Security & Privacy: Multifaceted Threats of the Deep State
Security and Privacy are two vitally important components of any successful society. Today’s connected world, where we carry computers in our pockets and share all our details on social networks, makes them even more so.
So far in this series, we’ve talked about encrypting your Internet traffic using a VPN, how to avoid getting infected by malware, how to physically secure your phone, how to encrypt your communications, and more.
Encrypting your communications is like locking your front door. With enough effort, the bad guys (or the good guys, if they have a warrant) can break in – but a strong door, a solid lock, and the habit of remembering to lock the door should make your home a less attractive target for evil-doers and casual snoopers alike. They’ll move on to easier targets.
What if the deep state (government agencies) had secretly entrenched operatives in the companies which make doors, hinges, and locks and had worked with them to build in”backdoors” to make it easier for their agents to poke around in your things while you’re asleep or at work? It sounds preposterous, I know. That overreach would be disturbing enough – but it’s only a very small part of a much bigger problem. Now that those door, lock, and hinge manufacturers have weakened their products, it’s only a matter of time before actual criminals learn about and exploit those weaknesses.
If that sounds far-fetched, it’s not. It’s happening today, and there’s proof to back it up.
Now that the panic surrounding the WannaCry ransomware is behind us, we can take a look at the facts and deduce a very troubling timeline of events.
The WannaCry ransomware was written to exploit a “flaw” in SMB – the Windows Server Message Block service – which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin. But that’s where things get interesting – and concerning.
Most security analysts I’ve consulted agree that this “flaw” was not a bug – it was likely a “feature” built into SMB under the direction of the National Security Agency (NSA). This is at least anecdotally confirmed by the strange circumstances surrounding Microsoft’s schedule of patches. For the first time since I’ve kept track of this schedule, Microsoft canceled its monthly patches – without offering any explanation. This happened right when the WannaCry ransomware was making its rounds. Microsoft then released a patch to all affected operating systems, including those which were beyond their “end-of-life” and shouldn’t be getting updates as a matter of policy.
Why the change in the release schedule? Why the change in the platforms receiving the patch? Why the media silence and lack of official comment from the company?
While there is precious little hard evidence to support the claim, the following theory fits the facts and seems more plausible than any other I’ve heard.
- The deep state (NSA, CIA, FBI, etc.) approaches Microsoft to make “investigating security threats” easier by building a backdoor into the SMB protocol
- Microsoft includes the compromised SMB in almost every operating system the company makes
- Certain “tools” from the deep state’s toolbox get leaked
- Someone uses one of those tools to encrypt files and extort money from its victims
- Microsoft identifies the source of the intrusion as the backdoor they were instructed to include in the SMB protocol (and hence into almost every copy of Windows over the last 15+ years)
- Microsoft wants to “patch” the “flaw” to stop the impact of the WannaCry ransomware but is unable to do so because doing so would impact “National Security”
- Microsoft cancels all patches (not just the one having to do with the SMB “flaw”), perhaps as a subvert message to anyone paying close enough attention
- Microsoft meets with agents of the deep state to get approval to remove this specific backdoor (or perhaps re-write it?)
- Microsoft releases an off-schedule set of patches (even to operating systems beyond their support lifespan) to “fix” the SMB “flaw”, perhaps as another subvert message to anyone who paying close enough attention
Or maybe I’m completely off-base with all that. I’ll let you, the reader, be the judge.
It’s not just Windows
During the LinuxCon gathering in New Orleans in 2013, Linus Torvalds was asked whether agents of the deep state had pressured him or other Linux developers to compromise Linux’s security, allowing spies to infiltrate computers running Linux.
Torvalds replied with a spoken “no” while nodding his head “yes”.
Android is based on Linux.
Signal, WhatsApp, Wire Compromised?
You might be able to dismiss the Windows SMB “flaw” as conjecture or even as a plausible conspiracy theory. You might even brush off Torvald’s “nodding no” as an attempt at humor. However, when you start adding similar stories, the conspiracy theory becomes even more likely to be “conspiracy fact”.
To support this there are reports of Signal’s encryption protocol having been “co-opted” by agents of the deep state.
Signal is considered by many to be the “gold standard” of secure, encrypted messaging apps. Security researchers from the University of Oxford in the United Kingdom, Queensland University of Technology in Australia, and McMaster University in Canada have recently given the platform a favorable review in its first formal security audit.
“We have found no major flaws in its design, which is very encouraging.”
Signal has even received the stamp of approval from NSA whistle-blower Edward Snowden.
Wire, the encrypted communication platform which I use and have widely recommended, is based on the Signal protocols. WhatsApp’s encryption is based on Signal, too.
— WikiLeaks (@wikileaks) March 7, 2017
While that sounds pretty damning, many who have read the 9,000+ pages of leaked CIA tools claim that nothing in the WikiLeaks documents say the deep state can do that. So, why the indication to the contrary from WikiLeaks themselves?
A compromised device, or a device with a chip with a built-in backdoor, or a device that uses a library of code (Google Play Services, etc.) could be utilized to “eavesdrop” on communications – even encrypted ones. There are also rumors that OpenWhispser (the developers behind the Signal protocol) have been infiltrated by or are working with government agents to build backdoors into the system “in the interest of national security” – some might even be convinced that by doing so they are fulfilling a “patriotic duty”.
Would a lock maker be doing anything “patriotic” if they deliberately made their product less secure and, because of their “patriotic negligence” someone was able to break into your home and injure someone you love? Obviously not.
Whether software companies have or not, we don’t know for sure. If we asked, they wouldn’t be able to tell us – even if they were as bold as Torvalds with his “nodding no”.
So, developers, I’m calling on you to publish a “canary”. Let us know that you HAVEN’T built exploits, weaknesses, or backdoors into your systems. That way users can check and see if your “canary” is alive. If we can’t find your “canary”, we’ll assume that you’ve been compromised and that we can’t trust you or your services to be free from government spying.