Friday, May 8, 2015

NSA's plan: improve cybersecurity by cyber-attacking everyone else

I can do whatever I want to do to you, & if I even hear a peep out of you, then you will be branded as a terrorist for life. Sounds like modus operandi of a bully.
---------------------------------------------------------------------------------




The National Security Agency wants to be able to hack more people, vacuum up even more of your internet records & have the keys to tech companies’ encryption – &, after 18 months of embarrassing inaction from Congress on surveillance reform, the NSA is now lobbying it for more powers, not less.

NSA director Mike Rogers testified in front of a Senate committee ..., lamenting that the poor ol’ NSA just doesn’t have the “cyber-offensive” capabilities (read: the ability to hack people) it needs to adequately defend the US. How cyber-attacking countries will help cyber-defense is anybody’s guess, but the idea that the NSA is somehow hamstrung is absurd.

The NSA runs sophisticated hacking operations all over the world. A Washington Post report showed that the NSA carried out 231 “offensive” operations in 2011 - & that number has surely grown since then. That report also revealed that the NSA runs a $652m project that has infected tens of thousands of computers with malware.

And that was 4 years ago - it’s likely increased significantly. A leaked presidential directive issued in 2012 called for an expanded list of hacking targets all over the world. The NSA spends ten of millions of dollars per year to procure “‘software vulnerabilities’ from private malware vendors” – i.e., holes in software that will make their hacking much easier. The NSA has even created a system, according to Edward Snowden, that can automatically hack computers overseas that attempt to hack systems in the US.

Moving further in this direction, Rogers has also called for another new law that would force tech companies to install backdoors into all their encryption. The move has provoked condemnation & scorn from the entire security community - including a very public upbraiding by Yahoo’s top security executive - as it would be a disaster for the very cybersecurity that the director says is a top priority.

And then there is the Cybersecurity Information Sharing Act (CISA) the downright awful “cybersecurity” bill passed by the Senate Intelligence Committee ... in complete secrecy that is little more than an excuse to conduct more surveillance. The bill will do little to stop cyberattacks, but it will do a lot to give the NSA even more power to collect Americans’ communications from tech companies without any legal process whatsoever. The bill’s text was finally released a couple days ago, &, as EFF points out, tucked in the bill were the powers to do the exact type of “offensive” attacks for which Rogers is pining.

No comments:

Post a Comment