Threat Level Thursday: NSA's Search Engine, Encryption, and Android's Weakness
Welcome to this week's Threat Level Thursday, where we'll see how the NSA shares its information with other law enforcement agencies, the power of encryption, how Android may be the bane of some Android apps, and the unnerving conviction of a former U.S. cybersecurity official.
The NSA's 'Google-like' Search Engine
More news from famed whistleblower Edward Snowden. Documents obtained by The Intercept show that the NSA has created a "Google-like" search engine to share information with law enforcement agencies. Dubbed ICREACH, the engine is built to share more 850 billion records containing phone calls, cellphone locations, emails, and Internet chats and is the first piece of solid evidence that the NSA has been sharing its intelligence with domestic law enforcement agencies. Information from ICREACH can be used to map out networks, predict future actions, and even uncover religious or political beliefs.
"The ICREACH team delivered the first-ever wholesale sharing of communications metadata within the U.S. Intelligence Community," noted a top-secret memo dated December 2007. "This team began over two years ago with a basic concept compelled by the IC's increasing need for communications metadata and NSA's ability to collect, process and store vast amounts of communications metadata related to worldwide intelligence targets."
A 2010 memo shows that 1,000 analysts at 23 U.S. government intelligent agencies have access to ICREACH. Documents reveal that the FBI, DEA, CIA, and the Defense Intelligence Agency are some of its biggest fans.
Encryption Is the Key
Cybersecurity is no joke now that a majority of Americans now have some form of sensitive information floating around the digital sphere. As lawmakers fumble in Washington to decide how many rights and protections individuals should have on the Web, Google executive chairman Eric Schmidt says that technology can solve what policy can't.
Speaking at a three-day workshop at Stanford, Schmidt told former Secretary of State Condoleezza Rice that encryption is what will ultimately thwart cyber criminals.
"Everything is going to have to be encrypted all the way," Schmidt said.
Schmidt did go further and offer hope, saying that completely unbeatable end-to-end encryption is possible "within our lifetime." Google's Gmail service and Yahoo's email service have both recently instated end-to-end encryption for messages.
Android Apps Vulnerable to Hackers
Researchers recently revealed that a number of high profile Android apps containing vital user data could be compromised by one piece of malware. Among those affected include Gmail and WebMD. This time, however, it isn't the apps' faults. In fact, the reason the apps are vulnerable is because they run within the same operating system.
"The assumption has always been that these apps can't interfere with each other easily," Zhiyun Qian, one of the research team's engineers, said in a statement. "We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user."
Some experts say the coding is too complex for this to become a widespread threat, but the engineers claim they could probably do the same to Apple's iOS and Microsoft's Windows operating systems.
Cybersecurity Director Convicted for Child Pornography
The former acting director of cybersecurity for the U.S. Department of Health and Human services was convicted Tuesday of "engaging in a child exploitation enterprise, conspiracy to advertise and distribute child pornography, and accessing a computer with intent to view child pornography in connection with his membership in a child pornography website."
Timothy DeFoggi became the sixth individual to be convicted as part of an ongoing investigation concerning three child pornography websites.
In a chilling statement, the U.S. Department of Justice says that DeFoggi "accessed child pornography, solicited child pornography from other members, and exchanged private messages with other members where he expressed an interest in the violent rape and murder of children."
Makes you wonder who's really protecting digital data out there.
For more stories like this, follow us on Twitter!