NSA Chief Warns Of Pending Cyberattack... Which He Wants To Make Easier With Backdoors

from the ridiculous dept

Mon, Nov 24th 2014 1:33pm — Mike Masnick

NSA Director Admiral Mike Rogers has often seemed somewhat more reasonable than his predecessor, but he's still not above spewing FUD. The latest is that, last week, he pulled out the favorite of surveillance state supporters everywhere: the pending cyberpocalypse, in which hackers take down the economy. Prepare for the "dramatic cyberattack" that is inevitably on the way:

The director of the National Security Agency issued a warning Thursday about cyberthreats emerging from other countries against networks running critical U.S. infrastructure systems.

Adm. Michael Rogers said he expects a major cyberattack against the U.S. in the next decade. “It’s only a matter of the ‘when,’ not the ‘if,’ that we are going to see something dramatic,” he said.

Of course, as venture capitalist/entrepreneur Marc Andreessen pointed out in response, the best way to stop that from happening would be to not require that software have backdoors that can easily be hacked:

What would really help with this? Software without government-mandated backdoor security holes! http://t.co/ihRYvQbTIO
— Marc Andreessen (@pmarca) November 21, 2014

"You must build bulletproof software systems that foreign state hackers can never penetrate!" "But leave deliberate backdoors open for us!"
— Marc Andreessen (@pmarca) November 21, 2014

And, in some ways, it's even worse than that. Even as law enforcement, intelligence officials and clueless commentators keep pushing for less encryption and more backdoors, those in the actual security world know that the best way to keep things secure is with more encryption, not less. It means fewer security holes and backdoors, not more. And yet the NSA seems to be working actively against that.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: admiral michael rogers, backdoors, cyberattack, marc andreessen, nsa

44 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Rich Kulawiec, 24 Nov 2014 @ 1:54pm

He's right -- except for one small detail
There has been a major cyberattack -- the news just broke yesterday: http://www.pcworld.com/article/2851472/symantec-identifies-sophisticated-stealthy-regin-malware.html and http://www.theregister.co.uk/2014/11/24/regin/ provide a quick guide to it.

Oh. That one small detail? It looks like the US and the UK are the ones behind this: http://www.zdnet.com/now-we-know-who-developed-state-sponsored-regin-malware-7000036111/

Oops.
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 1:57pm

Lets put in the backdoors so that after they have been used to take over our systems in a cyberattack we can attack right back; seems like a good plan.
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 1:57pm

This wouldn't be the same "cyber-Pearl Harbor!" the government was trying to scare us with a couple of years ago, would it?

You'd think after years of being frightened somebody would have moved "critical U.S. infrastructure systems" off the fucking internet.
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 1:58pm

>Something will happen within the next ten years.

Frankly, i'm surprised it hasn't happened yet. That bet is pretty conservative considering how insecure everything is.
[ link to this | view in thread ]
DannyB (profile), 24 Nov 2014 @ 2:03pm

The Golden Key
They want back doors that require a Golden Key.

Of course, these Golden Keys would never fall into the wrong hands*.

*wrong hands includes but is not limited to: the NSA, CIA, FIB, other government agencies, state and local police forces, and other criminal organizations.
[ link to this | view in thread ]
Chris Brand, 24 Nov 2014 @ 2:08pm

Re: The Golden Key
I thought they'd said that they didn't want back doors any more. Now they want magical front doors or ... wands of polymorph or something.
[ link to this | view in thread ]
Rikuo (profile), 24 Nov 2014 @ 2:27pm

Re: Re: The Golden Key
I remember those wands in Baldur's Gate. Turned targets into squirrels. Is that what they really want?
[ link to this | view in thread ]
That One Guy (profile), 24 Nov 2014 @ 2:27pm

The director of the National Security Agency issued a warning Thursday about cyberthreats emerging from other countries against networks running critical U.S. infrastructure systems.

You know how you solve that problem? Don't connect critical systems to the internet in the first place. If someone has to be physically at the location of the system in order to even be able to hack into it, that right there will eliminate the vast majority of threats.

If they really cared about keeping critical systems safe, that is what they would be pushing. Instead what are they pushing for? Less security, by introducing and making mandatory more vulnerabilities in those systems, and for no other reason than to make their jobs easier.

They don't want critical systems to be secure, they want them to be vulnerable, as it gives them an excuse to swoop in and offer to 'protect' them.
[ link to this | view in thread ]
Roger Strong (profile), 24 Nov 2014 @ 2:37pm

Lead By Example
Perhaps Director Rogers could demonstrate his sincerity by installing back doors in intelligence agency systems for better congressional oversight.
[ link to this | view in thread ]
ChurchHatesTucker (profile), 24 Nov 2014 @ 2:47pm

OK...
Adm. Michael Rogers said he expects a major cyberattack against the U.S. in the next decade.

So, any year now...
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 2:48pm

Classic doublethink.
Make things more secure by making it less secure.
Par for the fucking course.
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 2:53pm

If you stare into a mirror and keep chanting "cyberwar, cyberwar" the headless ghost of a Chinese hacker will appear RIGHT BEHIND YOU!!!
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 2:56pm

Of course the NSA is pushing for backdoors! Haven't you guys been reading about Regin, the newly disclosed nation-state malware that's been backdooring GSM cellphone network infrastructure and backdooring cryptography expert computers?

http://www.securityweek.com/symantec-uncovers-stealthy-nation-state-cyber-attack-platform

h ttps://threatpost.com/regin-cyberespionage-platform-also-spies-on-gsm-networks/109539

Telling the NSA and GCHQ to give up their backdoors, is like asking a crack addict to quit using crack.
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 3:03pm

The other interesting thing about the Regin backdoor, is all the cellphone tracking technology built into cellphones by law. Is now under hacker's control.
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 3:05pm

Re:
If you need remote access for monitoring and control, which usually has low data requirements, use a ring back/ring the control center on state change system. That way only the control center has the ability to control the system, and all anybody else can do is get it to ring the control center.
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 3:11pm

Re:
Come on! Don't you think that would take the fear away?
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 3:46pm

They already been approved tons of everything to catch those in the War On Drugs. Funny how that hasn't stopped anything. They've arrested so many that we have the worlds' #1 amount of prisoner population. Yet we are still hearing from those the cry for every more access.

Russia and it's various old satellites it gave up have been a steady source of malware for robbing banks electronically for better than a decade. They almost never catch the ones that did it. Same with credit cards.

Now pile on this pile that the US has owned up to distribution malware. Those little gems like Stuxnet or the recently discovered Regin. A/V companies say only a state sponsored program can deliver it at this level of complexity. Congress got the willies over China's possible hacking of routers, banning them in the US. Then up comes a photo of the NSA doing the same damn thing.

Face it, the US escalated this and now they are running with a guilty conscious. The Pearl Harbor is the fear that others will do what the US has shown it can do. I'm getting to where I fear my government and their actions more than the hackers.
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 4:05pm

Re:
Given the choice between some hacker's control and the government's control, I'll take the hacker's. What's he going to do? Demand my dirty pictures? Put smarmy ads on my phone? Steal my paltry few dollars?

And what would a government do? Monitor my communications/movements for the ever-shifting 'suspicious behaviour'. Mark my location for the army of minimum wage armed thugs itching to play with their military-grade hardware. And, ultimately, put my data in an unsecured laptop left in the back of a car where some hacker will get it anyway.
[ link to this | view in thread ]
tomczerniawski, 24 Nov 2014 @ 4:26pm

"Peedy-files and terrorists! Hackers behind every blade of grass! Doom closing its icy fingers around your throats, citizens of America! Now, turn over your encryption keys, so we can keep you niiiiice and safe..."
[ link to this | view in thread ]
Uriel-238 (profile), 24 Nov 2014 @ 4:35pm

Because Logic!
my last version of this post submitted prematurely without a message. All apologies.

No wait! Because lies!
[ link to this | view in thread ]
Uriel-238 (profile), 24 Nov 2014 @ 4:36pm

That completely parses as...
.pd

As in bigdatablock.pd
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 4:44pm

There will be attacks - enabled by the backdoors.

-Self fulfilling prophecy-
[ link to this | view in thread ]
drjimmy (profile), 24 Nov 2014 @ 4:58pm

Let's face it, the people in charge of the security of this country are basically idiots. This is why they argue contrary to experts and common sense. In order for the government (made up of idiots) to do their jobs, it has to be easy.
[ link to this | view in thread ]
BentFranklin (profile), 24 Nov 2014 @ 5:03pm

If the NSA is so competent at securing computers, why doesn't the NSA start by securing all the government computers? They don't even have to ask permission because the government already owns them. If the NSA can totally secure all the government computers, then I'll consider letting them handle my security.
[ link to this | view in thread ]
That One Guy (profile), 24 Nov 2014 @ 5:07pm

Re:
Idiocy would probably be an improvement actually, as you can educate an idiot, and as long as it's a well meaning idiot, there's at least a chance they'll change when they are shown how their actions are just making things worse.

No, the NSA's main problems are arrogance and indifference. They assume that no-one could possibly take advantage of the security weaknesses they create, and simply don't care how much they screw over everyone else, as long as they can continue to do whatever they want to.
[ link to this | view in thread ]
That One Guy (profile), 24 Nov 2014 @ 5:10pm

Re:
Umm, no, I think I'd prefer it if the NSA wasn't in control of all the government's computers.
[ link to this | view in thread ]
That One Guy (profile), 24 Nov 2014 @ 5:13pm

Re: Re:
Still leaves open the most effective hacking method(social engineering), but it would at least be a better method than having the systems accessible directly from off-site.
[ link to this | view in thread ]
That One Guy (profile), 24 Nov 2014 @ 5:39pm

You'd have to be nuts not to
The ability to turn smartphone and computers into squirrels?

Who wouldn't want that ability?
[ link to this | view in thread ]
justme, 24 Nov 2014 @ 5:43pm

Problem: Your house will be burglarized within the next 10 years.
Solution: Install new locks on all doors and leave a key under the doormat so we can ensure your house is secure!

doh! :)
[ link to this | view in thread ]
orbitalinsertion (profile), 24 Nov 2014 @ 5:58pm

Re: Re:
Yeah, if only the government just wanted a fifty dollar GreenDot money transfer to "fix the computer" that is definitely going to crash in the next day or two.
[ link to this | view in thread ]
BernardoVerda (profile), 24 Nov 2014 @ 8:27pm

Re: Re:
Get abused &/or exploited by criminals;
Get abused &/or exploited by corporations;
Get abused &/or exploited by government;

What makes you think any of these are necessarily preferable to any of the others (aside from some deficiency of the imagination)?
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 8:39pm

FBI wants a Golden Key, so they can give us a
Golden Shower on all of our rights.
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 8:45pm

Re: Re: Re: The Golden Key
Is that what they really want?

No it's more like the Cursed Potion of Speed:

"The character is out of control and will wander around and attack others (including allies) randomly."
[ link to this | view in thread ]
That One Guy (profile), 24 Nov 2014 @ 8:49pm

Re: Re: Re:
... the criminals at least are honest enough about their actions and don't pretend that they're screwing you over 'for your own good'?
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 9:02pm

Re: He's right -- except for one small detail
Thx for the links.
So the US has been involved in the 2 big attacks (stux and this one)? No wonder they are affraid people will attack them. If you keep punching someone chances are the person will fight back sooner or later.
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 10:05pm

...the pending cyberpocalypse, in which hackers take down the economy.
It took him all this time to find out that Keith Alexander is working with the financial industry?
[ link to this | view in thread ]
Anonymous Coward, 24 Nov 2014 @ 10:34pm

It is kind of funny...
10 years ago they were all like: "Every country should be like ours... the land of the free and democracy"
Today they are like: "FEEEEAR the world! because there might be people out there who are as bad as we are!"
[ link to this | view in thread ]
Guardian, 25 Nov 2014 @ 6:42am

as a hacker i applaud this move
teehee ....we wil get your back doors too , thanks to your govt....

and we wont tell you when we pwn you....enjoy
[ link to this | view in thread ]
comment held for moderation, 25 Nov 2014 @ 6:44am

censorship on techdirt
OH MY

seems the web gods have turned shit up on this site to make it bend over...

as said as a actual hacker im laughing my ass off at this....can't wait to test out all the apps after this passes and its like being back in the xp days for years we held a nice lil back door , heck sony even got hold of that rootkit....with process hiders and anti virus protecting it , WEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE

good times....
[ link to this | view in thread ]
Anonymous Coward, 25 Nov 2014 @ 9:19am

Critical infrastructure to the nation should not be connected to the fucking internet. How difficult is this to comprehend?
[ link to this | view in thread ]
Anonymous Coward, 25 Nov 2014 @ 10:53am

Re: Re: Re: Re:
Not to mention that you can actually fight criminals. That is what makes cops scarier. Even if they're deep in the wrong you're still screwed for fighting back.
[ link to this | view in thread ]
AnonyBabs, 25 Nov 2014 @ 12:24pm

Re: Re: Re:
Criminals cannot "legally" throw you in jail or physically deprive you of all possessions or kill you. Corporations can but have to try pretty hard. Governments scarcely have to try at all.
[ link to this | view in thread ]
That One Guy (profile), 25 Nov 2014 @ 3:20pm

Re: Re: Re: Re: Re:
Yeah, I'll take a mugger over a cop any day. I can defend myself from a mugger, trying to do the same with a cop is likely to get me hospitalized, killed, or thrown in prison.
[ link to this | view in thread ]
GEMont (profile), 26 Nov 2014 @ 1:54am

Look!! In the Sky!! Its a Terrorist! No its a Cyber Terrorist!!
"“It’s only a matter of the ‘when,’ not the ‘if,’ that we are going to see something dramatic,” he said. "

Oh absolutely.

As soon as the CIA and NSA can be reasonably sure that their crack Army Signals hacker team won't get caught, and can make it appear to be an attack by ISIS/ISIL - they'll be pulling another Electronic Pearl Harbor on the Good Old Gullible US citizenry for certain.

If they can fake a terrorist attack by ISIS/ISIL on American soil - so to speak - just think how the US public will be shitting their pants and demanding the USG protect them from the masked evil overlords of doom.

And it'll work too. Every false flag op the USG has pulled since the Lucitania has worked like a charm, just like Goering said they would.

=====================================================
"Naturally, the common people don't want war;
neither in Russia nor in England nor in America,
nor for that matter in Germany.
That is understood. But, after all, it is the leaders
of the country who determine the policy and
it is always a simple matter to drag the people
along, whether it is a democracy or a fascist
dictatorship or a Parliament or a Communist
dictatorship. Voice or no voice, the people can
always be brought to the bidding of the leaders.
That is easy. All you have to do is tell them
they are being attacked and denounce the
pacifists for lack of patriotism and exposing
the country to danger. It works the same way
in any country."

- Hermann Goering, Nazi Reichsmarshall
===================================================

These guys spend probably three quarters of their time manufacturing possible false flag scenarios, for fun and profit. After all, there is no better "enemy" than the ones you create yourself, from whole cloth.

---
[ link to this | view in thread ]