FacebookTwitterGoogle+RedditEmail

Of Russian Hackers and Google Cops

by

The recent news that Russian hackers have the usernames and passwords for over a billion users as well as a half billion email accounts wraps up a week of Internet craziness.

Last week, Google revealed that it had turned into police a Google user who had included child pornography on some of his emails. The company made clear that it had been investigating this guy and that its procedures for doing so “cannot violate the privacy of other users”. This week, MicroSoft made a similar announcement about a similar investigation of data stored on its “Cloud” storage system.

It seems these guys can’t refrain from competing in whatever they’re into. It also seems that, as usual, these companies are playing an informational shell game when they explain what they’re doing and the threat it poses.

The most important question all these cases raise is going unanswered (and frequently unasked): what are your privacy and data rights on the Internet and are our governments and companies really protecting those rights?

The fact that child pornography — particularly the production of it — is among the nastiest forms of exploitation conceivable helps cloud the issue. After all, in our society, sexual violation of kids is epidemic one of our every six women or girls in this country has been raped and 15 percent are under the age of 12. Over 90 percent of those kids know their attackers and over half are raped by a family member. Child pornography is a form of rape if not while being seen (which is sick by any definition) but while it is being produced.

Nobody wants this stuff to thrive anywhere. The question is who goes after it and how. Google has an answer and, when analyzed carefully, it’s disturbing.

Texan John Henry Skillern is a sex offender with a Gmail account. The police say he was tagging some email with attached pornographic photos of children and Google turned him in to the National Center for Missing and Exploited Children who then called the cops. They got the arrest warrant and found the material on Skillern’s computer.

There is a large and troubling legal question about his case and others that are similar. Do we punish those who consume this material: people who are, when all is said and done, engaging in a private, individual albeit repugnant obsession? Does going after them really help us stop the people who are actually exploiting these kids: the ones who produce the pornography? While made difficult by the repugnant nature of this kind of material, it’s a question worth pondering.

Still, no matter your answer to that first question, there’s another we should all be asking: is the policing of the Internet the way to combat this and are Internet companies the people to do that?

Few are feeling pain for John Henry Skillern but many are asking that question and particularly asking how Google knew to search his account and in what capacity was it acting? Civil libertarians are up in arms that, by doing the search and investigation, Google has turned itself into a branch of the police.

That’s something to scream about and Internet rights activists are screaming loudly. Google, they’re saying, has no right to police its users if it doesn’t identify itself as a police agency. But that may miss the larger point…and the bigger picture.

Google can police anything because it searches all 400 million Gmail accounts all the time.

Its terms of service read:

“Our automated systems analyse your content (including emails) to provide you personally relevant product features, such as customised search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.” And, it should add, they can also send it to the police if they think it’s illegal.

If you’re doubting that Goggle actually scans your Gmail account, remember that Gmail is a free service to its users who are turned into a kind of captive advertising audience like people chained to their television without the remote that turns off or fast forwards ads. It then sells the ad space and that becomes more enticing to advertisers and more lucrative to Google because it can pinpoint your interests, habits and buying patterns. In short, Gmail is an operation to gather as much information as possible about your life and use it to sell ads.

To be fair, Google insists that it’s not policing all crime — for example, you can do on-line scams and Google won’t investigate until someone else turns you in. But how do you know which crimes it’s watching? And who’s to say it won’t expand that “watch”? When is your political activity, for example, considered “a threat” and what happens when law enforcement people tell Google to turn that material over…or when Google decides it’s in everyone’s best interest to start investigating you themselves?

The larger threat here isn’t that Google is policing its gathered data, it’s that it’s gathering that data. Your privacy and data protection no longer exist with Gmail.

Nor do they exist with MicroSoft’s Cloud technology called “OneDrive”, one of the storage systems using Cloud technology. Cloud storage systems are quickly becoming ubiquitous, especially among mass data users like schools and work places and it’s likely few people actually read the fine print of MicroSoft’s Tems of Service.

One fellow from Pennsylvania (whose details have not been released as this is published) used his OneDrive account to store some child porn. MicroSoft has boasted in the past about its system of image analysis that allows it to quickly analyze the content of every single stored image. That’s the system it used discover this alleged violator and turn him in.

Again, few would shed tears for him but is this image analysis done on your content something you feel comfortable with? Does the fact that MicroSoft staff analyze and log every image of a meeting, demonstration, speech — not to mention every relationship you have — make you feel more “secure”?

What is most disturbing about both these cases is that the companies involved have paid no attention to the atrocious invasion of privacy that makes their investigations possible. The police state, history shows, starts with the combatting of what most people consider real crimes. In their surveillance, stop and frisk street tactics and in the way they disrespect and plow into our data, the powerful of our society clearly have constructed a technology that makes a police state much more than possible.

Those who feel “safer” that these companies are doing this — and based on article and blog responses, it seems they’re numerous — should remember that the people who are going after the criminals are more than capable of greater and more destructive crimes. They, too, should be controlled.

Meanwhile, the Russian hacker community has been busy and has managed to draw huge amounts of attention to itself with a mega-hack that stole the passwords of over a billion users. The group, we are told, used what is called an “sql injection” — a nasty piece of code designed to make vulnerable all the information from a database. The theft was discovered by a security company called Hold Security.

All told, the hackers lifted an estimated 1.2 billion user/passwords combinations as well as a half billion email addresses from 420,000 websites ranging from those of large companies to private sites.

The hacker group, reportedly a fairly small collective of techies in Central Russia, started out in 2011 by buying lists of credentials on the black market but in April of this year, they graduated to doing their own dirty-work. Using “botnets” — networks of zombie computers that have been infected with a computer virus — they trolled the Internet looking for vulnerable websites. Once their zombies found a potential victim site, they infected it with the sql injection and then specialists from their group returned to the site to lift all the information.

In reality, there’s nothing particularly sophisticated about the hack. The technology is readily available and all you really need are the vulnerable websites.

So far they appear to only be using their data to send spam to social networking sites like Twitter — a service they perform for companies for a fee. But, if they haven’t started selling that information on the black market, they probably soon will.

There’s been a predictable outcry about passwords now “not being enough security” and the need to generally implement fingerprint or other “personal identification” software for security. But that kind of “security” is dangerous since it develops a databank of citizen identification that is nightmarishly dystopian. You want everyone to have your fingerprints?

In fact, the problem isn’t the password protocol; it’s the way information is being stored by lazy, greedy and arrogant companies. If you hack a database of passwords that are all encrypted, you simply aren’t going to get any of that password information reliably. Encryption works; most companies that store mass data don’t use it effectively.

So rather than flirt with technology that threatens our privacy and real security more than this threat does, it’s better to attack the real problem and that’s something you can do yourself. The rules oft stated here apply:

* change your passwords frequently (and do that now)

* try not to use the same password across all your sensitive websites

* use encryption as much as possible in email

* make sure any on-line forms you fill out use encryption and that companies that you give your credentials to guarantee storage of encrypted passwords

* make sure your providers have fully protected data storage methods

With all the electronic devices and household security systems, you still need a lock on the door and a good lock, after all this time, still provides most of us the security we need. On the Internet, the password and encryption of our data is the lock and, while we are fighting to protect ourselves against surveillance and invasion of privacy,  it’s important to make sure that lock is installed, working and being used.

Alfredo Lopez writes about technology issues for This Can’t Be Happening!

Alfredo Lopez writes about technology issues for This Can’t Be Happening!

More articles by:

CounterPunch Magazine

minimag-edit

August 30, 2016
Russell Mokhiber
Matt Funiciello and the Giant Sucking Sound Coming Off Lake Champlain
Mike Whitney
Three Cheers for Kaepernick: Is Sitting During the National Anthem an Acceptable Form of Protest?
Alice Bach
Sorrow and Grace in Palestine
Richard Moser
Transformative Movement Culture and the Inside/Outside Strategy: Do We Want to Win the Argument or Build the Movement?
Nozomi Hayase
Pathology, Incorporated: the Facade of American Democracy
David Swanson
Fredric Jameson’s War Machine
Jan Oberg
How Did the West Survive a Much Stronger Soviet Union and Warsaw Pact?
Linda Gunter
The Racism of the Nagasaki and Hiroshima Bombings
Dmitry Kovalevich
In Ukraine: Independence From the People
Omar Kassem
Turkey Breaks Out in Jarablus as Fear and Loathing Grip Europe
George Wuerthner
A Birthday Gift to the National Parks: the Maine Woods National Monument
Logan Glitterbomb
Indigenous Property Rights and the Dakota Access Pipeline
National Lawyers Guild
Solidarity with Standing Rock Sioux Tribe against Dakota Access Pipeline
Paul Messersmith-Glavin
100 in Anarchist Years
August 29, 2016
Eric Draitser
Hillary and the Clinton Foundation: Exemplars of America’s Political Rot
Patrick Timmons
Dildos on Campus, Gun in the Library: the New York Times and the Texas Gun War
Jack Rasmus
Bernie Sanders ‘OR’ Revolution: a Statement or a Question?
Richard Moser
Strategic Choreography and Inside/Outside Organizers
Nigel Clarke
President Obama’s “Now Watch This Drive” Moment
Robert Fisk
Iraq’s Willing Executioners
Wahid Azal
The Banality of Evil and the Ivory Tower Masterminds of the 1953 Coup d’Etat in Iran
Farzana Versey
Romancing the Activist
Frances Madeson
Meet the Geronimos: Apache Leader’s Descendants Talk About Living With the Legacy
Nauman Sadiq
The War on Terror and the Carter Doctrine
Lawrence Wittner
Does the Democratic Party Have a Progressive Platform–and Does It Matter?
Marjorie Cohn
Death to the Death Penalty in California
Winslow Myers
Asking the Right Questions
Rivera Sun
The Sane Candidate: Which Representatives Will End the Endless Wars?
Linn Washington Jr.
Philadelphia District Attorney Hammered for Hypocrisy
Binoy Kampmark
Banning Burkinis: the Politics of Beachwear
Weekend Edition
August 26, 2016
Friday - Sunday
Louisa Willcox
The Unbearable Killing of Yellowstone’s Grizzlies: 2015 Shatters Records for Bear Deaths
Paul Buhle
In the Shadow of the CIA: Liberalism’s Big Embarrassing Moment
Rob Urie
Crisis and Opportunity
Charles Pierson
Wedding Crashers Who Kill
Richard Moser
What is the Inside/Outside Strategy?
Dirk Bezemer – Michael Hudson
Finance is Not the Economy
Jeffrey St. Clair
Roaming Charges: Bernie’s Used Cars
Margaret Kimberley
Hillary and Colin: the War Criminal Charade
Patrick Cockburn
Turkey’s Foray into Syria: a Gamble in a Very Dangerous Game
Ishmael Reed
Birther Tries to Flim Flam Blacks  
Brian Terrell
What Makes a Hate Group?
Andrew Levine
How Donald Trump Can Still be a Hero: Force the Guardians of the Duopoly to Open Up the Debates
Howard Lisnoff
Trouble in Political Paradise
Terry Tempest Williams
Will Our National Parks Survive the Next 100 Years?
Ben Debney
The Swimsuit that Overthrew the State
FacebookTwitterGoogle+RedditEmail