U.S. gov't spying enables Chinese gov't hacking into Chinese dissidents' Gmail accounts

According to technology security guru Bruce Schneier, writing on CNN.com:

Google made headlines when it went public with the fact that Chinese hackers had penetrated some of its services, such as Gmail, in a politically motivated attempt at intelligence gathering. The news here isn’t that Chinese hackers engage in these activities or that their attempts are technically sophisticated — we knew that already — it’s that the U.S. government inadvertently aided the hackers.

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access….

China’s hackers subverted the access system Google put in place to comply with U.S. intercept orders. Why does anyone think criminals won’t be able to use the same system to steal bank account and credit card information, use it to launch other attacks or turn it into a massive spam-sending network? Why does anyone think that only authorized law enforcement can mine collected Internet data or eavesdrop on phone and IM conversations?

These risks are not merely theoretical. After September 11, the NSA built a surveillance infrastructure to eavesdrop on telephone calls and e-mails within the U.S. Although procedural rules stated that only non-Americans and international phone calls were to be listened to, actual practice didn’t match those rules. NSA analysts collected more data than they were authorized to and used the system to spy on wives, girlfriends and notables such as President Clinton.

But that’s not the most serious misuse of a telecommunications surveillance infrastructure. In Greece, between June 2004 and March 2005, someone wiretapped more than 100 cell phones belonging to members of the Greek government: the prime minister and the ministers of defense, foreign affairs and justice.

Posted by James on Tuesday, January 26, 2010