Microsoft Admits Its Datacenters Are Wide Open To NSA Attacks

from the uh,-guys... dept

When the NSA news started breaking this past summer, it was noted that Google quickly realized where the NSA might be hacking in, and rushed to encrypt the links that connect their data centers. While some may criticize this, it's easy to see why companies never bothered to encrypt these links. They're internal networks, with no direct access to the outside world. The threat likelihood was quite low... unless you're a giant government spying operation. That said, once it was revealed that, indeed, this is how the NSA hacks in, no company has an excuse for not encrypting such links. Some Google engineers stated a direct "fuck you" to the NSA, as they were making sure that those links were encrypted (they claimed the job was done, though Google officially has said it's an ongoing process, suggesting they may still be finishing up).

Unfortunately, it's not clear that other companies are following suit. When asked about this right after the infiltration was revealed, Yahoo gave a non-committal answer:
"We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency."
Yeah, but that doesn't say they encrypt the links between data centers, or even that they're planning to do so. Since then, Yahoo has basically said nothing as far as I can tell. Over in Europe, however, Microsoft has now admitted that it still is not encrypting those links, and is only now investigating the idea.
Dorothee Belz, EMEA VP for Legal and Corporate Affairs made the remark when answering a question from Claude Moraes, MEP during a meeting at the European Parliament on Monday.

"Generally, what I can say today is server-to-server transportation is generally not encrypted," she said. "This is why we are currently reviewing our security system."
Sure, it's not something that can be done overnight, but large internet companies who use multiple data centers now need to assume that all of their data is compromised if they're not encrypting the links. Whether or not it's done yet, these companies have a responsibility to get that process started as soon as possible. Hell, they all probably should have started doing this as soon as the news broke that Google was rushing to do this, since it was pretty clear they'd figured out what was going on.

It's especially ironic that Microsoft is now admitting that it's not encrypting the data leaks, because the company has been on a rampage trying to present itself as protecting users privacy and that Google is a privacy nightmare. But, given these admissions, Microsoft has now basically said that its made all of your data available to the US government and it's still thinking about what to do about it, while Google has been rushing to protect its users privacy.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Duncan, 15 Nov 2013 @ 6:07am

    Re: Years after internet taps were known to me: "Google quickly realized"!

    Hi out_of_the_blue,

    I hope you are able to help me with something, but if not - no worries.

    I see your posts on Techdirt a LOT, and it appears you don't like the site at all. Because of this I am honestly really fascinated to know why you keep visiting. I't difficult for me to understand this, and to help me get some sort of picture of you, can you maybe tell me something about you?

    I'd love to know a few general things like: what job you do, what other sites you visit, how old you are, what you studied, and the reason you keep coming to this site. I'd understand if you're not keen to divulge this - I'm not big on giving details out on the internet either (I studied philosphy but am in IT), but I'd seriously just love to know.


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.