Makes a mockery of any of that "Only machines read everthing and we don't use most of it" BS
"Biographical leverage" as John Brunner called it.
Intelligence agencies are exactly like any other kind of bureaucracy that feels threatened by anyone.
Researchers tasked with revealing attacks by intelligence agencies are being harassed, locked out of tenders, and in some cases deported, Kaspersky researcher Juan Andrés Guerrero-Saade says. Retaliation by the unnamed agencies is in direct response to news of prominent advanced-persistent threat campaigns that have coloured …
John Brunner was a genius. One could do worse than re-read his "Shockwaver Rider" / "Stand on Zanzibar" / "The Sheep Look Up" trilogy. Though influenced somewhat by 68' hippiedom, he saw it coming.
as an ICT security researcher, discovering then publishing IEEE conference papers on "backdoors" in communications infrastructure etc, in Europe - I wasn't very surprised when I was called into my bank for a 'routine' meeting.
You're undergoing a 'routine' anti-terrorist financing probe, which under the privacy laws you have to agree to allow - sign here - said my bank. So I signed. Nice of them to ask me! None of my colleagues working on energy security or vehicle pollution have even heard of this bank procedure, ever, in the last 20 years.
There's also the daily malware .pdfs, .doc, links to dropper sites, and other really innovative stuff that appear every day at work AND at home via email. They threw a virus at my kid's Gmail account too.
Ho hum, still a bit more work to do, but YES the agencies are playful, trying to be intimidating, if not actually evil, yet, in my case.
P.S. Have the UK really thought their new GCHQ 'hack' laws through? As they are allowed to do WTF they want to whoever they wish, including MPs, how can any court-case relying on digital evidence now stand? when the possibilities of everything called 'evidence' being faked are such that an honest conviction is no-longer possible.
Doesn't encrypt, mostly because 2 years behind bars just for losing/forgetting the key is much too harsh.
Also knowing my bad luck with computers I'd end up locking myself out of the data because its hard enough to remember a 22 digit alphanumeric let alone a 4096 bit D-H key.
Just gotta make that data quantum proof already :-)
That said, what if the incriminating data they "found" was planted, and the individuals involved just appeared to cooperate, leaking just enough information to sound convincing?
its [sic] hard enough to remember a 22 digit alphanumeric let alone a 4096 bit D-H key
Why would you be using Diffie-Hellman to encrypt data for your own purposes? It's an asymmetric cipher (really a key-exchange protocol).
Also, of course, no one (or certainly very few people) memorizes a key for a modern symmetric cipher. (No one does it for an asymmetric cipher because that'd be pointless; you encrypt the private key with a symmetric cipher.) They memorize a passphrase that's long enough to give them the strength they want, and then use a derivation function like PBKDF2 to create the actual key for the cipher.
I agree, Destroy All Monsters, and whenever something can happen, it invariably always does happen. And a quite magical enablement of portfolios of weird and wonderful things way beyond the power and ken of traditional sources and conventional forces are happening all over the place and in cyberspace.
It is no totally bad thing at all though, unless one is into provoking and poking it evilly, and in pursuit of an oppressive and regressive inequitable advantage/intellectually challenged status quo position/banked situation.
And trying to hide and/or ignore that virtual reality mainstream merely exposes and highlights its expanding power in command and control circles and SCADA operations to presumptive powers that be in terminal decline and delusional systems collapse.
Take a whole lot of top experts in malware and make it impossible for them to get a legitimate job using their skills, while getting them seriously pissed off about it.What could possibly go wrong? .... Christoph
A probable move would be to go to work for another regime in another jurisdiction/landscape/Live Operational Virtual Environment, where such skills are highly prized and rewarded and much sought after, Christoph. Smart folk don't normally hang about doing practically nothing, do they? Well, not unless they be outrageously rewarded and prepared to do virtually nothing, I suppose.
As yet another instance of the remittance wo/man? And with even a laboratory, well off the 'net, so skills are kept sharp for the inevitable next war occurring in 5..4..3..2..1.... The these new cybertreaties are of a form as those that ring-fenced the Great Powers of the First World War.
As a user of Kaspersky's products, I've been wondering for awhile regarding their situation re: location in the land of Putin. How the heck can they keep the company going? Either they've long ago started on the slippery slope of 'cooperation' in order to keep running or they can get closed down at any point. I don't see any other options. Either it's shit or soon to be shut.
All those points mentioned in the article about personal vulnerabilities, especially where people reside in the aggrieved country, well, where are the key contributors to Kaspersky located? How would you organize the simultaneous exit of all those people and families? And to where?
How do you start a company when the terminal trust issue will be "but they are located where <Godwin> does <analogies>!"? And you're not Godwin and don't even know they exist (yet).
The catch is, the definitions of "good" and "evil" change rapidly. A miscreant group pushing malware vs. state actors pushing malware. Both have their goals. The question is: "which one is really evil?". Yes, they both are which for all intents and purposes, the state will drive the researchers out and leave the populace vulnerable to both the state and the miscreants. Not a good scenario any way you look at it.
What a world we live in... between countries, corporates, and miscreants, we're caught in the middle.