34 Tech Firms Sign Accord Not to Assist Government Hacking Operations

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
An industry group of 34 high-tech companies led by Microsoft, have signed today a tech accord, agreeing to defend customers at all costs from cybercriminal and nation-state cyber-attacks, but also not to provide any technical aid to governments looking to launch cyber-attacks on other countries, companies, or individual users.

Companies like Microsoft, Facebook, Cisco, GitHub, Arm, Cloudflare, LinkedIn, HP, Dell, SAP, Oracle, and VMWare have signed the agreement, titled the Cybersecurity Tech Accord, albeit some big names are notably missing, such as Apple, Google, Amazon, and Intel.
The accord wants to be the Digital Geneva Convention

The accord is the brainchild of Microsoft Chief Legal Officer Brad Smith, who's been talking for almost two years about the creation of a Digital Geneva Convention.

Smith has been advocating that governments should not target users and the private sectors as part of their cyber-attacks aimed at other countries. He's been pushing for the idea that tech companies should be more like the Red Cross, instead of pawns on the cyber-battleground.
........
........
Below are the 34 high-tech firms that signed the tech accord today. Many of them have published blog posts explaining the reasons they decided to sign today's tech accord.

ABB
ARM
AVAST
BITDEFENDER
BT
CA TECHNOLOGIES
CISCO
CLOUDFLARE
DATASTAX
DELL
DOCUSIGN
FACEBOOK
FASTLY
FIREEYE
F-SECURE
GITHUB
GUARDTIME
HP INC
HPE
INTUIT
JUNIPER NETWORKS
LINKEDIN
MICROSOFT
NIELSEN
NOKIA
ORACLE
RSA
SAP
STRIPE
SYMANTEC
TELEFONICA
TENABLE
TREND MICRO
VMWARE
 
F

ForgottenSeer 58943

<sigh> Remember, we must interpret this properly.. The wording says 'to not to provide any technical aid to governments looking to launch cyber-attacks on other countries, companies, or individual users '.. That should be interpreted loosely, they'll not attack, but says nothing about data mining, spying or telemetry sharing..

In the case of Trend Micro, since they are hip-merged with the CIA's primary contractor, that makes this declaration funny to say the least.

Not to be a spoil sport here, but there are a LOT of CIA asset firms on this list.. (Oracle, SAP, Trend, FireEye, etc) A good portion of the other firms are confirmed PRISM members, and others have somewhat less than loose associations with CIA/NSA.

This all looks more like lip service to me.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
<sigh> Remember, we must interpret this properly.. The wording says 'to not to provide any technical aid to governments looking to launch cyber-attacks on other countries, companies, or individual users '.. That should be interpreted loosely, they'll not attack, but says nothing about data mining, spying or telemetry sharing..

In the case of Trend Micro, since they are hip-merged with the CIA's primary contractor, that makes this declaration funny to say the least.

Not to be a spoil sport here, but there are a LOT of CIA asset firms on this list.. (Oracle, SAP, Trend, FireEye, etc) A good portion of the other firms are confirmed PRISM members, and others have somewhat less than loose associations with CIA/NSA.

This all looks more like lip service to me.
Well said. And AVAST recently signing a deal to go public with Rothschild you just couldn't make this stuff up.
 
F

ForgottenSeer 58943

Well said. And AVAST recently signing a deal to go public with Rothschild you just couldn't make this stuff up.

Are you kidding me? LOL

SAP on that list is HILARIOUS.. I know a 'guy' high up at SAP, tells me the place is largely a revolving door with spooks. SAP's compliance and integrity executive is an ex-clandestine CIA agent. Most of the IT security team at SAP are former CIA hackers..

I'll stop there and just say this entire list makes me cringe. Let's play a game.. Everyone on that list should be avoided and you are probably more private and better off.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
D

Deleted member 65228

Facebook signed the accord? Guys, April Fools has already been!

Facebook pretty much spend their money, time and other resources building the tools which can be very beneficial for the planning of a state-sponsored attack on countries, companies and individual users.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
Facebook signed the accord? Guys, April Fools has already been!

Facebook pretty much spend their money, time and other resources building the tools which can be very beneficial for the planning of a state-sponsored attack on countries, companies and individual users.
This list really is laughable isn't it. I'm going back to Kaspersky at least I know where I stand with the Russians lol.
 
F

ForgottenSeer 58943

Facebook signed the accord? Guys, April Fools has already been!

Facebook pretty much spend their money, time and other resources building the tools which can be very beneficial for the planning of a state-sponsored attack on countries, companies and individual users.

As I said.. I'd actually consider the list a good reference of who/what to avoid. Seriously. Take that list to heart, I'd wager every firm is largely either joined at the hip with US Intelligence, or already providing US Intelligence support.

Is this list another covert anti-Russian thing? Basically 'we'll protect you from those evil Russians', hoping people don't realize these are all basically US Intel partners with some minor exceptions? (F-Secure? Avast?)
 
F

ForgottenSeer 58943

This list really is laughable isn't it. I'm going back to Kaspersky at least I know where I stand with the Russians lol.

I'm very nearly convinced to go back to Ivan myself.

Also, Kaspersky is consistently the only firm other than Fortinet picking up all of the big phishing campaigns we're seeing lately, including ones we traced back to Russia. I have a few examples from today in fact.

Ivan keeps calling me.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
Is this list another covert anti-Russian thing? Basically 'we'll protect you from those evil Russians', hoping people don't realize these are all basically US Intel partners with some minor exceptions? (F-Secure? Avast?)

^^ You hit the nail firmly on the head there.
 
  • Like
Reactions: AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Not to be a spoil sport here, but there are a LOT of CIA asset firms on this list.. (Oracle, SAP, Trend, FireEye, etc) A good portion of the other firms are confirmed PRISM members, and others have somewhat less than loose associations with CIA/NSA.

This all looks more like lip service to me.

True. I think it's even phonier though. I mean you could mean this, but it looks to me like an attempt to steal some kind of pseudo-positive PR from the gloom and misery that must be beginning to take over the board rooms after Facebook's "face the nation". Hmmm, ...are they perhaps losing Congress and looking for a way to create some time to get it back?

I think the problem could be that some of these companies if not all have so much to hide about interference in the personal affairs of individuals that they simply cannot fathom admitting that software companies and governments should never do business with each other apart from a public contract. Can we know they haven't trafficked in personal data and ideas? Well, seems to me fair to want to know and to want to make sure it isn't possible. That said, This entire accord idea seems like a way to diffuse what is obviously growing public pressure to reveal what is happening behind the scenes. As @ForgottenSeer 58943 noted, nothing in the accord about personal rights...not that I am surprised. I will say my focus is generally on MS, but I appreciate that many others may be giving indications of "serving two masters" to some. I really appreciate the good input btw.

With American law, the fact that someone is ignorant of their rights being violated, is not justification for violating their rights. Also, ignorance of the existence of a law against a behavior is not available as an alibi for breaking the law. OK, law is sort of discriminatory in that it is applied as seen fit by the judge and/or jury who hear the case. However, all it takes is one judge or jury to decide that these companies (or any other) have broken a law to create an opportunity for jurisprudence for new interpretation of law to begin to take over. If these companies have sold out individuals for political power...wow. I hope not, but what if they have? So what? Could companies have taken advantage of ignorant ("stupid sheep") computer owners and put their personal property and ideas at risk...or worse...have used their data and ideas themselves for their own personal gain? Can we know? C'mon Congress...need a full audit and a full accountability of Microsoft's software and data exchange activities....LET'S GO. Either that or ramp up to explain to the powers in the orient why computers must become a thing of the past, because the industry will die if something isn't done soon.

Well, it looks at least to me like these companies started to buy into the notion of "the all powerful" U.S. government and that now they are attempting to find any way at all to stop the general public from finding out what has been happening->and happening with government sanction. It feels this way to me. The AT&T scandal back several years ago got to me. That Congress barely acted when AT&T was apparently caught red handed recording phone conversations and e-mail messages. There was acknowledged involvement in that case of the NSA, so what is anyone supposed to believe is going on here? Except now it feels like an attempt to hide...not an attempt to "go bigger" like so many things in the past. Guess we'll have to see what this Congress can do or is willing to do.

In Babylon they tried to build a tower. In the U.S., it was the NSA...with callous illegal surveillance tactics and brutal one handed dictatorial control of business and enterprise. In the process the CIA went to #%@, along with America's diplomatic infrastructure, which is sad as hell. Well, maybe the Facebook hearings could end up being like a gentle peck from a single piranha. You know that first shy one...just wants to know if it really is something? Hmmm. However, if there is meat in dark alliances (seems plausible to me) and if there is a dark alliance here,
there is going to be a stripped carcass where these companies and this accord now exist. A full feeding frenzy.

Well meaning law breakers----->no such thing under American law...

Something else. "Nobody's perfect, so the ends for the majority justify the means"----->NOT under American law in the case where a law is broken...

Culpability----->employers are culpable for the actions of their employees when they are on the job or are using company property (like a phone or computer? :) )...

Thanks so much to @Faybert for tracking down these headlines and for keeping us all posted and thanks to everyone here for sharing the information that gets tossed around. Really appreciate it VERY much...
 
F

ForgottenSeer 58943

True. I think it's even phonier though. I mean you could mean this, but it looks to me like an attempt to steal some kind of pseudo-positive PR from the gloom and misery that must be beginning to take over the board rooms after Facebook's "face the nation". Hmmm, ...are they perhaps losing Congress and looking for a way to create some time to get it back?

People have no idea of the workings of the corporate/industrial/military/intelligence state. If they did everyone would either pick up arms and immediately launch a rebellion, or they'd go into a psychosis and rock back and forth in the corner. The citizens are 'supposed' to stay in order, the very second you don't these people and their complexes are like pit bulls, they'll latch on and not let go, and they have the ability to screw up your reality in ways you cannot fathom. People think it's differentiated between active and passive surveillance and suppression, it's not, it's all active now, everyone is under the microscope and a finger is ready to press on anyone stepping out of line. They're all generally in collusion with each other at some level.

An example - some scientist finds out XYZ causes cancer. The industry has a file cabinet full of positive studies already done 'waiting' to be pulled out. So this scientist comes out and says he found out XYZ causes cancer. The industry pulls out counter studies and floods the media with the counter studies pushing the negative impact study off the front pages and very quickly - out of public view. Since the media is just another corporation and party to the same thing they are willing partners in all of this. Everyone plays along, most of the public never sees that XYZ causes cancer. SOMETIMES alternate media sites dig it up and start showing people, but they will try to suppress those sites. If those sites become more popular they'll try to get them blacklisted, labeled fake news, suppressed by 'legitimate' (AKA state controlled) media.

If anyone falls 'out of line' with the established reality shoveled into peoples faces they must pay the price. So let's say some XYZ company doesn't tow-the-line established by the controllers (Kaspersky). They'll try to buy them out if they can (Kaspersky is too big), they'll threaten them (Kaspersky doesn't like threats), and they will then usually pass laws, rules, regulations against them, and levy their corporate/industrial/govt. partners to act against them. It's a fairly well oiled machine. So when this happens you - Joe Citizen - should pay close attention to it. Everyone acting in accordance with the controllers should be noted. Those are the power players, the manipulators, the actors in all of this.

TLDR; This list is a sham, designed to save face, prempt congressional scrutiny. Designed as a 'feel good' pile of nothingness to satiate the public and counterbalance the 'worldwide' negativity that INCESSANTLY builds up hatred for the corporate/industrial/intelligence complex. Designed to keep the little man in order so he feels good. Facebook is probably behind this whole pile of nonsense but anyone signing onto it is probably just as guilty as facebook.
 
D

Deleted member 65228

If Microsoft were even considering taking any of this seriously, then they'd spend more time patching vulnerabilities being reported by Google.

The vulnerabilities they decide not to fix, they are just left open for exploitation, not just by state-sponsored actors.

The way I see it, deciding not to patch a vulnerability can be considered as helping a nation state actor target an individual user, a company or a country. Because an individual user, a company or an entire country government could be affected by the vulnerability.

Instead, they choose to constantly add more junk to the OS, like cloud-based clipboard sharing. Nice one Microsoft, that's a brilliant idea... but only if you are intentionally trying to leave people even more vulnerable in terms of private data exposure.

Also, anyone who signed these accords... they can be enforced via court order to hand data over depending on the data they collect and where they are situated. Providing data when enforced to, that will assist with the targeting of an individual user, company or country. The solution? Collect less data and clean collected data which is old. You can't share data that doesn't exist.
 
Last edited by a moderator:

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
If Microsoft were even considering taking any of this seriously, then they'd spend more time patching vulnerabilities being reported by Google.

The vulnerabilities they decide not to fix, they are just left open for exploitation, not just by state-sponsored actors.

The way I see it, deciding not to patch a vulnerability can be considered as helping a nation state actor target an individual user, a company or a country. Because an individual user, a company or an entire country government could be affected by the vulnerability.

Instead, they choose to constantly add more junk to the OS, like cloud-based clipboard sharing. Nice one Microsoft, that's a brilliant idea... but only if you are intentionally trying to leave people even more vulnerable in terms of private data exposure.

Also, anyone who signed these accords... they can be enforced via court order to hand data over depending on the data they collect and where they are situated. Providing data when enforced to, that will assist with the targeting of an individual user, company or country. The solution? Collect less data and clean collected data which is old. You can't share data that doesn't exist.
very well said.
 
D

Deleted member 65228

very well said.
It's just so ridiculous.

There are services saying they care about privacy and protecting the user, or even signing accords, but then the same ones go and stab innocent customers in the back. Even if they are not selling or sharing data with third-parties, just by collecting a lot of data on someone is bad... Every single service in the world can be breached one way or another, there is no silver-bullet. At all. There will always be someone/people out there with more experience, knowledge, luck, determination/motivation who will eventually accomplish their goal of corporate espionage, server breach, account login brute-forcing and other things. Therefore, just by storing lots of data for whatever purpose is leaving the customer vulnerable in the first place.

People must think I am some paranoid privacy person by now. No, I'm really not. I am just very concerned regarding the damage that can be done to honest and clean customers of services should their account get hacked by someone who decides to download their digital life since 2008. Why? Black-mail, identity theft for framing, targeted attacks...

Uber was hacked awhile ago, then they covered it up after paying a ransom and were eventually exposed. That for example... It wouldn't have been so damaging that they had been breached if they hadn't collected so much data in the first place. The fact that they collected the amount of data they did is what made the attack damaging to their customers, it leaves their customers vulnerable and the worst part about it is that the customers likely cannot do anything about it later down the road.

There's plenty of examples out there on the web.

If a company is serious about protecting their customers and the data of their customers then they should be focusing on reducing the amount of data collection, reducing the amount of sharing of data and re-assessing which data they are sharing with third-parties, cleaning out old data, etc. The less data that is available, the less damage that is done when data is exposed.

Services require data collection sometimes to improve their service and introduce new features, I understand that. However, that doesn't mean you need to hide the important facts in a huge privacy policy contract and keep it stored forever, you should let the customer decide and when to delete that data from the servers and all backups of it, no questions asked... IMO.

So not all services collecting data are monsters, most companies DO collect data. There's no way to use services and stop data collection really, especially not for a normal user. And a user might WANT to allow it to use a feature they helps them, it depends.

However, the more data that is collected and stored, the more vulnerable the customer becomes. Whether they agree to it or not is irrelevant, it doesn't change the fact that they become more vulnerable as the service collects more data and stores it. Regardless of encryption.

[Personal opinion, same as the previous post]
 
D

Deleted member 178

People have no idea of the workings of the corporate/industrial/military/intelligence state.
and they don't even care, i always found American citizens very naive (with all respect) , when i was in school there, i could BS them 10 times more than people from my country ^^
It is why i wasn't surprised when Terminator or Trump were elected...
 
F

ForgottenSeer 58943

and they don't even care, i always found American citizens very naive (with all respect) , when i was in school there, i could BS them 10 times more than people from my country ^^
It is why i wasn't surprised when Terminator or Trump were elected...

That's a useless generalization that ANYONE could make about ANY country. So you ran into a few people you could BS? Great.. So what does that say about you if you are trying to BS people? :unsure: Barring actual evidence or study being conducted this statement is merely conjecture. Also keep in mind the US ranks 9th overall in the world in average IQ and most of what you probably enjoy was invented in America. 90% of the worlds countries have contributed virtually nothing to the world.

Trump was elected based on a few basic but very important principles such as securing our borders, lowering taxes, and encouraging re-vitalization of our industrial structure. That's about it, those are what is important to people and given what is happening with the lack of borders elsewhere, maybe American's are actually the smart ones.

All of that aside, I wasn't exclusively referring to US Citizens.. 'People' means everyone, because rest assured, wherever most people are (with few exceptions) they are still contending with the same world power players.
 
F

ForgottenSeer 58943

However, the more data that is collected and stored, the more vulnerable the customer becomes. Whether they agree to it or not is irrelevant, it doesn't change the fact that they become more vulnerable as the service collects more data and stores it. Regardless of encryption.

Critical point here.. Just simply collect less data and everyone is better off. Hence why Fortinet essentially allows you to disable ALL data collection from ALL products/services/software.. Don't want anything collected? No problem, tick a few boxes and we're all better off.

The constitutional lawyer in our family brought up a good point to me. By using US Products/Services we come under US Consumer Protection Laws, Regulations, Acts and the Constitution itself. It's incredibly illegal for the US Govt. to gather intelligence on local citizens without probable cause and due process. But if you start using offshore based products/services, you vacate yourself from legal protection because your data sudden becomes the possession of a foreign actor.

Case in point, if you are using a US-Made, US-Stored cloud backup, a US Citizen comes under direct protection by US Law. But if you are using a Russian based cloud backup service your data is offshore, and now subject to US Intelligence gathering, and you've abdicated your legal protection to some extent. He reminded me that it is a constitutional violation to unmask a US citizen without a court order and that citizen will need to be talking to a FORN entity for the court order to have merit. Similar to how a NON-US Citizen would be using a US-Based product, they have no legal protection whatsoever.

Maybe American's should switch to Norton.. AHAHAH
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top