• ncc-banner-902-x-177-june-2017
  • ces_web_banner_toner_news_902x1776
  • 2toner1-2
  • 05 02 2016 429716a-cig-clearchoice-banner-902x177
  • banner-01-26-17b
  • clover-depot-intl-us-ca-email-signature-05-10-2017-902x1772
  • cartridgewebsite-com-big-banner-02-09-07-2016
  • 4toner4
  • mse-big-banner-new-03-17-2016-416716a-tonernews-web-banner-mse-212
  • Print


 user 2006-10-04 at 11:04:00 am Views: 132
  • #16654

    HP scandal sheds light on electronic tracking technologies
    JOSE, Calif. — Hewlett-Packard’s investigation into leaks has put the
    spotlight on electronic tracking technologies that just about anyone
    can use to try to spy on people.HP’s investigators acknowledged in a
    memo that they used an electronic ruse to try to trick CNet’s News.com
    journalist Dawn Kawamoto into revealing her sources for stories that
    included HP’s confidential information.It was just one of a variety of
    electronic information-gathering tactics that have civil libertarians
    concerned about how easy it is to use technology either legally or
    illegally to track someone.HP chief Mark Hurd confirmed that
    investigators used pretexting, or obtaining personal cellphone records
    by pretending to be the cellphone owners. But technology can be used to
    track individuals, obtain their passwords, eavesdrop on their wireless
    networks, or track leaked documents back to certain printers or Word
    documents.”It is disturbing to say the least,” said Katherine Albrecht,
    director of Caspian, a privacy-rights advocacy group and co-author of
    the book “Spy Chips.”"I worry that this is becoming standard operating
    procedure at companies that have problems with whistleblowers,” she

    Tracking reporter
    a memo sent to HP’s top executives by HP ethics chief Kevin Hunsaker,
    HP said it engaged in a “covert intelligence gathering operation” using
    an untraceable Microsoft Hotmail e-mail account to send a “legally
    permissible software-based tracing device in an e-mail attachment sent
    to Kawamoto.”Mike Holston, an outside lawyer hired to investigate the
    matter for HP, acknowledged that HP sent a “tracer” to try to discover
    a journalist’s sources. Hurd said he approved the idea of sending
    misinformation to a journalist, but did not specifically approve the
    use of a tracer.Seth Schoen, a staff technologist at the Electronic
    Frontier Foundation, believes HP planted a “Web bug” — referred to by
    Holston as a tracer — on Kawamoto’s computer. A Web bug is a link to a
    graphic image that feeds intelligence back to the sender when the
    e-mail is opened.The Web bug apparently was sent to Kawamoto in hopes
    that she would forward the bogus e-mail, supposedly from an HP insider
    named Jacob, to her confidential sources. Anyone who received the
    forwarded message would prompt the return message back to HP.From
    there, investigators could determine the identity of Kawamoto’s sources
    through their Internet Protocol addresses, or IP numbers.Kawamoto said
    in an e-mail to the Mercury News, “The tactic was designed to work on
    myself, as well as anyone who received the message and opened the
    attachment.”In the case of Kawamoto, the Web bug apparently didn’t
    work, according to Holston.Richard Smith, a noted privacy advocate and
    CEO of Boston Software Forensics, said Web bugs occupy a single pixel
    on a computer screen and so they are invisible to users.

    Web bug a legal tool
    Web bugs have legitimate uses. When someone opens an e-mail with a
    typical Web bug, it sends a message back to an outside server.The
    server then downloads an image, such as a company logo, into the e-mail
    so that the person can see the image.The newest Web browsers or e-mail
    reader programs have options to prevent Web bugs from working. Often,
    they prompt the user to answer “yes” or “no” on whether they want to
    view the graphic.By and large, the Web bug is a widely used legal tool,
    said Kurt Opsahl, staff attorney at the Electronic Frontier Foundation.
    But Opsahl said under certain situations, the use of a Web bug might be
    considered under California law to be an “unfair business practice” or
    a violation of false advertising laws if HP used the Web bug to spy on
    someone, particularly when it espouses a privacy policy that says it
    doesn’t do such things.”Regardless of whether it is legally defensible,
    on an ethical level, using Web bugs to track a reporter is troubling,”
    said Opsahl.

    Spyware forms
    Web bugs are relatively benign, there are other, definitely illegal,
    forms of “spyware” that can be embedded into computers.Those spyware
    programs, which include “keyloggers” that capture typed characters, can
    be used to discover from afar everything that the target is doing with
    a computer, said Kevin Mitnick, a security consultant who was convicted
    of criminal hacking.While Holston said HP investigators tailed subjects
    and went through their trash, he said no keystrokes were captured and
    no wiretaps were used.Laws prohibit the use of such keylogger programs,
    which are considered the equivalent of wiretaps that require court
    approval before they can be used by law enforcement. But in some
    states, the laws haven’t kept up with technology.In the European Union,
    however, even simple devices such as Web bugs may be illegal, says
    Patrick Peterson, vice president of technology at IronPort Systems, a
    security technology company.One of the newest means of tracking what
    someone does with a computer is to eavesdrop on a Wi-Fi wireless
    network. Such networks typically reach beyond a home’s walls to the
    street, so an investigator in a parked car can watch everything that
    happens on a Wi-Fi network that doesn’t have a secure password.”If I
    was a sleazy investigator, I might do this,” said Smith, the security

    Technology is also useful for tracking leaked documents.
    Word program embeds a serial number in every document, so that document
    can be traced back to a particular version of Word on a particular
    computer. Digital “watermarks” can be invisibly embedded into documents
    as well.Schoen said the Electronic Frontier Foundation is concerned
    about how many models of color laser printers — including those
    manufactured by HP — secretly print an identifying mark on every page
    they print. That mark can be traced to the individual printer, and the
    Secret Service has used this to track counterfeit currency, Schoen
    said.”We are concerned and upset about it and are seeking more
    information on it,” Schoen said.With employees, it takes a matter of
    seconds to search through a CD of phone records that the phone company
    sends to large companies along with monthly bills, said Schoen. Hence,
    it’s easy to search for employees who are talking to reporters without
    authorization.Robert Holmes, a private investigator in Beverly Hills at
    IP Cybercrime.com, said that tracking technologies are often used in
    the workplace, since there is usually no disputing that an employer has
    the right to know what is being done with company-owned computers,
    cellphones, office phones and e-mail.

    Moving toward ubiquity
    the future, civil libertarians fear that tracking will become
    ubiquitous, from the radio frequency identification tags that could
    replace bar codes to more accurate versions of the global positioning
    satellite systems now built into many cellphones.Mitnick said companies
    will likely give themselves “plausible deniability” by doing as HP did:
    outsourcing the investigation to contractors.But in the HP case, the
    consequences of crossing the line and being overly invasive are clear
    as the criticism piles up.Holmes believes HP’s security team used
    clever tricks in their surveillance of directors, employees and
    reporters, but he said that to discuss these tactics openly in internal
    company e-mails was the height of “amateurism.”In an ironic twist, HP
    is a co-sponsor of an award for privacy innovation.