Monday, December 30, 2013

Thanks for nothing, NSA!


Revelations over the weekend of the extent to which the NSA has penetrated the security and nominal independence of the Internet, computer systems in general, and the privacy of every single user of either, have been breathtaking in their scope - not to mention the arrogance they display.  I'm not going to go into all the details here, because it would be impossible to cover them adequately in the space of a simple blog article.  If you're interested (and I strongly suggest you should be!) you'll find more details in these articles:


The invasive nature of these devices and systems is truly appalling.  It seems that our constitutional right to privacy is being not so much ignored as deliberately and willfully trampled underfoot by the NSA and its stooges.  They have no scruples, no morals, no ethics, and (seemingly) no effective supervision or control of their actions.

Worse, the NSA and similar entities have spawned a host of commercial interests competing to work with them and sell similar capabilities to those who don't already have them.  As one example, consider this advertising blurb from Selex Galileo, an Italian company.  You'll find it at about 24 minutes and 35 seconds into the video below, from last weekend's 30th Chaos Communications ConferenceI very strongly recommend that you take a minute or two to watch it for yourself.  The company is actually proud of its ability to hack into every aspect of your digital life, no matter who or where you are, what you're doing, or whether or not there's any justification whatsoever for doing so.





Consider that this is only one company, in one country, that's so open about the abilities of the software it provides.  There are dozens - probably hundreds - more like it.  In a follow-up presentation to the one above, corporate intrusion on the Internet is described in great detail.





Between them, those two videos are over an hour and three-quarters in length:  but if you're seriously interested in or concerned about your online security, I urge you to watch them in full - or at least listen to their audio tracks.  The amount they reveal, pulling it together from all sorts of sources, is mind-blowing.  After watching them, you'll realize that even if the NSA were shut down tomorrow (a consummation devoutly to be wished, but unfortunately unlikely), the risks to our privacy and security would be only slightly diminished by its passing.

Of course, the NSA and organizations like it are largely responsible for that reality.  They were the pioneers in developing such systems;  their former staff all too often resigned to join other companies as 'consultants' to help them develop commercial products inspired by the NSA's needs;  and a whole range of corporations now make their living out of developing ever-better tools for the NSA.  It's become a hive of governmental, bureaucratic and corporate mutual back-scratching, and to hell with ethical, legal and constitutional concerns.

In particular, the installation of 'back doors' into US-made computer hardware and software, to give the NSA easier access to them, is mind-bogglingly short-sighted (see the fourth article of the six linked above).  As Karl Denninger trenchantly points out:

The stupidity of such a program knows no boundaries.

The ultimate premise -- that nobody other than the NSA will ever obtain the keys necessary to access these defective locks they install -- is the height of arrogance.

How much of what the Chinese and others have stolen over the years were taken using our very own back doors?

Nobody knows, of course, and if the NSA knows they sure as hell won't be telling anyone.  But we do know that the Chinese, for example, have stolen not just commercial secrets but military ones as well -- including nuclear warhead designs.

We didn't, through our own arrogance, make that possible -- did we?

I'm sure we'll never find out with certainty, but this much I am certain of -- we're not the only nation with bright people in it, and if we put intentionally-pickable locks in things we sell we cannot maintain 100% control over the distribution of the back-door keys for said locks.

There's more at the link.  We've already discussed how this practice has caused billions of dollars in losses to US high-technology companies.  Those losses are likely to get much worse over the next few years as a result of these revelations.

Given government intrusion, commercial complicity in that intrusion, and hacker attacks on our hardware and software, is it any wonder that many computer security people are almost paranoid in their concerns?  I would be too, if I were in their shoes!  For example, an Australian journalist is quite candid about the lengths to which he goes.

I started covering up the cameras of my two laptops, desktop and smartphone in April. This was in addition to already making use of anti-virus and other security software on my devices. A New York Times security writer also recently divulged that they did this too.

I, like many others, close the blinds at night, so I figured I should probably put some sort of blind on my devices if I cared about my privacy. When I needed to use them for video conferencing or the occasional "selfie", I could just take the tape off. It made perfect sense, even though it wasn't as practical as I had hoped.

Friends and work colleagues who saw the tape over my mobile's front- and back-facing camera laughed at me and called me "paranoid" and "crazy". This was about two months before revelations concerning mass surveillance conducted by the world's Western spy agencies came out.

. . .

... evidence already exists on hacker forums about people who have successfully been able to disable the warning light of web cameras on a number of vendors' device without much difficulty. Even a former FBI agent admitted recently that the agency has been capable of doing it for several years.

. . .

Now I just need to find a practical way of taping up the microphones... glue anyone?

Again, more at the link.  I note that the Electronic Frontier Foundation (an organization worthy of our support, IMHO) is even selling stickers with its logo to cover the lenses of the cameras on your devices!

I fear we're in a situation today where we have to assume that we have no privacy or secrets whatsoever in, on or around our electronic systems, whether online or offline.  I'm seriously considering instructing my bank to disable all electronic access to my accounts, for fear that today's hacking tools might be used to rob me blind before I can do anything about it.  If the bank can't or won't do that, perhaps it'll be time to consider another bank . . . or take my money out as fast as it comes in, and store it in a secure location at home, where it'll be better protected!

Peter

2 comments:

Rolf said...

And people wonder why I have a hard-wire network in the house, and no cell phone, and no computer camera, and disconnect the kid's Kinect when not in use for a game.

Anonymous said...

Covering cameras works only so long as the NSA has not yet implemented remote installation of infra-red "upgrades". But it has absolutely no effect on the camera's built-in microphone.

You might want to look into disabling the mic and camera in the Device Manager, because just covering the microphone is not enough. If someone can hash up a script or regedit that can be used to turn it on and off, that would be great.

What I used to do with STU-III's was install a simple toggle on-off switch in the handset and at the ringer. If some enterprising entrepreneur can market a means of doing that for built-in cameras . . .