Tuesday, September 17, 2013

Boogeymen from the NSA/GCHQ

If you're an American, you can't help but feel the weight of the world's disdain for the deeds the National Security Agency (NSA) has been caught with. Domestic spying, infiltration of international targets and who knows what else have given the world's hackers a target painted squarely on US interests. Private organizations and government agencies are the target for hackers seeking to make a point, like this one - a hacking of the NASA websites. This has done American tech companies a massive disservice for a number of reasons...

  1. Cloud - good luck trying to sell the European Union on cloud services based in the US, or from US-based companies. Hereforth we'll have to answer for the extensive erosion of trust that the NSA has accomplished. Good luck getting your US-based cloud service sold to any organization outside the US in the near term.
  2. Hacktivism- globally, hacktivists have mobilized against the US (and UK via GCHQ) spy agencies. The problem is that hacktivists are opportunistic and often pick low-hanging and weak targets such as the NASA site cited above. US businesses, government agencies, and anything exposed will continue to be the target into the foreseeable future for this hacktivist, anti-spying, anti-US war mongering campaign. For the record, I'm not implying that this is something new - only that there is a renewed sense of common enemy.
  3. Boogeymen - have you noticed that nearly every time there has been even a minor incident involving hacking, malware, or infiltration immediately the question of GCHQ and NSA comes up? This story on Belgacom's issue with malware takes up the NSA and GCHQ boogeyman, as if on queue. Of course, the accusation of infiltration from the NSA may be entirely valid, but at this point (of this writing) it's entirely unsubstantiated, publicly.
What makes this whole thing worse is that now the mainstream media will have something to feed on for the next few months. Every intrusion, discovered hack or malware infestation will be the NSA. Driving this type of hype is not only distracting, but can actually cause harm to those of us trying to bring sanity to the adversary conversation.

If you're on the defense - understand that you're a target even if you're a government 3-letter agency. Keep your guard up extra, but as far as I can tell the good news is that much of this hacktivism is defacements and protest - very little of it is actually destructive or otherwise malicious.

Remember, they're from the government, they're here to help.

No comments: