CIA secretly owned world's top encryption supplier, read enemy and ally messages for decades

For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret. That company was secretly run by the CIA, which had the ability to read all those communications for decades. Read the rest

The FBI doesn't need Apple to give it a backdoor to encryption, because it already has all the access it needs

Once again, the FBI is putting pressure on Apple to help them break into the phone of a mass shooter. And once again, Apple has been largely resistant to the effort. Which is good, because a government having control over a private company that gives them secret backdoor access into people's personal technology devices is an authoritarian wet dream waiting to happen.

It also doesn't matter anyway because — as Reuters pointed out this week — Apple already buckled under FBI pressure a few years and cancelled their plans to add end-to-end encryption to all iPhone backups in iCloud:

The company said it turned over at least some data for 90% of the requests it received [from the FBI]. It turns over data more often in response to secret U.S. intelligence court directives, which sought content from more than 18,000 accounts in the first half of 2019, the most recently reported six-month period.

But what if the FBI wants access to someone's locked iPhone, and they haven't backed it up to iCloud? They still don't need Apple's help, because — as with the San Bernardino shooting — there are plenty of third-party companies that can and will gladly solve the problem in exchange for money.

From OneZero:

Over the past three months, OneZero sent Freedom of Information Act (FOIA) requests to over 50 major police departments, sheriffs, and prosecutors around the country asking for information about their use of phone-cracking technology. Hundreds of documents from these agencies reveal that law enforcement in at least 11 states spent over $4 million in the last decade on devices and software designed to get around passwords and access information stored on phones.

Read the rest

Woman discovers 'secret' coded message in John Milton poem 'Paradise Lost'

A young Massachusetts woman who recently graduated from Tufts University is convinced that she has found a 'secret' encoded message in “Paradise Lost,” the poem by John Milton. Read the rest

Attorney General William Barr wants to backdoor Facebook's WhatsApp

"We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety."

You have the right to remain encrypted

“You have the right to remain silent.” We’ve heard the Miranda warning countless times on TV, but what good is the right to remain silent if our own cellphones testify against us? Imagine every incriminating and embarrassing secret our devices hold in the hands of prosecutors, simply because you’ve been accused of a minor crime. This is the brave new world that Attorney General Bill Barr advocated when he recently addressed the International Conference on Cyber Security and called for an end to encryption as we know it. Read the rest

EFF publishes an indispensable, plain-language guide to "cell-site simulators": the surveillance devices that track you via your phone

In 2012, the Wall Street Journal first reported on a mysterious cellphone surveillance tool being used by law-enforcement; years later, we learned that the origin of this report was an obsessive jailhouse lawyer who didn't believe that the cops had caught him the way they said they had. Read the rest

Mongodb's plan to limit breaches: "Field Level Encryption"

Many large-scale data-breaches involve attackers gaining access to administrators' database logins; from there, they can clone the whole database and plunder it at will; but leading nosql database vendor Mongodb proposes to add another layer of security it's calling "Field Level Encryption" which encrypts the data in database fields with its own key -- possibly a different key for every user or every field. That means that attackers will have to compromise a lot of cryptographic keys as well as breaking into a server. Read the rest

Australia may have just backdoored your mobile phone

A really bad new law in Australia gives police the right to force companies like Apple to 'backdoor', or create encryption circumvention alternatives, in all their products. The issue has been controversial in the U.S. for a long time, and spiked in 2016 after the mass shooting in San Bernardino. Read the rest

Amazon doesn't like how Signal circumvents censorship

Signal is an encrypted messaging app for smartphones and desktops that I and a lot of other folks use on a daily basis to communicate with discretion and security. I like it so much that I've moved away from using other services on my iOS and Android phones to using Signal for all of the texting I do, even with those who don't use the app. Unfortunately, according to The Verge, the Signal team is having a difficult time trying to provide its services to users in the UAE, Egypt and Oman, where the app has been banned by the government. Considering the fact that these states aren't known for treating political dissidents and minorities none too well, that's a big deal. For some people, encrypted comms are essential to avoiding incarceration or worse.

The crux of Signal's issues with providing services to users in these countries is that Amazon, whose CloudFront web services Signal's parent company, Open Whisper System, uses, has banned domain-fronting. Domain-fronting, put simply, is a technique for making traffic from one site look like it's from another site. In an email received by Open Whisper System's founder, Moxie Marlinspike (best damn name in the business,) the General Manager of Amazon CloudFront called Open Whisper Systems' domain-fronting out, telling Marlinspike that Amazon would love to have their business, but not his company refuses to comply with their no domain-fronting policies.

From the email:

When access to Signal was originally censored in Egypt, Oman, Qatar, and UAE, we responded by through Google App Engine.

Read the rest

Using structured encryption to search protected photos in the cloud

In a recent presentation at the Real World Crypto symposium, researchers affiliated with Brown University and a startup called Pixek presented their work developing an app that encrypts photos at the moment they're taken and uploads them in encrypted form to a cloud server, in such a way that the keys remain on the user's device, meaning the service provider can't view the photos. Read the rest

Real people don't (just) need encryption

Earlier this month, UK Home Secretary Amber Rudd idiotically insisted that "real people" don't need encrypted messaging apps; but as foolish a statement as that was, there was a kernel of truth to it. Read the rest

Tales from the ransomware "support line"

An article at News From the Lab (pdf) has 30 pages of copy from the support chat of a ransomware app: desperate pleas from victims for their files back, or, failing that, discounts on the unlock fee. [via]

Read the rest

Brazil judge orders WhatsApp blocked for 72 hours, affecting 100 million people

A state judge in the Brazilian state of Sergipe has ordered all mobile phone operators in the country to block Facebook-owned WhatsApp for 72 hours, nationwide. Those five telecom providers put the ban into effect today, and it affects about 100 million people. In Brazil, WhatsApp is the most popular messaging app. Read the rest

Turns out the U.S. military really is dropping “cyber bombs” on ISIS

There's been an awful lot of talk about “cyber pathogens” and “cyber bombs” lately from the mouths of American officials discussing terrorism, and how we will vanquish it. President Obama mentioned “cyber ops” against Islamic State terrorists in one recent address. Today, we know a little more about what was behind last week's cyber-hawkish hacking headlines. Read the rest

Security flaws found in 3 state health insurance websites

Federal investigators have discovered major security vulnerabilities in the state health insurance websites for California, Kentucky and Vermont that could allow criminals to access sensitive personal data for hundreds of thousands of people. Read the rest

Justice Department to drop 'FBI vs. Apple' case, because they've unlocked the iPhone

The #FBIvsApple legal case may be over, but the fight over security, privacy, and the right to live free of surveillance has just begun. The Justice Department is expected to drop its legal action against Apple, possibly as soon as today, because an 'outside method' to bypass security on the San Bernardino gunman's iPhone has proven successful, a federal law enforcement official said Monday. Read the rest

FBI may not need Apple's help with that iPhone after all, nevermind, maybe

In a surprising turn of events, the U.S. government on Monday paused its battle with Apple over an iPhone, and what may be its greater goal of mandating “backdoors” in consumer encryption. On Monday afternoon, the Justice Department told a judge it needs a couple weeks to try 'new' ways of accessing whatever may be on the device, without Apple's help--and with an assist from unnamed experts from outside the agency. Read the rest

More posts