Posted by Tom Foremski - September 12, 2013
The NSA Edward Snowden revelations are getting worse and worse for the reputation of leading Silicon Valley companies as the latest information shows that the US spy agency has masqueraded as Google to collect information on users.
Josh Harkinson reports in Mother Jones: Report: NSA Mimics Google to Monitor "Target" Web Users | Mother Jones
The NSA has impersonated Google and possibly other major internet sites in order to intercept, store, and read supposedly secure online communications. The spy agency accomplishes this using what's known as a "man-in-the-middle (MITM) attack," a fairly well-known exploit used by elite hackers.
This can't be good for business.
Google's Chrome browser offers some protection from MITM attacks.
Google Chrome maintains its own list of the public keys for Google webpages; the browser sends an alarm to Google headquarters if it detects any attempts to forge those sites.
However, it's not known if the NSA has demanded Google's keys so it can perform such surveillance without triggering any alarms. If this is the case, Google will face a hailstorm of criticism.
If the NSA is doing this for Google, it could disguise itself as other popular sites such as Facebook, and Twitter.
The leaked documents also show that the NSA has used MITM methods to spy on Brazilian oil company Petrobas indicating that it is harvesting information that might better be classified as industrial espionage, than terrorist tracking.
This could significantly harm business prospects for US cloud companies in foreign markets if they can't protect their systems from industrial espionage.
It could also set back by years the transition of IT systems to cloud-based hosts just as the cloud infrastructure is becoming better understood among businesses.Tweet this story Follow @tomforemski