We're going to use your toothbrush to snoop on you, says US spy boss

The Internet of Things is great for us, says James Clapper


The Internet of Things is a godsend for the US intelligence services, according to Director of National Intelligence and professional splitter-of-hairs James Clapper.

In prepared testimony [PDF] for the Senate Armed Services Committee, Clapper highlighted that "widespread vulnerabilities" in new devices represent "new opportunities for our own intelligence services."

Asked to give a report on worldwide threats facing the United States, Clapper started his testimony by specifically highlighting the Internet of Things (IoT) as a potential goldmine for surveillance – echoing a similar conclusion reached by academics last week.

"Smart devices incorporated into the electric grid ... can threaten data privacy, data integrity, or continuity of services," he said. "In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials."

His comments come following repeated warnings over the poor security standards included in smart-home products, even the most well-resourced and well-known. Recently, for example, the Ring doorbell leaked people's Wi-Fi keys.

Barbie, Samsung, Echo

The data from IoT products can potentially be hugely valuable. Many include microphones and motion sensors, for example, such as new smart TVs, kids' toys and voice-controlled products like Amazon's Echo.

It wasn't just the internet of things that Clapper is worried/excited about. He also references that artificial intelligence is provided a similar risk/opportunity. By meddling with or anticipating the results of algorithms, a huge number of AI systems "are susceptible to a range of disruptive and deceptive tactics that might be difficult to anticipate or quickly understand." On the flipside, however, they also "might create or enable further opportunities to disrupt or damage critical infrastructure or national security networks."

The rest of Clapper's report focuses on what and who you would expect to be cited in a "worldwide threats" report for the US Senate: China, Russia, Iran, North Korea, Iraq, Afghanistan, ISIL, etc.

Clapper was joined at the hearing by Director of the Defense Intelligence Agency, Vincent Stewart. Stewart approach the issue the other way around: listing the countries and terrorism threats first and referencing global cyber threats at the end of his prepared testimony.

Stewart did not reference IoT, but he did note that the recent "aggregation of bulk data," i.e., hacks of US government systems, "could be used to conduct pattern analysis, possibly exposing sensitive operations or relationships." ®

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • Minimal, systemd-free Alpine Linux releases version 3.16
    A widespread distro that many of its users don't even know they have

    Version 3.16.0 of Alpine Linux is out – one of the most significant of the many lightweight distros.

    Version 3.16.0 is worth a look, especially if you want to broaden your skills.

    Alpine is interesting because it's not just another me-too distro. It bucks a lot of the trends in modern Linux, and while it's not the easiest to set up, it's a great deal easier to get it working than it was a few releases ago.

    Continue reading
  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Slack-for-engineers Mattermost on open source and data sovereignty
    Control and access are becoming a hot button for orgs

    Interview "It's our data, it's our intellectual property. Being able to migrate it out those systems is near impossible... It was a real frustration for us."

    These were the words of communication and collaboration platform Mattermost's founder and CTO, Corey Hulen, speaking to The Register about open source, sovereignty and audio bridges.

    "Some of the history of Mattermost is exactly that problem," says Hulen of the issue of closed source software. "We were using proprietary tools – we were not a collaboration platform before, we were a games company before – [and] we were extremely frustrated because we couldn't get our intellectual property out of those systems..."

    Continue reading

Biting the hand that feeds IT © 1998–2022