Thursday, June 2, 2011

Government-in-the-Middle Attacks -- State-issued Malware

The increasing use of Skype by dissidents and those that seek a more secure way of communicating has led to a number of companies providing malware to States and regimes that want to keep tabs on their citizenry. According to a WSJ article, Skype was never deliberately designed for encrypted conversations for evading state controls, but for ensuring anonymity due to its peer-to-peer architecture and preventing Skype users from listening into other's conversations. Due to that strong encryption level built into it from the ground-up, and not as an afterthought, a lucrative market has emerged for European start-ups like Gamma of the UK, Germany's DigiTask, Switzerland's ERA IT Solutions AG, and Italy's Hacking Team SRL to provide governments with malware to snoop on Skype calls and chats. In addition, these government-issued malware include keyloggers and thus give citizens passwords to web based mail like gmail, hotmail, and yahoo. Perhaps we should call it Government-in-the-Middle attacks.

In addition to giving personal and private information to government employees at the Ministries of Interception, a whole host of the other information is available, such as online banking details and work correspondence. What rules will governments put in place to prevent their public-sector servants/snoopers from going rogue and using that information to defraud and blackmail people?

No comments:

Post a Comment