24.9.16

StorageCraft acquiert certains actifs de Gillware Data Services

StorageCraft, de Draper (Utah), qui en début d’année a bénéficié d’un investissement de 187 millions de dollars du fonds TA Associates, compte utiliser une partie de cet argent pour acquérir des actifs de Gillware Data Services. S’agissant d’ une entreprise privée, le montant investi n’a pas été communiqué. StorageCraft compte également louer deux datacenters équipés à la firme de Madison (Wisconsin).
Gillware Data Services a développé Backup Analyzer, une application qui intéresse tout particulièrement l’éditeur de solutions de sauvegarde et de reprise d’activités. C’est ce qu’a déclaré son CEO, Matt Medeiros lors d’un interview. Il a expliqué que les produits de Gillware répondaient aux besoins des entreprises de toutes tailles désireuses d’améliorer la protection de leurs données et de réduire les coûts de cette protection.
Backup Analyzer aide les entreprises à déterminer les données importantes, celles qu’il faut rejeter et celles qui sont les informations en forte croissance. « La croissance des données pousse les entreprises à augmenter toujours plus  le stockage. Même si le prix du stockage est en baisse, le TCO (coût total de possession) connaît une forte augmentation. L’approche d’aujourd’hui, qui met tous les stockages sur le même pied n’est pas efficace, » a ajouté Matt Medeiros.
Les solutions de Gillware Data Services seront faciles à intégrer pour StorageCraft car près de 90% des clients de Gillware Data Services utilisent déjà sa solution de backup et de sauvegarde de données ShadowProtect ainsi que d’autres technologies développées par sa société. Pour répondre aux exigences des 10% restants, Storage Craft continuera la commercialisation de Backup Analyzer en tant qu’offre spécifique. Elle en continuera aussi le développement selon un plan déjà établi par StorageCraft.

La solution crypte les données de bout en bout.

8 years of Android: malware, malicious apps, and how to stay safe



At eight years old, Android is hugely popular. Both with users and attackers
Happy Birthday Android! It has been eight years since the Android project was officially released and introduced to the public – on September 23rd 2008 to be exact. In that short time, Google’s platform has rocked the mobile universe.
As the latest stats from Gartner show, Android now controls over 85% of the smartphone market and is by far the biggest player in the tablet market as well. However, that huge share also has its drawbacks – it makes the operating system very attractive to cyber aggressors, who aren’t sitting idly by and waiting.
cyber aggressors are on a never-ending quest for yet unseen vulnerabilities to exploitInstead they’re coming up with new techniques to attack an increasing number of victims, on a never-ending quest for yet unseen vulnerabilities to exploit. A great example of this surfaced just a few weeks ago at the DEF CON 24 Hacking conference.
White hat security researchers revealed they had found four Android vulnerabilities, collectively naming them QuadRooter. According to their report, any of the four can be exploited by cybercriminals, providing them with access to smartphones and tablets equipped with Qualcomm chipsets, which adds up to around 900 million Android devices.
On top of that, cybercriminals are trying to misuse this situation, luring users into a trap by offering them fake apps promising to fix the security glitch. Unfortunately, that is not what those apps actually do. On the contrary, these programs serve users ads or just make them pay money for nothing. But this kind of deception is nothing new.
Despite the Google Bouncer and human review that work to block malicious content, several fake apps mimicking the popular game Pokémon GO appeared on Google Play. Amid the media-induced hype around the game, most of the copycat apps were serving users scareware, ads and surveys. One of them even froze the target devices and forced users to restart their smartphone by removing the battery.
Social engineering and phishing is also not uncommon when targeting Android users. At the beginning of the year, a fake app on the official market posing as Instagram offered potential downloaders a route to gain followers. However it was actually harvesting their social media account credentials in order to sell them.
Looking at some statistical data from earlier this year, the attackers were able to push over 340 malicious porn clickers into Google Play in just 7 months (between August 2015 and February 2016), with the average number of downloads reaching as high as 3,600 per fake app. These figures may actually be much lower than the true picture given that there are 1.5 million apps on the official app store.
What all these cases have in common is the fact that cybercriminals are trying to copy popular apps in order to attract as many victims as possible. If the malware is uncovered, they’ll often just make a few changes, repack the app and try their luck again. With this technique they are able to repeatedly infect large numbers of users with minimal effort invested into redesigning the malicious code.
The situation is worse at various unofficial markets, where even nastier malware is to be found. Very popular amongst PC-targeting cybercriminals, ransomware has already made its way to mobile platforms and ESET has seen both main types – lock-screen as well as crypto-ransomware.
So what’s the take through eight years of the Android story? The larger the platform and its user base gets, the more it’s targeted by cybercriminals. Thus, hoping for the best and letting its creators keep it secure isn’t enough. Instead, users should go the extra mile and follow a few basic principles to avoid unnecessary trouble:
·         First of all, keep your devices up to date, ideally set them to patch and update automatically, so that you stay protected even if you’re not among the most security savvy users.
·         If possible, stick with Google Play or other reputable app stores. These markets might not be completely free from malicious apps, but you have a fair chance of avoiding them.
·         Prior to installing any app, check its ratings and reviews. Focus on the negative ones, as they often come from legitimate users, while positive feedback is often crafted by the attackers.
·         Focus on the permissions requested by the app. If they seem inadequate for the app’s functions, avoid downloading the app.
·         Use a reputable mobile security solution to protect your device.

22.9.16

5 simple ways you can protect yourself from phishing attacks



As a report from the Anti-Phishing Working Group (APWG) revealed earlier this year, there has been a notable rise in the number phishing attacks. It’s a widespread problem, posing a huge risk to individuals and organizations (there were, for example, more attacks in Q1 2016 than in any other quarter in history).
Needless to say, it’s something we all need to be aware of, as these types of attacks are not going to go away anytime soon. But worry not, as our Top 5 guide will help keep these criminals at bay.
Before we go into that, here’s a brief overview of what phishing is (for more detail, check out this expert feature). In short, it’s a vector for identity theft where cybercriminals try to get users to hand over personal and sensitive information (without them knowing it). Interestingly, phishing has – in one form or another – been around for years via phone calls and physical letter scams.
Cybercriminals have typically deployed phishing attacks post-breach. This was the case with the Anthem and eBay data breaches, where criminals sent out warnings to users advising them to change their passwords (but directing them to a fake website in an attempt to harvest their details).
However, some information security pros now believe that cybercriminals view phishing attacks as a successful (and easy) way of getting into an enterprise to launch more sophisticated attacks. Humans are, after all, increasingly seen as the weakest link (insider threats are a big problem) and thus the most effective target for criminals looking to infiltrate an enterprise or SME.
Follow the tips below and stay better protected against phishing attacks.
1. Be sensible when it comes to phishing attacks
You can significantly reduce the chance of falling victim to phishing attacks by being sensible and smart while browsing online and checking your emails.
For example, as ESET’s Bruce Burrell advises, never click on links, download files or open attachments in emails (or on social media), even if it appears to be from a known, trusted source.
You should never click on links in an email to a website unless you are absolutely sure that it is authentic. If you have any doubt, you should open a new browser window and type the URL into the address bar.
Be wary of emails asking for confidential information – especially if it asks for personal details or banking information. Legitimate organizations, including and especially your bank, will never request sensitive information via email.
2. Watch out for shortened links
You should pay particularly close attention to shortened links, especially on social media. Cybercriminals often use these – from Bitly and other shortening services – to trick you into thinking you are clicking a legitimate link, when in fact you’re being inadvertently directed to a fake site.
You should always place your mouse over a web link in an email to see if you’re actually being sent to the right website – that is, “the one that appears in the email text” is the same as “the one you see when you mouse-over”.
Cybercriminals may use these ‘fake’ sites to steal your entered personal details or to carry out a drive-by-download attack, thus infesting your device with malware.
3. Does that email look suspicious? Read it again
Plenty of phishing emails are fairly obvious. They will be punctuated with plenty of typos, words in capitals and exclamation marks. They may also have an impersonal greeting – think of those ‘Dear Customer’ or ‘Dear Sir/Madam’ salutations – or feature implausible and generally surprising content.
Cybercriminals will often make mistakes in these emails … sometimes even intentionally to get past spam filters, improve responses and weed out the ‘smart’ recipients who won’t fall for the con.
Indeed, it has been rumored that China’s infamous PLA Unit 61398 spends time seeing just how many people would open and interact with their worst phishing emails.
4. Be wary of threats and urgent deadlines
Sometimes a reputable company does need you to do something urgently. For example, in 2014, eBay asked its customers to change their passwords quickly after its data breach.
However, this is an exception to the rule; usually, threats and urgency – especially if coming from what claims to be a legitimate company – are a sign of phishing.
Some of these threats may include notices about a fine, or advising you to do something to stop your account from being closed. Ignore the scare tactics and contact the company separately via a known and trusted channel.
5. Browse securely with HTTPs
You should always, where possible, use a secure website (indicated by https:// and a security “lock” icon in the browser’s address bar) to browse, and especially when submitting sensitive information online, such as credit card details.
You should never use public, unsecured Wi-Fi for banking, shopping or entering personal information online (convenience should not trump safety). When in doubt, use your mobile’s 3/4G or LTE connection.
As a slight aside, it should be easier to spot dodgy, unsecure websites – Google, for example, is looking to crack down on this soon by labeling sites that do not offer appropriate protection.


ESET lance une mise à jour compatible avec macOS Sierra ®


Les produits pour consommateurs ESET Cyber Security et ESET Cyber Security Pro ® ainsi que les produits pour entreprises ESET Endpoint Security pour macOS et ESET Endpoint Antivirus pour macOS sont maintenant totalement compatibles avec le nouveau macOS Sierra de Apple

ESET®, pionnière, à l’échelle internationale, depuis plus de deux décennies, de la protection proactive, lance une mise à jour pour les produits consommateurs ESET Cyber Security et ESET Cyber Security Pro compatibles  avec le nouveau système d’exploitation de Apple, le macOS Sierra. Simultanément , ESET met sur le marché une mise à jour pour ses produits entreprise ESET Endpoint Security pour macOS et ESET Endpoint Antivirus pour macOS.

Grâce à ces mises à jour, l’impressionnante combinaison de la technologie ESET NOD 32® et macOS Sierra continuera à procurer aux utilisateurs de Mac des couches supplémentaires de sécurité, de protection proactive ainsi que des fonctionnalités de détection pour garantir la protection de leur Mac contre les menaces générées par l’Internet.

Pour en savoir plus à propos des produits ESET macOS pour consommateurs, visitez : https://www.eset.com/int/home/for-mac/

Pour en savoir plus à propos des produits ESET macOS pour entreprises, visitez :

Tesla Model S hacked from 12 miles away


By Editor

A team of researchers was able to hack the controls of a Tesla Model S – adjusting the mirrors, locks and, even from a distance of 12 miles, slamming on the brakes.
The Chinese security researchers from Keen Security Labs alerted Tesla to the vulnerability just over a week ago, and the electric vehicle manufacturer moved quickly to patch the flaw.
After the vulnerability was fixed, the researchers went public with a video of their demonstration, showing how the Model S could be targeted wirelessly and remotely.
As reported by The Guardian, the hack targets the car’s controller area network, or CAN bus – the collection of computers found inside modern vehicles that control everything from lights to indicators, windscreen wipers and, most worryingly of all, the brakes.
The attack – which is shown being demonstrated on a Model S P85 and 75D – requires the car to be connected to a malicious Wi-Fi hotspot set up by the hacking team, only possible via the car’s web browser.
Speaking to Reuters, Tesla said that the risk to its customers was “very low”, but it did not stop them from responding quickly.
For their part, Keen praised the company’s “proactive attitude” in dealing with the vulnerability, while also encouraging Tesla drivers to update the firmware of their cars to ensure the issues are fixed and potential risks are avoided.
While Tesla was able to act swiftly and responsibly on this occasion, the security of connected cars remains an important challenge for the auto industry.
Earlier this year, more than 50 automotive experts participated in creating the first ever set of cybersecurity best practices for the industry.
As more vehicles than ever ship with data connections, examples like Tesla and Jeep highlight the need for manufacturers to prioritize security in their latest models.


20.9.16

Talend onthult nieuwe sandbox waarmee organisaties ervaring met big data kunnen verhogen Pre-Packaged, volledig geconfiguree


Pre-Packaged, volledig geconfigureerde toolkit maakt het voor ontwikkelaars eenvoudiger Hadoop, Spark en Machine Learning te testen alvorens vrij te geven voor productie om risico’s te verminderen.

Talend (NASDAQ: TLND), vooraanstaand leverancier van cloud en big data integratiesoftware, introduceert vandaag een voorgeconfigureerde, eenvoudig te gebruiken virtuele omgeving waarmee bedrijven zonder risico’s en kostenloos kunnen experimenteren met de jongste big data technologieën. Talends nieuwe Big Data Sandbox biedt een intuïtieve,  drag&drop, visuele ontwerpomgeving die het eenvoudig maakt om integratie workflows te bouwen. Zij beschikt over ingebouwde big data use cases en een ‘stap-voor-stap gids’ waarmee mensen met weinig kennis toch binnen enkele minuten met Hadoop aan de slag kunnen. Belangstellenden kunnen een gratis proefversie van Talend Big Data Sandbox krijgen.

Onderzoek van Gartner wijst uit dat ‘big data experimenten vereist. Wie begint met een veelomvattende groep business cases en een doordachte strategie kan heel snel voorbijgaan aan nieuwe vindingen proefnemingen. Dat zou ongelukkig zijn,
omdat big data aanpak en technologieën de kans biedt te komen met andere bedrijfsvragen, andere inzichten en andere bedrijfsprocessen.”[1]

"De meeste organisaties vinden het tegenwoordig lastig ervaring op te doen met big data en de voordelen van Hadoop te benutten, omdat zij gebruik maken van een kleine, geschoolde groep medewerkers”, zegt Ashley Stirrup, Chief Marketing Officer van Talend. “Talends Big Data Sandbox overbrugt deze kenniskloof door elke Java-ontwikkelaar in staat te stellen in een paar dagen behendig met Hadoop om te gaan. Talend Big Data Sandbox biedt een eenvoudig te gebruiken proefomgeving
waardoor ontwikkelaars meer begrip krijgen voor de levenscyclus van een big data project door zelf ervaring op te doen met de jongste data-integratie en versnellingstechnologieën.”

Om de beste ROI uit een big data implementatie te halen, moeten IT-leiders een keuze maken voor het gereedschap en de platformen die het beste voldoen aan de bedrijfsbehoeften, en een modern, flexibele IT-omgeving kent die overweg, met de snel veranderende marktomstandigheden. Talend Big Data Sandbox biedt een intuïtieve manier aan ontwikkelaars om te experimenteren met big data technologieën alvorens ze in te zetten in hun bestaande infrastructuur. Proefnemingen met deze virtuele omgeving geeft IT-leiders de mogelijkheden benodigde budgetten, talent en uitrol vast te stellen om te komen tot maximale bedrijfsresultaat en minimale verstoring.

De beperkte installatie- en configuratievereisten zorgen ervoor dat ontwikkelaars binnen een paar minuten met Talend Big Data Sandbox aan de slag kunnen. Bovendien zorgt nieuwe Docker-technologie ervoor dat gebruikers verschillende Hadoop distributie platforms in real-time kunnen vergelijken om te bepalen welke het beste is te gebruiken in de bestaande omgeving. Dockers import/export functionaliteit maakt het mogelijk dat ontwikkelteams eenvoudiger kunnen samenwerken en use case prototypes kunnen delen, alsook de mogelijkheden van gloednieuwe database technologieën als NoSQL te beproeven.
Talend Big Data Sandbox heeft een ‘stap-voor-stap gids’ met vijf kant-en-klare, reële user case scenario’s, inclusief:
       Real-time analyse van data uit meerdere streaming bronnen;
       Real-time, gepersonaliseerde aanbiedingen, gebaseerd op het klantgedrag;
       Clickstream analyse met de mogelijkheid activiteiten te visualiseren, zodat bedrijven preciezer het webverkeer kunnen volgen;
       IT-acties monitoren met Apache weblogs;
       Extract, Transform and Load (ETL) offload prestaties om complexe workload verwerking te versnellen.

Talend toont live demonstraties van zijn Big Data Sandbox op Strata + Hadoop World 2016 in New York in het Jacob Javits Convention Center van  26 t/m 28 september. Wie meer wil weten over hoe Talend de big data integratie vereenvoudigt en de IT-afdeling helpt sneller Hadoop aan te passen aan de veranderende bedrijfsbehoeften kan zich registeren voor de webinar van Talend op 6 oktober.



[1] Gartner Research, “Big Data Strategy: Get Inspired, Get Going, Get Organized,” by Frank Buytendijk, Alexander Linden, Douglas Laney, September 2015. 

Cybersecurity becoming a key boardroom agenda item


An increase in the number of cyberattacks and growing awareness of the threat has made cybersecurity a key boardroom level agenda item.
This is according to a new study from Marsh, which stated that there has been a discernable increase in the understanding of cyberthreats among board members.
In its paper, titled UK Cyber Risk Survey Report: 2016, it revealed that 71.8% of respondents have now included cyberthreats in their top-five or top-10 corporate risk registers. Last year the figure was 45.8%.
There were other positive developments. Marsh also found that 83% of respondents now have “a basic or complete understanding of their company’s exposure to cyber risk”. In 2015 this was 60.8%.
“Increasing awareness is just part of the task facing UK organizations, however, and there is still a great deal of work to be done to improve understanding and management of cyber risk,” the authors of the paper commented.
“While it is encouraging that, today, 30.3% of UK businesses have board-level oversight of cyber risk – a 56% rise on the figure from 12 months ago – IT departments continue to take primary responsibility for the review and management of cyber risks in more than half (55.7%) of organizations.”
Marsh added that it was particularly concerned by the fact that 64.6% of UK enterprises have yet to look into the possible financial implications of a cyberattack.
This paper comes on the back of a similar collaborative study from BT and KPMG, which suggested that businesses need to be aware of the “industrialization of cybercrime”.
“With cybercrime continuing to escalate, a new approach to digital risk is needed – and that means putting yourself in the shoes of attackers,” Mark Hughes, CEO of BT Security, commented in July.
“Businesses need to not only defend against cyberattacks, but also disrupt the criminal organizations that launch those attacks.”


18.9.16

Snowden: 4 big security and privacy assumptions he undermined


Oliver Stone’s movie about Edward Snowden, which opens on Friday, September 16th, 2016, has a lot of people looking back at one of the biggest information security breaches in US history, the one we learned about in June, 2013.
That’s when the UK-based Guardian newspaper published classified information about the mass electronic surveillance activities of the US National Security Agency (NSA) and the UK General Communications Headquarters (GCHQ). That information was leaked to the newspaper by former CIA employee Edward Snowden, who obtained it while working as a security contractor at an NSA facility in Hawaii (he was employed first by Dell and then Booz Allen Hamilton).
I probably won’t get to see Oliver Stone’s Snowden until later next week because I am traveling in Europe (the film, which is billed as a US-German production, doesn’t open over here until September 22). But I am eager to see Snowden for a number of reasons, not least of which is the fact that I have enjoyed some of Stone’s other films and respect his military service. So, I promise to review the movie as soon as I get to see it, but right now I want to discuss four significant security and privacy assumptions that Snowden’s actions, and the resulting revelations, have undermined.
Assumption 1: Organizations can keep secrets digitally
Before June, 2013, most Americans who had heard of the NSA knew it was very secretive. Accordingly, most assumed that it was a very secure organization, known for hiring the brightest minds in cryptography and other security disciplines. Indeed, keeping secrets was implied right there in the mission statement: “to protect US national security systems and to produce foreign signals intelligence” (as recorded in an archive.org snapshot of the nsa.gov homepage taken in May, 2013). The agency refers to itself as the National Security Agency / Central Security Service (NSA/CSS). In other words, it is upfront about its responsibility to be a source, if not the source, of cybersecurity, for the US government and the nation. Hence the tagline: “Defending our Nation. Securing the Future.”
Consequently, the fact that Snowden, an IT professional working for the NSA as an outside contractor, was able to gather together and exfiltrate huge amounts of very secret information from his desk within the agency’s Hawaii facility, was a shock to a lot of people. How was this even possible? Well, Snowden was a trusted user, with extensive access to sensitive systems, and it is hard for any organization to keep secrets when a trusted insider decides to expose them. Yet this challenge is not new, it predates computers and network connectivity. What the Snowden breach showed us was how much technology has increased the difficulty of meeting this challenge; it is many orders of magnitude. Just think about the time and space and resources required to copy and store and move 400,000 pieces of paper from Hawaii to Hong Kong versus doing the same with 400,000 pages of electronic documentation.
Unfortunately, I’m not sure that all organizations have factored the full implications of this massive digital transformation into the way they do business. I would argue that whenever any part of your operations or business strategy depends upon maintaining digital secrecy, there is a serious risk. This could be something seemingly as trivial as the use of email to discuss clients, if exposure of those emails could jeopardize the business. And I would hope that the Snowden breach has deterred companies from storing details of questionable business practices in PowerPoint slides.
The point is that companies need to make sure that their risk analysis of business decisions is both thorough and realistic when it comes to the possibility of digital compromise. The ease with which digital copies of information can be made and disseminated – even by relatively unskilled individuals (think of Manning copying hundreds of thousands of classified documents onto a CD labeled Lady Gaga) – has created an entirely different reality from the analog world we worked in just a few decades ago. The wealth of options that an insider has to choose from if he or she decides to share digital secrets with the outside world is long and continues to grow.
Assumption 2: External attackers are the biggest threat
These days, any computer system attached to the internet is subject to external attack. For example, if you put up a website in the US it is usually just a matter of minutes until it is hit with unauthorized attempts to access the server on which it is running. These attempts often come from IP addresses registered in distant lands, like China and Ukraine, and represent automated scans initiated by folks who want to gain access to other people’s computers for nefarious purposes. That is why the external threat to an organization’s data security, the threat from the outsider, often appears to be greater than the threat from the insider. Or at least, that has been the case ever since companies started to connect their systems to the internet in large numbers. But that was not always the case.
If you’ve followed the history of information security you know that some of the very first “computer crimes” were committed by insiders (there are quotes around computer crimes because some of them were committed before computer crime laws were in place). The first person convicted for damaging data with malicious code was an insider, a programmer at an insurance company who in 1985 wrote and deployed a logic bomb that destroyed 168,000 records after he was fired. Computer security history buffs will also be aware of the longstanding insider/outsider debate. As best I can tell from my research, this started with a comment by someone in law enforcement back in the 1980s who applied the Pareto principle to what was then called computer fraud and abuse, saying that 80% of it was down to insiders, and only 20% was outsiders.
When the Computer Security Institute (CSI) started conducting an annual ‘Computer Crime and Security Survey’ in 1996, a recurring theme was this ratio between internal and external threat. When would external overtake internal? As internal systems were increasingly exposed to the outside world and reports of external attacks – hackers breaking into company computers – began to multiply, security professionals were caught in a dilemma that persists to this day: how to get organizations to ramp up defenses against external attackers while not losing sight of the internal threat. In fact, I wrote an essay on this during my post-graduate studies in security and risk management, from which I have put together some notes and references that might be helpful if you are interested in this problem. The dilemma is still with us, and Snowden reminded us all that we neglect the insider threat at our peril.
Assumption 3: Digital communications are private and secure
Some of my oldest friends in the information security community have always operated under the assumption that anything they communicated digitally could be intercepted. Personally, I recall my frequently reiterated advice to readers back in the early days of email: never send an email that you wouldn’t want your mother to read. My thinking at the time was influenced more by the unreliability of email systems and email users than the machinery of state surveillance. But in the late 1980s I had studied up, as far as possible, on the activities of the NSA and GCHQ as I researched my first computer security book (I remember naively calling GCHQ to ask for information about TEMPEST and getting this response: “There is no such thing sir and what did you say your name was?”). I read Bamford’s Puzzle Palace and Schwartau’s Information Warfare, and anything I could find about Echelon. But I quickly learned that most citizens of the US and the UK were not ready to hear that their government was eavesdropping on them at scale.
And so in some circles there was quite a lot of “I told you so” going on after Mr. Snowden starting releasing internal NSA and GCHQ documents to the press. Here at last was solid confirmation of suspicions that many had kept to themselves for fear of being dismissed as paranoid. Yes, parts of our governments really were trying to monitor all digital communications, seeking to “collect it all” as then head of NSA/CSS Gen. Keith Alexander put it.
As the revelations of secret mass surveillance rolled on throughout the second half of 2013, there was quite a lot of reaction that can be summed up with this phrase: “If you’ve done nothing wrong, you have nothing to worry about.” That statement is unhelpful in too many ways to count here, but consider just one: accumulating information about people is a risky business if you’re doing it digitally, even when you’re doing it legitimately, just ask data breach victims. How do we know it is not going to be compromised?
Assumption 4: Technological innovation is bound to produce solutions to these problems
The Snowden revelations are ongoing, as is the NSA’s struggle to keep secrets, including some of its efforts to secretly subvert commercial products to achieve its goals. Recently we have seen some of its hacking tools exposed, reminding us that not all malware comes from criminal gangs in foreign lands. Our government writes and deploys code designed to gain unauthorized access to systems – something that criminals also do – and code like this doesn’t magically become benign just because you think you have the right to gain unauthorized access. That’s why I dubbed it “righteous malware” in the paper “Malware is called malicious for a reason: The risks of weaponizing code” that I co-authored with Andrew Lee, a veteran security researcher who is now CEO of ESET North America (the paper can be accessed here at IEEE, or as a PDF from the NATO Cooperative Cyber Defense Centre of Excellence).
Righteous malware is an intentionally oxymoronic term intended to capture the reality that righteousness is in the eye of the beholder; where the beholder could be either the writer of the code or the owner of the system that is under attack. And that may be one of the biggest lessons to be learned from the Snowden revelations – it is a mistake to assume that good people will do the right thing, in the right way, with no unwanted consequences, if you just give them the authority to proceed in secret, along with a massive budget. Regardless of whether or not any laws were broken, I would argue that NSA and GCHQ ended up contributing to a perceptible erosion of trust in the privacy and security of digital technology, a phenomenon which threatens to undermine hopes of a better tomorrow through digital technology.
Add in the problem of cybercrime and the current shortage of cyber-skilled workers and what do you get? Some rather dire scenarios start to look plausible. Sure, the world may just limp along, endlessly frustrated by successive generations of flawed technologies that are routinely abused by opportunistic cybercriminals. Or the world’s economy becomes mired in endless recession because its citizens have turned their collective back on the productivity promised by digital technologies, the benefits of which were finally eroded to the tipping point by rampant criminal abuse and unfettered government surveillance.

Whether or there will be any hint of these scenarios in Snowden, the movie, I have no idea. But I will watch it and report back as soon as I can. In the meantime, if you have seen it, please share your thoughts with us by leaving a comment.