News from Brazil has come explaining how the NSA performed a Man In The Middle (MITM) attack on a state owned Brazilian oil company, imposing as Google with a fake security certificate. This type of attack is especially concerning because this method of attack can intercept data without either party being aware of it happening. This circumvention of Google security has gained a response from Google stating that they "have no evidence of it ever happening" and that they only provide data in accordance to the law. A MITM attack is generally risky for the attacker because the service being attack has a list of the accepted public keys and an alarm will be sent by the browser if the request is forged. Security experts claim that the NSA has focused its attacks narrowly on its highest-priority targets due to the time and other resources needed to defeat encryption. Google has recently redoubled its efforts to encrypt its vast stores of information to protect against the NSA and other foreign intelligence agencies.
It is not clear whether this recent attack from the NSA has provoked this effort despite Google's claim they they are unaware of any such attack. The NSA claims that it always acts in defense and denied claims that it has used its surveillance programs for use in foreign economic espionage. The NSA has been fond of getting court orders for access to data and prohibiting their targets from talking about it. If a Brazilian oil company was able to track their data to either the NSA or their UK counterpart, it would seem very likely that Google would have the capability to do so as well. The NSA has in the past made companies reduce their encryption to perform similar attacks according to Snoden's documents which were released in the Guardian on Thursday. Eric Grosse, vice president for security engineering at Google commented on the allegations saying "This is just a point of personal honor, It will not happen here".
Despite Google's involvement. whether involuntary or nonexistent, the NSA has performed an international attack on a foreign state owned company under the guise of a corporation. Despite the organization's blatant lies about its activities and apparent truthfulness to congress, little attention is being brought up about the issue. The building of loopholes into digital security systems and silencing of companies about their activities raises serious red flags about privacy. Most major media sources are not reporting on the issue, and whether this is because of a public tech divide or more silencing by the NSA is unknown. The blanket spying was approved by the Obama administration and secret courts and now even president Obama has requested the courts for more transparency. Without any public address about the breaking of laws and its activites, I feel that the international community will continue to remove its assets and distrust will increase.
(source:http://news.cnet.com/8301-13578_3-57602701-38/nsa-disguised-itself-as-google-to-spy-say-reports/)
No comments:
Post a Comment