The Rise of State Sanctioned Hacking

Posted by on Sep 26, 2013

Businesses that compete on the global market have to contend with a wide range of security threats. Hackers could steal intellectual property, disrupt production, and attack digital assets for ideological motives as well as for personal profit. Internal leaks from cloud providers and disgruntled employees could dip into profits by revealing company secrets and leaking projects before their marketed release date. But the latest threat to business security comes from the rise of state sanctioned hacking. Whether under the banner of citizen espionage programs or large-scale coordinated attacks on political enemies and dissidents, instances of state-backed hackers are increasing each year. One of the best ways that companies can proactively protect their data is through exclusive storage and syncing with a secure cloud service that offers data privacy and user anonymity.

Courtesy of privacyinternational.org

Hacking Team

In 2001 a hacking program called Ettercap enabled the proliferation of spying, remote device control, and password cracking technology. Billed as a “comprehensive suite for man-in-the-middle attacks” this open source free program was intended as a security test mechanism for networks. But the program’s abilities quickly caught on in the hacking community. The Milan police department caught wind of the program and soon contacted its Italian developers, Alberto Ornaghi and Marco Velleri, to help them track the Skype calls of suspects. This became the catalyst for the start of the Milan-based hacking company called Hacking Team. This organization boasts 40 employees and offers commercial hacking programs to international law enforcement agencies. One troubling program developed by Hacking Team is Da Vinci. This citizen espionage program allows law enforcement to access more data than the controversial PRISM program conducted by the U.S. National Security Agency. Through Da Vinci, governments can access suspect phone conversations, Skype calls, webcams, computer microphones, and emails.

Courtesy of cisco.com

How Ettercap Works

Such broad trespasses of citizen digital rights come under the auspices of the “war on terror”. Unfortunately, these programs are mostly used to threaten and harass dissidents and political opponents. Back in July, the political dissident Ahmed Mansoor was attacked through malware while in Dubai. Governmental sources are suspected and reveal ramped up efforts to control political opposition in the light of the Arab Spring. The Moroccan activist Hisham Almiraat sought help from the Electronic Frontier Foundation to confirm a coordinated malware attack on journalists. According to Almiraat, “After the Arab revolutions happened, those governments have maybe realized they have to harness the power of the Internet and use those tools to try to scare activists, or try to spy on them and follow their steps.” The attack was traced back to Hacking Team software and resulted in a seven-month-long jail sentence for Ahmed Mansoor.

Ahmed Mansoor

The impression such examples give is that these programs are just part and parcel of living under oppressive regimes. But such state-backed hacking efforts are also prevalent in democracies like the United States. In an attempt to convict suspected child pornographer Eric Eoin Marques, the FBI admitted to hacking into the Tor network, which has been widely criticized for hosting exploitative content on its Freedom Hosting servers. Whether or not state-backed hacking is being used to put away dangerous criminals or to gain a tighter grip on citizen communications, international businesses should be aware of the threat of such governmental security breaches. Know that regardless of what governments claim publicly, recent leaks like Snowden’s revelation of the PRISM program show the huge discrepancy between what the government admits to doing and what they actually do in private.

Securing Data Online With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, users can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling safe mobile access.

Leave a Reply