drwex (drwex) wrote,

  • Mood:

We live in a different world - ubiquitous vulnerability


The article is about how the NSA can turn every iPhone into a remote bugging and photographing device, without the holder's cooperation. That's kind of disappointing but not terribly surprising - as a friend of mine said, "If you can jailbreak your iPhone what makes you think the NSA can't?"

What makes this worthwhile is watching the hour-long video at the end, which is Jacob Applebaum's speech cataloging in quite understandable English the degree to which the NSA (and GCHQ) have subverted everything. The Internet, cell phones, the US mail - you name it.

I believe that it's probably illegal for the NSA to be doing this, but I'm less worried about the NSA doing it than the Chinese. I think we can be reasonably certain other nations are as well. Pick your favorite unsavory regime.

If government spying doesn't scare you, would you be OK with drug cartels, Russian mafia, and Al Qaeda doing it? Because what the NSA has done is to focus its mission on ubiquitous penetration and surveillance, weakening defenses everywhere. Most bad guys don't have the resources of the NSA, GCHQ, or the Chinese, but they have enough resources to buy off someone with insider access. AQ was able to convince someone to put a bomb in his underwear and another someone to walk into a military base and start shooting. Compared to that, paying someone enough to steal a copy of the software and plans for this kind of pervasive spying is small potatoes. And it's all off-the-shelf hardware.

Prior to Snowden going public he spent (if you believe him) 14 months inside the NSA trying to get them to tighten up the security holes that allowed him to exfiltrate the documents. Snowden is the first person we know about who took these documents but that doesn't mean he's the first one ever. Aldrich Ames and Robert Hanssen both spent decades selling secret documents before they were caught.

Never mind people actually trying to duplicate this kind of penetration using their own resources, what ever made the NSA think nobody would stumble on the holes they've torn? Applebaum describes one case where someone did exactly that. Fortunately for us, that person chose to publish his discovery so it could be patched. I'm sure that for every hole that has been publicly exposed, some black-hat has found the opening and sold it to the highest bidder. Note how in Jacob Applebaum's talk he remarks that it's gotten so bad that compromise software has to have a signature so people will know, "hey, you just compromised a device that has already been compromised."

We should enter 2014 with our eyes opened. It's not a matter of "privacy vs security" anymore. It's a matter of how our supposed defenders have conspired to leave us open to any miscreant who wants to go after us. The people who suffer first will probably be those trying to fight for human rights and democracy in totalitarian regimes, but when the Russian Mafia decides it'd be profitable to perform a sideband attack against, say, Amazon we are all going to be in the same position as those Target customers last month.
Tags: politics, security
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.