Actually, it’s not that difficult, according to mobile security company Fixmo’s CEO, Rick Segal.

“Despite the Bush years of let’s go play in another war, there’s a very tight, close alliance between Canada and the USA,” Segal says.

He can get away with saying that sort of thing more than most Canadians, because the CEO of this Toronto-based startup is a ex-patriate American who has spent the last 15 years in Canada. He’s building his business in Ontario because, he says, of the tax credits for high-tech companies, the influx of talent from the most-populous Canadian province’s 50+ universities, and the ability of Canadian governmental agencies to give him personalized attention in his efforts to break into new markets.

Such as sponsoring him to attend expensive international conferences like the one where he met “some NSA folks.”

Fixmo makes mobile security products that allow organizations to safely offer BYOD (bring your own device) policies that don’t imperil sensitive data and networks. The company, which had just three employees just a few years ago, offers an encrypted sandbox, digital fingerprint technology that can detect tampering to your mobile operating system, and compliance breaches like the installing of unauthorized apps on both iOS and Android. Built with 256-bit encryption, two-factor authentication, and remote wipe capability, Fixmo’s products are sold largely to governments.

And, interestingly, they’re built on software originally developed by the NSA.

“The US government and security agencies tend to view Canada as one of its own,” Segal says. “Eyebrows don’t get raised when a Canadian company does business with NSA … there’s no ‘it’s a foreign country’ kind of thing going on.”

It started — as so many things do — in Vegas.

While attending the wireless industry trade show CTIA in March 2011, Segal met the men in black who represent the NSA’s Technical Transfer Program, which is in place to commercialize technologies and products developed inside the agency. Interested in Fixmo’s existing security products, the NSA decided the company was a good bet to do business with.

After developing a relationship that resulted in a technology transfer in which Fixmo licensed agency-developed security code, Segal started building shippable products based on the NSA technology. Fixmo’s products, the company’s sales literature highlights prominently, “have been developed as part of a cooperative research and development agreement with the U.S. National Security Agency.”

That commercialization has culminated in the sale of those products back to the three-letter agencies.

“Seventy percent of our customers are government agencies like the NSA, FBI, and Homeland Security,” Segal says, noting a contract with the US air force that completed last week. “One of our clients has 700,000 seats.”

The company’s other clients include businesses in the financial services and healthcare industries, both sectors in which privacy, security, and compliance with corporate policies are paramount.

photo credit: DonkeyHotey via photopin cc

Disclosure: I’ve been invited by the government of Ontario to explore the startup ecosystem in Toronto, Waterloo, and elsewhere, and this post is part of that series, and Ontario has paid for this trip. My reporting, however, is my own.

Tyfone provides secure mobile financial transactions and identity solutions. Its products include a mobile banking platform, a mobile wallet, identity management, contactless near-field communication (NFC), applications to bolster marketing campaigns, as well as complementary hardware products. Tyfone has over 50 issued and pending patents. By striking a partnership with the Portland-based company, the U.S. government can leverage the technology to serve national security.

In a statement, Technology VP at In-Q-Tel Jay Emmanuel said “We believe that Tyfone’s technology has the potential to address a wide range of complex government and commercial secure identity challenges.” Read the press release.

This story contains minor spoilers for Call of Duty: Black Ops II.

Four-star general David Petraeus resigned as the director of the Central Intelligence Agency after admitting to an extramarital affair. But maybe the general could make a career comeback by 2025.

It so happens that Petraeus is a character in Call of Duty: Black Ops II, the latest entry in the blockbuster first-person shooter series. The game, which goes on sale today, is set in the year 2025, and Petraeus has a cameo role. His appearance comes late in the campaign as he welcomes a captive aboard the U.S. military’s premier aircraft carrier, the USS Barack Obama. Petraeus has a couple of lines in the game, and he is referred to as “Secretary Petraeus.” That suggests he has the title of Secretary of Defense for the United States.

The animated character certainly looks like the real Petraeus, but nothing in the materials provided with the game suggests that he is based on the real general. It’s just an odd coincidence that the general made headlines just as a video game portraying him hits the streets. It’s sure to help the notoriety of Activision’s military franchise, which has had its controversies in past years related to violent imagery.

After a long career in the U.S. military, Petraeus resigned last week after the FBI unearthed evidence of his affair in the general’s Gmail account during a check to see whether his computer had been compromised.

[Image credit: Reuters]

---

GamesBeat 2013 is our fifth annual conference on disruption in the video game market. You'll get 360-degree perspectives from top gaming executives, developers, and analysts on what’s to come in the industry. Our theme this year is “The Battle Royal.” Check out full event details here, and grab your early-bird tickets here!

---

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

The latest WikiLeaks release has shone a spotlight on an alleged domestic and foreign surveillance program run with cloud-based software provided by Virginia company TrapWire, many of whose top leaders and employees are former members of three-letter American intelligence agencies.

WikiLeaks tweeted about it today, and the story quickly became a trending topic on Twitter:

WikiLeaks reveal secret, widespread #TrapWire surveillance system | RT rt.com/usa/news/strat… #WikiLeaks #gifiles

—
WikiLeaks (@wikileaks) August 10, 2012

TrapWire produces software that is currently in use by Homeland Security, the military, U.S. intelligence agencies, and local police forces including the LAPD and the Metropolitan Police Department in Washington, DC (whose chief recently praised the software). Private sector clients include major corporations in the energy, chemical, and financial industries.

TrapWire does three things: protect critical infrastructure by analyzing CCTV footage with face and pattern recognition algorithms to detect pre-attack patterns, provide online reporting systems for citizens to report suspicious behavior, and gather and analyze many sources of information to allow law enforcement to make sense of the masses of collected data.

If TrapWire does what it is intended to, it’s potentially a critical innovation that can help protect the U.S. from terrorism. Tying together disparate facts from multiple sources across geographies might have prevented 9-11. On the other hand, the secrecy, the integration with government, and the thought that a private corporation could have access to huge amounts of private citizens’ data is concerning to say the least.

The data WikiLeaks released was taken from more than five million emails allegedly stolen from a company with close ties and inside information about TrapWire, security information company Stratfor. Stratfor had a contract with TrapWire in which each company agreed to promote the other company’s products, and Stratfor agreed to feed its intelligence reports into the TrapWire system.

Then Stratfor was hacked by Anonymous in 2011, and Anonymous provided the emails to WikiLeaks.

In those emails, Stratfor says that TrapWire is in use in “Scotland Yard, #10 Downing, the White House, and many [multinational corporations].” One email talks about the Nigerian government being interested in TrapWire, and others imply that organizations as diverse and powerful as the Secret Service, MI5, and the Canadian RCMP are all clients.

And yet another leaked email from Fred Burton, Stratfor’s VP of Intelligence, says “God Bless America. Now they have EVERY major [high-value target] in [the continental U.S.], the UK, Canada, Vegas, Los Angeles, NYC as clients.”

TrapWire was not always so secretive about its software. Company founder Richard Hollis spoke about the software in 2005, say that it:

 … can collect information about people and vehicles that is more accurate than facial recognition, draw patterns, and do threat assessments of areas that may be under observation from terrorists. The application can do things like “type” individuals so if people say “medium build,” you know exactly what that means from that observer.

And in 2007, the company elaborated on how TrapWire works:

 … the TrapWire rules engine analyzes each aspect of [reported security incidents] and compares it to all previously-collected reporting across the entire TrapWire network. Any patters detected — links among individuals, vehicles, or activities — will be reported back to each affected facility. This information can also be shared with law enforcement organizations …

The question becomes: Where does national security start and the public’s right (or need) to know end? And, to what extent should private companies be embedded in public surveillance?

Even tougher: does our security depend, at least in part, on our ignorance? Because if we learn about anti-terrorism methodologies, you can bet the bad guys do too.

There is as yet no statement from Stratfor, TrapWire Inc., or any of the named public security agencies.

Image credit: ShutterStock/Steven Finn

In a release, Alabama Department of Homeland Security Director Spencer Collier said that his agency was conducting a forensic analysis to determine what information might have been obtained by the hackers.

The ties to Anonymous come from claims on the group’s Twitter and Tumblr feeds. As usual with the hacktivists, the attack was linked to a political protest. A page from the hacked site bore the tag line of the group and stated that this was a response to, “recent racist legislation in an attempt to punish immigrants as criminals.”

The Guy Fawkes masks worn by the group have become the symbol of their movement. They are a reference to the comic book series V for Vendetta, written by Alan Moore and first published in 1982. That story chronicles a masked man’s attempts to take down the British government.

Writing in The Guardian earlier this week, Moore said he approved of the movement which has borrowed his trademark mask. “Today’s response to similar oppressions seems to be one that is intelligent, constantly evolving and considerably more humane…As for the ideas tentatively proposed in that dystopian fantasy thirty years ago, I’d be lying if I didn’t admit that whatever usefulness they afford modern radicalism is very satisfying. In terms of a wildly uninformed guess at our political future, it feels something like V for validation.”

Anonymous bullhorn @YourAnonNews is claiming that the hacktivist group has taken down the Central Intelligence Agency‘s website.

“CIA TANGO DOWN: https://www.cia.gov/ #Anonymous,” a person behind @YourAnonNews tweeted.

The attack took place roughly around 12:10 p.m. Pacific time on Friday, and the website is still down an hour later.

Anonymous traditionally has “F*ck FBI Friday,” in which it attempts to take down or release information about the Federal Bureau of Investigation. Last week, the group released a phone call regarding Anonymous that took place between the FBI and Scotland Yard.

The group recently took down the US Department of Justice website as well as a number of a record label websites in response to the shutdown of file sharing website MegaUpload. Low-orbit-ion-cannons (LOIC) were used to issue denial of service attacks to the many websites it was targeting at the time. Denial of service attacks send multiple data requests to a website in the hopes of overloading its servers, resulting in the website becoming inaccessible. These requests are also called “packets,” thousands of which can be quickly sent using LOIC.

Anonymous was also accused of providing links on Twitter, which would install LOIC on any computer that clicked the link. These links helped Anonymous recruit innocent bystanders to their cause, launching denial of service attacks from any of the computers that accessed the link.

A similar attack may have been used to take down the CIA website, although it doesn’t look like the group distributed any of the same links that helped take down the DOJ.

hat tip RT

Anonymous image via Shutterstock

“We like to clarify again: All LulzSec members are accounted for, nobody is hiding. Only a name was abandoned for the greater glory #AntiSec,” said @AnonymousIRC.

LulzSec has dominated the news for the past several weeks with hacks targeting the U.S. Sentate, CIA, Brazilian government sites, and games like Minecraft and EVE Online. As LulzSec went dark, it made one final information dump on 750,000 AT&T user accounts and thousands of users playing EA’s Battlefield Heroes.

Anonymous, on the other hand, has been around longer than LulzSec and has many members around the world, so it may be easier for LulzSec members to maintain anonymity as part of that group. On Monday, Anonymous released some documents that FEMA uses to educate smaller governments about hacking and counter-hacking and made an attack on the Tunisian government’s website, signaling that it will pick up where LulzSec left off.

We thought LulzSec could be laying low because its recent release of confidential information from Arizona police computers attracted more attention than most of its hacks. But it appears LulzSec will still continue to cause online chaos, now under the guise of Anonymous.

Reports poured in indicating that Bin Laden was killed in a CIA operation in Pakistan, a report U.S. President Barack Obama later confirmed in a live broadcast. The news skyrocketed to the top of news aggregation sites Reddit and Digg, which are traditionally frequented by tech-savvy individuals. The main story on the front page of Reddit has already received more than 34,000 votes — which has blown past the last record-engaged story that picked up around 30,000 votes over the course of its entire lifetime.

The news has only been fresh for a few hours and it has already spawned a number of offshoot stories — such as comics and jokes. One top link: “Osama should not have registered his real name on the Playstation Network,” a jab at the online gaming network that was taken down last week and led to hackers stealing massive amounts of private information.

Even startup incubator Y Combinator’s Hacker News, another online news aggregator, didn’t escape the Internet’s frenzy. A link to the New York Times’ report on Bin Laden’s alleged death was the second top story on the site, which typically links to sites that have some kind of programming or entrepreneurial advice.