Pic courtesy : http://direitodiario.com.br
In my endeavours to make the cyber security boffins of this nation aware of the dangers of the present ICT policy being a farce from a national security viewpoint, the one thing that has got many ‘cyber security experts’ to open their eyes was when I used to tell them about the firm ware/ software update that was solely in the hands of the OEM. The testing processes from a national security point of view are just an eyewash as the control always remains with the OEM.
The below story buttresses my thesis and is a wake up call to our national security boffins, that the first step in the long road to cyber security is ensuring that only the citizens of our nation and fully indigenous companies are allowed to make software and hardware for our critical infrastructure. Our national cyber strategy would then be to ensure that an entire support system comprising of people, process and technology under our legal control is created. The easiest way is via FOSS wherein we don’t have to reinvent the wheel.
I am not talking of knee jerks like ban the global ICT majors, definitely not. They should be allowed to sell their products to private companies and individuals in the non critical infrastructural fields. The Defence forces, Security agencies, Govt Departments, Space, Atomic etc should all be mandated to buy only indigenous products based on indigenous hardware and software that has a trusted sourcing supply chain. Exceptions to this should only be once an indigenous product is not available. Once this policy is made; the entire range of ICT/networking equipment can gradually be manufactured by indigenous private players who will see a chance on ROI.
The story of Apple vs FBI is one of a series of stories that is going to follow on the back of the Snowden revelations to buttress the image of Western ICT industry. Only the gullible will buy this story, but there are a lot of willingly gullible experts in our midst. In fact there are some experts who sit on various expert committees who argue that our outsourcing industry worth 150 billion USD can be jeopardised if we take measures to protect our critical infrastructure and our national security !!! By that logic, the Govt’s ‘Make in India’, ‘ Startup India’ etc will jeopardise our global trade and pauperise this nation.
—————————————————————————————————————————————————————————
Why the ‘Apple vs Govt’ Storyline Is a Fake Designed to Distract the Public
The backdoor is already in the IPhone.
By Bill Blunden / CounterPunchFebruary 22, 2016
The media is erupting over the FBI’s demand that Apple help it decrypt an iPhone belonging to Syed Rizwan Farook, one of the attackers involved in the assault in San Bernardino this past December. Originally Apple wanted the FBI to keep things on the down low, asking the Feds to present their application for access under seal. But for whatever reason the FBI decided to go public. Apple then put on a big show of resistance and now there are legislators threatening to change the law in favor of the FBI. Yet concealed amid this unfolding drama is a vital fact that very few outlets are paying attention to.
Tim Cook protests that Apple is being asked to create “a new version of the iPhone operating system.” This glib talking point distracts attention from the reality that there’s essentially a backdoor on every new iPhone that ships around the world: the ability to load and execute modified firmware without user intervention.
Ostensibly software patches were intended to fix bugs. But they can just as easily install code that compromises sensitive data. I repeat: without user intervention. Apple isn’t alone in this regard. Has anyone noticed that the auto-update feature deployed with certain versions of Windows 10 is impossible to turn off using existing user controls?
Update features, it would seem, are a bullseye for spies. And rightly so because they represent a novel way to quietly execute malicious software. This past September the Washington Post published a leaked memo from the White House which proposed that intelligence agencies leverage “provider-enabled remote access to encrypted devices through current update procedures.” Yep, the same update procedures that are marketed as helping to keep users safe. And it would appear that the spies are making progress. There’s news from Bloomberg of a secret memo that tasked spymasters with estimating the budgetary requirements needed to develop “encryption workarounds.”
And, finally, please notice throughout this whole ordeal how the Director of the NSA, unlike the vociferous FBI director, has been relatively silent. With a budget on the order of $10 billion at its disposal the NSA almost certainly has something equivalent to what the courts have asked Apple to create. The NSA probably doesn’t want to give its bypass tool to the FBI and blow its operational advantage. After all, the NSA is well versed in the art of firmware-level manipulation. Experts have opined that for a few million (a drop in the bucket for a spy outfit like the NSA or CIA) this capability could be implemented. NSA whistleblower William Binney tends to agree. When asked what users could do to protect themselves from the Deep State’s prying eyes Binney replied:
“Use smoke signals! With NSA’s budget of over $10bill a year, they have more resources to acquire your data than you can ever hope to defend against.
This has to be addressed in law and legislation. Call your local governmental representative and complain, otherwise, if you sit and do nothing… you are fucked!!!”
So while Apple manufactures the perception that it’s fighting for user privacy, keep in mind that the media’s Manichean narrative of “good vs. evil” doesn’t necessarily explain what’s transpiring. Despite cheerleading by Ed Snowden and others Apple is not the company that it would have us believe it is. Apple has a long history of helping the government crack iPhones and security researchers have already unearthed any number of hidden services lurking below the iPhones surface.
The public record over the past several decades informs that ersatz public opposition often conceals private collusion. And Apple, dear reader, is no stranger when it comes to clandestine government programs. The sad truth is that government spies and corporate data hoarders assemble in the corridors of the American Deep State protected by a veil of official secrecy and sophisticated propaganda.
Bill Blunden is the author of several books, including “The Rootkit Arsenal” and“Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex.” He is the lead investigator at Below Gotham Labs.
Good read!