It’s common knowledge that Intellectual property is a hot commodity to data thieves and cyberspies who prowl the Internet.

But, many folks may not realize that they risk valuable information falling into the wrong hands by hauling digital assets in laptops, smartphones and touch tablets across borders on business and holiday trips.

One big risk, of course, is that your computing device gets lost or stolen. Make no mistake about it, business travelers are targets of cybercriminals and nation-state spies are on the prowl for ways to tap into the hard drives of computing devices, says John N. Stewart, chief security officer at Cisco. Here are some tips he offers:

Back up your data. Do it before departure, because you probably can’t remember everything stored on the computing devices you take with you.

Leave sensitive files home. Make arrangements to tap into any files you need from a secure cloud connection, such as a VPN or secure cloud storage. Most nations can legally search your harddrive, if the customs agents feels you may be a security risk

Update your devices. Make sure antivirus suite is current, and all operating system and application security patches are done.

“Think of yourself always as a target,” says Stewart. “And if nothing happens, consider it a good day.”

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

SEATTLE — Google is in a mad scramble to distance itself from the National Security Administration’s controversial Prism data mining program.

So are Microsoft, Yahoo, Facebook, Apple, AOL, Skype (now part of Microsoft) and Paltalk — the other tech companies mentioned in PowerPoint slides depicting the Prism program, slides that were leaked by whistleblower Edward Snowden.

A lot is at stake. The tech giants are all hustling to swell profits derived from products and services tied into the Internet cloud. A necessary ingredient to accomplish that — consumer trust – has been put under another kind of cloud by the Prism disclosures.

“It’s no secret that the tech companies are in damage control right now trying to regain their users’ trust,” says Jonathan Mayer, fellow at Stanford University’s Center for Internet and Society.

CONTEXT: Why online tracking is a privacy time bomb

VIDEO:Data mining pits national security vs. individual privacy

At the moment, there is a gap in the facts between what the PowerPoint slides leaked by Snowden appear to depict – and Google’s flat denials; in particular, the company insists that its senior executives, at least, never heard of Prism before it splashed into global headlines last week. Even so, Google disclosed today that it did hand over consumer data to the feds, but only using rudimentary technologies.

Google’s corporate spokesman, Chris Gaither, issued this statement: “We refuse to participate in any program — for national security or other reasons — that requires us to provide governments with access to our systems or to install their equipment on our networks. When required to comply with these requests, we deliver that information to the US government–generally through secure FTP transfers and in person. The US government does not have the ability to pull that data directly from our servers or network.”

The company added: “Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made.”

Claudia Rast, a privacy attorney at Butzel Long, says the company’s assertions that it resorted to use of simple File Transfer Protocal, or FTP, data transferring technology, and even simpler hand deliveries, to honor very narrow data requests from the feds rings true.

By contrast, the PowerPoint slides published by The Guardian clearly identify the tech companies as supplying data to Prism. Yet the slide graphics really don’t specify the technology used, nor the frequency of the requests, nor the scope of the data transferred.

Rast said it would be just plain good legal sense for Google and the other tech companies to treat data requests from the feds very conservatively.

“Legally, a company’s not going to allow wide open access to their data,” Rast says. “They’re going to want specific time frame and scope of the search.”

Gaither’s statement today is probably air tight, says Scott Cleland, president of consultancy Precursor and a longtime critic of Google. That’s because corporations routinely take steps to keep its executives in a position to deny knowledge of anything potentially controversial.

“The companies are smart,” Cleland says. “They would have broadly delegated authority for their company’s NSA compliance to a very small number of individuals supervised by a company legal official of some kind; and only those few people would get the security clearances necessary to know what is transpiring.”

This compartmentalization, he says, keeps sensitive information in the hands of a few. “The leadership wants and needs to have reasonable and plausible deniability for times exactly like this,” says Cleland, who has testified before Congress on several occasions criticizing Google’s business practices.

“Google’s whole business model depends on people exercising minimal privacy limits on Google’s world-leading collection of their private data,” Cleland says. “They understand they must change the conversation from Google being perceived as a complicit bad guy holding the world’s largest trove of intimate private info on the most people, to a champion of user privacy and security demonizing government for not allowing more openness and transparency of secret activities.”

Gary Steele, CEO of cloud security company Proofpoint, says that a complex data collection program, like Prism, involving multiple companies, could easily be handled differently with each vendor.

“It’s entirely plausible that some of the government’s described capabilities only apply to some providers, thus causing an apparent gap between what some providers say publicly and what it’s alleged the government is doing,” observes Steele.

Google has by far the most to protect.The search giant is expected to make more from mobile ads than all other companies combined for the second straight year, totaling nearly $8.9 billion in mobile ad revenue in 2013, according to projections from research firm eMarketer. That would give Google 56% of the total mobile ad market. And that’s only a fraction of what Google earns from its dominant, bread-and-butter search term advertising business. Google’s revenue topped $50 billion in 2012.

What could come out of the revelations about Prism is a push by U.S. companies to follow Google’s lead and petition the NSA for permission to be more transparent about government data mining of consumers’ Internet behaviors than has been the practice thus far under the Patriot Act.

“A notable aspect is the number of service providers who have come forward to petition the government for more transparency.” Steele says. “It shows the providers understand their business relies on trust–trust that is at risk if customers believe their data privacy isn’t being protected. There may be companies willing to cooperate with the US government on cyber security issues, as long as their business doesn’t suffer competitively against firms in jurisdictions with stronger privacy safeguards.”

Rob D’Ovidio, associate professor of criminal justice at Drexel University, says he gets why Google is striving for plausible deniability.

Any involvement, whether voluntarily or compelled through a judicial order, in handing over its customers’ data to government surveillance officials “will not sit well with its users and likely cause mass migration to other service providers,” D’Ovidio says.

Indeed, Prism could be the tripwire that finally grabs the attention of convenience-minded U.S. consumers, who have been largely oblivious to exhaustive tracking of their every online move by tech companies chasing online advertising revenue. And it’s sure to add fuel to the fire in Europe, where the preservation of individual privacy has long been – and continues to be – a touchstone issue.

John Simpson, Consumer Watchdog’s privacy project director, says it’s crucial for Google and the tech companies to do everything possible to restore the public’s confidence in the wake of the revelations about Prism.

“The massive database that Google has is a honeypot for the NSA, and the snoops wouldn’t be using unconstitutional overreaching surveillance tactics if Google didn’t have this data and retain for so long,” says Simpson.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

There is some skepticism in the security community about all of Edward Snowden’s claims.

Snowden — the low-level contract analyst turned whistleblower who outed the National Security Agency’s PRISM data mining program – makes a lot of claims in his 12 minute video interview with The Guardian.

As a Booz Allen Hamilton network analyst based in Hawaii, Snowden clearly had the technical savvy to take full advantage of known ways for anyone inside the network of a large organization to roam deeper.

Snowden claimed he could wiretap anyone’s phone and had access to information showing wide ranging “abuses ” by the agency. He publicly released PowerPoint slides depicting PRISM, a secret NSA program for data mining information on individuals’ online behavior contributed by Google, Microsoft, Facebook, Apple and PalTalk.

He also claimed to possess the “full rosters of everyone working at the NSA, the entire intelligence community and undercover assets all around the world, the locations of every station we have, what their missions are and so forth.”

Snowden claimed to have the ability to “shut down the surveillance system in an afternoon. But that’s not my intention.”

Agency investigators now should be able to trace Snowden’s internet activities and determine the true extent of his infiltration of sensitive material, says Wade Williamson, senior security analyst at firewall company Palo Alto Networks.

It’s a big leap from stealing classified PowerPoint slides to wire tapping phones and accessing dossiers for spies and other agency personal. And the NSA presumably segmented access to very sensitive data says Williamson.

“I have access to lots and lots of confidential documents here at my company, but I’m not allowed to change how the network runs,” Williamson says. “He (Snowden) may have had access to PowerPoint slides, but not necessarily have control of all those other systems.

“What we don’t know is how broad that leak really was. From a national security point of view, that’s where I would want to go back and take a hard look at the veracity of his statements.”

Dr. Mike Lloyd, chief technology officer of Red Seal Networks, notes that unverified claims are just that – unverified.

“Hackers have always had a strong tendency to brag, and since so much of the activity is hard to trace, they also tend to exaggerate,” Lloyd says.

Lloyd concedes that the PowerPoint slides leak seems very credible.

“In studies of all infrastructures, including those used by the intelligence and defense communities, there are weaknesses all over the place,” Lloyd says. “People at the NSA understand what it means to say, ‘Red Team always wins.’ This translates to the point that a dedicated, persistent attacker will eventually find a gap you missed when you built your defenses.”

Jason Mical, vice president at AccessData Group, says there could any number of reasons why Snowden only disclosed PowerPoint slides. “For example, perhaps he was only interested in exposing enough information to get the message out and was not interested in releasing information that would more directly expose this nation and its intel community to risk,” Mical observes.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

It’s hard to argue against the notion that federal authorities need to do all that they can to defend America from terrorist attacks.

But the revelations about Prism, the intelligence gathering program that involves data mining Internet traffic records tapped from Microsoft, Google, Apple and Facebook raises a sticky dilemma.

In this age of Internet-connected smartphones and touch tablets — and pervasive use of social media — it’s possible to triangulate not just our personal preferences but also who we associate with and where we go during the course of an ordinary day.

The tech companies who are guiding us deeper into the Internet cloud, and performing this triangulation, are doing so to profile us to sell targeted advertising.

PRISM exists because this rich intelligence is useful for keeping terrorists in check.

The question now becomes one of balancing national security interests against an individuals right to privacy.

The traditional legal notion of privacy amounts to the right to be left alone.

But history is replete with examples of authoritarian regimes using intelligence gathering to oppress people unfairly.

The question going forward is whether existing rules and industry standards are adequate to keep things in balance.

Some privacy experts are already calling on Congress to do more to tighten down the system of checks and balance.

Given the global attention to PRISM higher Congressional scrutiny seems likely. And you can be sure that Microsoft, Google, Facebook and Apple will lead the way in sharpening industry protocals to head off any new regulations.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

The revelations in the Washington Post’s report on PRISM trains the spotlight on a sticky dilemma.

PRISM is a U.S. government anti-terrorism surveillance program that hinges on data mining of Internet traffic records contributed by Microsoft, Google and several other tech giants,

It’s hard to argue against leaving no stone unturned in preventing another 9-11 terrorist attack. On other hand, history is replete with examples of autocrats using intelligence-gathering to oppress.

CyberTruth asked an array of experts to weigh in:

“News reports of the last few days make clear that Congress has lost control over the legal authorities that permit electronic surveillance in the United States. Simply stated, the system of checks and balances has collapsed. Congress must begin comprehensive hearings with the goal of reestablishing legal control over the vast surveillance apparatus that is now directed to the private communications of American citizens.” –Marc Rotenberg, Executive Director, EPIC

“To me, electronic monitoring is the same as video camera monitoring. It’s excellent if it keeps us safe. It’s intrusive if it sees something we thought was private. Perspective. It’s all about perspective.” –Alan Paller, Research Director, The SANS Institute

“PRISM is clearly an unconstitutional overreach by government spy agencies. It is completely unjustifiable and wrong.The Internet companies that cooperated should be ashamed of themselves. They should have resisted and told the public what was happening.” –John Simpson, Consumer Watchdog

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

In a repeat of a phenomenon that helped fuel the Arab Spring uprisings, citizen protestors in Turkey are using a free VPN service to thwart reported Internet censorship.

Over the weekend, some 120,000 people inside Turkey downloaded Hotspot Shield, a free mobile app supplied by U.S. vendor Anchorfree that sets up a VPN (virtual private network) linked up to the outside world.

Usually, the company sees about 10,000 new Hotspot Shield sign ups from the nation of about 73 million, says David Gorodyansky, Anchorfree’s founder and CEO.

On Saturday, TechCrunch reported that both Facebook and Twitter have been impossible to access from inside Instanbul and other areas of Turkey. This came amidst protests against restrictions on alcohol and other issues escalated into clashes with police, and increased use of Twitter and Facebook to rally the citizenry.

Turkish prime minister Recep Tayyip Erdogan told France 24 that social media “is the worst menace to society” and called Twitter “a menace.”

CyberTruth asked Anchorfree’s Gorodyanksy to weigh in on how an encryption service has emerged as a tool to aid social protest.

CT: Has the use of VPN to get around government censorship ever happened before?

Gorodyanksy: Yes, protesters often flock to VPN’s like Hotspot Shield during crackdowns, protests and government censorship. In fact during the Arab Spring we saw Hotspot Shield go from about 100,000 Egyptian users to more than 1 million users in just three days.

CT: So how did use of your technology go viral this past weekend in Turkey?

Gorodyanksy: Honestly, it’s mostly word of mouth. We don’t do anything special marketing-wise, but when people are fighting for their right to free information and government control, we don’t have to. I’m just happy that we can help – I find it both really satisfying and humbling to enable Internet users to gain freedom to access all information online and are glad Hotspot Shield has played a role in global events by putting the user first.

CT: What’s the key difference availability of private VPNs made in this particular set of circumstances in Turkey?

Gorodyanksy: VPNs probably helped in a variety of ways. It made the user private and anonymous so their activity could not be tracked. Users were routed through VPN servers in the US or other countries that might have helped route around local slowdowns and speed their access to social media. In the case of Hotspot Shield we also compress images and video so that would definitely have helped during the slowdown.

CT: To what degree is use of private VPN by individuals catching on in daily life?

Gorodyanksy: Privacy is going mainstream and people are starting to understand using a VPN is important. As internet usage has become more mobile, people have definitely become more aware that they leave themselves open to hacking and identity theft when using WiFi hotspots if they don’t use a VPN. And recent reports show that many password protected home WiFi networks are vulnerable s well.

Also I think that the emergence of cloud computing has shifted the threat away from devices to internet browsing activity. People understand that anti-virus software is not enough anymore.

Furthermore users are extremely concerned in being tracked online. Microsoft has defaulted users in IE 10 into Do Not Track. Millions of users are relying on AnchorFree, Microsoft and others to provide them with simply to use tools to protect their privacy online. Hotspot Shield is one of the most effective ways to protect your privacy across both mobile and web.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

WASHINGTON — China denies it engages in cyberespionage. The U.S. is beginning to float the notion that it’s okay to retaliate aggressively against cyberspies. And more evidence of intellectual property theft, via the Internet, is being flushed out daily.

That’s the backdrop as President Obama and Chinese President Xi Jinping both travel to Southern California’s Rancho Mirage on Friday and Saturday for historic face-to-face meetings.

High on the agenda for discussion: cybersecurity.

China has been widely linked to network break-ins of numerous Western companies and agencies, and Obama earlier this year issued an executive order to compel government and industry to share intelligence about network breaches, mainly to protect the nation’s infrastructure.

Tim Junio, who studies cyberattacks at Stanford University’s Center for International Security and Cooperation, doesn’t expect much to change because of the Xi-Obama talks.

“China benefits too much by stealing intellectual property from the U.S., so it’s really hard to imagine anyone convincing them to slow down,” Junio told the Associated Press.

Junio said China’s political leaders may be ignorant of details of cyberspying activities run by China’s military or corrupt government officials.

Meanwhile, antivirus company Kaspersky on Tuesday is hosting 300 federal officials and cybersecurity vendors at a first-of-its-kind conference here in the nation’s capital. The topic: the arch of cyberthreats.

To launch the conference, Kaspersky Lab morning released fresh analysis about a family of malicious programs, called NetTraveler, used to infiltrate more tha 350 high-profile victims in 40 countries, including government institutions, embassies, the oil and gas industry, research centers, military contractors and activists.

NetTraveler’s creators have been active since as early as 2004, says Kaspersky senior researcher Costin Raiu. The highest volume of cyberspying occurred from 2010 – 2013, focused on stealing intellectual property related to space exploration, nanotechnology, energy production, nuclear power, lasers, medicine and communications, Raiu says.

Paul Rosenzweig, a former Department of Homeland Security official whose Red Branch Consulting provides national security advice, told AP’s Martha Mendoza that the responsibility for preventing attacks lies in the private sector, with tech giants including Google, Facebook, Apple and Microsoft, who created the technology that’s being hacked in the first place.

“To some degree, they were getting a pass,” Rosenzweig observes. “If a car manufacturer made a car that was routinely able to be stolen, they’d be sued. If software is made with gaps that are a liability, they bear some responsibility, and in recent years there’s been a sea change in high tech firms accepting that responsibility.”

Another provocative notion getting aired surfaced last month from the Commission on the Theft of American Intellectual Property, headed by former U.S. ambassador to China Jon Huntsman and former U.S. director of National Intelligence Dennis Blair. It’s called “hacking back,” and conjures the idea that Congress and the White House ought to rewrite current laws that ban counterattacks against hackers caught stealing data or damaging networks.

Proponents of hacking back want laws written to enable retaliation under certain circumstances. But the big sticking point is that hackers most often make use of compromised PCs and servers to launch attacks and store stolen data. So hacking back — say to shut down an attacking server, or retrieve stolen data — could involve violating the true owner’s property rights.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

SEATTLE – Details of Jeremy Hammond’s escapades at his peak as a member of Anonymous, the loose-knit hacking collective, underscores how unpredictable – and profoundly disruptive – a determined ideologue, with computer skills, can be.

The 28-year-old from Chicago plead guilty on Thursday to the December 2011 hacking of Strategic Forecasting, whose website, Stratfor, supplies subscribers with essays and reports on developing trends in international affairs for a subscription fee of $40 per month.

Convinced that the online publication functioned as a hub for propagandizing corporate interests, Hammond participated with several co-conspirators in nuking Stratfor’s primary and back up servers, knocking the business off line for more than three weeks.

VIDEO:Hammond’s supporters lionize imprisoned hacktivist.

Hammond also admitted his involvement in the June 2011 breaches of the FBI’s Virtual Academy and the Arizona Department of Public Safety; the July 2011 hack of Brooks-Jeffrey Marketing; the August 2011 hacks of Special Forces Gear and Vanguard Defense Industries; the October 2011 hacks of the Jefferson County, Alabama Sheriff’s Office and the Boston Police Patrolmen’s Association; and the February 2012 hack of Combined Systems.

He explained his rationale in a statement issued after entering his guilty plea: “Now that I have pleaded guilty it is a relief to be able to say that I did work with Anonymous to hack Stratfor, among other websites. Those others included military and police equipment suppliers, private intelligence and information security firms, and law enforcement agencies. I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right.”

Hammond’s supporters have elevated him to hero status on the same tier as Bradley Manning, the U.S. Army soldier imprisoned since 2010 on suspicion of leaking classified documents to WikiLeaks. Participants of the Sparrow Project held a vigil outside his New York prison and are circulating a petition to the federal judge in charge of his sentencing, requesting leniency.

Abi Hassen, mass defense coordinator for the National Lawyers Guild, in a post on the Sparrow Project website calls for a deeper official probe of Stratfor.

Asserts Hassen: “Corporate-government surveillance is one of the most rapidly expanding threats to civil liberties today. The Stratfor leak is a glimpse into a secret world of corporate spying that is incompatible with this country’s democratic values. Today’s hearing should be a springboard for further investigation of Stratfor, not an opportunity to condemn a young man to a decade in prison for his political activism.”

I interviewed Stratfor founder and CEO George Friedman in January 2012 as he was directing the rebuilding of his company’s demolished website. Friedman told me the attack served notice about what he viewed as a troublesome new strain of unpredictable and misinformed censorship arising on the Internet.

“They had built a fantasy image of us as being part of a very powerful group,” Friedman said. “From our mailing list, they selected all the corporate subscribers, and created this image of us as being an incredibly connected, powerful entity, and that was their justification.”

Friedman declined an interview request on Thursday. But he told me earlier that Stratfor retains respected academics and expert analysts in political hotspots to author think pieces on global affairs. “We certainly know people in Washington and all over the world. We have sources,” he said. “That’s our job. But we have no access to classified or corporate information. That’s simply not what we do. We’re a publishing company.”

We now know Hammond collaborated with several co-conspirators, known collectively as “AntiSec,” an offshoot of LulzSec, which was an offshoot of Anonymous. The hackers stole Stratfor employees’ emails as well as account information for approximately 860,000 Stratfor subscribers and clients, according to court records.

AntiSec posted a breezy “press release,” claiming to be from Anonymous. As proof of the hack, Hammond and his buddies disclosed credit card details for thousands of subscribers to Stratfor’s daily newsletters.

The Stratfor caper was part of a continuing wave of hacktivism attacks that have emerged as the third leg of cyberthreats. Cybercrime gangs go after quick cash, and cyberspies hunt down intellectual property. Hacktivists steal, deface and destroy motivated by political and personal beliefs, most often seeking no financial gain.

However, authorities disclosed in court records released Thursday that Hammond’s crew stole account data for some 60,000 credit card holders and used some of the stolen data to make more than $700,000 in unauthorized charges.

“While he billed himself as fighting for an anarchist cause, in reality, Jeremy Hammond caused personal and financial chaos for individuals whose identities and money he took and for companies whose businesses he decided he didn’t like, ” says Manhattan U.S. Attorney Preet Bharara.

Hammond faces sentencing on Sept. 6. He pled guilty to one count of conspiracy to engage in computer hacking and faces a maximum of 10 years in prison. He has also agreed to pay up to $2.5 million in restitution.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

Supporters of Anonymous hacker and self-styled online anarchist, Jeremy Hammond, are circulating this online petition aimed at cajoling authorities into granting the 28-year-old leniency. Hammond pled guilty this morning to participating in the December 2011 hacking of online publication Stratfor.

Hammond supporters maintain that e-mails he helped steal from Stratfor and post online exposed Stratfor’s complicity in surveillance of anti-corporate activists. Stratfor founder George Friedman strongly refutes such notions as nonsense. He has said that Stratfor is a straight-forward, for-profit online publication that charges subscribers $350 a year for well-researched and written essays on global affairs.

Stratfor’s site was knocked off line for several weeks. The Stratfor hack was a wakeup call for many web businesses, small and large, that have been lax about data protection. Not much has changed, says Jeremy Bergsman, a practice manager at management consultancy CEB.

The average Fortune 500 company only has about 42% of the state-of-the-art protections that are available for key systems, up from 39% in 2011, according to a CEB study.

“Our understanding of hactivism—and sophisticated attacks in general—has changed in one important way in the last year: we now realize it is impossible to predict who is going to attack you and why,” Bergsman says.

In a statement posted widely online, Hammond says part of the reason he pled guilty was his firm belief “in the power of truth.”

“This non-cooperating plea agreement frees me to tell the world what I did and why, without exposing any tactics or information to the government and without jeopardizing the lives and well-being of other activists on and offline,” Hammond asserts. “Now that I have pleaded guilty it is a relief to be able to say that I did work with Anonymous to hack Stratfor, among other websites. . . . I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right.”

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.