Bruce Schneier tells me something I didn’t know about how those Chinese hackers managed to break into Google’s email system:
In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.
….Official misuses are bad enough, but it’s the unofficial uses that worry me more….China’s hackers subverted the access system Google put in place to comply with U.S. intercept orders. Why does anyone think criminals won’t be able to use the same system to steal bank account and credit card information, use it to launch other attacks or turn it into a massive spam-sending network? Why does anyone think that only authorized law enforcement can mine collected Internet data or eavesdrop on phone and IM conversations?
….In the aftermath of Google’s announcement, some members of Congress are reviving a bill banning U.S. tech companies from working with governments that digitally spy on their citizens. Presumably, those legislators don’t understand that their own government is on the list.
If you hide a spare key under a rock outside your house, you’d better make sure that no one else can find it. But what are the odds if that “someone” is a thousand smart, obsessed, Chinese hackers? Probably not as good as you’d like no matter how clever you think your hiding place is.
Oh, and this problem isn’t limited to Google. Read the whole piece for more.