Go to the profile of brian masson
brian masson
Infosec for everyone. The advancement and adoption of technology means that information security is a must for everyone.

Doomsday edition

Looking back at 2015 to see what 2016 may hold.

Unlike the miracles of science ushering in a new age of the betterment of mankind, in the world of security, shit got scary.

I thought I’d have a little fun with this one, so let’s start with the appropriate theme music:

Unintentionally relevant, the above embedded video is showing as violating my do not track browser setting. Good for you Medium. Here’s a direct link: It’s the end of the world as we know it.

Now, on to the good stuff.

Let’s start with what was described as “The most disturbing tech story of 2015”:

“By 2020, everyone in China will be enrolled in a vast national database that compiles fiscal and government information, including minor traffic violations, and distills it into a single number ranking each citizen.”
“new system will reward those who report acts of breach of trust.”

*shudder* Not cool China… Not cool.

But wait! It isn’t just China being shady as f — -. 
Looks like the UK has been compiling a giant database of its citizens’ private lives since 2000.

Why this matters: Because, privacy. Will this information only be used for the purposes disclosed? Were these purposes disclosed prior to information collection? Is this system hack-proof, ensuring the data never gets into the hands of those that might abuse it?

Hell no, on all accounts.

What can we do? Not much. Wait it out, see how our own governments move on issues like these.

What can help? Encryption! Of course, this comes with a catch.

It’s not a new debate, but it’s definitely heated — should governments and law enforcement have the ability to decrypt and read everything?

On one side — If there’s no backdoor, terrorists and criminals can hide their communications. *cough* BS *cough*

On the other side — if the government has a backdoor, someone else will find and use it.

It’s not like NSA spying would ever impact normal honest citizens right?

http://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/

http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html

As the above articles describe, a hacker or group of hackers noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional.
They piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. 
The end result was a period in which someone —possibly a foreign government — was able to decrypt Juniper traffic in the US and around the world.

Why do I care about some berries? Juniper is actually a network security company. They’re relied on for the protection of many (many, many, many) websites and online services. This is akin to someone saying “McAfee was used to distribute viruses”.

What if I told you that hackers weren’t restricted to the virtual world, but were in fact able to affect change here. In the real.

A while back, hackers targeted an Iranian nuclear facility (the Stuxnet worm). Cool bits? This is the first documented physical damage caused by hackers.

Tinfoily hat bits? Fingers pointed at US agencies as the source. Don’t want enriched uranium in the hands of Iran? Destroy the centrifuge.

This is old news, but it’s interesting because…

It turns out Iran has hacked into a US dam. This happened back in 2013, but was just recently reported.
Maybe they ARE out to get us… “About 12 times in the last decade hackers have won high-level access to power networks” … “One extensive campaign gave hackers access to 82 separate plants spread across the US and Canada”.

Governments talking about encryption. Compute power growing faster than ever before. Tinfoil hats becoming actual products (I have no affiliation) to protect your mind.

These are very interesting times! Is privacy over or will it take a leap forward? We can really only wait and see. But it never hurts to speak out. Write, tweet, or choose your soapbox, and let people know you want encryption and value your privacy. … and now you’re on a list :)

What I see happening in 2016: Encryption continues to advance and gain roots in the home, for average users. Things like letsencrypt and Tor will help move us toward a more secure online life.

My crackpot theory: In all the places people value privacy the most, you’ll see a rapid legalization of marijuana and a cultural shift towards indifference. Privacy will erode and we will welcome the governments into our homes with open arms as the only protection against those other nation-state actors.