About a whistleblower
Christmas reminiscences led Calum Macleod to analyse the meaning of whistleblowing as demonstrated by Edward Snowden
Like many folks, we have more or less only just recovered from the holidays and the traditional family dinner. The highlight is watching the grandchildren open their presents, especially this year, as our two-year-old grandson has discovered the wonders of ripping open everything, regardless of who the intended recipient might be.
Among all the presents, the best of all was the whistle that came in a Christmas cracker. Everyone could have saved a ton of money if we'd only known the power of the whistle.
The first few toots were a bit tentative but once he grasped the concept, the whistleblower was off and running. And as the evening wore on, I started to wonder about whistleblowers.
After all, we live in a culture where the whistleblower may be put on a pedestal. The media in general seem to thrive on the whistleblower's claims and activities, even when those exposing an individual or organisation definitely fall into the category of the pot calling the kettle black.
Times have changed. There was a time when Britain elected a prime minister who had not only suffered from gonorrhea but during his time in office had a long-standing affair with a woman married to someone else. Not only did his political career thrive, but on resigning as PM, he was elevated to the House of Lords.
The US has also had its share of presidents - including Thomas Jefferson, Andrew Jackson and Franklin D Roosevelt - who have been exposed for their extramarital dalliances.
In France, and partly as a result of strict privacy laws, there appears to be a consensus that what goes on in the private lives of public figures is just that: private. The late president Francois Mitterand had a daughter who was the result of an extramarital affair, but it was not until shortly before Mitterand's death that the public learned about it.
Whatever the truth regarding the NSA and RSA, what surprised me most of all was the apparently shocked reaction of the security community. Ever since cryptographic algorithms have been available in products from the US, in every meeting, with any company, the question of back doors in those algorithms will have been brought up, without fail.
In other words, many people have always assumed that back doors existed, for whatever reason, and yet now that it supposedly has been shown to be true, everyone seems to be in shock.
We may never know the absolute truth, but in any case no encryption algorithm survives forever.
It is not so long ago that we were being told that MD5, invented by Ron Rivest from RSA, was no longer safe and that in fact it had a fatal weakness. At that time we were told to use an alternative such as SHA-1, which has since been found to be vulnerable as well.
SHA-1 was designed by the NSA and published by NIST as a FIPS standard. SHA-1 was based on principles similar to those used by Ronald Rivest in the design of the MD5 algorithms.
Conspiracy theories abound. Could it be that the NSA and the RSA have been in cahoots all along? Did Adi Shamir and Len Adleman know about this? Hang on, Adi Shamir is Israeli and Len Adleman is the son of an American Jewish family. It's all an American Israeli plot.
Never mind whether or not there is any hard evidence!
One can only conclude the French were right all along. As I understand it, French law states that a company may not sell or use that product in France unless it meets the French government's requirements and an authorisation is obtained. It probably needs to have a "porte arrière" (back door).
What next? Antivirus companies in cahoots with the authorities? We may never know the truth. After all, could it be possible that the NSA, aware it had a leak, mixed some misinformation with all the other stuff - encouraging kneejerk reactions?
The longer this Snowden affair drags on, and the more the guy is promoted as some latter-day messiah, the more I start to ask myself if Edward Snowden was smarter than the best the US government had to offer. Surely, with all the disclosures, more heads would have rolled if there were much in the way of genuine failure on the part of the NSA or government staffers?
The insider remains the biggest threat - regardless of the integrity, or lack of it, in encryption algorithms.
Thomas Rid, reader in war studies at Kings College, London, wrote in his 2013 book Cyber War Will Not Take Place: "The best-placed person to damage a machine is the engineer who built it or maintains it, the manager who designed and runs a production process, or the IT administrator who adapted or installed a software solution. It therefore comes as no surprise that sabotage manuals tend to be written largely for insiders."
Whether we're talking about Stuxnet, or AMSC and Sinovel, the insider - either deliberately or inadvertently - is your biggest risk.
The Shady RAT attack identified by McAfee suggests that crypto-algorithms are not the biggest issue. Essentially, four steps were its key to success.
Organisations were targeted based on economic or political criteria and were then penetrated by identifying employees and their contact information. This included email addresses, using freely available data from websites such as LinkedIn, and spear phishing, embedding Trojans in commonly used file formats that installed automatically as the files were opened.
Once the Trojan was installed, it would communicate via seemingly innocuous websites to its command-and-control centre, giving attackers control of target organisation machines. A remote session would be established back to the command-and-control centre that basically allowed attackers to view and record all activity.
Who needs crypto back doors when it's just as easy to exploit us by looking at our LinkedIn accounts? Most organisations are not actively monitoring their systems for exploits, or are relying on antivirus applications that can fix something only after they know what it is.
And as for the whistleblower? Curiously enough, the parents forgot to take the whistle with them on departure. After all, whistleblowers get really tiresome after a while.
Calum Macleod is EMEA vice president at Lieberman Software