Backdoors and Other Infrastructure Failures

Gawker says it’s time to panic.  And really, if you look at all the bizarre happenings last week, you might think they were the harbingers of some sort of digital end times, as foretold by the Books of Cameron and Wachowksi.  Computer screw ups at the NYSE, United Airlines, the Wall Street Journal’s site, stranded New York City subways, Washington, DC power outages—it was a day of mysterious electronics failures at major centers of infrastructure.

Well, that’s what they’re calling them, anyhow.  It may very well be as the official rulings state, but I won’t be surprised if these entities come out several months from now (or, more likely, have their emails hacked) to reveal that these incidents were actually the work of malicious actors.  Even if not, though—even if the NYSE did experience a gateway software compatibility glitch that led to four hours of downtime, the increasingly frequent instances of network outage remains an issue itself.  Especially when it comes to things like air transport and medical devices, which can result in serious, real world damages if their networks aren’t functioning properly.  David Erickson of Forward Networks attributes these troubles to the ever greater complexity and lack of coordination within a company’s operating systems.  Speaking to Popular Science, Erickson says “You’ve now got organizations that have thousands or tens of thousands of devices that are moving packets: routers, switchers, firewalls–you name it, and each of these things has upwards of between 1,000 and 1,000,000 or more rules that actually define the behavior of how what it does with packets as they come in and out.”

And, of course, the ones in charge of rolling out these cyber labyrinths and maintaining them are imperfect humans.

All of which, all these stories, goes to demonstrate just how relevant these things have become in our lives—a maxim so overdone to the point of boredom, Hollywood wants to make a film franchise out of it.

Really, though, if it wasn’t clear enough, you need look no further than the recent IRS and OPM breaches for evidence: incidents affecting millions.  Speaking of which, it’s failures like these that make me skeptical of the arguments of law enforcement and intelligence agency officials in the ongoing debate between those parties and security experts.  Since companies like Apple and Microsoft have been moving more and more to encrypt their customers’ data—to protect it both from hackers and the government surveillance practices Edward Snowden brought into the spotlight—organizations like the FBI and Justice Department claim the need for special access backdoors into the software.  The long and short of it is that they object to fully encrypted, completely impenetrable devices, citing the difficulty this would bring in trying to do their jobs.

On one hand, I can sympathize with their concerns.  I certainly don’t want terrorist plots going unfoiled.  But, even with the best of intentions, I don’t know if it’s best to let that particular genie out of the bottle.  More doors mean more points of access open to anyone with enough skill.  As always, it goes back to that old Ben Franklin-ism about liberty and security and deserving neither.  It’s a hard debate to resolve.

Fortunately, I don’t have to.  Although I will say that stories like what’s come out about Italian security firm Hacking Team, and their shady dealings with both abusive governments and even “friendly” ones, do make me a bit more wary.  After all, if you can’t trust a group that sets up a spy network for the Italian National Military Police by appropriating Internet address space from a web provider known as a haven for spammers and malicious software, who can you trust?

By: Jonathan Weicher