Feeds

Furious Google techie on NSA snooping: 'F*CK THESE GUYS'

'Laws are for the little people' groans saddened securo-bod

Providing a secure and efficient Helpdesk

Eric Schmidt's indignation over the NSA's reported spying on links between Google's data centres pales in comparison to the righteous indignation of his engineers.

The latest leaks from whistleblower Edward Snowden provide evidence that Google and Yahoo! data centre interconnects were being tapped by the NSA's spies, as part of a program code-named MUSCULAR.

Both Yahoo! and Google are knowing participants in the NSA's even more notorious PRISM web surveillance dragnet program.

But PRISM apparently wasn't enough for the signals intelligence agency, hence its decision to use MUSCULAR to covertly hoover up any of the bits it might have missed by tapping into fibre-optic links leased or run by Google (and others) between its data centres.

All this is in addition to GCHQ's Tempora program for wholesale collection of traffic through transatlantic fibre-optic cables and Bullrun – the bete noire of security professionals – which is the NSA's effort to work with hardware and software technology vendors to weaken encryption standards and their underlying components.

Google's executive chairman branded the NSA's surveillance of its data centre as "outrageous" in an interview with the Wall Street Journal, while Google engineer Mike Hearn and Brandon Downey have gone further - much, much further - in lambasting the NSA and GCHQ for their snoopy ways.

Downey, after saying that he was speaking in a personal capacity, took to Google Plus to say"fuck these guys" in a splendid rant comparing the NSA to the lesser denizens of Mordor.

I've spent the last ten years of my life trying to keep Google's users safe and secure from the many diverse threats Google faces.

I've seen armies of machines DOS-ing Google. I've seen worms DOS'ing Google to find vulnerabilities in other people's software. I've seen criminal gangs figure out malware. I've seen spyware masquerading as toolbars so thick it breaks computers because it interferes with the other spyware.

I've even seen oppressive governments use state sponsored hacking to target dissidents.

But after spending all that time helping in my tiny way to protect Google - one of the greatest things to arise from the internet - seeing this, well, it's just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.

The US has to be better than this; but I guess in the interim, that security job is looking a lot more like a Sisyphus thing than ever.

Hearn, a British colleague of Downey's who worked on anti-hacking systems for Google for two years and is based in Switzerland, backed his colleague's "fuck you, NSA" message in a similar (equally angry but perhaps less mythologically inclined) rant, also posted on Google Plus:

I now join him in issuing a giant Fuck You to the people who made these slides. I am not American, I am a Brit, but it's no different - GCHQ turns out to be even worse than the NSA.

We designed this system to keep criminals out . There's no ambiguity here. The warrant system with skeptical judges, paths for appeal, and rules of evidence was built from centuries of hard won experience. When it works, it represents as good a balance as we've got between the need to restrain the state and the need to keep crime in check. Bypassing that system is illegal for a good reason .

Unfortunately we live in a world where all too often, laws are for the little people. Nobody at GCHQ or the NSA will ever stand before a judge and answer for this industrial-scale subversion of the judicial process. In the absence of working law enforcement, we therefore do what internet engineers have always done - build more secure software. The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined.

Thank you Edward Snowden. For me personally, this is the most interesting revelation all summer.

MUSCULAR was possible because Google wasn't encrypting traffic on dedicated leased lines running between its data centres. It's easy to be wise in hindsight, but this looks like a serious shortcoming.

The Operation Aurora cyber-espionage attacks against Google and other hi-tech firms back in 2009, and blamed on China, ought to have acted as a wake-up call prompting the Chocolate Factory to improve its security. Improvements were undoubtedly made but they obviously weren't comprehensive enough.

Security experts have welcomed Hearn and Downey's impassioned diatribes against the NSA. "If only Google's legal team were as angry as Google's security engineers," said Christopher Soghoian, principal technologist and senior policy analyst at the American Civil Liberties Union in an update to his personal Twitter account. ®

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.