Monthly Archives: August 2013

Britain, Consumer Affairs, European Union, Government, Research, Society, Technology

Research reveals the most commonly used PIN numbers…

10 per cent of PINs can be guessed in just one attempt

Research has revealed that one in ten PINs can be correctly guessed first time. The most commonly used numbers have been revealed, with 10% of the population still using 1234.

Researchers found 17 per cent of people in Europe have suffered identity fraud. Credit card fraud cost the UK more than £388 million in 2012.

Despite a rise in credit card fraud, the most commonly-used PIN is still 1234, with 1111 and 0000 coming in second and third.

Studies have shown that one in ten codes is so obvious that it would take criminals just one attempt to guess it correctly, while more than a quarter of the codes are used so often they can be guessed in fewer than 20 attempts.

Researchers from DataGenetics, a technology consultancy, analysed 3.4 million four-digit codes and found that many people use birth years as PINs, making it even easier for hackers to guess a code simply by finding out a person’s age from online accounts.

Additional research carried out by security experts McAfee found that 17 per cent of people in Europe have been victims of credit card fraud, at a cost of £1,076 per person.

The total cost of credit card fraud in the UK last year from criminals hacking and cloning cards was £42.1 million and the total amount of fraud committed through all credit card-related crimes was £388 million.

There are 10,000 possible combinations for four-digit PIN codes using 0 to 9.

The majority of PINs in the DataGenetics list began with the number one, which may be due to the popularity of using birth years. Zero and two were also popular. The higher the number, the lower its frequency.

The majority of PINs in the DataGenetics list began with the number one, which may be due to the popularity of using birth years. Zero and two were also popular. The higher the number, the lower its frequency.

DataGenetics unlocks data held in large databases. In producing its findings it used data from previously released password tables and security breaches. By combining the password databases, researchers filtered the results to show just four-digit numbers and were able to analyse 3.4 million four-digit passwords.

They discovered that all of the possible 10,000 combinations – from 0000 to 9999 – were found in the data list.

The most popular password was 1234, but the amount of times this number occurred ‘staggered’ the researchers – almost 11 per cent of the 3.4 million passwords were 1234.

This PIN was also more popular than the 4,200 codes at the bottom of the list combined.

The next most popular 4-digit PIN was 1111, used more than 6 per cent of times.

Data Genetics compiled a list of the top 20 passwords and found that 26.83 per cent of all the passwords in the list could be guessed by attempting these 20 combinations.

The researchers said:

… Statistically, with 10,000 possible combinations, if passwords were uniformly randomly distributed, we would expect these twenty passwords to account for just 0.2 per cent of the total, not the 26.83 per cent encountered.

The more popular password selections dominate the frequency tables and the study found that 10 per cent of PINs could be guessed correctly first time.

More than 20 per cent could be guessed by using just five attempts and statistically, one third of all codes could be guessed by trying just 61 distinct combinations.

The data found that the least-used code was 8068 with just 25 appearances in 3.4 million – far fewer than random distribution would predict.

The researchers also noted that many of the high-frequency PINs could be interpreted as years because many began with 19, for example, 1984, 1967 and so on.

This could be a birth year or anniversary and if a hacker can guess someone’s age, or even obtain it through birth records or online accounts, for example, they could make an educated guess at the PIN.

The majority of PINs in the DataGenetics list began with the number one, which may be due to the popularity of using birth years.

The numbers zero and two were also popular.

The research found that the higher the number from 0-9, the lower its frequency at the start of the code.

Another study by Google Apps found that a pet’s name is the most common online password.

As many as one in six people use their pet’s name as a password.

One is six Britons admitted accessing someone else’s account by guessing the password, with partners the most common target.

TOP 10 POPULAR PINS

  1. 1234
  2. 1111
  3. 0000
  4. 1212
  5. 7777
  6. 1004
  7. 2000
  8. 4444
  9. 2222
  10. 6969
Standard
Britain, Intelligence, National Security, United States

US bankrolling of GCHQ in return for influence…

INTELLIGENCE GATHERING

It has been claimed that Washington gave Britain’s spying and intelligence gathering centre at GCHQ more than £100 million over the last three years, raising questions over how much the U.S. has been influencing the work of British intelligence.

According to documents released into the public domain by whistleblower Edward Snowden, the British eavesdropping agency was expected to ‘pull its weight’.

One document states that weaker regulation for British spies than American agents is one of the intelligence services’ ‘selling points’ for the U.S.

Such leaks will raise yet more questions for GCHQ and government ministers who oversee it operationally, particularly in relation to the extent to which the United States makes pressing demands of Britain in its intelligence-gathering activities.

In a document from 2010, GCHQ said the US National Security Agency had ‘raised a number of issues with regards to meeting (its) minimum expectations’, and GCHQ ‘remains short of the full NSA ask’.

A classified cache leaked to The Guardian reveals the UK’s biggest fear is that… ‘US perceptions of the […] partnership diminish, leading to loss of access, and/or reduction in investment to the UK’.

A copy of a temporary document to allow US fugitive and whistleblower Edward Snowden to cross the border into Russia.

A copy of a temporary document to allow US fugitive and whistleblower Edward Snowden to cross the border into Russia.

These latest revelations leaked by Mr Snowden, a former NSA contractor, and who has been charged with espionage in the U.S., left Moscow’s Sheremetyevo Airport yesterday were he has been since June after exposing PRISM, a U.S. intelligence gathering project that snoops on private individuals accounts, emails and telephone calls. Snowden has now been granted refugee status in Russia amid Western concerns he is now in the embrace of Moscow’s secret services. The granting of refugee status pending his application for temporary political asylum is certain to spark fury in Washington which had urged President Putin to deport him to the US to face espionage charges.

Previously, GCHQ was criticised after Mr Snowden claimed British intelligence agents used the PRISM system to bypass UK laws.

Last week Parliament’s spy watchdog called for an investigation into the laws on intelligence eavesdropping, saying they ‘may not be fit for purpose’.

The latest documents reveal the NSA gave GCHQ £22.9million in 2009, £39.9million in 2010, and at least another £34.7m in 2011-12.

The 2010 payment included £4million to support GCHQ’s work for NATO forces in Afghanistan, and £17.2million to fund the agency’s Mastering the Internet project, which gathers and stores vast amounts of ‘raw’ information ready for analysis.

Also funded by the NSA was redevelopment of GCHQ’s sister site in Bude, Cornwall, to the tune of £15.5million. The site intercepts transatlantic cables that carry internet traffic.

In return, the documents suggest GCHQ has to take the American view into account when deciding what to prioritise.

The money has been an important source of income for the British agency as it has been forced to cut costs and has shed more than 300 of its 6,000 staff.

Documents show GCHQ is heavily investing in harvesting personal information from mobile phones and apps, and wants to be able to ‘exploit any phone, anywhere, anytime’.

Some GCHQ staff have expressed concern about ‘the morality and ethics of their operational work, particularly given the level of deception involved’.

Shadow foreign secretary Douglas Alexander MP said…

… The vital work of the intelligence agencies requires effective and thorough oversight by the Intelligence and Security Committee on behalf of Parliament, and by ministers, and in the case of GCHQ, by the Foreign Secretary.

… The latest reports in the Guardian only underline the importance of the Foreign Secretary and the Intelligence and Security Committee being able to assure the public that the legal framework within which our intelligence agencies operate is both being adhered to and is fit for purpose.

Standard
Government, National Security

The National Security Agency’s XKeyscore…

U.S. INTELLIGENCE

The Guardian Newspaper, a London based broadsheet, has reported that intelligence analysts can conduct surveillance by giving only a ‘broad justification’ by filling in an on-screen form through a system known as XKeyscore. No review is needed either by a court or National Security Agency Staff.

Following disclosures made by the US fugitive and whistleblower, Edward Snowden, that U.S. intelligence agencies collected data on phone calls and other communications of Americans and foreign citizens as a tool to fight terrorism, those revelations have sparked uproar in the United States, Britain and other foreign countries.

America’s National Security Agency (NSA) has called XKeyscore ‘a lawful foreign signals intelligence collection system’. In a statement to the Guardian following the newspaper’s report the agency said it was ‘false’ its collection is arbitrary and unconstrained. Intelligence analysts insist the surveillance programs have helped to thwart terrorist attacks and have saved many lives.

Opposition to the sweeping surveillance has been gaining traction in Congress, despite intense arguments and lobbying on behalf of the intelligence agencies’ from the Obama administration, congressional leaders and members of the House of Representatives and Senate Intelligence Committees.President Obama will meet with U.S. lawmakers today to discuss programs under the Foreign Intelligence Surveillance Act. This follows a grilling yesterday of intelligence officials by the Senate Judiciary Committee about their data gathering, the lack of transparency and security lapses that allowed Snowden to get away with so much information.

Two Democratic members of the committee, Senators Al Franken and Richard Blumenthal, said they would introduce legislation to force the Obama administration to provide more information about the data collection programs, including how many Americans’ records were reviewed by federal agents. A covert NSA programme allows analysts to search with no prior authorisation through vast databases.

Senator Franken said: “The government has to give proper weight to both keeping America safe from terrorists and protecting Americans’ privacy.”

Last week, the House defeated by a narrow 217-205 margin a bill that would have cut funding of the NSA program that collects the phone records. Strong support for the measure – bolstered by an unlikely alliance of liberal Democrats and libertarian Republicans – surprised many observers.

Snowden, who has been charged under the U.S. Espionage Act and had his passport revoked, left Hong Kong more than a month ago and is stuck in limbo at a Moscow airport while seeking asylum in Russia, which has refused to extradite him.

Democratic Senator Patrick Leahy, the committee chairman, said: “If a 29-year-old school dropout could come in and take out massive amounts of data, it’s obvious there weren’t adequate controls… has anybody been fired?”

John Inglis, the NSA’s deputy director, said no one had been dismissed and no one had offered to resign.

This week, the director of national intelligence has released three declassified documents in the ‘interest of increased transparency.’ They explained the bulk collection of phone data – one of the secret programs revealed by Snowden.

Much of what is in the newly declassified documents has already been divulged in public hearings by intelligence officials. The released documents included 2009 and 2011 reports on the NSA’s ‘Bulk Collection Program,’ carried out under the U.S. Patriot Act, the anti-terrorism legislation passed shortly after the Sept. 11, 2001, attacks.

They also included an April 2013 order from the Foreign Intelligence Surveillance Court, which directed communications company Verizon to hand over data from millions of Americans’ telephone calls. The declassified documents said the data would only be used when needed for authorised searches.

The 2009 report states: “Although the programs collect a large amount of information, the vast majority of that information is never reviewed by anyone in the government, because the information is not responsive to the limited queries that are authorised for intelligence purposes.”

But the secret NSA slide show from 2008, posted by the Guardian on its website, showed that XKeyscore allowed analysts to access databases that collect and index online activity around the world, including searching for email addresses, extracted files, phone numbers or chat activity.

Standard