Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Intelligent Machines

The Cyber Security Industrial Complex

Documents point to a huge industry that provides online surveillance tools to governments and police agencies.

A claim by Wikileaks that documents it released last week provide evidence of a “secret new industry” of mass surveillance was as breathless as previous pronouncements from Julian Assange’s organization. But the material does provide a stark reminder that our online activities are easily snooped upon, and suggests that governments or police around the world can easily go shopping for tools to capture whatever information they want from us.

The take-home for ordinary computer users is that the privacy and security safeguards they use—including passwords and even encryption tools—present only minor obstacles to what one researcher calls the “cyber security industrial complex.”

“There is no true privacy in any computing systems against determined government-level surveillance,” says Radu Sion, a computer scientist at Stony Brook University who directs its Network Security and Applied Cryptography Laboratory. He says that as computing systems become more complex, and reliant on components from many different suppliers, the number of vulnerabilities that can be exploited by attackers and surveillance tools will grow.

The 287 documents released by Wikileaks come from 160 companies in 25 countries. They detail various commercial products and services offered to governments and law enforcement officials interested in intercepting online communications or eavesdropping on computer use. Wikileaks founder Julian Assange described the documents as unmasking a “international mass surveillance industry.” In fact, many of the companies named have been discussed in public before, for example, Blue Coat, a U.S. company whose corporate network filters have been used by the Syrian regime to censor the Internet inside the nation’s borders and spy on dissidents. However, the Wikileaks release was still noteworthy because of its breadth and level of detail.

Marketing materials from a German company, DigiTask, are a typical offering from the new Wikileaks haul. They describe how the company’s software—installed on users’ computers by taking advantage of newly found software defects known as “zero day exploits”—could steal encryption keys to let law enforcement or governments eavesdrop. The same method was used against security software company RSA earlier this year in an apparent attempt to compromise U.S. defense contractors.

The Wikileaks release also included material from Paladion, based in India, containing claims that the company could trace encrypted banking transactions and Gmail messages.

Ron Deibert, director of Internet think-tank Citizen Lab at the University of Toronto, has long studied the global spread of such technologies and their ready adoption by governments. The technologies on offer include social networking mapping, cell phone tracking, location tracking, and so-called “deep packet inspection” techniques used to read the content of passing Internet traffic.

The growing role of the Internet in everyday life and business is creating a rich trove of digital information about people, companies, and nations, Deibert noted in a recent blog post. “Unsurprisingly, a massive cyber industrial complex has sprouted around the commercial exploitation of [it],” he wrote. Deibert notes that censoring the Web used to be considered an undertaking for only hubristic, authoritarian regimes, but is now being considered by defense departments worldwide being courted by corporations like those featured in the new Wikileaks documents.

Hear more about security from the experts at the EmTech Digital Conference, March 26-27, 2018 in San Francisco.

Learn more and register
More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.