How NSA and government spying favored cybercriminals
Thousands of security professionals attended last month the annual conference organized by RSA Security, the security company which created the “public key cryptosystem”, i.e. RSA encryption, in order to sell their new equipment.
According to The Guardian, the 2014 edition differed from previous ones. This year, RSA had to defend itself against a panel of specialists about the alleged commercial deal of $10 million with the NSA, the American National Security Agency, to incorporate a faulty encryption in its products.
Art Coviello, CEO and president of RSA, managed to convince some attendees that no such deal was made, and he assured everyone that RSA was complying with NIST (National Institute of Standards and Technology, a US government institution) recommendations.
Other participants voiced their skepticism. Amongst other criticisms against the NSA concerning privacy intrusions worldwide, a new concern emerged: mass spying has paradoxically facilitated illegal activities of cyber criminals. They have adapted the hacking techniques of the NSA, according to The Guardian.“Phishing and hooking techniques used against the Dalai Lama by the Chinese police in 2008 were copied par Russian crooks in order to steal American enterprises funds in 2010” said Ross Anderson, professor of security engineering at Cambridge University. “An even greater number of persons have understood the scope of possibilities”. Currently, the encryption is one of the protection steps provided to the users.
Encryption expert Bruce Schneier explained that we are witnessing the emergence of NSA techniques to hack routers in criminal affairs. Some delinquents already use the same hacking methods of mobile units and spying with webcams as those of the NSA. “Secret programs will be the cornerstone of future PhD theses and of hacking tools to tomorrow’s hackers” the expert explained. The use of backdoors (unknown to the legitimate user, which gives secret access to the software) in various products benefit all hackers. The enterprises which have allowed the use of these techniques have not only given access to intelligence agencies but also to hackers. Today security agencies, as well as criminals, exploit cracks in the system such as “Zero-day”, vulnerabilities unknown to the public which are operational on certain products and software” the expert added.
“Governments buy these Zero-day devices. Suppliers openly admit that the authorities are the largest buyers” explained Jason Steer, FireEye’s director of technological strategy.
But the NSA is not the only organization which facilitates cybercrime, knowingly or not. By using cyber tools in their cyber wars, governments of various countries have damaged the cooperation against cybercrime, according to Art Coviello. The introduction by government spying agencies (aside from traditional intelligence agencies) of spiteful software in worldwide networks provides even more tool to hackers. “Concerning cyber arms, the Pandora box has been opened, and unlike nuclear weapons, cyber arms are easily spread and can be modified by the developers” warned Coviello.