US Officials Urge Americans to Use Encrypted Apps Amid Unprecedented Cyberattack (nbcnews.com) 58
An anonymous reader shared this report from NBC News:
Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers...
In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China's intercepting their communications. "Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," Greene said. The FBI official said, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for email, social media and collaboration tool accounts...
The FBI and other federal law enforcement agencies have a complicated relationship with encryption technology, historically advocating against full end-to-end encryption that does not allow law enforcement access to digital material even with warrants. But the FBI has also supported forms of encryption that do allow some law enforcement access in certain circumstances.
Officials said the breach seems to include some live calls of specfic targets and also call records (showing numbers called and when). "The hackers focused on records around the Washington, D.C., area, and the FBI does not plan to alert people whose phone metadata was accessed."
"The scope of the telecom compromise is so significant, Greene said, that it was 'impossible" for the agencies "to predict a time frame on when we'll have full eviction.'"
In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China's intercepting their communications. "Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," Greene said. The FBI official said, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for email, social media and collaboration tool accounts...
The FBI and other federal law enforcement agencies have a complicated relationship with encryption technology, historically advocating against full end-to-end encryption that does not allow law enforcement access to digital material even with warrants. But the FBI has also supported forms of encryption that do allow some law enforcement access in certain circumstances.
Officials said the breach seems to include some live calls of specfic targets and also call records (showing numbers called and when). "The hackers focused on records around the Washington, D.C., area, and the FBI does not plan to alert people whose phone metadata was accessed."
"The scope of the telecom compromise is so significant, Greene said, that it was 'impossible" for the agencies "to predict a time frame on when we'll have full eviction.'"
Morons (Score:5, Insightful)
Experts have told you for frigging _decades_ that a backdoor or weakened encryption or any other form of "lawful" interception _will_ be used by criminal attackers and spies. Did you listen? No. This is 100% on you that you wanted those backdoors and you have no excuses.
Re:Morons (Score:5, Interesting)
It's worse than that. They listened and they knowingly chose their priorities. They directly lied about this and tried to undermine and damage the credibility of those experts. They took Phil Zimmerman to court over this type of thing [wikipedia.org]. This is something that NIST, which is a government agency, explicitly warned against and attempted to avoid and then was forced into accepting in their security standards. This is something that legislators have brought up every time that people have attempted to force through legislation limiting access to cryptography. This is something that has been repeatedly discussed when talking about government handling of unpublished exploits. Many of these people, primarily in the NSA and in GCHQ are the experts. Some of the stood up, said what had to happen and were rejected. Many of them knew and consented to things which they were fully aware were building up security risks for us in future. Of course, some of this discussion took place in private, and for sure individuals shouldn't be judged without us getting into details of what they said to who and what pressure they were under, but when we see the private data that we know China has been capturing and the uses it can be put to, we know already that our security establishment has failed to do it's job.
Re: (Score:3)
Indeed. So desperately desiring to spy on the very people they are tasked to protect, that they willingly and knowingly weakened protections against other spies massively. I call that treason.
Re: Morons (Score:2)
The Clipper Chip.
Re: (Score:2)
This is by design. The back door was put in place FOR THIS.
Are there any "encrypted" apps? (Score:3)
Please provide some examples so that all may benefit...
Don't trust Whatsapp (Score:3, Interesting)
Please provide some examples so that all may benefit...
By hacking Whatsapp [cnn.com], Saudi Arabia's Crown Prince Mohammad Bone Saw (MBS) was able to chop Jamal Koshoggi into little tiny pieces.
Re: Don't trust Whatsapp (Score:4, Funny)
I think the word you were looking for was hack, not chop.
Re: Don't trust Whatsapp (Score:4, Insightful)
First you hack, then you whack
First you chop, then you mop.
Business as usual for the nation which murders the second-most journalists in the world on the regular.
Now gee, who's #1 at that?
Re: (Score:2)
Why leave people in suspense?
I know the answer. You know the answer. But if I just say the answer then I get modbombed. If people wonder what the answer is, then they google it and find out without me having to say it.
Re:Don't trust Whatsapp (Score:5, Informative)
Nice link, and one that shows WhatsApp wasn't hacked. The end device in question was. The encrypted status of the messaging service has nothing to do with what is going on in your story, other than they may not have needed to compromise the device if he used a plain text chat instead.
Re: (Score:2)
CIA should take care of their agents better.
Why even get a marriage license? That's so authoritarian.
Re: (Score:2)
Pretty much only Signal. They simply outright never bother to gather a bunch of different info, let alone store it. There's not much to even steal from hacking Signal.
Re: (Score:3)
Re: (Score:2)
Yes and no. It mostly cooperates if the US or EU can show actual hard evidence that would stand up in court. But the US, UK, and EU intelligence services rarely want to provide that much detail into their operational modalities except in extreme cases.
Re:Are there any "encrypted" apps? (Score:5, Informative)
Please provide some examples so that all may benefit...
With Threats to Encryption Looming, Signal's Meredith Whittaker Says 'We're Not Changing' [wired.com]
Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It's Out to Prove Surveillance Capitalism Wrong [wired.com]
Re: Are there any "encrypted" apps? (Score:1)
There are none, sorry.
Re: (Score:3)
https://jami.net/ [jami.net] seems like a good option for end-to-end encrypted messaging. Fully free and open source. Strong (and well tested) cryptography and cryptographic libraries. Available on all the major platforms. Uses a peer-to-peer connection so there is no central servers and you never have to give anyone personal information (no need to share your phone number unlike Signal).
I have no connection to the project other than thinking its a great piece of software and that the people who point to things like S
The world is ending (Score:3)
In other news, the devil is enjoying Christmas by having his first snowball-fight.
Re: (Score:1)
Officials who pushed for the weakened security? (Score:5, Insightful)
Re: (Score:2)
They don't face any direct consequences for their actions so they will continue to demand impossible and contradictory outcomes.
"Impossible" (Score:3)
The criminals in Europe along with the group behind Encrochat, SkyECC, and as of this week Matrix https://www.dutchnews.nl/2024/... [dutchnews.nl] would take issue with that. ;-)
Re: "Impossible" (Score:3, Informative)
If enough people like me (Score:1)
Re:If enough people like me (Score:4, Insightful)
The same rule that gets porn on the internet, is also used by government. (And in some cases both sides are invoked by government. Nothing like some planted CP to blackmail dissonant voices.)
Re: (Score:3)
Time to bring out the old Cardinal Richelieu quote:
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him".
Re: If enough people like me (Score:2)
Contradictory (Score:1)
Re: (Score:3)
I thought US officials want access to our messages? This seems contradictory to past messaging from officials.
Assume your devices are back doored. You are not permitted to know what code is running on your baseband processor.
Re: (Score:2)
My take on privacy is that 99% of the problem is that Joe Average uses apps like Whatsapp, then when they hear that it's compromised, they move to another app that's got the same problems. Like Joe Conspiracy who moved to Discord, because FOR SURE you can trust that other app... ie. people move from one compromised app to another. Same
Re: (Score:2)
so, if your baseband processor is compromised... in your opinion, how does that impact the security/privacy of full disk encryption or over the wire encryption like wireguard?
It means that they could be inspecting the information when it is in memory before/after it is decrypted.
Re: (Score:2)
so, if your baseband processor is compromised... in your opinion, how does that impact the security/privacy of full disk encryption or over the wire encryption like wireguard?
It means that they could be inspecting the information when it is in memory before/after it is decrypted.
It is still a lot of work to stealthily exfiltrate that data on a large scale such that it is hidden from traffic analysis.
Re: (Score:2)
It is still a lot of work to stealthily exfiltrate that data on a large scale such that it is hidden from traffic analysis.
You've inspected the cellular traffic with your own stingray, then?
Re: (Score:2)
Re: (Score:2)
The government loves putting back doors in everything. Who do you trust? Any of these vendors?
Whatsappis crap.So is "going dark" (Score:4, Insightful)
The US "law enforement community" (read "crooked pieces of shit who want to abuse your rights)
regularly WHINE about "going dark."
There used to be the ability to detect crimd and work around it but today's LAZY COPS just want to
break into your cellphone. To prevent that from being oh so difficult they call encryption "going dark"
and they want Apple and Google to stop that bad stuff.
ENCRYPTION IS CRITICAL to keepin our data from the criminals. See OP.
FUCK the FBI's whining about going dark
FUCK LEOs who whine about "having to break encryption" because they can't do their fucking job.
GOOD JOB on Senator Ron Wyden who has pushed for useful encryption for decades.
GOOD JOB on Techdirt.com who has pushed for useful encryption for decades.
Sorry, What'sapp. You "use" the SIgnal protocol... badly. Die quickly.
And Signal, you could do better to educate. Take up the mantle, babes.
And all those data are probably for sale in China (Score:4, Interesting)
Good open source encrypted messenger (Score:4, Informative)
Re: (Score:2)
Re: (Score:3)
"They" can do all of those things without Signal. Signal E-to-E's the messages and metadata using well known cryptographic algorithms (see Kerchoff's Principal.) It does not secure the phone or anything else. A compromised phone could simply screenshot the Signal app. So the insecure part is the phone, not the Signal protocol.
I agree that it would be good to inspect the source (or build yourself) of the client you and your contacts use, but that's not a reasonable expectation for most, and hard on syste
Re: (Score:2)
I was not pleased to see there was considerable difference in the binaries of Conversations commercial version vs. whatever is on Github.. like 20mb vs 5mb binary file size... groan... more work.. i haven't
Re: (Score:2)
XMPP has the same problems that Signal or other E2E protocols have. (I like both Signal and XMPP in theory.) The problem isn't the protocol or the encryption, the problem is the device/OS itself. Even then, with enough resources any encryption can be cracked. You or I may not be able to come up with the money/electricity/computer to do it, but the NSA or CCP or similar probably can if motivated to do so.
Re: (Score:2)
Sorry.. I'm not the guy you asked :-)
This thread is good: https://www.reddit.com/r/signa... [reddit.com] ... ran into it after I wrote the following though, lol.
XMPP is just a protocol, and AFAIK it lacks end to end encryption as part of that specification. You can layer on end to end encryption via client support. I happened to have written one for Pidgin using a perl based plugin waaaaay back in the day, but I doubt it even works anymore. The "problems", if that's what they can be called, with doing it this way is tha
Re: Good open source encrypted messenger (Score:2)
Re:Good open source encrypted messenger (Score:4, Interesting)
If you don't trust Signal, try https://jami.net/ [jami.net]
Open source all the way, fully distributed and totally anonymous if you want (you never need to give your phone number to anyone, unlike Signal) and not in it to make money
I have no connection to them, I just think they are a great project that deserves more exposure.
Only one sure way to be secure (Score:2)
Monty Python's sacking quote applies here (Score:3)
We apologise for the fault in the subtitles. Those responsible have been sacked.
.
.
.
We apologise again for the fault in the subtitles. Those responsible for sacking the people who have just been sacked have been sacked.
.
.
.
The directors of the firm hired to continue the credits after the other people had been sacked, wish it to be known that they have just been sacked. The credits have been completed in an entirely different style at great expense and at the last minute.
Replace subtitles with "security of the law enforcement access interface" and you get the drift.
Still good for (Score:2)
It's just an expensive flashlight with cheap games. I mostly talk to my friends in gibberish via MMS with no encryption.
The majority of the data moving through my phone is scams that I see, but ignore. Encryption isn't going to make phones less of a nuisance.
Changed their tune (Score:1)