The leak of almost 9,000 documents detailing hacking and surveillance techniques used by the CIA is shocking, but not for the reasons many people think. Reading that your Smart TV or mobile phone could be monitoring what you say in your own house is alarming, but the real issue isn’t that the CIA spies on people. It’s not even that they do it through the devices in our homes.
The ease with which the code can be accessed and manipulated has created the real issue – that the source code, and the hacking tools used to access it is now available to anyone who wishes to use it. Criminals, hackers, terrorists, they all now have access to the hacking power wielded by the world’s most powerful intelligence agency.
End-to-End encryption is useless
Every day we use apps that claim to be secure, but are they really? It’s not enough to encrypt data in transit. WhatsApp introduced end-to-end security back in January, but armed with their new CIA hacking methods, hackers can steal the data from devices before it even gets to the encryption stage. The much-heralded new security measure is now virtually defunct.
Many businesses use, or tacitly permit the use, of free, cloud-based, messaging apps – like WhatsApp – to conduct everyday business. Even the President of the United States and his team of senior advisors use an app to pass confidential information to each other.
These apps – no matter how easy they make our lives – put data at risk. Any responsible business or organisation should ban their use for work purposes.
Organisations must assume control of their data and take responsibility for how it’s stored, processed and transmitted. Walled gardens may have had a poor reputation for stifling the freedom many want when using the internet, but they allow organisations to exert more control over their data and its security.
History repeats itself
Twelve years ago, PCs were being infected by viruses thanks to a decision made by Sony. In adding copy protection to its CDs, Sony installed a Rootkit on people’s PCs. It installed a backdoor for hackers to access and plant malware on our computers.
The same thing will happen now
The CIA’s tools for preventing terrorist attacks will now be used against it, and all of us. It leaves organisations everywhere vulnerable to data theft and corporate espionage. It has huge ramifications for all of us.
Deutsche Bank is looking pretty smart for banning the use of free messaging apps on company phones back in January. The question is, how will other organisations respond?