As Strong As Your Weakest Link

As the old saying goes "You are only as strong as your weakest link".  Interestingly, in the recent rash of data disclosures from Edward Snowden and his predecessors, the weakest link could well turn out to be of America's own making.

Outsourcing key data activity to contractors rather than keeping it in-house means your online security is only as good as their employees are; in keeping mum about what they discover about your operations in the course of their daily duties.

Consider the fact, expounded by James Sensenbrenner in a recent editorial, that there are some 500,000 employees of private firms with access to the government's most sensitive secrets.  And this is just the States.  There are surely more in other countries contracted to undertake similar surveillance.

Some regard the actions of Manning, Assange and Snowden as heroic and others consider them heinous, but which ever side of the the ethical debate you sit on, the fact remains that confidential data was accessed and shared with those it wasn't intended for.

It is a sobering realisation (or maybe reconfirmation) that it is the low level IT guy who poses your greatest threat. These techs seem to be able to rummage through systems and make discoveries that evade all of the so-called safeguards that the governments throw at them.

Consider for a moment what you might have accessed online or sent to others via email in the past year.  I would suggest that many people who would feel less than comfortable in having a total disclosure of their online habits revealed to the world without their permission.

But is there anything you can do to mitigate the risk that others can and do spy on what you do?

Part of the answer could well have been given by NSA whistle-blower Snowden.  In reply to an online discussion set up by the Guardian newspaper he said that:

"Encryption (of email) works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it".

So there you go.  Even encrypting your email can only assure safe passage between systems and if the systems themselves have a weakness an IT tech on a mission can crack it or share it. Not the most comforting of thoughts and if the technician in question has a thumb-drive (as Snowden is reported to have by Senator Saxby Chambliss of Georgia), then your data could be shared and leaked well beyond the boundaries of your network.

Am I alone in thinking that these revelations could well have profound implications for the future of the Cloud? The 'contracting out' of data storage from your own servers to a third party based in another country could well have become a far more difficult decision for businesses to make.

And if you wish to mitigate some of the damage your email might cause you could always try using encryption yourself.  Here is one suggestion: GNU Privacy Guard for Windows which is free software.  Mind you I cannot guarantee that a low-level tech at the NSA hasn't already cracked it.

Related articles

• NSA Leaks Show Low-Level IT Worker as Secrecy's Weak Link - Bloomberg
• NSA-proof encryption exists. Why doesn't anyone use it?
• NSA leaker: No chance of fair trial
• Encrypting Your Email Works, Says NSA Whistleblower Edward Snowden
• Establishment Assertions that Snowden is a Chinese Spy are "Predictable Smears" (+video)

The Most Appalling Spying Machine Ever Invented

Image via Wikipedia

During an interview with a Russian news site, WikiLeaks founder Julian Assange describes Facebook as:

"the most appalling spying machine that has ever been invented. Here we have the world's most comprehensive database about people, their relationships, their names, their addresses, their locations and the communications with each other, their relatives, all sitting within the United States, all accessible to U.S. intelligence."

Facebook, Google, Yahoo – all these major US organizations have built-in interfaces for US intelligence. It’s not a matter of serving a subpoena. They have an interface that they have developed for US intelligence to use.

Now, is it the case that Facebook is actually run by US intelligence? No, it’s not like that. It’s simply that US intelligence is able to bring to bear legal and political pressure on them. And it’s costly for them to hand out records one by one, so they have automated the process. Everyone should understand that when they add their friends to Facebook, they are doing free work for United States intelligence agencies in building this database for them"




It is a little surprising that this outburst is so vitriolic, given that WikLeaks itself has a Facebook Page and Facebook refused to shut them down, even though other US-based companies such as PayPal severed their connections with WikiLeaks.

Not surprisingly Facebook refutes Assange's claims and a company spokesman, in a written statement to CNet, is on record as saying that they only do what's legal and nothing more. Neither have they automated the process of data retrieval according to their rebuttal.

"We don't respond to pressure, we respond to compulsory legal process. There has never been a time we have been pressured to turn over data [and] we fight every time we believe the legal process is insufficient. The legal standards for compelling a company to turn over data are determined by the laws of the country, and we respect that standard."

This is not to say that there aren't companies who haven't built agency intefaces to cater for government requests for information. A case in point is the telco Spint, whose GPS data has reportedly been used more than 8 million times by the local constabulary.

Clearly there are some major privacy issues about the release of such data without obtaining the owner's prior permission.

Facebook have an online form for enforcement, law offices and government agencies to use when requesting information.

So is there a grain of truth in what Assange is suggesting? We shall never know if intelligence agencies are able to tap into private data but it is a safe bet that they can and do.

For those that are really concerned by this then the answer is simple, do not engage in social media and if your do, adjust your privacy settings to exclude anything you don't wish to share.

Where To WikiLeaks?

There is an irony that the first person to coin the phrase "The first casualty of war is the truth" was a US Republican senator, Hiram Warren Johnson, in 1918.

The Wiki leaks saga currently being played out online is all about truths and war and who should be held responsible (and who would rather avoid responsibility).

I am rather ambivalent about the Wikileaks site and have rarely viewed it. However one of its strengths is that it has proved without doubt, the duplicity of diplomacy; what has been said publically is often at complete variance to what is being shared in private.

The Wikileaks site provides a public service in providing balance to the often sanitised media coverage of global events.

Were they unwise to put up content such as a hit list of potential terrorist targets, as identified by governments? Probably, as the greater public good is not served by such exposure. But who determines this 'public good' ? This is the crux of the argument that is raging.

Make no mistake, this is a cyber war like no other. It is not simply the activities of the 'Anonymous' supporters who are currently promoting Operation Payback that are the primary focus of governmental wrath.





It is not even about Wikileaks spokesman Julian Assange, who is facing rape charges in Sweden. These charges are apparently based on circumstantial evidence and the word of one party against another. A suspicious mind might conclude that the Dirty Tricks brigade have been active in getting such a prosecution on the books; again not an unusual development in a war situation.

This cyber war is about who controls the internet and if it can be controlled? Attempts to shut off Wikileaks money supply and block their domains are unlikely to succeed as the ground swell of netizen support is growing.

At time of writing there are at least 1,200 "mirror sites" on the Net hosting WikiLeaks content and this number is growing by the hour.

'Anonymous' is deploying botnets which bombard sites that are siding with government directives. In the past these botnets have been used by criminals to take over computers but in this case owners are downloading the software and installing it voluntarily.

Twitter has shut down the trending capability of #wikileaks although it denies that this has anything to do with governmental pressure.  Their explanation:

"Twitter Trends are automatically generated by an algorithm that attempts to identify topics that are being talked about more right now than they were previously. The Trends list is designed to help people discover the 'most breaking' breaking news from across the world, in real-time. The Trends list captures the hottest emerging topics, not just what’s most popular. Put another way, Twitter favors novelty over popularity ".

As the chart right shows, topics related to Wikileaks such as "wikileaks founder" still feature in the trends.

Mainstream media have been following the Wikileaks story and a few, such as The Guardian , are featuring real time updates of cable releases.

The final word should perhaps go to The Economist who earlier this month published an article under the title " Missing the point of WikiLeaks"

"The basic question is not whether we think Julian Assange is a terrorist or a hero. The basic question certainly is not whether we think exposing the chatter of the diplomatic corps helps or hinders their efforts, and whether this is a good or bad thing. To continue to focus on these questions is to miss the forest for the texture of the bark on a single elm. If we take the inevitability of future large leaks for granted, then I think the debate must eventually centre on the things that will determine the supply of leakers and leaks. Some of us wish to encourage in individuals the sense of justice which would embolden them to challenge the institutions that control our fate by bringing their secrets to light. Some of us wish to encourage in individuals ever greater fealty and submission to corporations and the state in order to protect the privileges and prerogatives of the powerful, lest their erosion threaten what David Brooks calls "the fragile community"—our current, comfortable dispensation."

Related articles

• More attacks in WikiLeaks cyber war (mirror.co.uk)
• WikiLeaks: Hackers Target Amazon And Facebook (news.sky.com)
• WikiLeaks: Assange Set To Meet With Lawyers (news.sky.com)
• Amazon braced for DDoS as WikiLeaks retaliation continues (v3.co.uk)
• WikiLeaks: Hackers Now Set Sights On Paypal (news.sky.com)
• Protests, cyber-skirmishes rage over WikiLeaks (sfgate.com)
• How Operation Payback Executes Its Attacks
• Wikileaks: Barriers to possible US Assange prosecution