“Government hacking”的意思、由来-开放百科全书

The term hacking is used for actions taken by a group of people named as hackers. Hackers have extensive knowledge in the area of technology, specifically with electronic devices, programs, and computer networks. These people differ from crackers because use their knowledge for illegal and unethical purposes. Overall, crackers apply their skills to take advantage of vulnerabilities in software and systems. The hacking action consists of manipulating computer systems or electronic devices in order to remotely control the machine or have access to the data stored there.^[2]

Due to the innovation of new technologies, it was necessary to update the cryptographic algorithms. This need has raised the level of complexity of the new techniques created for encrypting the data of the individuals in order to guarantee security in the network. Because of the difficulty of deciphering the data, government agencies have begun to search for other options to conduct criminal investigations. One such option is the so-called government hacking.^[3]

As it is characterized by the use of government technology resources to actively obtain information on citizens' devices, some say that government agents could also manipulate device data or insert new.^[4] Besides the possibility of manipulating data from individuals, tools developed by the government could be used by criminals.^[5]

Hacking in government

In order to be able to conduct searches and remote access on a regular and larger scale, there are already attempts to change encryption by means of the law. If the weakening of encryption becomes real, technology will be less secure for everyone. This allows governments to infiltrate by performing actions such as copying, modifying, or deleting data during digital investigations.

Intergovernmental Cyberwar vs Government Hacking

While hacking is a set of actions that exploit the capabilities of electronic devices, cyberwarfare can be considered with a set of practices in defense of political, socio-environmental, socio-technological and cultural causes carried out in cybernetic networks, especially the Internet. An example of cyberwarfare is intergovernmental cyber warfare. This war is about the consciously defined and orderly action of one government to attack another government with a focus on the resources of the country and its systems and organizations. A likely intergovernmental cyberwar was held against Iran's nuclear power plants in 2010 .This attack was carried out by Stuxnet, which infects systems from a windows crash. Stuxnet has so far attacked only devices from Siemens.^[6]

Types of Government Hacking

Malware

This government hacking technique involves sending malware over the Internet to search computers remotely, usually for information that is transmitted or stored on anonymous target computers. Malware can have complete control over a computer's operating system, giving investigators enormous power. Due to the great autonomy that this virus can provide to those who generated and distributed it, the courts should not grant this type of power constantly and in any situation the authorities, as this may result in the uncontrolled distribution of the malware around the world, thus, thousands of compromised computers.^[7]

Stockpiling or exploiting vulnerabilities

In relation to security, the government can find the vulnerabilities and use them for investigative purposes. In the US government, a system vulnerability policy in general, known as the Vulnerability Action Process (VEP), was created. This policy allows the US government to decide whether or not to disclose information about security vulnerabilities. In addition, there is no requirement in VEP to inform technology vendors about their security breaches. The decision is taken but the discussion is not open to the public.^[8]

Promoting crypto backdoors

Because of the complexity of encryption, there are government attempts to unravel and defeat such security features to obtain the decrypt data. For this, there are encryption backdoors, which allow even the strongest encryption to be ignored.^[8]

Malicious hacking

The government can hack into computers remotely, whether authorized or not by a court. To meet needs, agents are able to copy, modify, delete, and create data. With inadequate oversight of the judicial system, this practice occurs stealthily through the creation of certain warrants. It is even possible to deny the sharing of malware details with defendants as part of a trial.

Harms of Government Hacking

From the moment the government allowed the use of the hacker for investigations and other reasons of state, positive or negative impact could happen. In relation to negative risks, the following dandies may occur:

Property Harms

Generally, hackers cause damage to devices or software and may limit its operability. The data on the devices involved in the attack can be permanently lost. Replacing devices and efforts to recover data can also be costly, increasing financial damage.

Reputational Harms

Hackers can also harm the image of a target, be it specific or the general public. The reputation of the individual is put at risk for a number of reasons, including the setting for which someone is innocent but there is the hypothesis that was the target of the attack. In most cases, the individual can not perceive that he is being attacked and risks being involved in improper security practices.

Digital Security Harms

As there is the possibility of government operations to create offensive resources on the internet with the aim of assisting in certain operations, this mitigates security in the digital environment. In addition to this scenario, many others are susceptible to vulnerability, both by black market and government actors, such as introducing viruses into software updates or even creating or maintaining hardware. The result is a decrease in the credibility of the internet for the user, which can affect communication and even the economy.^[2]

Government Hacking in Criminal Cases

Due to technological innovations, the US government has focused more on innovating research techniques. An example is the use of hackers and malware through software deployment. The great interest in this is to diversify the way of infiltrating and monitoring others, especially when the target is an irregular activity by the computer network, where the only possible investigation is the remote.^[9] The government calls this type of hacking operation a “Network Investigative Technique,” or NIT.

In recent years, the government has increasingly turned to hacking as an investigative technique. Since 2002, the US government, in particular the Federal Bureau of Investigation (FBI), has employed the use of malware as a tool to aid in virtual criminal investigations.^[10] At the beginning of the use of this virtual virus, the main research targets were individual computers. Over the years, the FBI has adopted a form of hacking that allows attacking millions of computers in a single operation, which is usually authorized by only a single judge of the magestrado.^[11] The use of this technique was encouraged by privacy technologies, which ensure that their users have their identity omitted as well as their activities. Installing the malware is precisely so that the government can identify its targets even if they use tools that hide the IP address, location or identity.

Nowadays, the most well-known and legitimate form of government hacking is the watering hole operation, which the government takes control of a criminal activity site and continues to operate it in order to distribute the virus to computer to access it. The malware can be installed through a link, in which the user clicks, or secretly, through access to a certain site. The user is not aware of the virtual virus infection on his machine because the malware partially controls it, only to search for identifying information and send it back to the source.

To perform this malware deployment, the FBI requires authorization and uses search warrants issued by magistrates in accordance with Rule 41 of the Federal Rules of Criminal Procedure. Numerous operations like this were done and thousands of computers across the country scanned remotely. According to one survey, one operation was responsible for affecting 8,000 computers in 120 different countries.^[12]

One case that demonstrated this new use of the technology by the government was when the FBI obtained access from a server located in North Carolina, which was being used to store photos and videos of child victims of sexual abuse and share through a website, which was accessed by thousands of users. Instead of shutting down the site's activities when it took over, the FBI opted to hold for two weeks to carry out a major harrier operation to create hundreds of criminal cases. Nonetheless, the FBI argues that this action was justified by the arrests of hundreds of alleged pedophiles.^[13]

In addition to this hacking campaign, it is likely that there will be another in the future and will not necessarily be in cases of child pornography distribution. This was just an example of the power of data access that can be done with the digital investigations of the United States government in partnership with the FBI.

Famous Cases of Government Hacking

NSA monitors the entire network

In June 2013, Edward Snowden, a former agent of the National Security Agency (NSA), announced the existence of a program, called PRISM, which monitors everything travels on the internet. Thus, the US can obtain information about the market, internal security and what other countries plan and do within their borders.

NSA monitors the Brazilian government

Still in this wave of news, it was discovered that in Brazil the Ministry of Mines and Energy, Petrobras, former president Dilma and its main advisers were investigated. The data obtained would have been shared between USA, Canada, England, Australia and New Zealand.

FinSpy in Ethiopia

The Ethiopian government was accused of using FinSpy software to obtain personal data from a naturalized American citizen Ethiopian. According to the report, Kidane, the pseudonym of the person, had data from Skype calls, internet searches and e-mails monitored by the software.

This case was strongly impacted by its implications for cyber surveillance within the US.

See also

References

1. ^{{cite web|url=http://cyberlaw.stanford.edu/publications/security-risks-government-hacking|title=SECURITY RISKS OF GOVERNMENT HACKING|date=September 5, 2018|access-date=October 30, 2018|last=Pfefferkorn|first=Riana}}
2. ^¹{{cite web|url=https://www.accessnow.org/cms/assets/uploads/2016/09/GovernmentHackingDoc.pdf|title=A HUMAN RIGHTS RESPONSE TO GOVERNMENT HACKING|access-date=30 November 2018|last=Stepanovich|first=Amie}}
3. ^{{cite web|url=http://cyberlaw.stanford.edu/our-work/projects/government-hacking|title=GOVERNMENT HACKING|access-date=30 October 2018}}
4. ^{{Cite web|url=https://www.eff.org/issues/government-hacking-digital-security|title=Government Hacking and Subversion of Digital Security|last=|first=|date=|website=|archive-url=|archive-date=|dead-url=|access-date=November 3, 2018}}
5. ^{{Cite web|url=https://www.cnbc.com/2017/05/15/wannacry-ransomware-cyberattack-nsa-government.html|title=Criminals could use CIA and NSA hacking toolkits for further cyberattacks, experts warn|last=|first=|date=|website=|archive-url=|archive-date=|dead-url=|access-date=November 30, 2018}}
6. ^{{Cite web|url=http://large.stanford.edu/courses/2015/ph241/holloway1/|title=Stuxnet Worm Attack on Iranian Nuclear Facilities|last=Holloway|first=Michael|date=July 16, 2015|website=|archive-url=|archive-date=|dead-url=|access-date=November 30, 2018}}
7. ^{{cite web|url=https://www.aclu.org/blog/privacy-technology/internet-privacy/challenging-government-hacking-whats-stake|title=Challenging Government Hacking: What’s at Stake|date=November 2, 2017|access-date=October 30, 2018|last=Granick|first=Jennifer}}
8. ^¹{{Cite news|url=https://www.eff.org/issues/government-hacking-digital-security|title=Government Hacking and Subversion of Digital Security|work=Electronic Frontier Foundation|access-date=2018-11-05}}
9. ^{{Cite web|url=https://www.aclu.org/report/challenging-government-hacking-criminal-cases|title=CHALLENGING GOVERNMENT HACKING IN CRIMINAL CASES|last=|first=|date=|website=|archive-url=|archive-date=|dead-url=|access-date=November 30, 2018}}
10. ^{{Cite web|url=https://www.wired.com/2014/08/operation-torpedo/|title=VISIT THE WRONG WEBSITE, AND THE FBI COULD END UP IN YOUR COMPUTER|last=|first=|date=|website=|archive-url=|archive-date=|dead-url=|access-date=November 30, 2018}}
11. ^{{Cite web|url=https://www.engadget.com/2016/01/07/fbi-hacked-the-dark-web-to-bust-1-500-pedophiles/|title=FBI hacked the Dark Web to bust 1,500 pedophiles|last=|first=|date=|website=|archive-url=|archive-date=|dead-url=|access-date=}}
12. ^{{Cite web|url=https://motherboard.vice.com/en_us/article/53d4n8/fbi-hacked-over-8000-computers-in-120-countries-based-on-one-warrant|title=The FBI Hacked Over 8,000 Computers In 120 Countries Based on One Warrant|last=|first=|date=|website=|archive-url=|archive-date=|dead-url=|access-date=November 30, 2018}}
13. ^{{Cite web|url=https://gizmodo.com/fbis-disturbing-hacking-powers-challenged-in-court-over-1794885187|title=FBI's Disturbing Hacking Powers Challenged in Court Over Child Pornography Case|last=|first=|date=|website=|archive-url=|archive-date=|dead-url=|access-date=November 30, 2018}}

Hacking definition in relation to government