Archive for September, 2013

Shabaab Plot to Attack London Planned to be ‘Similar to…Mumbai’

A document found after Somali troops killed Fazul Abdullah Mohammed, al Qaeda’s former leader in East Africa and a senior Shabaab commander, details a plot to conduct multiple Mumbai-like attacks that target civilians in London. The plot highlights how al Qaeda and Shabaab seek to strike civilian targets outside Somalia, and foreshadowed Shabaab’s attack on the Eastgate Mall in Kenya this week.

The document and several others found in Fazul’s possession after he was killed by Somali troops at a checkpoint in Mogadishu in June 2011 were obtained by the Toronto Star. A copy of the document was also obtained by The Long War Journal. The Canadian newspaper reported that “dozens of documents, Internet frame grabs and media reports in English, Arabic, Somali and Swahili, along with more than 50 video clips” were also found in Fazul’s car.

Google Alters Search Algorithm to Handle More Complex Queries

Google on Thursday announced one of the biggest changes ever to its search engine, a rewriting of its algorithm to handle more complex queries that affects 90 percent of all searches.

The change represents a new approach to search for Google and required the biggest changes to the company’s search algorithm since 2000. Now, the world’s most popular search engine will focus more on trying to understand the meanings of things and the relationships among them, as opposed to the company’s original strategy of matching keywords.

The company made the changes, executives said, because Google users are asking increasingly long and complex questions and they are searching Google more often on mobile phones with voice search.

Google’s Gmail Keyword Scanning Might Violate Wiretap Law, Judge Finds

A federal judge today found that Google may have breached federal and California wiretapping laws for machine-scanning Gmail messages as part of its business model to create user profiles and provide targeted advertising.

The decision by U.S. District Judge Lucy Koh was rendered in a proposed class-action alleging Google wiretaps Gmail as part of its business model. Google sought to have the federal case in California dismissed under a section of the Wiretap Act that authorizes email providers to intercept messages if the interception facilitated the message’s delivery or was incidental to the functioning of the service in general.

Are You Looking at An Official Shabaab Twitter Account?

Not long after Shabaab took responsibility for the Westgate mall attack, Twitter shut down the terror group’s official account. Although Twitter has acted against Shabaab’s accounts a couple times in the past, it had never done so while the jihadist group was live-tweeting one of its attacks.

As in the previous instances, Shabaab quickly returned to the social media platform to spew its hate and propaganda. At the same time, copycat accounts emerged, which led to false reporting and a bit of confusion for observers not used to following the al Qaeda affiliate on Twitter.

Google Begs Court to Reconsider Ruling That Wi-Fi Sniffing Is Wiretapping

Google is asking a federal appeals court to reconsider a recent ruling finding Google potentially liable for wiretapping when it secretly intercepted data on open Wi-Fi routers.

The Mountain View-based company said the September 10 decision by the 9th U.S. Circuit Court of Appeals will create “confusion” (.pdf) about which over-the-air signals are protected by the Wiretap Act, including broadcast television.

The case concerns nearly a dozen combined lawsuits seeking damages from Google for eavesdropping on open Wi-Fi networks from its Street View mapping cars. The vehicles, which rolled through neighborhoods around the world, were equipped with Wi-Fi–sniffing hardware to record the names and MAC addresses of routers to improve Google location-specific services. But the cars also gathered snippets of content.

The search giant petitioned the San Francisco-based appeals court to reconsider its decision that allowed the case to proceed at trial — a ruling that upended Google’s defense.

Google claimed it is was legal to intercept data from unencrypted, or non-password-protected Wi-Fi networks. Google said open Wi-Fi networks are “radio communications” like AM/FM radio, citizens’ band and police and fire bands, and are “readily accessible” to the general public and exempt from the Wiretap Act — a position the appeals court rejected.

Shabaab Threatens ‘Big Surprise’ As Siege at Kenyan Mall Continues


As Shabaab fighters continue to hold out inside the Westgate Mall in Kenya for the fourth day after assaulting the upscale shopping center on Saturday, the al Qaeda group’s media arm on Twitter threatened that a “big surprise” was in store for Kenyans. Shabaab released the following statement on Twitter just minutes ago:

The Kenyan govt and FM haven’t the faintest idea of what’s going on inside #Westgate mall. Rest assured, Kenyans are in for a big surprise!

The group did not detail the nature of the “big surprise” (or it wouldn’t be a surprise), but previous tweets over the past few hours indicate that the members of the assault team are holding their ground, despite claims from Kenyan officials last night that the mall has been secured, and the team still has hostages.

How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSA

In August 2007, a young programmer in Microsoft’s Windows security group stood up to give a five-minute turbo talk at the annual Crypto conference in Santa Barbara.

It was a Tuesday evening, part of the conference’s traditional rump session, when a hodge-podge of short talks are presented outside of the conference’s main lineup. To draw attendees away from the wine and beer that competed for their attention at that hour, presenters sometimes tried to sex up their talks with provocative titles like “Does Bob Go to Prison?” or “How to Steal Cars – A Practical Attack on KeeLoq” or “The Only Rump Session Talk With Pamela Anderson.”

Dan Shumow and his Microsoft colleague Niels Ferguson titled theirs, provocatively, “On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng.” It was a title only a crypto geek would love or get.

Jihadist Media Unit Urges Fighters to Strike Egyptian Army

The Ibn Taymiyyah Media Center (ITMC), a jihadist media unit tied to the Mujahideen Shura Council in the Environs of Jerusalem, yesterday called for jihadists to strike the Egyptian army.

In the communique, translated by the SITE Intelligence Group, the jihadist media group claimed that Egyptian soldiers recently committed a “massacre” in the Sheikh Zuweid area. The ITMC appeared to be referencing an incident from Sept. 13 that, according to the jihadist group Ansar Jerusalem (Ansar Bayt al Maqdis), resulted in the deaths of seven civilians, including four children.

The statement further denounced efforts by Egyptian security forces to stem the flow of goods and people in and out of Gaza. “[T]he criminal butcher Abdel Fattah el Sisi” has increased the siege on Gaza, the statement charged.

The ITMC statement also criticized the Muslim Brotherhood. “He [Mohammed Morsi] gave no indications, neither he nor the Brotherhood, that they wish to establish an Islamic State where the rule is for Allah,” the ITMC said.

Seven Principles for Big Data and Resilience Projects

The following is a draft “Code of Conduct” that seeks to provide guidance on best practices for resilience building projects that leverage Big Data and Advanced Computing. These seven core principles serve to guide data projects to ensure they are socially just, encourage local wealth- & skill-creation, require informed consent, and be maintainable over long timeframes. This document is a work in progress, so we very much welcome feedback. Our aim is not to enforce these principles on others but rather to hold ourselves accountable and in the process encourage others to do the same. Initial versions of this draft were written during the 2013 PopTech & Rockefeller Foundation workshop in Bellagio, August 2013.

German Hackers Crack iPhone’s New Fingerprint Scanner

Just a few days after Apple unveiled its new iPhone with a fingerprint ID scanner, German researchers say they’ve cracked the scanner using a fake rubber print.

The researchers, with the Chaos Computer Club, posted a video on their website showing members of the group’s biometric team defeating Apple’s Touch ID with a fabricated fingerprint created from a photo of a print.

They photographed the print from a glass surface, laser-printed the fingerprint image on a transparency sheet, then smeared it with latex. A similar method was used in 2002 by researchers in Japan to demonstrate the security weaknesses of fingerprint scanners using a gel fingerprint.

“We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token,” Frank Rieger, spokesperson for the CCC, said on the group’s website.