Reflare Weekly Security Briefing 2016-05 - Security in Politics #2
Security continues to be a trend for political gain. The two trends this week involved the NSA and the coalition for sharing intelligence known as Five Eyes.
At the recent Usenix Enigma Security conference, a chief NSA TAO (Tailored Access Operations) agent, Rob Joyce, gave a speech on how to stop the NSA from hacking your system. Joyce mainly gave instructions on security best practices rather than dive into any specific methods. He mentioned some favorite attack vectors such as mobile devices used on corporate networks or installed gaming clients. He also highlighted HVAC systems, which is a common vector used in the target attacks.
While Joyceâ€™s tips seem interesting, there is little concrete value in them. It is in the best interest of every government with hacking attack capabilities to frame itself as the â€œdefenderâ€ and all other parties as the attackers. At the current time, defense against an all out targeted government attack is virtually impossible for organizations with connected infrastructure.
Another political move this week involves Five Eyes. Five Eyes is a group of five countries â€“ the US, Canada, New Zealand, Australia and the UK â€“ that collaborate sharing intelligence information. The Five Eyes alliance has been developing its surveillance technology for almost 70 years and was exposed in the Snowden whistleblowing incident.
This week, Canada dropped out of the alliance under the allegation that it was sharing private citizen metadata with the NSA. The keyword here is â€œmetadata.â€ Canada claims that it did not provide access to any true personal details such as names, addresses or emails. It also claims that the metadata alone did not provide enough information to identify any of its citizens. Although Canada shares information with the NSA, spying on any citizen is still considered illegal in the country.
Canada benefits from the agreement, so we expect the withdrawal to be temporary.
Both of these incidents continue to show that security is an ongoing trend for political moves. As voters become more and more aware of digital matters, cyber will increasingly used as a political bargaining chip and feat tactic.