Security continues to be a trend for political gain amongst leaders across the globe. The two trends that caught our eye the most involved the NSA, and the coalition for sharing intelligence known as Five Eyes.
First Published 3rd February 2016
Five Eyes.
2 min read | Reflare Research Team
At the recent Usenix Enigma Security conference, a chief NSA TAO (Tailored Access Operations) agent, Rob Joyce, gave a speech on how to stop the NSA from hacking your system. Joyce mainly gave instructions on security best practices rather than diving into any specific methods. He mentioned some favourite attack vectors such as mobile devices used on corporate networks or installed gaming clients. He also highlighted HVAC systems, a common vector used in the targeted attacks.
While Joyce's tips seem interesting, there is little concrete value in them. It is in the best interest of every government with hacking attack capabilities to frame itself as the "defender" and all other parties as the attackers. At the current time, defence against an all-out targeted government attack is virtually impossible for organizations with connected infrastructure.
Another political move this week involves Five Eyes. Five Eyes is a group of five countries, the US, Canada, New Zealand, Australia and the UK, that collaborate to share intelligence information. The Five Eyes alliance has been developing its surveillance technology for almost 70 years and was exposed in the Snowden whistleblowing incident.
This week, Canada dropped out of the alliance under the allegation that it was sharing private citizen metadata with the NSA. The keyword here is "metadata." Canada claims that it did not provide access to any true personal details such as names, addresses or emails. It also claims that the metadata alone did not provide enough information to identify any of its citizens. Although Canada shares information with the NSA, spying on any citizen is still considered illegal in the country.
Canada benefits from the agreement, so we expect the withdrawal to be temporary.
Both of these incidents continue to show that security is an ongoing trend in political circles. As voters become more and more aware of digital matters, cyber will increasingly be used as a political bargaining chip and feat tactic.