THIS IS HISTORY! Check fabien.benetou.fr for news.

Seedea, scalable creativity

Xye, consultancy for serious creators

Information

RSS

(Updates)

back to the article index Page feed

From spyware To zombies

How government driven surveillance is a potential opportunity for cyber-warfare

Introduction

...(to write later on)

Core idea

adding a software for surveillance on a per-network basis add a potential vulnerability to the set of machines there. Security experts, mainly botnet herders (being for profit or military) target machines based on different criteria. One of them being the number of potential machine to gain. Having an identical software on a country-wide scale with network ability leads to think that those security experts would have an extremely high interest in breaking such piece of software.

Side points

There is no perfectly secure software

Being FOSS or even proprietary software with closed sources

There is no need to have a malevolent government to have a problem

Even independently of the opportunity for the government that enforced the usage of the software, there is a risk. That is a crucial point of the argument in the sense that classical critics about the government suddenly changing his course of action despite its initial announcement is not the main threat. The nature of the Internet is to be trans-border. Machines from a French home are potentially connected to a company in New-Zealand.

Why installing a local software is fundamentally different from country-wise filtering

Because is there is a flaw in the filter software, the government has direct physical access to the machine and only a handful (even if strategically very well positioned) of machines are vulnerable. On the other with a local software your automatically generate a network of machine which make it very tempting for techniques that appeared during the recent years : botnets.

Criteria to evaluate the utility of machines

Potential architecture of the software used

Centralized

Government getting logs directly on its servers.

P2P

Each peer checking randomly the content of a random node.

Groups or ISP based

Conclusion

Countries which underestimate the need for security even to the level of the individual user and who rely more on Internet infrastructure will probably have increasing financial losses leading to potential damage to their very own political structure. The question of morals or ethics are sensible on every question or surveillance but in this article we demonstrated that even independently of them, the risk of embedding surveillance tool that are not adapted to the nature of the network itself might be counter-productive, even self-destructive.

Schemas

Inspiration

Framework to integrate

Sources

Actors

Page last modified on June 01, 2010, at 01:58 PM