Who let the cat out of the bag?

You want to know what I think about the recent security brouhaha at Google, Uber, Yahoo, Apple and Intel ?

I think it is the tip of the proverbial iceberg. Lurking below this tip, is a huge, ugly mass of security breaches, compromises, vulnerabilities, privacy infringements, multi-million dollar litigation suits and cover-ups in the tech industry waiting to be revealed. This is the stuff of movies that will light up the next Sundance Film Festival.

How did this all began? If you were friends with some of tech execs at these firms, over some drinks you could hear the unanimous reply of “Someone snitched on us!”

Snitching (otherwise known as — uncovering of conspiracies and scandals) is a relative term. One man’s snitch is another man’s hack, or yet another man’s version of sticking it to the man.

Take Uber for example. Under Travis Kalanick’s watch, the firm payed hush money to hackers in order to hide Uber’s dirty secret of losing 57 million user accounts to a single cybersecurity breach.

Hiding an incident this big, from the eyes of clients, shareholders and even employees, that can only further implicate the company. So what was Travis, who left the company unceremoniously in June 2017, thinking of? Clearly, he was making a very bad decision to cover-up this client data compromise. It also reeks of bad ethical practices.

Anyone who had doubts about the management style at Uber before, should have easily made their conclusions after this revelation of a cover-up. Travis’ successor Dara Khosrowshahi, will clearly have his hands full, preparing the ramparts for the impending litigation hordes spurred on this scandal.

Well now, don’t just blame the hackers. If you want to embark on a discussion on ethics, it must involve not just the culprits of the security breach (which includes datacenter, application development and IT managerial staffers at the organizational entity that was hacked), but also the decision-makers that chose to protect their own short term gains (“Say Travis, how much was Uber stock before the disclosure of the hacking cover-up?”) over the long term interests of other people that matter — the company’s clients, shareholders and employees.

Back to the imaginary executive conversation over snitching. Google can accuse Oracle, for committing the dirty deed of spilling the beans, for all they want, but that does not get them (Google) off the hook for being sneaky and having access to the location data of their users of their Android operating system.

Being unethical in infringing the rights of one’s own fan club and client base- versus being unethical in uncovering the act of infringement by one’s competitor. Which is the bigger evil? I will let you decide.

Here is another trick in the field of hackcraft (or hacked-craft rather). When all else fails, pretend it didn’t happen. That was Yahoo’s card trick, and it worked well, until both the US Department of Justice and the FBI finally concluded that there was indeed a security breach at Yahoo. Sticking one’s head in the sand like an ostrich isn’t going to make a major security incident (of having 3 billion email accounts compromised) go away for long. Not a good parlor trick, I am afraid.

The Apple really doesn’t fall far from the tree either. Despite its track record of great product quality, Apple caused an uproar with its initial release of the MacOS High Sierra, which contained an unforgivable sin — leaving open a backdoor, that allowed a potential intruder to gain access to a computer running MacOS High Sierra as a root user (the most powerful user account) without even the use of a password. What was Apple up to, pandering to the hacking community with this tasty morsel of a software vulnerability? To top it all off, the subsequent fix Apple released that aimed to solve the vulnerability issue, well quite frankly didn’t work as it should. Uproar upon uproar.

To top all off, Intel disclosed, on its own accord, that several of its chipsets containing certain versions of its Management Engine software, could be compromised by hackers. This is particularly inconvenient for the computer hardware industry as these chipsets have percolated throughout the market, thanks to years of strong Intel-based PC sales. A long list of these chipsets are available for your gawking pleasure.

Not exactly a stellar performance by the tech industry’s top players during this season of discontent. There must be something to be said for these firms in taking both clients’ and shareholders’ interests for granted, despite claiming to treasure these interests more than anything else in the world (apart from the huge pay checks of their tech execs). Honestly, a good dose of reality check, like shining the spotlight on security loopholes in popular technology products and services, helps to keep these tech execs on their toes, as their critics’ fix them within their cross-hairs.

Editors Note: Put a WEBGAP between you and the malware with a browser isolation technology or by leveraging a remote browser service.