Privacy Advocates Cite NSA Hack as Vindication of Apple's Fight With FBI

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Aug 22, 2016.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Privacy advocates have claimed the breach of hacking tools and exploits apparently stolen from the National Security Agency has vindicated Apple's stance in its dispute with the FBI earlier this year.

    Last week, reports emerged that a hacker group called the "Shadow Brokers" had allegedly stolen a cache of the NSA's top espionage tools and offered to sell them to the highest bidder.

    The malware was linked to the "Equation Group", a secretive team of cyber spies widely believed to be associated with the NSA and its state partners. The hacking collective that stole the malware posted two sets of files online, including a free sample of the stolen data, which dates back to 2013, and a second encrypted file whose decryption key went up for sale in a bitcoin auction. Many saw the auction as a stunt.

    But the attack code posted by the hackers appeared to be real, according to former NSA personnel who worked in the agency's hacking division, known as Tailored Access Operations (TAO).

    "Without a doubt, they're the keys to the kingdom," said one former TAO employee, who spoke to The Washington Post on the condition of anonymity to discuss sensitive internal operations. "The stuff you're talking about would undermine the security of a lot of major government and corporate networks both here and abroad."

    "It's a big deal," said Dave Aitel, an ex-NSA research scientist and CEO of penetration testing firm Immunity. "We'd be panicking." Whistle-blowing website Wikileaks tweeted that it also had the data and would release it "in due course".

    News of the leak has been closely followed by technology companies, many of whom pushed back against the U.S. Senate Intelligence Committee's attempts to force them to provide "technical assistance" to government investigators seeking locked data.

    The failed attempt to enact legislation came after Apple publicly clashed with the FBI over the government agency's insistence that it create a "back door" to its iPhone software.

    The FBI claimed the software was needed to break into the iPhone owned by Syed Farook, one of the shooters in the December attack in San Bernardino, California. Apple refused to comply with the request, claiming that the code would lead to weaker smartphone encryption and inevitably get into the wrong hands.

    Now, after a top-secret archive of some of the NSA's own exploits having been leaked online, privacy advocates are suggesting Apple's stance has been vindicated.

    "The component of the government that is supposed to be absolutely best at keeping secrets didn't manage to keep this secret effectively," said Nate Cardozo, a senior staff attorney with the Electronic Frontier Foundation who spoke to Business Insider.
    Ex-NSA scientist Aitel believes the most likely scenario is that an insider walked out of a secure area with this data on a USB key, which could have been sold or stolen. "No one puts their exploits on a [command-and-control] server," Aitel said. "That's not a thing."

    Another possibility suggested by NSA whistleblower Edward Snowden is that the malware toolkit was stolen from a "staging server" or segregated network outside the walls of the NSA, where it was used for conducting attacks. Snowden has also pointed to Russia as the chief suspect behind the leak.

    News of the hack has also raised new questions about the legalities of government hacking, since many of the "zero day" exploits included in the leak have never been disclosed to the companies whose hardware is affected.

    A policy framework called the Vulnerabilities Equities Process outlines how and when the state should disclose a vulnerability to an affected company if the larger security risk is greater than the reward it could yield. The FBI has informed Apple of security flaws in older versions of iOS and OS X in the past under the VEP framework.

    However, Cardozo argues that the rules are "completely broken" because the VEP guidance is a non-binding policy created by the Obama administration, rather than an executive order or law. "We need rules, and right now there aren't any," Cardozo said. "Or at least none that work."

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: Privacy Advocates Cite NSA Hack as Vindication of Apple's Fight With FBI
  2. keysofanxiety macrumors G3


    Nov 23, 2011
    Oops. Wish I could say this news was surprising. It was only a matter of time.
  3. lowendlinux Contributor


    Sep 24, 2014
    North Country (way upstate NY)
    Well I guess it's about time to make the VEP guidance binding and monitored.

    Oh yea and why not throw a few bucks at the EFF they do good work
  4. Porno macrumors member


    Jul 21, 2016
    and people ask Europeans why u don't like Ameriguns....
  5. vmistery macrumors 6502a

    Apr 6, 2010
    Not in the Politics section! Also I did think to myself the other day I hadn't seen an FBI vs Apple article in a while!
  6. OllyW Moderator


    Staff Member

    Oct 11, 2005
    The Black Country, England
    I'm sure it will be soon.
  7. moeafg macrumors member

    Mar 31, 2014
    So.. they wanted Apples backdoor exploit and stated that they would "keep it safe and secure" but couldn't keep their own "safe and secure"? K.
  8. SGT.GREER Suspended


    Jun 27, 2016
  9. soupcan macrumors 6502a


    Nov 21, 2014
    Should say something about the state of governmental IT projects/security when the flipping NSA gets its data stolen.

    Quick everybody, buy tons of 128GB iPhone 5S/6/6s's and store all the data on that!
  10. skinned66 macrumors 65816


    Feb 11, 2011
    Ottawa, Canada
    Couldn't have happened to a more honest organization.
  11. iF34R macrumors 65816


    Jul 13, 2011
    South Carolina
    "Told ya so"... lol That's the reply Apple will give out.
  12. VulchR macrumors 68020


    Jun 8, 2009
    OK, so no doubt most of us are in agreement that providing back doors for NSA is self-defeating and silly. The question is how we get the message through to Congress....
  13. BvizioN macrumors 601


    Mar 16, 2012
    Manchester, UK
    Europeans are among the worst when it comes to data protection and privacy!
  14. VulchR macrumors 68020


    Jun 8, 2009
    Based on what evidence? I work for a UK university. Believe me, they take data security and privacy very seriously indeed.
  15. BvizioN macrumors 601


    Mar 16, 2012
    Manchester, UK
    What? In the UK where the government wants to force tech companies to decrypt protected devices? Oh yeah, we take security and privacy very seriously. Same thing with the France.
  16. bpcookson macrumors 6502


    Apr 6, 2012
    This is a fantastic article to share with folks who didn't understand the issues at the time or actively wanted Apple to submit to our government's illegal request.
  17. djcerla macrumors 68000


    Apr 23, 2015
    This is the knock-out punch for the Backdoors Party.
  18. apolloa macrumors G4

    Oct 21, 2008
    Time, because it rules EVERYTHING!
    Soooo.... A hacking group of ex NSA employees hacks the NSA and offers to sell the information to the highest bidder, and other ex NSA staff state the information is 'the keys to the kingdom'

    No offence America but I SERIOUSLY suggest you vet your security agency staff better! I mean the Navy Seal guy who breached his NDA and Official Secret Serviced Act agreement, by writing about his part in killing Bin Laden has had to give up all his royalties, because the US government sued him over but the secrets he leaked are still out in the open. Surely he should have been jailed?

    Perhaps your military and security agency personal believe when they sign NDAs and Official Secret Service Acts it's optional and not mandatory to follow??

    America really isn't very good at keeping secrets it seems....
  19. Pakaku macrumors 68020


    Aug 29, 2009
    Lowering the collective average of the ages of congress party members, by cutting the old and employing younger tech-savvier members, would be a good start.
  20. Jax44 macrumors 6502a


    Jul 24, 2010
    Carmel, California
    Hey, if you get rid of all the 90 year old Congress members who will be there to champion the horse and buggy?.
  21. Ted13 macrumors 6502a

    Dec 29, 2003
    It would, but to get there younger people need regularly vote in congressional elections, especially the midterm election between presidential campaigns. By staying home, they guarantee that the voters with greatest turnout/influence are the senior citizens, our least informed voters (judging by how they are Trump's staunchest supporters).
  22. Sasparilla, Aug 22, 2016
    Last edited: Aug 22, 2016

    Sasparilla macrumors 65816

    Jul 6, 2012
    At the national level, either you can try and make everyone secure (electronic, financial and general communications) and 3 letter agencies will have to work a little harder or you have your backdoors and vulnerabilities but nobody's electronic infrastructure is secure.

    Our govt leaders (urged on by the narrow interests of the 3 letter agencies) keep choosing the latter - which isn't in the overall U.S. best interest. The biggest buyer of vulnerabilities year over year (for use against foreign citizens and domestic citizens), by far, is the U.S. government.

    Apple please keep locking down your hardware / software. For the future, beyond Tim, please consider to moving to open sourcing (not making it free though) your firmware, OS's and compiler...eventually Tim won't be there to keep things from govt partnership back doors / access and it'll be quite profitable to give the govt's what they want, open sourcing these things (so they can be publicly audited) would make that much less likely & hard to roll back. As the only major vendor standing up for this stuff in the world - we need something that'll last longer than the current CEO (although I hope he lasts a long time especially WRT security).
  23. MH01 Suspended


    Feb 11, 2008
    So you read one story and that the basis of EU security / data protection.

    Well based on laws and actual facts and not what the UK government wants to do, EU is ahead.

    Hey after Brexit, it's cute you still claim UK is EU.... ;) Now the stupid government can have thier way
  24. needfx, Aug 22, 2016
    Last edited: Aug 22, 2016

    needfx macrumors 68040


    Aug 10, 2010
    macrumors apparently
    I guess the NSA should stop using 12345 for systemwide passwords
  25. PinkyMacGodess macrumors 601


    Mar 7, 2007
    Midwest America.
    And you know it wouldn't have lasted long, the government ordered back door. The first time someone 'big' had their iPhone hacked, they would be demanding a 'hardened' iPhone with no back door, or would be rushing to kill it somehow.

    They only wanted the back door, apparently, because the script kiddies at the NSA couldn't figure out how to hack it. It's sloppy. Like having programs and apps that are over 200MB. It's sloppy coding, and lazy programmers. o_O

Share This Page