We found a great read over at The Intercept. That’s the Pierre Omidyar backed experiment in adversarial journalism which wants to blow open more of the NSA’s papers as well as to publish stories that challenge the status quo. They are very serious about their passions over there.
And, while we have to applaud them for this article, the thought of fearing cat videos fills with a sense of sadness. This may signal the end of the Internet for the vast majority of mankind because you take away cats then what else is the Internet good for?
But seriously folks, the real target of the piece is “network injection appliances” that are sold by companies like Hacking Team adn FinFisher. These devices are purported to be responsible for the nastiness of various regimes in regards to surveillance of their citizenry. The article names incidence of their malicious use in places like Bahrian, Morocco and Ethiopia.
The appliances in question are racks of servers that ISPs can install to exploit vulnerabilities in target machines. So, someone calls up a cat video on YouTube. The stream is unencrypted and can be used to to intercept the flow of traffic to a target machine and to place malicious code on that machine. Total control over someone’s computer hidden inside a virtual cat and you can have one for about $1 million. That’s peanuts to regimes that really want to stick it to their unruly citizenry.
It kind of sucks. No, it sucks big time, actually, that this kind of thing can happen and that their are companies out there making money from selling the means to do it.
Many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites. People also think that the NSA and its international partners are the only ones who have turned the internet into a militarized zone. But according to research I am releasing today at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, many of these commonly held beliefs are not necessarily true. The only thing you need to do to render your computer’s secrets—your private conversations, banking information, photographs—transparent to prying eyes is watch a cute cat video on YouTube, and catch the interest of a nation-state or law enforcement agency that has $1 million or so to spare.
To understand why, you have to realize that even in today’s increasingly security-conscious internet, much of the traffic is still unencrypted. You might be surprised to learn that even popular sites that advertise their use of encryption frequently still serve some unencrypted content or advertisements. While people now recognize that unencrypted traffic can be monitored, they may not recognize that it also serves as a direct path into compromising their computers.