Privacy Advocates Cite NSA Hack as Vindication of Apple's Fight With FBI

MacRumors

macrumors bot
Original poster
Apr 12, 2001
49,674
11,001



Privacy advocates have claimed the breach of hacking tools and exploits apparently stolen from the National Security Agency has vindicated Apple's stance in its dispute with the FBI earlier this year.

Last week, reports emerged that a hacker group called the "Shadow Brokers" had allegedly stolen a cache of the NSA's top espionage tools and offered to sell them to the highest bidder.

The malware was linked to the "Equation Group", a secretive team of cyber spies widely believed to be associated with the NSA and its state partners. The hacking collective that stole the malware posted two sets of files online, including a free sample of the stolen data, which dates back to 2013, and a second encrypted file whose decryption key went up for sale in a bitcoin auction. Many saw the auction as a stunt.

But the attack code posted by the hackers appeared to be real, according to former NSA personnel who worked in the agency's hacking division, known as Tailored Access Operations (TAO).

"Without a doubt, they're the keys to the kingdom," said one former TAO employee, who spoke to The Washington Post on the condition of anonymity to discuss sensitive internal operations. "The stuff you're talking about would undermine the security of a lot of major government and corporate networks both here and abroad."

"It's a big deal," said Dave Aitel, an ex-NSA research scientist and CEO of penetration testing firm Immunity. "We'd be panicking." Whistle-blowing website Wikileaks tweeted that it also had the data and would release it "in due course".

News of the leak has been closely followed by technology companies, many of whom pushed back against the U.S. Senate Intelligence Committee's attempts to force them to provide "technical assistance" to government investigators seeking locked data.

The failed attempt to enact legislation came after Apple publicly clashed with the FBI over the government agency's insistence that it create a "back door" to its iPhone software.

Apple: If we're forced to build a tool to hack iPhones, someone will steal it.FBI: Nonsense. Russia: We just published NSA's hacking tools - Christopher Soghoian (@csoghoian) August 17, 2016

The FBI claimed the software was needed to break into the iPhone owned by Syed Farook, one of the shooters in the December attack in San Bernardino, California. Apple refused to comply with the request, claiming that the code would lead to weaker smartphone encryption and inevitably get into the wrong hands.

Now, after a top-secret archive of some of the NSA's own exploits having been leaked online, privacy advocates are suggesting Apple's stance has been vindicated.

"The component of the government that is supposed to be absolutely best at keeping secrets didn't manage to keep this secret effectively," said Nate Cardozo, a senior staff attorney with the Electronic Frontier Foundation who spoke to Business Insider.
The NSA's stance on vulnerabilities seems to be based on the premise that secrets will never get out. That no one will ever discover the same bug, that no one will ever use the same bug, that there will never be a leak. We know for a fact, that at least in this case, that's not true.
Ex-NSA scientist Aitel believes the most likely scenario is that an insider walked out of a secure area with this data on a USB key, which could have been sold or stolen. "No one puts their exploits on a [command-and-control] server," Aitel said. "That's not a thing."

Another possibility suggested by NSA whistleblower Edward Snowden is that the malware toolkit was stolen from a "staging server" or segregated network outside the walls of the NSA, where it was used for conducting attacks. Snowden has also pointed to Russia as the chief suspect behind the leak.

News of the hack has also raised new questions about the legalities of government hacking, since many of the "zero day" exploits included in the leak have never been disclosed to the companies whose hardware is affected.

A policy framework called the Vulnerabilities Equities Process outlines how and when the state should disclose a vulnerability to an affected company if the larger security risk is greater than the reward it could yield. The FBI has informed Apple of security flaws in older versions of iOS and OS X in the past under the VEP framework.

However, Cardozo argues that the rules are "completely broken" because the VEP guidance is a non-binding policy created by the Obama administration, rather than an executive order or law. "We need rules, and right now there aren't any," Cardozo said. "Or at least none that work."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Privacy Advocates Cite NSA Hack as Vindication of Apple's Fight With FBI
 

vmistery

macrumors 6502a
Apr 6, 2010
746
487
UK
Not in the Politics section! Also I did think to myself the other day I hadn't seen an FBI vs Apple article in a while!
 

apolloa

Suspended
Oct 21, 2008
12,318
7,798
Time, because it rules EVERYTHING!
Soooo.... A hacking group of ex NSA employees hacks the NSA and offers to sell the information to the highest bidder, and other ex NSA staff state the information is 'the keys to the kingdom'

No offence America but I SERIOUSLY suggest you vet your security agency staff better! I mean the Navy Seal guy who breached his NDA and Official Secret Serviced Act agreement, by writing about his part in killing Bin Laden has had to give up all his royalties, because the US government sued him over but the secrets he leaked are still out in the open. Surely he should have been jailed?

Perhaps your military and security agency personal believe when they sign NDAs and Official Secret Service Acts it's optional and not mandatory to follow??

America really isn't very good at keeping secrets it seems....
 

Ted13

macrumors 6502a
Dec 29, 2003
606
290
NYC
Lowering the collective average of the ages of congress party members, by cutting the old and employing younger tech-savvier members, would be a good start.
It would, but to get there younger people need regularly vote in congressional elections, especially the midterm election between presidential campaigns. By staying home, they guarantee that the voters with greatest turnout/influence are the senior citizens, our least informed voters (judging by how they are Trump's staunchest supporters).
 
  • Like
Reactions: Sasparilla

Sasparilla

macrumors 65816
Jul 6, 2012
1,481
2,341
At the national level, either you can try and make everyone secure (electronic, financial and general communications) and 3 letter agencies will have to work a little harder or you have your backdoors and vulnerabilities but nobody's electronic infrastructure is secure.

Our govt leaders (urged on by the narrow interests of the 3 letter agencies) keep choosing the latter - which isn't in the overall U.S. best interest. The biggest buyer of vulnerabilities year over year (for use against foreign citizens and domestic citizens), by far, is the U.S. government.

Apple please keep locking down your hardware / software. For the future, beyond Tim, please consider to moving to open sourcing (not making it free though) your firmware, OS's and compiler...eventually Tim won't be there to keep things from govt partnership back doors / access and it'll be quite profitable to give the govt's what they want, open sourcing these things (so they can be publicly audited) would make that much less likely & hard to roll back. As the only major vendor standing up for this stuff in the world - we need something that'll last longer than the current CEO (although I hope he lasts a long time especially WRT security).
 
Last edited:

MH01

Suspended
Feb 11, 2008
12,107
9,298
What? In the UK where the government wants to force tech companies to decrypt protected devices? Oh yeah, we take security and privacy very seriously. Same thing with the France.
So you read one story and that the basis of EU security / data protection.

Well based on laws and actual facts and not what the UK government wants to do, EU is ahead.

Hey after Brexit, it's cute you still claim UK is EU.... ;) Now the stupid government can have thier way
 
  • Like
Reactions: Alenore

PinkyMacGodess

macrumors 601
Mar 7, 2007
4,949
1,661
Midwest America.
Oops. Wish I could say this news was surprising. It was only a matter of time.
And you know it wouldn't have lasted long, the government ordered back door. The first time someone 'big' had their iPhone hacked, they would be demanding a 'hardened' iPhone with no back door, or would be rushing to kill it somehow.

They only wanted the back door, apparently, because the script kiddies at the NSA couldn't figure out how to hack it. It's sloppy. Like having programs and apps that are over 200MB. It's sloppy coding, and lazy programmers. o_O
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.