24
January
2010
|
12:54 PM
America/Los_Angeles

Top Security Expert Confirms GOOG's Internal 'Spying' System Was Hacker Target

Ten days ago, SVW reported: Chinese Hackers Targeted GOOG's Internal Spy System

And: GOOG v China Highlights Security Risk Of Wiretapping Systems

This was confirmed today, by Bruce Schneier, a top security expert, writing on CNN.com:

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access...Systems like these invite misuse...China's hackers subverted the access system Google put in place to comply with U.S. intercept orders.

This shows the danger of wiretapping systems, they magnify security risks because they are already collecting data that hackers seek. Much better to hack into the honeypot than to buzz around collecting the data yourself.

Did Google become embarrassed by this security weakness and invoke 'human rights' as an excuse to leave China? I hope it was something else but we don't have the complete story yet.

Here is more from Bruce Schneier:

In the aftermath of Google's announcement, some members of Congress are reviving a bill banning U.S. tech companies from working with governments that digitally spy on their citizens. Presumably, those legislators don't understand that their own government is on the list.

...The problem is that such control makes us all less safe. Whether the eavesdroppers are the good guys or the bad guys, these systems put us all at greater risk. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in. And it's bad civic hygiene to build technologies that could someday be used to facilitate a police state.

- - -

Please see:

US enables Chinese hacking of Google - CNN.com


Chinese Hackers Targeted GOOG's Internal Spy System


GOOG v China Highlights Security Risk Of Wiretapping Systems