During the 1936-1939 Spanish Civil war, Madrid was under siege, the Fascist movement had four columns surrounding Madrid, trying to occupy it. General Fransisco Franco had additional assistance, however. A Fifth Column of loyal fighters resided inside Madrid and assisted his fight.
But the tactics of using a fifth column wasn’t Franco’s to begin with. Three millennia earlier, the Greeks waged war on Troy. Troy was under siege for ten years, until the Greeks came up with a brilliant idea. Sinon, one of the Greek warriors, was left behind with a large wooden horse. Sinon persuaded the Trojans to let him in with the valuable horse, and the rest was history. Troy lost the war since it let a Trojan Horse in, without inspecting it, without fearing consequences.
Back to the current millennium, just two years ago, computer giant IBM sold its personal computing division to Lenovo, a Chinese company with close relations to the Chinese government. That’s one of the reasons why fears rose in the US government, which inspected the IBM-Lenovo deal prior to granting it approval. However, approval did not, obviously, suffice; When the state department requested to purchase 15,000 PCs, fears of espionage came up, though obviously meaning the same PCs are now embedded with Trojan Horses.
The fears might and might have not came true, but in a recent hacking attempt to the Pentagon, China was to blame at first.
The fear from a hardware backdoor inserted is the real fear from a real Trojan Horse. when your computing system is made by third party vendors, you can never trust them in full to avoid harm and to take care of your best interests. For example, just a few weeks ago, Microsoft allegedly released an automated update that changed a component inside Windows Update. The ability to change a person’s computer without his knowledge or consent might appear strange prima facia, but may seem dangerous after a closer look.
Microsoft’s ability to change your operating system without your consent might (or might not) conflict with its EULA under clauses 2.3 and 2.4, but that is entirely not the point here; The main question is whether now, knowing that Microsoft may alter operating systems, and independently install features in it, any government authority should use Closed-Source OSes?
The same risk that the US Government was not willing to take when dealing with hardware might be more dangerous when we speak of software. When regular Trojan Horses could be blocked by firewalls, spyware detecting software or just plain sense, these backdoor Trojans may not even be at our sight. The same risk exists when dealing with any closed source code program, but dealing with proprietary software, but the OS, the core of all actions? That’s already absurd.
Microsoft, however, is not a state. It does not wage war on others, but it has its interests. Those interests might be at one with the US Government, with complaince to proper assistance regulations, or just made by setting instructions. The security of US citizens is safer after the latest OS features unspecified contributions from the NSA.
So? should you be worried? Is your privacy at risk now or am I just too paranoid?
On march 2006, following their confession, Ruth Haefrati and Michael Haefrati were sentenced for incarceration (C 40061/06 State v. Haefrati, Hebrew). The couple installed FTP Servers on personal computers in major corporations at the instruction of private investigators in order to grab screenshots, grab files and unlawfully enter another’s PC. If Microsoft could do the same thing, and harsher activities without any problem, were the couple justly punished?
What would happen if one of the ‘victims’ of Microsoft’s installation complain in the local police for “Unlawfully entering to computer material”, would the police officer, typing in his report to Microsoft‘s word, laugh at his face or would (in a very very theoretical but not absurd case) modify the complaint as one types it in?
Does Syria use Microsoft Windows on its PCs?
—
Image CC-BY-NC Cayusa