Monday, 10 October 2016

Police Cannot Guarantee The Safety Of Your Data

Remember a few months ago when America’s FBI demanded that Apple help them hack in to the San Bernadino killers iPhone?

Apple refused to do it and it cost the FBI around $1m to get third party to hack it for them.

At the time every security professional in the world warned the FBI that if they tried to create a backdoor hack to get in to this or any other phone it wouldn’t be long before it would fall in to the wrong hands.

In one of those “we told you so” moments, we now discover that since the FBI vs Apple fiasco, the following things have happened:

1. Code that can bypass Microsoft’s Secure Boot system has escaped into the public realm.

2. The National Security Agency (NSA) have had their entire arsenal of hacking tools, zero day exploits, and other malware and implements of digital spycraft stolen from an isolated set of servers.

And don’t think for one moment that data breaches like these are restricted to companies in the USA or the US government.

The UK government have an even worse track record than their USA counterparts for getting hacked and losing our data.

So here we are, yet again, in a situation where governments foolishly and arrogantly ignore security professionals advice. They refuse to listen to the experts out there who constantly scream at them and warn them that "if a backdoor exists, data will get stolen".

According to recent reports, the US government have been handed a ransom note for 1 million Bitcoins (which works out at around $575 million) for the return of the NSA’s toy box of hacking tools.

Wow!

Not only does that demonstrate the extent to which government agencies spy on us and hack in to our data, but it shows that whoever stole these tools from the government now have in their possession the ability to break in to almost any government or corporate system in the world. That includes power grids, emergency networks, communications systems, gas pipeline controls, medical records, major databases of private information, and control systems of nearly every kind.

That’s scary.

As individual members of the public, unfortunately we can’t do very much about the arrogance and incompetence of our police, security services, and government when it comes to securing our data. Realistically, we can’t do much to prevent them illegally spying on us, hacking us, and losing all our data from their systems and devices.

But what we CAN do is take conscious steps to secure the data we have on our own systems and our own devices.

First, we need to accept that police, security services, and government are far too arrogant to heed warnings from security professionals regarding data safety so they will continue to pass laws (and even break laws) to gain as much of your data as they can - then they’ll lose it. Period.

So we need to keep our data as safe as we can at our end.

Always, and I mean ALWAYS, assume that anything you have of any importance or value on a connected/networked computer, phone, or device can, and probably will, be hacked at some point.

If a device does not need to be ‘online’ don’t connect it to the internet or any other network.

Most of all do not believe anyone who says they can guarantee your data will be safe in their hands and that it will not be hacked and that they won’t lose it because they’re lying to you. No one can give you that guarantee. Not the police, not the security services, not the government. No one.

And sadly the biggest liars who you’ll hear trying to sell you that false and worthless guarantee are the police, the security services, and your own government.