Little Rock If we asked the question plainly: is there any way that we can be protected from hacking? The answer is likely either, “No,” or maybe more optimistically, “not completely.”
At some level this is a problem for everyone. Or at least everyone with access to the internet or perhaps a car or mobile phone or any number of other devices from household appliances to alarm systems to washing machines. Two consultants told a morbid joke among hackers that went like this: what is a self-driving car? Answer: a computer that can go 100 miles per hour. Working for various automobile companies they were fairly easily able to hack a car’s computer system and take over braking, steering and other functions.
The recent worldwide ransomware crisis that may have originated in North Korea, though no one seems positively sure, hit countries, businesses, and others, both high and low, for a potential take that, if fully paid, would have been close to half-a-billion dollars. The US and France have both identified hackers connected with Russia that have penetrated voting systems, though there is still no evidence that they actually tampered with voting. A brief period of inattention where you open a random email might introduce a virus that takes over your computer and compromises your email as we found in the trove of emails hacked from the Clinton campaign and then dumped into the middle of the political process.
Activists and organizers working in autocratic countries with fewer controls on the state are hugely at risk. In Egypt according to a report by The Economist, “nearly 100…hacking attempts” have been made “to gain information from some of the country’s most prominent NGOs and journalists.” There is a lucrative cottage industry of computer companies that sell spying and hacking services to Middle Eastern countries and others without robust local capacity. The Italian company, Hacking Team, was itself hacked in 2015, and it turned out they had contracts with Morocco, the United Arab Emirates, and Egypt. NGOs and others have tracked Fin-Fisher, a German outfit, to Egypt, Saudi Arabia, and Turkey. Netsweeper, a Canadian company, won a $1.2 million contract from Bahrain that was disguised as a website solution contract, but seems to have been used to spy on dissidents. Citizen Lab, a renowned Canadian research institute that tracks these matters followed up on a UAE text message to a human-rights advocate there at his request and discovered the link was from NSO, an Israeli company in the spyware sales business with governments. Citizen Lab found software flaws that allowed NSO to turn an iPhone into a cyberweapon that may have cost as much as $1 million.
Meanwhile the ransomware crisis was the result of a hacked NSA tool, and NSA is now hoping for reauthorization of its phone spying, metadata operation in the USA. When the government is doing it, there’s no way to get governments to crackdown on the abuses. When techies are willing to sell back doors to anyone, locking the front door hardly matters.
For now, Moxie Marlinspike and face-to-face conversations seem like the only sure things out there, and the only one with a 100% guarantee is face-to-face. No sense in being paranoid, but you sure can’t be too careful. Oh, and speaking for the techno-peasants among us, do what I say, not what I do!