William Plummer, a senior Huawei executive in the United States, said the company had no idea it was an N.S.A. target, adding that in his personal opinion, “The irony is that exactly what they are doing to us is what they have always charged that the Chinese are doing through us.”
via N.S.A. Breached Chinese Servers Seen as Security Threat – NYTimes.com.
A management presentation dating from 2012 explains how the NSA collects information worldwide. In addition, the presentation shows that the intelligence service uses ‘Computer Network Exploitation’ (CNE) in more than 50,000 locations. CNE is the secret infiltration of computer systems achieved by installing malware, malicious software.
via NSA infected 50,000 computer networks with malicious software – nrc.nl.
This article is a bit short on details. It doesn’t say what OSs or exactly how they got malware onto victim machines. The only way to infect a network would be to perhaps get control of its firewall or main router. Since most people use cheap SOHO routers that might not be very difficult to swap out firmware on them that can do all kinds of things unbeknownst to its owner. The article implies that the victim machines are PCs according to this:
One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom. For a number of years the British intelligence service – GCHQ – has been installing this malicious software in the Belgacom network in order to tap their customers’ telephone and data traffic. The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.
MIT claims it’s afraid the release of Swartz’s file will identify the names of MIT people who helped the Secret Service and federal prosecutors pursue felony charges against Swartz for his bulk downloading of academic articles from MIT’s network in 2011.
MIT argues that those people might face threats and harassment if their names become public. But it’s worth noting that names of third parties are already redacted from documents produced under FOIA.
via MIT Moves to Intervene in Release of Aaron Swartz’s Secret Service File | Threat Level | Wired.com.
It’s the latest test of the Computer Fraud and Abuse Act, a 1986 law originally intended to punish hackers who remotely crack defense or banking computers over their 300 baud modems. Changes in technology and a string of amendments have pushed the law into a murky zone where prosecutors have charged people for violating website terms-of-service or an employer’s computer use policies.
via Use a Software Bug to Win Video Poker? That’s a Federal Hacking Case | Threat Level | Wired.com.
Under the relevant section of the CFAA, Kane and Nestor aren’t charged with hacking into the Game King from the outside, but rather with exceeding their otherwise legitimate access “to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”
Over the years, legislatures and the courts progressively have treated the unauthorized movement of data bits over someone else’s chattel into a “trespass” of that chattel–an activity I’ll call “online trespass to chattels.” For example, many states have enacted computer crime laws that restrict unauthorized use of Internet and telecommunications equipment.
via The Computer Fraud and Abuse Act Is a Failed Experiment – Forbes.
As a result, these proposed changes will end the adverse consequences from the online trespass to chattels experiment while letting chattel owners prevent socially disadvantageous online usage of their chattels.