Kim Dotcom Goes on Mega-Offense Against U.S. Copyright Case

AUCKLAND, New Zealand — Facing extraditon and possibly decades in U..S. prison, Megaupload founder and filesharing kingpin Kim Dotcom is fighting back, internet-style, launching kim.com, in an attempt to foment a protest movement on his behalf.

Dotcom, currently on bail in New Zealand, argues the “the U.S. government has declared war on the internet” and is trying to convince the netroots community to vote against President Obama on Nov. 5 if the case isn’t dropped.

Cleverly, Dotcom includes the slogan “SOPA PIPA ACTA MEGA,” trying to make the argument that the case against his site was motivated by the same forces that unsuccessfully tried to pass stringent copyright agreements in the United States and internationally earlier this year, until they were defeated by a groundswell of protest.

But he’s not stopping with just a website. Dotcom also recorded a song and accompanying video called “Mr President,” which is addressed to Obama, asking “Whatever happened to change, Mr. President?” As of publication, the video has over 475,000 views on YouTube.

Dotcom told Wired that he set up the site to “inform about the unreasonable actions and phony charges against Megaupload and its management.”

“It is important for people understand how dangerous the Megaupload case is,” he said, adding that there “is no due process or rule of law, just politically driven aggression and destruction lobbied for by the MPAA.”

According to Dotcom, the FBI picked his business as “an easy target” with the goal being the total destruction of it without a trial.

“Megaupload was a good corporate citizen and we have always cooperated with rights holders and authorities,” Dotcom said. The indictment charges that Megaupload was dedicated to copyright infringement and that the founders knew this and encouraged it in order to increase subscriptions and ad revenue.

But Dotcom says the United States’ case is weak.

“They had good reason to seize every penny and to try and keep me locked up. They can’t win this case simply because there was never any criminality,” Dotcom said.

Dotcom earned a small fortune from Megaupload; he lived in a mansion in New Zealand, paid for a fireworks show in Auckland and had a collection of sports cars that were seized in a January raid on his house. Now all of his assets have been seized, but he says that he is not soliciting donations to pay for the court case. At least, not yet.

“We are still working on unfreezing our own assets in order to pay for our defense. Asking for donations will be our last resort,” Dotcom says.

“The reaction to the site has been overwhelmingly positive,” Dotcom said. “The support we are getting is very important to us. “The number of people following the developments of this case is growing daily. Everyone can see that something is terribly wrong here. It’s easy to fight back when you have so much support and know that you have done nothing wrong. And I would say my confidence is a reflection of the confidence in our legal team. They are looking forward to this battle.”

Asked if the “(c) 2012 All Rights Reserved” notice on the site and the site’s terms of service agreements sections on rights and copyrights could be seen as ironic considering the case against Megaupload, Dotcom replied:

“Lawyers.”

Starting Aug. 1, Dotcom will start a campaign trying to rally 200 million former Megaupload users using their e-mail addresses, according to the site.

Meanwhile, the extradition process for Dotcom and his Megaupload co-defendants Finn Batato, Mathias Ortmann and Bram van der Kolk drags on.

District Court Judge Nevin Dawson has been selected to replace Justice David Harvey, after the latter recused himself from the case following a public remark that could be construed as revealing bias against the United States.

The Megaupload Four face up to 20 years in prison and hundreds of millions of dollars in damages if convicted.

Miracle Battery-Saver App Harvests Email Addresses for Spamming

An issue that many smartphone users have with their phones is that their device battery just does not last long enough; it needs to be recharged. While the battery may last a whole day for some, power users who use their phone more often have to come up with various tricks to get their battery to last a full day. There are many ways to reduce battery use and, of course, there are many apps to help maximize battery performance. These do help—but for many it does not solve the issue.

So what if, one day, you find out about a special app that can reduce battery use by half? Exactly. This is the strategy being used to deceive innocent Android users into installing an app that is supposed to reduce battery use, but in reality does nothing but steal the user's contacts data stored on the device.

Recently, Japanese spam email has been circulating attempting to lure users into clicking on a link which downloads and installs a malicious app. The app can exfiltrate personal details stored in the user's contacts data (name, phone number, email address, and more) to an external website. The app performs no actions to save battery power.

This malicious app only requests two permissions when it installs. The developer may have limited the required permissions as much as possible to avoid suspicion. The first permission asks to read the user's contacts data (in order to acquire the personal data) and the second permission asks to access the Internet (in order to upload the personal data).
 

Figure 1. Permission request
 

Once the app is installed and launched, a setup screen appears for a second then a message is displayed stating that the device does not support this app. However, in the background the app steals the user's contacts data.
 

Figure 2. Setup screen
 

Figure 3. Message stating device is not supported
 

The developers of this malicious app are most likely trying to harvest email addresses so that spam can be sent to them as well. By tracing the spam message back to the sender, we can confirm that these criminals are also operating various social networking and dating sites already notorious for sending spam, and they own many domain names associated with well-known brands. All these components together will likely be used in various ways to scam users.

Symantec detects this malicious app as Android.Ackposts. We have recently observed several other malicious apps—variously detected by Symantec as Android.Dougalek, Android.Uranico, and FindandCall—that attempt to steal a user's contacts data. Spam and Android malware continue to threaten users, so stick with well known and trusted app markets and be wary when installing apps that require read access to your contacts data.

Nearly 5 Million People Have Government Security Clearances

Illustraton: ahhh/flickr

The number of U.S. government employees and contractors holding security clearances jumped to 4.86 million last year from 4.7 million the year prior, according to the 2011 Report on Security Clearance Determinations, which the Director of National Intelligence has forwarded to Congress.

That’s about a 3 percent gain over the year prior, the first year statistics became available. In other words, another 160,000 people were removed from the category of: “If we told you we’d have to kill you.”

The figures, obtained by Secrecy News, are required to be published to Congress as a result of the Intelligence Reauthorization Act of 2010. The data count those cleared for confidential, secret and top secret records.

The report (.pdf) also indicated that the numbers could have been higher. The Central Intelligence Agency denied a security clearance to 5.3 percent of the people who applied. At the National Security Agency, the number was 8 percent. The Federal Bureau of Investigation reported less than a 1 percent denial rate.

Thousands of pending security cases remain stalled. That’s because many of the linguists and specialists the intelligence community most wants “often have significant foreign associations that may take additional time to investigate and adjudicate,” according the report.

The accounting method to determine clearance numbers was not perfect, the report added. In fact, they “are likely to include some duplicate entries, despite ongoing efforts to eliminate duplicative clearance information,” the report said. “Creating a single repository to house all national security determinations is not currently feasible given the sensitivity of certain clearance information and the need for non-IC (Intelligence Community) agencies to have a repository to report determinations.”

In other words: The roster of people who are allowed to know secrets is itself so secret, it’s impossible to even assemble a single, decent list.

Russia’s Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals

Eugene Kaspersky, Soviet officer turned software tycoon.
Photo: Stephen Voss

It’s early February in Cancun, Mexico. A group of 60 or so financial analysts, reporters, diplomats, and cybersecurity specialists shake off the previous night’s tequila and file into a ballroom at the Ritz-Carlton hotel. At the front of the room, a giant screen shows a globe targeted by crosshairs. Cancun is in the center of the bull’s-eye.

A ruddy-faced, unshaven man bounds onstage. Wearing a wrinkled white polo shirt with a pair of red sunglasses perched on his head, he looks more like a beach bum who’s lost his way than a business executive. In fact, he’s one of Russia’s richest men—the CEO of what is arguably the most important Internet security company in the world. His name is Eugene Kaspersky, and he paid for almost everyone in the audience to come here. “Buenos dias,” he says in a throaty Russian accent, as he apologizes for missing the previous night’s boozy activities. Over the past 72 hours, Kaspersky explains, he flew from Mexico to Germany and back to take part in another conference. “Kissinger, McCain, presidents, government ministers” were all there, he says. “I have panel. Left of me, minister of defense of Italy. Right of me, former head of CIA. I’m like, ‘Whoa, colleagues.’”

He’s bragging to be sure, but Kaspersky may be selling himself short. The Italian defense minister isn’t going to determine whether criminals or governments get their hands on your data. Kaspersky and his company, Kaspersky Lab, very well might. Between 2009 and 2010, according to Forbes, retail sales of Kaspersky antivirus software increased 177 percent, reaching almost 4.5 million a year—nearly as much as its rivals Symantec and McAfee combined. Worldwide, 50 million people are now members of the Kaspersky Security Network, sending data to the company’s Moscow headquarters every time they download an application to their desktop. Microsoft, Cisco, and Juniper Networks all embed Kaspersky code in their products—effectively giving the company 300 million users. When it comes to keeping computers free from infection, Kaspersky Lab is on its way to becoming an industry leader.

But this still doesn’t fully capture Kaspersky’s influence. Back in 2010, a researcher now working for Kaspersky discovered Stuxnet, the US-Israeli worm that wrecked nearly a thousand Iranian centrifuges and became the world’s first openly acknowledged cyberweapon. In May of this year, Kaspersky’s elite antihackers exposed a second weaponized computer program, which they dubbed Flame. It was subsequently revealed to be another US-Israeli operation aimed at Iran. In other words, Kaspersky Lab isn’t just an antivirus company; it’s also a leader in uncovering cyber-espionage.

Serving at the pinnacle of such an organization would be a remarkably powerful position for any man. But Kaspersky’s rise is particularly notable—and to some, downright troubling—given his KGB-sponsored training, his tenure as a Soviet intelligence officer, his alliance with Vladimir Putin’s regime, and his deep and ongoing relationship with Russia’s Federal Security Service, or FSB. Of course, none of this history is ever mentioned in Cancun.

What is mentioned is Kaspersky’s vision for the future of Internet security—which by Western standards can seem extreme. It includes requiring strictly monitored digital passports for some online activities and enabling government regulation of social networks to thwart protest movements. “It’s too much freedom there,” Kaspersky says, referring to sites like Facebook. “Freedom is good. But the bad guys—they can abuse this freedom to manipulate public opinion.”

These are not exactly comforting words from a man who is responsible for the security of so many of our PCs, tablets, and smartphones. But that is the paradox of Eugene Kaspersky: a close associate of the autocratic Putin regime who is charged with safeguarding the data of millions of Americans; a supposedly-retired intelligence officer who is busy today revealing the covert activities of other nations; a vital presence in the open and free Internet who doesn’t want us to be too free. It’s an enigmatic profile that’s on the rise as Kaspersky’s influence grows.