We assume that governments have legitimate reasons for getting access to personal data, like controlling crime, fighting terrorism and regulating borders. We also assume that citizens have a right to expect privacy in their personal data and, thus, policy-makers should seek to satisfy both, law enforcement and privacy concerns, without unduly burdening one or the other. However, most of the time, governments are ready to compromise privacy and security of not only citizens but also corporates and, sometimes, other governments as well. What is worrisome is the increased use of hardware breaches for such activities sponsored by the government.
In a recent stunning investigation, French newspaper
Le Monde (
https://goo.gl/R5YUs9) exposed how China gained uninterrupted access to all confidential information from computer networks of the African Union. ‘The African Union’s shiny new headquarters was built and paid for by the Chinese government, as a gift to its ‘African friends’. But when the building was officially opened in 2012, China left a backdoor into the African Union’s computer network, allowing it to access the institution’s secrets at will,’ the report says. A backdoor is a method, often secret, of bypassing normal authentication or encryption for remotely accessing a computer system, a product, or an embedded device.
Technicians working in the African Union noticed a strange peak in data usage, between midnight and 2am, when the entire building was almost empty. When they traced it further, they found all their data was sent to servers in Shanghai. “According to several sources within the institution, all sensitive content could be spied on by China,” wrote Le Monde. “It’s a spectacular leak of data, spread from January 2012 to January 2017.”
Following the exposé, the African Union bought and installed its own servers and started encrypting all communication. With the help of experts from Algeria and Ethiopia, they searched every nook and corner of the building for possible hidden devices and patched all other weakness in their systems.
A few years ago, even in India, mobile service-providers raised concerns over sourcing critical equipments from Chinese vendors. But such voices were suppressed either through warning or financial aid provided by the vendors. Given that the Chinese government has cyber-war as its high-priority strategy, and given that it gives millions of dollars in aid and subsidy to domestic vendors, there is every reason for buyers to be suspicious of these products. Add to this, we are complacent by nature. Most users are reluctant to change default passwords of their home router, Wi-Fi and mobile devices. And this includes businesses as well.
There are some basic precautions we can take to keep ourselves safe and secure in the ever-dangerous cyber-world. Always think of all software as Swiss cheese—full of holes. And makers release patches just to cover the exposed holes in the codes. But such patches are essential. So, update all software and apps that you use and do it regularly. Better keep updates on auto mode. Every few weeks or month, review software and apps installed and delete those you have not used in a while or which are not being updated by their makers. No point in clinging to such outdated piece of code on your devices.
Create and use robust, long and unique passwords through pass-phrases. If you are not comfortable with this, take help from a password manager. There are several open source password managers (like Password Safe, KeePass or LastPass) that can generate good-quality passwords without the need for you to keep remembering them. Restrain from leaking, or sharing, personal information in the public domain and, if at all it is a must, then share information only on a ‘need to know’ basis with anyone—be it the government or any private entity.
