eWorld Translations

Two researchers found a way to take advantage of weaknesses in the mobile telecommunications system that allows to legally spy on people. The exploit works by figuring out the cell phone number of virtually anyone, then tracking their whereabouts and even listening to their voice mail, as reported by CNET news.

First, a target’s cell phone number is obtained from a public database that links names to numbers for caller ID purposes. This can be done by anybody operating a private branch exchange (PBX) through spoofing the outgoing caller ID and then automating phones calls to him- or herself, thereby triggering the system to perform a name lookup.

Generating a phone database of the whole US this way would only take a couple of weeks according to Nick DePetrillo, one of the researchers. His fellow researcher Don Bailey points out that this is not illegal nor is it a breach of terms of service.

Once the number has been identified, it is then matched with a geographic location using the Home Location Register (HLR) of the SS7 (Signal System) public switched network which logs the whereabouts of numbers so networks can hand calls off to one another.

This allows for tracking of cell phone users along their routes.

To make matters worse, some providers, such as T-Mobile, are also vulnerable to voice mail spoofing and as a result effectively let perpetrators listen to the victims’ messages.

In addition this enables someone to map a social web of people, their cellular numbers, the content and context of their voice mail and also relationships to others.

Given that this affects not just individual users but also corporations and government agency that have been assigned large blocks of numbers, it might be time to review your security policies to assess and mitigate the impact this might have on you and/or your business.

For assistance in reviewing your security policies as well as assessing and/or mitigating your risk profile, contact us today.

Wired reports that  FBI agents who were targeting alleged criminal spammers last year obtained a warrant for a suspect’s Google Docs account. This might be the first publicly acknowledged search warrant that benefited from a suspect’s reliance on cloud computing.

As the article indicates, “Privacy advocates have long warned that law enforcement agencies can access sensitive files stored on services like Google Docs with greater ease than files stored on a target’s hard drive. In particular, the 1986 Stored Communications Act allows the government to access a customer’s data whenever there are ‘reasonable grounds’ to believe the information would be relevant in a criminal investigation — a much lower legal standard than the ‘probable cause’ required for a search warrant.”

While in this case the FBI and prosecutors opted for a full-blown search warrant, this incident may serve as a reminder of the intricacies and ramifications involved in choosing a proper platform to conduct your business on.

For help in deciding which platform to choose for conducting your legitimate and legally sound business, as well as for help in assessing the implications of your current setup, contact us today.

CBS News chief investigative correspondent Armen Keteyian reports that almost every one of the 6,000 used copy machines sitting ready at a warehouse in New Jersey to be sold is holding a secret.

This is because almost every digital copier built since 2002 contains a hard drive, just like the one in your PC, to temporarily store images of the documents that are copied, scanned or emailed by the machine.

This includes a treasure trove of information, among them social security numbers, bank records, income tax forms, birth certificates, pay stubs, you name it. If you happen to stumble across a machine used by a police department, you might end up with detailed domestic violence complaints, lists of wanted sex offenders, or lists of targets in a major drug raid.

Hitting “print” on a machine from a New York insurance company produced 300 pages of individual medical records, including blood test results, drug prescriptions and a cancer diagnosis. This might even be construed as a breach of federal privacy law.

Even though manufacturers are offering encryption or security packages for their products that might help to remedy this situation to a certain extent, businesses seem to be reluctant to shell out e.g. $500 to Sharp for a product that automatically erases an image from the hard drive.

But with more and more digital copiers piling up in warehouses, this might be a small price to pay in comparison to the egg in the face that could result from accidental or intentional exposure of such oversights or lapses in judgment.

Let us help you to protect the reputation of your business as well as the confidentiality, integrity and availability of the data you hold in your possession and/or have been entrusted with. Contact us today.

In an extremely significant unanimous ruling, the New Jersey Supreme Court found that Marina Stengart’s former employer, the Loving Care Agency, was wrong in retrieving emails sent by her to her attorney using the company’s computers, even though this was in violation of company policy which clearly defeated the expectation of privacy in this context by indicating that emails “are not to be considered private or personal to any individual employee” and stating  that the company had the right to “review, audit, intercept, access, and disclose all matters on the company’s media systems and services at any time.”

Ms. Stengart had filed a suit against the company in 2008, alleging discrimination based on gender, religion, and national origin, and accessed her personal Yahoo email account over the company’s network to communicate with her attorney.

This ruling overrules an earlier decision by a trial court which had found in favor of the company.

For assistance in reviewing and updating your current policies and procedures, contact us today.

According to Wired Magazine, a California appeals court this week ruled that threatening posts made by readers of a website are not protected free speech. As a result, a case charging the posters with hate crimes and defamation is allowed to proceed.

The only dissenting opinion in this case dealing with fundamental questions about cyberbullying and the fine line between online speech and hate crimes was voiced by Judge Fances Rothschild, indicating that the appellate court ruling “alters the legal landscape to the severe detriment of First Amendment rights.”

At issue are derogatory comments made on a teen’s website,  mocking his perceived sexual orientation and making hostile statements that threatened him with bodily harm, such as “Faggot, I’m going to kill you,” and “I want to rip out your fucking heart and feed it to you.”

Judges Robert Mallano and Jeffrey Johnson, writing for the majority, stated that the messages revealed a harmful intent and were not protected speech. This includes remarks such as “I’ve wanted to kill you. If I ever see you I’m … going to pound your head in with an ice pick.”

For help in reviewing your website’s contents and comments, contact us today.

The Open Door Clinic of Greater Elgin, Illinois (USA), a not-for-profit corporation that treats and consults patients infected with HIV/AIDS, allegedly leaked confidential patient information as the result of installing a peer-to-peer file sharing network application on one of its computer or a computer used by one of its staff for work, according to a class action law suit filed last month.

The suit’s class is comprised of 260 or more people whose personal medical information was leaked; it alleges breach of confidentiality, invasion of privacy and negligence, given that the clinic became aware of the data leak as early as summer 2008, yet, neglected to inform its patients at that time.

Let us help you to avoid similar headaches for you and your organization. Contact us today to arrange for a review and update of your privacy and security products, policies and procedures.

The Electronic Frontier Foundation, represented by he Samuelson Law, Technology, and Public Policy Clinic at the University of California at Berkeley School of Law, has filed suit against six US government agencies, including the Central Intelligence Agency (CIA), the U.S. Department of Defense (DOD) and the U.S. Department of Justice (DOJ), after they failed to respond to Freedom of Information Act (FOIA) requests inquiring about their respective use of social networking sites in both surveillance and investigations.

Reportedly, law enforcement agencies have been utilizing fake profiles in their efforts to trick social networking site users into allowing them to be online friends, which then allowed them to gather additional information from said users’ profiles in cases against them. According to a CNET article, the lawsuit alleges that “government officials have: used Facebook to hunt for fugitives and search for evidence of underage drinking; researched the activities of an activist on Facebook and LinkedIn; watched YouTube to identify riot suspects; searched the home of a social worker because of Twitter messages regarding police actions he sent during the G-20 summit; and used fake identities to trick Facebook users into accepting friend requests.”

Research in Motion (RIM), the BlackBerry manufacturer, has published an update addressing a flaw in the way security certificate mismatches are reported by the BlackBerry that could be exploited to initiate a phishing attack.

Affected are the BlackBerry software versions 4.5 to 4.7, whereas both the Blackberry Desktop and Server software are unaffected.

In mid to late August, the US Department of Homeland Security (DHS) has issued two new directives, CBP Directive No. 3340-049 – “Border Search of Electronic Devices Containing Information” and ICE Directive No. 7-6.1 – “Border Searches of Electronic Devices”, that apply to US Customs and Border Protection (CBP) and US Immigration and Customs Enforcement (ICE), respectively, as reported by the Federal Computer Week and other publications.

They specify the circumstances under which laptop computers and other electronic media can be searched at the border by border and immigration agents.

Please be aware that an officer, subject to various requirements and limitations, may, “with or without individualized suspicion,” examine the electronic device and “review and analyze” the information.

The American Civil Liberties Union (ACLU) considers the new rules to be a good first step but cautions that “the new standards fail to address the fundamental constitutional problems of suspicionless searches that have been occurring at the border.”

Two of the improvements found in the new policies are that a limit has been set on the time that CBP officers can retain the laptop computers and electronic devices they are searching, and that now probable cause is required for the agency to be allowed to keep information gathered from the aforementioned laptops and devices.