Uncertain Future – Part VII – State Sponsored Cracking

Now that we have thoroughly made it clear that there is no place left safe on the internet for the common individual, or even major corporations and government organizations, what about the governments themselves? What role do they play in this story.

To begin with, let’s talk about Hacking Team. Hacking Team is a company out of Milan that deals in “offensive intrusion and surveillance” capabilities. This includes the ability to monitor communications of internet users, decipher encrypted files and emails, record Skype and VoIP phone calls, as well as remotely activate microphones and cameras on the devices they target. Their primary clients include governments and major corporations, including a few governments with shady human rights records. Basically, they are the most terrifying conspiracy theories on the internet come to life.

Hacking Team are leaders in the growing industry to help governments hack in ways that make the rest of this article look like child’s play. The Hacking Team gives its clients, through use of their Da Vinci and Galileo platforms the ability to do everything from keystroke logging, GPS tracking on cell phones, and extracting wifi passwords, among many other capabilities. [31] Perhaps most interesting is their ability to steal data on local accounts, contacts and transaction histories by decrypting Bitcoin and other cryptocurrency wallet files. [32]The tools they use, or rather sell, have been used by governments to… well… you’ve seen the movies. Before you start getting up in arms, you might want to check their previous clients, regimes such as Sudan, Bahrain, and Saudi Arabia, and have been accused of being used against activists and protesters in Morocco, Syria, the United Arab Emirates. [33]They even basically serve as the intelligence agency of the Uganda. Some of those relationships landed them in hot water with the UN. To make matters even more frightening, the Italian company maintains two satellite offices within the United States, one in Annapolis and another in Washington DC. That shouldn’t lead people think this relationship buys the US anything though, since Hacking Team is suspected of selling tools to clients in Turkey who used it on a woman in the US [34]and is now suspected of selling their technology to Syria, as well.

What’s put Hacking Team in the news now? Perhaps unsurprisingly at this point, they too were also hacked in 2015. At some point their network was breached and published online – over 400 gigabytes of data. Like I said before, no one is safe.

Hacking Team’s fate, while ironic, only served to open the eyes of millions to existence of real companies whose only profession is equipping governments with the tools to break down any wall, crack any password, end any online uprising, and own our digital lives. For an example, let’s start with something small, like a foreign government hacking into a major American company to determine what media Americans and the rest of the world were allowed to see.

You know, I’ve always wondered if any of the “A movie they don’t want you to see,” advertisements were ever real. Turns out, there was one that absolutely was. In late 2014, Sony pictures planned to release a movie about a talk show host invited to North Korea. Oh, and he tries to assassinate the dictator. It was an okay movie, but honestly, not something you would watch twice on purpose. Where things went terribly, horribly wrong was when Sony pictures suddenly pulled the movie. In the weeks leading up to the release, the North Korean government expressed their “disapproval” of the film. With its ending scene depicting the violent death of their glorious leader, the North Koreans demanded the movie never show… or else. Whatever, we’re Americans, or sort of. Sony Pictures was in America at least. What are they really going to do, bomb us?

No, they didn’t bomb anyone. Instead, what they did was hack Sony Pictures. In that breach, they stole data that included personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, and other information. They threatened to release the information, which any of it could have been deadly to the company, from its employee’s information to scripts of movies that haven’t been made. What happened next?

Sony pulled the film.

Not long after, popular demand, and there was a lot of us who now demanded to see this movie, made it available for streaming. Eventually, we were all able to get our fill of the death of the most infamous man alive, but it cost us. The Guardian called the event a massive defeat on American soil and the message was received, international government sponsored hackers can scare Americans into doing whatever they want.

It pissed us off as it introduced a new word into our collective lexicon: Cyberwarfare.

Advertisements

Uncertain Future – Part VI – If the Feds Aren’t Safe, What Makes You?

Ok, so maybe various versions of making people look bad on the internet aren’t nearly as terrifying as legitimate terrorism, but what about the presence of true cybercrime, those who use the internet with no agenda for reform, no desire for publicity, and who 99% of the time, you never knew existed? What about when the threats aren’t out to make you think about some subjective moral wrongdoing, but steal your money and ruin your life. What’s really scary is that no one is safe – quite literally no one. Not even the director of the United States Central Intelligence Agency.

A group of young hackers, using rather unsophisticated methods, broke into the CIA Director John Brennan’s personal email. So that we are all aware, the director of the CIA is the guy in charge of all US spies and one would thing be well beyond the reach of hackers… especially a group of teenagers. Much to the chagrin of the US government, he really wasn’t. This one, however, wasn’t really his fault. The method the hackers used was to implement a tactic that predates modern computing by only a few thousand years. They pretended to be people they weren’t, tricked a Verizon worker and got Brennan’s email password changed the old fashioned way… by lying. The term they used is “social engineering”. While they didn’t find much, they did find were some documents important to him. Then they bragged about it on Wired. While all of us think this one is hilarious, if a story turns up about a few of these kids turning up missing in a couple of years when no one remembers their antics… don’t say this wasn’t foreseeable.

The same group were responsible for this breach also targeted the FBI… because they are just ballsy I guess… and broke into portals used by police and federal agents to share intel. The site is also used to book suspects, and while it isn’t known how much was taken, hundreds of thousands of users may be vulnerable, many already being leaked following the hack.

2015 saw attack after attack like these, and some of the most massive breaches to internet security the world has yet seen, all with little other incentive than stealing money, stealing information, and extortion. Like my fictional spy from the future, there are many who profit heavily from the information you keep secret. Over the course of the last year, it is estimated that some 70% of the US population experienced some form of cyber attack and over 2.1 billion internet users worldwide.   In a Verizon Study of 90 Security breaches, there were 285 million data exposures. Unsurprisingly, attacks are getting much more advanced, with hackers sometimes using multiple attacks simultaneously to succeed in a breach, such as malware, brute force, and SQL injection. Furthermore, 74% of the attacks were external, meaning that 26% were executed from within the companies we are trusting with our data.  [21]In a related vein, but just as disturbing, we are now seeing more breaches being discovered by employees than outsiders. Traditionally, these sorts of attacks were discovered by feds or other companies detecting the irregularities. [22] Now, it is much more likely that when you’re breached, you’ll be the first to know… which for some of us, isn’t that comforting.

Depending on how you look at this, it could either be welcome news or utterly terrifying. On the one hand, this means that internal security is at least able to grow to the point that they become aware of their own breaches. On the other hand, it means that the number of breaches, and all the possible avenues of failure have become so numerous, that no government agency can possibly be aware of the threats anymore, let alone protect us from them.

The next troubling discovery, this one from the 2014 report, was exactly how big the hacking business is. In spite of the whole last section of activities by groups such as Anonymous, malicious hackers working with financial motives still account for some 60% of cyber crime. Corporate spying, those seeking intellectual property and trade secrets accounted for some 25% (up from previous years). Those hackers who were not set on serious crimes (you know, for the lulz) or hacktivists with some ideological agenda, in spite of all the news, accounted for next to nothing. [23]That means that in spite of internet hacktivists publicised achievements, the vast majority of illicit attacks happen for no other reason than to rob of us of something precious.

Some of the biggest of these hits last year:

  • Excellus Blue Cross/Blue Shield – 10 million records lost including names, birth dates, social security numbers, mailing addresses, financial accounts, and claims information [24]
  • Anthem Health Insurance – Access to 80 million current and former customers names, Social Security numbers, birth dates, addresses, and income data [25]
  • Experian – 15 million T-Mobile customers names, addresses, birth dates, drivers’ license ID numbers, and passport numbers. Encrypted Social Security numbers were also stolen, which may provide some measure of safety, but the company warned that encryption may have been compromised [26]
  • Scottrade – 4-6 million customers contact details compromised [27]
  • CVS, Walgreens, Rite Aid, and Costco – millions of customers’ credit card, email, postal addresses, phone numbers, and passwords. [28]
  • Donald Trump’s hotel chain – many thousands of guests’ credit card data [29]

Several people probably noticed that last line and thought to themselves, “Ha, that will show the asshat.” Well, we need to think about that one again, don’t we? Who was hurt by the breach at Trump hotels? Innocent people. Really think about who these people are who are hurt; people who slept at a place. Imagine yourself, really just you, getting a hotel anywhere in the world, never really thinking about the guy whose name is on the side of the exterior wall and if one day he may potentially run for President of the United Freaking States. No, you just slept in a place and now your information is floating around the internet by people who are trading it for money. So to those who are getting their lulz right now from finding out that the “Orange carpeted clown” got pwned (“laughing hard at the misfortunes of Donald Trump” for those not accustomed to the vernacular of the lower internet), you’re real a-holes.

To illustrate this point, as shown already, some the biggest breaches didn’t steal money directly. The big payoff was information. Hackers who can get access to data about real people, not just one, but millions of people at a time, are the biggest scores in the illicit industry of online invasion. Stealing a whole database with customer or employee names, birthdays, SSNs, or any other useful private information can open the door for those people to be targeted later for individual attacks. These attacks may be for money, or they can be for more information, perhaps even national secrets, incriminating information for blackmail, or worse. Often, this information is collected and merged into larger databases, where users are profiled and where that which is stolen can be used against them in some of the most terrifying ways imaginable later… like a hack on the Internal Revenue Service.

The IRS is a common target of hacking. As the central collection agency for all taxes of all people of the United States, it is one of the largest gold mines ever created. In 2015 it suffered the largest breach in its history. It acknowledged that hackers had gained access to view more than 300,000 previous tax returns. They did this through a tool made available by the IRS called “Get Transcript”. Get Transcript allows users to view old returns. The safety in this system is that it requires numerous layers of identifying information to access Get Transcript and view those old returns. The types of information needed: names, social security numbers, birthdates, addresses – the very same items stolen from the other hacks mentioned above. This means that the hackers were able to make one of the largest internet heists in history, only through access of stolen information, gathered, collected, and organized by other hackers in a cyber black market where your information is the most valuable and most traded commodity there is.

Relying on personal information — like Social Security numbers, birth dates and street addresses — the hackers got through a multistep authentication process. They then used information from the returns to file fraudulent ones, generating nearly $50 million in refunds. [30]

That means that each of the victims were hacked not once, but twice. The big takeaway from the 2015 IRS Hack is that there is growing evidence of the existence of something we are all afraid of. Databases out there that are growing day by day, where cells of each of our data are collected and merged without our permission or our knowledge, and that these databases are being traded by people across the world, with no good intention for us. This leads many to believe in a future decades from now which has no secrets, where all of our information is direct and open to the public. For those of us with bank accounts, street addresses, or children, that’s not the idealistic image of an open society that some would paint. The fact is, we live in a state of danger everyday because of the secrets we entrust to others. In the next few decades, for companies to remain viable, they are going to have to prove they can be trusted with our information. More so than this, if we ever want to feel safe again, perhaps the most valuable enterprise in the future of internet security might not be the next guy who is able to steal our information, but the first guys who figure out how to get it back.

Uncertain Future – Part V – Hactivism


Having said that, there is more power to the open internet than you think. Your private information, while important to you for reasons shown in the previous section, is very little compared to what organized groups with an agenda are really after – complete system change. These groups have proven the means to bring down massive sites and even fight terrorism. Of course, they have also cost thousands of innocent people their personal information, destroyed companies, and ruin marriages, along with more than a few lives.

To begin, one needs to look into the (perfectly named) Ashley Madison Affair [13]. Ashley Madison was and is the internet’s largest website for cheating. Literally, that’s all they do is help people who are married cheat on one another. After a savvy campaign including talk shows and clever advertising, one which brought tons of open scorn, but just enough silent attention to keep the profits rolling in, a group calling themselves, “The Impact Group” decided they weren’t amused with the salacious shenanigans. The Impact Group researched Ashley Madison and found it to be under the ownership Avid Life Media, which also owns other hookup sites like Cougar Life and Established Men, which they claimed supported prostitution and human trafficking. When Ashley Madison reported that they offered a service to completely delete the accounts of users no longer interested in their services, the Impact Group moved out to show that this service wasn’t all it was cracked out to be. 37 million disclosed users later and the site which sold itself on discretion, was in the midst of its worst nightmare.

The impact group is only one such online Robin Hood alliance which exists. Others out there have proven themselves time and time again to be able to affect change, either through direct action, or the threat of it via hacking individuals, corporations, and even governments. One such group calls itself, aptly enough, Anonymous.

Wikipedia describes Anonymous as a loosely associated international network of activist and hacktivist entities. A website nominally associated with the group describes it as “an Internet gathering” with “a very loose and decentralized command structure that operates on ideas rather than directives”.

To understand them further, a group of users of various internet forums Reddit and 4Chan, all functioning under anonymous user names began coordinating efforts towards various political and social agendas. Conversation in the all anonymous sites would form, ranging on the spectrum of enlightened social commentary and debate, to outright bigoted hate groups. Within these conversations, like minded leaders would collectively pool resources, and take the conversation into a more private level.

To use a metaphor, the internet is a single massive room where everyone is screaming to be heard. The chaos and confusion that follows allows a small group to gather by a wall, completely visible to anyone who were to look, and speak openly to where anyone could listen, but their voices still lost because of the constant noise of internet traffic, entertainment, and news. In these “private open sessions” the leader groups came to a consensus of some action which should be taken. Among them were many who were legitimately talented crackers, the term for internet hackers with malicious intents. Their skills, along with a few who just executed their wishes, were able to achieve some crazy results. From here, the cell would plan an operation, in their parlance, and if successful disintegrate back into the crowed. From there, they may join a new operation, or never be heard from again. For this, they describe their movement as “leaderless.”

In the beginning operations or “attacks” ranged on the low end with benign acts of internet weirdness, such as the when hundreds of Anons gathered in an online Finnish Hotel with identical black avatars, forming swastikas and closing down the pool due to “fail and AIDS”. A bit higher up were a few high profile “operations” including attacks on the Church of Scientology,  Recording Industry Association of America and the Motion Picture Association of America, various international copywriting offices, Paypal, and eventually Sony’s Playstation Network.

The group’s preferred method of attack were a series of well-publicized publicity stunts and distributed denial-of-service (DDoS). A DDoS attack is one in which an asset is bombarded with fake traffic, slowing down the service or bringing them down all together. Consider a telethon for kids with cancer or adopting puppies. A version of a DDoS attack (by seriously mean people) would be hundreds of people who all collectively call in with prank calls, tying up all the operators, thus making it impossible to actually take real donations. On the internet, this is done through special programs written to cause a single normal device, such as the phone or computer you are reading this article on, to send false traffic to a website with its spare processing power in the background. Your devices are actually quite powerful and the spare processing power can generate a lot of worthless traffic for the receiver. This is often compounded through the use of botnets, programs which control many devices, sometime thousands, with or without their owner’s consent, all generating traffic to bring down the target websites or online assets. Technically, this attack is harmless, unlike uploading a malicious computer virus, as all effects end the moment the attack stops. The servers go back to operating as normal, no harm done… except for the millions lost through down time and breaches in their security.

Of course, this is all extremely illegal. Many anonymous members found that their movements weren’t as secretive as they believed. Various Anons were jailed or suffered massive fines for their infractions. Sadly, many of the people who suffered the most were not leaders in the movements, or operations, but people who didn’t understand the risks and were just acting under instructions from other Anons more versed in what could go wrong. One example of this is Dmitriy Guzner [14], a 19 year old American given a one year prison sentence for attacking a protected computer. It was around this time that Anonymous truly began evolving in an attempt to be more than just internet pranksters. Seeing many hauled off to long prison stays saw the movement break into various camps; namely those motivated for ideological reasons and those seeking to provoke for entertainment, ie. trolls for the lulz.

Following this period of internal rebranding, and backed by energy gained through the Occupy Wall Street Movement [15], there was some realistic clout to those who participated in the online actions. Brought together by the idealistic sides of Anonymous, operations became more complex, as legitimately talented media experts, artists, videographers, and yes, more hackers, were able to add their capabilities to spread their message and their actions. In the next few years their major operations were more focused and even altruistic. Charitable actions included events like #OpOkand Operation Safe Winter, as well as attempts to intervene in what they viewed as unlawful police brutality, attacking the KKK, and taking down child pornagraphers[16]. Most recently, in an attempt to fight back against the growing threat of Islamic fundamentalism and Middle East born terrorism, operations like #OpSaudi and#OpISIS, sought to disrupt funding for the Islamic State and their vast online propaganda presence. According to some reports, as many as 20,000 accounts on Twitter of ISIS affiliates and recruiters have been brought down [17], as well as the hundreds of websites, and the releasing of ISIS recruiter’s personal information including their home address.  [18]

While many question Anonymous as nothing but a bunch of unaccountable internet pranksters with various and chaotic agendas, others are impressed by their power and the complexity their operations are taking, if for no other reason, than the attention they are able to garnish for their causes and themselves. Others, however, aren’t happy with what they are considering a virtual lynch mob. Some are leaving the group for its rather chaotic history of attacking innocent people, which have included people in the random databases Anons have gained access to, as well as anyone who speaks badly about Anonymous. [19]

“When I started with Anon I thought I was helping people but over the past few months things inside anon have changed,” the hacker said in a statement posted to the Web. “I am mostly talking about AntiSec and LulzSec. They both go against what I stand for (and what anonymous says they stand for). Antisec has released gig after gig of innocent peoples information. For what? What did they do? Does anon have the right to remove the anonymity of innocent people?

At least one commentator went so far as to consider them the living embodiment of George Orwell’s thought police from his classic science fiction 1984.  [20]There thinking anything against the Party was deemed a criminal act – a “thoughtcrime”, which brought about arrest and rehabilitation (read that as torture) under the Thought Police.

1984 is considered a definitive cautionary tale, but what makes Orwell’s masterpiece particularly terrifying is how close 2015 mimics Orwell’s dystopian fiction. You see it in hacktivist groups like Anonymous, commentary shows like The Hannity Show, and online across social networks, the Thought Police has become a reality. If you are outside of their thinking, you become Public Enemy #1 and must be destroyed.

What this means for businesses and organizations is yet another threat to security which has to be accounted for. No one knows when something they do, or some policy they have, will catch the attention of Anonymous, or any other major group of like minded internet anarchists to bring about action in numbers that the government can’t actually do much about. You never know what kind of vulnerability you have until 10,000 angry hackers start inspecting the cracks in your walls.

Uncertain Future – Part II – Information Security

Information Security

Not every bad thing can kill you. Oh sure, there are many things that can still ruin your life, but most won’t kill you.

Something that has remarkably changed in last twenty years is something that didn’t exist twenty years before it – online security. The information we publish online about ourselves, the groups we associate with, and even our country, can devastate our lives, or even the lives of people we will never meet. This is so true, that to sign on to read this article, you no doubt had to fill out at least four passwords. Then there is work email, phone keys, banking password, anything associate with a bill, your firewall software (that one’s ironic) and anything with the Apple logo that assumes anyone with fat fingers are criminals and forces you redo your freaking password every single time I try to buy a song… legally (that’ll teach me the punishment for being good.)

In fact, the information that exists in the open is an entire field of spycraft. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. It is the science of gathering executable knowledge to use against someone which they have willingly left available to the world. That’s not true, some of that knowledge could be stolen and published already, without the subject’s knowledge, and certainly without their permission. In my book, The Next Warrior, which deals with exploring the real way technology will change the face of warfare in the next few decades, this concept is explored with a young female spy named Samantha Avery. In 2026, Avery isn’t like the modern day spies, case officers that are employed by the CIA. She sits at a desk and gathers information at her comfortable office outside Washington DC. What makes her special is the ability to find and pool vast databases and other intelligence sources hidden throughout the internet to decipher useful information and patterns her clients are willing to pay desperately for. Why is this special in 2026, when we have Google today? One might only look back to 2006, when there were only 85,507,314 websites in existence. For a better understanding of how much things have changed, as I write, there are 998,253,877[1], just shy of a billion. Sure Google will still be a valuable tool, but as the rest of this section will show you, the information you can access via Google is limited. Beyond the reach of search engines is information hidden in the dark web, databases and forums which house classified, illegal, or personal information that some would pay well to know, or for Avery’s case, just pay well to know what to do with it.

That said, Cyber Security is already a big deal today. The world isn’t waiting for 2026 when Supersleuthes have already mastered the art of unburrying skeletons. Between personal invasions of privacy, to massive breaches of corporate firms and even national governments, the industry surrounding cyber security has exploded to levels we haven’t seen ever. In the future, this will be even more true. When we consider the other answers, which show a future possible (almost certain) marriage between our electronics, communications, cars, homes, and entertainment unseen today, and add with them more levels of privately controlled automated drones, our augmented reality suites, driverless everything; all at work, school, home, and at play, security analysts cringe at the myriad of ways in which these technologies will interlock and overlap – each time creating a new vulnerability and entry into our own private motherload of personal information. In truth, swarm technology and the internet of things is a terrifying concept, because with each new device that enters our sphere of influence, we experience a new breach point to our data, one that hackers can use to enter into our lives.

Take Nicholas Allegra. He’s a hacker who makes a hobby out of defeating Apple’s best and brightest security chiefs.  [2]

“It feels like editing an English paper,” Allegra says simply, his voice croaking as if he just woke up, though we’re speaking at 9:30 pm. “You just go through and look for errors. I don’t know why I seem to be so effective at it.”

Going by the hacker name Comex, Allegra created the JailbreakMe code, which allowed millions of users to upload any applications they wanted to Apple’s infamously restrictive devices. The way he did it was through exploiting a bug in how Apple’s mobile operating system iOS handles PDFs fonts. That allowed him to both locate and repurpose hidden commands. That critical flaw allowed a series of exploits that not only gains… blah, blah, blah, technical nerd jargon. The point is, this kid was able to publish code allowing millions of people to manipulate their phone against the creator’s wishes because of the way the phone read fontson pdfs.

“I spent a lot of time on the polish,” Allegra says with a hint of pride.

As I said before, these sorts of security failures aren’t limited to phones. In the next era of technological revolutions, new methods will open to new exploits in the same way that a 19 year old can crack the world’s safest phone. In a further example of how more tech means more problems, security researcher Nils Rodday is preparing a demonstration for the RSA security conference in San Francisco that will show how he is able to hack and take control of police drones from more than a mile away. [3]

“…flaws in the security of a $30,000 to $35,000 drone’s radio connection allow him to take full control over the quadcopter with just a laptop and a cheap radio chip connected via USB. By exploiting a lack of encryption between the drone and its controller module known as a “telemetry box,” any hacker who’s able to reverse engineer the drone’s flight software can impersonate that controller to send navigation commands, meanwhile blocking all commands from the drone’s legitimate operator.

I’m just going to take this opportunity to remind people that these things exist, and leave it at that.

Personally, I’m just glad people like Nils Rodday and Comex aka Nicholas Allegra are at worst chaotic good, working for the betterment of us all through nefarious means, rather than a full on evil geniuses.

There are, however, lots of evil people on the internet and many of these people want to do you great harm, or at least, have no concern for your well being as they attempt to make a better life for themselves. Whether it is because of a lone wolf cyber idealist like Comex; a community of hackers with motivations ranging from patriotism, sexism, anarchism, or just for the lulz; corporate hackers out to steal your money; or national hackers out to bring down the power grid, the internet is growing a more dangerous place, and Wall Street knows it.

HACK, the exchange-traded fund bundling 30 cyber security companies, has seen quite a year for just these reasons. Last year, following a spree of high profile hacks across several industries, the fund skyrocketed, increasing in value nearly 30% in only six months to over a $1 billion market cap. [4] Since June, the value in the fund has receded, along with the entire sector. Since the downturn, however, these security companies are coming together, literally, to shake up the security industry again. In the last quarter, niche security companies that weren’t able to compete on their own, are merging together and with much larger firms to solve problems some thought we wouldn’t have cracked for another decade, along with others, no one predicted.

Last year, there were 133 security M&A deals, up from 105 in 2014, according to 451 Research’s February report on the tech outlook for 2016.  Its recent survey of investment bankers showed that security is expected to have the most M&A activity this year, surpassing mobile technology for the first time in six years.

What this means is that many of today’s fears and concerns for tomorrow are getting a lot of attention, and new methods to solve them are gathering steam and energy to attempt the mitigate the flood of invasions expected in the next two decades. One of the biggest leaders in this is a company you know well. Microsoft is shoring up their defense against cyberattacks by purchasing many of these fledgling firms into their corporate umbrella, creating several new layers between its customers (along with itself) and would be hackers.  [5] The majority of the new additions came from startups that didn’t really have a place in the industry, solving problems too specific to truly go it on their own, but filled with good ideas and brilliant people. Microsoft’s recent acquisitions have been intended to add new capabilities, as well as new minds to the brain pool of Seattle. The hope is that, as these new units are integrated, the company will be capable of creating value and new technologies that will keep Microsoft and its users secure for at least the span of this question.

So here’s the real question: What exactly is it that Microsoft is so afraid of? Throughout this answer, I’ll attempt to explain some the risks that have the world’s largest tech firms, and even the world’s largest nations, preparing for a battle that we all need them to win. We will start off small with things that can only ruin your life, and then work up to the stuff that can legitimately break the world.