has built up around efforts to defeat Conficker, thinks that its legacy may turn out to be positive: because it has forced different countries to work together, it has created the first forms of a worldwide cyber security system. ‘No matter what happens with Conficker, it’s created something here….a beautiful opportunity to bring cyber security to the kitchen table,’ he told the Washington Post.

(Via Latest news, sport, business, comment and reviews from the Guardian | guardian.co.uk.)

Google Street View and Paul McCartney’s hugely high wall: “I’ve always wondered what was over Paul McCartney’s fence. It is an open
secret in the neighbourhood which is his house. He has the sort of gates
that bring a little bit of the Home Counties to London and a wall so high
you can’t walk past and cast a casual glance into the front window. Now,
thanks to Google Street View, not only have I hurdled the barricades to
peek, I have also read the number plates of the cars parked behind his
forbidding gates.”

(Via Law News from Times Online.)

EU – Commission proposess to revise legislation on child pornography: “(Europa)
The European Commission has adopted two proposals for new rules to step up the fight against trafficking in human beings and child sexual abuse, sexual exploitation and child pornography. These new proposals replace existing legislation which has been in place since respectively 2002 and 2004. The proposal to fight the sexual abuse and sexual exploitation of children makes it easier to punish those who abuse children by providing criminal sanctions for new forms of abuse like ‘grooming’ – luring children through internet and abusing them, viewing child pornography without downloading files or making children pose sexually in front of webcams. Systems to block access to websites containing child pornography will be developed.

(Via QuickLinks Update.)

Britons Find Disconnecting Pirates Unpopular Option: “A study conducted by ISPreview.co.uk found that disconnecting alleged P2P pirates was a highly unpopular option in battling the transfer of unauthorized material. The UK and France are at the center of a potentially groundbreaking shift in anti-piracy policy, as the entertainment industry is pushing for a ‘three strikes’ approach to stifling unauthorized distribution.”

(Via Slyck.com File-Sharing News And Information.)

Lawyer-client privilege no bar to surveillance, say Lords: “

Yes sir, I can bug you

The state is allowed to bug communication between lawyers and their clients, the House of Lords has said. The UK’s highest court ruled that spy law the Regulation of Investigatory Powers Act (RIPA) allows lawyers’ conversations to be bugged.…

“

(Via The Register – Public Sector.)

Kiwis scrap ‘three strikes’ P2P policy: “

Frenchie copyright law gets rewrite

New Zealand has temporarily abandoned its plans to enact a French-style ‘three-strikes’ internet policy that forces ISPs to disconnect customers repeatedly accused of illegally downloading copyrighted materials.…

“

(Via The Register – Public Sector.)

German Cops Raid Home of Wikileaks and Tor Volunteer – Update | Threat Level from Wired.com

By Ryan Singel EmailMarch 25, 2009 | 2:04:12 PM

Eleven German police officers raided the homes of Wikileaks amicus Theodor Reppe Tuesday night in an emergency raid and seized an employer-issued laptop, following Wikileaks publication of the Australian government’s list of banned websites.

Apparently, the Germans, like the Australians, want the list taken down.

The police claimed they were on the hunt for child pornography writings (.pdf) and were seeking to shut down wikileaks.de, a domain name the 22-year-old hacker purchased to help out the whistleblowing website. The German domain name simply redirects surfers to a web proxy in Sweden that points to Wikileaks’ real servers, Reppe told Threat Level by phone.

‘They said they want all my hardware and to take Wikileaks down but that is impossible for me,’ Reppe said. Police first raided his parents’ home, but he had moved from there into a shared flat nearby some three months ago.

Wikileaks has been sparring with the Australian government over internet blacklists — after Australian authorities added portions of the site to its watchlist. Just as in Germany, there is a move in Australia to require all ISPs to block URLs put on the secret government-controlled list.

Wikileaks has a habit of publishing those lists — which include lists of known child pornography sites.

The police asked Reppe for passwords to both wikileaks.org and wikileaks.de but did not understand his explanation of how domain names worked, according to Reppe.

Both Reppe and Wikileaks say he has no operational role in the non-profit’s mission to expose the world’s dirty laundry.

Juilian Assange, Wikileaks’s prime mover, suggested the raids may be simply for show, since the police didn’t know what to look for and there’s a current struggle inside Germany over a mandatory internet censorship proposal.

‘It seems that the police were not personally motivated and the raid is ‘for show’,’ Assange said by e-mail. ‘The only question is — who is the audience?’

On Wednesday, the German cabinet gave preliminary approval to a law making the filters mandatory for all ISPs, according to Reuters.

Reppe also runs a prominent anonymizing Tor server and has seen the police walk off with his computers before.

Tor is a U.S. military-designed service used by diplomats and pedophiles alike to hide their online tracks.

Eighteen months ago, German police took Reppe’s personal computers when they discovered the IP address of his Tor exit node during a child pornography investigation. The proxy, which runs off a computer in a data center, was not affected by the raid — just as wikileaks.de remains up on Wednesday.

But this time, according to Reppe, the police were only interested in Reppe’s Wikileaks affiliation, asking for the password to the website and requesting that it be shut down.

Reppe is now left without a computer. Fortunately, he received word on Tuesday that the computers taken away 18 months ago will be returned on April 1.

As for his laptop from the software development company he works for?

‘I don’t think they will find anything and I’m not worried,’ Reppe said. ‘But tomorrow I must alert my bosses to the laptop seized by the police.’

Reppe hopes this time it won’t take 18 months for the police to return it.

Update: This story was substantially rewritten with information from Wikileaks and Reppe and published at 6:45 EST.

The original version of this story incorrectly indicated that German government had passed a mandatory censorship law on Wednesday; only the first steps have been taken.

ACLU Sues Prosecutor Over ‘Sexting’ Child Porn Charges | Threat Level from Wired.com

By Kim Zetter EmailMarch 25, 2009 | 2:12:01 PMCategories: Crime

The American Civil Liberties Union is helping three teenage girls fight back against a Pennsylvania prosecutor who has threatened to charge the girls with felony child porn violations over digital photos they took of themselves.

In a federal lawsuit filed Wednesday in Pennsylvania, ACLU lawyers accuse District Attorney George P. Skumanick, Jr. (.pdf) of violating the civil rights of the girls. The lawsuit says the threat to prosecute the minors ‘is unprecedented and stands anti-child-pornography laws on their head.’

The lawsuit comes in the wake of a string of cases around the country in which teens have been arrested on child porn charges for making and distributing nude and semi-nude photos of themselves.

At issue in the case are photos seized from student cellphones last year by officials of the Tunkhannock School District in Wyoming County, Pennsylvania. The practice of taking nude or semi-nude self-portraits and distributing them via a cellphone or the internet has come to be called ’sexting’ and has resulted in teens being arrested in a number of states under child porn production, distribution and possession charges.

The Tunkhannock case involves two photos depicting the three girls. One photo of Marissa Miller and Grace Kelly shows them two years ago at age 13 lying side by side while one talks on the phone and the other makes a peace sign with her fingers, according to the ACLU complaint. The two are photographed from the waist up and are wearing white opaque bras. A second photo shows a girl referred to in the court document as ‘Jane Doe’ photographed outside a shower with a towel wrapped around her waist. Her breasts are bared.

Last October, Tunkhannock school officials discovered that male students had been trading these and other photos, showing various states of undress, on their phones. Officials confiscated the phones and turned them over to Skumanick’s office, which began a criminal investigation.

Skumanick told an assembly of students that possessing inappropriate images of minors could be prosecuted under state child porn laws. Anyone convicted under the laws faces a possible seven year sentence and a felony conviction on their record. Under a state sex offender law, they must also register as a sex offender for 10 years and have their name and photo posted on the state’s sex offender website — the latter requirement will include juvenile offenders when the law is amended later this year.

Skumanick, who is running for re-election in May, also sent a letter to 20 students, including the three girls, who were found in possession of images. In a meeting with the students and their parents, he said he would file felony charges against the students unless they agreed to six months of probation, among other terms. He gave the parents 48 hours to agree. The parents of the three girls in the ACLU suit refused to sign.

Skumanick then threatened to charge the girls with producing child porn unless their parents agreed to the probation, and sent the teenagers to a five-week, 10-hour education program to discuss why what they did was wrong and what it means to be a girl in today’s society. The girls would also have to subject themselves to drug testing — a standard probation term in the county.

In an interview with Threat Level, Skumanick defended his actions, and said he offered the agreement in an attempt to avoid prosecution while still teaching the teens a lesson.

‘In other places around the country, they’ve simply charged [teens] and not given them an opportunity to avoid a criminal record,’ the prosecutor said. ‘Frankly, it would have been simpler to just charge them and force them to do what we wanted them to do. But then they’d end up with criminal records, and we felt this was a better approach. We were trying to do the right thing by helping them out.’

He pointed to an incident last year in Ohio to emphasize the dangers of sexting. In that case, a teenage girl killed herself over a nude photo she sent to her boyfriend, which he’d redistributed to other students, who taunted her.

‘Once these photos are out, God only know who’s going to get them,’ Skumanick said.

The ACLU of Pennsylvania is representing the three girls and their parents. In its lawsuit — filed in U.S. District Court for the Middle District of Pennsylvania — the organization charges that Skumanick violated the girls’ First Amendment rights. The lawsuit says the photos do not constitute child pornography under Pennsylvania’s criminal code since they depict no sexual activity and do not display the pubic area of the girls’ bodies.

The ACLU wants a federal judge to bar the prosecutor from charging the girls.

‘Skumanick’s threatened prosecution chills Plaintiff’s First Amendment right of expression, causing them concern about whether they may photograph their daughters, or whether the girls may allow themselves to be photographed, wearing a two-piece bathing suit,’ the ACLU wrote.

The lawsuit also claims the demand that the parents agree to place their girls in an education program violates the parents’ Fourteenth Amendment rights to direct the upbringing of their own children.

When lawyers for the parents asked for a copy of the photos that would be used to charge their children, Skumanick reportedly refused on grounds that he would be committing a crime by sharing child porn.

Skumanick still insists the images are child porn under the state law, which makes it a felony to possess or distribute images depicting a minor engaged in a sex act or the ‘lewd’ depiction of genitalia or nudity that is meant to arouse or titillate.

‘Just depicting nudity could be considered a sex act,’ he told Threat Level.

He said the photo of Miller and Kelly ‘at least constitutes open lewdness’ — which is a misdemeanor in the state — and the picture of ‘Jane Doe’ standing outside the shower ‘frankly is child porn under the statute.’ He said school administrators confiscated other pictures that showed even more nudity.

Witold Walczak, legal director for the ACLU of Pennsylvania, disagreed with Skumanick’s definition of child porn.

‘It’s not just pictures of kids that may show a little bit of flesh. It’s either got to depict sexual activity or it’s got to be some lascivious display,’ he said. ‘If you’ve just got kids standing upright outside a shower, that’s not lascivious. … If anyone needs to understand this, it’s prosecutors who have this heavy hammer they can bring down on people.’

Walczak said that ’sexting’ is a problem that parents and educators need to address. But felony charges aren’t the answer.

‘Teens are stupid and impulsive and clueless,’ he said. ‘But that doesn’t make them criminals. Child porn charges that land you on an internet registry even if you’re a juvenile? That’s a heck of a way to teach a kid a lesson about not being careless.’

He added that beyond the problem inherent in charging teens for child porn are Fourth Amendment issues related to the school district having searched the phones of his clients and other students to uncover stored images.

He said the ACLU is looking at bringing suit against school administrators either in Tunkhannock or elsewhere to challenge the searches.

This story was updated with comments from Skumanick and the ACLU.

Extent of council spying revealed: “Controversial surveillance powers have been used 10,000 times by councils spying on suspected minor offenders, figures show.”

(Via BBC News.)

Social network sites ‘monitored’: “Social networking sites like Facebook could be monitored by the government under anti-terror plans.”

(Via BBC News.)