Michael Hastings became an "Enemy of the State" when he criticised the CIA/Pentagon
LAST night I watched "Enemy of the State" together with my wife because it deals with the NSA, even 15 years ago (a lot of it is still very relevant). A great deal of the film may be hogwash (unrealistic scenarios and impossibilities, like one satellite hovering over the same point), but surveillance and bugging is something that the producers got quite right. Based on some statements [1], the US government wants less transparency for the NSA (no surprise there), perhaps because transparency helps reveal the government'w complicity in violation of the law which it's supposed to defend. Here in Europe, the European Parliament, which was bugged by the NSA, is now learning from former spies. European developers sure developed an interest in privacy [3] because it's becoming an important selling point for GNU/Linux and Free software.
"he NSA spies even on US allies, which really says a lot about the value of privacy in the digital age. It's all about control."The FBI turns out to have engaged in criminal activities like spreading malware in order to carry out surveillance again [4] (we gave more examples even years ago) and following suspicions and reports that the FBI harassed a journalist's family while he (Michael Hastings) was preparing a report about the CIA and shortly before he died in a fiery car crash (his car was controlled by a microchip) we now learn about the risks of cyber attacks on cars, with whole a consortium being formed to deal with this issue [5]. Meanwhile, details surface about the NSA's cyber attacks programme [6,7] (the NSA is a cyber criminal, in essence doing exactly what criminals do) and a former NSA CIO ridicules the security of systems all over the place [8] while new flaws in Windows emerge [9] which continue to remain unpatched.
What we can learn from all this is simple. The US government -- through the secret agencies it harbours -- is actively engaging in criminal activities such as cyber attacks. This shouldn't come as too much of a surprise, but we should be prepared for the possibility of such attacks by making informed software choices (e.g. cars that are not driven by proprietary software, operating systems that are not proprietary, access restrictions and so forth).
40 years ago the CIA helped crush democracy in Chile, putting a tyrant in place and protecting his militant henchmen [10]. This is one example among many where not only the lives of individuals got compromised and even ended because of criminal activity from secret agencies; even the sovereignty of entire nations could be compromised. The NSA spies even on US allies, which really says a lot about the value of privacy in the digital age. It's all about control. To achieve these spying capabilities, systems are being broken into, so it's not about social engineering. The only route to security is inherently hardened systems. GNU/Linux is one notable option. ⬆
Related/contextual items from the news:
The U.S. government doesn't want Microsoft, Google, Yahoo, and other major technology companies to disclose figures on how many requests it makes for user data.
This week I was invited to give a state€ment to the LIBE Com€mit€tee at the European Par€lia€ment about whis€tleblow€ing and the NSA mass sur€veil€lance scandal.
It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors.
As vehicles become increasingly dependent on embedded computers for functions such as engine timing, acceleration, braking, and in-vehicle infotainment (IVI), the risk of cyber attacks on cars is growing dramatically. With this in mind, Southwest Research Institute has formed the Automotive Consortium for Embedded Security (ACES), which will have an informal initial meeting on Oct. 23.
As I report in The Guardian today, the NSA has secret servers on the Internet that hack into other computers, codename FOXACID. These servers provide an excellent demonstration of how the NSA approaches risk management, and exposes flaws in how the agency thinks about the secrecy of its own programs.
Every casual Internet user, whether they know it or not, uses encryption daily. It’s the “s” in https and the little lock you see in your browser—signifying a secure connection—when you purchase something online, when you’re at your bank’s website or accessing your webmail, financial records, and medical records. Cryptography security is also essential in the computers in our cars, airplanes, houses and pockets.
“It's about looking at all the types of data you have got, assembling pictures and understanding what is happening and what has to stop.”
There is still no official patch from Microsoft as weaponized exploits for Internet Explorer begin to appear, but there is a simple step that enterprise users can take to mitigate the risk.