Cyber Security
Cyber security

Why should the Vault 7 leaks bother you?

illustrations: Kazi Tahsin Agaz Apurbo

What does the publication of 8,571 confidential documents of the US Central Intelligence Agency (CIA), including its hacking programme, mean to a third-world normie like you, safe in your cushy corner of Dhaka where the internet connection isn't even that great? After all, you have nothing remotely criminal on your computer and have nothing to be afraid of. 

While we Bangladeshis needn't get our collective knickers in a twist, the implications of the leaks are alarming: it means that our data is becoming increasingly more vulnerable, and that the state authorities put in place to preserve civilian safety have put those lives at risk. So why should the CIA's ability to hack and take control of smartphones, web browsers or operating systems bypassing anti-virus software bother you, you ask?

CIA didn't disclose vulnerabilities to companies for repair

Year Zero, the first part of the Vault 7 dump, “introduces the scope and direction of the CIA's global covert hacking programme, its malware arsenal and dozens of 'zero day' weaponised exploits against a wide range of US and European company products, including Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.” After the NSA's illegal surveillance techniques were leaked to the public in 2013, the US government promised to disclose serious vulnerabilities, exploits, bugs or zero days for the protection of consumers and critical infrastructure. The news of exploits can spread around the world in seconds, and if undisclosed, put civilians at the mercy of cyber criminals and rival nations—anyone can exploit them.

Cybercrime and computer flaws are in fact two sides of the same coin. Last Saturday, Edward Snowden tweeted a study by Harvard that found vulnerabilities like those that the CIA hid from companies are increasingly abused by other hackers. A 20 percent rediscovery rate for high and critical severity bugs in 2016 basically means there is a one in five chance that a hacker can exploit the same flaws as the government.

Perhaps the CIA's nonchalance about the fates of private individuals is epitomised by how it actually paid to retain the holes in our tech devices for future use, or its adolescent side commentary in the documents: “You know we got the dankest Trojans and collection tools.”

Data has been, can be, and will be misused

While no one is undermining the legitimate purposes of government surveillance, history, even the recent past, has shown that information need not even be criminal to be targeted. Internal memos of the British government show staff abusing their powers for things like finding addresses to send birthday cards and checking details of family members for personal convenience (The Verge, November 2016). The NSA admitted to its employees intentionally misusing the agency's surveillance power to snoop on love interests, and even random foreign women without any valid reason.

While some trespassings are not necessarily of national interest, others just about equate to racial profiling. Government records obtained by the American Civil Liberties Union (ACLU) found that Facebook, Twitter and Instagram had given users' data to Geofeedia, a controversial social media monitoring company that aids police surveillance programmes and targets South Asian, Muslims, Sikh and Black protestors. Geofeedia's marketing materials referred to unions and activists as “overt threats” and claimed that the product can help monitor the “Ferguson situation” (The Guardian, October 11, 2016).

Although social media monitoring in Bangladesh is perhaps nowhere near as well-financed and organised, non-violent online activity has been known to get people thrown in jail on multiple instances. Only last May, a young woman was sent to prison in Kushtia on account of a 'blasphemous' Facebook status, whereas in 2015, a Jahangirnagar teacher was sentenced to three years in prison for a 2011 post “related to road crashes and accusing the government of awarding drivers with licenses without tests” (The Daily Star, August 12, 2015).

Indeed, these highly accessible exploits exposed by the CIA combined with the increasing surveillance of governments symbolise a threat to democratic power. With the state fattening its store of civilian information, there is a shift in the balance of power that is not in favour of the people and democracy. When you penalise a person for criticising the powers at play, have you effectively doused the flames of an all-annihilating anarchy or silenced the voice of a socially conscious citizen with a valid concern? Is it imminent crime that has been impeded or the right to have an opinion about one's own circumstances?

Far reaching consequences

In his statement on the Vault 7 leaks, Julian Assange commented, “Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade.” And indeed, the leaked documents show that hacking tools and programmes have already been exported to countries such as Australia, Canada, New Zealand, and the UK, and are fully exposed for cyber criminals to abuse for blackmail, identity theft, etc. The leaks of the Vault 7 documents aim to continue the debate and judicial reform in surveillance that was triggered after the NSA leaks. But in a country like Bangladesh, where civilians are not even aware of the extent of surveillance done upon them, where they have been ostracised and persecuted for expressing their opinions, the implications are dire—self-censorship and total uncertainty in fear of a government crackdown. In light of the legalisation and extension of rampant and mass surveillance, the debate of oversight and accountability is one that every country and its citizens, not just the US, must be having right now. 

 

The writer is In-charge of the career publication of The Daily Star. 

Comments

Cyber security

Why should the Vault 7 leaks bother you?

illustrations: Kazi Tahsin Agaz Apurbo

What does the publication of 8,571 confidential documents of the US Central Intelligence Agency (CIA), including its hacking programme, mean to a third-world normie like you, safe in your cushy corner of Dhaka where the internet connection isn't even that great? After all, you have nothing remotely criminal on your computer and have nothing to be afraid of. 

While we Bangladeshis needn't get our collective knickers in a twist, the implications of the leaks are alarming: it means that our data is becoming increasingly more vulnerable, and that the state authorities put in place to preserve civilian safety have put those lives at risk. So why should the CIA's ability to hack and take control of smartphones, web browsers or operating systems bypassing anti-virus software bother you, you ask?

CIA didn't disclose vulnerabilities to companies for repair

Year Zero, the first part of the Vault 7 dump, “introduces the scope and direction of the CIA's global covert hacking programme, its malware arsenal and dozens of 'zero day' weaponised exploits against a wide range of US and European company products, including Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.” After the NSA's illegal surveillance techniques were leaked to the public in 2013, the US government promised to disclose serious vulnerabilities, exploits, bugs or zero days for the protection of consumers and critical infrastructure. The news of exploits can spread around the world in seconds, and if undisclosed, put civilians at the mercy of cyber criminals and rival nations—anyone can exploit them.

Cybercrime and computer flaws are in fact two sides of the same coin. Last Saturday, Edward Snowden tweeted a study by Harvard that found vulnerabilities like those that the CIA hid from companies are increasingly abused by other hackers. A 20 percent rediscovery rate for high and critical severity bugs in 2016 basically means there is a one in five chance that a hacker can exploit the same flaws as the government.

Perhaps the CIA's nonchalance about the fates of private individuals is epitomised by how it actually paid to retain the holes in our tech devices for future use, or its adolescent side commentary in the documents: “You know we got the dankest Trojans and collection tools.”

Data has been, can be, and will be misused

While no one is undermining the legitimate purposes of government surveillance, history, even the recent past, has shown that information need not even be criminal to be targeted. Internal memos of the British government show staff abusing their powers for things like finding addresses to send birthday cards and checking details of family members for personal convenience (The Verge, November 2016). The NSA admitted to its employees intentionally misusing the agency's surveillance power to snoop on love interests, and even random foreign women without any valid reason.

While some trespassings are not necessarily of national interest, others just about equate to racial profiling. Government records obtained by the American Civil Liberties Union (ACLU) found that Facebook, Twitter and Instagram had given users' data to Geofeedia, a controversial social media monitoring company that aids police surveillance programmes and targets South Asian, Muslims, Sikh and Black protestors. Geofeedia's marketing materials referred to unions and activists as “overt threats” and claimed that the product can help monitor the “Ferguson situation” (The Guardian, October 11, 2016).

Although social media monitoring in Bangladesh is perhaps nowhere near as well-financed and organised, non-violent online activity has been known to get people thrown in jail on multiple instances. Only last May, a young woman was sent to prison in Kushtia on account of a 'blasphemous' Facebook status, whereas in 2015, a Jahangirnagar teacher was sentenced to three years in prison for a 2011 post “related to road crashes and accusing the government of awarding drivers with licenses without tests” (The Daily Star, August 12, 2015).

Indeed, these highly accessible exploits exposed by the CIA combined with the increasing surveillance of governments symbolise a threat to democratic power. With the state fattening its store of civilian information, there is a shift in the balance of power that is not in favour of the people and democracy. When you penalise a person for criticising the powers at play, have you effectively doused the flames of an all-annihilating anarchy or silenced the voice of a socially conscious citizen with a valid concern? Is it imminent crime that has been impeded or the right to have an opinion about one's own circumstances?

Far reaching consequences

In his statement on the Vault 7 leaks, Julian Assange commented, “Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade.” And indeed, the leaked documents show that hacking tools and programmes have already been exported to countries such as Australia, Canada, New Zealand, and the UK, and are fully exposed for cyber criminals to abuse for blackmail, identity theft, etc. The leaks of the Vault 7 documents aim to continue the debate and judicial reform in surveillance that was triggered after the NSA leaks. But in a country like Bangladesh, where civilians are not even aware of the extent of surveillance done upon them, where they have been ostracised and persecuted for expressing their opinions, the implications are dire—self-censorship and total uncertainty in fear of a government crackdown. In light of the legalisation and extension of rampant and mass surveillance, the debate of oversight and accountability is one that every country and its citizens, not just the US, must be having right now. 

 

The writer is In-charge of the career publication of The Daily Star. 

Comments

বছরখানেক সময় পেলে সংস্কার কাজগুলো করে যাব: আইন উপদেষ্টা

আইন উপদেষ্টা বলেন, দেশে যদি প্রতি পাঁচ বছর পর পর সুষ্ঠু নির্বাচন হতো এবং নির্বাচিত দল সরকার গঠন করত, তাহলে ক্ষমতাসীন দল বিচার বিভাগকে ব্যবহার করে এতটা স্বৈরাচারী আচরণ করতে পারত না।

১ ঘণ্টা আগে