Doomsday via Malware

Sometimes the most fascinating posts are found in blog comments rather than the main article. I found this bit of wisdom by the post’s author (Tor developer Mike Perry) but buried in the comments to his post PRISM vs. Tor (emphasis in original):

I truly believe that the use of weaponized exploits risks crashing the world economy. Software engineering is simply not prepared to deal with this threat.

With the number of dependencies present in large software projects, there is no way any amount of global surveillance, isolation, or firewalling could sufficiently isolate and protect the software development process of widely deployed software projects in order to prevent scenarios where malware sneaks in through a dependency into software that is critical to the function of the world economy.

Such malware could be quite simple: One day, a timer goes off, and any computer running the infected software turns into a brick.

This shit is a doomsday scenario on the order of nuclear conflagration, and anything short of global disarmament risks humanity or at least large sectors of the world economy losing access to computing for months or even years.

There is no M.A.D. scenario as a deterrent here either. Stockpiling more exploits does not make us safer. In fact, the more exploits exist, the higher the risk of the wrong one leaking — and it really only takes a chain of just a few of the right exploits for this to happen. There will also be no clear vector for retaliation. Moreover, how do you retaliate if you have no functioning computer systems or networks left?

If there’s anything we should be spending the NSA’s $10B+/yr budget on, it’s making sure key software development processes are secure against tampering, exploitation, and backdoors, not reading people’s fucking email.

End the madness before it’s too late.

For those that aren’t familiar with Tor, it is a volunteer project that protects user’s privacy online by encrypting traffic and randomly routing it through a series of relays. Originally developed for the US Navy, it is now used by a wide variety of people and is recommended by the EFF (Electronic Frontier Foundation). The post’s author, Mike Perry, is one of Tor’s developers.

This entry was posted in Hacking, Security. Bookmark the permalink.