Reuters/William GularteJohn McAfee, U.S. anti-virus software guru, addresses a news conference outside the Supreme Court of Justice in Guatemala City.
Deng Xiaoping, in 1979 - his second year as supreme leader of China - perceived a fundamental truth that has yet to be fully grasped by most Western leaders: Software, if properly weaponized, could be far more destructive than any nuclear arsenal.
Under Deng’s leadership, China began one of the most ambitious and sophisticated meta- software development programs ever undertaken.
And what is meta-software? It's the one science that the entire Western World has entirely overlooked. It is a high level set of principles for developing software that are imperative if a nation is to survive in a cyberwar.
For example, programmers must constantly be audited. Every line of code written by every programmer is audited by two senior programmers, and these auditors are rotated each month and the same two are never paired more than once. You will see very clearly, later in this article, why such a principle is vital to a society’s survival.
Another principal is that back doors into software can never, under any circumstances, be allowed. Under Deng Xiaoping, the penalty for back doors, and for violating any of the meta- software principles, was death.
I will give an example of what happens in the real world when back doors are put into software. On December 17th of last year, Juniper Networks - a major provider of secure network systems, who's customers include nearly every US government agency, announced that it had discovered two “unauthorized” back doors in its systems.
For those of my readers who do not understand how back doors are created - they can only be created by the manufacturers of the software. There is, absolutely, no other way.
So, the company had to have a rogue employee in the software development department. This much is clear.
It will also be clear, if you continue reading, who placed the rogue employee within Juniper Networks and why.
First, a little background: Juniper Networks has operations in more than 100 countries. Around 50% of its revenue is from the United States, 30% are from EMEA and 20% are from Asia. Over half of Juniper’s customers are in parts of the world in which the NSA has extreme interest.
Thomson ReutersA woman walks past a banner with the logo of Juniper Networks Inc. covering the facade of the New York Stock Exchange
Now, a legitimate TOP-SECRET document. Released by Anonymous and dated February 2011 reveals that the British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks.
I hope we all understand now what “acquired the capability” means. The NSA planted a programmer within Jupiter Networks. The was no other way to “acquire" this capability.
Nothing new in this. Black hat hackers have been planting themselves in target agencies for years. It was just such a plant that brought down Ashley Madison last year. So it's no surprise that the NSA uses this technique as well.
Of interest here is that Juniper announced that two back back doors were discovered in its system. One of the back doors was code verifiable written by the NSA prior to 2011.
But what makes the Juniper backdoor even more interesting and notable is the fact that it appears to be based on another backdoor the NSA allegedly created years ago in the Dual_EC algorithm for its own secret use.
So, in 2011 he NSA surreptitiously got their back door into a powerful piece of security software used by many enemies of the US. They could now monitor these enemies easily.
The Internet underground knew of these back doors within weeks of their release, and so did the Chinese, and so did the Russians. An so did every hacker on the planet. Monitoring changes within major software systems is the simplest if all things. Every hacker toolkit contains a compare program that will outline all changes made to a piece of software by the manufacturer. Disassembly tools tell the hacker what each change does.
REUTERS/Steve MarcusAttendees listen to a keynote address by Dan Greer, chief information security officer for In-Q-Tel, during the Black Hat USA 2014 hacker conference at the Mandalay Bay Convention Center in Las Vegas, Nevada August 6, 2014.
So, while the NSA was monitoring our perceived Middle Eastern enemies, the Chinese and Russians, and god knows who else, were making off with every important secret in the US, courtesy of the NSA’s back door. The NSA failed to notice that 50% of Jupiter Network users were American, and the majority of those were within the US Government.
Last year alone, the Defense Department was hacked. Using the NSA’s back door the Chinese walked off with 5.6 million fingerprints of critical personnel. The same back door was used to hack the Treasury Department on May 27th of last year in which millions of tax returns were stolen. And again, our most devastating hack as a nation was the Office of Personnel Management hack, in which 22 million sensitive files were stolen. The Chinese gained access through the Defense Department’s Juniper Systems and then using inter-operability with the Personnel Office, took what they wanted. Again, courtesy if the NSA’s back door.
Whatever gains the NSA has made through the use of their back door, it cannot possibly counterbalance the harm done to our nation by everyone else’s use of that same back door.
Now, consider this: if Juniper Networks had the foresight to follow the same procedures that the Chinese have been using for 35 years, none of this could have happened. The programmer planted within Juniper by the NSA would have been audited by two senior coders. They each would have read the code and immediately recognized the back door. Management would be notified and the employee charged with a felony, where he would undoubtedly had snitched on the NSA. The NSA could not possibly have engaged the assistance of the auditors because they would be randomly rotated.
Clever, these Chinese
The moral is this: we are at the very least, 20 years behind the Chinese, and by association with the Chinese and by copying them, the Russians as well.
We have to get our act together, and soon. We can no longer act like children in a playground playing with real guns. We have to grow up. Our technology has outgrown us, because we have failed to grasp it's subtle implications.