10.08.13
Privacy and Security in the Age of Criminal Activity Perpetrated by the NSA, CIA, and FBI
Michael Hastings became an “Enemy of the State” when he criticised the CIA/Pentagon
Summary: The importance of one’s privacy and personal security when lawlessness prevails, especially in the realms of shady agencies that are unaccountable and state-protected
LAST night I watched “Enemy of the State” together with my wife because it deals with the NSA, even 15 years ago (a lot of it is still very relevant). A great deal of the film may be hogwash (unrealistic scenarios and impossibilities, like one satellite hovering over the same point), but surveillance and bugging is something that the producers got quite right. Based on some statements [1], the US government wants less transparency for the NSA (no surprise there), perhaps because transparency helps reveal the government’w complicity in violation of the law which it’s supposed to defend. Here in Europe, the European Parliament, which was bugged by the NSA, is now learning from former spies. European developers sure developed an interest in privacy [3] because it’s becoming an important selling point for GNU/Linux and Free software.
“he NSA spies even on US allies, which really says a lot about the value of privacy in the digital age. It’s all about control.”The FBI turns out to have engaged in criminal activities like spreading malware in order to carry out surveillance again [4] (we gave more examples even years ago) and following suspicions and reports that the FBI harassed a journalist’s family while he (Michael Hastings) was preparing a report about the CIA and shortly before he died in a fiery car crash (his car was controlled by a microchip) we now learn about the risks of cyber attacks on cars, with whole a consortium being formed to deal with this issue [5]. Meanwhile, details surface about the NSA’s cyber attacks programme [6,7] (the NSA is a cyber criminal, in essence doing exactly what criminals do) and a former NSA CIO ridicules the security of systems all over the place [8] while new flaws in Windows emerge [9] which continue to remain unpatched.
What we can learn from all this is simple. The US government — through the secret agencies it harbours — is actively engaging in criminal activities such as cyber attacks. This shouldn’t come as too much of a surprise, but we should be prepared for the possibility of such attacks by making informed software choices (e.g. cars that are not driven by proprietary software, operating systems that are not proprietary, access restrictions and so forth).
40 years ago the CIA helped crush democracy in Chile, putting a tyrant in place and protecting his militant henchmen [10]. This is one example among many where not only the lives of individuals got compromised and even ended because of criminal activity from secret agencies; even the sovereignty of entire nations could be compromised. The NSA spies even on US allies, which really says a lot about the value of privacy in the digital age. It’s all about control. To achieve these spying capabilities, systems are being broken into, so it’s not about social engineering. The only route to security is inherently hardened systems. GNU/Linux is one notable option. █
Related/contextual items from the news:
-
U.S. gov’t argues tech companies should not be allowed to report data request figures
The U.S. government doesn’t want Microsoft, Google, Yahoo, and other major technology companies to disclose figures on how many requests it makes for user data.
-
LIBE whistleblower hearing at the European Parliament
This week I was invited to give a statement to the LIBE Committee at the European Parliament about whistleblowing and the NSA mass surveillance scandal.
-
Videos about the Freedombox project – for inspiration and learning
-
FBI Admits It Controlled Tor Servers Behind Mass Malware Attack
It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors.
-
Consortium plans to protect cars from cyber attacks
As vehicles become increasingly dependent on embedded computers for functions such as engine timing, acceleration, braking, and in-vehicle infotainment (IVI), the risk of cyber attacks on cars is growing dramatically. With this in mind, Southwest Research Institute has formed the Automotive Consortium for Embedded Security (ACES), which will have an informal initial meeting on Oct. 23.
-
How the NSA Thinks About Secrecy and Risk
As I report in The Guardian today, the NSA has secret servers on the Internet that hack into other computers, codename FOXACID. These servers provide an excellent demonstration of how the NSA approaches risk management, and exposes flaws in how the agency thinks about the secrecy of its own programs.
-
The NSA is Making Us All Less Safe
Every casual Internet user, whether they know it or not, uses encryption daily. It’s the “s” in https and the little lock you see in your browser—signifying a secure connection—when you purchase something online, when you’re at your bank’s website or accessing your webmail, financial records, and medical records. Cryptography security is also essential in the computers in our cars, airplanes, houses and pockets.
-
Former NSA CIO slams Fortune 100 companies’ security
“It’s about looking at all the types of data you have got, assembling pictures and understanding what is happening and what has to stop.”
-
Microsoft IE Zero-Day Flaw Exposure Widens
There is still no official patch from Microsoft as weaponized exploits for Internet Explorer begin to appear, but there is a simple step that enterprise users can take to mitigate the risk.
-
Chile shuts luxury jail for Pinochet henchmen