Comments - Modi Government Planted Spyware in Pakistani Prime Minister Imran Khan's Smartphone - PakAlumni Worldwide: The Global Social Network 2024-03-29T15:00:22Zhttp://www.pakalumni.com/profiles/comment/feed?attachedTo=1119293%3ABlogPost%3A401137&xn_auth=noRevealed | Pakistan’s Spy Age…tag:www.pakalumni.com,2023-08-04:1119293:Comment:4258572023-08-04T16:35:51.336ZRiaz Haqhttp://www.pakalumni.com/profile/riazul
<p><span>Revealed | Pakistan’s Spy Agency Buys Israeli Cellphone Hacking Tech</span><br></br><span>Pakistan has no relations with Israel and its passport are ‘valid for all countries except Israel.’ Yet Cellebrite’s tools were sold via Singapore, and are used by the Federal Investigation Agency and national police…</span><br></br><br></br></p>
<p><span>Revealed | Pakistan’s Spy Agency Buys Israeli Cellphone Hacking Tech</span><br/><span>Pakistan has no relations with Israel and its passport are ‘valid for all countries except Israel.’ Yet Cellebrite’s tools were sold via Singapore, and are used by the Federal Investigation Agency and national police</span><br/><br/><span><a href="https://www.haaretz.com/israel-news/security-aviation/2023-08-03/ty-article/.premium/pakistans-spy-agency-buys-israeli-cellphone-hacking-tech/00000189-b608-db5d-a5fd-b62979680000" target="_blank">https://www.haaretz.com/israel-news/security-aviation/2023-08-03/ty-article/.premium/pakistans-spy-agency-buys-israeli-cellphone-hacking-tech/00000189-b608-db5d-a5fd-b62979680000</a></span><br/><br/><span>----------</span><br/><br/><span>A cell phone hacking system produced by the Israeli Cellebrite company has been sold to Pakistan on multiple occasions, Haaretz reported on Thursday.</span><br/><br/><span><a href="https://www.jpost.com/business-and-innovation/tech-and-start-ups/article-753526" target="_blank">https://www.jpost.com/business-and-innovation/tech-and-start-ups/article-753526</a></span><br/><br/><span>Cellebrite produces a system called a Universal Forensics Extraction Device (UFED) which allows law enforcement to access data from password-protected smartphones, drones, SIM cards, SD cards, GPS devices, and more, according to the company's website.</span><br/><br/><span>Cellebrite's Terms and Conditions prohibit "directly or indirectly" using or reselling its systems in a number of sanctioned countries, including Pakistan. But according to Haaretz, international shipment records show that, until at least 2019, Cellebrite Asia-Pacific Pte (a subsidiary of Cellebrite in Singapore) sold products directly to companies in Pakistan and the country's Federal Investigation Agency (FIA).</span><br/><br/><span>Cellebrite responded to the Haaretz article, writing "The company does not sell to Pakistan, directly or indirectly." The company did not explain the documents published in the report.</span><br/><br/><span>A number of Israeli hacking systems have ended up in countries that have been sanctioned or condemned for human rights violations.</span><br/><br/><br/><span>Earlier this year, Haaretz reported that a number of Israeli spyware and surveillance tools had been sold to Bangladesh, including Cellebrite systems.</span><br/><br/><span>Pakistan and Israel do not have official relations</span><br/><span>Pakistan does not have official relations with Israel, although secret talks have reportedly been conducted between the two countries in the past.</span><br/><br/><span>Last year, Pakistani media reported that diplomatic delegations from Pakistan and Indonesia were both in Israel for secret visits.</span></p> India Bought Pegasus as Part…tag:www.pakalumni.com,2022-01-29:1119293:Comment:4063112022-01-29T03:35:31.806ZRiaz Haqhttp://www.pakalumni.com/profile/riazul
<p>India Bought Pegasus as Part of Larger $2 Billion Deal with Israel in 2017, Claims 'NYT' Report<br></br>The media report notes that Pegasus was the 'centrepiece' of a 2017 deal between India and Israel.<br></br><br></br><br></br><a href="https://thewire.in/tech/india-bought-pegasus-israel-nyt-report" target="_blank">https://thewire.in/tech/india-bought-pegasus-israel-nyt-report</a><br></br><br></br><br></br><br></br>New Delhi: India bought controversial spyware tool Pegasus in 2017 as part of a larger arms deal with…</p>
<p>India Bought Pegasus as Part of Larger $2 Billion Deal with Israel in 2017, Claims 'NYT' Report<br/>The media report notes that Pegasus was the 'centrepiece' of a 2017 deal between India and Israel.<br/><br/><br/><a href="https://thewire.in/tech/india-bought-pegasus-israel-nyt-report" target="_blank">https://thewire.in/tech/india-bought-pegasus-israel-nyt-report</a><br/><br/><br/><br/>New Delhi: India bought controversial spyware tool Pegasus in 2017 as part of a larger arms deal with Israel, according to a new report published by The New York Times.<br/><br/>Access to the spyware, which is classified as military-grade software and produced by the NSO Group, was reportedly part of a “package of sophisticated weapons and intelligence gear worth roughly $2 billion” between India and Israel.<br/><br/>NYT’s report, which examines how Israel reaped diplomatic gains around the world from NSO’s Pegasus spyware, details how the US’s Federal Bureau of Investigation bought a version of Pegasus. It also sheds new light on how the software ended up being sold to Poland, India and Hungary.<br/><br/>“The combination of Israel’s search for influence and NSO’s drive for profits has also led to the powerful spying tool ending up in the hands of a new generation of nationalist leaders worldwide. Though the Israeli government’s oversight was meant to prevent the powerful spyware from being used in repressive ways, Pegasus has been sold to Poland, Hungary and India, despite those countries’ questionable records on human rights,” the report noted.<br/><br/>According to the NYT report, India’s access to Pegasus was sealed in 2017. The story claims that “Pegasus and a missile system” were the “centrepieces” of a broader defence package worth $2 billion.<br/><br/><br/><br/>“In July 2017, Narendra Modi, who won office on a platform of Hindu nationalism, became the first Indian prime minister to visit Israel…The Modi visit, however, was notably cordial, complete with a carefully staged moment of him and Prime Minister Netanyahu walking together barefoot on a local beach. They had reason for the warm feelings,” the report notes.<br/><br/>“Their countries had agreed on the sale of a package of sophisticated weapons and intelligence gear worth roughly $2 billion – with Pegasus and a missile system as the centerpieces. Months later, Netanyahu made a rare state visit to India.”<br/><br/><br/><br/>The report provides no further details on the specifics of the deal – or insight into which government department or agency procured it on behalf of the Indian government – but in April 2017, it was widely reported that New Delhi had signed a $2 billion (nearly Rs 12,880 crore) contract with Israel Aerospace Industries for supply of air defence missiles to the Indian Army.<br/><br/>In July 2021, a consortium of international media organisations including The Wire reported on the usage of Pegasus in countries across the world. In India, over 10 cases of Pegasus infection were found through forensic analysis conducted by Amnesty International’s Security Lab.<br/><br/><br/><br/>In 2019, messaging application WhatsApp sued the NSO Group over what it termed as an illegal breach of its software. At the time, the Facebook-owned firm confirmed that it had detected Pegasus targeting on the phones of several Indian activists and journalists.<br/><br/>The Indian government has been largely evasive in its replies with regard to whether it has purchased Pegasus or used it. In August 2021, the defence ministry clearly statedit had no business transaction with the NSO Group, leading to speculation as to whether an agency under the home affairs ministry was a customer.</p>
<p class="comment-timestamp"></p> The Battle for the World’s Mo…tag:www.pakalumni.com,2022-01-29:1119293:Comment:4062132022-01-29T03:32:18.305ZRiaz Haqhttp://www.pakalumni.com/profile/riazul
<p><span>The Battle for the World’s Most Powerful Cyberweapon</span><br></br><br></br><a href="https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html" rel="noopener" target="_blank">https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html</a><br></br><br></br><span>In July 2017, Narendra Modi, who won office on a platform of Hindu nationalism, became the first Indian prime minister to visit Israel. For decades, India had maintained a policy of what it called “commitment to…</span></p>
<p><span>The Battle for the World’s Most Powerful Cyberweapon</span><br/><br/><a href="https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html" target="_blank" rel="noopener">https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html</a><br/><br/><span>In July 2017, Narendra Modi, who won office on a platform of Hindu nationalism, became the first Indian prime minister to visit Israel. For decades, India had maintained a policy of what it called “commitment to the Palestinian cause,” and relations with Israel were frosty. The Modi visit, however, was notably cordial, complete with a carefully staged moment of him and Prime Minister Netanyahu walking together barefoot on a local beach. They had reason for the warm feelings. Their countries had agreed on the sale of a package of sophisticated weapons and intelligence gear worth roughly $2 billion — with Pegasus and a missile system as the centerpieces. Months later, Netanyahu made a rare state visit to India. And in June 2019, India voted in support of Israel at the U.N.’s Economic and Social Council to deny observer status to a Palestinian human rights organization, a first for the nation.</span></p> #US Company Fears Its Windows…tag:www.pakalumni.com,2021-09-18:1119293:Comment:4024362021-09-18T19:03:43.523ZRiaz Haqhttp://www.pakalumni.com/profile/riazul
<p><span>#US Company Fears Its Windows Hacks Helped #India Spy On #China & #Pakistan. #American company’s #tech was abused by #Indian govt, amidst warnings Americans are contributing to a #spyware industry already under fire for being out of control.</span><br></br><span>via @forbes…</span></p>
<p><span>#US Company Fears Its Windows Hacks Helped #India Spy On #China & #Pakistan. #American company’s #tech was abused by #Indian govt, amidst warnings Americans are contributing to a #spyware industry already under fire for being out of control.</span><br/><span>via @forbes <a href="https://www.forbes.com/sites/thomasbrewster/2021/09/17/exodus-american-tech-helped-india-spy-on-china/" target="_blank">https://www.forbes.com/sites/thomasbrewster/2021/09/17/exodus-american-tech-helped-india-spy-on-china/</a></span><br/><br/><span>Little known outside of the cybersecurity and intelligence worlds, over the last ten years, Exodus has made a name for itself with a Time magazine cover story and the leak of a tool that law enforcement used to hack the anonymizing browser Tor to ensnare child predators. It also claims partnerships with the Defense Department’s research agency Darpa and major tech firms like Cisco and Fortinet, a $2.6 billion (2020 sales) cybersecurity outfit. “They’re significant because the size of the market is relatively small, and the skill set required [to find zero days] is in possession of just a few thousand people worldwide at any given time,” says Katie Moussouris, founder of Luta Security and creator of Microsoft’s bug bounty program to reward hackers for vulnerability disclosures.</span><br/><br/><span>Exodus, when asked by Five Eyes countries (an alliance of intelligence-sharing countries that includes the U.S., U.K., Canada, Australia, and New Zealand) or their allies, will provide both information on a zero-day vulnerability and the software required to exploit it. But its main product is akin to a Facebook news feed of software vulnerabilities, sans exploits, for up to $250,000 a year. It’s marketed primarily as a tool for defenders, but customers can do what they want with the information on those Exodus zero days—ones that typically cover the most popular operating systems, from Windows to Google’s Android and Apple’s iOS.</span><br/><br/><br/><span>That feed is what India bought and likely weaponized, says 37-year-old Exodus CEO and cofounder Logan Brown. He tells Forbes that, after an investigation, he believes India handpicked one of the Windows vulnerabilities from the feed—allowing deep access to Microsoft’s operating system—and Indian government personnel or a contractor adapted it for malicious means. India was subsequently cut off from buying new zero-day research from his company in April, says Brown, and it has worked with Microsoft to patch the vulnerabilities. The Indian use of his company’s research was beyond the pale, though Exodus doesn’t limit what customers do with its findings, Brown says, adding, “You can use it offensively if you want, but not if you’re going to be . . . shotgun blasting Pakistan and China. I don't want any part of that.” (The Indian embassy in London hadn’t responded to requests for comment.)</span><br/><br/><span>The company also looked at a second vulnerability Kaspersky had attributed to Moses, another flaw that allowed a hacker to get higher privileges on a Windows computer. It was not linked to any particular espionage campaign, but Brown confirms it was one of his company’s, adding that it would “make sense” that India or one of its contractors had weaponized that vulnerability, too.</span><br/><br/><span>Brown is also now exploring whether or not its code has been leaked or abused by others. Beyond the two zero days already abused, according to Kaspersky, “at least six vulnerabilities” made by Moses have made it out “into the wild” in the last two years. Also according to Kaspersky, another hacking crew known as DarkHotel—believed by some cybersecurity researchers to be sponsored by South Korea—has used Moses’ zero days. South Korea is not a customer of Exodus. “We are pretty sure India leaked some of our research,” Brown says. “We cut them off and haven’t heard anything since then . . . so the assumption is that we were correct.”</span></p> Big #Tech Thought It Had A Bi…tag:www.pakalumni.com,2021-08-21:1119293:Comment:4021062021-08-21T00:12:23.678ZRiaz Haqhttp://www.pakalumni.com/profile/riazul
<p><span>Big #Tech Thought It Had A Billion Users In The Bag. Long viewed as the world’s biggest market for “the next billion users,” #India is fast becoming #SiliconValley’s biggest headache under #Modi's #Hindutva rule. #BJP #SocialMedia <a href="https://www.buzzfeednews.com/article/pranavdixit/big-tech-thought-it-had-a-billion-users-in-the-bag-now-its" target="_blank">https://www.buzzfeednews.com/article/pranavdixit/big-tech-thought-it-had-a-billion-users-in-the-bag-now-its</a> via…</span></p>
<p><span>Big #Tech Thought It Had A Billion Users In The Bag. Long viewed as the world’s biggest market for “the next billion users,” #India is fast becoming #SiliconValley’s biggest headache under #Modi's #Hindutva rule. #BJP #SocialMedia <a href="https://www.buzzfeednews.com/article/pranavdixit/big-tech-thought-it-had-a-billion-users-in-the-bag-now-its" target="_blank">https://www.buzzfeednews.com/article/pranavdixit/big-tech-thought-it-had-a-billion-users-in-the-bag-now-its</a> via @PranavDixit</span><br/><br/><span>When he tweeted a screenshot of the email to his more than 200,000 followers, he wrote “Hail the Modi government!” in Hindi, and almost immediately, the Indian internet exploded. The move to silence him was seen by many as yet another step by India’s increasingly authoritarian government to clamp down on dissent.</span><br/><br/><span>For months, the country’s ruling Bharatiya Janata Party, led by Modi, a nationalist autocrat accused of reshaping India’s secular ethos into a Hindu state, had been hard at work trying to quell an upswell of criticism on social media after a deadly second wave of the pandemic killed thousands and protests from millions of farmers against new agricultural laws rocked the nation. But it wasn’t until the last week of May that things came to a head.</span><br/><br/><span>From May 26, India’s government armed itself with policies that empowered it to crack down on virtually all major digital platforms — social media companies like Twitter, Facebook, YouTube, and Instagram, messaging apps like WhatsApp, streaming services like Netflix and Amazon Prime, and news websites.</span><br/><br/><span>Among the new rules, which were first proposed in February, was one that requires social media platforms and streaming services to hire additional staff to address “grievances” filed by Indians offended by certain content and to employ full-time officers to liaise with law enforcement agencies around the clock. Others required news websites to submit monthly compliance reports and to agree to moderate or remove stories, podcasts, and videos flagged by a government committee. Another mandates that in certain circumstances messaging apps like WhatsApp must allow the government to track who texted whom, effectively breaking encryption.</span><br/><br/><span>The immediate consequences for not complying with these rules can be severe — companies can be slapped with heavy fines, local staffers can be jailed. And the broader consequences could be worse: losing protection from being held liable for content that people post, which could open companies up to all kinds of lawsuits.</span><br/><br/><span>If a streaming platform doesn’t respond or give an explanation that satisfies the complainant, they can appeal to the federal government, which can ultimately compel the platform to censor, edit, or take down the content in question.</span><br/><br/><span>It’s a sea change for Silicon Valley.</span><br/><br/><span>Years ago, seeing a quick path to exponential growth in India’s millions, the US tech industry rushed in, hired thousands of people, poured in billions of dollars, and became inextricably intertwined with the story of a modern, ascendant nation. But as muscular nationalism coursed ever faster through India’s veins, criticism of the powerful became increasingly difficult. Journalists were jailed, activists imprisoned, and the internet, dominated almost entirely by American social media platforms and streaming companies and one of the last remaining spaces for dissent, is now in the crosshairs.</span><br/><br/><span>Tech companies thought they had a billion users in the bag. But the new rules mean they might be forced to make a choice between standing up for democratic values and the rights of their users, and continuing to operate in a market crucial to growth and market dominance.</span><br/><br/><span>“The new rules were a jolt,” Mishi Choudhary, a technology and policy lawyer based in New York, told BuzzFeed News.</span><br/><br/><span>“Suddenly, they turned a wide open internet into one of the most intrusively regulated states and took it in an undemocratic direction.”</span></p> NSA’s Own Hardware Backdoors…tag:www.pakalumni.com,2021-08-15:1119293:Comment:4019612021-08-15T20:16:40.419ZRiaz Haqhttp://www.pakalumni.com/profile/riazul
<p><span>NSA’s Own Hardware Backdoors May Still Be a “Problem from Hell”</span><br></br><span>Revelations that the NSA has compromised hardware for surveillance highlights the vulnerability of computer systems to such attacks.…</span><br></br><br></br></p>
<p><span>NSA’s Own Hardware Backdoors May Still Be a “Problem from Hell”</span><br/><span>Revelations that the NSA has compromised hardware for surveillance highlights the vulnerability of computer systems to such attacks.</span><br/><br/><span><a href="https://www.technologyreview.com/2013/10/08/176195/nsas-own-hardware-backdoors-may-still-be-a-problem-from-hell/" target="_blank">https://www.technologyreview.com/2013/10/08/176195/nsas-own-hardware-backdoors-may-still-be-a-problem-from-hell/</a></span><br/><br/><span>In 2011, General Michael Hayden, who had earlier been director of both the National Security Agency and the Central Intelligence Agency, described the idea of computer hardware with hidden “backdoors” planted by an enemy as “the problem from hell.” ...</span><br/><br/><span>That revelation particularly concerned security experts because Hayden’s assessment is widely held to be true. Compromised hardware is difficult, and often impossible, to detect. Hardware can do things such as access data in ways invisible to the software on a computer, even security software. The possibility that computer hardware in use around the world might be littered with NSA backdoors raises the prospect that other nations’ agencies are doing the same thing, or that groups other than the NSA might find and exploit the NSA’s backdoors. Critics of the NSA say the untraceable nature of hardware flaws, and the potential for building them into many systems, also increases the risk that intelligence agencies that place them will be tempted to exceed legal restrictions on surveillance.</span><br/><br/><span>“Hardware is like a public good because everybody has to rely on it,” says Simha Sethumadhavan, an associate professor at Columbia University who researches ways to detect backdoors in computer chips. “If hardware is compromised in some way, you lose security in a very fundamental way.”</span><br/><br/><span>----</span><br/><span>The Times report says, however, that the NSA inserted backdoors into some encryption chips that businesses and governments use to secure their data, and that the agency worked with an unnamed U.S. manufacturer to add backdoors to computer hardware about to be shipped to an overseas target.</span><br/><br/><span>“There has always been a lot of speculation and hinting about hardware being backdoored,” says Steve Weis, CTO and cofounder of PrivateCore, a startup whose software for cloud servers can offer protection against some kinds of malicious hardware. “This builds the case for that being right.” Weis believes that many companies in the U.S. and elsewhere will now think again about where their hardware comes from, and who has access to it. But scoping out potential problems is not straightforward for many companies, which now put data, software, and hardware in third-party locations to be run by cloud-hosting providers.</span><br/><br/><span>PrivateCore’s software for servers powering cloud services offers some protection against malicious hardware by encrypting data in a system’s RAM, or short-term memory. Data there is not usually encrypted, making RAM a good place for bad hardware attached to a system to covertly copy data and send it back to an attacker.</span><br/><br/><span>Weis says that in internal tests his technology defeated hardware attached to a server that attempted to copy data and send it out over the Internet, and that these results have been validated by rigorous tests commissioned from an outside security firm. However, the protection has its limits. “The one component we trust is an Intel processor,” says Weis. “We can’t really get around that today.”</span><br/><br/><span>Compromised chips are the most covert of backdoors, says Columbia’s Sethumadhavan. There is essentially no way for the buyer of a completed chip to check that it doesn’t have a backdoor, he says, and there are a multitude of ways that a design can be compromised.</span><br/><br/><span>“Making a chip is a global process with hundreds of steps and many different companies involved,” says Sethumadhavan. “Each and every step in the process can be compromised.”</span><br/><br/><span>Chipmakers usually buy third-party IP blocks to integrate into a final design. Slipping extra circuits into one of those outside designs would be the easiest way to backdoor a chip, says Sethumadhavan, because tools don’t exist to screen for them.</span></p> Close the N.S.A.’s Back Doors…tag:www.pakalumni.com,2021-08-15:1119293:Comment:4019602021-08-15T20:04:47.827ZRiaz Haqhttp://www.pakalumni.com/profile/riazul
<p><span>Close the N.S.A.’s Back Doors</span><br></br><br></br><span><a href="https://www.nytimes.com/2013/09/22/opinion/sunday/close-the-nsas-back-doors.html" target="_blank">https://www.nytimes.com/2013/09/22/opinion/sunday/close-the-nsas-back-doors.html</a></span><br></br><br></br><span>In 2006, a federal agency, the National Institute of Standards and Technology, helped build an international encryption system to help countries and industries fend off computer hacking and theft. Unbeknown to the many users…</span></p>
<p><span>Close the N.S.A.’s Back Doors</span><br/><br/><span><a href="https://www.nytimes.com/2013/09/22/opinion/sunday/close-the-nsas-back-doors.html" target="_blank">https://www.nytimes.com/2013/09/22/opinion/sunday/close-the-nsas-back-doors.html</a></span><br/><br/><span>In 2006, a federal agency, the National Institute of Standards and Technology, helped build an international encryption system to help countries and industries fend off computer hacking and theft. Unbeknown to the many users of the system, a different government arm, the National Security Agency, secretly inserted a “back door” into the system that allowed federal spies to crack open any data that was encoded using its technology.</span><br/><br/><span>Documents leaked by Edward Snowden, the former N.S.A. contractor, make clear that the agency has never met an encryption system that it has not tried to penetrate. And it frequently tries to take the easy way out. Because modern cryptography can be so hard to break, even using the brute force of the agency’s powerful supercomputers, the agency prefers to collaborate with big software companies and cipher authors, getting hidden access built right into their systems.</span><br/><br/><span>The New York Times, The Guardian and ProPublica recently reported that the agency now has access to the codes that protect commerce and banking systems, trade secrets and medical records, and everyone’s e-mail and Internet chat messages, including virtual private networks. In some cases, the agency pressured companies to give it access; as The Guardian reported earlier this year, Microsoft provided access to Hotmail, Outlook.com, SkyDrive and Skype. According to some of the Snowden documents given to Der Spiegel, the N.S.A. also has access to the encryption protecting data on iPhones, Android and BlackBerry phones.</span><br/><br/><span>These back doors and special access routes are a terrible idea, another example of the intelligence community’s overreach. Companies and individuals are increasingly putting their most confidential data on cloud storage services, and need to rely on assurances their data will be secure. Knowing that encryption has been deliberately weakened will undermine confidence in these systems and interfere with commerce.</span><br/><br/><span>The back doors also strip away the expectations of privacy that individuals, businesses and governments have in ordinary communications. If back doors are built into systems by the N.S.A., who is to say that other countries’ spy agencies — or hackers, pirates and terrorists — won’t discover and exploit them?</span><br/><br/><span>The government can get a warrant and break into the communications or data of any individual or company suspected of breaking the law. But crippling everyone’s ability to use encryption is going too far, just as the N.S.A. has exceeded its boundaries in collecting everyone’s phone records rather than limiting its focus to actual suspects.</span><br/><br/><span>Representative Rush Holt, Democrat of New Jersey, has introduced a bill that would, among other provisions, bar the government from requiring software makers to insert built-in ways to bypass encryption. It deserves full Congressional support. In the meantime, several Internet companies, including Google and Facebook, are building encryption systems that will be much more difficult for the N.S.A. to penetrate, forced to assure their customers that they are not a secret partner with the dark side of their own government.</span></p> How the NSA bugged Cisco's ro…tag:www.pakalumni.com,2021-08-15:1119293:Comment:4019592021-08-15T19:58:40.068ZRiaz Haqhttp://www.pakalumni.com/profile/riazul
<p>How the NSA bugged Cisco's routers<br></br><br></br><a href="https://www.infoworld.com/article/2608141/snowden--the-nsa-planted-backdoors-in-cisco-products.html" target="_blank">https://www.infoworld.com/article/2608141/snowden--the-nsa-planted-backdoors-in-cisco-products.html</a><br></br><br></br>Much has been made of industrial espionage by China, and the U.S. government has repeatedly warned businesses not to trust technologies purchased from that country. Maybe the Chinese and other governments are the…</p>
<p>How the NSA bugged Cisco's routers<br/><br/><a href="https://www.infoworld.com/article/2608141/snowden--the-nsa-planted-backdoors-in-cisco-products.html" target="_blank">https://www.infoworld.com/article/2608141/snowden--the-nsa-planted-backdoors-in-cisco-products.html</a><br/><br/>Much has been made of industrial espionage by China, and the U.S. government has repeatedly warned businesses not to trust technologies purchased from that country. Maybe the Chinese and other governments are the ones that should be issuing warnings.<br/><br/>"The NSA routinely receives -- or intercepts -- routers, servers, and other computer network devices being exported from the U.S. before they are delivered to the international customers," Greenwald writes. "The agency then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users."<br/><br/>Routers, switches, and servers made by Cisco are booby-trapped with surveillance equipment that intercepts traffic handled by those devices and copies it to the NSA's network, the book states. Greenwald notes that there is no evidence that Cisco or other companies were aware of the program.<br/><br/>"We've stated previously that Cisco does not work with any government to weaken our products for exploitation," a Cisco spokesman told the Wall Street Journal. "We would, of course, be deeply concerned with anything that could damage the integrity of our products or our customers' networks."<br/><br/>Apart from any concerns you might have about privacy, this kind of publicity is very bad for U.S. business. Why would you buy a product that handles sensitive corporate or government data if you thought the device was bugged?</p>
<p class="comment-timestamp"></p> A small #US #software maker a…tag:www.pakalumni.com,2021-08-15:1119293:Comment:4016752021-08-15T19:58:07.529ZRiaz Haqhttp://www.pakalumni.com/profile/riazul
<p><span>A small #US #software maker accuses #China’s #Huawei in a lawsuit of forcing it to build a ‘back door’ into a sensitive surveillance project in #Pakistan . Huawei denies the claim.…</span><br></br><br></br><br></br></p>
<p><span>A small #US #software maker accuses #China’s #Huawei in a lawsuit of forcing it to build a ‘back door’ into a sensitive surveillance project in #Pakistan . Huawei denies the claim.</span><br/><br/><br/><span><a href="https://www.wsj.com/articles/huawei-accused-in-suit-of-installing-data-back-door-in-pakistan-project-11628947988?st=fdedtsl17enzx5z&reflink=article_email_share" target="_blank">https://www.wsj.com/articles/huawei-accused-in-suit-of-installing-data-back-door-in-pakistan-project-11628947988?st=fdedtsl17enzx5z&reflink=article_email_share</a></span><br/><br/><br/><span>Huawei is a leader in safe-cities projects—citywide surveillance systems marketed to governments as crime-fighting tools that often make use of facial-recognition cameras and other high-tech capabilities. The projects have drawn scrutiny from some governments and rights groups, who say they are used to export China’s surveillance practices. Huawei says its projects improve public safety and says it has built safe-cities systems in hundreds of cities around the world.</span><br/><br/><span>Pakistan has signed more agreements for Huawei safe-city projects than any other country, according to research by the Center for Strategic and International Studies.</span><br/><br/><span>BES’s lawsuit says that Huawei’s alleged back door was located in a database that consolidated sensitive information—including national ID card records, foreigner registrations, tax records and criminal records—for law enforcement. The system is called the Data Exchange System, or DES, according to the lawsuit.</span><br/><br/><span>BES says in the suit that after it installed the DES in Lahore, Huawei demanded in 2017 that it install a duplicate DES in the eastern Chinese city of Suzhou that would give Huawei direct access to the data being gathered in Pakistan.</span><br/><br/><span>Before building the Suzhou system, BES says in the suit it asked Huawei to obtain approval from Pakistani authorities.</span><br/><br/><span>“We want to insure that PPIC3 has no objection in transfer of this technology outside of PPIC3 for security reasons,” Mr. Nawaz wrote in an email to Huawei officials attached to the lawsuit. “Please get an approval from PPIC3, in writing, prior to us performing this function.”</span><br/><br/><span>PPIC3 is the acronym for the Pakistani command center that oversees the Lahore project.</span><br/><br/><span>According to the lawsuit, Huawei initially said it wasn’t necessary to get approval for what it called a test and threatened to withhold payments and terminate its agreements with BES if the contractor didn’t build the system.</span><br/><br/><span>Later, the lawsuit says, Huawei told BES it had indeed received Pakistani approval, and BES went ahead with the installation in Suzhou.</span><br/><br/><span>Mr. Nawaz said in an interview that Huawei refused to show evidence of Pakistani approval and that BES installed the alleged back door under duress. The lawsuit alleges that “Huawei-China uses the proprietary DES system as a back door from China into Lahore to gain access, manipulate, and extract sensitive data important to Pakistan’s national security.”</span><br/><br/><br/><span>Adrian Nish, the London-based head of threat intelligence at BAE Systems Applied Intelligence, a unit of BAE Systems PLC, said it isn’t uncommon for a vendor to build a duplicate version of a system in-house for testing while it is under development, but such duplicates shouldn’t be connected to the actual system.</span><br/><br/><span>“Those two systems should not talk to each other,” he said.</span></p> A small #US #software maker a…tag:www.pakalumni.com,2021-08-15:1119293:Comment:4019582021-08-15T19:57:33.862ZRiaz Haqhttp://www.pakalumni.com/profile/riazul
<p><span>A small #US #software maker accuses #China’s #Huawei in a lawsuit of forcing it to build a ‘back door’ into a sensitive surveillance project in #Pakistan . Huawei denies the claim.…</span><br></br><br></br><br></br></p>
<p><span>A small #US #software maker accuses #China’s #Huawei in a lawsuit of forcing it to build a ‘back door’ into a sensitive surveillance project in #Pakistan . Huawei denies the claim.</span><br/><br/><br/><span><a href="https://www.wsj.com/articles/huawei-accused-in-suit-of-installing-data-back-door-in-pakistan-project-11628947988?st=fdedtsl17enzx5z&reflink=article_email_share" target="_blank">https://www.wsj.com/articles/huawei-accused-in-suit-of-installing-data-back-door-in-pakistan-project-11628947988?st=fdedtsl17enzx5z&reflink=article_email_share</a></span><br/><br/><br/><span>A long-running dispute between Huawei Technologies Co. and a small U.S.-based contractor has escalated to U.S. federal court, with the contractor alleging Huawei stole its technology and pressured it to build a “back door” into a sensitive law-enforcement project in Pakistan.</span><br/><br/><span>The contractor, Buena Park, Calif.-based Business Efficiency Solutions LLC, or BES, says in a lawsuit filed Wednesday in California district court that Huawei required it to set up a system in China that gives Huawei access to sensitive information about citizens and government officials from a safe-cities surveillance project in Pakistan’s second-largest city of Lahore.</span><br/><br/><span>Muhammad Kamran Khan, chief operating officer of the Punjab Safe Cities Authority, which oversees the Lahore project, said the authority has begun looking into BES’s allegations.</span><br/><br/><span>“Our team is examining the accusations and sought an explanation from Huawei,” Mr. Khan said in an interview. “We have also put a data security check on Huawei after this issue.”</span><br/><br/><span>“So far, there has been no evidence of any data stealing by Huawei,” he said.</span><br/><br/><span>A Huawei spokeswoman said the company doesn’t comment on ongoing legal cases. But she added, “Huawei respects the intellectual property of others, and there is no evidence Huawei ever implanted any back door in our products.”</span><br/><br/><span>In comments to The Wall Street Journal last September, Huawei acknowledged setting up a separate version of the Lahore system in China, but said it was only a test version that was “physically isolated from the customer’s live network.” This made it “impossible for Huawei to extract data from the customer’s live network.”</span><br/><br/><span>Pakistan’s foreign ministry didn’t respond to requests for comment.</span><br/><br/><span>U.S. officials have long alleged Huawei gear could enable Chinese espionage in the countries that install it. Huawei has repeatedly said its gear is safe and that it would never spy on behalf of any government.</span><br/><br/><span>The allegations in the suit stem from a long-running legal dispute between the companies. Huawei hired BES to provide software and other services to help it win the rights to build Lahore’s safe-city project in 2016. It eventually beat out Western competitors including Motorola Solutions and Nokia Corp. with its bid of $150 million, according to the suit, in which BES is represented by lawyers from Akin Gump Strauss Hauer & Feld LLP.</span><br/><br/><span>The relationship soured, and Huawei sued BES in Pakistan, where BES also sued Huawei. Those proceedings are ongoing. BES is no longer operational and has no revenue.</span></p>