Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
The mobile carriers industry trade group, CTIA–The Wireless Association, is objecting to a proposed bill that would require the police to produce a warrant if it wants access to location data on people's mobile phones.
CTIA are calling the legislation "unduly burdensome" to say no to police who arrive without warrants.
The bill in question, California Location Privacy Bill (SB 1434), doesn't stop the carriers from handing over location data, but it does require that police get a warrant first.
The proposed law also states that carriers must publish reports showing the number of disclosures they've made in a given calendar year, including:
how many times each wireless provider disclosed information (and how many times it didn't)how many times the carrier contested data demandshow many users' data were disclosed.
And this report is to published on the internet by the following April.
On April 12, the CTIA wrote [PDF] to the bill's sponsor, State Senator Mark Leno, saying that CTIA opposes the proposed legislation due to "serious concerns":
"These reporting mandates would unduly burden wireless providers and their employees – who are working day and night to assist law enforcement to ensure the public’s safety and to save lives."
... and that the legislation would "confuse" them.
For example, an issue the carriers would find confusing is the definition of "location information." CTIA say that it is "so sweeping" that it could overlap basic subscriber information:
"Since the implications of this definition are unclear, wireless providers will have difficulty figuring out how to respond to requests for such information. It could place providers in the position of requiring warrants for all law enforcement requests."
Ars Technica's Cyrus Farivar, for one, is confused about why the CTIA is confused.
Here's what he had to say:
"Earlier this month, the ACLU said it received over 5,500 pages from 200 local law enforcement agencies about their tracking policies. The organization concluded that 'while cell phone tracking is routine, few agencies consistently obtain warrants.
Importantly, however, some agencies do obtain warrants, showing that law enforcement agencies can protect Americans' privacy while also meeting law enforcement needs.' In short, it seems like law enforcement can stay within the law, even when it takes the trouble to get a warrant—how is that confusing?"
Regarding the cost and labour involved in putting up reports that tell the public how they are releasing our information: well, if it's really all that costly to the poor, cash-strapped wireless providers, perhaps it's time for them to increase the fees they charge law enforcement agencies for the all-you-can-eat buffet of data they provide.
One example, as security and privacy researcher Christopher Soghoian reports, is Sprint, which charges a flat $30/month for electronic surveillance of location/GPS data.
Obviously, they're giving the data away.
Sometimes that's a good thing, such as when geolocating somebody will save his or her life. The bill addresses such situations, where time is more crucial than the need to obtain a warrant.
For all the other times?
Let's hope the bill passes. It's time for a lot more transparency from the carriers who give our data away, and a great deal more accountability from the agencies who seek it in the first place.
function utmx_section(){}function utmx(){}(function(){var k='1796953241',d=document,l=d.location,c=d.cookie;function f(n){if(c){var i=c.indexOf(n+'=');if(i>-1){var j=c.indexOf(';',i);return escape(c.substring(i+n.length+1,j')})();Internet doomsday on July 9th? Don’t panic! | Naked Security MalwareData lossSocial networksMobileApplePrivacyVulnerabilityMore...Search for: Facebook teams up with Sophos and other security vendorsVMware confirms hackers stole source code Internet doomsday on July 9th? Don't panic!
Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Don't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos.
Hi there! If you're new here, you might want to subscribe to our RSS feed for updates.
Already using Google+? Follow Naked Security's Graham Cluley for the latest security news.
On LinkedIn? Join the Naked Security discussion group and connect with your peers in the security industry.
Sorry, something happened and we couldn't sign you up. Please come back later and try again.
Congratulations, you've successfully signed up for our daily news! Check your inbox soon, we've sent you an email.
Sorry, that email doesn't look right to us so we haven't added it to our list.
We're adding your address to our list...
Join thousands of others, and sign up for Naked Security's newsletter
by Beth Jones on April 25, 2012|16198111 Commentshttp%3A%2F%2Fnakedsecurity.sophos.com%2F2012%2F04%2F25%2Finternet-doomsday-dont-panic%2FInternet+doomsday+on+July+9th%3F+Don%27t+panic%212012-04-25+21%3A40%3A08Beth+Joneshttp%3A%2F%2Fnakedsecurity.sophos.com%2F%3Fp%3D161981
Filed Under: Featured, Law & order, Malware
Here in SophosLabs, we have been receiving a fair number of requests from the general public asking about the supposed "internet doomsday", said to strike on July 9th, which will leave "hundreds of thousands of internet users without internet access".
In the immortal words of Douglas Adams: Don't Panic
First, let's back the train up into the station and give you a quick history on this.
Back in November 2011, the FBI seized control of a bunch of rogue DNS servers that were being used by the bad guys to redirect PCs infected with the DNS Changer malware machines to various scams with the intention of making money.
More than 350,000 computers around the world are thought to still be using the DNS servers, which have now been made harmless. But it's US taxpayer dollars which are keeping the DNS servers up and running, and that's not a situation that can carry on indefinitely.
The best solution is for people to fix the DNS settings on their computers.
The original plan was for the the DNS servers to be shut down on March 8th 2012, but the FBI has asked for more time, delaying the shutoff date to July 9th.
Essentially the FBI is trying to give innocent folks time to clean their machines up.
And computers should be fixed - because if the DNS servers go down, any computer relying on them for DNS name services will cease to be able to browse the web, read email or do just about anything on the internet at all.
The issue is discussed in greater detail in Sophos Chet Chat podcast 86, that was published last month. (The DNS Changer part of the podcast starts at 4'30".):
Now a bit of good news for Sophos customers, Sophos can detect various variants of the DNS Changer malware under names such as Troj/DNSChan-A.
Furthermore, Sophos products can detect if your computer is one of the ones whose DNS settings have been meddled with - identifying them as CXmal/DNSCha-A, and help repair the damage.
And finally, if you want to see if your computer is one of those which might be affected on July 9th, you can check via the DNS Changer Working Group website (DCWG).
The FBI also has a look-up form on its site.
If you were one of the unfortunate people whose computers were hit by the DNS Changer malware, your access to the internet does not have to disappear on July 9th.
Take the right steps now to avoid a headache later.
Follow @SophosLabs
Ludo game image, from ShutterStock
Tags: DNS, dns changer, FBI, July 9, Malware
Facebook teams up with Sophos and other security vendorsVMware confirms hackers stole source code var OB_langJS = 'http://widgets.outbrain.com/lang_en.js';var OBITm = '1327683338569';var OB_raterMode = 'none';var OB_recMode = 'strip';var OutbrainPermaLink = 'http://nakedsecurity.sophos.com/2012/04/25/internet-doomsday-dont-panic/';if ( typeof(OB_Script) != 'undefined' ) OutbrainStart(); else { var OB_Script = true; var str = unescape("%3Cscript src=\'http://widgets.outbrain.com/OutbrainRater.js\' type=\'text/javascript\'%3E%3C/script%3E"); document.write(str); }11 Responses to Internet doomsday on July 9th? Don't panic!Marion Hounsome says:April 25, 2012 at 11:28 pm
All very interesting, of course.......but exactly what steps am I supposed to follow to check this out? I, and probably others, need a simple list of instructions as to what to do!!
ReplyGraham Cluley says:April 26, 2012 at 12:10 am
Visiting http://www.dcwg.org/detect/ is probably the easiest thing to do.
ReplyMarilyn says:April 26, 2012 at 12:38 am
Ran the check, but it tells me if the ISP is changing it for me, I could be infected & pass the detect test! What then?
ReplyCyberPaddy66 says:April 26, 2012 at 9:01 am
[quote]And finally, if you want to see if your computer is one of those which might be affected on July 9th, you can check via the DNS Changer Working Group website (DCWG).[/quote]
If you actually read the thing you would find the info there along with a link to the site that does the actual checking which is the same link that Graham posted, it's not rocket science people!
ReplyChris Davies says:April 26, 2012 at 9:22 am
The original plan, as the article points out, was to shut down the rogue DNS servers on March 8th. So we're already into dead time.
Why not shut down the DNS servers for an hour each day, cycling around the 24 hour clock (so that it impacts users globally), then increasing this to two or three cycling four-hour periods until the final cut-off?
If users don't already have A/V (or it's not up-to-date) then telling them now that they might be at risk won't change their attitude. Appearing to cut off Internet access would be a far more effective way of highlighting the issue to those at risk.
Better still, have these DNS servers redirect all requests to a farm of servers that simply present null services (Web and Mail are probably the biggies) with messages explaining the problem and offering suggestions for a fix.
ReplyFreida Gray says:April 26, 2012 at 9:45 am
I also ran the check & was told the same thing.When I went back to the previous page before the test,I found out that there was a way to manually check to see if you were using a DNS Changer server. The directions were clear,easy & could be carried out without leaving the page.After I did the manual check, I found out that my OS had a tool to remove the malware.I ran the tool,which did take more than 3 hours to check every file on both my C: & D: drives.
ReplyJonnyB says:April 26, 2012 at 4:41 pm
RE: the manual check (using ipconfig in command prompt on Windows) - wont this simply return the IP address of the router, if one is being used? i.e. 192.168.x.x
Assuming most people use routers, these days (they do, don't they?), it would surely be helpful for the linked pages to note that it is the router's DNS IP settings that need comparing to the known malicious settings?
ReplyMikeP says:April 26, 2012 at 3:57 pm
My ISP in the UK states which DNS server IPs to use, not my PC. So that is set in the modem set-up process and is set to use just the two IPs given and is not using the automatic method.
Therefore the modem has manually set IP addresses for which servers it should use, the PCs on the Ethernet network do not control them, as far as I know, so unless the malware can change the modem settings then it cannot infect such devices surely?
Although the XP Pro service 'DNS Client' is running, I'm not sure whether it needs to be or what effect it has on our networked systems ability to access each other and the Internet via the ADSL modem. I suspect it's more a case of using that to allow the 'Hosts' file to be read to avoid unwanted nefarious address translations?
Is it the case that this malware might affect some PCs that do not use a modem/router for ADSL access to their ISP? Or is it something more specific to the way the Internet is accessed in the USA?
ReplyJean says:April 26, 2012 at 4:07 pm
Thank you. I have people starting to ask me about this. They saw articles in various newspapers with "...For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections...". Now I can send them something to check for themselves.
ReplyBrian says:April 27, 2012 at 1:29 am
Just enter the IP address of the website
Reply@GenoHacker says:April 27, 2012 at 3:34 pm
More than 350,000 Computers, so basically its going to around that number of computers that are infected and compared to the amount of computers in the world i wouldn't call this an "internet doomsday" its more of another issue the internet faces every now and then, now if the number was in the millions then i could agree on calling it an "internet doomsday".
ReplyLeave a Reply Cancel replyYour email address will not be published. Required fields are marked *Name *Email *WebsiteCommentYou may use these HTML tags and attributes:
The mobile carriers industry trade group, CTIA–The Wireless Association, is objecting to a proposed bill that would require the police to produce a warrant if it wants access to location data on people's mobile phones. 
MalwareData lossSocial networksMobileApplePrivacyVulnerabilityMore...Search for:
Marion Hounsome says:April 25, 2012 at 11:28 pm
Graham Cluley says:April 26, 2012 at 12:10 am
Marilyn says:April 26, 2012 at 12:38 am
CyberPaddy66 says:April 26, 2012 at 9:01 am
Chris Davies says:April 26, 2012 at 9:22 am
Freida Gray says:April 26, 2012 at 9:45 am
JonnyB says:April 26, 2012 at 4:41 pm
MikeP says:April 26, 2012 at 3:57 pm
Jean says:April 26, 2012 at 4:07 pm
Brian says:April 27, 2012 at 1:29 am
About the authorBeth JonesSenior Threat Researcher, SophosLabs USBeth manages the day-to-day research and analysis activities of incoming suspicious malware threats that arrive in SophosLabs via customers, partners and prospects. Beth has worked in Sophos's Boston lab for more than five years and brings nearly a decade of network security experience to Sophos.
PopularRecentRelated
Which is more secure - Internet Explorer or Firefox?
var OBCTm='1328889400668';utmx_section("Test trigger")jQuery(document).ready(function($){ Gravatar.profile_cb = function( h, d ) { WPGroHo.syncProfileData( h, d );}; Gravatar.my_hash = WPGroHo.my_hash; Gravatar.init( 'body', '#wp-admin-bar-my-account' ); });