Home Tags Virgin Atlantic

Tag: Virgin Atlantic

EnlargeLe Monde reader comments 7 Share this story GCHQ and the NSA have spied on air passengers using in-flight GSM mobile services for years, newly-published documents originally obtained by Edward Snowden reveal. Technology from UK company AeroMobile and SitaOnAir is used by dozens of airlines to provide in-flight connectivity, including by British Airways, Virgin Atlantic, Lufthansa, and many Arab and Asian companies. Passengers connect to on-board GSM servers, which then communicate with satellites operated by British firm Inmarsat. "The use of GSM in-flight analysis can help identify the travel of a target—not to mention the other mobile devices (and potentially individuals) onboard the same plane with them," says a 2010 NSA newsletter. A presentation, made available by the Intercept, contains details of GCHQ's so-called "Thieving Magpie" programme. GCHQ and the NSA intercepted the signals as they were sent from the satellites to the ground stations that hooked into the terrestrial GSM network.
Initially, coverage was restricted to flights in Europe, the Middle East, and Africa, but the surveillance programme was expected to go global at the time the presentation was made. GCHQ's Thieving Magpie presentation explains how in-flight mobile works. Le Monde Ars has asked these three companies to comment on the extent to which they were aware of the spying, and whether they are able to improve security for their users to mitigate its effects, but was yet to receive replies from Inmarsat or AeroMobile at time of publication. A SitaOnAir spokesperson told Ars in an e-mail: The article and documentation which you highlight makes reference to interception of a signal as it is transited through a satellite network.

The SitaOnAir service uses an Inmarsat satellite constellation for backhaul.

As would be the case for any mobile network operator, SitaOnAir's ground infrastructure contains various elements of security protection. The Thieving Magpie presentation explains that it is not necessary for calls to be made, or data to be sent, for surveillance to take place.
If the phone is switched on, and registers with the in-flight GSM service, it can be tracked provided the plane is flying high enough that ground stations are out of reach. The data, we're told, was collected in "near real time," thus enabling "surveillance or arrest teams to be put in place in advance" to meet the plane when it lands. Using this system, aircraft can be tracked every two minutes while in flight. If data is sent via the GSM network, GCHQ's presentation says that e-mail addresses, Facebook IDs, and Skype addresses can all be gathered. Online services observed by GCHQ using its airborne surveillance include Twitter, Google Maps, VoIP, and BitTorrent. Meanwhile, Le Monde reported that "GCHQ could even, remotely, interfere with the working of the phone; as a result the user was forced to redial using his or her access codes." No source is given for that information, which presumably is found in other Snowden documents, not yet published. As the French newspaper also points out, judging by the information provided by Snowden, the NSA seemed to have something of a fixation with Air France flights.

Apparently that was because "the CIA considered that Air France and Air Mexico flights were potential targets for terrorists." GCHQ shared that focus: the Thieving Magpie presentation uses aircraft bearing Air France livery to illustrate how in-flight GSM services work. Ars asked the UK's spies to comment on the latest revelations, and received the usual boilerplate response from a GCHQ spokesperson: It is longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary, and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners, and the parliamentary intelligence and security committee. All our operational processes rigorously support this position.
In addition, the UK's interception regime is entirely compatible with the European Convention on Human Rights. So that's OK, then. This post originated on Ars Technica UK
For many, Google Glass and other wearable devices might appear to be the latest overhyped fad. However, when smartphones first arrived, few would have suspected they'd become such an integral part of working life in the modern enterprise. The same could be said for tablets, which are seeing more applications added to match demand for enterprise use - Microsoft Word for Apple's iPad being a notable example. Businesses would therefore be wise to harness the potential benefits offered by Google Glass, but they should also be wary, because if one pattern has repeated itself when it comes to new technology, it’s that it isn’t long before hackers and cyber criminals target it as a means of gaining access to an organisation’s IT infrastructure. The message is therefore clear, Google Glass represents the next major threat to enterprise security, with the ability of the wearable device to record video – be the user aware it’s recording or not – capable of being used for cyber espionage and data theft. “I think many of the main concerns you’d see with carrying your mobile into a site and leaving it on so you could record what’s happening, you’re having the same situation with Google Glass, it’s just the form factor makes it easier to actually get away with doing that,” Earl Perkins, research vice president in systems security and risk at Gartner, told Computing. He also suggested fear of Google Glass-wearing spies could lead to a rise in physical security at organisations keen to hide sensitive data. “You’re going to see a big influx in physical security decisions that will be running concurrently with wearable technology decisions,” said Perkins. “You’re going to have to beef your security practices up, leading to a renaissance in physical security. That means we’re going to beef up a lot of what we used to do around perimeter protection, access control to buildings, facilities management even, places where you’re going to attempt to sense wearable technologies.” But many businesses won’t want to entirely ban Google Glass from their premises; indeed organisations including Virgin Atlantic and Dubai Police have already adopted the technology after successful trials. So what are the potential dangers facing such firms? “It’s a risk, it’s another attack vector, it’s another way of hacking in. It’s another piece of connected data processing that I’m carrying around, which just means it’s another type of device which could potentially be hacked into,” Dr Siraj Ahmed Shaikh, reader in cyber security and leader of the digital security and forensics research group at Coventry University, told Computing. “I’m sure some interesting scenarios will emerge in terms of hacking it or security,” he added. Dr Shaikh suggested that much like how smartphones are currently exploited as a security weak point by cyber criminals, it’s inevitable that an organisation will suffer a security breach involving Google Glass. “Things will happen, it’s sod’s law. What can go wrong will go wrong,” he said. It’s a view shared by Orlando Scott-Cowley, security specialist at Mimecast, who also believes cyber criminals will look to exploit Google Glass in a similar fashion to how smartphones have been targeted. “I’m sure at some point we’ll see the same focus of attack on Google Glass just like we saw attacks on phones,” he said. “There will be some kind of weakness that someone will find and they’ll record something or see something – something will happen.” Scott-Cowley added that using technology for cyber espionage isn’t a new idea, but Google Glass represents “a more covert way of recording data”, which is there to be exploited. But while there are those who’ll actively wear Google Glass in order to attempt cyber espionage, Gartner’s Perkins suggested it’s entirely possible the wearer could see their device hacked and therefore be completely unaware that they’re recording footage and sending it straight to the hard drives of cyber thieves. “You would have to know and understand how to access Google Glass remotely, there are ways to be able to authenticate yourself as a Google Glass user, and it would require a suitable level of sophistication to let it take place. “But could you take control of Google Glass and unbeknown to the user, record something that they’re looking at? The answer is yes,” he said.
IBM is opening a datacentre in Chessington, London, for its SoftLayer cloud customers. The facility is part of IBM’s $1.2bn plan to build 15 datacentres in Europe to propel its cloud services. The London facility has a capacity of more than 15,000 physical servers and will offer the full range of SoftLayer cloud infrastructure services, including bare metal servers, virtual servers, storage and networking. It will integrate via the company’s private network with all SoftLayer datacentres and network PoPs around the world. The new datacentre is IBM’s second cloud-focused facility in Europe after the existing Softlayer datacentre in Amsterdam it acquired when it bought the IaaS provider a year ago for $2bn.  Why London? “London is headquarters for a third of enterprises and our customers have a significant presence in the region,” said Steven Canale, SoftLayer vice president at IBM. “Also, a majority of the world’s largest financial institutions have operations here and London has one of the world’s largest communities for technology start-ups, incubators, and entrepreneurs. According to IBM, the region is a key cloud market, with customers using cloud to deploy web-centric workloads or to transform their existing operations. “We already have a large customer base in London and the region. The work these businesses are doing – the solutions and services that they are building in the cloud – is inspiring,” said Lance Crosby, SoftLayer's chief executive.  These customers will have a full SoftLayer datacentre “right in their backyard with all the privacy, security, and control elements,” he said. IBM aims is to have two datacentres in every region for cloud services, Canale said. In January, IBM said it will invest $1.2bn to expand cloud operations in all major geographies and financial centres. The investment is aimed at growing SoftLayer's global cloud footprint to 40 datacentres and double its cloud services capacity. While the new datacentre does not use renewable sources of power, it uses efficient, low-power servers and DCIM tools to make the centre energy-efficient. “It is in our own interest to keep the datacentre power-efficient as it will help us cut our operating expenses,” said Canale. IBM’s cloud customers will have full remote access and control, and will be enabled to create their ideal cloud environment – whether it be public, private, dedicated and/or hybrid, said Doug Clark, the cloud leader for UK and Ireland at IBM. The Chessington datacentre will also allow customers to use the company’s private network with all SoftLayer datacentres and network PoPs around the world. “Cloud is a business-enabler and IDC statistics show that as many as 85% of new applications in the enterprise space will be deployed via cloud services,” Clark said. The new datacentre will open for business this month and one existing SoftLayer customer looking to use London-deployed servers is MobFox, the mobile advertising platform provider in Europe. “If a user in London is opening our app on their phone, it is powered from the Amsterdam datacentre and it takes 100 milliseconds for us to provide the service,” said Julian Zehetmayr, MobFox chief executive. “London is one of our biggest markets and the new local datacentre will provide us with even lower latency.” MobFox uses SoftLayer cloud to deliver over 150 billion impressions per month for brands such as Nike, Heineken, EA, eBay, BMW, Netflix, Expedia, and McDonalds. IBM’s UK cloud customers include Virgin Atlantic and Wimbledon Championship. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK
Wearable technology is creating new privacy headaches for employers, a leading law firm has warned. Technologies such as Google Glass and smart watches are gradually making their way into the workplace. But the intrusive nature of these devices, which could be used by employees to take clandestine photographs or videos, are ringing alarm bells among some employers, says lawyer Sue McLean at Morrison and Foerster.   “There are huge privacy and ethical implications around wearable technology,” she said in an interview with Computer Weekly. She said wearable technology is likely to become more of a pressing issue for employers over the next few years as technologies, such as Google Glass, find new uses in the work place and home. The market for wearable technology is set to grow from $1.6 billion to $5 billion, according to research by Gartner. But as its use becomes more widespread, employers will need to put policies in place governing how staff use the technology. For example, if a person wearing Google Glass videos a meeting with other employees, that could be construed as bullying, says McClean. Similarly, an employee in a disciplinary action could use a wearable device to surreptitiously record the meeting – and then go on to use the recording in legal proceedings. “Companies have to be very clear on how and why employees use wearable technology, make sure they are clear what the rules are, and that they have taken adequate precautions to comply with privacy regulations and the law,” she says. Big brother Research has shown, says McClean, that employees using wearable technology are more productive if they know they are being monitored. However, the technology raises potential privacy and data protection concerns that will need to be addressed by employers and trade unions. For example, it may be legitimate to ask a fire fighter to wear Google Glass, showing a floor plan, to help them navigate through a burning building. But there may not be a good case for issuing Google Glass to shop assistants. “It may depend what the job is, and whether employees can require wearable technology from a health and safety point of view, ” she says. Intellectual Property Companies may need to restrict or ban the use of wearable technology where employees have access to valuable intellectual property. Organisations may choose to ban Google Glass from call centres, for example, where staff have access to customer records containing personal details about clients. The technology could also raise new data protection issues, if companies use it to display sensitive data about their customers. In January, Homeland Security agents removed a man wearing Google Glasses from the cinema Virgin Atlantic, for example, has announced plans to issue staff at Heathrow airport Google Glass, to keep first class passengers up to data on flight information, weather and local events at their destination. The devices, to be rolled out following a pilot earlier in the year, are able to alert staff to important passengers, by flashing their names, frequent flyer status and flight numbers on a mini-screen. “Some of the information [in this type of application] could be classified as sensitive information. So if you are Jewish, and you chose Kosher food for your flight, that would show your religious affiliation,” she says. Companies will need to make sure sensitive data is adequately secured, so it cannot accidently be leaked, she says, or be exposed to hacking risks. Similarly, employees using Google Glass to make video recordings, will need to make sure that people in the video have consented to be filmed or recorded. Over-reactions Experiences in the US have shown that so far, people have a tendency to over-react to new technology. In January, Homeland Security agents removed a man from the cinema, and questioned him for several hours about potential copyright infringement, after he was spotted wearing Google Glass. The man, who said he had only been wearing the Glass because it was fitted with his prescription lenses, was only able to prove his innocence when he persuaded officials to connect his Glass to a PC to examine its contents. In another case a woman was accused of distracted driving when she was found to be wearing Google Glasses after being pulled over for speeding in the US. The charges were dropped because there was no evidence she had been distracted or had the device turned on. Mobile phone cameras produced a similar reaction when they were first introduced, with many organisations responding by banning people with smart  phones, said McClean. “That has gone away now because organisations realise you can’t ban all mobile phones, “ she says. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK
Enterprises should prepare for the introduction of Google Glass within the business, according to the heads of security at insurance firm AXA and the Home Retail Group. Lee Barney, head of information security at the Home Retail Group, the parent comp...