Read

Error message

Notice: Undefined index: base_url in include_once() (line 125 of /home3/occupyco/public_html/dev/sites/default/settings.php).

User menu

Search form

U.S. Government Is Paying to Undermine Internet Security – Not to Fix It

U.S. Government Is Paying to Undermine Internet Security – Not to Fix It
Tue, 4/22/2014 - by Julia Angwin
This article originally appeared on ProPublica

The Heartbleed computer security bug is many things: a catastrophic tech failure, an open invitation to criminal hackers and yet another reason to upgrade our passwords on dozens of websites. But more than anything else, Heartbleed reveals our neglect of Internet security.

The United States spends more than $50 billion a year on spying and intelligence, while the folks who build important defense software — in this case a program called OpenSSL that ensures that your connection to a website is encrypted — are four core programmers, only one of whom calls it a full-time job.

In a typical year, the foundation that supports OpenSSL receives just $2,000 in donations. The programmers have to rely on consulting gigs to pay for their work. "There should be at least a half dozen full time OpenSSL team members, not just one, able to concentrate on the care and feeding of OpenSSL without having to hustle commercial work," says Steve Marquess, who raises money for the project.

Is it any wonder that this Heartbleed bug slipped through the cracks?

Dan Kaminsky, a security researcher who saved the Internet from a similarly fundamental flaw back in 2008, says that Heartbleed shows that it's time to get "serious about figuring out what software has become Critical Infrastructure to the global economy, and dedicating genuine resources to supporting that code."

The Obama Administration has said it is doing just that with its national cybersecurity initiative, which establishes guidelines for strengthening the defense of our technological infrastructure — but it does not provide funding for the implementation of those guidelines.

Instead, the National Security Agency, which has responsibility to protect U.S. infrastructure, has worked to weaken encryption standards. And so private websites — such as Facebook and Google, which were affected by Heartbleed — often use open-source tools such as OpenSSL, where the code is publicly available and can be verified to be free of NSA back doors.

The federal government spent at least $65 billion between 2006 and 2012 to secure its own networks, according to a February report from the Senate Homeland Security and Government Affairs Committee. And many critical parts of the private sector — such as nuclear reactors and banking — follow sector-specific cybersecurity regulations.

But private industry has also failed to fund its critical tools. As cryptographer Matthew Green says, "Maybe in the midst of patching their servers, some of the big companies that use OpenSSL will think of tossing them some real no-strings-attached funding so they can keep doing their job."

In the meantime, the rest of us are left with the unfortunate job of changing all our passwords, which may have been stolen from websites that were using the broken encryption standard. It's unclear whether the bug was exploited by criminals or intelligence agencies. (The NSAsays it didn't know about it.)

It's worth noting, however, that the risk of your passwords being stolen is still lower than the risk of your passwords being hacked from a website that failed to protect them properly. Criminals have so many ways to obtain your information these days — by sending you a fake email from your bank or hacking into a retailer's unguarded database — that it's unclear how many would have gone through the trouble of exploiting this encryption flaw.

The problem is that if your passwords were hacked by the Heartbleed bug, the hack would leave no trace. And so, unfortunately, it's still a good idea to assume that your passwords might have been stolen.

So, you need to change them. If you're like me, you have way too many passwords. So I suggest starting with the most important ones — your email passwords. Anyone who gains control of your email can click "forgot password" on your other accounts and get a new password emailed to them. As a result, email passwords are the key to the rest of your accounts. After email, I'd suggest changing banking and social media account passwords.

But before you change your passwords, you need to check if the website has patched their site. You can test whether a site has been patched by typing the URL here. (Look for the green highlighted "Now Safe" result.)

If the site has been patched, then change your password. If the site has not been patched, wait until it has been patched before you change your password.

A reminder about how to make passwords: Forget all the password advice you've been given about using symbols and not writing down your passwords. There are only two things that matter: Don't reuse passwords across websites and the longer the password, the better.

3 WAYS TO SHOW YOUR SUPPORT

ONE-TIME DONATION

Just use the simple form below to make a single direct donation.

DONATE NOW

MONTHLY DONATION

Be a sustaining sponsor. Give a reacurring monthly donation at any level.

GET SOME MERCH!

Now you can wear your support too! From T-Shirts to tote bags.

SHOP TODAY

Sign Up

Article Tabs

prison reform, incarceration rates, private prisons, for-profit prisons, white supremacy, enslavement, climate justice, racial justice, Green New Deal

The year 2020 has caused many white people to realize we live in a racist system. The Green New Deal is about systemic change for all, and deconstructing racism must be front and central in this agenda.

coronavirus pandemic, Donald Trump, Boris Johnson, Jair Bolsonaro, COVID-19 deaths, downplaying coronavirus

By infecting three of the world’s most right-wing leaders, the coronavirus underscored not only the incompetence and irresponsibility of their governments – but the truth that their brand of populism doesn't keep people safe.

COVID-19, corporate bailouts, corporate welfare, corporate destruction

Corporations are not "too big to fail" and, when they commit crimes, they are not "too big to jail." As David Whyte writes in his new book, "Ecocide: Kill the Corporation Before It Kills Us," the moment is now to rein in out-of-control corporate power.

The world has lost an incredible thinker and doer. I have lost an amazing friend. A void exists where before it was filled with David's optimism, humour and joy.

Kevin Zeese speaks at a rally for Chelsea Manning. By Ellen Davidson.

Kevin fought to bring truth every day. We must not lose this struggle.

prison reform, incarceration rates, private prisons, for-profit prisons, white supremacy, enslavement, climate justice, racial justice, Green New Deal

The year 2020 has caused many white people to realize we live in a racist system. The Green New Deal is about systemic change for all, and deconstructing racism must be front and central in this agenda.

coronavirus pandemic, Donald Trump, Boris Johnson, Jair Bolsonaro, COVID-19 deaths, downplaying coronavirus

By infecting three of the world’s most right-wing leaders, the coronavirus underscored not only the incompetence and irresponsibility of their governments – but the truth that their brand of populism doesn't keep people safe.

COVID-19, corporate bailouts, corporate welfare, corporate destruction

Corporations are not "too big to fail" and, when they commit crimes, they are not "too big to jail." As David Whyte writes in his new book, "Ecocide: Kill the Corporation Before It Kills Us," the moment is now to rein in out-of-control corporate power.

The world has lost an incredible thinker and doer. I have lost an amazing friend. A void exists where before it was filled with David's optimism, humour and joy.

Kevin Zeese speaks at a rally for Chelsea Manning. By Ellen Davidson.

Kevin fought to bring truth every day. We must not lose this struggle.