China Google Hack Shows Security Gaps… Or Issues In Online Surveillance Apps?

from the take-your-pick dept

Google’s decision to change how it deals with China was supposedly precipitated by a hack attack on its computer system that was apparently most likely instigated by the Chinese government. While many are discussing how this shows the level of computer-based espionage — corporate and national — going on these days, a more interesting take comes from Julian Sanchez, who notes that the real issue isn’t so much about hacking into computers, but about the official “surveillance” apps that companies now use to placate law enforcement. That’s because what was hacked at Google was its surveillance app that it uses to help deal with law enforcement requests. As Sanchez notes:

The irony here is that, while we’re accustomed to talking about the tension between privacy and security–to the point where it sometimes seems like people think greater invasion of privacy ipso facto yields greater security–one of the most serious and least discussed problems with built-in surveillance is the security risk it creates.

Indeed, we were just discussing how more surveillance can make us less safe by creating a bigger backlog, but Sanchez is pointing out that it’s even worse than that. More surveillance can make us less safe because it can more easily expose data that should have been deleted. Creating surveillance databases creates a huge opportunity for attack. Remember those telco databases we were talking about that make it easy for law enforcement officials (hopefully with a warrant) to track your location by GPS? You have to imagine those make a nice target for hacking as well… And that’s true of any such surveillance database. While they’re supposed to help keep us “safer,” they also put a ton of valuable info in a single place — which makes them attractive targets for those who wish to make us less safe.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “China Google Hack Shows Security Gaps… Or Issues In Online Surveillance Apps?”

Subscribe: RSS Leave a comment
13 Comments
suuuure its china says:

most likely instigated by the Chinese government.

yet as such we still see no proof it was the china govt.
yup me thinks maybe it was some yankie that just wanted to pull some bs on china. and we trust the fbi is still making good use of googles tools ?
yes yes perfect
trust the fbi and google to report the truth

Anonymous Coward says:

Power

Put enough information in one place and make it accessible, even encrypted, firewalled, etc. and man’s desire for power will push him to try and harness that power. The more data we collect, the more data we put in one place, the more vulnerable it becomes. It’s inevitable. Hacking is part of the computer game. IT’s all about who gets there first. The protective team, or the hacker.

Anonymous Coward says:

The protective capability simply doesn't exist

If an individual or institution wants a specific set of data enough, and that data that they want actually exists somewhere, then they are going to get it and there’s nothing anyone can do about it. At best you can maybe monitor the traffic to the storage, draw out the unauthorized intruder, and hope that you can accurately locate where they came from and send a monolith in a suit and sunglasses to DoS their meatware before they get a chance to use the hot data.

Damage control after the fact is still a very important component of defense-in-depth, every bit as much as controls at other layers.

:) says:

Hacking.

Is just scary how Google one of the most secures can be hacked and you don’t need to be a experienced programmer to do it.

But at least was not like the AT&T routers that logged people on others people’s accounts on facebook right?

http://www.hardware.info/nl-NL/extcontent/ZpuZZ5hpmZfGbpSSyA/ATT_Network_Routing_Flaw_Concerns_Security_Experts/

http://utalk.att.com/utalk/board/message?board.id=HSIA&thread.id=15145

Or the fix of the TLS protocol that prevents people from hijacking secure connections that will take a year to deploy.

Google wont be able to correct those things because is not Google fault entirely, there are many vectors of attack and some are Google independent(human operation failure, javascript, flash, JAVA, XSS, CSS overflow, browsers permission scalation, SQL injection, memory overflow, file type memory overflow and many many others).

Will people start using a mail manager to not let hotmail accounts expire and let others create a new account and ask for a change in password accounts?

Will people start signing their emails with encrypted keys to have a chance of having some certainty about who is sending them something?

Will Google be able to stop flash and javascript worms? or be able to catch all XSS in their services?

Will people stop using HTML viewing as an email standart?

I don’t think so and they will be all vulnerable to scripts and no commom sense.

:) says:

By the way.

The same flaw that allowed people to logon into other user accounts in facebook was reported to work on gmail and the reason given was that websites that don’t use encryption don’t care where the cookie is coming from so google in that instance could be responsible for not offering encryption to all the services if people have some sensitive data on gmail.

Leave a Reply to DCX2 Cancel reply

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...