Re: “Edward Snowden’s leaks are misguided – they risk exposing us to cyber-attacks”

I just saw the headline of an article at guardian.co.uk “Edward Snowden’s leaks are misguided – they risk exposing us to cyber-attacks”

I’m not a security expert but I’m also not a neophyte either when it comes to systems administration.

I would like to ask the question: What are cyber-attacks? What is meant, exactly, by “cyber-attack”?

I would like to posit that much of what stands for cyber-attacks is in fact a current, unfortunate, immature state of development of information technology which, in the not-too-distant future, may change radically from the present state.

For example, much of what constitutes cyber-attacks involves leveraging zombified computers running trojan software as botnets to attack targets. But one can envison there exising vastly improved technology infrastructure in the future in which this problem is solved. In the future there might not be botnets anymore because there will be ways to prevent them from occurring.

Another major problem which has raised alarm for years and years has been the fact that critical infrastructure has run versions of software and operating systems which were vulnerable and which were not provided with proper maintenance regimens involving software patching, updating, and testing.

It is almost a joke how there have been systems operating by defense departments and other agencies which have been able to be hacked by script kiddies who just downloaded some pre-packaged malware. Can such things seriously be considered cyber-attacks or should they better be considered as extremely inept administration?

Before we set up another bogeyman – in addition to the terrorist one that those in favor of cutting civil liberties love to decry – its important to dissect and deconstruct exactly what type of bogeyman is being talked about, what it means, and why it exists.

Sure, there are actual attacks that exist, but then there are always changes and improvements to technology and to management processes and infrastructure which can stay ahead.

I think its important to take personal responsibility for administration and development of infrastructure and think to the future.

Right now we have government agencies which are involved with eavesdropping on mass scales. But what if that infrastructure were leveraged in a positive way? Perhaps governments or non-profit organizations could be given remote control over end-user’s computer systems in order to prevent them being infected by things like trojans and malware.

Instead of the purpose of government being to infiltrate computers en masse imagine if its resources were used to protect computers en masse. Its a totally different vision and one which would require trust an honesty.

Instead of computers being infected by trojans and malware, imagine if people agreed to allow non-profit organizations with the interests of social welfare to be able to help manage personal computer systems for people with little administrative skill.

Basically things are the way they are because nobody thinks of them being a different, more positive way. But they can be many different ways if we are open to thinking about them and committed to making them reality.

Imagine, when setting up a new computer, the user being presented with a choice. They can check a box for the following:

“Allow my computer to participate in SafeNet.org for the sake of security”

What does participating in SafeNet do? It enables remote administration by the organization. Primarily, it:

1) Makes sure the system has the latest software/system updates
2) Has the ability to block traffic to malicious sites
3) Has the ability to detect and kill malicious processes

This sounds like what modern operating systems already offer. It would not be much different than what is currently offered, but more powerful. It would allow more backend control by SafeNet.org. Also it would have to be run by a highly trusted organization. Most people don’t trust companies like Microsoft and consider them in collusion with government agencies like the NSA, the MPAA/RIAA, or others and hence are reluctant to fully trust them. SafeNet.org would have to be totally impartial and independent, entrusted with one sole purpose only.