Slashdot Mirror

← Back to Stories (view on slashdot.org)

Surveillance Backdoor Enabled Chinese Gmail Attack?

Posted by Soulskill on from the let's-blame-the-government-now dept.

Major Blud writes "CNN is running an opinion piece on their front page from security technologist Bruce Schneier, in which he suggests that 'In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.' His article is short on sources, and the common belief is that a flaw in IE was the main attack method. Has this come up elsewhere? Schneier continues, 'Whether the eavesdroppers are the good guys or the bad guys, these systems put us all at greater risk. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in. And it's bad civic hygiene to build technologies that could someday be used to facilitate a police state.'"

3 of 143 comments (clear)

  1. Careful There, Schneier by eldavojohn · · Score: 4, Insightful

    His article is short on sources

    Agreed so I visited his blog and a recent post is equally scant. He points back to another blog post with a little more but really he's just pointing out the irony of a new proposed bill outlawing Google's collaboration with China in violating human rights issues. The irony being that the US has asked for similar backdoors from Google already.

    So here's my problem: More frequently Schneier acts as a reputable news source 'breaking' a story without citing the originator of the information. This is fine when it's a big paper like the New York Times but Schneier runs a blog on security. That's it. He might be a first hand expert but if so why isn't he showing and describing his conclusive evidence that the US mandated backdoor is how Chinese hackers gained entry? There's no doubt the software is less secure with a backdoor -- by definition -- but when he says:

    In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

    He better be able to back it up. And he reiterates:

    China's hackers subverted the access system Google put in place to comply with U.S. intercept orders.

    I just want to caution everyone that you're reading an opinion piece by a security blogger with no corroborating evidence. And on top of that, he has zero accountability. In fact, he says none of this on his blog, he leaves it as an op-ed on CNN. Read it like a strange click generating opinion piece and nothing more.

    I have respect for the man but this certainly shakes that. Any concrete proof of this would be welcomed. The problem is I'm not sure how one would prove it one way or the other since I believe all the source in question is closed source to begin with.

    --
    My work here is dung.
    1. Re:Careful There, Schneier by PugPappa · · Score: 5, Insightful

      So here's my problem: More frequently Schneier acts as a reputable news source 'breaking' a story without citing the originator of the information. This is fine when it's a big paper like the New York Times but Schneier runs a blog on security. That's it.

      So what makes it ok for a "big paper like the New York Times" to publish unsubstantiated claims? We shouldn't disengage our critical thinking regardless of the source.

  2. Google's internal security vulnerbilities by lumierang · · Score: 5, Insightful

    This is congruent with another report that mentioned
      Google put its Google China staff on paid leave and
    suspended their access after the incident:

    http://www.guardian.co.uk/technology/2010/jan/18/china-google-cyber-attack

          A lot of evidence points into google treating it as an internal security leak
    , and is conducting an internal audit on all its China employee. It seems
    Google has very good external security but is very vulnerable from inside .In the hacking very likely some google China employee was found to have leaked
    information that facilitate the attack. And that explain Google management's fury
      as it would be a moment as shocking for them as the
    “Cambridge Five” for British government .

        Firstly it would mean Google can no longer count on its Chinese
    employee’s loyalty when it clashes with their loyalty to China, so if
    it wants to operate in China it has to continue with a tainted staff, though that
    should have been expected for any corporation operating in a foreign country.

        Secondly it would mean there are serious security loopholes in Google
    internal management as it failed to implement a safety mechanism to
    check or limit inside attack.It this is true, pile on the fact that
    Google is already facing increasing privacy scrutiny in the US and
    Europe,it would be a heavy blow to Google’s reputation as a whole as
    it sends out the message that Google cannot be trusted with your data
    IN ANY COUNTRY.

        In my opinion Google failed to take care of its own fences,However
      Google’s genius lies in politicizing this incident ,as
    it completely shadows the question of Google’s own internal security
    vulnerability, as evidenced by the blanket omitting of this question
    in most of the news reports I have seen.It became a Good vs Evil in the news ,
    and you cannot criticizing Good ole Google
    without being grouped with the Evil Chinese Communist, can you?