Chinese Hacks Of Google Database Of Surveillance Targets Highlight How Dumb Technology Backdoors Are

from the how-can-people-still-not-see-this dept

We've argued for quite some time that law enforcement's desire to require backdoors for wiretapping in all electronic communications is really dumb, because it won't just be law enforcement using it (and, when they use it, it won't just be for legitimate purposes). As soon as you have that backdoor in place, you've pretty much guaranteed that it becomes something of a target. And the news that broke earlier this week about how Chinese hackers who broke into Google servers a few years ago were targeting their database of which accounts had been flagged for national security surveillance makes this point that much clearer. The people doing this kind of hacking aren't dumb: they know that there are weaknesses where they can probe. A few weeks back, a Microsoft exec had actually revealed that their own analysis of similar attacks on Microsoft's servers from China showed the same basic target and discussed the serious implications.
"What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on," Aucsmith says. "So if you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that's difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That's essentially what we think they were trolling for, at least in our case."
The more openings and the more data that is shared, the more openings and opportunities there are for people who you don't want to see that data to have access to it. That should be a major concern. Just before all of this was revealed, we had written about a new report how such backdoors basically destroy any competent attempt at cybersecurity. Julian Sanchez highlights how those who think this isn't a problem are almost certainly confused about how computer security works.
Defenders of the FBI proposal tend to pooh-pooh security concerns raised about requirisng such backdoors: Our brilliant American programmers, they assert, will find ways to enable wiretapping without creating new vulnerabilities. But if a company like Google, with its massive financial resources and a stable of some of the smartest coders anywhere, can be victimized in this way, how realistic is it to expect thousands of Internet startups to achieve better security?
Creating more access to information that should be secret might help law enforcement, at the expense of our civil liberties, but it's also going to help those with nefarious intent quite a bit. And that should be a serious concern.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Anonymous Coward, 23 May 2013 @ 7:04am

    Re: Re: Re:

    blank look and the question "What's a port and why do I need 80 of them?"

    LOL, or 65,000 of them for that matter.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.