Microsoft case shows the NSA is not a hacking threat; organized crime remains the biggest problem.
Ilya
The tragedy for Edward Snowden is that his efforts have been hijacked by vested interests. It goes without saying that the US and UK governments have tried to deflect interest from the message to the messenger – by labelling him a coward and a traitor, an FSB lackey and someone who has endangered the lives of military and intelligence operatives around the world.
But it’s not just governments that have commandeered the story. Snowden has been commoditized into a brand that is used to sell product. What he delivered has become subservient to the wishes of two industries in particular: the media and the security industry.
lia Kolochenko, CEO and Founder of High-Tech Bridge believes that both industries are in crisis; and both industries are using the Snowden phenomenon for their own ends.
The traditional print media is fighting for its life, trying to compete with the citizen journalists of the blogosphere who sometimes dismiss it as ‘the dead tree press’. That dead tree press needs to sell copy continuously and aggressively just to survive – which then means that any sure-fire subject needs to be used sparingly. To avoid public Snowden-fatigue, the news has to be maintained at a sensational level – and this means a little at a time and exaggerated as far as possible.
Consider the intelligence agencies’ catalogues of hacking tools – they’re actually simplistic rather than terrifying (See the NSA ANT catalog listed in Wikipedia; and GCHQ’s JTRIG catalog provided by The Intercept and transcribed by Bruce Schneier here). “A competent hacker could code ninety percent of those ‘tools’ in a single morning,” Kolochenko told me. In fact, he believes the entire NSA threat has been exaggerated out of all proportion.
Yes, they could probably hack any person of interest at any time. But it’s expensive. “Why should they bother when they can get what they want from the big cloud companies (Facebook, Google, Microsoft, all the personal cloud companies, etc) who hold gigabytes of user data – at any time and in most jurisdictions perfectly legally.”
There’s an interesting example right now. The US government has claimed the right to access Microsoft’s entire records on an Irish national that are stored on a server in Ireland. This isn’t just metadata, but full content including emails, and bank and credit card details. Microsoft is fighting this demand, but so far the courts have supported the government. Since Microsoft is a US company, US law enforcement can simply compel Microsoft to hand over the details. There is no need to go to the trouble of hacking the person.
The Snowden hype that comes from the media is feeding the second vested interest. “Even the largest security companies are trying to frighten existing and potential customers with tales of the security dangers revealed in the Snowden documents.”
In reality, he believes the security industry is struggling and in danger of meltdown. “The current situation is a little similar to the dot-com bubble at the end of the last century. Now, however, it is security firms. If you want to start a security firm – especially in the US – the money is there. The problem is, the talent isn’t. IT security is a domain that requires competent people, but people with poor qualifications are starting new security companies and working for existing security companies.”
The Snowden leaks are being hyped by the security industry in order to create the fear that will sell their products. “In short “Snowden is being used to save the security industry.”
This is not to say that we can relax our security posture. There is still a real threat out there. That threat, however, is more from organized crime than from the NSA or GCHQ. Kolochenko believes that the intelligence agencies actually do have our best interests at heart, and are driven by the desire to protect the country rather than monitor the citizen. Cybercriminals do not have that concern.
If the intelligence agencies have overstepped the mark, perhaps it has more to do with governments giving them excessive legal powers rather than an inherent desire to monitor the people. However, the problem that the Snowden leaks have created is that we are fearful of threats that don’t really exist, and we are increasingly turning to over-hyped security products that simply don’t deliver the security they promise.
About Ilia Kolochenko
Ilia Kolochenko is the CEO & President of information security and computer forensics company High-Tech Bridge. He holds a university degree with honors in Mathematics and Computer Science from the University of Geneva, Switzerland.
Prior to establishing High-Tech Bridge in 2007, Ilia worked as an IT security expert and manager with various financial institutions in Switzerland, including the World Bank, implementing complex IT security projects.
Ilia also served in the military in Frauenfeld, Switzerland.