Cyber security: Irrevocably insecure

Photo above: The NSA’s Utah Data Center, where they keep all their information on you. (Wikipedia)

For those who have complained that it’s become a legal standard to treat corporations as “people” via the 2010 Supreme Court ruling of Corporate Personhood in Citizens United v. Federal Election Commission, be assured that they are not held to the same standards when it comes to actual punishment — or negative consequences of any kind.

Lenovo, a Chinese software giant and one of the top producers of the PCs you might find at your local Best Buy, are only now facing lawsuits for installing spyware on their products. Prior to purchase, Superfish — a spying adware that keeps track of user habits and internet history/usage — was installed on their PCs. Customers allowed this privacy breach unaware of Superfish’s presence on their computers, not to mention the risks they were taking in using Lenovo’s product.

This, combined with recent evidence that suggests the NSA has been installing spyware on hard drives for security and surveillance reasons, is nothing to be taken lightly.

I’ve already written about the possibility of “cyber wars” before: Essentially, the U.S. and the U.K. are in talks regarding setting up a war games scenario and testing out the security of our internet and banking systems to prepare for an international hack that could expose the most personal and volatile of information. Now, it seems that our own government, and the products which they allow to be marketed to the public, are an exception.

Most have heard the expression (or at least the sentiment) that “absolute power corrupts absolutely.” Though many might shrug it off and call the herald a cynic, it’s notable that government officials, such as our very own U.S. Navy Admiral Michael Rogers, assert that the NSA is in “[full compliance] with the law.” If that’s true, maybe we should start looking more critically at what the legalities really mean in this context.

The modern interpretation of security is, perhaps, not so compatible with seemingly dated views of how the law ought to provide that security, who it protects, and from which threats.

For the most part, many of our laws were created in a time when the primary purpose was to protect property and to preserve wealth. Now, our property, wealth, assets, livelihoods and well-being exist in a complex network of systems, most — if not all — of which are online.

Edward Snowden, who is written as either a hero or a traitor depending on which source you’re reading, has been ever the hot topic lately given his willingness to speak on the surveillance programs in the U.S. Snowden, a former contractor for the NSA, has attracted enough attention to go into hiding, and yet multiple accusations of government spyware on SIM cards and the NSA overstepping their bounds have prompted only denials of illegal activity, rather than tangible evidence to the contrary.

Although I’m not one for scare tactics, and am not particularly fond of conspiracy theories, the scariest facts in this case have not yet been relayed. So far, we know two semi-terrifying truths:

(1) Lawsuits against Lenovo have been filed as of this February, and yet incidents like the Target security breach made far more headlines, prompted more public distrust and were taken far more seriously.

(2) The government doesn’t see a need to actually prove itself trustworthy or explain its actions in regards to how it provides our “security” while installing spyware on our technological devices.

What could be more frightening? Well, according to Lucas Mearian and the tech experts at ComputerWorld.com, it is almost impossible to ascertain whether or not your computer has such government-installed spyware.

Malware has been developed that has the ability to remain undetectable on your hard drive, as it is not able to be scanned by antivirus programs. A software program known only as “the Equation Group” was reported by Kaspersky Lab, a Russian producer of security software. It is believed to be connected to the NSA. By blocking any antivirus scan from actually scanning the firmware, a malware listed as “Fanny” (again, reportedly created by the NSA) can change the drive permanently.

Furthermore, this type of activity has been going on for more than twenty years, with the earliest known traces dating back to 1996. That’s a lot of time, a lot of data, and years of abuse, all potentially on the shoulders of Uncle Sam.