AUTHOR ARCHIVES

Bruce Schneier

Bruce Schneier is a correspondent for The Atlantic. He writes about security and technology. His latest book is Liars and Outliers: Enabling the Trust That Society Needs to Thrive.
Results 1-10 of 19

We Still Don't Know Who Hacked Sony

January 5, 2015 FROM NEXTGOV arrow If anything should disturb you about the Sony hacking incidents and subsequent denial-of-service attack against North Korea, it’s that we still don’t know who’s behind any of it. The FBI said in December that North Korea attacked Sony. I and others have serious doubts. There’s countervailing evidence to suggest that ...

Did North Korea Really Attack Sony?

December 22, 2014 FROM NEXTGOV arrow I am deeply skeptical of the FBI’s announcement on Friday that North Korea was behind last month’s Sony hack. The agency’s evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the U.S. government would make the accusation this formally if officials ...

Did North Korea Really Attack Sony Pictures?

December 22, 2014 I am deeply skeptical of the FBI’s announcement on Friday that North Korea was behind last month’s Sony hack. The agency’s evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the U.S. government would make the accusation this formally if officials ...

Should U.S. Hackers Fix Cybersecurity Holes or Exploit Them?

May 20, 2014 FROM NEXTGOV arrow There’s a debate going on about whether the U.S. government—specifically, the NSA and United States Cyber Command—should stockpile Internet vulnerabilities or disclose and fix them. It's a complicated problem, and one that starkly illustrates the difficulty of separating attack and defense in cyberspace. A software vulnerability is a programming mistake ...

Don’t Listen to Google and Facebook: The Public-Private Surveillance Partnership Is Still Going Strong

March 26, 2014 FROM NEXTGOV arrow If you’ve been reading the news recently, you might think that corporate America is doing its best to thwart NSA surveillance. Google just announced that it is encrypting Gmail when you access it from your computer or phone, and between data centers. Last week, Mark Zuckerberg personally called President Obama ...

When Does Cyber Spying Become a Cyber Attack?

March 10, 2014 Back when we first started getting reports of the Chinese breaking into U.S. computer networks for espionage purposes, we described it in some very strong language. We called the Chinese actions cyber-attacks. We sometimes even invoked the word cyberwar, and declared that a cyber-attack was an act of war. When ...

Analysis: There's No Real Difference Between Online Espionage and Online Attack

March 7, 2014 FROM NEXTGOV arrow Back when we first started getting reports of the Chinese breaking into U.S. computer networks for espionage purposes, we described it in some very strong language. We called the Chinese actions cyber-attacks. We sometimes even invoked the word cyberwar, and declared that a cyber-attack was an act of war. When ...

The NSA's Surveillance Programs Aren't Making Us Any Safer

January 6, 2014 Secret NSA eavesdropping is still in the news. Details about once secret programs continue to leak. The Director of National Intelligence has recently declassified additional information, and the President's Review Group has just released its report and recommendations. With all this going on, it's easy to become inured to the ...

The NSA's Excuses Don't Hold Up

October 22, 2013 The basic government defense of the NSA's bulk-collection programs—whether it be the list of all the telephone calls you made, your email address book and IM buddy list, or the messages you send your friends—is that what the agency is doing is perfectly legal, and doesn’t really count as surveillance, ...

How NSA Uses Attack Servers Shows How It Thinks About Secrecy and Risk

October 4, 2013 FROM NEXTGOV arrow As I report in The Guardian, the National Security Agency has secret servers on the Internet that hack into other computers, codename FOXACID. These servers provide an excellent demonstration of how the NSA approaches risk management, and exposes flaws in how the agency thinks about the secrecy of its own ...