Wednesday 2 April 2014

Turkish ISPs are spying on Google customers

Google logo (Robert Scoble Flickr)
Turkish internet service providers (ISP) have attempted to intercept web user data passing through Google's domain name system (DNS) servers.
Google software engineer, Steven Carstensen said the company has received several credible reports of the ISPs' attempts to collect web user data in a public blog post.
"We have received several credible reports and confirmed with our own research that Google's DNS service has been intercepted by most Turkish ISPs," read the post. "Turkish ISPs have set up servers that masquerade as Google's DNS service."
F-Secure security analyst Sean Sullivan told V3 the focus on DNS servers is troubling as it could be used by intelligence agencies to collect data from across the globe.
"Logging DNS queries is an incredibly invasive thing to do," he said. "Monitoring and logging DNS gives the listener a history of every website or service that your computer and/or phone has ever interacted with."
The news comes just after Google rolled out a number of security upgrades designed to protect its customers' data.
Google adjusted its systems earlier in March to ensure Gmail messages go through an encrypted hypertext transfer protocol secure (HTTPS) connection. Google also began encrypting its customers' search data using the secure sockets layer (SSL) protocol.
Sullivan questioned the effectiveness of the new security features, pointing out that even with them the ISPs could still siphon some useful data.
"Your connection to sites and services might be encrypted, but it will be known that you used those sites. I believe it has been very well argued since June of last year just how much metadata can reveal about our lives," he said.
"Ideally, you don't want your DNS provider to log IPs any more than it needs in order to provide a stable service."
The ISP monitoring is the latest development in a spate of internet crackdowns in Turkey. Reports broke that the Turkish government attempted to block access to Twitter earlier in March.
The Turkish government is one of many known to have attempted to spy on web users by monitoring technology companies' systems. The US National Security Agency (NSA) gathered vast amounts of customer data from technology companies such as Google during its PRISM campaign.

No comments:

Post a Comment