Businesses and governments worldwide seek to evade NSA spying

Businesses and governments worldwide seek to evade NSA spying

Private telecom providers, businesses and governments are increasingly compelled to move or reinforce web operations following disclosures of the NSA’s mass internet surveillance programs made by whistleblower Edward Snowden.

Brazil is set to vote on the creation of a cyber-security system to thwart  National Security Agency espionage of Brazilian government  systems. US surveillance led by the NSA had infiltrated the  highest levels of Brazil’s administration.

The largest telecom provider in Germany, the formerly-state-run  Deutsche Telekom, is seeking to keep their service in-country, out of the  reach of foreign spying.

But much smaller internet companies are also feeling the need,  based on customer demand and common sense, to move their servers  out of the reach of the NSA and the United States’ partners in  global surveillance, Australia, Canada, New Zealand and the UK –   the “Five Eyes.”

Encrypted-communications provider Unseen, for instance, has  recently moved its servers and bank accounts from the US to  Iceland, based on the NSA’s vast reach and the Nordic country’s  commitment to privacy rights.

Want to Evade NSA Spying? Don’t Connect to the Internet

Want to Evade NSA Spying? Don’t Connect to the Internet

Since I started working with Snowden’s documents, I have been using a number of tools to try to stay secure from the NSA. The advice I shared included using Tor, preferring certain cryptography over others, and using public-domain encryption wherever possible.

I also recommended using an air gap, which physically isolates a computer or local network of computers from the internet. (The name comes from the literal gap of air between the computer and the internet; the word predates wireless networks.)

But this is more complicated than it sounds, and requires explanation.

Since we know that computers connected to the internet are vulnerable to outside hacking, an air gap should protect against those attacks. There are a lot of systems that use — or should use — air gaps: classified military networks, nuclear power plant controls, medical equipment, avionics, and so on.

Osama Bin Laden used one. I hope human rights organizations in repressive countries are doing the same.

Air gaps might be conceptually simple, but they’re hard to maintain in practice. The truth is that nobody wants a computer that never receives files from the internet and never sends files out into the internet. What they want is a computer that’s not directly connected to the internet, albeit with some secure way of moving files on and off.

But every time a file moves back or forth, there’s the potential for attack.

And air gaps have been breached. Stuxnet was a U.S. and Israeli military-grade piece of malware that attacked the Natanz nuclear plant in Iran. It successfully jumped the air gap and penetrated the Natanz network. Another piece of malware named agent.btz, probably Chinese in origin, successfully jumped the air gap protecting U.S. military networks.