Other issues in this category (26)
The agent code-named "Backdoor"
Thursday, April 19, 2018
In the Soviet era, a caricature associated with an attempt that was made on the Pope's life was published in the humour magazine Krokodil: investigators armed with magnifying glasses looked for clues suggesting that the Kremlin's hand was involved, while a huge footprint with "the CIA" written in it was right next to them. Times change, but what about everything else?
Many media outlets have written about Russian hackers using backdoors to compromise the US elections. And the idea of "KGB agents" being involved in the anti-virus industry is as old as the hills. But since backdoors do exist, perhaps, someone does use them?
The US government doesn't require authorisation from its Foreign Intelligence Surveillance Court (FISA Court) to request that a provider deploy a backdoor in their products. To accomplish this, the government can use existing legislation, and should a company refuse to comply, it may still be compelled to do so by the court.
It appears that as of now, the FISA court must order a company to deploy a backdoor or weaken its encryption. A spokesperson for the Director of National Intelligence declined to comment. The government made its remarks in July in response to questions posed by Sen. Ron Wyden (D-OR) (https://www.documentcloud.org/documents/4320971-FISA-questions-July-2017.html#document/p18/a391108), but they were only made public this weekend.
US intelligence services gather information and conduct surveillance operations in accordance with section 702 of the Foreign Intelligence Surveillance Act.
The authorities can compel any company to circumvent encryption in any of their products.
Or here is another example: secret agents were using malware while an anti-virus was running—as a result, one Russian anti-virus product was banished from computers in US governmental institutions. So logically any other company exposing someone else's secrets would be treated the same way!
According to NBC, (https://www.nbcnews.com/tech/tech-news/uber-s-former-security-head-alleges-company-hired-ex-cia-n824621), during a court hearing, Uber's former security head Richard Jacobs claimed that the company employed ex-CIA agents to spy on its competitors worldwide.
Should Russian civil servants now be prohibited from using Uber?
The Anti-virus Times recommends
Spy games are par for the course in contemporary life. The world is ruled by information, and if it can be stolen, the corresponding organisations will be doing just that. The conclusion is simple: as ordinary users, we can't do anything about backdoors in applications. We'll never know whether they exist or not.
However, we can protect our systems from intrusion via such backdoors or block suspicious activities.
As you know, WannaCry tried to sneak into computers via a loophole that became known as the result of a leak from a US secret service. And although Dr.Web knew nothing about the vulnerability, it was well aware an attempt was being made to penetrate system defences and blocked the attack. The Dr.Web Firewall can also be used to block suspicious activities.
German authorities have come up with new legislation that would compel all electronic equipment manufacturers to incorporate backdoors into their products, specifically for the needs of law enforcement agencies.
Germany's Interior Minister stated that the manufacturers supposedly had a "legal obligation" to equip their products with backdoors for the convenience of law enforcement agencies. He also wanted IT companies to disclose their "programming protocols" for further inspection. The law incorporates a clause that would empower German authorities to demand that companies reveal all the information related to the encryption routines they use.
And there’s more. Under the law, the German authorities would be able to "shut down private computers in the event of a crisis".
Dr.Web is wondering…
Obviously, the secret services in one country won't share information about their backdoor with the intelligence agencies of another. But the latter will also be eager to have this option at their disposal. So it may happen that every device will contain a plethora of similar backdoors for each intelligence service in the world, or, perhaps, they will all be using the same loophole, but no one will know about it except for the respective manufacturer (and the secret agents who infiltrate its staff). A Kafkaesque turn of events, indeed!
P.S. While this issue was in production
To neutralise malware and keep your devices safe, we've designed protective features such as the Windows Defender anti-virus, Windows Defender SmartScreen, and the Malicious Software Removal Tool. ... Sometimes a report can include files containing malicious code. Files that contain no user data are sent to Microsoft automatically.
But those are honourable spooks. They can do whatever they please.