Who will secure the securers?

by Steve Blum • , , ,

The FBI is offering the best argument for not giving government agencies back door access to encrypted systems: those same government agencies can’t keep their own stuff locked down. According to a story on Motherboard, the FBI has put out a warning about another massive security breach

The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.

The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM.

The FBI is playing coy about its ability to unlock iPhones, although coy isn’t quiet. The agency has briefed some members of congress on the technique used to hack into a iPhone used by San Bernardino terrorists, but apparently won’t share that info with Apple, who would be interested in plugging the hole.

There’s a legitimate debate to be had regarding how much access government agencies – police or otherwise – should have to private information. But when it comes to building secure systems with strong encryption protections, there’s no middle ground. Either a system is as secure as humanly possible or it isn’t. The continuing hacks of government systems and leaks of secret data should be reason enough to come down on the side of engineering security for all and not chasing a mythical government-only back door.