Google’s Back Door

Bruce Schneier tells me something I didn’t know about how those Chinese hackers managed to break into Google’s email system:

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

….Official misuses are bad enough, but it’s the unofficial uses that worry me more….China’s hackers subverted the access system Google put in place to comply with U.S. intercept orders. Why does anyone think criminals won’t be able to use the same system to steal bank account and credit card information, use it to launch other attacks or turn it into a massive spam-sending network? Why does anyone think that only authorized law enforcement can mine collected Internet data or eavesdrop on phone and IM conversations?

….In the aftermath of Google’s announcement, some members of Congress are reviving a bill banning U.S. tech companies from working with governments that digitally spy on their citizens. Presumably, those legislators don’t understand that their own government is on the list.

If you hide a spare key under a rock outside your house, you’d better make sure that no one else can find it. But what are the odds if that “someone” is a thousand smart, obsessed, Chinese hackers? Probably not as good as you’d like no matter how clever you think your hiding place is.

Oh, and this problem isn’t limited to Google. Read the whole piece for more.

Fact:

Mother Jones was founded as a nonprofit in 1976 because we knew corporations and the wealthy wouldn’t fund the type of hard-hitting journalism we set out to do.

Today, reader support makes up about two-thirds of our budget, allows us to dig deep on stories that matter, and lets us keep our reporting free for everyone. If you value what you get from Mother Jones, please join us with a tax-deductible donation so we can keep on doing the type of journalism that 2018 demands.

Donate Now