05.11.2024 09:13:00
Дата публикации
TechCrunch reported on a paradoxical situation that arose after yet another cyberattack by Chinese hackers on American telecom companies.
The point is that they used vulnerabilities created in accordance with US law. As it turned out, imperfections in the law gave cybercriminals access to sensitive data of citizens, including their Internet traffic and browsing history.
We are talking about the Communications Assistance for Law Enforcement Act (CALEA), adopted back in 1994. At that time, it was aimed at legally justifying the use of communications traffic for security, but years later it led to the fact that attackers were able to use it in cyberattacks.
Experts have long warned that creating “backdoors” that only allow law enforcement to access data will eventually lead to hackers using it.
The Chinese hacking group Salt Typhoon’s hack of giants like AT&T, Verizon, and Lumen was a clear example of this.
As Georgetown University professor Matt Blaze noted, this development was “inevitable.” In an interview with TechCrunch, he emphasized that any backdoor can be used not only by law enforcement but also by attackers, as the recent hack demonstrated.
Critics of legislative “backdoors” argue that you can’t create a system that is accessible only to the “good guys.” You need to be prepared for the fact that such legislative practices can become a target for hackers.
Riana Pfefferkorn, an encryption expert at Stanford, said that such laws endanger users rather than protect them.
It should be noted that the EU is also debating the need to weaken encryption to combat criminal activity, including the distribution of illegal content. However, security experts continue to warn that such measures only increase the risk of cyberattacks.
According to digital rights activists from the EFF, creators of communication tools must understand the shortcomings of legal backdoors and implement encryption by default.
“We and other privacy advocates have already achieved encryption of more than 90% of web traffic via HTTPS, which significantly reduces the risks for users,” the organization notes.
(the text translation is done automatically)
The point is that they used vulnerabilities created in accordance with US law. As it turned out, imperfections in the law gave cybercriminals access to sensitive data of citizens, including their Internet traffic and browsing history.
We are talking about the Communications Assistance for Law Enforcement Act (CALEA), adopted back in 1994. At that time, it was aimed at legally justifying the use of communications traffic for security, but years later it led to the fact that attackers were able to use it in cyberattacks.
Experts have long warned that creating “backdoors” that only allow law enforcement to access data will eventually lead to hackers using it.
The Chinese hacking group Salt Typhoon’s hack of giants like AT&T, Verizon, and Lumen was a clear example of this.
As Georgetown University professor Matt Blaze noted, this development was “inevitable.” In an interview with TechCrunch, he emphasized that any backdoor can be used not only by law enforcement but also by attackers, as the recent hack demonstrated.
Critics of legislative “backdoors” argue that you can’t create a system that is accessible only to the “good guys.” You need to be prepared for the fact that such legislative practices can become a target for hackers.
Riana Pfefferkorn, an encryption expert at Stanford, said that such laws endanger users rather than protect them.
It should be noted that the EU is also debating the need to weaken encryption to combat criminal activity, including the distribution of illegal content. However, security experts continue to warn that such measures only increase the risk of cyberattacks.
According to digital rights activists from the EFF, creators of communication tools must understand the shortcomings of legal backdoors and implement encryption by default.
“We and other privacy advocates have already achieved encryption of more than 90% of web traffic via HTTPS, which significantly reduces the risks for users,” the organization notes.
EFF’s experience shows that such measures inevitably attract attackers, so digital rights activists will continue to fight for high standards in the field of privacy and mandatory encryption of user traffic.
(the text translation is done automatically)
