April 24, 2024

You are here: Home / Archives for federal bureau of investigation

Holder to Tighten Rules for Obtaining Reporters’ Data

July 12, 2013 by Leave a Comment

The new guidelines, which the official said would take effect almost immediately, would prevent the Federal Bureau of Investigation from portraying a reporter as a co-conspirator in a criminal leak as a way to get around a legal bar on secret search warrants for reporting materials, as an agent did in a recently revealed search warrant affidavit involving a Fox News reporter.

They would also make it harder — though not impossible — for prosecutors to obtain a journalist’s calling records from telephone companies without giving news organizations advance notice, as the department recently did in obtaining a sweeping set of phone records for reporters with The Associated Press. Notifying news organizations in advance would give them a chance to contest the request in court.

“This is as far as the department can go on its own until Congress passes the media shield legislation,” the Justice Department official said, referring to a bill, which the Obama administration backed amid a furor over leak investigations, that would let judges rather than prosecutors be the ultimate decision-makers about subpoenas for journalists’ phone records, among other matters.

Mr. Holder briefed President Obama about the changes at the White House on Friday morning, officials said. Mr. Holder had held a series of meetings with newsroom leaders and lawyers for media companies in recent weeks.

In May, a 2010 affidavit was unsealed that sought a warrant for e-mails from the Google account of James Rosen of Fox News in which he corresponded with a State Department analyst who was suspected of leaking classified information about North Korea. The disclosure touched off a furor among journalists.

Congress, under the Privacy Protection Act, has generally forbidden search warrants for journalists’ work materials, but a federal statute makes an exception to that rule if the reporter is suspected of committing a crime. In the Fox News request, an F.B.I. agent wrote that Mr. Rosen qualified for that exception because he had violated the Espionage Act by seeking secrets to report, including by flattering the analyst and trying to conceal their communications.

No American journalist has ever been prosecuted for gathering and publishing classified information, so the language raised the prospect that the Obama administration — which has brought an unprecedented number of leak cases — was taking its crackdown to a new level. But the administration insisted that it never intended to charge Mr. Rosen.

The revision to the guidelines would essentially forbid prosecutors to use such a tactic to get around the Privacy Protection Act by imposing additional barriers to obtaining a search warrant for a reporter’s records.

The revised policy, the official said, will say that the exception to the Privacy Protection Act may be invoked only when the member of the news media “is the focus of the criminal investigation for conduct going beyond ordinary news-gathering activities.” Search warrants directed at reporters will not be allowed “if the sole purpose is the investigation of a person other than” the reporter.

In addition, the new guidelines will require the attorney general to sign off on any exception to that prohibition. Previously, a deputy assistant attorney general could do so.

The Justice Department also disclosed in May that it had obtained calling records for more than 20 telephone lines of A.P. offices and journalists, including their home phones and cellphones, in connection with an investigation into a leak about a foiled bomb plot in Yemen in 2012.

Article source: http://www.nytimes.com/2013/07/13/us/holder-to-tighten-rules-for-obtaining-reporters-data.html?partner=rss&emc=rss

Filed Under: Media Business Tagged With: , ,

Bits Blog: Investigations Expand in Hacking of A.P. Twitter Feed

April 25, 2013 by Leave a Comment

Three federal agencies are now investigating an incident Tuesday in which hackers hijacked the Twitter account for The Associated Press and momentarily erased $136 billion from the stock market after they posted a fake Tweet reporting that there had been explosions at the White House that injured President Obama.

A group calling itself the Syrian Electronic Army claimed responsibility for the attack on Twitter, but the Federal Bureau of Investigation is investigating who was behind the attack, and the Securities and Exchange Commission and the Commodity Futures Trading Commission are investigating the impact of the attacks on the market.

“We have standard operating procedures whenever there are market developments, and this is no exception,” said John Nester, an S.E.C. spokesman. “These procedures start with getting the facts about what occurred. We do not limit ourselves to looking at the catalyst for an event, but also its repercussions, to determine whether any further inquiries or actions are warranted.”

The A.P.’s account was the fourth prominent Twitter account of a media organization to be hacked in recent months — accounts for CBS, NPR and the BBC have all been hijacked by hackers recently — but the A.P. incident had the most serious impact. Within seconds of the fake A.P. post, the Dow Jones Industrial Average nosedived, dropping 150 points, before recovering five minutes later. High-frequency trading algorithms that are designed to make trades based on certain headlines served as a catalyst.

The C.F.T.C. is now investigating trading in 28 futures contracts that took place over that five-minute period, according to CNBC. A C.F.T.C. spokesman did not immediately return a request for comment but John Chilton, an commissioner with the agency, told CNBC Wednesday that “We need certain rules of the road for technology and that’s particularly true with the advent of social media.”

Mr. Chilton, who referred to high frequency traders as “cheetahs,” noted that there was no “kill switch” in their technology to prevent them from acting on misinformation. “We need to set up basic rules of the road,” Mr. Chilton said. “We should not just accept technology blindly.”

The timing of the A.P. on Twitter comes just two weeks after Bloomberg announced that it would start incorporating Twitter feeds into its financial information terminals. The new feature allows traders to monitor social media buzz and market-moving news from their Bloomberg terminals. Ironically, Bloomberg introduced the service, in part, to prevent the spread of misinformation on Twitter after an erroneous tweet suggested that Syrian President Bashar al-Assad was dead last August, creating a surge in crude oil prices.

The incident Tuesday also raised questions about security on Twitter. Logging on to Twitter requires the same process for a company as for a consumer — just one user name and one password — and security experts say Twitter could do more.

Until now, Twitter has resisted incorporating two-factor authentication, a verification approach that can, for example, send a second, one-time password via text message to users’ mobile phones to keep attackers from hijacking their accounts with a single, stolen password. Microsoft rolled out two-factor authentication last week. Apple added it in March. Both Google and Facebook have offered the service for years.

“It’s a very established baseline,” Mark Risher, co-founder of Impermium, an Internet security start-up that aims to help social networks, said Tuesday. “But there are costs, and user friction is introduced. You could put four deadbolts on your front door, but it’s going to be a pain every time you go to the drugstore. That said, why not offer it? I don’t have a good answer for that.”

Article source: http://bits.blogs.nytimes.com/2013/04/24/investigations-expand-in-hacking-of-a-p-twitter-feed/?partner=rss&emc=rss

Filed Under: Global Business Tagged With: , ,

Trying to Keep Your E-Mails Secret When the C.I.A. Chief Couldn’t

November 17, 2012 by Leave a Comment

In the past, a spymaster might have placed a flower pot with a red flag on his balcony or drawn a mark on page 20 of his mistress’s newspaper. Instead, Mr. Petraeus used Gmail. And he got caught.

Granted, most people don’t have the Federal Bureau of Investigation sifting through their personal e-mails, but privacy experts say people grossly underestimate how transparent their digital communications have become.

“What people don’t realize is that hacking and spying went mainstream a decade ago,” said Dan Kaminsky, an Internet security researcher. “They think hacking is some difficult thing. Meanwhile, everyone is reading everyone else’s e-mails — girlfriends are reading boyfriends’, bosses are reading employees’ — because it’s just so easy to do.”

Face it: no matter what you are trying to hide in your e-mail in-box or text message folder — be it an extramarital affair or company trade secrets — it is possible that someone will find out. If it involves criminal activity or litigation, the odds increase because the government has search and subpoena powers that can be used to get any and all information, whether it is stored on your computer or, as is more likely these days, stored in the cloud. And lawyers for the other side in a lawsuit can get reams of documents in court-sanctioned discovery.

Still determined? Thought so. You certainly are not alone, as there are legitimate reasons that people want to keep private all types of information and communications that are not suspicious (like the contents of your will, for example, or a chronic illness). In that case, here are your best shots at hiding the skeletons in your digital closet.

KNOW YOUR ADVERSARY. Technically speaking, the undoing of Mr. Petraeus was not the extramarital affair, per se, it was that he misunderstood the threat. He and his mistress/biographer, Paula Broadwell, may have thought the threat was their spouses snooping through their e-mails, not the F.B.I. looking through Google’s e-mail servers.

“Understanding the threat is always the most difficult part of security technology,” said Matthew Blaze, an associate professor of computer and information science at the University of Pennsylvania and a security and cryptography specialist. “If they believed the threat to be a government with the ability to get their login records from a service provider, not just their spouse, they might have acted differently.”

To hide their affair from their spouses, the two reportedly limited their digital communications to a shared Gmail account. They did not send e-mails, but saved messages to the draft folder instead, ostensibly to avoid a digital trail. It is unlikely either of their spouses would have seen it.

But neither took necessary steps to hide their computers’ I.P. addresses. According to published accounts of the affair, Ms. Broadwell exposed the subterfuge when she used the same computer to send harassing e-mails to a woman in Florida, Jill Kelley, who sent them to a friend at the F.B.I.

Authorities matched the digital trail from Ms. Kelley’s e-mails — some had been sent via hotel Wi-Fi networks — to hotel guest lists. In crosschecking lists of hotel guests, they arrived at Ms. Broadwell and her computer, which led them to more e-mail accounts, including the one she shared with Mr. Petraeus.

HIDE YOUR LOCATION The two could have masked their I.P. addresses using Tor, a popular privacy tool that allows anonymous Web browsing. They could have also used a virtual private network, which adds a layer of security to public Wi-Fi networks like the one in your hotel room.

By not doing so, Mr. Blaze said, “they made a fairly elementary mistake.” E-mail providers like Google and Yahoo keep login records, which reveal I.P. addresses, for 18 months, during which they can easily be subpoenaed. The Fourth Amendment requires the authorities to get a warrant from a judge to search physical property. Rules governing e-mail searches are far more lax: Under the 1986 Electronic Communications Privacy Act, a warrant is not required for e-mails six months old or older. Even if e-mails are more recent, the federal government needs a search warrant only for “unopened” e-mail, according to the Department of Justice’s manual for electronic searches. The rest requires only a subpoena.

Google reported that United States law enforcement agencies requested data for 16,281 accounts from January to June of this year, and it complied in 90 percent of cases.

GO OFF THE RECORD At bare minimum, choose the “off the record” feature on Google Talk, Google’s instant messaging client, which ensures that nothing typed is saved or searchable in either person’s Gmail account.

Article source: http://www.nytimes.com/2012/11/17/technology/trying-to-keep-your-e-mails-secret-when-the-cia-chief-couldnt.html?partner=rss&emc=rss

Filed Under: Global Business Tagged With: , ,

DealBook: ‘Proud’ JPMorgan Chief Apologizes

June 14, 2012 by Leave a Comment

Jamie Dimon, the chief executive of JPMorgan Chase, arrived to testify before a Senate committee.Daniel Rosenbaum for The New York TimesJamie Dimon, the chief executive of JPMorgan Chase, arrived to testify before a Senate committee.

WASHINGTON — Jamie Dimon, the outspoken chief executive of JPMorgan Chase under scrutiny for a multibillion-dollar trading loss at his firm, apologized for the mishap on Wednesday even as he mounted a fierce defense of his bank.

Testifying at a much-anticipated hearing before the Senate Banking Committee, Mr. Dimon said that he was “proud” of the bank, highlighting the firm’s “fortress” balance sheet and its performance during the financial crisis.

“We’re doing what a bank is supposed to do,” he told a panel of lawmakers, few of whom posed combative questions during the roughly two-hour hearing.

The hearing on Wednesday was the latest chapter of the trading debacle, which has stained the bank’s reputation and prompted wide-ranging inquiries from regulators and the Federal Bureau of Investigation. The concerns have centered on the bank’s chief investment office, which placed a big bet tied to credit derivatives that ultimately soured.

Despite the controversy plaguing the bank, Mr. Dimon on Wednesday seemed to solidify his status as Washington’s favorite banker. Clad in a dark suit and striped tie, he navigated the hearing with relative ease, deflecting tough questions and fielding softball inquiries.

He received a particularly warm welcome from Republican senators, who praised JPMorgan and allowed the chief executive to offer criticisms of forthcoming financial rules. Senator David Vitter, Republican of Louisiana, asked Mr. Dimon about the Volcker Rule, an element of the Dodd-Frank regulatory overhaul meant to clamp down on banks’ trading for their own account. Mr. Vitter asked if there was a version of the Volcker Rule that “makes sense.” Mr. Dimon, who is not a big fan of the extensive regulation, responded, “I thought it was unnecessary when it was added on top of other stuff.”

Some lawmakers used their five-minute question periods to compliment Mr. Dimon and ask his advice on fixing the economy. At one point, Senator Jim DeMint, Republican of South Carolina, said, “I think a lot of us are frustrated bank managers and want to manage your business for you,” before praising JPMorgan for being in better financial shape than the country as a whole.

The roughest greetings for Mr. Dimon came not from legislators but from a chorus of protesters in the chamber, who confronted the chief executive about JPMorgan’s foreclosure policies while having received taxpayer bailout money. The outburst, led by one man who yelled that Mr. Dimon was a “crook,” was quickly quelled.

The line of questioning speaks to Mr. Dimon’s still considerable sway among lawmakers.

In recent years, Mr. Dimon has been a frequent visitor to Washington, as he aims to influence the discussion, particularly around financial regulation. JPMorgan spent more than $7.41 million on lobbying in 2010, which topped the industry, according to the research firm OpenSecrets.org.

Several bank lobbyists also have close ties to the committee. Kate Childress, a lobbyist who joined the bank in 2008, was previously an aide to Charles E. Schumer, the Democratic senator from New York and a member of the banking committee. Steven Patterson, also a JPMorgan lobbyist, used to be a staff director for economic policy for the Senate Banking Committee.

Mr. Dimon “has always been well regarded and had considerable clout,” said Tom Block, a former head of government relations at JPMorgan who has prepped senior executives in the past for Congressional hearings.

On Wednesday, Mr. Dimon seemed to placate some lawmakers instantly with the disclosure that the bank would “likely” seek to recover compensation from executives responsible for the trading loss. Once the bank’s board completes an investigation into what went wrong in the chief investment office, he said, the bank will decide whose paychecks to pursue.

“When the board finishes the review, you can expect we’ll take proper corrective action,” Mr. Dimon said.

While he did not specify executives who could face clawbacks, one potential person is Ina R. Drew, the former head of the chief investment unit. Ms. Drew, who resigned from the bank last month, earned about $14 million last year, making her among the bank’s highest paid employees.

JPMorgan, Mr. Dimon said, has broad authority to recoup pay. The bank, he said, can claw back compensation for “bad judgment” and other missteps. He described the firm’s ability to reclaim such money as “pretty extensive.”

He also disclosed for the first time that the positions, which have since caused at least $3 billion in losses, set off the bank’s own internal risk alarms in March, weeks before Mr. Dimon publicly played down the threat on a conference call with analysts. The revelation raises new questions about Mr. Dimon’s now-infamous statements on the April 13 conference call, when he said that concerns about the trades were a “complete tempest in a teapot.”

“Why were you willing to be so definitive?” asked Senator Tim Johnson, the South Dakota Democrat who leads the banking committee.

Mr. Dimon, striking a brief note of contrition, conceded, “It was dead wrong.”

In his testimony, Mr. Dimon offered support for some elements of Dodd-Frank, saying that the wind-down process for failed firms should be called “bankruptcy for big dumb banks.” He added that the names of fallen institutions “should be buried in disgrace,” calling it “Old Testament justice.”

But the banking chief faced off with some Democratic lawmakers, who seized upon the trading losses to bolster calls for tougher regulation of Wall Street.

One of the sorest points for Mr. Dimon centered on the Volcker Rule. JPMorgan has said that the trades in question were initially meant to serve as a hedge against risk, rather than a source of profit that would arguably be banned by new regulations.

Senator Robert Menendez, Democrat of New Jersey, set off a testy exchange with the banking executive, beginning by asking whether the hedge changed into “Russian roulette.” He sought to use Mr. Dimon’s previous statements against him, saying, “Your bank has been lobbying against the very guarantees that will protect the taxpayer.”

Mr. Dimon responded that JPMorgan had supported some elements of the new regulations, including higher capital reserve requirements.

He challenged another Democratic lawmaker, Senator Jeff Merkley of Oregon, who argued that JPMorgan was saved by the government’s bailout programs in 2008. Mr. Dimon has long argued that his firm took taxpayer money only reluctantly and that the bank would have survived without it.

“I think you are misinformed,” Mr. Dimon told Mr. Merkley. “You’re factually wrong.”

The senator responded, “Let’s agree to disagree.”

Jessica Silver-Greenberg contributed reporting.

Article source: http://dealbook.nytimes.com/2012/06/13/proud-jpmorgan-chief-apologizes/?partner=rss&emc=rss

Filed Under: Global Business Tagged With: , ,

2nd U.S. Loan to Solyndra Said to Have Been Considered

October 6, 2011 by Leave a Comment

Solyndra ceased operations on Aug. 31 after lengthy financial difficulties, and the circumstances of the company’s failure are now being scrutinized by Congress, the Energy Department’s inspector general and the Federal Bureau of Investigation. On Wednesday, House Republicans expanded their investigation and asked the White House for documents related to Solyndra going back to the time of the president’s inauguration.

According to documents provided to Republican investigators, in January 2010, a Solyndra lobbyist e-mailed a White House aide and referred to their conversation about a “phase 2 loan guarantee application” that was “poised to impact jobs creation in 2010 on the order of doubling our Phase 1 jobs.”

Late Tuesday, House Democrats released an e-mail exchange between officials of the Office of Management and Budget on May 24, 2010, that suggested the second application was for $469 million. President Obama visited the factory on the next day, despite growing concerns about the company’s financial problems.

The first loan, which was provided under a loan guarantee program for alternative energy projects passed as part of the 2009 stimulus law, helped the company build a factory in Fremont, Calif., that produced 3,000 temporary construction jobs. Another 1,000 people worked in the plant until it shut down. Solyndra, which bet on an expensive new technology for solar power arrays, could not compete against cheaper panels made using more traditional techniques.

An Energy Department spokesman said on Wednesday that Solyndra’s second loan application did not go far.

“The career staff at the department had only barely begun to do the due diligence that would have been required for a second loan,” said the spokesman, Damon LaVera. “This application would have had to undergo many more months of analysis before being approved, but the department and Solyndra mutually agreed that the application should not receive further consideration” until the first factory was completed.

Solyndra got conditional approval for its first loan in March 2009. In August of that year, an Energy Department official predicted in an internal e-mail that the company would run out of cash in September 2011.

In December 2009, just before the lobbyist’s e-mail about the second loan, a venture capitalist who had put money into Solyndra e-mailed Lawrence H. Summers, then the president’s top economic adviser, to say that a loan guarantee for the company was “good for us,” but that “I can’t imagine it’s a good way for the government to use taxpayer money.”

Article source: http://feeds.nytimes.com/click.phdo?i=ebe71f63813e9bc214a941be2d3ed675

Filed Under: Business News Tagged With: , ,

Man Accused of Stalking via Twitter Claims Free Speech

August 27, 2011 by Leave a Comment

They certainly rattled Alyce Zeoli, a Buddhist leader based in Maryland. Using an ever-changing series of pseudonyms, the authorities say, Mr. Cassidy published thousands of Twitter posts about Ms. Zeoli. Some were weird horror-movie descriptions of what would befall her; others were more along these lines: “Do the world a favor and go kill yourself. P.S. Have a nice day.”

Those relentless tweets landed Mr. Cassidy in jail on charges of online stalking and placed him at the center of an unusual federal case that asks the question: Is posting a public message on Twitter akin to speaking from an old-fashioned soapbox, or can it also be regarded as a means of direct personal communication, like a letter or phone call?

Twitter posts have fueled defamation suits in civil courts worldwide. But this is a criminal case, invoking a somewhat rarely used law on cyberstalking. And it straddles a new, thin line between online communications that can be upsetting — even frightening — and constitutional safeguards on freedom of expression.

Federal authorities say Mr. Cassidy’s Twitter messages caused Ms. Zeoli “substantial emotional distress” and made her fear for her life, so much so that she once did not leave home for 18 months and hired armed guards to protect her residence.

In a complaint filed in federal court in Maryland, the Federal Bureau of Investigation concluded that Mr. Cassidy had published 8,000 Twitter posts, almost all of them about Ms. Zeoli and her Buddhist group, along with similar posts on several blogs.

Mr. Cassidy’s lawyers with the federal public defender’s office argue that even offensive, emotionally distressing speech is protected by the First Amendment when it is conveyed on a public platform like Twitter. Legal scholars say the case is significant because it grapples with what can be said about a person, particularly a public person like a religious leader, versus what can be said to a person.

Eugene Volokh, a law professor at the University of California, Los Angeles, offered an analogy: the difference between harassing telephone calls and ranting from a street-corner pulpit. “When the government restricts speech to one person, the speaker remains free to speak to the public at large,” Mr. Volokh argued.

Certainly Mr. Cassidy’s previous trespasses have not helped him. He has a record of assault, arson and domestic violence. According to the federal complaint, he was also convicted of carrying an unspecified “dangerous weapon” onto a plane in 1993.

But the defense has taken pains to point out that across the Internet, people post things that may cause emotional distress to others: an unkind review of a book on Amazon, even an unvarnished assessment by a college student on RateMyProfessors.com. They point out, moreover, that Mr. Cassidy lived across the country in California and is not accused of getting anywhere close to Ms. Zeoli. He is now in jail in Maryland pending trial.

In support of a defense motion to dismiss the case, the Electronic Frontier Foundation, an advocacy group based in San Francisco, appealed to the court to protect online expression.

“While not all speech is protected by the First Amendment, the idea that the courts must police every inflammatory word spoken online not only chills freedom of speech but is unsupported by decades of First Amendment jurisprudence,” it wrote.

Born in Canarsie, Brooklyn, Ms. Zeoli is considered to be a reincarnated master in the Tibetan Buddhist religious tradition, and is known to her followers as Jetsunma Ahkon Lhamo. She is an avid Twitter user, with 23,000 followers. A representative for Ms. Zeoli said she declined to be interviewed for this article.

According to the F.B.I. and Ms. Zeoli’s lawyer, Mr. Cassidy also claimed to be a reincarnated Buddhist when he joined Ms. Zeoli’s organization, Kunzang Palyul Choling, in 2007. He signed up using a false name and claimed to have had lung cancer, they said. Ms. Zeoli’s organization cared for him and, briefly, even appointed him to its executive team. The relationship soured after they came to doubt his reincarnation credentials and found that his claims of cancer were false. Mr. Cassidy left. Then came the relentless tweets, they said.

“A thousand voices call out to (Victim 1) and she cannot shut off the silent scream,” read one in the summer of 2010, as redacted in the criminal complaint.

“Ya like haiku? Here’s one for ya. Long limb, sharp saw, hard drop,” read another.

Shanlon Wu, a former federal prosecutor who is representing Ms. Zeoli, likened the tweets to “handwritten notes.” Every time Ms. Zeoli blocked the messages, more appeared from a different Twitter account. Ms. Zeoli for some time stopped using Twitter altogether.

“She felt constantly attacked and monitored by these anonymous people, and the attacks went on whether or not she was online,” Mr. Wu said by e-mail.

Twitter, in response to a subpoena, revealed the Internet protocol address of the computer used to post the messages. The authorities found Mr. Cassidy at home in a small Southern California town called Lucerne Valley. Similar rants were posted on blogs that law enforcement authorities say they traced to him. Twitter did not respond to a request for comment.

The case is an example of the many ways in which the law is having to wrestle with behavior on new, rapidly changing modes of communication.

Similar issues have come up in state courts: a boy who hacked into the Facebook account of an acquaintance was charged with felony identity theft, and a student who bombarded a professor with mean e-mail was accused of disturbing the peace.

“Technology creates new ways for people to interact with each other,” said Eric Goldman, a law professor at Santa Clara University in California. “You have to figure out if old law maps to new interactions.”

Twitter is an especially vexing new tool. It prompts ordinary people who use it to create public personas and it can put celebrities, including religious leaders, in direct contact with a large and sometimes unruly following, including some who insist on using pseudonyms.

“How do you cope with them?” Mr. Goldman wondered aloud. “Do you just block them? Or do you make a federal case out of it?”

Article source: http://feeds.nytimes.com/click.phdo?i=bfd1ffdf6febdd5ac80ab3f4c4726cfb

Filed Under: Business News Tagged With: , ,

Hacking of White House E-Mail Affected Diverse Departments

June 4, 2011 by Leave a Comment

WASHINGTON — The computer phishing attack that Google says originated in China was directed, somewhat indiscriminately, at an unknown number of White House staff officials, setting off the Federal Bureau of Investigation inquiry that began this week, according to several administration officials.

It is unclear how many White House staff members — or those of other departments in the executive branch — might have been affected, according to two officials with knowledge of the investigation. But the intended victims ranged across various functions in the White House, and were not limited to those working on national security, economic policy or trade areas that would be of particular interest to the Chinese government.

Administration officials said they had no evidence any confidential information was breached, or even that many people fell for the attack by providing information that would allow a breach of their Gmail accounts.

White House classified systems run on dedicated lines and information on those systems, the officials said, cannot be forwarded to Gmail accounts. But investigators were trying to determine if the attackers believed that some staff members or other officials used their personal e-mail accounts for confidential government communications.

“Right now,” said one senior official, “that’s a theory, not a fact.”

Google disclosed the attack this week and said that it was directed at not only American government officials, but also human right activists, journalists and South Korea’s government. Google tracked the attack to Jinan, China, which is the home to a Chinese military regional command center.

But that does not necessarily mean the attackers were Chinese or related to the government. The Chinese government denied any involvement.

The attack used e-mails that appeared to be tailored to their victims, the better to fool them, a technique known as spear phishing. Recipients were asked to click on a link to a phony Gmail login page that gave the hackers access to their personal accounts.

The attacks come as the United States government considers expanding its use of Web-based software for e-mail, along with word processing, spreadsheets and other kinds of documents. Google is one of the many companies vying for the business with its Apps product, as is Microsoft.

Web based e-mail would be vulnerable to hackers who steal login information through phishing attacks. But Web-based systems are not necessarily any easier to hack than traditional e-mail, which a government agency would usually manage using its own servers, said Larry Ponemon, chairman of the Ponemon Institute, a computer security firm in Traverse City, Mich.

Jay Carney, the White House press secretary, said on Thursday that all White House-related electronic mail was supposed to be conducted on work e-mail accounts to comply with the Presidential Records Act, which governs how those communications are protected and archived. Mr. Carney said there was no evidence that any White House accounts were compromised.

White House employees are permitted to have private e-mail accounts, he said, but cannot use them for work purposes.

Officials at the White House and other agencies often keep two computers in their offices, one for unclassified work and another for classified. Senior officials sometimes have a “secure facility” in their homes, in which computers and telephones are on dedicated lines and communications are encrypted.

Given its size, Google and its Gmail system will always make an attractive target.

Other personal e-mail services, including Yahoo and Microsoft’s Hotmail, have faced similar attacks, according to Trend Micro, a computer security company in Cupertino, Calif. “The types of attacks that are happening against Web mail users aren’t confined to Gmail alone and extend to other e-mail platforms,” said Nart Villeneuve, a senior threat researcher for Trend Micro.

Article source: http://www.nytimes.com/2011/06/04/technology/04hack.html?partner=rss&emc=rss

Filed Under: Global Business Tagged With: , ,

Sony Says PlayStation Hacker Got Personal Data

April 27, 2011 by Leave a Comment

Christopher Miller’s PlayStation Portable game console had been broken for most of two years. So when his parents got him a new one for his 25th birthday on April 18, he was elated — but only briefly.

Last week, Sony’s online network for the PlayStation suffered a catastrophic failure through a hacking attack. And since then, the roughly 77 million gamers worldwide like Mr. Miller who have accounts for the service have been unable to play games with friends through the Internet or to download demos of new games.

Then, on Tuesday, after several days of near silence, Sony said that as a result of the attack, an “unauthorized person” had obtained personal information about account holders, including their names, addresses, e-mail addresses, and PlayStation user names and passwords. Sony warned that other confidential information, including credit card numbers, could have been compromised, warning customers through a statement to “remain vigilant” by monitoring identity theft or other financial loss.

Law-enforcement officials said Tuesday that Sony had reported the breach to the Federal Bureau of Investigation in San Diego, which specializes in computer crime.

The breach comes after an incident earlier this month, when Epsilon, a marketing firm that handles e-mail lists, suffered a security breach that put millions of people’s e-mail addresses at risk. In some instances, customers’ names were also stolen. Last year, an ATT breach exposed the e-mail addresses of at least 100,000 owners of the Apple iPad.

Even before Sony’s disclosure, complaints about the system failure had been mounting on Web sites, including Sony’s own. “It’s ridiculous,” said Mr. Miller, a 3-D animation student from Saline, Mich., in an e-mail.

Other customers — who have come to take the gaming network for granted — said they were astonished by the failure’s duration and its target, Sony, a globally recognized technology company. Some suggested that the incident, already a severe blow to Sony’s reputation, would give its top video game rivals, Microsoft and Nintendo, a leg up in the console wars.

“Sony is pretty much doing everything wrong,” said Carl-Niclas Odenbring of Releasy Customer Management in Sweden, which helps companies manage social media. Mr. Odenbring said his daughter, age 6, misses playing games on her Sony console, but is now playing on an iPad.

“She doesn’t have any direct purchasing power, but her indirect influence in what my wife and I buy is enormous,” he said. “Sony is losing the battle over her.”

Last weekend, after the attack, Sony said it would rebuild the network to make it more secure. The Sony Qriocity service, which is used to stream audio and video to high-end Sony televisions, Sony Blu-ray players and other Web-enabled Sony devices, was also knocked offline.

“It is very unusual for Sony to completely rebuild a system after a security breach, rather than just stopping the bleeding and going back to some kind of restricted network,” said Mark Seiden, a longtime information security consultant. “The fact that two separate networks are involved in this security breach suggests Sony discovered a major underlying problem that already existed.”

It remains unclear who the hackers were. Anonymous, a well-known hacking group that has been blamed for previously attacking the Sony and PlayStation Web sites, denied any responsibility; the group’s Web site stated, “For once we didn’t do it.”

Last Wednesday, Sony began posting sporadic messages that the PlayStation Network was down. In its first detailed statement on the attack, Sony told its customers on Tuesday afternoon that it had discovered that an “illegal and unauthorized intrusion” into the network had taken place between April 17 and 19.

“If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number and expiration date may have been obtained,” Patrick Seybold, senior director for corporate communications at Sony, wrote in a post on the PlayStation Web site and in an e-mail to customers.

Sony representatives declined to give further details.

Sony said it expected to restore some services — but apparently not all — within a week.

Shortly after Sony’s announcement Tuesday, Senator Richard Blumenthal, Democrat of Connecticut, sent a letter to Sony asking why customers had not been notified immediately about the security breach and not told for nearly a week about the extent of the attack. Mr. Blumenthal also cited concerns that many PlayStation users are children.

The letter said Sony should provide PlayStation customers “financial data security services, including free access to credit reporting services.”

One group of gamers who were particularly vociferous were the members of DC Universe Online, an online game. The game has been out of operation since the attack, affecting gamers who have paid for the service for months in advance.

Other customers said they had had trouble connecting to the popular online streaming service Netflix through the PlayStation console.

Daniel McGuire, a PlayStation user in London, in an e-mail criticized Sony’s initial silence. “Most PlayStation users would never cross over to the Xbox,” he said, referring to Microsoft’s rival console, “but this situation is pushing people. If ever Xbox wanted to snatch PlayStation users, this would be the time.”

Article source: http://feeds.nytimes.com/click.phdo?i=29f064b013013db2699cc3ccf2c164d3

Filed Under: Business News Tagged With: , ,