Surveillance is a key part of security in a country, and comes in various forms from cyber surveillance to physical undercover infiltration of an organisation. Telephone calls and text messages have long been intercepted by governments and security agencies. This led to the rise of internet based communication platforms such as Skype, WhatsApp, and Telegram.
In the past decade there has been a rise in companies that provide surveillance technologies to various governments and agencies, specifically technology that allows them to hack into devices of targets. This means they can intercept messages direct from the device even before messages are sent. They are able to hack into devices, enable various input methods such as microphone and webcam.
Some countries like the UK and the US are able to fund in-house surveillance programs such as the GCHQ and NSA respectively. These mass scale surveillance is not about tracking/hacking people of interest who might be related to a crime, but about wholesale surveillance of every single individual without discrimination.
To be able to hack and track devices organisations like the NSA have software engineers that are dedicated to finding new ways to gain access to devices. NSA found many ways to hack into Windows devices and track them.
On the other hand consumer companies such as Microsoft and Apple etc. have to show to customers that they care about privacy and will not hand over all data to government agencies. So much so that when FBI found an iPhone belonging to the Boston bomber, Apple refused to hack the device for them. FBI did eventually find their own way to hack it. If Apple had given FBI the tools to hack its own device, it would lose many of its customers in a world where privacy is something rare than gold dust.
So when the NSA found a way to hack Windows it did not share this information with Microsoft, as it would reduce their hacking techniques.
Earlier this year The Shadow Brokers hacking group leaked code for a program called EternalBlue which was used by the NSA to hack into Window’s file-sharing protocol. It was only after the group leaked this info, did Microsoft find out the vulnerabilities and began to work on a fix. Of course Microsoft only patched the supported version of Windows, and the rest were ignored including the much widely used Windows XP and Windows 8. Big organisations such as the NHS where short outages leads to significant effect, and also because of poor funding, were unable to apply these patches within such a short time. Recent hacks like the “WannaCry” ransonware and the less well-known “Adylkuzz” cryptocurrency mining bug exploited this very vulnerability that the NSA used.
It might be argued that the cyber attack occurred due to governments’ evermore desire to carry out mass surveillance on their citizens. Surveillance of this degree is always controversial to say the least. The arguments are of morality, financial, and efficiency of such programmes. The controversial nature of it means that organisations such as WikiLeaks and individuals like Snowden will always try to leak information to unravel the secrecy of the world of surveillance.
What is for certain is that as long as surveillance organisations continue to develop ways to hack devices, the risk of large-scale cyber attack will persist.