Putin Urged to Investigate Damage Caused by Telegram Web-Blocking

Internet Ombudsman Dmitry Marinichev presented a report to President Vladimir Putin, saying there ought to be an investigation into the actions of Roscomnadzor after it tried to block Telegram last month. Marinichev noted that Roscomnadzor neglecting damage assessment meant millions of innocent IP addresses were caught up in the dragnet.

The Internet became a battleground once Telegram was banned in Russia by a Moscow court last month.  Image result for security camera

On Roscomnadzor’s instructions, ISPs blocked Telegram in Russia by blackholing millions of IP addresses. It was a shamble. Completely reliable services faced the brunt, while Telegram remained online anyway.

Roscomnadzor has partly cleaned up the mess these past few weeks by removing innocent Google and Amazon IP addresses from Russia’s blacklist. The collateral damage, however, was so massive there have been questions raised regarding the watchdog’s entire approach to web-blockades.

The matter looks set to skyrocket because of the annual report presented this week to President Vladimir Putin by business ombudsman Boris Titov. ‘The Book of Complaints and Suggestions of Russian Business’ has statements from Internet expert Dmitry Marinichev, who said the Prosecutor General’s Office should launch an investigation into Roscomnadzor’s actions.

Marinichev said while trying to bring down Telegram with hostile technical means, Roscomnadzor relied upon “its own interpretation of court decisions” to give direction, reported TASS.

“When carrying out blockades of information resources, Roskomnadzor did not assess the related damage caused to them,” he said.

Over 15 million IP addresses were blocked; many of them had no relations to Telegram operations. Marinichev stated the collateral damage suffered by innocent people was catastrophic.

“[The blocking led] to a temporary inaccessibility of Internet resources of a number of Russian enterprises in the Internet sector, including several banks and government information resources,” he reported.

Advising the President, Marinichev proposed that the Prosecutor General’s Office ought to look into “the legality and validity of Roskomnadzor’s actions” which led to the “violation of availability of information resources of commercial companies” and “threatened the integrity, sustainability, and functioning of the unified telecommunications network of the Russian Federation and its critical information infrastructure.”

Starting of May, reports came in that along with various web services, around 50 VPN, proxy and anonymity platforms had been blocked for providing access to Telegram. News on May 22 had seen that number swell to over 80 although ten were later after they terminated access to Telegram.

Currently, Roscomnadzor is carrying on with its efforts to block access to torrent and streaming platforms. It freshly ordered ISPs to prevent at least 47 mirrors and proxies giving access to previously blocked sites.

MPAA Earnings Drop 20% as Movie Studios Rollback

The revenue generated by MPAA in the latest tax filing shows a decline after a few years of modest growth. The reason is lower membership fees paid by the major Hollywood studios. Additionally, the filing revealed MPAA’s former CEO Chris Dodd earned $3.4 million during his final year.

The MPAA has achieved many anti-piracy successes in recent years as a united front for Hollywood. Image result for mpaa

MPAA has worked tirelessly in the shutdowns of Popcorn Time, YIFY, isoHunt, Hotfile, Megaupload and several other platforms.

Less apparent but essential, the MPAA does use its influence to lobby lawmakers and simultaneously arranges and manages anti-piracy campaigns both in the United States and abroad.

All this work doesn’t come freely, and so the MPAA relies on six major movie studios to pay the bills. Revenues had stabilized over the past several years, but in its latest filing, there is a drop.

The total revenue stood at $57 million for the fiscal year 2016 down from $73 million according to an IRS filing. The Hollywood studios paid most of it through membership fees totaling $50 million. A 22% drop compared to the previous year.

Year ending it resulted in a significant loss of $8 million. That’s a lot of money, but the MPAA is still in safe hands as it has over $10 million in net assets and funds.

There is no explanation for the lower membership fees.

Most of the expenses are incurred through salaries with Chris Dodd, the former MPAA Chairman, and CEO the highest paid employee with over $3.4 million in total income, including a $275,000 bonus.

It was a compensation for Dodd’s last full year as CEO. Last year Charles Rivkin replaced him another political heavyweight, who previously served as Assistant Secretary of State for Economic and Business Matters in the Obama administration.

10% of the entire salary budget was taken up by Dodd’s compensation. The remaining divided by MPAA’s other 196 employees. So the total workforce was 197 down from 224 a year earlier.

Moving on, it does charity work as well by donating to various research initiatives, including a recurring million dollar grant for Carnegie Mellon’s ‘Initiative for Digital Entertainment Analytics’ (IDEA), which deals with piracy related topics.

Copyright Alliance is another primary beneficiary. The group co-founded by the MPAA is a non-profit copyright holders representative, and it received $750,000 in support according to the latest filing.

The total grants budget is $3.1 million and comprises many smaller payments, similar to previous years. Lobbying budget totaled $3.6 million, and $5.3 million in legal fees.

Apart from revenues, the other aspects seem well taken care of.

eFail Attack on PGP and S/MIME Encryption

The EFF backed up by security researchers, have issued a warning over PGP and S/MIME encryption. Stop using at least for now to secure your emails.

PGP is widely regarded as the safest way to send secure emails although it does not encrypt metadata and is not the easiest to use.

 

Sebastian Schinzel, Professor of computer security at Münster University of Applied Sciences, on 14 May tweeted: “We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.”

Professor Schinzel is a respected security researcher for having uncovered many cryptographic vulnerabilities. His most notable find was 2016 DROWN attack which rendered 33% of all HTTPS servers in the world at risk.

The Electronic Frontier Association (EFF) has confirmed the vulnerability:
“A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”

It is best to follow the EFF’s advice.

The article then gives links to tutorials on how to disable PGP plug-ins in Thunderbird with Enigmail, Apple Mail with GPGTools, and Outlook with Gpg4win.

There is no mention of removing standalone apps such as Gpg4win or PGP browser add-ons such as Mailvelope.

S/MIME

S/MIME is similar to PGP; the only difference is S/MIME uses predefined encryption standards and public-private critical pairs handed by a trusted authority, whereas PGP users define their own encryption methods and sharing of their private encryption keys.

Closing

You should avoid using PGP and S/MIME to encrypt emails until the issue is entirely fixed.

 

Image credit: By arka38/Shutterstock.