When news came out about whistle blower Snowden releasing “classified” information about PRISM and the NSA recording conversations from the American public, I was one of many in the IT industry who responded with, “ummmmm, yeah, duh, why is this getting so much publicity?” When only a few months prior the government started warning US companies not to buy Huawei hardware due to “security loopholes built into their hardware”, effectively giving the Chinese government visibility into anything that traversed through their switches and routers, my response was, “ummmmm, yeah, duh, and you think the massive US manufacturers such as Cisco, Juniper and Intel or Israeli manufacturers aren’t affording their own intelligence agencies with the same type of backdoor access and visibility to these devices and the data that traverses over them?”
Reality is hackers of all flavors and creeds have been able to find ways to get into almost any and every system that touches the public internet since its invention. About a decade ago for example we now know Chinese and Eastern European hackers were hiding malicious code within Adobe and Microsoft software, letting it “sleep” until the product was in enough hands for a trigger to start infecting the host and exploiting the data it uncovered. In this way, even private intranets of massive corporations and nearly every government around the world has been and still is unwittingly vulnerable. The general public doesn’t hear about 99.9% of the large scale attacks that occur every day in fact because the digital economy plays such a gigantic role in our society and current “way of life.” How would the public react if they knew just how insecure things were or just how much of their digital life is being tracked, recorded and leveraged every moment of every day?
Another interesting caveat here is that most of those I know in the industry have heard first hand accounts of hackers who were caught in the act by their local governments and blackmailed into serving an agenda they do not agree with to avoid massive fines and spending time behind bars. No different than the con artist Frank Abagnale Jr., who the movie “Catch me if You Can” was based off of, joining forces with the FBI after being caught mostly to stave off the boredom of prison life.
Knowing and following all this, for the past decade or so I’ve been living under the assumption that my entire digital life (email, cell phone, laptop, ect.) can be tracked and hacked by individuals and both private and public intelligence organizations without my consent once I connect to the internet. When I would tell others of this reality, more often than not I was labeled a “conspiracy theorist” and laughed at. Knowing this for the bulk of my professional career however was disconcerting, but it only helped me be more careful with what content from my personal life I shared online or recorded through my mobile devices. It also made me question what I really had to hide?
All this monitoring is clearly a violation of our constitutional rights, though I’ve never been one to believe certain agencies within our government really cared about my personal rights or privacy in the first place. This was solidified for me after The Patriot Act was shoved through Congress so abruptly after 9/11 and “National Security” became the mantra to now justify any action by any agency digging where they do not have consent.
My hope here with this post is that those reading will begin to understand that nothing can truly be hidden or “private” if it is connected to the internet in some form or fashion. To this extent, please operate with the understanding that if someone truly wants to, they can without your knowledge or consent:
HACK YOUR CELL PHONE
-All your pictures, videos, contacts and emails can be copied
-Your GPS can be turned on and tracked remotely without the phone indicating it is, in fact, on
-Your camera, video camera and audio can be turned on without the phone indicating it is, in fact, on
HACK YOUR LAPTOP
-Same as your phone, all your files, pictures… everything can be viewed and copied
-Your camera, video camera and audio can be turned on without the laptop indicating it is, in fact, on
-Your laptop and IP address can be remotely controlled without your knowledge to send malicious attacks, spam or to route activity discretely through your device from someone else
HACK YOUR SOCIAL MEDIA PROFILES
HACK YOUR EMAIL
If you doubt any of this, please reach out to me and join me at the next quarterly security consultants luncheon I host.
If you’re having a hard time wrapping your head around this, the easiest way to understand it is to view your digital security no differently than your physical security. All the gated fencing, armed guards and security cameras will not stop someone with enough money and acumen who truly wants to gain access or steal something on your property. If it’s YOU they’re after, even a security bunker wouldn’t stand a chance against some of the new “bunker buster” missiles on the market today. Point being, all the data that makes up your digital life and identity, including your passwords and bank accounts, regardless of the encryption technology you may be using, can be hacked without your knowledge and likely already has been hacked to some degree.
With the general public slowly becoming aware, it will be very interesting to see what they do and what Congress, the White House and our Judicial System will now do as well… if anything at all. Unfortunately, I have the suspicion NOTHING will change and our government will only become more transparent about the reality that it can look into anything and everything it wants, whenever it wants, without your consent “for National Security” reasons. Every country will eventually be forced into maintaining a similar stance and exposing their own public and private surveillance programs. Should these institutions catch someone other than themselves trying to hack into their own systems however, there will surely be hell to pay.
As much as I’d like to say to you, “welcome to the Brave New World”, the reality here is were dealing much more with the frog totally unaware that it’s been now near boiled alive trying to adapt to the environment around it.
So, for me, the real questions we should be all asking ourselves are:
What else are we unaware of within our current reality?
Do you care that your entire digital life can be hacked?
Who would want to view your entire digital life?
Will you jump out of the pot?
Is there anywhere to jump that is not also near boiling as well?
Nice post Sean, couldn’t agree more! Having been in IT my entire career it has always been clear to me that any and all data is obtainable by a person determined enough to get it. Just how it is, I personally never really cared much…reality is most people bitch about their privacy and then post their life on Facebook and other social media sites for the world to read. I always find it funny that many of the people the most up in arms about “big brother watching” are the ones that post every detail of their life on Facebook, etc., no one needs to hack your laptop or phone when they can just go read everything they need to know about you online. Most hackers aren’t looking to steal your collection of naked pics:)