Chinese Hacks Of Google Database Of Surveillance Targets Highlight How Dumb Technology Backdoors Are

from the how-can-people-still-not-see-this dept

We’ve argued for quite some time that law enforcement’s desire to require backdoors for wiretapping in all electronic communications is really dumb, because it won’t just be law enforcement using it (and, when they use it, it won’t just be for legitimate purposes). As soon as you have that backdoor in place, you’ve pretty much guaranteed that it becomes something of a target. And the news that broke earlier this week about how Chinese hackers who broke into Google servers a few years ago were targeting their database of which accounts had been flagged for national security surveillance makes this point that much clearer. The people doing this kind of hacking aren’t dumb: they know that there are weaknesses where they can probe. A few weeks back, a Microsoft exec had actually revealed that their own analysis of similar attacks on Microsoft’s servers from China showed the same basic target and discussed the serious implications.

“What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on,” Aucsmith says. “So if you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for, at least in our case.”

The more openings and the more data that is shared, the more openings and opportunities there are for people who you don’t want to see that data to have access to it. That should be a major concern. Just before all of this was revealed, we had written about a new report how such backdoors basically destroy any competent attempt at cybersecurity. Julian Sanchez highlights how those who think this isn’t a problem are almost certainly confused about how computer security works.

Defenders of the FBI proposal tend to pooh-pooh security concerns raised about requirisng such backdoors: Our brilliant American programmers, they assert, will find ways to enable wiretapping without creating new vulnerabilities. But if a company like Google, with its massive financial resources and a stable of some of the smartest coders anywhere, can be victimized in this way, how realistic is it to expect thousands of Internet startups to achieve better security?

Creating more access to information that should be secret might help law enforcement, at the expense of our civil liberties, but it’s also going to help those with nefarious intent quite a bit. And that should be a serious concern.

Filed Under: , , , , ,
Companies: google, microsoft

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Chinese Hacks Of Google Database Of Surveillance Targets Highlight How Dumb Technology Backdoors Are”

Subscribe: RSS Leave a comment
Anonymous Anonymous Coward says:

Re: Re:

As an aside to this, I read a while back about one firewall expert who was complaining that (near as I remember) “firewalls come with everything enabled, and you then have to figure out what to close down. Things would be a lot safer if the firewall came with everything disabled, and then taught you how to open things up, one at a time, as needed.”

Makes one wonder about what standard one should use as far as setting up your network/website. There appears to be a lot of variety out there, and in the case of firewalls, default options are not necessarily best practice.

Not an Electronic Rodent (profile) says:

Re: Re: Re:

“firewalls come with everything enabled, and you then have to figure out what to close down.

To be fair to firewall manufacturers, he was (presumably) talking about “everything enabled” outgoing since I don’t thik I’ve ever come across a firewall enabled inbound by default but he still has a point.

Of course the reason they are that way is because then some level of security can be obtained by (and more importantly sales made to) those whos networking skills are at the “Um… firewalls… those are good, right?” level because anything else usually elicits a blank look and the question “What’s a port and why do I need 80 of them?”

Mike Masnick (profile) says:

Re: Re:

I thought we weren’t at cyber war with China, Masnick? And that there was no such thing as cyber terrorism?

A bit of hacking isn’t cyberwar or cyber terrorism. It’s just hacking and some espionage. No one died because of this. No one ever said that there wasn’t hacking going on backed by nation states, but that’s not “cyber war.” But, if we’re talking about keeping people’s private data safe, opening up backdoors is a bad way to do it.

Wally (profile) says:

Re: Re: Re:

Google vehemently defends it’s actions in keeping back doors open as will most fanboys defend it for doing it.

Eric Schmidt was once quoted in basically stating that anyone working for Google has the ability and access to see users’ emails without the use of users’ passwords, and the reason people working there don’t do it is because he’d know about it immediately and their policy is “don’t be evil”…I mean seriously how delusional is that?

Beta (profile) says:

tiny flaws in the plan

“Our brilliant American programmers, they assert, will find ways to enable wiretapping without creating new vulnerabilities.”

1: China has some brilliant programmers too.

2: where excellent security is possible and has not yet been implemented, half of the time it’s because no one wants to pay for it.

3: …and the other half of the time, it’s because it’s slightly inconvenient to use.

4: this is supposed to be a free society, so when you try to install secret police, you’re going to run into some problems. That’s as it should be.

hadoop training institutes in hyderabad (user link) says:

hadoop training institutes in hyderabad

thanks for your information Chinese Hacks Of Google Database , you did a great job, keep blogging.for best hadoop training hadoop training institutes in hyderabad
Hadoop is a free, Java-based programming framework that supports the processing of large data sets in a distributed computing environment.learn and get the full knowledge on hadoop.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...