Snowden: IT Workers Are Now the Target of Spies

Uploaded on 2015-03-25 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Spies are increasingly targeting IT staff to gain access to key elements of internet infrastructure and sensitive databases, NSA contractor-turned whistleblower Edward Snowden has warned.
    
"It's not that they are looking for terrorists, it's not that they are looking for bad guys, it's that they are looking for people with access to infrastructure. They are looking for service providers, they are looking for systems administrators, they're looking for engineers," he said, speaking at the CeBIT technology show in Germany via a video link from Russia.
He added: "They are looking for the people who are in this room right now: you will be the target. Not because you are a terrorist, not because you are suspected of any criminal wrongdoing, but because you have access to systems, you have access to infrastructure, you have access to the private records, people's private lives. These are the things that they want. It is important for us to come together and prevent that from happening."
Snowden isn't the only one to warn that IT staff can be the target of spies, although mostly the finger is being pointed at foreign intelligence agencies. For example, the UK's M15 security service warned last year that IT workers have been recruited to help overseas spies gain sensitive personnel information, steal corporate or national secrets and even upload malware to compromise the network. IT staff have also been warned to beware of 'honey pot' sex stings.
Snowden said the best way to protect privacy was through technology, because that remains a constant across geographical or political boundaries. "That means end-to-end encryption; we have to protect communications while they are in transit, we have to improve the security of the endpoints and make this transparent to users," he said.
When we look back at 2013 a decade from now, the one technology story that's likely to have the biggest long-term impact is the Edward Snowden revelations.
While there were major password breaches at Adobe, Evernote, and Twitter as well as the Healthcare.gov debacle, nothing rocked the IT world more than the 200,000 classified documents that Snowden leaked to the press, uncovering the NSA's startling digital surveillance programs that reach more broadly across the internet than even many of the most extreme conspiracy theorists would have feared.
While the U.S. government defends the program as court-supervised and a powerful tool that has thwarted terrorist attacks and protected citizens, there's no doubt that the Snowden revelations have had a chilling effect on the technology world.
Here are the three biggest impacts: 
    1. Organizations are re-thinking how to effectively encrypt their most sensitive data.
    2. International organizations are looking at ways to do less business with U.S. companies, since the NSA has direct backdoors into many of them.
    3. The brakes are being put on cloud computing by some organizations, as they consider whether they want their data so easily accessible to surveillance agencies.

ZD Net 1  http://ow.ly/KCNRI
 ZD Net 2  http://ow.ly/KCNYC

« After the Arab Spring, Surveillance in Egypt Intensifies
Latest Insurance Hack Affects 11 Million Customers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

HackerOne

HackerOne

HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

SlashNext

SlashNext

The SlashNext Internet Access Protection System (IAPS) provides Zero-Day protection against all internet access threats including Social Engineering & Phishing, Malware, Exploits and Callback Attacks.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

Prolimax

Prolimax

Prolimax deliver innovative solutions to IT Manufacturers, Distributors, Resellers and End-users including Data Erasure and secure IT Asset Disposition (ITAD)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

Ampyx Cyber

Ampyx Cyber

Ampyx Cyber (formerly Ampere Industrial Security) is an industrial security firm. We specialize in industrial control systems (ICS) and operational technology (OT) security.

Cyber Coaching

Cyber Coaching

Cyber Coaching is a community for enhancing technical cyber skills, through unofficial certification training, cyber mentorship, and personalised occupational transition programs.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

Everfox

Everfox

Everfox (formerly Forcepoint Federal) has been defending the world's most critical data and networks against the most complex cyber threats imaginable for more than 25 years.

Orca Tech

Orca Tech

Orca Tech brings together a portfolio of complimentary vendor in the IT security industry to help provide a complete solution to meet the requirements of our Partners across all sectors.