Chinese Hacks Of Google Database Of Surveillance Targets Highlight How Dumb Technology Backdoors Are
from the how-can-people-still-not-see-this dept
We’ve argued for quite some time that law enforcement’s desire to require backdoors for wiretapping in all electronic communications is really dumb, because it won’t just be law enforcement using it (and, when they use it, it won’t just be for legitimate purposes). As soon as you have that backdoor in place, you’ve pretty much guaranteed that it becomes something of a target. And the news that broke earlier this week about how Chinese hackers who broke into Google servers a few years ago were targeting their database of which accounts had been flagged for national security surveillance makes this point that much clearer. The people doing this kind of hacking aren’t dumb: they know that there are weaknesses where they can probe. A few weeks back, a Microsoft exec had actually revealed that their own analysis of similar attacks on Microsoft’s servers from China showed the same basic target and discussed the serious implications.
“What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on,” Aucsmith says. “So if you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for, at least in our case.”
The more openings and the more data that is shared, the more openings and opportunities there are for people who you don’t want to see that data to have access to it. That should be a major concern. Just before all of this was revealed, we had written about a new report how such backdoors basically destroy any competent attempt at cybersecurity. Julian Sanchez highlights how those who think this isn’t a problem are almost certainly confused about how computer security works.
Defenders of the FBI proposal tend to pooh-pooh security concerns raised about requirisng such backdoors: Our brilliant American programmers, they assert, will find ways to enable wiretapping without creating new vulnerabilities. But if a company like Google, with its massive financial resources and a stable of some of the smartest coders anywhere, can be victimized in this way, how realistic is it to expect thousands of Internet startups to achieve better security?
Creating more access to information that should be secret might help law enforcement, at the expense of our civil liberties, but it’s also going to help those with nefarious intent quite a bit. And that should be a serious concern.