NSA’s “secret weapon” spies on every personal computer

The National Security Agency has figured out how to hide spying software deep within hard drives, allowing them to monitor and eavesdrop on the majority of the world’s computers – even when they are not connected to the internet.

The Moscow-based security software maker Kaspersky Lab said it has found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria….

The NSA began infecting computers in 2001 claims Kaspersky….

What’s more, even the makers of these hard drives are unaware that these spying programs have been installed, with the NSA obtaining their source codes by going so far as to pose as software developers according to former intelligence operatives, or telling the companies the government must do a security audit to make sure their source code is safe.

According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on…

The disclosure could hurt the NSA’s surveillance abilities, already damaged by massive leaks by former contractor Edward Snowden. Snowden’s revelations have upset some U.S. allies and slowed the sales of U.S. technology products abroad.

The exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China, which is already drafting regulations that would require most bank technology suppliers to proffer copies of their software code for inspection.

Peter Swire, one of five members of U.S. President Barack Obama’s Review Group on Intelligence and Communications Technology, said the Kaspersky report showed that it is essential for the country to consider the possible impact on trade and diplomatic relations before deciding to use its knowledge of software flaws for intelligence gathering.

‘There can be serious negative effects on other U.S. interests,’ Swire said.

Kaspersky’s reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.

Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment….

By Chris Spargo – Dailymail.com –

Biometric Tipping Point: USAA Uses Face, Voice Recognition

USAA is letting its members log in to mobile banking in the blink of an eye — literally.

The San Antonio financial services company has rolled out facial recognition technology across its entire membership base that lets them access its mobile app with a tap of their smartphone camera and a blink when prompted (to prove they’re a live person and not a photo). USAA is also giving members the option of logging in with a spoken phrase.

This makes USAA the first major U.S. financial institution to deploy a full-scale rollout of voice and facial recognition. In an industry that has tried and failed to make biometric identification work for 50 years, USAA’s efforts could be a significant turning point.

One key reason why is the immense popularity of the smartphone. Smartphone cameras let users employ their own hardware to capture their facial characteristics. Device identity also provides assurance that the smartphone belongs to the right customer.

“The ubiquitous adoption of the smartphone has altered the market — you no longer need kiosks or readers, the smartphone is a multifactor edge device” for biometric authentication, said Tom Grissen, CEO of Daon, the Fairfax, Va. software company that developed the biometric technology with USAA (Daon is working on similar projects with several large banks).

Decades of improvements in voice and facial recognition are also helping reduce false negatives and friction — facial recognition takes two seconds. And a growing exasperation with forgotten, lost or stolen passwords may drive people toward face- or voice-based logins.

“Four out of five end customers who have experienced the technology prefer it over a PIN or password,” Grissen said.

By Penny Crosman – American Banker –

ComputerCOP: ‘Internet Safety Software’ Police Agencies Distribute To Families Is Spyware

By Dave Maass – EFF.org –

Police chiefs, sheriffs, and district attorneys have handed out hundreds of thousands of copies of the disc to families for free at schools, libraries, and community events, usually as a part of an “Internet Safety” outreach initiative. The packaging typically features the agency’s official seal and the chief’s portrait, with a signed message warning of the “dark and dangerous off-ramps” of the Internet.

As official as it looks, ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies.

The way ComputerCOP works is neither safe nor secure. It isn’t particularly effective either, except for generating positive PR for the law enforcement agencies distributing it. As security software goes, we observed a product with a keystroke-capturing function, also called a “keylogger,” that could place a family’s personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. That means many versions of ComputerCOP leave children (and their parents, guests, friends, and anyone using the affected computer) exposed to the same predators, identity thieves, and bullies that police claim the software protects against.

 
Continue Reading