US, Britain ‘Spying on Virtual World’: Report

WASHINGTON – US and British intelligence have been spying on the global online gaming world because they fear terrorists could use the hugely popular platform to plot attacks, a report said Monday.

Spies have created characters in the fantasy worlds of Second Life and World of Warcraft to carry out surveillance, recruit informers and collect data, The New York Times said, citing newly disclosed classified documents from fugitive US intelligence leaker Edward Snowden.

The report came as eight leading US-based technology companies called on Washington to overhaul its surveillance laws following months of revelations of online eavesdropping from the former National Security Agency (NSA) contractor.

“Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels,” the Times said.

“The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players,” the report said.

It added: “Because militants often rely on features common to video games — fake identities, voice and text chats, a way to conduct financial transactions — American and British intelligence agencies worried that they might be operating there, according to the papers.”

The report cited a 2008 NSA paper that warned that the virtual games — played by millions of people the world over — allowed intelligence suspects “a way to hide in plain sight.”

The documents do not give any examples of success from the initiative, the report said, adding that experts and former intelligence officials said “that they knew of little evidence that terrorist groups viewed the games as havens to communicate and plot operations.”

The surveillance, which also included Microsoft’s Xbox Live, could raise privacy concerns, noted the newspaper.

Apple, Facebook, Google, Microsoft, Twitter, Yahoo, AOL and LinkedIn meanwhile wrote an open letter to President Barack Obama and the US Congress calling on Washington to lead the way in a worldwide reform of state-sponsored spying.

“We understand that governments have a duty to protect their citizens. But this summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide,” the letter said.

Tags:

• NEWS & INDUSTRY
• Privacy
• Tracking & Law Enforcement

Network security firm Fortinet announced on Monday that it would buy back up to $ 200 million of its stock as part of a share repurchase program expected to run through December 31, 2014.

The timing, number and value of shares repurchased under the program will be determined by Fortinet management at its discretion, with the company being able to repurchase shares from time to time in privately negotiated transactions or in open market transactions, the company said in a statement.

“The implementation of our first share repurchase program reflects Fortinet’s confidence in the long-term strength and strategy of the company, as well as our commitment to returning shareholder value,” said Ken Xie, Fortinet’s Founder, Chairman and CEO. “Though we remain focused on continuing to invest in our business to capitalize on our growth opportunities, at the same time, Fortinet’s financial performance and healthy cash flow generation allows us to be confident and opportunistic in repurchasing shares.”

While the Board of Directors has authorized the share repurchase program, the company is not obliged to repurchase any shares under the authorization, and the program may be suspended, discontinued or modified at any time, for any reason and without notice, the Fortinet said.

Tags:

• NEWS & INDUSTRY
• Management & Strategy

Late last week, Microsoft announced it had struck a blow against the ZeroAccess botnet in a joint operation with law enforcement and technology company A10 Networks.

But while the effort may have started a ten-count, some say the botnet was far from knocked out.

The takedown operation disrupted a botnet that is held responsible for infecting more than two million computers by targeting search results on Google, Bing and Yahoo search engines and costing online advertisers $ 2.7 million a month. The botnet hijacks people’s search engine results and redirects them to sites they had not intended to go to in order to commit click fraud. ZeroAccess relies on a peer-to-peer infrastructure that allows cybercriminals to control it remotely through tens of thousands of different computers.

To combat the situation, Microsoft recently filed a civil suit against the people behind the botnet and received authorization from the U.S. District Court for the Western District of Texas to simultaneously block incoming and outgoing communications between computers located in the U.S. and the 18 identified Internet Protocol (IP) addresses being used to commit fraud. In addition, Microsoft took control of 49 domains associated with ZeroAccess, while A10 Networks provided Microsoft with advanced technology to support the disruptive action.

However, Microsoft’s work comes up short. In a joint blog post, Yacin Nadji, a Ph.D. Candidate at Georgia Institute of Technology, and Damballa Chief Scientist Manos Antonakakis noted that any meaningful action against ZeroAccess must disrupt its peer-to-peer (P2P) communications channel.

“Disabling the click-fraud component is trivially countered by the botmaster by simply pushing an updated binary over the P2P channel with fresh click-fraud configurations,” they noted. “This extensive legal work can be undone in a matter of hours.”

According to a report, the operators did push out a configuration file to infected systems to bring the click fraud network back online, but the within a few hours the servers were back offline.

Fears about click fraud led to the Interactive Advertising Bureau (IAB) recently issuing a set of best practices designed to help publishers, networks and buyers reduce the risk of fraud on the Internet.

“The companies that participate in the digital advertising supply chain have been struggling with how to handle criminal enterprises intent on gaming the system,” said Steve Sullivan, vice president of advertising technology for IAB, in a statement. “These fraudsters are diluting the value of all legitimate inventory while simultaneously diminishing the integrity of the entire digital marketing industry. The introduction of these best practices is a first step in reducing the marketplace repercussions of these illegal activities.”

Tags:

• NEWS & INDUSTRY
• Virus & Malware