US and GB Intelligence possibly caught spying on the EU

Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept.

Regin was found on infected internal computer systems and email servers at Belgacom, a partly state-owned Belgian phone and internet provider, following reports last year that the company was targeted in a top-secret surveillance operation carried out by British spy agency Government Communications Headquarters, industry sources told The Intercept.

The malware, which steals data from infected systems and disguises itself as legitimate Microsoft software, has also been identified on the same European Union computer systems that were targeted for surveillance by the National Security Agency.

Link (The Intercept)

Stupid Patent of the Month: Who Wants to Buy Teamwork From Penn State?

Ever wanted to own the latest in “teamwork” technology? Well, you’re in luck. On December 8, Penn State is holding a large patent auction, and one of the items is U.S. Patent 8,442,839. This patent purports to describe an improved collaborative “decision-making process.” As well as being a good example of a silly patent, this month’s winner highlights concerns with universities trying to monetize their patent portfolio. Why would a university, which presumably has a mission of promoting knowledge and innovation, sell an unsuccessful patent that has no value except to a troll?

Link (EFF)

ON MEDIA OUTLETS THAT CONTINUE TO DESCRIBE UNKNOWN DRONE VICTIMS AS “MILITANTS”

It has been more than two years since The New York Times revealed that “Mr. Obama embraced a disputed method for counting civilian casualties” of his drone strikes which “in effect counts all military-age males in a strike zone as combatants…unless there is explicit intelligence posthumously proving them innocent.” The paper noted that “this counting method may partly explain the official claims of extraordinarily low collateral deaths,” and even quoted CIA officials as deeply “troubled” by this decision: “One called it ‘guilt by association’ that has led to ‘deceptive’ estimates of civilian casualties. ‘It bothers me when they say there were seven guys, so they must all be militants. They count the corpses and they’re not really sure who they are.’”

But what bothered even some intelligence officials at the agency carrying out the strikes seemed of no concern whatsoever to most major media outlets. As I documented days after the Times article, most large western media outlets continued to describe completely unknown victims of U.S. drone attacks as “militants”—even though they (a) had no idea who those victims were or what they had done and (b) were well-aware by that point that the term had been “re-defined” by the Obama administration into Alice in Wonderland-level nonsense.

Link (The Intercept)

EFF, Others Launch New Free Security Certificate Authority To ‘Dramatically Increase Encrypted Internet Traffic’

The EFF and Mozilla along with some others, have teamed up to announce “Let’s Encrypt” which is a new, free, certificate authority that is hoping to dramatically increase encrypted internet traffic when it launches next summer. The effort is being overseen by the Internet Security Research Group, which is the non-profit coalition of folks contributing to this effort. Not only is the effort going to offer free certificates, but also make it much easier to enable encryption.

Link (Techdirt)

Federal Judge: High statutory damages for copyright infringement violate the Eighth Amendment

Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.

-The Eighth Amendment to the US Constitution

 

This Court finds an award of $30,000 for each defendant would be an excessive punishment considering the seriousness of each Defendant’s conduct and the sum of money at issue. Although Plaintiff contends the minimal revenue lost from each Defendant’s single transaction does not account for the extent of damages, this Court is unpersuaded that the remote damages — “downstream revenue” and destroyed plans for a sequel due, in part, to piracy — justify an award of $30,000 per defendant, even in light of the statute’s goal of deterrence. Instead, this Court finds Plaintiff has not made a showing justifying damages in excess of the statutory minimum. Accordingly, the Court, within its “wide latitude” of discretion, grants Plaintiff the minimum statutory award of $750 against D. & B. Barnett, jointly and severally and $750 against each remaining defaulted Defendant in the case.

Link (Fight Copyright Trolls)

The Fed Just Acknowledged Its Too Big To Jail Policy

WASHINGTON — The federal government until recently shielded big banks from criminal prosecution out of concern that convictions may damage the financial system, a top Federal Reserve official said Friday, explicitly acknowledging a policy long denied by the Obama administration.

The admission came during a tense exchange between William Dudley, president of the Federal Reserve Bank of New York, and Sen. Sherrod Brown (D-Ohio) at a Senate Banking Committee hearing meant to explore the cozy relations between federal regulators and the banks they supervise.

Until May, large financial institutions investigated for wrongdoing had dodged criminal prosecution under the Obama administration, despite evidence from federal regulators and prosecutors showing that big banks had, for instance, laundered money for suspected terrorists and drug cartels; manipulated interest rate benchmarks; rigged various commodities markets; mislead investors in mortgage-linked securities; duped homeowners into taking out expensive mortgages; manipulated municipal debt markets; and broke state and federal rules when attempting to seize homes after borrowers fell behind on their payments, a scandal that became known as “robosigning.”

Link (Huffington Post)

FISA Judge To Yahoo: If US Citizens Don’t Know They’re Being Surveilled, There’s No Harm

If this order is enforced and it’s secret, how can you be hurt? The people don’t know that — that they’re being monitored in some way. How can you be harmed by it? I mean, what’s –what’s the — what’s your — what’s the damage to your consumer?

By the same logic, all sorts of secret surveillance would be OK — like watching your neighbor’s wife undress through the window, or placing a hidden camera in the restroom — as long as the surveilled party is never made aware of it. If you don’t know it’s happening, then there’s nothing wrong with it. Right?

Link (Techdirt)