Surveillance Backdoor Enabled Chinese Gmail Attack? 143
Major Blud writes "CNN is running an opinion piece on their front page from security technologist Bruce Schneier, in which he suggests that 'In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.' His article is short on sources, and the common belief is that a flaw in IE was the main attack method. Has this come up elsewhere? Schneier continues, 'Whether the eavesdroppers are the good guys or the bad guys, these systems put us all at greater risk. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in. And it's bad civic hygiene to build technologies that could someday be used to facilitate a police state.'"
Correlation does not imply causation (Score:1, Interesting)
Larry & Sergey To Cash In $5.5B of Google Chips
Re:Careful There, Schneier (Score:3, Interesting)
If US government want and have these, why wouldn't China? It's not that far fetched, and it's probably better for Google to say it was some virus planted on their system rather than have news all over the internet that China has such in place too. And it could be that US operations didn't know about it, Google China is its independent operation after all and why they're maybe pulling off.
I think it was AT&T or Verizon that we had /. article recently about how US government used their backdoor tons of times to gather info and that it would had been impossible to handle manually. Why wouldn't Google, one of the largest US companies, have similar system?
Google + ChiCom Gov (Score:3, Interesting)
Re:Careful There, Schneier (Score:3, Interesting)
> The problem is I'm not sure how one would prove it one way or the other since I believe all the source in question is closed source to begin with.
I can't prove it is there but I know it is.
A year so ago I was under consideration for a position with a defense firm looking to beef up for the coming Cyber War feeding frenzy. A half hour after I signed my life away on the clearance background checks and such they started asking questions that sounded oddly familiar. After two or three questions I realized they had read some Blogger posts (on technical issues) that I had written and saved in draft. I had never published a single thing from that Blogger account but it did have my name attached to it. I probably shouldn't have been freaked out - they were interviewing me for what was essentially a hacking position - but I was. I was so distracted for the rest of the interview that I didn't get the job. I couldn't shake the question of "What the fuck am I getting into here?"
Re:Careful There, Schneier (Score:5, Interesting)
"He better be able to back it up."
He doesn't have to. I'll explain later. In fact, reactionary posts like yours and the /. article is an inhibitor in favor of backdoors like this, instead of being patient and seeing what comes out. You are attacking the holder of the opinion, redirecting focus to the very real case of government backdoors and general population communication abuses, which has been proved, real, and pronounced (see AT&T eavesdropping and others).
Which is a shitload worse than Schneier mere opinion, even if unsubstantiated (which is worse than uncorroborated) on the matter.
"I just want to caution everyone that you're reading an opinion piece by a security blogger with no corroborating evidence." ,,,in the story. He may have corroborating evidence, but is smart enough not to put it forward for both his sake, his sources sake, and/or as bait.
If he had that evidence, he'd be held for obtaining classified information without a due security clearance and prosecuted.
"I have respect for the man but this certainly shakes that. Any concrete proof of this would be welcomed. The problem is I'm not sure how one would prove it one way or the other since I believe all the source in question is closed source to begin with."
Very true and you start in on the crux of this matter of releasing source info. However, I think you are looking at this as overly critical of Schneier, instead of looking at the whole picture. He lives in the real world, he has to live with the repercussions to his life, far more than you or I.
If he releases the info and has a source, Schneier himself gets prosecuted or at least subpoena'd for his source, and if he refuses to reveal it, he gets locked up. His source, at the very least, can be revealed and gets pounded (and people like you won't do a think and can't). And Schneier loses future use of his source. iow, at the very best, he can only suggest his opinion, which is what he is doing.
If he simply airs the idea out there, knowing it's true, that's fine by me. Maybe it isn't for you, but he's been right far far more often than not so in this case, I think people should look at the bulk of his work instead of just one instance that has yet to play out fully. If he continues to do this repeatedly for other issues, then yes, I'd start to shift in your opinion of the man. But I haven't seem him abuse his reputation. iow, if this is a lapse, it's unfortunate, but Schneier is human, and I doubt it's a lapse of judgment.
If he doesn't have a source, but has evidence, and isn't sure, he may be airing this out there without corroborating evidence (having no substantial evidence of course), to see what happens. If they go after him, then you have a tell tale sign. If there are code changes, again, tell tale sign. If he gets harrassed or hammered by 3 letter agencies, again, tell tale (and maybe this has already happened).
If he simply just threw it out there, then, yeah, shame on him, but again, I haven't seen him do this in the past, so I'm very willing to give him the benefit of the doubt, since his contributions, sources, and info in the past has been spot on. His hands may be tied in this case or he's being careful (esp. with a new administration that still has strong ties in the agencies to the prior administration, with a pro-prosecutional bent to it to go after small fries which Schneier would be in the grand scheme of things in the populace).
Your opinion will likely differ on this, but as you seem well aware of his legacy, I think it's over done to be this critical this early in the game.
Re:Google's internal security vulnerbilities (Score:3, Interesting)
Not to group you with the Evil Chinese Communist, but where are you from? You sound overly sympathetic to the non-political interpretation of this, and it's sort of odd to blame the victim. It wouldn't be odd for the Evil Chinese Communist to excuse its own behavior and blame the victim, however. So, despite your 'disarming' final statement, I suspect exactly that -- not due to your criticism of Google, per se, but certainly due to your attempt to minimize the wrong acts of the Chinese government.
Re:Think about it a second (Score:4, Interesting)
Where does the money that the government pays the companies come from? Taxes.
Who pays these taxes? The same people being spied on.
So yes. the consumer is paying for the overhead so they can be spied on.
Re:Careful There, Schneier (Score:4, Interesting)
Computer World [computerworld.com] quotes an anonymous source "familiar with the situation" as saying:
That's because they apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press. "Right before Christmas, it was, 'Holy s***, this malware is accessing the internal intercept [systems],'" he said.
According to that article, what Google had was an internal system that could pull limited amounts of account information to comply with law enforcement requests, not a backdoor that gave access to the account in question. Also, it appears that the malware/attack in question didn't "subvert the system" so much as it piggybacked onto a computer with access and got in that way.
So while he's right as to the general purpose of the system, he seems to be pretty wrong as far as the scope of the 'backdoor'.
Re:Think about it a second (Score:5, Interesting)
I don't know about cell. But on land lines, they DO log everything. The switches emit raw call record data. The billing logs are produced from the call record data.
Database Security & open architectures (Score:3, Interesting)
Google's stance on database security is poorly documented and certainly not open. I've yet to find comprehensive peer review of their architecture security (but then they are a for profit enterprise) and need not comply like Oracle, IBM DB2, MySQL?
Numerous opportunities exist in the chain of data that Google is slurping through to build in "back doors" either deliberately or by "accident" expose data.
Somehow they "parse" accounts for words, addresses, html code, etc then use those datapoints to do statistical cross references to build the ad's. Thats elementary. However since they parse EVERYTHING in the account somehow the programmer(s) have to make design decisions on how to go about it. Is there one process per type of data. One that just looks for PDF code vs keywords? Is there one process per country with applicable rules for that country? Are the configuration tables for that process well protected and not able to be circumvented?
Google has to crack open each file, Adobe reported a breach so perhaps the attack vector was in the PDF parse/scrubber at Google.
It would be trivial "once inside the system" to set configs to just suck out everything instead of what that particular process ought looking for and tee the result over to some obscure process or table buried deep in the DB to retrieve it later by some query.
Once you found a marker to your target you'd just have to find the right DB keys they are associated with to get all the other data about them. Somehow every Google account has a primary or some other key that associates the data. No one is asking about low level DB security on this thread. Who exactly gets granted access to the primary and following keys and tables. Who has authority to restart processes? Are processes logged as to why they restarted with new values?
It's quite possible there is a way to view Google accounts outside a web-interface which is what normal people think when they hear back door. Its more sophisticated than viewing the raw dump. I suspect the intrusion proved the new horizon for security: That it ispossible to "re-assemble" most if not all the account from the database(s) if you've p0wnd the DB at a low level without the need for a backdoor to the actual account nor the Google foundational OS/netstack. The Chinese probably attacked and penetrated the DB's somehow.
I think this is the great oversight it was not just that Gmail was hacked. It is broader to say Google Accounts; gmail points to web search which is tied to Picassa, which is tied to Blogger, which is tied to youtube, etc....
All these have to be fortified at the DB level else any other measure of security is meaningless.
Re:Careful There, Schneier (Score:2, Interesting)
I heard from a third- or fourth-hand source, that Google has a separate network for the workstations that do legal e-discovery, and that was what was compromised.
Legal e-discovery is a fact of life. People sue each other, and the court wants the email evidence. This was news during Enron....
Anyway, I heard that the malware was specifically crafted for the Google e-discovery machines. The IE Exploit is probably the truth. The question then becomes "how did the machines on the separate network get access to the malware?"
The opinion article mentions two separate things: "search warrants on user data" with "access system Google put in place to comply with U.S. intercept orders", and then summarizes with "... systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in."
True, but naive.
Google lawyer under scrutiny by a judge: "um, yeah, that email system we have? Yeah, we don't have the ability to search it. Yes, we do Search for a living. Yes, we knew the court would issue discovery orders. Yes, we have corporate customers that have a need to find all the email in the company by searching. Yes, we know a little bit about automation. But no, we cannot comply with your e-discovery order, and we've told all our corporate customers to stuff themselves too."
Generally, I like Bruce Schneier, but this was a pie-in-the-sky opinion piece.
Re:Careful There, Schneier (Score:1, Interesting)
As an illustration of the dangers of trusting "reputable" news sources like papers:
Do you remember that newspaper article that was all over the papers (and even on the BBC) about how blonde women were more aggressive and had more of a sense of entitlement than others? Well, it turns out that the original research was about whether strong people (people! not women) were more or less assertive (i.e. whether the Napoleon aphorism is true - turns out it isn't). A news reporter then asked the researchers whether that meant blondes were more aggressive. The researchers crunched some numbers and told the reporter "no". The reporter then wrote an article with a headline like "blonde women more aggressive". And then everyone copied that.
The sad thing is, after the lie got exposed, none of the papers I read reported on that. The original article was on the front page of the science section in many, so the scandal should be of similar notability and importance but no, silence. Only the BBC went back and made changes, but the changed article still doesn't correspond to the original research and it looks like the changes were made more to try to save face than to inform the public. Shameful.
Honestly, sometimes I think you're better informed if you don't watch the news and don't read the papers.
Re:Google + ChiCom Gov (Score:4, Interesting)
This episode reminds me of a Microsoft claim made seven years ago:
http://forums.macrumors.com/archive/index.php/t-21643.html/ [macrumors.com]
March 06, 2003
According to its own testimony at its anti-trust trial last year, Microsoft Corporation, purveyor of the omnipresent Office and Windows product lines, has betrayed the United States of America.
Microsoft has been struggling over the past year to slow the loss of international market share to cheaper, Linux-based alternatives. To that end, it recently began sharing the source code of its Windows operating system with various foreign governments. The problem is that this initiative comes just months after Jim Allchin, Microsoft's head of Windows development, claimed under oath that releasing such code to its competitors would be a major risk to American national security.
The disconnect between the software giant's actions and claims became even more striking last week when Microsoft announced that the second major nation to receive a tour of Windows' plumbing will be the People's Republic of China.
China is not America's ally. China is not our friend. At best, our two nations tolerate each other. At worst, we are on a cultural collision course that could dwarf the Cold War. And now Microsoft is planning to give China information that it has claimed could seriously compromise American security. Thanks a lot, Mr. Gates.
No, not Goog vs. MS, rather tech law vs. privacy (Score:1, Interesting)
Schneier's main point is that by happily enabling "lawful" surveillance through modern technology, we're obliviously entering a new world where:
- Even lawful surveillance by a democracy is abused without accountability (FBI, NSA, oversight clearly a joke, executive claiming limitless power)
- Mechanisms of lawful surveillance can be hijacked by unauthorized entities (Greece telco, GMail in China)
- Technology created by democratic-based corporations are being used by oppressive anti-democratic states (Nokia abetting Iran, Cisco & Yahoo abetting China, etc.)
- Even in a freedom-loving democracy our individual privacy is an endangered species with zero protection, as we leave electronic trails everywhere that are scooped up in for-sale commercial databases like ChoicePoint (as well as weakly-protected search engine records, ISP usage records, electronic toll road records, cell phone location records, and on and on and on.)
We are not watching where we're going.
Re:Google's internal security vulnerbilities (Score:1, Interesting)
The only amazing thing would be if every intelligence agency on the planet didn't have at least one mole in Google.
There are two reasons why "Spot the Fed" has been played for sport at DEFCON since time immemorial. First, it's fun because it's a way for everyone to practice their skillz in a safe environment: the very definition of "game". Second, it's because it serves to remind us that this is a very real part of the IT industry, even for white hats.
Re:Think about it a second (Score:3, Interesting)
> I spent 2 years helping implement CALEA for Sprint/Nextel and
> was the point person for much of the integration.
Thanks for the info, chill. Say, how do you sleep at night knowing you're part of the problem...as in destroying everything this country once stood for?