by Marc Goodman
39 One product, Mobile Spy: Scheck, “Stalkers Exploit Cellphone GPS.”
40 Furious with her plan: Australian Associated Press, “Simon Gittany Jailed for Minimum 18 Years for Murdering Fiancee,” Guardian, Feb. 10, 2014; Timothy Geigner, “Mobile Spyware Use in Domestic Violence Ramps Up,” Wireless News, April 3, 2014.
41 But in some cases, domestic abusers: Scheck, “Stalkers Exploit Cellphone GPS.”
42 Using his wireless carrier’s: Ibid.
43 Today it’s no longer: Quentin Fottrell, “5 Apps for Spying on Your Spouse,” Market Watch, Aug. 25, 2014.
44 To help combat these threats: Scheck, “Stalkers Exploit Cellphone GPS.”
45 “Is a badge on Foursquare”: Cheryl Rodewig, “Geotagging Poses Security Risks,” U.S. Army, news archive, Mar. 7, 2012, www.army.mil.
46 The longitude and latitude: Ibid.
47 Not only can we be tracked: The product can now be found at http://www.trackingkey.com.
48 From Minnesota to New Jersey: For an excellent review of the social and privacy implications of automatic license plate readers, see the American Civil Liberties Union report You Are Being Tracked: How License Plate Readers Are Being Used to Record Americans’ Movements.
49 Private companies such as Digital Recognition Network: Julia Angwin and Jennifer Valentino-Devries, “New Tracking Frontier: Your License Plates,” Wall Street Journal, Sept. 29, 2012.
50 He then used the data: Ibid.
51 In 2009: Kate Crawford, “San Francisco Woman Pulled Out of Car at Gunpoint Because of License Plate Reader Error,” ACLU (blog), May 15, 2014.
52 To date, Euclid has: Quentin Hardy, “Technology Turns to Tracking People Offline,” Bits (blog), New York Times, March 7, 2013; Gene Marks, “Why the Home Depot Breach Is Worse Than You Think,” Forbes, Sept. 22, 2014.
53 The cloud is here to stay: Frederic Lardinois, “Google Announces Massive Price Drops for Its Cloud Computing Services and Storage, Introduces Sustained-Use Discounts,” TechCrunch, March 25, 2014.
54 All the major cloud service providers: Keir Thomas, “Microsoft Cloud Data Breach Heralds Things to Come,” PCWorld, Dec. 23, 2010; Ed Bott, “Dropbox Gets Hacked … Again,” ZDNet, Aug. 1, 2012.
55 In late 2014, hundreds: Daisuke Wakabayashi and Danny Yadron, “Apple Denies iCloud Breach,” Wall Street Journal, Sept. 2, 2014.
56 As a result, the plans: Jaikumar Vijayan, “Classified Data on President’s Helicopter Leaked via P2P, Found on Iranian Computer,” Computerworld, March 2, 2009.
57 In fact, there are more than a hundred: Threat Working Group of the CSIS Commission on Cybersecurity, “Threats Posed by the Internet.”
58 Every single day, the NSA: Dana Priest and William M. Arkin, “A Hidden World, Growing Beyond Control,” Washington Post, July 19, 2010; James Bamford, “The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say),” Wired, March 15, 2012.
59 Given the exponential growth: Dan Nosowitz, “Every Six Hours, the NSA Gathers as Much Data as Is Stored in the Entire Library of Congress,” Popular Science, May 10, 2011.
60 In response, the government: Bamford, “NSA Is Building the Country’s Biggest Spy Center.”
61 NSA’s PRISM program allowed: Timothy B. Lee, “Here’s Everything We Know About PRISM to Date,” Washington Post, June 12, 2013. 120 Snowden also revealed: James Risen and Laura Poitras, “N.S.A. Gathers Data on Social Connections of U.S. Citizens,” New York Times, Sept. 28, 2013.
62 These network graphs: Barton Gellman and Ashkan Soltani, “NSA Collects Millions of E-mail Address Books Globally,” Washington Post, Nov. 1, 2013.
63 Not only did the NSA: Barton Gellman and Ashkan Soltani, “NSA Infiltrates Links to Yahoo, Google Data Centers Worldwide, Snowden Documents Say,” Washington Post, Nov. 1, 2013.
64 Using the same basic techniques: Floor Boon, Steven Derix, and Huib Modderkolk, “NSA Infected 50,000 Computer Networks with Malicious Software,” Nrc.nl, Nov. 23, 2013.
65 The agency even posed as Facebook: Dustin Volz, “The NSA Is Using Facebook to Hack into Your Computer,” National Journal, March 12, 2014.
66 Together, the agencies participated: Spencer Ackerman and James Ball, “Optic Nerve: Millions of Yahoo Webcam Images Intercepted by GCHQ,” Guardian, Feb. 27, 2014.
67 For example, the spy agency: Ashkan Soltani, Rea Peterson, and Barton Gellman, “NSA Uses Google Cookies to Pinpoint Targets for Hacking,” Washington Post, Dec. 10, 2013.
68 According to Snowden, the NSA: James Larson, Jeff Glanz, and Andrew W. Lehren, “Spy Agencies Tap Data Streaming from Phone Apps,” New York Times, Jan. 27, 2014.
69 None—including the app company: Sasha Goldstein, “Angry Birds, Other ‘Leaky’ Cellphone Apps Allow NSA to Collect Massive Amounts of Data: Report,” New York Daily News, Jan. 27, 2014; James Ball, “Angry Birds and ‘Leaky’ Phone Apps Targeted by NSA and GCHQ for User Data,” Guardian, Jan. 28, 2014.
70 Numerous violations were documented: Cyrus Farivar, “LOVEINT: On His First Day of Work, NSA Employee Spied on Ex-Girlfriend,” Ars Technica, Sept. 27, 2013; Siobhan Gorman, “NSA Officers Spy on Love Interests,” Wall Street Journal, Aug. 23, 2013.
71 FinFisher allows domestic intelligence: “FinFisher,” Wikipedia; Vernon Silver, “Cyber Attacks on Activists Traced to FinFisher Spyware of Gamma,” Bloomberg, July 25, 2013.
72 In the uprising: “Syria’s Embattled Dissidents Grapple with Government Hackers, Wiretappers, and Impostors,” Time, June 1, 2011; “Social Media: A Double-Edged Sword in Syria,” Reuters, July 13, 2011.
73 “Dear subscriber”: Andrew E. Kramer, “Ukraine’s Opposition Says Government Stirs Violence,” New York Times, Jan. 21, 2014.
Chapter 8: In Screen We Trust
1 In 2005, the UN’s International Atomic Energy Agency: IAEA Board of Governors, “Implementation of the NPT Safeguards Agreement in the Islamic Republic of Iran,” Sept. 2005.
2 Senior officials: William J. Broad and David E. Sanger, “Report Says Iran Has Data to Make a Nuclear Bomb,” New York Times, Oct. 4, 2009.
3 For political reasons: David E. Sanger, “Obama Ordered Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012.
4 “most significant covert manipulation”: Marc Ambinder, “Did America’s Cyber Attack on Iran Make Us More Vulnerable?,” Atlantic, June 5, 2012.
5 As a result, you do not see: Paul Szoldra, “Blogger Nails a Major Problem with Facebook’s Newsfeed,” Business Insider, Jan. 19, 2014; Jim Tobin, “Facebook Brand Pages Suffer a 44% Decline in Reach since December 1,” Ignite Social Media, December 10, 2013.
6 For as much effort: Anthony Wing Kosner, “Watch Out Twitter and Google+, Facebook’s News Feed Is Getting Smarter and Smarter,” Forbes, April 28, 2014.
7 Google reportedly has: As mentioned by Eli Pariser during his TED Talk, “Beware Online ‘Filter Bubbles,’ ” May 2011; René Pickhardt, “What Are the 57 Signals Google Uses to Filter Search Results?,” May 17, 2011, rene-pickhardt.de.
8 “it will be very hard”: Alex Chitu, “Eric Schmidt on the Future of Search,” Google Operating System, Aug. 16, 2010.
9 Using compelling arguments: For an extensive country-by-country review of global Internet tilting, see the OpenNet Initiative at https://opennet.net/about-filtering.
10 In the United Arab Emirates: “Top 10 Internet-Censored Countries,” USA Today, Feb. 5, 2014.
11 Nearly 90 percent: Amy Gesenhues, “Survey: 90% of Customers Say Buying Decisions Are Influenced by Online Reviews,” Marketingland.com, April 9, 2013; Zendesk, “The Impact of Customer Service on Customer Lifetime Value”; Myles Anderson, “2013 Study: 79% of Consumers Trust Online Reviews as Much as Personal Recommendations,” Search Engine Land, June 26, 2013; Nielsen, Global Trust in Advertising and Brand Messages, April 2012.
12 Michael Luca, “Reviews, Reputation, and Revenue: The Case of Yelp.com.” Harvard Business School Working Paper, No. 12-016, Sept. 2011
.
13 Worse, in September 2014: Bob Egelko, “Yelp Can Manipulate Ratings, Court Rules,” San Francisco Gate, Sept. 4, 2014.
14 One company: Eric Spitznage, “ ‘Operation Clean Turf’ and the War on Fake Yelp Reviews,” Bloomberg Businessweek, Sept. 25, 2013.
15 Considering the world’s: Rebecca Grant, “Facebook Has No Idea How Many Fake Accounts It Has—but It Could Be Nearly 140M,” VentureBeat, Feb. 3, 2014.
16 Want 4,000 followers: Nick Bilton, “Friends, and Influence, for Sale Online,” Bits (blog), New York Times, April 20, 2014.
17 No problem: John Koetsier, “Facebook’s War on Zombie Fans Just Started with a Boom,” VentureBeat, Sept. 26, 2012.
18 Rihanna and Shakira: Ibid.
19 According to the Federal Trade Commission: Mandi Woodruff, “There Could Be Something Wrong with 42 Million Credit Reports,” Business Insider; Federal Trade Commission, Report to Congress, Dec. 2012; Melanie Hicken, “Find Out What Big Data Knows About You (It May Be Very Wrong),” CNNMoney, Sept. 5, 2013. 133 Tens of millions: Rebecca Smith, “One in Ten Electronic Medical Records Contain Errors: Doctors,” Telegraph, July 17, 2010.
20 The hospital staff: “Man Dies During Cancer Drug Trial,” BBC, Sept. 21, 2008.
21 In California: “California Releases 450 ‘Violent and Dangerous’ Criminals After Computer Glitch Sets Them Free,” Daily Mail Online, May 27, 2011.
22 In Britain: “Are You One of the 20,000 People Wrongly Branded a Criminal? Police Blunders Give Thousands Records for Crimes They Have Not Committed,” Daily Mail Online, Dec. 28, 2012.
23 Police data systems: Asher Moses, “Hackers Break Into Police Computer as Sting Backfires,” Sydney Morning Herald, Aug. 18, 2009; “Hacker ‘Steals’ Hertfordshire Police Officers’ Data,” BBC News, Aug. 30, 2012; Sabari Selvan, “Italy’s Police Website Vitrociset.it Hacked by #Antisec,” E Hacking News, July 30, 2011; “Ten Months Later, Memphis Police Dept. First Notifies People of Data Breach?,” Office of Inadequate Security, Feb. 21, 2014; “Montreal Police Database Hacked; Personal Information Posted Online,” Global News, Feb. 19, 2013; IPCC, “Hacking into Police Force Systems,” Learning the Lessons, May 2013; Jeff Goldman, “Honolulu Police Department Hacked,” eSecurity Planet, May 8, 2013.
24 In 2013, the Danish: “Danish Police Driving Licence Database Hacked by a Top Rated Swedish Hacker,” Scandinavia Today, June 6, 2013. 135 “exterminate the rats”: “Philadelphia Police Witness Information Hacked,” Lawofficer.com, accessed Nov. 9, 2013.
25 Once his fingers: “Ex-con Returns to Jail for Hacking Prison Computers,” PCWorld, Nov. 15, 2008.
26 As open and vulnerable: David Schultz, “As Patients’ Records Go Digital, Theft and Hacking Problems Grow,” Kaiser Health News, June 3, 2012; Kim Zetter, “It’s Insanely Easy to Hack Hospital Equipment,” Wired, April 25, 2014; Kelly Jackson Higgins, “Anatomy of an Electronic Health Record Zero-Day,” Dark Reading, Dec. 4, 2013.
27 Forget for the moment: Neal Ungerleider, “Medical Cybercrime: The Next Frontier,” Fast Company, Aug. 15, 2012.
28 In fact, HHS has documented: Nelson Harvey, “Hospital Database Hacked, Patient Info Vulnerable,” Aspen Daily News, March 15, 2014.
29 Worse, if your blood type: “Victim of Botched Transplant Declared Dead,” CNN, Feb. 23, 2003.
30 They allegedly: EMC Corporation, “2013: A Year in Review,” Jan. 2014.
31 Fully automated phishing kits: Ibid.
32 As a result, more than 100 million: Miles Date, “Why We Need to Support DMARC and Fight Phishing,” Deliverability Next, April 2, 2013.
33 Thus for about $130: Cisco, Email Attacks: This Time It’s Personal, June 2011.
34 When Coke’s deputy president: Ben Elgin, Dune Lawrence, and Michael Riley, “Coke Gets Hacked and Doesn’t Tell Anyone,” Bloomberg, Nov. 4, 2012.
35 Coke is not alone: TrendLabs APT Research Team, “Spear-Phishing Email: Most Favored APT Attack Bait,” Trend Micro Incorporated Research Paper, 2012.
36 Highly specialized: Rob Waugh, “New PC Virus Doesn’t Just Steal Your Money—It Creates Fake Online Bank Statements So You Even Don’t Know It’s Gone,” Daily Mail Online, Jan. 6, 2012.
37 Thus, if the thieves: Amy Klein, “Holiday Shopping and Fraud Schemes,” Security Intelligence, Jan. 4, 2012.
38 “one count each of extortion”: Carol Todd, “Arrest of Dutch Man in Amanda Todd Cyberbullying Rekindles Family Anguish,” CBC News, April 28, 2014.
39 Coban’s alleged modus operandi: Associated Press, “Netherlands Arrest in Amanda Todd Webcam Blackmail Case,” Guardian, April 17, 2014.
40 Dozens of other victims: Associated Press, “Dutch Man Arrested in Connection with Suicide of Canadian Teen Amanda Todd,” New York Daily News, April 18, 2014.
41 The jealous woman allegedly copied: Dan Goodin, “Woman Charged with Cyberbullying Teen on Craigslist,” Register, Aug. 18, 2009.
42 The sensational story: Corey Grice and Scott Ard, “Hoax Briefly Shaves $2.5 Billion off Emulex’s Market Cap,” CNET; Jane C. Chesterman, “The Emulex Stock Hoax: Potential Liability for Internet Wire and Bloomberg?,” Journal of Corporation Law 27, no. 1 (Fall 2001).
43 “In a sixteen-minute period”: U.S. Securities and Exchange Commission, “Defendant in Emulex Hoax Sentenced,” Aug. 8, 2001.
44 Exactly the response: Corey Grice, “23-Year-Old Arrested in Emulex Hoax,” CNET, Aug. 31, 2000.
45 Within six days: Alex Berenson, “Guilty Plea Is Set in Internet Hoax Case Involving Emulex,” New York Times, Dec. 29, 2000.
46 The practice involves traders: Lina Saigol, “The Murky World of Traders’ Electronic Chat,” Financial Times, Nov. 11, 2013.
47 Though pump and dump is generally: “FBI Arrests Seven in $140 Million Penny Stock Fraud,” Moneynews, Aug. 14, 2013.
48 That’s what professional traders: Amy Chozick, “Bloomberg Admits Terminal Snooping,” New York Times, May 13, 2013.
49 It was later revealed: Julia La Roche, “Bloomberg Spying Scandal Escalates,” Business Insider, May 10, 2013.
50 Goldman officials complained: Mark DeCambre, “Goldman Outs Bloomberg Snoops,” New York Post, May 10, 2013.
51 One former Bloomberg reporter: Chozick, “Bloomberg Admits Terminal Snooping.”
52 Flash Boys follows Brad Katsuyama: Michael Lewis, “An Adaptation from ‘Flash Boys: A Wall Street Revolt,’ by Michael Lewis,” New York Times, March 31, 2014.
Chapter 9: Mo’ Screens, Mo’ Problems
1 There was just one slight problem: Kelly Jackson Higgins, “ ‘Robin Sage’ Profile Duped Military Intelligence, IT Security Pros,” Dark Reading, July 6, 2010.
2 Sage was the invention: Thomas Ryan, “Getting in Bed with Robin Sage” Provide Security, 2010; Shaun Waterman, “Fictitious Femme Fatale Fooled Cybersecurity,” Washington Times, July 18, 2010.
3 Not only were public figures: Robert McMillan, “Paris Hilton Accused of Voice-Mail Hacking,” InfoWorld, Aug. 25, 2006.
4 Once the bank’s telephone system: Ron Lieber, “Your Voice Mail May Be Even Less Secure Than You Thought,” New York Times, Aug. 19, 2011.
5 Worse, criminals can spoof: Byron Acohido, “Caller ID Spoofing Scams Aim for Bank Accounts,” USA Today, March 15, 2012.
6 In what the Internal Revenue Service: Kathy Kristof, “IRS Warns of Biggest Tax Scam Ever,” MoneyWatch, March 20, 2014.
7 The FBI recorded: Adrianne Jeffries, “Meet ‘Swatting,’ the Dangerous Prank That Could Get Someone Killed,” Verge, April 23, 2013.
8 In some of the cases: Maria Elena Fernandez, “Ashton Kutcher, Miley Cyrus & Others Terrorized in Dangerous ‘Swatting’ Prank,” Daily Beast, Oct. 5, 2012.
9 In fact, swatting is the perfect complement: FBI, “The Crime of ‘Swatting’: Fake 9-1-1 Calls Have Real Consequences,” accessed May 7, 2014.
10 He also swatted a local bank: Alan Duke, “Boy Admits ‘Swatting’ Ashton Kutcher, Justin Bieber,” CNN, March 12, 2013.
11 It is only by a miracl
e: Heidi Fenton, “Swatting-Related Crash,” Mlive.com, April 8, 2014.
12 The baseband handles all: Sebastian Anthony, “The Secret Second Operating System That Could Make Every Mobile Phone Insecure,” ExtremeTech, Nov. 13, 2013.
13 A number of hackers: Ralf Philipp Weinmann, “DeepSec 2010: All Your Baseband Are Belong to Us,” YouTube, http://www.youtube.com/watch?v=fQqv0v14KKY, accessed May 7, 2014.
14 In early 2014, such a security flaw: Paul K., “Replicant Developers Find and Close Samsung Galaxy Backdoor,” Free Software Foundation, March 12, 2014.
15 The FBI has reportedly: Declan McCullagh, “FBI Taps Cell Phone Mic as Eavesdropping Tool,” ZDNet, Dec. 1, 2006.
16 Although his passenger survived: Hard Reg, “Driver Follows Satnav to His Doom,” Register, Oct. 5, 2010.
17 A report: Department of Homeland Security, “National Risk Estimate,” Nov. 9, 2011.
18 “Society may already”: Robert Charette, “Are We Getting Overly Reliant on GPSIntensive Systems?,” IEEE Spectrum, March 9, 2011, available at spectrum.ieee.org.
19 “electronic fritz”: David Hambling, “GPS Chaos: How a $30 Box Can Jam Your Life,” New Scientist, March 6, 2011.
20 The longest GPS attack: “Out of Sight,” Economist, July 27, 2013.
21 For a mere $50: John Brandon, “GPS Jammers Illegal, Dangerous, and Very Easy to Buy,” FoxNews.com, March 17, 2010.
22 For example, in London: “Out of Sight.”
23 He was using: Hambling, “GPS Chaos.” 153 Stung too many times: Charles Arthur, “Car Thieves Using GPS ‘Jammers,’ ” Guardian, Feb. 22, 2010; Matt Warman, “Organised Crime ‘Routinely Jamming GPS,’ ” Telegraph, Feb. 22, 2012; “£6M Lorry Hijackings Gang Face Ten Years,” Express & Star, May 6, 2010.
24 “A ‘multiple agency approach’ ”: “The $30 GPS Jammer That Could Paralyze U.S. Cities,” Week, March 10, 2011.
25 Think of the impact: Jeff Coffed, “The Threat of GPS Jamming,” Exelis, Feb. 2014.
26 In 2013, however, security research: Tom Simonite, “Ship Tracking Hack Makes Tankers Vanish from View,” MIT Technology Review, Oct. 18, 2013.