Two weeks ago, I saw this piece from Wired about Google and several dozen other big companies getting hacked in what is now known as "Operation Aurora." The Wired story reports, "The attackers used nearly a dozen pieces of malware and several levels
of encryption to burrow deeply into the bowels of company networks and
obscure their activity."
Then this week, I saw an article on CNN from security technologist Bruce Schneier, who said, "The news here isn't that Chinese hackers engage in these activities or that their attempts are technically sophisticated -- we knew that already -- it's that the U.S. government inadvertently aided the hackers."
How so? Because, he says, some of the same laws that allow authorities to monitor Internet communications promotes criminal misuse. There's the 1994 Communications Assistance for Law Enforcement Act, which requires phone companies to facilitate FBI eavesdropping. The U.S. government is working on the "Comprehensive National Cybersecurity Initiative," to address cyber-threats, which could give them the ability to police Internet activity and email.
(And then there's the National Security Administration's "Advanced QUestion Answering for INTelligence," or Acquaint project, which is designed to collect data from phone calls, credit card receipts, social networks like Facebook and MySpace, GPS tracks, cell phone geolocation, Internet searches, Amazon book purchases, and E-Z Pass toll records to locate and keep track of people.)
I suddenly feel like I'm living in a George Orwell novel.
But my friend, Jack Danahy, an expert in Internet security and blogger for the Smart Grid Security Blog, said it's no surprise that a company like Google knows something about the context of your email. The right rail of Gmail is devoted to ads based on the topic of your email.And unique access to that data wouldn't necessarily expose the company to hacking.
"If all they’re doing is sending an equal stream to the government, then I may not like it, but I don’t see how the government asking for that makes the interface anymore vulnerable," said Danahy.
For Danahy, the big story is that these hackers found a new vulnerability in a very popular Microsoft product (Internet Explorer), and was working to steal the source code for applications from other popular software makers.
"It’s much more interesting that they this technique to break into these accounts, so that they could go forth and get more source code where they would see more vulnerabilities," he said. "That gives them access to pollute many, many more systems."
Photo by ChinaFotoPress/Getty Images
comments ( )