US Enabled Chinese Google Hack

Technology • Views: 2,527

Security guy Bruce Schneier has a cautionary piece at CNN on the rush by many democratic governments around the world to grant new surveillance powers to police forces, often requiring large web services such as Gmail to have “back door” access systems — back doors that are being exploited by hackers: U.S. enables Chinese hacking of Google.

Democratic governments around the world — in Sweden, Canada and the UK, for example — are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell.

Many are also passing data retention laws, forcing companies to retain information on their customers. In the U.S., the 1994 Communications Assistance for Law Enforcement Act required phone companies to facilitate FBI eavesdropping, and since 2001, the National Security Agency has built substantial eavesdropping systems with the help of those phone companies.

Systems like these invite misuse: criminal appropriation, government abuse and stretching by everyone possible to apply to situations that are applicable only by the most tortuous logic. The FBI illegally wiretapped the phones of Americans, often falsely invoking terrorism emergencies, 3,500 times between 2002 and 2006 without a warrant. Internet surveillance and control will be no different.

Official misuses are bad enough, but it’s the unofficial uses that worry me more. Any surveillance and control system must itself be secured. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and by the people you don’t.

China’s hackers subverted the access system Google put in place to comply with U.S. intercept orders. Why does anyone think criminals won’t be able to use the same system to steal bank account and credit card information, use it to launch other attacks or turn it into a massive spam-sending network? Why does anyone think that only authorized law enforcement can mine collected Internet data or eavesdrop on phone and IM conversations?

Read the whole thing…

Jump to bottom

60 comments
1 AK-47%  Mon, Jan 25, 2010 10:16:03am

The biggest problem I have with this sort of surveillance is the clause in the Bill of Rights about the right to "petition for the redress of grievances".

Many of those who are unjustly aggrieved will be unable to petition, because many will not even be aware that their rights have been vilated, and those who do will be most likely unable to trace the resposnible parties.

2 Obdicut  Mon, Jan 25, 2010 10:16:52am

re: #1 ralphieboy

It's also just so much power to blackmail and coerce.

3 Douchecanoe and Ryan Too  Mon, Jan 25, 2010 10:20:40am

It's a tough balancing act, surveillance versus privacy. Rapid advances in encryption make raw data captures obsolete, but then, security issues arise whenever one tries to take Internet data interception to a higher level in the protocol stack. Unfortunately, it seems that secure network programming and protocol is largely ignored these days.

4 Randall Gross  Mon, Jan 25, 2010 10:20:49am

The old means of obtaining phone info in the POTS telephony world weren't subject to foreign hackers - and they all required warrants. As telephony migrates to VOIP, SIP etc. this becomes much more of a concern.

5 RogueOne  Mon, Jan 25, 2010 10:20:59am

There are unintended consequences to hastily passed federal law? Who could have seen that coming?//

6 Kragar  Mon, Jan 25, 2010 10:21:06am

The governments failed to realize every way into the system was a way to get into the system. Classic case of Government overstretching its reach, not realizing all the implications of what it was doing.

7 DaddyG  Mon, Jan 25, 2010 10:24:05am

I'm not comfortable giving anyone back door access to my private parts. /

8 DaddyG  Mon, Jan 25, 2010 10:25:52am

I'm thinking about the irony of this:

Wasn't one of the original iterations of the [Link: WWWeb...] a secure private communications network for the military?

9 brookly red  Mon, Jan 25, 2010 10:28:00am

re: #7 DaddyG

I'm not comfortable giving anyone back door access to my private parts. /

/oh don't worry it's not like anyone wants our medical records...

10 The Sanity Inspector  Mon, Jan 25, 2010 10:28:15am

re: #7 DaddyG

I'm not comfortable giving anyone back door access to my private parts. /

Don't worry, the software is completely safe!

12 The Sanity Inspector  Mon, Jan 25, 2010 10:28:49am

China owns us anyway. They sold us poison toys, and Mattell wound up apologizing to China for the fuss.

13 Obdicut  Mon, Jan 25, 2010 10:29:37am

re: #11 MandyManners

Italy is rushing headlong into fascism-- again. It's damn sad.

14 MandyManners  Mon, Jan 25, 2010 10:33:22am

re: #13 Obdicut

Italy is rushing headlong into fascism-- again. It's damn sad.

Not neccessarily. Berlusconi's greedy.

15 DaddyG  Mon, Jan 25, 2010 10:33:59am

re: #10 The Sanity Inspector

Don't worry, the software is completely safe!

It isn't the software that worries me its the hardware.

16 alkizz  Mon, Jan 25, 2010 10:34:07am

I like Bruce S but on this one he sounds like he's guessing. Not sure he really knows the method used in the attacks other than exploited end points.

17 DaddyG  Mon, Jan 25, 2010 10:34:34am

re: #11 MandyManners
The Ministry of Communications sounds so 1984.

18 Spare O'Lake  Mon, Jan 25, 2010 10:36:13am

Pardon my ignorance, but if foreign governments have the capacity to hack into our systems by other means, then how much are we really losing by giving our own police and security agencies back door access?

19 Cannadian Club Akbar  Mon, Jan 25, 2010 10:37:23am

re: #18 Spare O'Lake

Pardon my ignorance, but if foreign governments have the capacity to hack into our systems by other means, then how much are we really losing by giving our own police and security agencies back door access?

Where does it stop?

20 tradewind  Mon, Jan 25, 2010 10:37:58am

This is puzzling in light of today's editorial in the WSJ re the google/Chinese hack thing, which compares China to the pirates of old threatening free shipping channels.

21 Randall Gross  Mon, Jan 25, 2010 10:38:06am

In the old days there was a clear break between the data and the government - they had to come to the LEC with a warrant to gain particular data specific to an individual number or person. The LEC would then gather just that data. It appears that gov't now has a back door to all data... and that China figured out how to use it.

22 Cato the Elder  Mon, Jan 25, 2010 10:38:49am

re: #12 The Sanity Inspector

China owns us anyway. They sold us poison toys, and Mattell wound up apologizing to China for the fuss.

And owners of dead dogs were required to write letters of regret to China for having complained so loudly it made their pet-food factories look bad.

23 brookly red  Mon, Jan 25, 2010 10:38:58am

re: #19 Cannadian Club Akbar

Where does it stop?

It doesn't... we might as well make the best of it.

24 DaddyG  Mon, Jan 25, 2010 10:38:58am

I thought these back door access systems were voluntary not mandatory? Wasn't there a stink about the legislation so it was watered down?

25 MandyManners  Mon, Jan 25, 2010 10:40:07am

re: #17 DaddyG

The Ministry of Communications sounds so 1984.

Isn't it equivalent to the FCC?

26 DaddyG  Mon, Jan 25, 2010 10:42:47am

re: #25 MandyManners

Isn't it equivalent to the FCC?


Sounds like it. I was struck by the English translation of the agency using the word ministry.

27 Kragar  Mon, Jan 25, 2010 10:44:26am

They should be more worried about securing systems better. The data is their if they have legitimate use for it and if implemented securely, then it would be harder for illegal or malicious users to gain access. This is the flipside of all those warrantless searches.

28 MandyManners  Mon, Jan 25, 2010 10:45:00am

re: #26 DaddyG

Sounds like it. I was struck by the English translation of the agency using the word ministry.

Maybe the name should be changed to Berlusconi's Protection Racket.

29 WINDUPBIRD DISEASE [S.K.U.M.M.]  Mon, Jan 25, 2010 10:47:26am

Just encrypt your sensitive emails! OpenPGP I have heard is quite effective.

30 Douchecanoe and Ryan Too  Mon, Jan 25, 2010 10:48:30am

re: #29 WindUpBird

Just encrypt your sensitive emails! OpenPGP I have heard is quite effective.

The trouble with encrypting email is that the person on the other end has to be able to decrypt it. Further, Web clients such as GMail don't typically support encrypted email. (Many do, however, support using an offline email client such as Outlook, which can be configured to do encryption.)

31 Kragar  Mon, Jan 25, 2010 10:49:56am

I guard my emails the old fashioned way, I dont send them.

32 jordash1212  Mon, Jan 25, 2010 10:50:51am

This isn't just the beginning of the US technological vulnerability. Hollywood may not be so far off in its representation of technological apocalypse and worst case scenarios.

33 Cannadian Club Akbar  Mon, Jan 25, 2010 10:51:16am

re: #31 Kragar (Proud to be Kafir)

I guard my emails the old fashioned way, I dont send them.

Who was in the Bush administration who never sent email because they could be found?

34 Varek Raith  Mon, Jan 25, 2010 10:51:47am

re: #32 jordash1212

This isn't just the beginning of the US technological vulnerability. Hollywood may not be so far off in its representation of technological apocalypse and worst case scenarios.

We've been vulnerable to this for years, if not decades. We just never seem to take it seriously.

35 albusteve  Mon, Jan 25, 2010 10:51:55am

re: #31 Kragar (Proud to be Kafir)

I guard my emails the old fashioned way, I dont send them.

I use smoke signals

36 Kragar  Mon, Jan 25, 2010 10:53:37am

re: #34 Varek Raith

We've been vulnerable to this for years, if not decades. We just never seem to take it seriously.

Man, there are stories I could tell you.

37 DaddyG  Mon, Jan 25, 2010 10:56:30am

re: #31 Kragar (Proud to be Kafir)

I guard my emails the old fashioned way, I dont send them.

That explains the crayon on the inside of my monitor. /

38 DaddyG  Mon, Jan 25, 2010 10:57:37am

re: #36 Kragar (Proud to be Kafir)

Man, there are stories I could tell you.

Story Time! Story Time!

39 Aceofwhat?  Mon, Jan 25, 2010 10:57:51am

re: #35 albusteve

I use smoke signals

i use interpretive dance. i'm horribly inflexible, so i think that means that i have an accent.

40 WINDUPBIRD DISEASE [S.K.U.M.M.]  Mon, Jan 25, 2010 10:59:02am

re: #30 thedopefishlives

The trouble with encrypting email is that the person on the other end has to be able to decrypt it. Further, Web clients such as GMail don't typically support encrypted email. (Many do, however, support using an offline email client such as Outlook, which can be configured to do encryption.)

Can't you encrypt emails in raw text? nothing needs to support anything, it's just raw text that looks like alphabet soup without the key.

Also, anyone you'd be sending Important Shit to should have the damn key. I can count a zillion different ways to get ahold of good friends of mine via the internet to send a key. half a dozen social networking sites, email, AIM, MSN, forums...

41 Cannadian Club Akbar  Mon, Jan 25, 2010 10:59:08am

re: #39 Aceofwhat?

i use interpretive dance. i'm horribly inflexible, so i think that means that i have an accent.

You dance like Elaine from Seinfeld?

42 WINDUPBIRD DISEASE [S.K.U.M.M.]  Mon, Jan 25, 2010 10:59:33am

re: #34 Varek Raith

We've been vulnerable to this for years, if not decades. We just never seem to take it seriously.

Totally.

(were you at FC? :D )

43 Douchecanoe and Ryan Too  Mon, Jan 25, 2010 11:00:32am

re: #40 WindUpBird

Can't you encrypt emails in raw text? nothing needs to support anything, it's just raw text that looks like alphabet soup without the key.

Also, anyone you'd be sending Important Shit to should have the damn key. I can count a zillion different ways to get ahold of good friends of mine via the internet to send a key. half a dozen social networking sites, email, AIM, MSN, forums...

Someone has to have the corresponding key in order to make the alphabet soup back into readable text. If you can guarantee the person you're sending to has the key and is set up to use it, then sure, knock yourself out. How many people are you really going to correspond with that have the technical knowhow to use your key with their email software, though?

44 WINDUPBIRD DISEASE [S.K.U.M.M.]  Mon, Jan 25, 2010 11:03:28am

re: #43 thedopefishlives

Someone has to have the corresponding key in order to make the alphabet soup back into readable text. If you can guarantee the person you're sending to has the key and is set up to use it, then sure, knock yourself out. How many people are you really going to correspond with that have the technical knowhow to use your key with their email software, though?

I know this. ;-) And yeah, i'm assuming the friend in question has the key. If someone wants to hack my gmail accounts, they'll find a bunch of hilarious and useless fandom crap, and a whole lot of spam.

Clearly, basic emails shouldn't be encrypted, it'd be like speaking in code when you're at a Starbucks. Not worth the effort. And I don't agree with the gub'ment being able to snoop emails, but if it's correspondence between people you know that you don't want public, there are ways to keep it private.

45 Aceofwhat?  Mon, Jan 25, 2010 11:03:56am

re: #41 Cannadian Club Akbar

You dance like Elaine from Seinfeld?

almost...i have better hip action, even for a guy. disco is my specialty. i'd say i was born too late, except i think that disco is only fun on occasion if you didn't live through it. that's what they tell me, at least...

46 abolitionist  Mon, Jan 25, 2010 11:05:15am

Recent news story: Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property
Attackers used intelligence, custom malware to access Google, Adobe, and other U.S. companies' systems

Excerpt:

One source close to the investigation says this brand of targeted attack has actually been going on for about three years against U.S. companies and government agencies, involving some 10 different groups in China consisting of some 150,000 trained cyber-attackers.

Oh, any users of IOBit security software might want to reconsider that choice.

47 Kragar  Mon, Jan 25, 2010 11:05:38am

re: #38 DaddyG

Story Time! Story Time!

One of the few I can tell.

A office at a undisclosed government office was always complaining it took forever for their network printer to print anything. When they finally took a look at it, they realized someone had set up the printer to forward all documents sent to it an IP address in a foreign country, then it was getting the documents back from the foreign IP and finally printing them. This was going on for over a year before anyone noticed and their was no documentation over who had serviced or had access to the device over its lifespan in the office. Everything from emails to personnel reports to God knows what else got forwarded along.

48 RogueOne  Mon, Jan 25, 2010 11:08:42am

re: #47 Kragar (Proud to be Kafir)

Wow. Scary.

49 WINDUPBIRD DISEASE [S.K.U.M.M.]  Mon, Jan 25, 2010 11:10:07am

re: #48 RogueOne

Wow. Scary.

And dead easy to do, unfortunantely.

50 SixDegrees  Mon, Jan 25, 2010 11:11:35am

re: #30 thedopefishlives

The trouble with encrypting email is that the person on the other end has to be able to decrypt it. Further, Web clients such as GMail don't typically support encrypted email. (Many do, however, support using an offline email client such as Outlook, which can be configured to do encryption.)

That, and it doesn't really address the thing China seems to have been looking for: a connection between an email address and an actual person. Granted, they might not look in the first place if they couldn't read emails containing information that made them want to know who wrote it, but there is lots of mischief caused simply by having that connection spelled out.

51 AK-47%  Mon, Jan 25, 2010 11:15:56am

re: #18 Spare O'Lake

Pardon my ignorance, but if foreign governments have the capacity to hack into our systems by other means, then how much are we really losing by giving our own police and security agencies back door access?

I guess the anaology could be: since burglars have the ability to break into our houses, shouldn't we allow the police to do the same?

It is a tricky thing, defending our ritghts without trampling on them in the process. A lot trickier than they make it look on television

52 Kragar  Mon, Jan 25, 2010 11:17:48am

re: #51 ralphieboy

I guess the anaology could be: since burglars have the ability to break into our houses, shouldn't we allow the police to do the same?

It is a tricky thing, defending our ritghts without trampling on them in the process. A lot trickier than they make it look on television

A burglar can break into your house at anytime. Thats no reason to leave your doors and windows open.

53 Achilles Tang  Mon, Jan 25, 2010 11:33:26am

Slippery slope arguments aside, has anyone (other perhaps than terrorists charged as such) shown that they were harmed directly or indirectly through any technically illegal surveillance?

54 Cog  Mon, Jan 25, 2010 11:35:24am

With regards to the CNN article, it cuts both ways. Some are speculating that there may be vunerabilities in certain models of memory and processors, the bulk of which are produced in China and Taiwan, by Chinese companies.

55 AK-47%  Mon, Jan 25, 2010 11:43:22am

re: #53 Naso Tang

Slippery slope arguments aside, has anyone (other perhaps than terrorists charged as such) shown that they were harmed directly or indirectly through any technically illegal surveillance?

That#s the thing: a lot of people who have been under surveillance have no way of knowing what is happening, and if they were to find out, no way of tracing the perpetrators

56 Obdicut  Mon, Jan 25, 2010 12:05:23pm

re: #53 Naso Tang

How do you know if you're under illegal surveillance? Especially when revealing that surveillance to you is a crime?

57 Achilles Tang  Mon, Jan 25, 2010 12:36:17pm

re: #56 Obdicut

How do you know if you're under illegal surveillance? Especially when revealing that surveillance to you is a crime?

I don't much care in the greater scheme of things. On the one hand I would be momentarily flattered and in the next pissed off that some incompetents were wasting my tax dollars again.

What's your worry?

58 KernelPanic  Mon, Jan 25, 2010 3:39:06pm

Bruce is the man who invented the term "security theater" and he literally wrote the book on modern crypto.

For anyone interested in security and privacy issues I highly recommend his monthly "CRYPTO-GRAM" email newsletter - link is here. I've been subscribed for years and it's always been fascinating reading.

59 KernelPanic  Mon, Jan 25, 2010 3:46:06pm

For Apple/Mac people interested in laptop security I recommend PGP Desktop Professional or the standalone Whole Disk Encryption ("WDE") product. Especially now that they *finally* support Snow Leopard.

My mac-centric company uses PGP WDE to encrypt our laptops drives and we also use a complementary product called PGP Universal Server. The universal server product does a couple of things (a) it can generate recovery tokens to decrypt a drive if an employee forgets or is unavailable and (b) it can provide an audit trail that "proves" the encryption state of any device, disk or USB storage device that gets stolen or goes missing.

Being able to prove that a lost or stolen storage device was encrypted is going to be huge in the future - there are some laws now stating that if you can prove a device was encrypted you don't have to send out the dreaded "client data loss" press release and statement.

We ended up going with PGP and Universal Server because in Massachusetts it's going to be a requirement as of May 1st that all sensitive business information be encrypted and safely handled anyway.

60 Sacred Plants  Thu, Jan 28, 2010 9:16:04am

re: #56 Obdicut

How do you know if you're under illegal surveillance? Especially when revealing that surveillance to you is a crime?

If you suspect your stalkers of monitoring your communications, learn to use the channels in question to fool them from the stupid into the obvious, and keep in mind they might live long enough to experience the day when their records will be falling into your hands.


This article has been archived.
Comments are closed.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2023-04-04 11:11 am PDT LGF User's Guide RSS Feeds

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal Cash.app
Recent PagesClick to refresh
Harper’s Magazine: Slippery Slope - How Private Equity Shapes a Ski Town …Big Sky stands apart for other reasons. The obvious distinction is the Yellowstone Club, a private resort hidden in the mountains above the community that Justin Farrell, a professor of sociology at Yale and the author of Billionaire Wilderness, ...
teleskiguy
Yesterday
Views: 236 • Comments: 0 • Rating: 0