The case Crypto AG exploded in these days in Switzerland. Beyond politics, it’s interesting to see how malicious code can be sold together with devices and execute harmful actions without any knowledger by the user. See in the article why using open source software is a key to be able to defend from such threats.

Crypto AG was a Swiss company specialising in communications and information security. It was secretly jointly owned by the American Central Intelligence Agency (CIA) and West German Federal Intelligence Service (BND) from 1970 until about 1993, with the CIA continuing as sole owner until about 2018. With headquarters in Steinhausen, the company was a long-established manufacturer of encryption machines and a wide variety of cipher devices.

From wikipedia page

We dont want to talk about politics, governments and so on. We want to point out an important subject: how was possible to gather all private informations from devices by a technical point of view? This was possible because of malware introduced inside the devices.

Malware is simple some piece of code which has been encoded for purposes of be harmful to the user. The most of cases the user runs a device and does not know that a malware is installed and is operational on the device itself. In this case for example, preinstalled software was created to execute secret tasks without the knowledge of the device’s owner.

This is a risk we have also with mobile phones, tables, and so on: everyone of us, everywhere, ever. We cannot be sure of our computing devices and about the software we go to install there. So what to do?

This is why is very very important to use only open source software. Because in open source software we know what the system is running. We can inspect, check and audit the code and we can be sure that no malware is present and no piece of harmful code is running.

Open source software is a must today. Privacy is at risk and violating privacy is a great business for big companies. We have to prevent with precautions, signature checking, opensource software and great prudence in anything we do with a computing device and online.

When you are using your device for private date, be sure to:

  • initialize the device your self; Never use already initialized device or worse, used devices;
  • always run open source software;
  • always check signature of the software you install;
  • always check fingerprints of public keys used for signatures;
  • install only from reputable source, not from any website or source;
  • be ready to check online if vulnerabilities are found in the software you are running on your devices;

This is a small checklist to be aware of. In this world, your private data are the modern gold.