Ever since the revelations from Edward Snowden regarding the United States’ National Security Agency (NSA) mass interception of online communications, many individuals have taken measures to secure their data connections. Use of services designed to improve personal privacy has spiked, and many companies – like Google and Facebook – have begun fully encrypting traffic on their networks to try and avoid the prying eyes of spooks.
Few however, fully understand the scale of the issue, says NSA that’s Jacob Appelbaum, an independent computer security researcher, hacker and key member of the Tor Project. Speaking at the ITWeb Security Summit in Johannesburg he urged South African companies to do a lot of research into who makes their kit before making major purchases.
Appelbaum says that while Snowden’s name remains on everyone’s lips, Few understand that the NSA isn’t the only problem. While the Americans have been fingered for some of the biggest spying activities, he says, the UK is worse.
Appelbaum detailed how the UK’s Government Communications Headquarters (GCHQ) uses a clandestine security electronic surveillance program called Tempora to pervasively monitor the data traffic of Britain.
“With something like Tempora in the UK, they have something like a week or 72-hours of buffer time. Every byte that flows in and out of the UK is in that buffer – every byte. It’s not metadata and content separated,” says Appelbaum, “With XKeyScore (a former surveillance program used by the NSA) the buffer time is actually 30 days or more, and the content depends on the content, storage and cooling capacity of that system. Now for Tempora, that is an extreme system, and that is because the GCHQ is even more lawless than the NSA actually. Which would make sense, as they are a theocracy, so I kind of expect worse from them. And I’m glad to see that the US is not the biggest a-hole on the planet – for once. The gloves for them are totally off.”
The security researcher, who helped to expose the fact that German Chancellor Angela Merkel‘s phone was being illegally tapped, explained that internet users don’t need to fight the NSA: just for a world where the internet is equal.
“We don’t have to talk about defeating the NSA. We have to talk about a world where there is equality on the network, where the digital totalitarian has to control the means of reproduction, not just the production. We have to be able to securely communicate, communicate in a way where we have integrity and confidentiality in our communications; where we don’t rely on someone else to give us the liberty that we have until we give it up on the network. It’s a strange way to look at it, but it’s a collective struggle.”
To drive the message home of just how ubiquitous the covert usage of the internet is, Appelbaum says that malicious software that gathers information on internet users has infiltrated not only the internet, but also the physical hardware that powers and is connected to it.
“You have tactical toolkits that allow you to weaponise and do crazy things. Stuff for everything from hard drives and firmware to BIOS on a computer to anything you can imagine, to including stealing your (physical) mail and adding a chip, repackaging it and mailing it onward. If you buy, for example, Cisco gear in the US and ship it to South Africa… oh boy… it’s a big fucking mistake.”
According to Applebaum, it doesn’t matter who you are – everyone is a target. Especially if you have an interesting job description. He cited the example of Belgian mobile service provider Belgacom, which was completely infiltrated by the NSA and GCHQ not because they were Al-Qaeda, but because some interesting people may have used their network.
“The NSA and GCHQ compromised them completely – backdoored their routers and basically had access to the entire Belgacom network. And I have heard that they are actually still in today, that they have pieces of hardware that they can’t replace, that they are locked out of because of service contracts. I don’t know if that is public knowledge, but who cares… you should know about it. It’s a really serious problem. And this is because those people were useful.”
With all the prying eyes of the ‘net looking down at every user’s keystroke and information, what can be done to secure connections? Well, Applebaum recommended a number of possible solutions to combat the NSA and other agencies doing the spying:
* Free and open-source software, such as the GNU Operating System
* Free and open-source hardware, like from the Novena project
* Making use of cryptography
* Making use of the Tor Browser, Off-the-record, TextSecure or RedPhone
* A number of legal reforms
“There is no honour among thieves. So what we have to do, is make sure that the thieves can’t be thieves any more. And to do that we need to change the laws,” Applebaum concluded. “I would urge people to look at the long view. The long view, especially in Africa, there is a kind of neo-colonialism in place between the Chinese government and the US government. And they are racing to install as much network equipment as they possibly can across the entire continent.
“Whichever one wins on the internet, has colonised that country’s internet systems. If you look at South Africa, who installed those systems? Are they South African telephone switches? Probably not.”[Image – Flickr Creative Commons/Gregor Fischer]