Cyber Security Intelligence

Twitter< Follow on Twitter >

June Newsletter #1 2014

Massive eBay Hack – 145m Users Affected

A database containing millions of eBay user data, including passwords has been hacked.

Following penetration of eBay employees’ confidential files as long as three months ago, the international online Auctions site has revealed the extent of the data breach and advises all registered users to change their passwords without delay. While eBay says it can see no evidence that user accounts have been abused and claims that financial details have not been compromised, there is now a major risk to users as many accounts link to other personal details as well the PayPal money transfer sire (also owned by eBay) where millions of financial transactions take place daily.

Ebay says there is no evidence the hack has resulted in unauthorized or fraudulent activity on the site but it may be months before the full extent of the harm caused becomes apparent.

Hot on the heels of the Heartbleed vulnerability (albeit a different type of security issue), once again the personal details many millions of active internet users are in the hands of hackers. This event emphasizes the difficult challenge organizations face in maintaining Cybersecurity. It seems that no organization is safe from being successfully hacked, no matter their financial muscle.

Related Links:
eBay Statement
Computer World Blogs

US charges Chinese military hackers and China accused America of Hypocrisy

Tensions between the two superpowers explode as a Pennsylvania court accuses military officials of trying to steal secrets from six companies, including a nuclear energy firm. A US grand jury has charged five Chinese military hackers with cyber espionage against US corporations in a landmark set of indictments.

In an unprecedented move, the US leveled criminal charges against five Chinese military officials on Monday, accused of masterminding government-led cyber hacking to steal trade secrets from six major American companies, operating in the key energy and metals industries.
According to Attorney General Eric Holder, the targets were the nuclear power station manufacturer Westinghouse Electric, US Steel, Allegheny Technologies and Alcoa, as well as subsidiaries of SolarWorld, the US solar power group. The Chinese hackers also broke into computer networks of the United Steel Workers and other unions.

The charges, the first of their kind brought in the US against the direct representatives of a foreign government, are a culmination of years of US complaints about rampant Chinese computer spying, both industrial and military – highlighted in a landmark 2013 Pentagon report that accused Beijing of making cyber warfare a key part of its strategy as it jostles with the US for dominance in South-east Asia.

China accused the United States of hypocrisy and threatened retaliation over hacking charges against five People's Liberation Army officers. Last week Beijing summoned Max Baucus, the US ambassador, for talks and issued a flurry of angry and wounded denials that it had engaged in cyber-espionage.

‘The claims of so-called commercial cyber-theft and so on have been spun out of thin air,’ insisted the Defence ministry, adding that the US had ‘nefarious motives’ and was trying to ‘bamboozle’ the world. In a lengthy statement Tuesday, the Defense Ministry invoked WikiLeaks reports and recent disclosures by fugitive National Security Agency contractor Edward Snowden to level charges of hypocrisy against U.S. authorities.

A day earlier, the US Justice department took the dramatic step of issuing wanted posters for five PLA officers for what it called "21st-century burglary".

China said it would suspend the activities of the Sino-US Internet working group in protest. The Foreign Ministry issued a statement on Sunday, saying a US grand jury indictment of five Chinese military officials was ‘made up’ and would ‘damage Sino-American cooperation and mutual trust’.

It is unlikely the accused will ever appear in a US court. But at the very least they will be unable to go to the US. More important, the charges will increase tensions between the two countries, when China’s fast-growing military and its territorial claims in the South China Sea are causing major friction with key US allies, including the Philippines, Japan and Vietnam.

China, however, proclaims its innocence, and maintains that the real culprit is the US. As proof, it points to the sensational leaks by the former National Security Agency worker Edward Snowden. The Snowden revelations, of global eavesdropping by the NSA, came almost at the very moment President Obama was pressing the Chinese leader Xi Jinping to rein in cyber espionage in June 2013.

“There’s no evidence Chinese authorities have the ability to gather similarly solid evidence to support a charge,” said a Chinese engineer at a private IT firm, which asked for anonymity to talk about Chinese cyber-capabilities. Foreign media holds the original files in the Snowden scandal, which might hold some details of U.S. intrusions into Chinese computers.
China’s Premier Li Keqiang said last year: ‘China not only does not support hacking but opposes it.’

John Carlin, the assistant attorney general for national security, said the Chinese have long challenged U.S. officials to provide hard evidence of their data theft that could stand up in court. ‘Well today, we are,’ he said. ‘For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses.’

Although the indictment does not name the state-owned enterprises that may have benefited from the espionage, according to open-source literature, they are State Nuclear Power Technology, the Baosteel Group and the Aluminum Corporation of China, which is commonly known as Chinalco.

Related Links:

China bans Windows 8 from government computers

The move is intended to enhance computer security after Microsoft ended support for XP, according to the reports

The Chinese government has officially banned Windows 8 from use on all government computers, reports out of the country claim. The Xinhua news agency, one of the government's media mouthpieces, reported that the move was designed to improve security on government computers.

The news comes at a time when animosity between China and the US is high. On Monday, the US charged several Chinese government officials with allegedly hacking networks in the US. China quickly responded by saying that the US has engaged in cyber espionage and cried foul on the charges.

The decision to nix Microsoft's operating system on government computers was made last week, Reuters reports, so it didn't relate to Monday's charges.

For Microsoft, the ban is just the latest in a long line of issues the company has faced in China. Microsoft has long accused China of being a center of Windows piracy, and has tried working with the government to ease the effect of illegal copying. Those efforts have yet to bear fruit.
It's not clear from the reports what the Chinese government will use for computer operating systems now that Windows 8 is off the table. Windows XP is still widely used in China, but after Microsoft ended support for that platform, it too would present a security risk to the government. Windows 7 is still an option, but Xinhua did not say what the government has decided.

Microsoft shares were affected last week and were down 15 cents, or .38 percent, in pre-market trading last week.

Related Links:

In the Era of Big Data, Will Big Storage Be Big Enough?

The National Security Agency has been in the business of collecting information for a long time, but technological advancements over the past decade are the primary driver of the intelligence community’s ability to collect data on the grandest scales.

That those advancements continue to evolve at a frenetic pace – seemingly slowed only by Moore’s Law – presents an air of inevitability regarding the production of data by humans, sensors and machines and the consumption of it by governments, corporations and other organizations: For better or worse, data is going to get a lot bigger.

According to Gen. Keith Alexander, who retired in March after eight years as the director of the NSA, the world will produce some 3.5 zettabytes of information in 2014 – enough to fill the hard drives of 3.5 billion high-end desktop computers.

“We’re living in the age of big data and we have to figure out how to harness it,” said Alexander, speaking at the American Council for Technology – Industry Advisory Council’s (ACTIAC’s) Management of Change conference on Monday.

“That’s what the future is going to be about,” Alexander said. “Think about 3.5 zettabyes of data. Big data is absolutely vital. The changes that will come to our nation in science, technology, biomedical and health care will be phenomenal.”

Yet with great potential comes heightened risk, as evidenced by last June’s intelligence leaks perpetrated by former NSA contractor Edward Snowden.

Snowden downloaded as many as 1.7 million files containing classified or highly sensitive information, and ironically, a pile of the NSA’s own data has allowed the public a clearer vision over the last ten months of how the agency takes advantage of technology to collect information on everyone. In his speech, Alexander painted the NSA as “victims of a crime,” citing Snowden’s actions, which Alexander subtly hinted “might have something to do with the country (Snowden’s) sitting in (Russia).

The NSA, Alexander said, “faithfully did” its job, with the exception of one thing. 

“The one thing we failed in was protecting data from those we trusted,” Alexander said. “Now we have a new responsibility. Big data is something we’ll all have to work with.”

Alexander suggested stronger continuous monitoring efforts as one way to mitigate some problematic issues posed in the era of big data. Tracking data down to the cell level, wherein every piece of data has its own security infrastructure built in, is a further step down to ensuring that larger data sets aren’t entirely compromised by one bad actor or insider with an unclear agenda.

“Not everyone needs all the data,” Alexander said. “Only that data that you have a need for can you access and decrypt. We have to come up with a more defensible architecture.”

The NSA may have been one of the first organizations to dive into big data, but it’s clear now that big data is a reality for the rest of the world, too. And he challenged civilian agencies and industry to lead in big data or face the uncertain prospect of not being the world’s top dog in technology.

“I really feel strongly that this area needs leadership,” Alexander said. “We stand for freedom as a nation and with our allies. We need to lead in this area. We need you to lead in this area, we need vision and persistence to make it happen.”

Related Links:

Flight MH370 News Roundup:

Former Malaysian Prime Minister accuses CIA of a cover-up regarding flight MH370

CIA and Boeing may be hiding information about missing MH37. Former Malaysian PM Dr Mahathir says airplanes like MH370 'don't just disappear'. If the plane failed or have been disabled then 'Boeing must know. Mahathir said the plane might have had its MAS airline markings removed. The air-sea search out of Perth for debris is a 'waste of time and money'

Missing Flight MH370 did not crash and its current whereabouts may be know to the Central Intelligence Agency and the Boeing aircraft company, Malaysia's influential former prime minister Mahathir Mohamad has claimed. Dr Mahathir said the CIA could have switched the plane onto autopilot remotely if it had been hijacked.

'The plane is somewhere, maybe without MAS [Malaysia Airlines] markings,' he said, reports the Sydney Morning Herald.

'It is a waste of time and money to look for debris or oil slick or to listen for pings from the black box. “For some reason, the media will not print anything that involves Boeing or the CIA,' he said.

Dr Mahathir, 88, who was Malaysia's prime minister between 1981 and 2003, said the missing flight's communication system 'must have been disabled'.

Dr Mahathir's blog posts come after the current Malaysian Prime Minister Najib Razak described the location by satellite of purported MH370 debris in the Indian Ocean as 'bizarre' and 'hard to believe'.

Malaysian, Australian and Chinese authorities met last weekend to discuss the latest stages of the MH370 by ships staged in the Southern Ocean.

Chinese navy survey ship Zhu Kezhen will start mapping the seabed off the west Australian coast as part of the latest phase in the search, Australia's Joint Agency Coordination Center said.

Related Links:

Malaysia to release data tracking missing plane

The Malaysian government and a satellite company that helped track missing Malaysia Airlines Flight 370 announced Tuesday they are planning to release the raw data that led the search to be focused on a remote section of the Indian Ocean.

No timetable was announced for when the information will be released.
The Malaysian Department of Civil Aviation plans to release the data from Inmarsat, a British company whose satellite received several pings from the Boeing 777-200ER before the Beijing-bound flight went missing on March 8 with 239 people aboard.

Initially, Inmarsat could only suggest how far the plane was from the satellite, which looked like a broad crescent shape extending from the Indian Ocean toward Europe.

But through Doppler calculations with Britain's Air Accidents Investigation Branch, experts determined the plane was moving away from the satellite, which narrowed the search to an area 1,000 miles west of Australia.

Ships heard pings in early April that were presumed to be from the plane's recorders, which seemed to confirm the hypothesis. But because no debris has yet been found, the Malaysian government agreed to release the raw data behind the search.

The joint statement from the Malaysian government and Inmarsat said the data would be provided with explanations for readers to understand it.

"In moving forward, it is imperative for us to provide helpful information to the next of kin and general public," the statement said. "In line with our commitment towards greater transparency, all parties are working for the release of the data communication logs and the technical description of the analysis for public consumption."

Inmarsat’s engineers have long emphasized that the volume of information received from Flight 370 was exceedingly small, amounting to just 14 data points — seven automated “pings,” or electronic handshakes, between the plane and Inmarsat’s satellite, and seven corresponding transmissions between the satellite and a ground station in Perth, Australia.

Related Links:

Missing MH370: Underwater scanning resumes

The underwater search for the missing Malaysia Airlines flight MH370 resumed after a week of repairs to the US Navy’s submersible vehicle – and the man leading the hunt has said he remains “absolutely convinced” they are looking in the right place. Appearing on ABC News 24, retired Air Chief Marshal Angus Houston said that with a review of the satellite data well underway in Canberra he was sure that the analysis carried out by the British firm Inmarsat had been accurate.

Related Links:

MH370: Pilot's brother says he was not suicidal

A family member of the pilot of the missing Malaysia Airlines plane says he was ‘not suicidal’ and was doing household chores on the day of the flight. Asuad Khan, the brother-in-law of pilot Zaharie Ahmad Shah, said the 53-year-old was a sane, generous and happy family man and devout Muslim.

‘He had a good life,’ Mr. Khan told ABC News. ‘He had a lot of money, and he loved his daughter very much.’

Mr. Khan said his sister Faizah, who has not spoken publicly, had been questioned three or four times by police since the plane’s disappearance.

Authorities believe the flight disappeared on March 8 as the result of a ‘deliberate’ action but investigations into Zaharie and Fariq Abdul Hamid, the co-pilot, have found nothing suspicious. The Boeing 777 vanished shortly after take-off with 239 passengers aboard.

Mr. Khan said he understood that Zaharie had been at home in Kuala Lumpur on the day of the flight.

‘He's a DIY person,’ he said. ‘He likes to repair a lot of things by himself at home. On that day, my sister told me he was repairing the door for the bathroom if I'm not mistaken.’

Families of missing crewmembers have accused the airline of stopping to provide caregiver services after they consulted lawyers about seeking compensation.

“We are not against MAS, but somehow now they are against us,” said Lee Khim Fatt, 43, whose wife was a crewmember.

Related Links:

Missing MH370 was ‘shot down in military training exercise’, book claims

The missing Malaysia Airlines Flight MH370 was shot down during a joint Thai-US military-training exercise and then the subject of an elaborate international cover-up - according to a book released about the lost plane that has caused anger among the relatives of those on board.

71 days after the Boeing 777 vanished en route from Kuala Lumpur to Beijing, Flight MH370: The Mystery will go on sale in Australia, Sun-Herald reported.

It has been written by the Anglo-American journalist and author Nigel Cawthorne, who describes his London-based home as a book-writing factory and is most famous for his Sex Lives series of salacious tales about the rich and famous. Cawthorne introduces his book by claiming that the families of MH370's passengers will "almost certainly" never be sure what happened to their loved ones.

But he goes on to support one theory, based on the eye-witness testimony of New Zealand oil rig worker Mike McKay, that the plane was shot down shortly after it stopped communicating with air traffic controllers.

At the time there was a series of war games taking place in the South China Sea involving Thailand, the US and personnel from China, Japan, Indonesia and others, and Cawthorne has linked this to McKay's claims to have seen a burning plane going down in the Gulf of Thailand.

Irene Burrows, whose son and daughter-in-law were passengers on board MH370 when it disappeared, told Sun-Herald of her anger at the book's release.

‘Nobody knows what happened so why would anyone want to put out a book at this stage?’ she said.

Other family of passengers aboard the missing Malaysia Airlines flight have criticised the release of the first book on the saga, saying the publication was premature and its claims the plane was accidentally shot down is speculation.

Penguin will release aviation author Christine Negroni is also writing a book about the flight, which she said on her blog.

Related Links:

Director defends film about missing MH370

Director of The Vanishing Act, a film about missing Malaysia Airlines flight MH370, insists he is not exploiting the tragedy after viewers call trailer "disrespectful"

A director who plans to make a film about the missing Malaysian plane has defended his decision, admitting the "controversy will help indirectly" but insisting he is not cashing in on grief.

Rupesh Paul, the Indian film director, said the film will not affect the families of missing passengers, and will not be based on "stupid things".

Arguing the public wants to see a thriller rather than a documentary, he argued he was not exploiting the tragedy and had already received interest from Malaysian and Chinese buyers.
Paul is now at the Cannes Film Festival to publicise the film, which will be entitled "The Vanishing Act".

A trailer of the film, uploaded onto YouTube, shows a Malaysian aircraft traveling from Kuala Lumpur to Beijing in 2014.

Related Links:

'Killer robots' to be debated at UN

Autonomous killer robots do not currently exist but advances in technology are bringing them closer to reality. The X-47B unmanned aircraft could in future fire without human intervention. The era of drone wars is already upon us. The era of robot wars could be fast approaching. Already there are unmanned aircraft demonstrators like the arrowhead shaped X-47B that can pretty-well fly a mission by itself with no involvement of a ground-based "pilot".

There are missile systems like the Patriot that can identify and engage targets automatically. And from here it is not such a jump to a fully-fledged armed robot warrior, a development with huge implications for the way we conduct and even conceive of war fighting.

And so killer robots will be debated during an informal meeting of experts at the United Nations in Geneva. Two robotics experts, Prof Ronald Arkin and Prof Noel Sharkey, will debate the efficacy and necessity of killer robots.

The meeting will be held during the UN Convention on Certain Conventional Weapons (CCW). This will be the first time that the issue of killer robots, or lethal autonomous weapons systems, will be addressed within the CCW.

A killer robot is a fully autonomous weapon that can select and engage targets without any human intervention. They do not currently exist but advances in technology are bringing them closer to reality.

Those in favour of killer robots believe the current laws of war may be sufficient to address any problems that might emerge if they are ever deployed, arguing that a moratorium, not an outright ban, should be called if this is not the case. However, those who oppose their use believe they are a threat to humanity and any autonomous "kill functions" should be banned.
‘Autonomous weapons systems cannot be guaranteed to predictably comply with international law,’ Prof Sharkey told the BBC. ‘Nations aren't talking to each other about this, which poses a big risk to humanity.’

Prof Sharkey is a member and co-founder of the Campaign Against Killer Robots and chairman of the International Committee for Robot Arms Control.

On 21 November 2012 the United States Defense Department issued a directive that, "requires a human being to be 'in-the-loop' when decisions are made about using lethal force," according to Human Rights Watch.

Related Links:

IoT and the second machine age: Will robots put us all out of work?

Humanity is entering a second machine age. During the first, driven by the industrial revolution, machines took over all the muscle jobs. In their place though, technology created huge numbers of jobs where you had to use your brain.

But a new book suggests that machines, in the shape of robots and computers, are about to take over most of these, with profound impacts on our society and economy.

In their book, Erik Brynjolfsson and Andrew McAfee from MIT maintain that the combination of massive computing power, comprehensive networking, machine learning, digital mapping and the "internet of things" are bringing about a full-blown industrial revolution on the same scale as the transformations brought about by steam power and electricity. But whereas those earlier revolutions supplanted human (and horse) muscle, the new one will supplant much human cognition, in that work that involved employing people to do information-processing tasks will ultimately are done by computers. The implication is that even those in many white-collar occupations may find themselves unemployable. If capitalism can outsource low-paid jobs, why can't it replace the middle classes with automatons?

There is a whiff of technological determinism to all this (although Brynjolfsson and McAfee vigorously deny the charge). It suggests that technology is the main – if not the only – force that drives history. In a variation on the "guns don't kill people – people do" argument, critics point out that the social context in which technologies come into being, not technology itself, is the thing that determines change.

The problem, they say, is that most people have no idea of the abilities of these new technologies. They point to the Google self-driving car as an example of a capability that – until recently – most people thought would be the exclusive preserve of human beings for a long time to come. Yet the cars now exist and are safer than human-controlled vehicles. And if computers can safely drive cars in crowded urban environments, they can certainly do a lot of the tasks currently performed by office workers. This time, in other words, is different. We really are standing on the brink of an inflection point.

Related Links:

Cybercrime Boss Offers Ferrari Prize for Most Lucrative Online Attack

A new video highlights the problem legitimate organizations have in recruiting the best talent
A global cybercrime gang has offered hackers-for-hire a Porsche or Ferrari if they win an “employee of the month” competition, highlighting the increasingly lucrative rewards on offer for those who decide to make a living from the Darknet. In the video, subject of a current investigation, a cybercrime boss appears on the professionally shot video in a car showroom “with a couple of blondes” offering up the luxury prize for the associate who makes the most from an online attack campaign.

Head of the European Cybercrime Centre (EC3) Troels Oerting said the scheme shows just how attractive such online operations can be, especially given the relatively low risk of being caught, with gangs recruiting talented programmers from universities.

He added that cybercriminals typically base themselves in jurisdictions where Europol has struggled to penetrate, with 85% of online crime currently coming from Russian-speaking countries.

"They are very, very good at locating themselves in jurisdictions that are difficult for us. If we can pursue them to arrest, we will have to prosecute by handing over the case," Oerting told The Indy.

"Even if they will do it, it's a very cumbersome and slow process. You can wait until they leave the country, and then get them. That's a comparatively small volume. The police ability stops at the border.”

He added that Africa is also increasingly being used as a base to launch attacks from, as its broadband infrastructure improves.

General manager of RedSeal Networks, Duncan Fisken, argued that as the rewards for cybercrime increase, so should the “price of getting caught”.

“Prison sentences and financial penalties need to be much tougher; gone should be the days of a slap on the wrist and token fine or perhaps a short or suspended sentence,” he told Infosecurity.

“It’s time to up the ante and impose jail terms of years and punitive fines. Only when the price of getting caught outweighs the potential reward, and crucially that justice is seen to be done, will there be a chance that would-be cyber attackers may think twice."

Lancope CTO TK Keanini told Infosecurity that the luxury automotive prize on offer could even by limiting, given that “some of the people innovating in this area may not be of the driving age”.

“On average, a Ferrari costs $200,000; but there are people on the dark markets paying well into $250,000 for zero day exploits on specific platforms. When you consider how much money they can make monetizing this type of capability, it is cheap,” he added.

Martin Sutherland, managing director of consultancy BAE Systems Applied Intelligence, argued that the news further demonstrates the extent to which the online world is “fast becoming the new frontier for organized crime”.

“The conclusion is becoming increasingly clear – we have now entered the age of digital criminality; a modern cybercrime combination in which well organized and well-funded criminal groups are using sophisticated cyber techniques to carry out theft and fraud on an unprecedented scale,”

“Responding to this challenge is going to require us to work together more closely than ever before - sharing threat intelligence, and using the most advanced fraud prevention techniques to stop these attacks before they do real harm to businesses, consumers and the economy as a whole.”

The scheme – operated from an unspecified eastern European destination – highlights the huge rewards on offer for relative risk-free criminal operations that can net the masterminds millions of pounds from countries that operate as safe havens – far beyond the reach of European security officials.

EC3 – the focal point of the EU's fight against cybercrime – said that the agency was seeing 85 per cent of cybercrime activity from Russian-speaking territories, where law enforcement has traditionally found it difficult to prosecute cyber criminals targeting Western countries.

Mr. Oerting warned that Europe faced a two-tier system of justice where the rich could afford to protect themselves and take the cyber fight to organised hackers, while the poor faced spiraling bank charges and rampant identity theft because of their inability to pay for online protection. He said that the vast cost of card fraud meant that companies were unlikely to continue shouldering the cost in the long term.

"We have 28 different legislations but we have one new crime phenomenon," he said. "If you're rich you live in a nice place with a fence around it with CCTV, but if you're poor…. On the Internet, some will be able to protect, some will not."

One of the biggest alleged players in international cybercrime, Dmitry Golubov, was released from prison in Kiev in 2008 after the intervention of two Ukrainian politicians. He was accused by the US authorities of being a key player in CarderPlanet, one of the first and most sophisticated credit card fraud sites in the world, and subsequently set up his own political party. He denied any wrongdoing. At its height, CarderPlanet had 6,000 members, headed by a godfather. A US court last year jailed Roman Vega, one of the senior dons, for 18 years after he was arrested when he travelled to Cyprus.

"They are very, very good at locating themselves in jurisdictions that are difficult for us. If we can pursue them to arrest, we will have to prosecute by handing over the case," said Mr. Oerting. "Even if they will do it, it's a very cumbersome and slow process. You can wait until they leave the country, and then get them. That's a comparatively small volume. The police ability stops at the border. We are also seeing signs of movement to African countries when the broadband is getting bigger. We will probably see more from places we don't want to engage with."

Mr. Oerting said that criminal gangs were actively recruiting young programmers from universities and were talent-spotting online to identify creative programmers.

He cited the case of a worldwide gang which paid about $500 for five debit cards with a fixed withdrawal limit, then hacked into computers to convert them to credit cards with no upper withdrawal limit. They then cloned the cards and during a few hours of intensive activity at card machines across the world, including Britain, managed to steal about $45m. Mr. Oerting said that Europe would have to face a new way of fighting cybercrime given the sharp increase in fraud that was costing Britain billions of pounds every year.

"In real cybercrime, [we're going after] the people who develop and distribute the malware. We are trying to find them and identify them. It's like cutting the snake's head off. But there are a lot of heads, and they grow back very quickly," he said.

"Organised crime has not just embraced this but integrated cybercrime into its business."

Related Links:

What you really agree to when you click 'accept'

You can spot the words ‘privacy policy’ at the bottom of nearly every website. Don't be fooled. Those policies are more about data collection than privacy. Companies use these policies to alert you to how they track your location, read your emails, spy on your Web browsing and sell some of that to advertisers. It doesn't help that these disclaimers are close to unintelligible.

The policy at Facebook (FB, Fortune 500) is 9,110 words long. LinkedIn (LNKD) comes in at 7,895 words.

With the help of several legal experts, CNN has reviewed policies at many top websites and apps. The conclusion is that most privacy policies are too long and without clarity. The average policy is 3,545 words long. They're too vague. Unclear language isn't just annoying. It arms companies with more legal muscle. Having ambiguous language in privacy policies lessens a consumer's ability to fight back if their personal information is ever mishandled.

For example, King (KING), the maker of the wildly popular smartphone game Candy Crush, says it collects personally identifiable information "such as your name, address, telephone number or email address." But using the words "such as" means the list doesn't necessarily end there.

Aleecia McDonald is the director of privacy at the Stanford Law School's Center for Internet and Society. She notes that "such as" opens the gates for just about anything.

Policies change all the time. Companies revise the rules so often that advocates have launched a service called TOSBack to track updates.

For example, LinkedIn's (LNKD) privacy policy has been updated six times since March 27. Among the many tweaks: LinkedIn's privacy policy previously applied only to those with LinkedIn accounts. Now it applies to visitors too. And the service now uses cookies to recognize you "across different services."

Terms are open-ended. When companies collect your information, they provide a list of what they take -- typically without any real limits.

Related Links:

Computers 4 Africa : An Appeal

The ten-year anniversary of Computer 4 Africa (C4A) charity will take place this summer. The number of computers delivered by C4A is very large and to date 1.35 million children have accessed IT, with 336,477 children using one of C4As computers.

Computers 4 Africa opens the door to IT education for millions of children. IT has revolutionised schools globally with unequalled access to information, interactive teaching and key work skills. A single recycled PC or recycled laptop can impact 24 children’s lives during its first year, offering new hope to break out of the poverty cycle.

Your old working IT kit can make this difference. Whether you are upgrading your home computer or you are looking at an IT refresh for 10,000 machines we can help, by providing an ethical and economical solution to IT disposal.

Computers 4 Africa collects redundant IT, which is refurbished and data-wiped before being sent out to African schools, colleges, and community projects.

Computers 4 Africa promotes reuse not just recycling, which is greener for the environment and produces better quality equipment with a longer service life.

Related Links:

The full web site is currently under development and will be available soon!