Read on Twitter
COVID-19 has created—and continues to create—awe-inspiring intelligence collection opportunities.
Zoom would be a big part of that intelligence bonanza.
Zoom would be a big part of that intelligence bonanza.
Ex-NSA director Hayden revealed in 2016 how the US Air Force was hitting fibre optic cable heads during the invasion of Iraq to “herd” high-value signals into the sky, where comms could be intercepted more easily.
COVID is herding high-value signals into Zoom (and other apps)
COVID is herding high-value signals into Zoom (and other apps)
The virus is forcing an unprecedented number of leaders and managers to work from home, across all sectors, in business and in government, everywhere. Sensitive meetings of course didn’t stop; they moved to new platforms. The most important platform today is Zoom.
That makes Zoom (and comparable services) major intelligence collection targets, both for signals interception and for human infiltration. COVID-19 has made those targets of opportunity even more prized.
Now, Zoom says it’s end-to-end encrypted — in fact Zoom is not end-to-end encrypted.
This deceptive labelling means some, likely many users consider the platform more secure than it is. Outstanding reporting here by https://theintercept.com/2020/03/31/zoom-meeting-encryption/
This deceptive labelling means some, likely many users consider the platform more secure than it is. Outstanding reporting here by https://theintercept.com/2020/03/31/zoom-meeting-encryption/
I mean, the problem of third parties *openly* sneaking into Zoom meetings is so pervasive that the FBI’s Boston field office has warned of “zoom bombing” in classrooms https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
Also, security culture https://www.vice.com/en_us/article/k7e95m/zoom-leaking-email-addresses-photos
Now, China has highly capable intelligence agencies, with innovative tactics in signals intelligence and human intelligence collection.
Highly capable intelligence agencies have long targeted communication service providers in creative ways https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/
Highly capable intelligence agencies have long targeted communication service providers in creative ways https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/
Nearly one third of Zoom’s employees are in China (“more than 700”).
Yes, Zoom’s product development team is located in China.
Source: Zoom’s SEC filings (most recent 10-K).
Yes, Zoom’s product development team is located in China.
Source: Zoom’s SEC filings (most recent 10-K).
Don't do stupid things (via https://twitter.com/gordoncorera/status/1245093927465730060?s=20)
Important question here from Shiraz: most meetings and most users should be fine, I would think — but some government departments and businesses should be significantly more cautious, and move sensitive comms over to WhatsApp or, better, Signal https://twitter.com/ShirazMaher/status/1245353433017847810
^^^ That is if you don't have another choice and *have to* use an openly available messaging platform from home.
