The United States Director of national intelligence has
acknowledged for the first time that agencies might use a new generation of
smart household devices to increase their surveillance capabilities.
As increasing numbers of devices connect to the internet and to
one another, the so-called internet of things (IoT) promises consumers
increased convenience – the remotely operated thermostat from Google-owned Nest
is a leading example. But as home computing migrates away from the laptop, the
tablet and the smartphone, experts warn that the security features on the
coming wave of automobiles, dishwashers and alarm systems lag far behind.
In an appearance at a Washington thinktank last month, the
director of the National Security Agency, Adm Michael Rogers, said that it was
time to consider making the home devices “more defensible”, but did not address
the opportunities that increased numbers and even categories of connected
devices provide to his surveillance agency.
However, James Clapper, the US director of national intelligence,
was more direct in testimony submitted to the Senate on Tuesday as part of an
assessment of threats facing the United States.
“In the future, intelligence services might use the internet of
things (IoT) for identification, surveillance, monitoring, location tracking,
and targeting for recruitment, or to gain access to networks or user
credentials,” Clapper said.
Clapper did not specifically name any intelligence agency as
involved in household-device surveillance. But security experts examining the
internet of things take as a given that the US and other surveillance services
will intercept the signals the newly networked devices emit, much as they do
with those from cellphones. Amateurs are already interested in easily
compromised hardware; computer programmer John Matherly’s search engine Shodan
indexes thousands of completely unsecured web-connected devices.
Online threats again topped the intelligence chief’s list of
“worldwide threats” the US faces, with the mutating threat of low-intensity
terrorism quickly following. While Clapper has for years used the equivocal
term “evolving” when asked about the scope of the threat, he said Tuesday that
Sunni violent extremism “has more groups, members, and safe havens than at any
other point in history”.
The Islamic State topped the threat index, but Clapper also warned
that the US-backed Saudi war in Yemen was redounding to the benefit of
al-Qaida’s local affiliate.
Domestically, “homegrown extremists” are the greatest terrorist
threat, rather than Islamic State or al-Qaida attacks planned from overseas.
Clapper cited the San Bernardino and Chattanooga shootings as examples of
lethal operations emanating from self-starting extremists “without direct
guidance from [Isis] leadership”.
US intelligence officials did not foresee Isis suffering
significant setbacks in 2016 despite a war in Syria and Iraq that the Pentagon
has pledged to escalate. The chief of defense intelligence, Marine Lt Gen
Vincent Stewart, said the jihadist army would “probably retain Sunni Arab urban
centers” in 2016, even as military leaders pledged to wrest the key cities of
Raqqa and Mosul from it.
Contradicting the US defense secretary, Ashton Carter, Stewart
said he was “less optimistic in the near term about Mosul”, saying the US and
Iraqi government would “certainly not” retake it in 2016.
The negative outlook comes as Carter traveled on Tuesday to meet
with his fellow defense chiefs in Brussels for a discussion on increasing their
contributions against Isis.
On the Iran nuclear deal, Clapper said intelligence agencies were
in a “distrust and verify mode”, but added: “We have no evidence thus far that
they’re moving toward violation.”
Clapper’s admission about the surveillance potential for networked
home devices is rare for a US official. But in an overlooked 2012 speech, the
then CIA director David Petraeus called the surveillance implications of the
internet of things “transformational … particularly to their effect on
clandestine tradecraft”.
During testimony to both the Senate armed services committee and
the intelligence panel, Clapper cited Russia, China, Iran, North Korea and the
Islamic State as bolstering their online espionage, disinformation, theft,
propaganda and data-destruction capabilities. He warned that the US’s ability
to correctly attribute the culprits of those actions would probably diminish
with “improving offensive tradecraft, the use of proxies, and the creation of
cover organizations”.
Clapper suggested that US adversaries had overtaken its online
capabilities: “Russia and China continue to have the most sophisticated cyber
programs.”
The White House’s new cybersecurity initiative, unveiled on
Tuesday, pledged increased security for nontraditional networked home devices.
It tasked the Department of Homeland Security to “test and certify networked
devices within the ‘Internet of Things’.” It did not discuss any tension between
the US’s twin cybersecurity and surveillance priorities.
Connected household devices are a potential treasure trove to
intelligence agencies seeking unobtrusive ways to listen and watch a target,
according to a study that Harvard’s Berkman Center for Internet and Society
released last week. The study found that the signals explosion represented by
the internet of things would overwhelm any privacy benefits by users of
commercial encryption – even as Clapper in his testimony again alleged that the
growth of encryption was having a “negative effect on intelligence gathering”.
The report’s authors cited a 2001 case in which the FBI had sought
to compel a company that makes emergency communications hardware for
automobiles – similar by description to OnStar, though the company was not
named – to assist agents in Nevada in listening in on conversations in a
client’s car.
In February 2015, news reports revealed that microphones on
Samsung “smart” televisions were “always on” so as to receive any audio that it
could interpret as an instruction.
“Law enforcement or intelligence agencies may start to seek orders
compelling Samsung, Google, Mattel, Nest or vendors of other networked devices
to push an update or flip a digital switch to intercept the ambient communications
of a target,” the authors wrote.
Culled from: Guardian UK
No comments:
Post a Comment