Surveillance and servility: is the AV industry a puppet of statecraft?

2013-12-02

Samir Mody

K7 Computing, India
Editor: Helen Martin

Abstract

‘Surveillance has been an instrument of statecraft for millennia.' Samir Mody, K7 Computing


Table of contents

(The views expressed herein are the author’s own. They do not reflect the policies or opinions of the author’s current employer or any other party.)

In a paper I submitted for the 2011 AVAR conference I stated the following: ‘There can be little doubt that the military and intelligence establishments of various nations have wings dedicated to cyber warfare ... Given the enormous resources involved and the high-profile, targeted nature of cyber attacks, it is difficult to predict the security responses of commercial anti-virus companies and the general public at large. It is likely that standard civilian bodies would largely be bystanders in these events.’ [1]

My opinion, forged on the anvil of revelations surrounding Stuxnet, Flame, Duqu and their ilk, has not changed over the past couple of years, notwithstanding an article [2] which landed in my inbox recently. The article refers to an open letter to the AV industry, which seeks clarification on the possible tacit collusion of the industry within the ambit of global statecraft, whether ratified in a partisan manner or not. I agree with Kurt Wismer, who points out that resourceful intelligence agencies ought to be at least as proficient as the common, albeit professional, cybercriminal in routinely bypassing modern security software, thus obviating the need to recruit AV industry partners. No strings being pulled here.

What about the concept of surveillance in the era of cyber warriorism? Surveillance has been an instrument of statecraft for millennia. 2,300 years ago, in his magnum opus Arthashastra, the Indian philosopher and statesman Kautilya described and, in fact, prescribed spying as an essential aspect of government policy in maintaining the security of the realm. In a democracy, it is the extent to and premise on which the denuded citizen is subjected to government voyeurism that raises concerns and generates heated debate.

Interestingly, survey findings revealed during Andrew Lee’s keynote address at this year’s VB Conference [3] suggest that a majority of the US public would support, or at any rate be indifferent to government surveillance if it were done in a transparent manner for the public good. The respondents’ views must reflect their threat perception and trust in governance at any given point in time. Therefore, the geographical location of the respondent, influenced by the narratives of history, is very important.

Let’s look at a brief case study. In August 2012, a mass exodus of Indian citizens of north-eastern origin (from various other parts of the country) was orchestrated via crude but effective misinformation propaganda, involving doctored visuals and threatening messages disseminated via various forms of social media. The context of ethnic skirmishes immediately preceding these events meant that the attack was sufficiently potent to effect a mass movement of people who believed themselves to be vulnerable. It took several days for the former status quo to prevail, providing a stark demonstration of the threat potential inherent in social networking. Perhaps a timely intervention by a vigilant agency could have nipped this attack in the bud. Indeed, in the context of national security, section 69(1 and A1) of the Indian IT Act authorizes designated government agencies to ‘intercept, monitor, decrypt…’ and ‘block for access…’ any computer-related data. If nothing else, at least the intent has been communicated transparently in the public domain. (Certain intrusive activities require a court warrant.) Nevertheless, concerns about the security of the collected data and its potential abuse are justified. (IT-related legislation across many democracies probably contains similar provisions in relation to national security.)

The Act, perforce, makes no mention of clandestine monitoring activity, or the need for private entities to enter into an insidious partnership with intelligence agencies. Let us not be naïve, however. Should these agencies wish to snoop, they don’t require the cooperation of AV vendors.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.