Connect with us

Technology

Australian cops, FBI created backdoored chat app, told crims it was secure — then listened to 9,000 users’ plots • The Register

Published

on

The Australian Federal Police (AFP) has revealed it was able to decrypt messages sent on a supposedly secure messaging app that was seeded into the organised crime community and promoted as providing snoop-proof comms.

The app was secretly built by the FBI, allowing law enforcement authorities to tune into conversations between about 9,000 users scattered around Earth.

Results in Australia alone have included over 500 warrants executed, 200-plus arrests, the seizure of AU$45m and 3.7 tonnes of drugs, and the prevention of a credible threat to murder a family of five. Over 4,000 AFP officers were involved in raids overnight, Australian time. Europol and the FBI will detail their use of the app in the coming hours.

The existence of the app — part of Operation Ironside — was revealed at a press conference in Australia today, where AFP commissioner Reece Kershaw detailed that informal beer-based meetings between members of the AFP and the FBI cooked up the idea of creating a backdoored app. The idea built on previous such efforts such as the Phantom Secure platform.

The app, called AN0M, was seeded into the organised crime community. The app could only run on mobile phones that could not make calls or send emails and could only communicate with other AN0M-equipped phones. The app required payment of a monthly fee.

“We were able to see every handset that was handed out and attribute it to individuals,” Kershaw said.

“Criminals needed to know a criminal to get a device,” said the AFP’s announcement of the operation. “The devices organically circulated and grew in popularity among criminals, who were confident of the legitimacy of the app because high-profile organised crime figures vouched for its integrity.”

But the software had a backdoor. Commissioner Kershaw said the organisation he leads “provided a technical capability to decrypt the messages,” and that as a result the force, the FBI, and Europol were able to observe communications among criminals in plain text.

“All they talk about is drugs and violence,” Kershaw said. “There was no attempt to hide behind any kind of codified information.” Intercepts included comments about planned murders and information about where and when speedboats would appear to shift contraband.

Kershaw said the surveillance enabled by the app is legal under the terms of Australia’s Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018. Law enforcement agencies in other jurisdictions also had legal cover for their use of the software.

However, some of those authorities were set to expire. That, and an operational decision to end the operation due to the opportunity to act on intelligence gathered using AN0M, led to today’s disclosures.

AN0M gave us insights we never had before

“The use of encrypted apps represents significant challenges,” Kershaw said. “AN0M gave us insights we never had before.”

The commissioner acknowledged that criminals will now adjust their behaviour as a result of this news, but suggested the AFP is working to develop similar capabilities. “This was a small platform. We know there are bigger ones. We will ensure we have the technology to disrupt criminals.”

FBI International Operations Division legal attaché for Australia, Anthony Russo, offered similar comments, saying “Criminals should be on notice that law enforcement are resolute to continue to evolve our capabilities.”

Kershaw somewhat smugly suggested that organised crime will take a while to bounce back from this operation, as intercepts of AN0M messages and conversations suggest that arrests made before the app was revealed have sparked internecine warfare and revenge plots. ®

Source link

Technology

Big Brother is still watching you and he goes by the name Facebook | John Naughton

Published

on

The security guru Bruce Schneier once famously observed that “surveillance is the business model of the internet”. Like all striking generalisations it was slightly too general: it was strictly true only if by “the internet” you meant the services of a certain number of giant tech companies, notably those of Facebook (including WhatsApp and Instagram), Google (including YouTube), Twitter and Amazon.

The trouble is (and this is what gave Schneier’s aphorism its force) that for a large chunk of networked humanity, especially inhabitants of poorer countries, these walled gardens are indeed what people regard as “the internet”. And that’s no accident. Although Chinese smartphones are pretty cheap everywhere, mobile data tends to be prohibitively expensive in poor countries. So the deal offered by western tech companies is that data charges are low or zero if you access the internet via their apps, but expensive if you venture outside their walled gardens.

Of all the companies, Facebook was the one that first appreciated the potential of this strategy. It offered a way of signing up a billion new users in hitherto underserved parts of the world, thereby reducing the digital divide between the global north and the south. This meant that it could be spun as a philanthropic initiative, initially badged as internet.org and then as Free Basics. The app gave users access to a small selection of websites and services that were stripped of photos and videos and could thus be browsed without paying for mobile data. The rationale was that Free Basics would provide a taster of the internet, which would let people see the value of being connected. Conveniently, though, it also made Facebook the gateway to the internet for these new users. It was the default setting, as it were, in an online world where most people never change defaults and so functioned as a gateway drug for online addiction.

Rather to Facebook’s surprise, Free Basics was not universally welcomed in some of its target territories. The most vocal opposition came in India, the most important market outside of the west, where ungrateful critics perceived it an example of “digital colonialism” and it was eventually blocked by the country’s telecoms regulator on the grounds that it violated the principle of net neutrality by explicitly favouring some kinds of online content while effectively blocking others. Beyond India, however, Free Basics seems to be thriving, being used by “up to 100 million” people in 65 countries, including 28 in Africa.

Last May, Facebook launched a kind of Free Basics 2.0 called Discover. It’s a mobile app that can be used to browse any website using a daily balance of free data from participating mobile network partners. Effectively, it strips out all website content that’s data-intensive (images, video, audio) and displays a pared-down version of the site. “We’re exploring ways to help people stay on the internet more consistently,” explains the Facebook blurb. “Many internet users around the world remain under-connected, regularly dropping off the internet for some period of time when they exhaust their data balance. Discover is designed to help bridge these gaps and keep people connected until they can purchase data again.”

Sounds good, eh? But a recent study by researchers at the University of California, Irvine, on how Discover works in the Philippines (where it has replaced Free Basics) found that not all websites seemed to be stripped for onward viewing. When accessing Facebook through Discover, for example, it wasn’t stripped much – just 4% of images were removed from Instagram, compared with more than 65% of images on other popular sites such as YouTube and e-commerce platform Shopee. The inference was that Discover rendered Facebook’s own services far more functional than those of its competitors. Charged with this, the company blamed a “technical error” that had since been resolved.

Maybe it has, but it might not be wise to trust what Facebook has to say on questions such as this. It’s not that long ago, for example, that it offered its users Onavo Protect, a free virtual private network (VPN) app that would protect their privacy. The company is now being sued by Australia’s competition and consumer commission (ACCC) for using Onavo to allegedly spy on users. “Through Onavo Protect,” said the regulator, “Facebook was collecting and using the very detailed and valuable personal activity data of thousands of Australian consumers for its own commercial purposes, which we believe is completely contrary to the promise of protection, secrecy and privacy that was central to Facebook’s promotion of this app.” Facebook responded that it was “always clear about the information we collect and how it is used”, that it had cooperated with the ACCC’s investigation and that it “will continue to defend” its position in response to the regulator’s filing.

You get the point? Maybe surveillance isn’t the only business model of the internet. Hypocrisy runs it a close second.

What I’ve been reading

Masters and servants
Between Golem and God: The Future of AI is a beautifully structured essay on the 3 Quarks Daily website.

Dressed for all weathers
How clothing and climate change kickstarted agriculture is the thesis of an intriguing Aeon essay by Ian Gilligan, a prehistorian at the University of Sydney.

On the mend
Monopolists Are Winning the Repair Wars is a terrific blog post by Cory Doctorow on the importance of the “right to repair” our own equipment.

Source link

Continue Reading

Technology

Amazon exec’s husband jailed for two years for insider trading. Yes, with Amazon stock • The Register

Published

on

The husband of an Amazon financial executive was sentenced on Thursday to 26 months behind bars for insider trading of the web giant’s stock.

Viky Bohra, 37, of Bothell, Washington, reaped a profit of $1,428,264 between January 2016 and October 2018 by buying and selling Amazon stock using eleven trading accounts managed by himself and his family.

Bohra was able to pocket these big gains because he got copies of Amazon’s confidential financial figures from his wife, Laksha Bohra, who worked as a senior manager in the mega corp’s tax department. Laksha had access to Amazon’s earnings before the numbers were publicly disclosed and reported to the Securities and Exchange Commission. Her husband “obtained” this secret information, despite her being repeatedly warned to not leak the confidential data, and used it to favorably trade in Amazon stock and options.

“This defendant and his wife were earning hundreds of thousands of dollars in salary and bonuses from their jobs in tech – but he was not content with that – greedily scheming to illegally profit by trading Amazon stock,” Acting US Attorney Tessa Gorman, said in a statement.

“This case should stand as a warning to those who try to game the markets with insider trading: there is a heavy price to pay with a felony conviction and prison sentence.”

The FBI began sniffing around, and the Attorney’s Office for the Western District of Washington filed criminal charges [PDF] against Viky in 2020. He pleaded guilty in November to securities fraud. The prosecution had asked the courts for a 33-month sentence.

Separately, he was also charged by the SEC and told to cough up $2,652,899 in disgorgement, interest, and penalties.

“Mr Bohra knew exactly what he was doing and was driven solely by greed,” Donald Voiret, an FBI Special Agent leading the Seattle Field Office, added. “With his nearly unlimited access and knowledge of securities trading, he undermined public trust in our financial markets.”

Laksha Bohra was suspended from her job in 2018 and resigned shortly after, according to a lawsuit filed by the SEC [PDF], and will not face criminal charges as part of Viky’s agreement to plead guilty. ®

Source link

Continue Reading

Technology

Stripe rolls out new tax compliance tool for merchants

Published

on

Stripe Tax automates much of the calculating and collecting of levies like VAT and sales tax for businesses.

Fintech giant Stripe is rolling out a new product to automate businesses’ tax compliance.

Stripe Tax, which was built at the company’s engineering hub in Dublin, helps businesses to automatically calculate and collect sales taxes, VAT and goods and service taxes where they do business.

The product has been rolled out in 30 countries and all US states. Stripe Tax manages the requirements for tax collecting from jurisdiction to jurisdiction. This ensures merchants are in compliance with local tax rules but without the headache of managing it themselves.

According to a 2020 report from Stripe, two-thirds of businesses say that managing tasks like tax compliance inhibits their growth and takes up time that could otherwise be spent on product development.

The matter of tax has become more complex with the mix of physical and digital goods and sales across borders.

Support Silicon Republic

Non-compliance with taxes, even through accidental oversight, can lead to serious sanctions or interest-laden tax bills for businesses.

Stripe Tax calculates taxes due by determining an end customer’s location and products they’re buying. It adapts as changes to tax regimes come into effect and generates reports for businesses on the levies calculated and collected.

“No one leaps out of bed in the morning excited to deal with taxes,” Stripe co-founder John Collison said. “For most businesses, managing tax compliance is a painful distraction. We simplify everything about calculating and collecting sales taxes, VAT and GST, so our users can focus on building their businesses.”

Large companies, including News UK, have started using the product.

“Directly integrating Stripe Tax into our subscriptions platform will save us countless hours, time that can be better spent elsewhere,” Ruan Odendaal, head of subscriptions platform at NewsUK, said.

Stripe has had a very busy 2021 so far. After raising funding at a $95bn valuation, it has been rolling out more services that go beyond the payments processing the company was originally built on, as well as expanding geographically with a focus on the Middle East.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!