Wednesday, March 08, 2017

Spies are a threat to our security

Wikileaks strikes again!

WikiLeaks has published a huge trove of what appear to be CIA spying secrets.

The files are the most comprehensive release of US spying files ever made public, according to Julian Assange. In all, there are 8,761 documents that account for "the entire hacking capacity of the CIA", Mr Assange claimed in a release, and the trove is just the first of a series of "Vault 7" leaks.


In publishing the documents, WikiLeaks had ensured that the CIA had "lost control of its arsenal", he claimed. That included a range of software and exploits that if real could allow unparalleled control of computers around the world.

On the one hand, the Snowden files already made clear that the NSA and other intelligence agencies are actively pursuing and hoarding security flaws to achieve their covert aims. But by dumping them en-masse, Wikileaks has both ensured that they will be publicised and patch rapidly, and crystalised the core problem with this sort of activity. Spies are supposed to "keep us safe". But by hoarding these security flaws and ensuring they go unpatched, they in fact endanger us all. Because its not just the spies who know of and use these flaws, and the longer something is left unpatched, the greater the chance it will be used by criminals, hostile corporations, other states, or even the illusory (but highly lucrative for spies) "cyber-terrorists".

An agency responsible for keeping us safe would be immediately notifying software developers of these flaws so they can be patched, not keeping them secret for future exploitation. And we need to make sure our spies do exactly that. There's a spy bill currently going through the House, and an easy SOP that could be done to require the GCSB to notify companies of any security flaws it identifies or learns of. Is there an MP willing to stand up to our deep state and push it?