Snowden, the latest film directed by renowned American filmmaker Oliver Stone, should serve as a wake-up call to all internet users about the need for privacy and security solutions.
Actor Joseph Gordon-Levitt plays former intelligence contractor Edward Snowden, the man whose daring disclosure of top secret documents revealed the massive espionage and surveillance work of the United States National Security Agency (NSA).
In the years that have followed Snowden’s leak and his exile in Russia, the revelations about NSA operations and the extensive hacking by this shadowy government apparatus have angered politicians, security analysts and common citizens around the world. The egregious snooping and invasion of privacy carried out by the NSA have also prompted the information technology sector to increase development of security tools for business an personal use.
Prior to the Snowden affair, the average internet user did not know about virtual private networking. The use of VPNs was mostly associated with BitTorrent, file sharing, unblocking content on streaming sites, and connecting to remote computers for business purposes. The security and privacy provided by VPNs was not something that the median internet user was overly concerned with.
In the post-Snowden era, Americans have become aware that there is a dark side to their government; this awareness extends to the realization that anyone can be targeted online. By means of very sophisticated hacking on a monumental scale, the NSA seeks to monitor all internet users. To understand the importance of using VPNs these days, it helps to review some of the technological abuses committed by the NSA.
Breaking Through Firewalls
Tech giant Cisco is a respected provider of enterprise security solutions such as hardware firewalls. Documents leaked in the Snowden affair indicate that the NSA targeted PIX, a line of Cisco firewalls manufactured until 2009.
Security analysts who reviewed NSA documents found a sophisticated attack that extracted the encryption keys of PIX firewalls. This hack not only allowed the NSA to snoop on VPN traffic but also to create fake remote workers. Thousands of PIX firewalls are used by government entities and private companies in the U.S., Russia and Australia. Cisco confirmed the vulnerability and the malicious code was released by Shadow Brokers, Russian hacking outfit believed to be working for the Kremlin.
Disrupting Operating Systems
The Shadow Brokers group also released evidence of an attack on ScreenOS, a proprietary operating system used by Juniper, a networking giant similar to Cisco. Juniper acknowledged that the attack, which is believed to have been conducted at the behest of the NSA, targeted boot loader routines in some of the company’s hardware firewalls and routers.
Juniper believes that the attack attempted to intercept VPN traffic through a backdoor, consistent with the NSA’s FEEDTHROUGH program of massive espionage.
Targeting VPNs and Proxy Networks
The Snowden affair made it clear that the NSA is particularly interested in what they may consider to be difficult targets. These targets include internet proxies and VPNs. The apparent NSA rationale is that if people are using these privacy and security tools, they must have something to hide.
The NSA seems to be eager to accept the challenge presented by VPNs. The scary NSA program called PRISM, which was first revealed by British newspaper The Guardian, seeks to conduct blanket surveillance of popular internet services such as Facebook, Google, Skype, YouTube, and others.
Unsecured connections are essentially begging to be intercepted by the NSA. VPN connections, on the other hand, are a challenge that the NSA has shown its willingness to surmount. The two previously mentioned hacking operations against Cisco and Juniper devices are specific examples of the NSA zeal; further attempts involving hardware hacks that directly tap into servers have also been detected.
In other words, whenever the NSA ran into VPN connections, their operatives attempted to physically plant hacks and devices at the server level. This is known through the Snowden affair, and tech companies are now paying close attention.
The Snowden Affair Enters Popular Culture
The film directed by Oliver Stone is only the latest reminder of the need for VPN connections and other security measures. Prior to this movie, the excellent documentary Citizen Four provided a factual account of the Snowden affair; television shows such as CSI Cyber and Mr. Robot as well as StartUp, which is streamed online by the Crackle platform, also remind viewers that internet security is critical these days.
What is important to remember is that Edward Snowden has strongly advocated the use of security tools, including VPNs. While it is true that the NSA would love to crack and intercept VPN connections, their operatives would have to somehow breach their servers. They would have to intercept hardware or else use undercover operatives as part of an insider attack; while this is certainly plausible, the post-Snowden awareness has made VPN providers more alert.
VPN providers are now aware of what the NSA is capable of, and they are tightening their own physical security to keep their clients safe. As long as VPN providers are able to fend off NSA attacks, their customers can feel safe.