Your browser is obsolete!

The page may not load correctly.

Spies are everywhere

Шпиономания

Other issues in this category (24)
  • add to favourites
    Add to Bookmarks

The agent code-named "Backdoor"

Read: 765 Comments: 3 Rating: 10

In the Soviet era, a caricature associated with an attempt that was made on the Pope's life was published in the humour magazine Krokodil: investigators armed with magnifying glasses looked for clues suggesting that the Kremlin's hand was involved, while a huge footprint with "the CIA" written in it was right next to them. Times change, but what about everything else?

Many media outlets have written about Russian hackers using backdoors to compromise the US elections. And the idea of "KGB agents" being involved in the anti-virus industry is as old as the hills. But since backdoors do exist, perhaps, someone does use them?

The US government doesn't require authorisation from its Foreign Intelligence Surveillance Court (FISA Court) to request that a provider deploy a backdoor in their products. To accomplish this, the government can use existing legislation, and should a company refuse to comply, it may still be compelled to do so by the court.

It appears that as of now, the FISA court must order a company to deploy a backdoor or weaken its encryption. A spokesperson for the Director of National Intelligence declined to comment. The government made its remarks in July in response to questions posed by Sen. Ron Wyden (D-OR) (https://www.documentcloud.org/documents/4320971-FISA-questions-July-2017.html#document/p18/a391108), but they were only made public this weekend.

US intelligence services gather information and conduct surveillance operations in accordance with section 702 of the Foreign Intelligence Surveillance Act.

The authorities can compel any company to circumvent encryption in any of their products.

https://www.anti-malware.ru/news/2017-12-05-1447/24993

Or here is another example: secret agents were using malware while an anti-virus was running—as a result, one Russian anti-virus product was banished from computers in US governmental institutions. So logically any other company exposing someone else's secrets would be treated the same way!

According to NBC, (https://www.nbcnews.com/tech/tech-news/uber-s-former-security-head-alleges-company-hired-ex-cia-n824621), during a court hearing, Uber's former security head Richard Jacobs claimed that the company employed ex-CIA agents to spy on its competitors worldwide.

https://www.anti-malware.ru/news/2017-11-29-1447/24941

Should Russian civil servants now be prohibited from using Uber?

#backdoor #vulnerability #exploit #spyware #surveillanc

Dr.Web recommends

Spy games are par for the course in contemporary life. The world is ruled by information, and if it can be stolen, the corresponding organisations will be doing just that. The conclusion is simple: as ordinary users, we can't do anything about backdoors in applications. We'll never know whether they exist or not.

However, we can protect our systems from intrusion via such backdoors or block suspicious activities.

As you know, WannaCry tried to sneak into computers via a loophole that became known as the result of a leak from a US secret service. And although Dr.Web knew nothing about the vulnerability, it was well aware an attempt was being made to penetrate system defences and blocked the attack. The Dr.Web Firewall can also be used to block suspicious activities.

And meanwhile:

German authorities have come up with new legislation that would compel all electronic equipment manufacturers to incorporate backdoors into their products, specifically for the needs of law enforcement agencies.

Germany's Interior Minister stated that the manufacturers supposedly had a "legal obligation" to equip their products with backdoors for the convenience of law enforcement agencies. He also wanted IT companies to disclose their "programming protocols" for further inspection. The law incorporates a clause that would empower German authorities to demand that companies reveal all the information related to the encryption routines they use.

And there’s more. Under the law, the German authorities would be able to "shut down private computers in the event of a crisis".

https://www.bleepingcomputer.com/news/government/germany-preparing-law-for-backdoors-in-any-type-of-modern-device/

Dr.Web is wondering…

Obviously, the secret services in one country won't share information about their backdoor with the intelligence agencies of another. But the latter will also be eager to have this option at their disposal. So it may happen that every device will contain a plethora of similar backdoors for each intelligence service in the world, or, perhaps, they will all be using the same loophole, but no one will know about it except for the respective manufacturer (and the secret agents who infiltrate its staff). A Kafkaesque turn of events, indeed!

P.S. While this issue was in production

To neutralise malware and keep your devices safe, we've designed protective features such as the Windows Defender anti-virus, Windows Defender SmartScreen, and the Malicious Software Removal Tool. ... Sometimes a report can include files containing malicious code. Files that contain no user data are sent to Microsoft automatically.

https://privacy.microsoft.com/ru-ru/windows10privacy

But those are honourable spooks. They can do whatever they please.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments