Microsoft labels US government "cyber criminals""

Microsoft labels US government "cyber criminals""

While we applaud Microsoft's condemnation of the NSA's actions, ClimateViewer News wonders how this new revelation applies to Microsoft's patent to record all Skype conversations.

As mentioned previously, traditional techniques for silently recording telephone communication may not work correctly with VoIP and other network-based communication technology. As used hereafter, the term VoIP is used to refer to standard VoIP as well as any other form of packet-based communication that may be used to transmit audio over a wireless and/or wired network. For example, VoIP may include audio messages transmitted via gaming systems, instant messaging protocols that transmit audio, Skype and Skype-like applications, meeting software, video conferencing software, and the like. United States Patent Application 20110153809

Nonetheless, rejoice in the (apparent) turning of the tides:

By Violet Blue for Zero Day | December 6, 2013 | ZDnet

Summary: Microsoft’s EVP of Legal and Corporate Affairs outlined the company’s new data protection strategy on the basis that the US government is an “advanced persistent threat” — a label used for cyber criminals.

While Microsoft’s recent move to encrypt user data made the most headlines, the reasoning underlying its new data protection strategies classify the US government in the same category as a cyber-criminal group.

Brad Smith, Microsoft’s EVP of Legal and Corporate Affairs, labeled the American government as an “advanced persistent threat” in a December 4 post on The Official Microsoft Blog.

The term advanced persistent threat (APT) refers to an attacker, usually an organized group of malicious attackers, that should be considered harmful and dangerous — and an overall method of attack that plays a “long game.”

Microsoft’s explosive post begins by stating, “Many of our customers have serious concerns about government surveillance of the Internet.”

Smith wrote in Protecting customer data from government snooping:

(...) Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data.

In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry.

If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an “advanced persistent threat,” alongside sophisticated malware and cyber attacks.

While the writing is cautiously couched in terms of “some governments” it’s crystal clear that Microsoft’s “advanced persistent threat” is referring to the ongoing revelations of US government surveillance activities (in leaks by Edward Snowden), and the concerns of Microsoft’s American customers.

Cybersecurity firm Mandiant has tracked security breaches by advanced persistent threats since 2004; in February 2013 Mandiant reported that the most prolific APT in the world was “One of China’s Cyber Espionage Units.”

To see one of America’s biggest companies say it must protect itself from its own government as it would from a group of malfeasant Chinese cyber-spies is a moment for the history books.

But security professionals worldwide may not be quite so surprised.

Not because hackers issued tinfoil bonnets at birth — most security pros and researchers understand that the same APT techniques used by cybercriminals to steal data from businesses and individuals for financial gain are the same used by nation-states.

advanced-persistent-threat-infographic

Microsoft and its Skype product have been named, alleged (and ridiculed) as having some kind of role in this year’s unending, terrifying NSA scandal; namely, that products have been massaged with backdoors to which US government entities have access.

Only Americans need to worry about search warrants and subpoenas — in that exact terminology, as written in Mr. Smith’s text.

The Microsoft legal exec explained,

In light of these allegations, we’ve decided to take immediate and coordinated action in three areas:
  • We are expanding encryption across our services.

  • We are reinforcing legal protections for our customers’ data.

  • We are enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors.

Springboarding from its “persistent threat” categorization, Microsoft then explains its new encryption efforts — putting America’s government and malicious hackers in the same category.

For many years, we’ve used encryption in our products and services to protect our customers from online criminals and hackers. While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on.
In Microsoft legal's official post, it continues to describe legal concerns relevant only for its American users and customers, and what it will now do to reinforce legal protections for its customers' data.

Microsoft said that as part of fighting this advanced threat, it will now fight gag orders “head on.”

In its new Reinforcing Legal Protections initiatives,

(...) we are committed to notifying business and government customers if we receive legal orders related to their data.

Where a gag order attempts to prohibit us from doing this, we will challenge it in court.

We’ve done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data.

And we’ll assert available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country.

And if anyone was still skeptical about whether Microsoft meant the US government when it said the words “advanced persistent threat,” the post concludes:

Ultimately, we’re sensitive to the balances that must be struck when it comes to technology, security and the law. We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution.

We want to ensure that important questions about government access are decided by courts rather than dictated by technological might.

Leaving us all to wonder just what kind of mess we’re in when one of the largest, richest and most visible American companies in the world openly categorizes the US government as an “advanced persistent threat” to both itself, and its customers.

source: zdnet.com
09.041

skype-behaving-badly

When I launch Skype, in comes the hackers. Luckily I have some trapwires (pardon my pun) and I caught this:
(pictured, on November 23, 2013)
https://www.robtex.com/ip/194.165.0.3.html#whois
Today (December 7, 2013) this IP appeared:
https://www.robtex.com/ip/93.114.44.187.html#ip

Both appear to come from the provider “Voxility SRL”
These two Russian IP addresses attempt to “contact” my PC when I launch Skype… Microsoft does not block blacklisted IPs, you are warned. ~ Jim Lee, ClimateViewer News

Here is the Microsoft blog post:

Protecting customer data from government snooping

The following post is from Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft.


Microsoft: We Don’t Provide Emails/Messages to NSA, Gov Denies Data Requests Disclosure

pictured: Brad Smith, EVP Legal and Corporate Affairs. Microsoft: We Don’t Provide Emails/Messages to NSA, Gov Denies Data Requests Disclosure

Many of our customers have serious concerns about government surveillance of the Internet.

We share their concerns. That’s why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data.

Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data. In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry.

If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an “advanced persistent threat,” alongside sophisticated malware and cyber attacks.

In light of these allegations, we’ve decided to take immediate and coordinated action in three areas:

· We are expanding encryption across our services. · We are reinforcing legal protections for our customers’ data. · We are enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors.

Here’s a closer look at what we’re doing:

Expanding Encryption

For many years, we’ve used encryption in our products and services to protect our customers from online criminals and hackers. While we have no direct evidence that customer data has been breached by unauthorized government access, we don’t want to take any chances and are addressing this issue head on. Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services.

This effort will include our major communications, productivity and developer services such as Outlook.com, Office 365, SkyDrive and Windows Azure, and will provide protection across the full lifecycle of customer-created content. More specifically:

· Customer content moving between our customers and Microsoft will be encrypted by default. · All of our key platform, productivity and communications services will encrypt customer content as it moves between our data centers. · We will use best-in-class industry cryptography to protect these channels, including Perfect Forward Secrecy and 2048-bit key lengths. · All of this will be in place by the end of 2014, and much of it is effective immediately. · We also will encrypt customer content that we store. In some cases, such as third-party services developed to run on Windows Azure, we’ll leave the choice to developers, but will offer the tools to allow them to easily protect data. · We’re working with other companies across the industry to ensure that data traveling between services – from one email provider to another, for instance – is protected.

Although this is a significant engineering effort given the large number of services we offer and the hundreds of millions of customers we serve, we’re committed to moving quickly. In fact, many of our services already benefit from strong encryption in all or part of the lifecycle. For example, Office 365 and Outlook.com customer content is already encrypted when traveling between customers and Microsoft, and most Office 365 workloads as well as Windows Azure storage are now encrypted in transit between our data centers. In other areas we’re accelerating plans to provide encryption.

Reinforcing Legal Protections

We also will take new steps to reinforce legal protections for our customers’ data. For example, we are committed to notifying business and government customers if we receive legal orders related to their data. Where a gag order attempts to prohibit us from doing this, we will challenge it in court. We’ve done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data. And we’ll assert available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country.

Except in the most limited circumstances, we believe that government agencies can go directly to business customers or government customers for information or data about one of their employees – just as they did before these customers moved to the cloud – without undermining their investigation or national security. And when those limited circumstances arise, courts should have the opportunity to review the question and issue a decision.

Evidence of Microsoft's vulnerability - Washington Post

Evidence of Microsoft’s vulnerability - Washington Post

Increasing Transparency

Just as we’ve called for governments to become more transparent about these issues, we believe it’s appropriate for us to be more transparent ourselves. We’re therefore taking additional steps to increase transparency by building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors. We will open a network of transparency centers that will provide these customers with even greater ability to assure themselves of the integrity of Microsoft’s products. We’ll open these centers in Europe, the Americas and Asia, and we’ll further expand the range of products included in these programs.

Ultimately, we’re sensitive to the balances that must be struck when it comes to technology, security and the law. We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution. We want to ensure that important questions about government access are decided by courts rather than dictated by technological might. And we’re focused on applying new safeguards worldwide, recognizing the global nature of these issues and challenges. We believe these new steps strike the right balance, advancing for all of us both the security we need and the privacy we deserve.

source: http://blogs.technet.com/b/microsoft_blog/
While we are excited by these claims by Mr. Smith, we doubt they (MS) will do little to stop this: SkypeWebCamHacker Free-Webcam-Hacking-Software tape-your-webcam

See also:

Microsoft May Have Been Targeted Along with Google/Yahoo

November 26, 2013

Be sure to check out our feature, Wiretapped! National Security and the Five Eyes

Broken Links

If any of the links above do not work, copy the URL and paste it into the form below to check the Wayback Machine for an archived version of that webpage.

Jim Lee, ClimateViewer News
Jim Lee
Creator of ClimateViewer News
Follow

“I am forever a Boy Scout, lifetime artist, nocturnal programmer, music is my life, love is my religion, and I am the luckiest husband and father on Earth. I speak for the trees. I have a passion for mapping, magnets, and mysteries.”

About Jim Lee

CLIMATEVIEWER 3D

See pollution, privacy concerns, weather modification & geoengineering experiments, and more. Monitor your world and view satellite imagery in real-time!

View
Map
on
ClimateViewer
3D
's
Globe

We use cookies from third party services (YouTube and Disqus Comments). Read their privacy policies and how you can disable these services by clicking "Privacy Preferences".


Privacy Preferences