The NSA likely forged Google security certificates.
Brazilian site Fantastico obtained and published a document leaked by Edward Snowden, which diagrams how a “man in the middle attack” involving Google was apparently carried out.
A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords.
It might be possible to perform an “evil-grade” (malicious software upgrade) in this context as well, though I don’t know if the NSA did that, nor do I have any details of Google’s auto-update process. The point is that many bad things can happen in the case of certificate forgery, including MITM (man in the middle) attacks.
And even if official policy frowns on evil-grades, I don’t trust the NSA staff–how many of them, after all, would be willing to abuse their powers and bend the rules, installing rogue software even if not officially sanctioned or even without good reason? I don’t have an answer to that.
As Andrew Cunningham reported today, Intel and Google are announcing an upcoming onslaught of new Google Chromebooks based on Intel’s Haswell architecture processors. The idea of a cloud-tethered notebook that can keep its owner connected over Wi-Fi and broadband all day long … is going to be awfully appealing to many.
And without a doubt, no one will be happier than the National Security Agency (NSA) and law enforcement. While Google’s cloud computing has provided a platform for the company to grab a big chunk of the low-cost notebook market and upend Microsoft’s Windows applecart, the recent NSA leaks by Edward Snowden have put the cloud under… a cloud.
I agree. I hadn’t planned on buying a Chromebook, but now I will certainly avoid doing so, nor will I recommend it to anyone else, for both privacy and security reasons.