Writing for Medium, Quinn Norton argues that every computer, tablet, cellphone, Linux-embedded device, has as many security holes as a block of Swiss cheese. All it would take is someone clever enough to find a hole and exploit it.
It’s already happened, but for relatively innocent purposes.
Recently an anonymous hacker wrote a script that took over embedded Linux devices. These owned computers scanned the whole rest of the internet and created a survey that told us more than we’d ever known about the shape of the internet. The little hacked boxes reported their data back (a full 10 TBs) and quietly deactivated the hack. It was a sweet and useful example of someone who hacked the planet to shit. If that malware had actually been malicious, we would have been so fucked.
This is because all computers are reliably this bad: the ones in
hospitals and governments and banks, the ones in your phone, the ones that control light switches and smart meters and air traffic control systems. Industrial computers that maintain infrastructure and manufacturing are even worse. I don’t know all the details, but those who do are the most alcoholic and nihilistic people in computer security. Another friend of mine accidentally shut down a factory with a malformed ping at the beginning of a pen test. For those of you who don’t know, a ping is just about the smallest request you can send to another computer on the network. It took them a day to turn everything back on.
More: Everything Is Broken — the Message — Medium
Even the so-called secure protocols, like the Off The Record messaging app that Edward Snowden recommended to Glenn Greenwald, sits on top of libraries that are not bulletproof, she says. There is only the illusion of security and anonymity.
The Intelligence Community can take advantage of porous electronic security. Spooks are so used to being under surveillance themselves that they don’t seem to understand why expansive surveillance is not such a good thing. Instead, Norton argues, the IC needs to understand why people would want privacy.
But, she says, most of us seem quite willing to hand other people the electronic keys to our private lives, by passively accepting the poorly secured operating systems and apps we use every day.
As our desires conflict with the IC, we become less and less worthy of rights and considerations in the eyes of the IC. When the NSA hoards exploits and interferes with cryptographic protection for our infrastructure, it means using exploits against people who aren’t part of the NSA just doesn’t count as much. Securing us comes after securing themselves.
In theory, the reason we’re so nice to soldiers, that we have customs around honoring and thanking them, is that they’re supposed to be sacrificing themselves for the good of the people. In the case of the NSA, this has been reversed. Our wellbeing is sacrificed to make their job of monitoring the world easier. When this is part of the culture of power, it is well on its way to being capable of any abuse.
The general public needs to draw a line in the sand, and say “Go no further.”