Sometimes I wonder just how bad the news about government spying can get. The answer was in my inbox this morning. I quickly ran out of superlatives: Awful. Terrible. Appalling. Dreadful.
The article in question reported that for most of the last two decades, the National Security Agency (NSA) has been deliberately infecting the “firmware” that runs most common hard drives, including those made by Seagate, Western Digital, IBM, Toshiba, Samsung and Maxtor. There’s a 99% chance that the computer you’re using has one of those in it. Mine has four.
The malware campaign, called “Equation,” has infected tens of thousands of public and private computers in more than 30 countries. And it allows the NSA to read everything on those machines at will.
Unless you’ve done one simple thing to thwart them…
NSA Surveillance: A Big, White Lie
So how does the NSA get away with this sort of thing? By lying and abusing its legal authority.
According to Kaspersky Labs, a highly-respected Russian anti-malware outfit, ex-NSA sources confirmed that agents pose as software developers to trick hard drive manufacturers into supplying source code, which they would then modify and deploy. Even worse, the agency often simply keeps a copy of the code when it does mandatory “code audits” on behalf of Pentagon procurement departments.
Hacks like this — which basically make the entire world’s information grid vulnerable to U.S. government spying — are why Phil Zimmermann, creator of email encryption software Pretty Good Privacy (PGP) and now president and co-founder of secure cellphone company Silent Circle, says: “Intelligence agencies have never had it so good.”
But the good times depend on computer users ignoring the one thing that can make even a wide-open computer useless to the NSA or other spies.
Your Keys to the Digital Kingdom
Imagine a world where you could leave your house, your car, even your safe unlocked at all times. All you’d need is a technology that would make the things inside those places unusable to a thief. The lock on your front door would be redundant, because nobody could use your property even if they got their hands on it.
The technology needed to make your digital property secure — even if the front door is pried open by hacks like “Equation” — already exists. In fact, it’s been around even longer than Equation … since June 5, 1991, to be exact. That’s the day Phil Zimmermann released encryption software PGP to his friends, who then distributed it worldwide.
PGP and the many encryption programs that are its progeny make anything stored on your computer, or transmitted by email, instant message and voice-over-internet — anything digital — unusable to a spy or thief. They turn digital information into useless gibberish that can be unlocked only with a special key. The NSA could walk right in and rummage around, but would be unable to read a thing.
Relying on Inaction
The NSA isn’t the only gang trying to break open digital doors. Also in my inbox this morning was a report on a group of hackers who may have stolen $1 billion from more than 100 banks in 30 countries, the “biggest bank heist in history.”
Both the NSA and the digital bank robbers rely on one thing to get away with their misdeeds: That their targets don’t use good encryption.
As amazing as it seems in this day and age, the banks targeted by the hackers relied on old-fashioned “locks” on their digital front doors — passwords — but failed to encrypt the client information and account details stored behind them. Once the banks’ passwords were compromised, the hackers could pillage at will, often by stealing a few cents at a time from millions of accounts, making them virtually undetectable for long periods.
It’s just that sort of inaction that the NSA and other privacy vampires need in order to remain in business.
In Us We Trust
The easiest way to get started on the route to digital sovereignty is to explore some of the options freely available here. You could have your hard drive protected in the time it takes to read this article.
The “Equation” revelations prove that our own government is prepared to lie and cheat in order to steal our privacy from us. Imagine what they would do if they were really motivated … say by an executive order to implement wealth confiscation.
It’d be too late then to write your Congressman. But if you were using good encryption to protect your digital assets, it wouldn’t matter.
That’s because you’d be able to exercise a “Veto of One,” the ultimate goal of every sovereign individual.
Offshore and Asset Protection Editor