China Google Hack Shows Security Gaps... Or Issues In Online Surveillance Apps?

from the take-your-pick dept

Google's decision to change how it deals with China was supposedly precipitated by a hack attack on its computer system that was apparently most likely instigated by the Chinese government. While many are discussing how this shows the level of computer-based espionage -- corporate and national -- going on these days, a more interesting take comes from Julian Sanchez, who notes that the real issue isn't so much about hacking into computers, but about the official "surveillance" apps that companies now use to placate law enforcement. That's because what was hacked at Google was its surveillance app that it uses to help deal with law enforcement requests. As Sanchez notes:
The irony here is that, while we're accustomed to talking about the tension between privacy and security--to the point where it sometimes seems like people think greater invasion of privacy ipso facto yields greater security--one of the most serious and least discussed problems with built-in surveillance is the security risk it creates.
Indeed, we were just discussing how more surveillance can make us less safe by creating a bigger backlog, but Sanchez is pointing out that it's even worse than that. More surveillance can make us less safe because it can more easily expose data that should have been deleted. Creating surveillance databases creates a huge opportunity for attack. Remember those telco databases we were talking about that make it easy for law enforcement officials (hopefully with a warrant) to track your location by GPS? You have to imagine those make a nice target for hacking as well... And that's true of any such surveillance database. While they're supposed to help keep us "safer," they also put a ton of valuable info in a single place -- which makes them attractive targets for those who wish to make us less safe.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: china, safety, security, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    suuuure its china, 18 Jan 2010 @ 9:36am

    most likely instigated by the Chinese government.

    yet as such we still see no proof it was the china govt.
    yup me thinks maybe it was some yankie that just wanted to pull some bs on china. and we trust the fbi is still making good use of googles tools ?
    yes yes perfect
    trust the fbi and google to report the truth

    link to this | view in chronology ]

    • icon
      senshikaze (profile), 18 Jan 2010 @ 10:07am

      Re: most likely instigated by the Chinese government.

      considering this is China we are talking about, might as well trust the lesser of three evils.

      link to this | view in chronology ]

    • identicon
      DCX2, 18 Jan 2010 @ 10:58am

      Re: most likely instigated by the Chinese government.

      Right, because the FBI would hack into the GMail accounts of Chinese dissidents...

      link to this | view in chronology ]

      • icon
        Chargone (profile), 18 Jan 2010 @ 6:51pm

        Re: Re: most likely instigated by the Chinese government.

        dunno. they've apparently been a driving force behind getting the NZ government to arrange the ability to do the equivalent (or at least, claim to be)

        how that works is anyone's guess.

        if they saw some way to benefit from it, it wouldn't surprise me at all.

        link to this | view in chronology ]

  • icon
    Dark Helmet (profile), 18 Jan 2010 @ 9:51am

    Interesting angle...

    So Google is effectively an aggregator for terrorists/criminals BECAUSE of how it complies with law enforcement.

    That's a hell of an angle. I like it.

    link to this | view in chronology ]

  • identicon
    Anonymous, 18 Jan 2010 @ 11:01am

    Power

    Put enough information in one place and make it accessible, even encrypted, firewalled, etc. and man's desire for power will push him to try and harness that power. The more data we collect, the more data we put in one place, the more vulnerable it becomes. It's inevitable. Hacking is part of the computer game. IT's all about who gets there first. The protective team, or the hacker.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Jan 2010 @ 11:15am

    The protective capability simply doesn't exist

    If an individual or institution wants a specific set of data enough, and that data that they want actually exists somewhere, then they are going to get it and there's nothing anyone can do about it. At best you can maybe monitor the traffic to the storage, draw out the unauthorized intruder, and hope that you can accurately locate where they came from and send a monolith in a suit and sunglasses to DoS their meatware before they get a chance to use the hot data.

    Damage control after the fact is still a very important component of defense-in-depth, every bit as much as controls at other layers.

    link to this | view in chronology ]

  • icon
    william (profile), 18 Jan 2010 @ 12:05pm

    I can just see some crimal/terrorist now

    "Fools! by creating these 'applications' you have played right into our hands! Now we'll just hack into these surveillance apps and track the movement of our targets. Or we can hack into the system and mislead investigators into the wrong directions! MWAHAHAHAHAHA~~"

    link to this | view in chronology ]

  • identicon
    :), 18 Jan 2010 @ 4:22pm

    Hacking.

    Is just scary how Google one of the most secures can be hacked and you don't need to be a experienced programmer to do it.

    But at least was not like the AT&T routers that logged people on others people's accounts on facebook right?

    http://www.hardware.info/nl-NL/extcontent/ZpuZZ5hpmZfGbpSSyA/ATT_Network_Routing_Flaw_Conc erns_Security_Experts/

    http://utalk.att.com/utalk/board/message?board.id=HSIA&thread.id=15145

    Or the fix of the TLS protocol that prevents people from hijacking secure connections that will take a year to deploy.

    Google wont be able to correct those things because is not Google fault entirely, there are many vectors of attack and some are Google independent(human operation failure, javascript, flash, JAVA, XSS, CSS overflow, browsers permission scalation, SQL injection, memory overflow, file type memory overflow and many many others).

    Will people start using a mail manager to not let hotmail accounts expire and let others create a new account and ask for a change in password accounts?

    Will people start signing their emails with encrypted keys to have a chance of having some certainty about who is sending them something?

    Will Google be able to stop flash and javascript worms? or be able to catch all XSS in their services?

    Will people stop using HTML viewing as an email standart?

    I don't think so and they will be all vulnerable to scripts and no commom sense.

    link to this | view in chronology ]

  • identicon
    :), 18 Jan 2010 @ 5:03pm

    By the way.

    The same flaw that allowed people to logon into other user accounts in facebook was reported to work on gmail and the reason given was that websites that don't use encryption don't care where the cookie is coming from so google in that instance could be responsible for not offering encryption to all the services if people have some sensitive data on gmail.

    link to this | view in chronology ]

  • identicon
    Asight Tune, 18 Jan 2010 @ 11:24pm

    IT WAS NOT THE CHINA GOVERNMENT

    im in china , i believe our governt. do nothing for us folk,they would have made sb. to hack Google? BS!

    link to this | view in chronology ]

  • identicon
    Simple mind, 26 Jan 2010 @ 6:54am

    NAME OF THE GAME IS POLICITCS

    It seems to be planned politics... Apart from all that its hard to believe that some one would keep confidential information on public email system!

    link to this | view in chronology ]

  • identicon
    Simple mind, 26 Jan 2010 @ 6:55am

    NAME OF THE GAME IS POLICITCS

    It seems to be planned politics... Apart from all that its hard to believe that some one would keep confidential information on public email system!

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.