Chinese Hacks Of Google Database Of Surveillance Targets Highlight How Dumb Technology Backdoors Are
from the how-can-people-still-not-see-this dept
We've argued for quite some time that law enforcement's desire to require backdoors for wiretapping in all electronic communications is really dumb, because it won't just be law enforcement using it (and, when they use it, it won't just be for legitimate purposes). As soon as you have that backdoor in place, you've pretty much guaranteed that it becomes something of a target. And the news that broke earlier this week about how Chinese hackers who broke into Google servers a few years ago were targeting their database of which accounts had been flagged for national security surveillance makes this point that much clearer. The people doing this kind of hacking aren't dumb: they know that there are weaknesses where they can probe. A few weeks back, a Microsoft exec had actually revealed that their own analysis of similar attacks on Microsoft's servers from China showed the same basic target and discussed the serious implications."What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on," Aucsmith says. "So if you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that's difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That's essentially what we think they were trolling for, at least in our case."The more openings and the more data that is shared, the more openings and opportunities there are for people who you don't want to see that data to have access to it. That should be a major concern. Just before all of this was revealed, we had written about a new report how such backdoors basically destroy any competent attempt at cybersecurity. Julian Sanchez highlights how those who think this isn't a problem are almost certainly confused about how computer security works.
Defenders of the FBI proposal tend to pooh-pooh security concerns raised about requirisng such backdoors: Our brilliant American programmers, they assert, will find ways to enable wiretapping without creating new vulnerabilities. But if a company like Google, with its massive financial resources and a stable of some of the smartest coders anywhere, can be victimized in this way, how realistic is it to expect thousands of Internet startups to achieve better security?Creating more access to information that should be secret might help law enforcement, at the expense of our civil liberties, but it's also going to help those with nefarious intent quite a bit. And that should be a serious concern.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, china, hacking, national security, surveillance, wiretapping
Companies: google, microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
A wall blocks things.
A door allows entry.
While both have vulnerabilities, a wall is much easier to defend than a door.
If you have a door you have to monitor it and allow or deny access as is appropriate.
With a wall you can just sweep off all intruders.
[ link to this | view in chronology ]
Re:
Makes one wonder about what standard one should use as far as setting up your network/website. There appears to be a lot of variety out there, and in the case of firewalls, default options are not necessarily best practice.
[ link to this | view in chronology ]
Re: Re:
Of course the reason they are that way is because then some level of security can be obtained by (and more importantly sales made to) those whos networking skills are at the "Um... firewalls... those are good, right?" level because anything else usually elicits a blank look and the question "What's a port and why do I need 80 of them?"
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
LOL, or 65,000 of them for that matter.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Circumvent FOIA
So, yeah, this makes perfect sense to me!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
A bit of hacking isn't cyberwar or cyber terrorism. It's just hacking and some espionage. No one died because of this. No one ever said that there wasn't hacking going on backed by nation states, but that's not "cyber war." But, if we're talking about keeping people's private data safe, opening up backdoors is a bad way to do it.
[ link to this | view in chronology ]
Re: Re:
Eric Schmidt was once quoted in basically stating that anyone working for Google has the ability and access to see users' emails without the use of users' passwords, and the reason people working there don't do it is because he'd know about it immediately and their policy is "don't be evil"...I mean seriously how delusional is that?
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
tiny flaws in the plan
1: China has some brilliant programmers too.
2: where excellent security is possible and has not yet been implemented, half of the time it's because no one wants to pay for it.
3: ...and the other half of the time, it's because it's slightly inconvenient to use.
4: this is supposed to be a free society, so when you try to install secret police, you're going to run into some problems. That's as it should be.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Wargames
"Do you want to play a game?"
[ link to this | view in chronology ]
hadoop training institutes in hyderabad
Hadoop is a free, Java-based programming framework that supports the processing of large data sets in a distributed computing environment.learn and get the full knowledge on hadoop.
[ link to this | view in chronology ]
Hadoop training in Hyderabad
[ link to this | view in chronology ]