We can end this new IT security Cold War

For those nostalgic for the spooky side of the Cold War, today's IT security scene provides a pretty good substitute. Once we had spy versus spy, double agents, shadowy figures issuing coded orders, tapped telephones and betrayal. Now we have Edward Snowden versus the NSA, GCHQ intercepting mobile SIMs by the lorry-load, constant alerts from mammoth companies, and governments using 'terrorism' to bypass any oversight as they riffle through our data.

The difference today is that the war's come home. It's on our desktops, in our Androids. The Iron Curtain across Europe has been replaced by the firewall in the hallway.

This isn't just some cute analogy: we civilians are faced with the same challenges as nation states were fifty years ago. Earlier this month, IT news sites were buzzing with the revelation that a subversive organisation called the Equation Group had created and deployed malware that could infect hard disk firmware – the software baked-in to the drives themselves – and run entirely undetectable by the host computer. It's like having an agent under deep cover at the heart of MI6.

And what, precisely, are we as individuals, even as IT experts, supposed to do with this information? Even assessing it is impossible: the news came from a single organisation, Kaspersky Lab, with ties to the Russian security services. There is absolutely no way to verify the claims. The implication is that the Equation Group is either part of or closely associated with the NSA: perhaps so, or perhaps the Russians want us to think so. Who can tell?

Our own people - NSA and GCHQ and the rest of the team documented so engagingly by Snowden – should be helping us. Let's say that there is monitoring software running undetectably on our hard disk, our very own Philby, then what can be done? Actually, there is a technique which is appropriate: traffic analysis. It says that it doesn't matter exactly where a hidden agent is, what it's doing or how well it's hidden, at some point it has to send a message back to base. All you have to do is spot that message: you don't have to decode it or find its source. At that point, you know you've got problems and can take steps to eradicate or block it – and that's worth doing.

Traffic analysis is a powerful tool. It's hard to do well and a sophisticated opponent can do a lot to hide from it, but in the end the legitimate user of a computer can expect to be able see and understand all the connections it makes across the internet. And the people with the best expertise in traffic analysis are those who've been using it since World War II, where it provided valuable information about enemy movements even when Enigma went dark – the security services. But if they're the ones mounting the attack, will they help us?

Of course not. Nobody will.

There are no good guys in this game. The security companies long since worked out that they'll make most money by talking threats up and shipping shoddy tools than by actually fixing the problems – sorry, guys, but your track record is terrible. GCHQ seems to think everyone's the enemy, and security vulnerabilities are too useful to stop. The white hat hackers, whom God preserve, do their best, but they're not co-ordinated and they far prefer exposing errors to creating the tools that shut them down. Like the street vendor who loses his livelihood when Bond drives a tank through his oranges, we're stuck in the middle of a Cold War that's come to visit and come to stay.

It's not entirely bleak. Cyber security is a hot topic among university researchers many of whom, such as Professor Jon Crowcroft at Cambridge, are resolutely committed to wresting the internet back from the bad guys. But it's not as if Cambridge doesn't have its own very mixed history with the security services – and it's ongoing; check out the logo at the bottom of its Cyber-Security Research Group homepage.

In the end, it wasn't the spies or the governments who ended the Cold War. They didn't even see it coming. It was the people who clambered over the Berlin Wall, liberated at last by the inability of their masters to run their own affairs, despite having all the power. And that will be the only way out of the 21st century's own spookfest, when the people say 'enough' and organise themselves to make their own decisions, build their own tools, and stop buying the stories. Once upon a time, this sort of thing used to be known as a user group: we have much better ways to do all that, these days.

If those we trust to look after us won't do the job, we have the right to do it ourselves. It's time to end the war.


« Look before you leap into an Asian IT role this year


My life as a tech teacher - Part 1 »
Rupert Goodwins

Rupert Goodwins expected to be an engineer, but journalism happened. As an engineer, he worked in defence, for Sinclair Research and Amstrad, in startups and for himself. First appearing in print in 1982 and online in 1984,  he's written about all aspects of technology in business for most of the UK nationals and tech magazines, and was most recently editor of ZDNet UK. Tries to solve more problems... See More

  • twt
  • Mail


Do you think your smartphone is making you a workaholic?