Spies are increasingly targeting IT staff to gain access to key elements of internet infrastructure and sensitive databases, NSA contractor-turned whistleblower Edward Snowden has warned.
The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.Read now
"It's not that they are looking for terrorists, it's not that they are looking for bad guys, it's that they are looking for people with access to infrastructure. They are looking for service providers, they are looking for systems administrators, they're looking for engineers," he said, speaking at the CeBIT technology show in Germany via a video link from Russia.
He added: "They are looking for the people who are in this room right now: you will be the target. Not because you are a terrorist, not because you are suspected of any criminal wrongdoing, but because you have access to systems, you have access to infrastructure, you have access to the private records, people's private lives. These are the things that they want. It is important for us to come together and prevent that from happening."
Snowden isn't the only one to warn that IT staff are being targeted by spies, although mostly the finger is being pointed at foreign intelligence agencies.
For example, the UK's M15 security service warned last year that IT workers have been recruited to help overseas spies gain sensitive personnel information, steal corporate or national secrets and even upload malware to compromise the network. Tech staff have even been warned to beware of 'honey pot' sex stings.
Snowden should know the power of the systems guy better than most as it was his role as a systems administrator which gave him access to the documents he subsequently leaked.
His warning is also a reflection of the unremarked power of the IT administrators inside organisations. Few companies are aware of the vast access that these relatively junior staff can have, but which is a better target, the systems adminstrator with access to every sensitive database or the CEO who still insists on having his emails printed out?
Snowden said the best way to protect privacy was through technology, because that remains a constant across geographical or political boundaries."That means end-to-end encryption; we have to protect communications while they are in transit, we have to improve the security of the endpoints and make this transparent to users," he said.
In a series of leaks over the last two years, Snowden has detailed some of the mass data gathering and surveillance programmes run by the NSA and its counterpart in the UK, GCHQ.
"We're seeing systemic attacks on the fabrics of our systems, the fabric of our communications... by undermining the security of our communications, they enable surveillance," warned Snowden.
By undermining the security and privacy technologies used online, Snowden warns that spies may make the public more vulnerable rather than safer.
"It doesn't just enable our intelligence service ... it allows foreign adversaries to do the same thing. This is a critical, critical principle when we talk about security and surveillance: there is no golden key that allows only good guys to read the communications of only terrorists."