In over a decade since the war on terror started, the use of digital surveillance has exploded, not only in the U.S., but around the world. As malware has seeped into the foundation of national security, surveillance technology has moved further into the private sector.
Marketplace Tech host, Ben Johnson, talked with Christopher Soghoian, principal technologist at the American Civil Liberties Union, about the current state of digital surveillance after a major hacking firm was hacked.
Click the media player above to hear host Ben Johnson in conversation with Christopher Soghoian.
Hacking Team is a boutique Italian surveillance technology firm, serving up made-to-order malware solutions for any supported or “not officially supported” regime.
On Sunday, a hacker infiltrated the company’s network and published a huge trove of its documents to the tune of 400 GB. Speaking on the extent of the hack, Christopher Soghoian says, “this Hacking Team breach is really just everything. It’s the source code for the malware, for the surveillance software, it’s all the company’s internal emails, it’s all their invoices, it’s even their expense reports for their international travel. Everything is there.”
While government agencies like the FBI and the NSA likely use custom surveillance software for high value targets, Soghoian points to low cost software as a market in which private companies like Hacking Team profit: “Surveillance companies are providing lower cost, cheaper surveillance software to governments with lower budgets. So, what we’re seeing is the governments with a few hundred thousand dollars can buy this software.”
While the low costs enable certain countries to bulk up on malware for cheap, Soghoian believes it may hit closer to home: “What [it] means for Americans is that this technology, if it has not already, will very soon be trickling down to local and state law enforcement agencies. I would not be surprised to learn at all if local and state law enforcement agencies had also purchased this technology from Hacking Team”.
In addition to some of the weaker passwords revealed in the hack, dismantling the hacker’s house with the hacker’s tools has revealed a disconnect between private interests and governmental regulation. Soghoian says the difficulty of regulating malware is because technology isn’t a weapon, as Hacking Team argues. However, he maintains this breach may change the conversation: “I expect that once these documents are made public, I imagine that the U.N. and other governments might take a different view of what hacking team’s software does and what how existing arms control rules might apply to it.”
Whether or not Hacking Team can recover from this hack remains to be seen. But if there’s one thing to remember, it’s don’t make your password: Pas$wOrd!