China Google Hack Shows Security Gaps… Or Issues In Online Surveillance Apps?
from the take-your-pick dept
Google’s decision to change how it deals with China was supposedly precipitated by a hack attack on its computer system that was apparently most likely instigated by the Chinese government. While many are discussing how this shows the level of computer-based espionage — corporate and national — going on these days, a more interesting take comes from Julian Sanchez, who notes that the real issue isn’t so much about hacking into computers, but about the official “surveillance” apps that companies now use to placate law enforcement. That’s because what was hacked at Google was its surveillance app that it uses to help deal with law enforcement requests. As Sanchez notes:
The irony here is that, while we’re accustomed to talking about the tension between privacy and security–to the point where it sometimes seems like people think greater invasion of privacy ipso facto yields greater security–one of the most serious and least discussed problems with built-in surveillance is the security risk it creates.
Indeed, we were just discussing how more surveillance can make us less safe by creating a bigger backlog, but Sanchez is pointing out that it’s even worse than that. More surveillance can make us less safe because it can more easily expose data that should have been deleted. Creating surveillance databases creates a huge opportunity for attack. Remember those telco databases we were talking about that make it easy for law enforcement officials (hopefully with a warrant) to track your location by GPS? You have to imagine those make a nice target for hacking as well… And that’s true of any such surveillance database. While they’re supposed to help keep us “safer,” they also put a ton of valuable info in a single place — which makes them attractive targets for those who wish to make us less safe.
Filed Under: china, safety, security, surveillance
Comments on “China Google Hack Shows Security Gaps… Or Issues In Online Surveillance Apps?”
most likely instigated by the Chinese government.
yet as such we still see no proof it was the china govt.
yup me thinks maybe it was some yankie that just wanted to pull some bs on china. and we trust the fbi is still making good use of googles tools ?
yes yes perfect
trust the fbi and google to report the truth
Re: most likely instigated by the Chinese government.
considering this is China we are talking about, might as well trust the lesser of three evils.
Re: most likely instigated by the Chinese government.
Right, because the FBI would hack into the GMail accounts of Chinese dissidents…
Re: Re: most likely instigated by the Chinese government.
dunno. they’ve apparently been a driving force behind getting the NZ government to arrange the ability to do the equivalent (or at least, claim to be)
how that works is anyone’s guess.
if they saw some way to benefit from it, it wouldn’t surprise me at all.
Interesting angle...
So Google is effectively an aggregator for terrorists/criminals BECAUSE of how it complies with law enforcement.
That’s a hell of an angle. I like it.
Power
Put enough information in one place and make it accessible, even encrypted, firewalled, etc. and man’s desire for power will push him to try and harness that power. The more data we collect, the more data we put in one place, the more vulnerable it becomes. It’s inevitable. Hacking is part of the computer game. IT’s all about who gets there first. The protective team, or the hacker.
The protective capability simply doesn't exist
If an individual or institution wants a specific set of data enough, and that data that they want actually exists somewhere, then they are going to get it and there’s nothing anyone can do about it. At best you can maybe monitor the traffic to the storage, draw out the unauthorized intruder, and hope that you can accurately locate where they came from and send a monolith in a suit and sunglasses to DoS their meatware before they get a chance to use the hot data.
Damage control after the fact is still a very important component of defense-in-depth, every bit as much as controls at other layers.
I can just see some crimal/terrorist now
“Fools! by creating these ‘applications’ you have played right into our hands! Now we’ll just hack into these surveillance apps and track the movement of our targets. Or we can hack into the system and mislead investigators into the wrong directions! MWAHAHAHAHAHA~~”
Hacking.
Is just scary how Google one of the most secures can be hacked and you don’t need to be a experienced programmer to do it.
But at least was not like the AT&T routers that logged people on others people’s accounts on facebook right?
http://www.hardware.info/nl-NL/extcontent/ZpuZZ5hpmZfGbpSSyA/ATT_Network_Routing_Flaw_Concerns_Security_Experts/
http://utalk.att.com/utalk/board/message?board.id=HSIA&thread.id=15145
Or the fix of the TLS protocol that prevents people from hijacking secure connections that will take a year to deploy.
Google wont be able to correct those things because is not Google fault entirely, there are many vectors of attack and some are Google independent(human operation failure, javascript, flash, JAVA, XSS, CSS overflow, browsers permission scalation, SQL injection, memory overflow, file type memory overflow and many many others).
Will people start using a mail manager to not let hotmail accounts expire and let others create a new account and ask for a change in password accounts?
Will people start signing their emails with encrypted keys to have a chance of having some certainty about who is sending them something?
Will Google be able to stop flash and javascript worms? or be able to catch all XSS in their services?
Will people stop using HTML viewing as an email standart?
I don’t think so and they will be all vulnerable to scripts and no commom sense.
By the way.
The same flaw that allowed people to logon into other user accounts in facebook was reported to work on gmail and the reason given was that websites that don’t use encryption don’t care where the cookie is coming from so google in that instance could be responsible for not offering encryption to all the services if people have some sensitive data on gmail.
IT WAS NOT THE CHINA GOVERNMENT
im in china , i believe our governt. do nothing for us folk,they would have made sb. to hack Google? BS!
NAME OF THE GAME IS POLICITCS
It seems to be planned politics… Apart from all that its hard to believe that some one would keep confidential information on public email system!
NAME OF THE GAME IS POLICITCS
It seems to be planned politics… Apart from all that its hard to believe that some one would keep confidential information on public email system!