Thursday, March 4, 2010

Reported Google Hack Opens Pandora's Box- Unlimited Cyber Surveillance?

Reuters- Google China hackers stole source code
The hackers behind the attacks on Google Inc and dozens of other companies operating in China stole valuable computer source code by breaking into the personal computers of employees with privileged access, a security firm said on Wednesday...

George Kurtz, chief technology officer at anti-virus software maker McAfee Inc... said on Wednesday that he believes that the hackers, who have not been apprehended, broke through the defences of at least 30 companies, and perhaps as many as 100.

Kurtz said the hackers succeeded in stealing source code from several of their victims.

The attackers also had an opportunity to change the source code without the companies' knowledge, perhaps adding functions so the hackers could later secretly spy on computers running that software, Kurtz said.
Now that Google and these other companies (including Adobe, Symantec, Yahoo) are reported to have been hacked, they have a new excuse if ever challenged on the content of their source code-

"We didn't know THAT was in there. The Chinese hackers must have done it."

Related from The Washington Post- Google to enlist NSA to help it ward off cyberattacks

You see- "The NSA isn't spying on you through Google's source code. It must be those Chinese hackers."

Related from CNET- FBI's Net surveillance proposal raises privacy, legal concerns
April 25, 2008- The FBI director and a Republican congressman sketched out a far-reaching plan this week for warrantless surveillance of the Internet...

Because the FBI would run into serious problems doing wide-scale Internet surveillance under existing state and federal law, step 2 may be necessary. That means rewriting U.S. surveillance law.
Think about this. If you were tasked with the creation of "a far-reaching plan for warrantless Internet surveillance", wouldn't it be quicker and easier to simply add the surveillance code and blame it on Chinese hackers- instead of first taking up the task of rewriting U.S. surveillance law?

Don't get me wrong- I am still very concerned about the Chinese communists.  However, the report that the hackers have not been apprehended, coupled with the report that these companies may not be able to notice or track malicious changes in their source code- it raises flags.

Reuters source article found linked on Drudge.

No comments: