Privacy Advocates Cite NSA Hack as Vindication of Apple's Fight With FBI

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Aug 22, 2016.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Privacy advocates have claimed the breach of hacking tools and exploits apparently stolen from the National Security Agency has vindicated Apple's stance in its dispute with the FBI earlier this year.

    Last week, reports emerged that a hacker group called the "Shadow Brokers" had allegedly stolen a cache of the NSA's top espionage tools and offered to sell them to the highest bidder.

    The malware was linked to the "Equation Group", a secretive team of cyber spies widely believed to be associated with the NSA and its state partners. The hacking collective that stole the malware posted two sets of files online, including a free sample of the stolen data, which dates back to 2013, and a second encrypted file whose decryption key went up for sale in a bitcoin auction. Many saw the auction as a stunt.

    But the attack code posted by the hackers appeared to be real, according to former NSA personnel who worked in the agency's hacking division, known as Tailored Access Operations (TAO).

    "Without a doubt, they're the keys to the kingdom," said one former TAO employee, who spoke to The Washington Post on the condition of anonymity to discuss sensitive internal operations. "The stuff you're talking about would undermine the security of a lot of major government and corporate networks both here and abroad."

    "It's a big deal," said Dave Aitel, an ex-NSA research scientist and CEO of penetration testing firm Immunity. "We'd be panicking." Whistle-blowing website Wikileaks tweeted that it also had the data and would release it "in due course".

    News of the leak has been closely followed by technology companies, many of whom pushed back against the U.S. Senate Intelligence Committee's attempts to force them to provide "technical assistance" to government investigators seeking locked data.

    The failed attempt to enact legislation came after Apple publicly clashed with the FBI over the government agency's insistence that it create a "back door" to its iPhone software.


    The FBI claimed the software was needed to break into the iPhone owned by Syed Farook, one of the shooters in the December attack in San Bernardino, California. Apple refused to comply with the request, claiming that the code would lead to weaker smartphone encryption and inevitably get into the wrong hands.

    Now, after a top-secret archive of some of the NSA's own exploits having been leaked online, privacy advocates are suggesting Apple's stance has been vindicated.

    "The component of the government that is supposed to be absolutely best at keeping secrets didn't manage to keep this secret effectively," said Nate Cardozo, a senior staff attorney with the Electronic Frontier Foundation who spoke to Business Insider.
    Ex-NSA scientist Aitel believes the most likely scenario is that an insider walked out of a secure area with this data on a USB key, which could have been sold or stolen. "No one puts their exploits on a [command-and-control] server," Aitel said. "That's not a thing."

    Another possibility suggested by NSA whistleblower Edward Snowden is that the malware toolkit was stolen from a "staging server" or segregated network outside the walls of the NSA, where it was used for conducting attacks. Snowden has also pointed to Russia as the chief suspect behind the leak.

    News of the hack has also raised new questions about the legalities of government hacking, since many of the "zero day" exploits included in the leak have never been disclosed to the companies whose hardware is affected.

    A policy framework called the Vulnerabilities Equities Process outlines how and when the state should disclose a vulnerability to an affected company if the larger security risk is greater than the reward it could yield. The FBI has informed Apple of security flaws in older versions of iOS and OS X in the past under the VEP framework.

    However, Cardozo argues that the rules are "completely broken" because the VEP guidance is a non-binding policy created by the Obama administration, rather than an executive order or law. "We need rules, and right now there aren't any," Cardozo said. "Or at least none that work."

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: Privacy Advocates Cite NSA Hack as Vindication of Apple's Fight With FBI
     
  2. keysofanxiety macrumors 604

    keysofanxiety

    Joined:
    Nov 23, 2011
    #2
    Oops. Wish I could say this news was surprising. It was only a matter of time.
     
  3. lowendlinux Contributor

    lowendlinux

    Joined:
    Sep 24, 2014
    Location:
    North Country (way upstate NY)
    #3
    Well I guess it's about time to make the VEP guidance binding and monitored.


    Oh yea and why not throw a few bucks at the EFF they do good work
     
  4. Porno macrumors member

    Porno

    Joined:
    Jul 21, 2016
    #4
    and people ask Europeans why u don't like Ameriguns....
     
  5. vmistery macrumors 6502a

    Joined:
    Apr 6, 2010
    Location:
    UK
    #5
    Not in the Politics section! Also I did think to myself the other day I hadn't seen an FBI vs Apple article in a while!
     
  6. OllyW Moderator

    OllyW

    Staff Member

    Joined:
    Oct 11, 2005
    Location:
    The Black Country, England
    #6
    I'm sure it will be soon.
     
  7. moeafg macrumors member

    Joined:
    Mar 31, 2014
    Location:
    Birmingham
    #7
    So.. they wanted Apples backdoor exploit and stated that they would "keep it safe and secure" but couldn't keep their own "safe and secure"? K.
     
  8. SGT.GREER Suspended

    SGT.GREER

    Joined:
    Jun 27, 2016
  9. soupcan macrumors 6502a

    soupcan

    Joined:
    Nov 21, 2014
    Location:
    Netherlands
    #9
    Should say something about the state of governmental IT projects/security when the flipping NSA gets its data stolen.

    Quick everybody, buy tons of 128GB iPhone 5S/6/6s's and store all the data on that!
     
  10. skinned66 macrumors 65816

    skinned66

    Joined:
    Feb 11, 2011
    Location:
    Ottawa, Canada
    #10
    Couldn't have happened to a more honest organization.
     
  11. iF34R macrumors 6502a

    iF34R

    Joined:
    Jul 13, 2011
    Location:
    South Carolina
    #11
    "Told ya so"... lol That's the reply Apple will give out.
     
  12. VulchR macrumors 68020

    VulchR

    Joined:
    Jun 8, 2009
    Location:
    Scotland
    #12
    OK, so no doubt most of us are in agreement that providing back doors for NSA is self-defeating and silly. The question is how we get the message through to Congress....
     
  13. BvizioN macrumors 601

    BvizioN

    Joined:
    Mar 16, 2012
    Location:
    Manchester, UK
    #13
    Europeans are among the worst when it comes to data protection and privacy!
     
  14. VulchR macrumors 68020

    VulchR

    Joined:
    Jun 8, 2009
    Location:
    Scotland
    #14
    Based on what evidence? I work for a UK university. Believe me, they take data security and privacy very seriously indeed.
     
  15. BvizioN macrumors 601

    BvizioN

    Joined:
    Mar 16, 2012
    Location:
    Manchester, UK
    #15
    What? In the UK where the government wants to force tech companies to decrypt protected devices? Oh yeah, we take security and privacy very seriously. Same thing with the France.
     
  16. bpcookson macrumors 6502

    bpcookson

    Joined:
    Apr 6, 2012
    Location:
    MA
    #16
    This is a fantastic article to share with folks who didn't understand the issues at the time or actively wanted Apple to submit to our government's illegal request.
     
  17. djcerla macrumors 65816

    djcerla

    Joined:
    Apr 23, 2015
    Location:
    Italy
    #17
    This is the knock-out punch for the Backdoors Party.
     
  18. apolloa macrumors G3

    apolloa

    Joined:
    Oct 21, 2008
    Location:
    Time, because it rules EVERYTHING!
    #18
    Soooo.... A hacking group of ex NSA employees hacks the NSA and offers to sell the information to the highest bidder, and other ex NSA staff state the information is 'the keys to the kingdom'

    No offence America but I SERIOUSLY suggest you vet your security agency staff better! I mean the Navy Seal guy who breached his NDA and Official Secret Serviced Act agreement, by writing about his part in killing Bin Laden has had to give up all his royalties, because the US government sued him over but the secrets he leaked are still out in the open. Surely he should have been jailed?

    Perhaps your military and security agency personal believe when they sign NDAs and Official Secret Service Acts it's optional and not mandatory to follow??

    America really isn't very good at keeping secrets it seems....
     
  19. Pakaku macrumors 68000

    Pakaku

    Joined:
    Aug 29, 2009
    #19
    Lowering the collective average of the ages of congress party members, by cutting the old and employing younger tech-savvier members, would be a good start.
     
  20. Jax44 macrumors 6502a

    Jax44

    Joined:
    Jul 24, 2010
    Location:
    Carmel, California
    #20
    Hey, if you get rid of all the 90 year old Congress members who will be there to champion the horse and buggy?.
     
  21. Ted13 macrumors 6502

    Joined:
    Dec 29, 2003
    Location:
    NYC
    #21
    It would, but to get there younger people need regularly vote in congressional elections, especially the midterm election between presidential campaigns. By staying home, they guarantee that the voters with greatest turnout/influence are the senior citizens, our least informed voters (judging by how they are Trump's staunchest supporters).
     
  22. Sasparilla, Aug 22, 2016
    Last edited: Aug 22, 2016

    Sasparilla macrumors 6502a

    Joined:
    Jul 6, 2012
    #22
    At the national level, either you can try and make everyone secure (electronic, financial and general communications) and 3 letter agencies will have to work a little harder or you have your backdoors and vulnerabilities but nobody's electronic infrastructure is secure.

    Our govt leaders (urged on by the narrow interests of the 3 letter agencies) keep choosing the latter - which isn't in the overall U.S. best interest. The biggest buyer of vulnerabilities year over year (for use against foreign citizens and domestic citizens), by far, is the U.S. government.

    Apple please keep locking down your hardware / software. For the future, beyond Tim, please consider to moving to open sourcing (not making it free though) your firmware, OS's and compiler...eventually Tim won't be there to keep things from govt partnership back doors / access and it'll be quite profitable to give the govt's what they want, open sourcing these things (so they can be publicly audited) would make that much less likely & hard to roll back. As the only major vendor standing up for this stuff in the world - we need something that'll last longer than the current CEO (although I hope he lasts a long time especially WRT security).
     
  23. MH01 macrumors G4

    MH01

    Joined:
    Feb 11, 2008
    #23
    So you read one story and that the basis of EU security / data protection.

    Well based on laws and actual facts and not what the UK government wants to do, EU is ahead.

    Hey after Brexit, it's cute you still claim UK is EU.... ;) Now the stupid government can have thier way
     
  24. needfx, Aug 22, 2016
    Last edited: Aug 22, 2016

    needfx macrumors 68040

    needfx

    Joined:
    Aug 10, 2010
    Location:
    macrumors apparently
    #24
    I guess the NSA should stop using 12345 for systemwide passwords
     
  25. PinkyMacGodess macrumors 68040

    PinkyMacGodess

    Joined:
    Mar 7, 2007
    Location:
    Midwest America.
    #25
    And you know it wouldn't have lasted long, the government ordered back door. The first time someone 'big' had their iPhone hacked, they would be demanding a 'hardened' iPhone with no back door, or would be rushing to kill it somehow.

    They only wanted the back door, apparently, because the script kiddies at the NSA couldn't figure out how to hack it. It's sloppy. Like having programs and apps that are over 200MB. It's sloppy coding, and lazy programmers. o_O
     

Share This Page