Monday, June 19, 2017

Hackers Will Hack

I wonder whether British Prime Minister Theresa May is as misinformed as she appears? Does she actually hope to control the internet? Apparently nobody told her that it is too late to even try. 

Bureaucrats who plot to impose backdoors in our software pretend that those backdoors cannot be cracked by hackers or by intelligence agencies. It may become a game of whack a mole, but no backdoor will remain uncompromised.

It has to be asked whether technocrats actually believe that the public will use software that is compromised? Secure open source solutions will emerge to compete, and we will vote with our wallets to use them instead. ProtonMail is one example, as is the GPG Suite for Apple Mail. Surely they know this. 

Even if companies like Microsoft and Google can be suborned to facilitate government backdoors, they will fear inevitable exposure. The inevitability of their exposure includes a forbidding economic and reputational cost. It is this fact, which software companies like Microsoft and Google understand very well, that informs their own resistance to government imposed backdoors.

Considering recent events, does anyone actually believe that backdoors will not be exposed by patriots within intelligence agencies? Never forget that there are factions within the deep state. Not all of them conspire to tear down President Donald J. Trump. 

Some of them are cypherpunks, loyal to the digital literati, to we, the digital proletariat. Some of them are sympathetic to the alt-right, and to the alternative media that you are reading at this precise moment. 

Even President Donald J. Trump​ has his own adherents in the deep state, and they are leaking to 4chan, to InfoWars, to Steve Pieczenik, to Roger Stone, to Mike Cernovich, to Jack Posobiec, to David Seaman, and even to me

Consider the last ten years of breaches published by WikiLeaks. Any backdoors created in encryption regimes will be compromised. Vault 7 proves it. Snowden proves it. Manning proves it. The Shadow Brokers prove it. Even  the recently arrested NSA leaker Reality Winner proves it. Leakers will leak. Daily deep state leaks to The New York Times and to The Washington Post prove it. 

We all see where this is going. In response, politicians will abuse Terrorism™ to justify huge investments in surveillance technology. Our compliant Congress will allocate massive black budgets, failing to exercise any degree of effective oversight, and these surveillance technologies will devastate the civil liberties of everybody else. Meaning us. 

Our best defense, of course, is the factor that governments fear and seek to undermine: encryption. 

If you correspond with me, you will notice that I include a PGP fingerprint at the bottom of every email. 

1B92CCE6D7FD8AC47E0B661DAC2E605DAA735DF0

On all my web pages, I link to KeyBase.io. KeyBase makes encrypted correspondence dead simple. Anybody can do it. 

If I need to discuss something sensitive, something financial, something private, I can do so. And I make no apologies for it, and I make no explanations. I reserve the right to be private, and it will be difficult for any state, any government, any authority, to stop me. 

What Mrs. Theresa May may not understand is that the self-repairing character of the internet means that it literally cannot be controlled. The internet routes around what it interprets as damage, and our packets take the cheapest route to their destination. This is inherent in its design.

The clearnet internet can be shadowed, and the Snowden disclosures confirm that NSA is using TREASUREMAP to do just that. NSA's FAIRVIEW confirms that all domestic internet traffic can be sniffed. But this does not mean that the global clearnet can be controlled. 

This slide from a briefing deck exfiltrated by Edward Snowden, just one example from the family jewels of NSA, explains TREASUREMAP, which seeks to shadow the entirety of the global internet. It was classified (TS) Top Secret, (SI) Signals Intelligence, related to the US intelligence community and to the SIGINT alliance Five Eye (FVEY). 

Mrs. May may succeed in imposing encryption bans within the UK, balkanizing a geographical segment of the clearnet. The Great Firewall of China, the digital wall, is one model. But even the Great Firewall has gaping technological holes in it. 

The Chinese literati use encryption, Virtual Private Networks (VPN) and TOR, The Onion Router, to defeat their Great Wall. "To stay unblocked in China is an endless rat race," one operator of VPNs said

Someday, the UN may succeed in imposing encryption bans worldwide. But there will always be a cabal of the digital proletariat who will find ways around it, through it, beneath it. Software engineers, network engineers, hackers, will distribute encryption solutions, software code classified as munitions, and no government, no intelligence agency, no human agency, can stop them.

Those of us who insist on using encryption at our whim cannot be stopped. How can I make such a statement with such confidence? Because of the deep web

We must all remember that the deep web represents the majority of the internet, analogous to an iceberg. It is unmapped. It is unmanageable. It is, literally, chaos. 

All manner of malfeasance happens on the deep web. Drug deals, child porn, death porn, software exploits, false IDs. But also, much legitimate private business. Dissidents in totalitarian countries use the deep web, as do government cyber specialists. 

The deep web is accessible to users of the encrypted network TOR.  While the US Naval Research Laboratory invented TOR, it is too late for any government agency to control it. Again, a genie got out of the bottle, and it cannot be put back in. 

No government can block the deep web. Indeed the biggest obstacle to wider usage of the deep web is the technical complexity involved in accessing it. 

Yes, governments succeed in compromising some dark web services. Silk Road and Silk Road 2.0 are the obvious examples. But how many more remain undetected? How many remain flourishing bastions of criminality? Nobody knows. 

Global surveillance is not the solution. Abrogating our civil liberties are not the solution.

Global surveillance will fail. Hackers will ensure that it fails, whether they are black hat hackers or white hat hackers or grey hat hackers. 

NSA tries to identify them and to hire them, and this is smart, but even those problematic geniuses cannot be trusted or controlled all the time. Vault 7 proves that. Snowden proves that. 

Who will you bet on? On the government hackers in intelligence agencies? Or on some 14 year old genius pecking at his keyboard in his parent's basement eating Cheetos? 

I got to go with the kid. Hackers will hack. 

It is part of the human condition. 

Originally published on Facebook by Estéban Trujillo de Gutiérrez · June 7 at 3:50am ·

=========





0 Comments:

Post a Comment

<< Home