Government spying tools will eventually leak to criminals

NSA data gathering facility in Bluffdale, Utah

Electronic spying tools used by the U.S. government could end up in the hands of organized criminals and hackers, further eroding Internet security, warned industry leaders who called for new restrictions and oversight of government activity.

“It is a big worry” that the methods will spread, said Andrew France, former deputy director of the UK’s NSA equivalent, GCHQ, and now chief executive of security startup Darktrace.

The government habit of purchasing information about undisclosed holes in software is also “really troublesome,” said former White House cyber security advisor Howard Schmidt. “There’s collateral damage.”

Both France and Schmidt spoke to Reuters at the annual RSA Conference, the world’s largest cyber security gathering, in San Francisco last week. RSA is the security division of electronic storage maker of EMC Corp.

Security researchers say that secret state tools tend to fall into the hands of mobsters and eventually lone hackers. That trend could worsen after former spy contractor Edward Snowden disclosed U.S. National Security Agency capabilities for breaking into Cisco Systems routers, Dell computer servers and all kinds of personal computers and smartphones, industry leaders and experts warned at the RSA conference and two smaller gatherings in San Francisco convened partly to discuss RSA’s government deals.

Both the United States and the security industry itself came under fire at the various assemblies.

Previously faulted mainly for their inability to stem the tide of attacks, security providers such as RSA have become front-line victims themselves. Hackers tied to China breached RSA in 2011 in order to falsify credentials used by employees at U.S. defense contractors…

Far worse was the revelation, by Reuters in December, that RSA had accepted a $10 million federal contract largely to promote the use of a flawed cryptographic formula developed by the National Security Agency.

Though experts publicly called the system suspicious in 2007, it remained the default in RSA’s widely distributed kit for securing software until documents leaked by Snowden last year suggested it had been planted by the NSA to provide the agency back-door access to a wide variety of computer programs. The Wall Street Journal confirmed the Reuters report a week ago…

Famed cryptographer Bruce Schneier, an outspoken opponent of mass surveillance, said Snowden had raised awareness on the extent of privacy invasions and showed that good encryption can force spy agencies to work harder and be more targeted in their investigations.

RTFA for details, disruption and disagreement. The beasts are starting to eat their own children. Unfortunately, that’s still not enough to keep them from snooping through the live of every citizen in the world they may access.