Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#attack’

whatsapp-encryption-explained

WhatsApp’s privacy protections questioned after terror attack

March 27, 2017

Chat apps that promise to prevent your messages being accessed by strangers are under scrutiny again following last week’s terror attack in London.

On Sunday, the home secretary said the intelligence services must be able to access relevant information.
Her comments followed the discovery that Khalid Masood appeared to have used WhatsApp minutes before carrying out his killings.
There are doubts about whether that action was related to the atrocity.
BBC home affairs correspondent Danny Shaw has highlighted that the police had declared that they believed Masood had acted alone on the day, and would not have done so unless they had accessed and read messages stored on his phone.
Even so, the home secretary has summoned WhatsApp’s owner, Facebook, and other technology companies to a meeting on Thursday to discuss ways to ensure that security officers get the data they need in the future.

What has this got to do with encryption?
WhatsApp indicates Khalid Masood used WhatsApp a couple of minutes before his attack
Several chat apps have adopted a technique called end-to-end encryption.
This digitally scrambles their messages’ contents when it leaves a sender’s device, and then reassembles it on the recipient’s computer using a shared key.
The technology company running the service is not made privy to the key, so is unable to make sense of the conversation even though it passes through its computer servers.
Some apps, including WhatsApp, Apple’s iMessage, Signal and Threema, use end-to-end encryption by default.
Others, such as Telegram, Line and Google’s Allo, offer it as an option.
If end-to-end encryption is active, the technology company running the app is limited in what useful information it can remotely disclose.
But if a phone, tablet or PC is not passcode-protected – or if the authorities find a way to bypass the code – the physical device itself will provide access.
Does that mean the technology companies have made it impossible for themselves to help investigators?

Unscrambled data can be retrieved from iCloud back-ups. Not necessarily. When someone sends or reads a message, they generate what’s known as “metadata” – information about their interaction that is distinct from the chat’s contents. This can include: the time a message was written
the telephone number or other ID of the person it was sent to the physical locations of the sender and recipient at the time
WhatsApp has shared such details with law enforcement officers in the past and has said it has been co-operating with authorities over last week’s incident.
In addition, if Apple users subscribe to the company’s iCloud Backup service, the firm may be able to recover messages copied to its servers for safe-keeping and it has co-operated with investigators in the past.

What more does the government want? It is not exactly clear.
The Home Secretary, Amber Rudd, told the BBC that chat apps must not “provide a secret place” for terrorists to communicate, and that when a warrant had been issued, officers should be able to “get into situations like encrypted WhatsApp”.
On Sky News, she later added that she supported end-to-end encryption as a cybersecurity measure, but said it was “absurd to have a situation where you can have terrorists talking to each other on a formal platform… and it can’t be accessed”.
How this would work in practice is uncertain. WhatsApp, for example, does not store messages on its servers after they have been delivered.
So, even if there was a way to retrospectively unencrypt the chats, it is unclear how this would work without significant changes to its systems.
At one point, there had been speculation that the Investigatory Powers Act – which came into effect last year – might ban chat app’s use of end-to-end encryption outright.
Instead, it stated that technology companies could be compelled to “provide a technical capability” to remove “electronic protection” within their products – which has been interpreted by some to mean app-makers might be compelled to secretly create backdoors or other security weaknesses to let messages be unscrambled.
Why might technology companies resist?
Recent CIA leaks indicate it can be difficult to keep hacking tools a secret
Files leaked by rogue US National Security Agency (NSA) contractor Edward Snowden and Wikileaks suggest that even the most closely guarded hacking secrets can be revealed.
And even if the tech companies did not share the technical details of the backdoors with the authorities – instead limiting themselves to passing on unscrambled chats – the very fact vulnerabilities existed means someone else might sniff them out.
As a consequence, public trust in their software might be undermined.
“The encryption debate always rages after a terror incident, regardless of how effective backdoors would have been,” said security consultant Troy Hunt.
“Even if, say, the UK was to ban encryption or mandate weaknesses be built into WhatsApp and iMessage, those with nefarious intent would simply obtain encryption products from other sources.
“These responses are kneejerk reactions by those who have little understanding of the efficacy and implications of what they’re actually proposing.”
The TechUK lobby group said other hacking powers and a move to make internet providers keep a record of their customers’ internet habits – which were also outlined in the Investigatory Powers Act – meant counter-terrorism officers already had strong powers to tackle threats.
“From storing data on the cloud to online banking to identity verification, end-to-end encryption is essential for preventing data being accessed illegally in ways that can harm consumers, business and our national security,” said its deputy chief executive, Antony Walker.

Tags: , , ,

Main Entrance Of Modern Hospital Building With Signs

Hackers Split On ‘Ethics’ Of Ransomware Attacks On Hospitals

September 14, 2016

Ransomware might be lucrative for some cybercriminals, but there are those who condemn holding hospitals to ransom.

Ransomware attacks against hospitals represent a growing threat which is becoming increasingly lucrative for some cybercriminals — even while other hackers are openly condemning extortion attempts against healthcare providers.
A combination of hospitals’ reliance on equipment powered by older operating systems and their often very urgent need to access medical data means that some hackers have looked at the institutions as a potentially rich target.
That was demonstrated when a Los Angeles hospital paid a $17,000 Bitcoin ransom after a Locky infection took down its network. But that wasn’t a one-off attack: there’s been a surge in ransomware-based cyberattacks against hospital networks across the globe, but particularly in the US.
Cybersecurity researchers from Intel Security analysed ransomware code from attacks against hospitals made during the first quarter of the year and discovered numerous Bitcoin wallets used to transfer ransom payments — Bitcoin having become the preferred currency of the cybercriminal — which showed that the hackers behind these hospitals attacks had amassed $100,000 from ransoms alone.
Researchers have described the ransomware attack methods used by such attackers as “effective but not very sophisticated”. While they don’t specify which variants of ransomware are being used, the description could point to the culprits using something like Cerber, which has been seen being made available as a ransomware-as-a-service scheme for use by even the most technically-illiterate wannabe cybercriminal.
Researchers also suggest the hospital attacks weren’t carried out by the sort of “malicious actors we normally face in ransomware attacks or breaches”.
Indeed, they found evidence that suggests that cyberattacks against hospitals are being carried out by those viewed as renegades even within the cybercriminal fraternity, judged negatively for their decision to carry out attacks against those which provision healthcare. In the Russian underground in particular, there’s an ‘ethical’ code of conduct which places hospitals off-limits — even in countries usually targeted by Russian-speaking hackers.
In one forum, criminals discussed the ethics of attacking hospitals at length: “Yes, this is pretty sad and a new low. These ransom attacks are bad enough, but if someone were to die or be injured because of this it is just plain wrong,” one user said, while another labelled hospital attackers as “dumbest hackers ever”.
While hospitals currently only account for a small percentage of ransomware victims, it’s feared that as ransomware becomes an increasingly appealing method of attack for hackers, more and more of them will attack the healthcare sector.
“With cybersecurity threats including ransomware rising at such a rapid rate, organisations are having to come to terms with the fact that it’s fast becoming a question of ‘when’, not ‘if’, they suffer a breach,” says Raj Samani, CTO at EMEA Intel Security. “It’s crucial that the likes of healthcare pick up the pace with cybersecurity. Vulnerabilities in these sectors provide hackers with access to extremely personal, valuable and often irreplaceable data and IP.”
Despite a few high profile cases, Intel Security researchers found that, in most instances, hospitals that became victims of ransomware didn’t pay hackers a ransom. In these cases, it’s likely that organisations found another way to decrypt the files — or they simply deemed the encrypted files to not be important enough to pay to get back.
Cybersecurity researchers and the authorities have both warned about the increasing threat of ransomware to corporate and public sector networks.

Tags: , , , , , , , ,

ransomware

Ransomware Is So Hot Criminals Are Sabotaging Each Other’s Ransomware

August 1, 2016

Ransomware, the strain of malware which cryptographically locks a victim’s hard drive until they pay the author an electronic ransom, is super popular among cybercriminals right now. The strategy is so successful, in fact, that some ransomware-makers have apparently begun sabotaging each other’s ransomware to try and take out their competition.
Earlier this week, 3,500 keys for a ransomware known as “Chimera” leaked online, purportedly allowing anyone targeted by it to safely decrypt their ransomed files without having to pony up bitcoins. The decryption keys were apparently posted by the authors of a rival ransomware package called Petya and Mischa, who claimed they had hacked Chimera’s development system, pilfered the keys, and stolen parts of the code.
“Earlier this year we got access to big parts of their deveolpment [sic] system, and included parts of Chimera in our project,” the authors write in a post on Pastebin. “Additionally we now release about 3500 decryption keys from Chimera.”
Chimera is a particularly nasty strain of ransomware which not only locks a victim’s hard drive but threatens to leak their private files online if the ransom isn’t paid. It’s still not clear whether the supposedly-leaked keys will actually decrypt machines affected by the malware, however—the security firm MalwareBytes, which first noticed the leak, says that verifying all the keys will take some time.
In any case, Petya and Mischa’s authors seem to have timed the leak to promote their own ransomware, which is based on the stolen Chimera code and is now being offered as a service to any two-bit cybercriminal willing to shell out bitcoins for it.
The in-fighting seems to indicate another significant, albeit predictable shift in the criminal hacking economy. Previously, ransomware authors have expressed anger at a recent rash of fake ransomware, which display scary messages but don’t actually lock or unlock a victim’s hard drive when the ransom is paid; the thinking is that enough of this fake ransomware could cause people to stop believing they can get their files back when they’re hit with the real thing, endangering future profits.

Tags: , , , , , , ,

paris

Citing Paris Attack, CIA Director Criticizes Surveillance Reform Efforts

November 17, 2015

Citing Paris Attack, CIA Director Criticizes Surveillance Reform Efforts

CIA Director John Brennan said Monday he suspects the Islamic State is currently working on more terrorist plots against the West following Friday’s attack in Paris that killed at least 129 people and injured hundreds more. He also criticized new privacy protections enacted after Edward Snowden’s disclosures about U.S. government surveillance practices.

“I would anticipate that this is not the only operation ISIL has in the pipeline,” Brennan told a crowd at the Center for Strategic and International Studies. “It’s not going to content itself with violence inside of the Syrian and Iraqi borders.”

Brennan’s remarks come on the heels of a new Islamic State video released Monday proclaiming all countries playing a role in air strikes against the group in Iraq and Syria would be a target. The video specifically pinpointed Washington as in its crosshairs.

“We swear that we will strike America at its center in Washington,” says a man in the video, which surfaced on a site the Islamic State uses to post its messages. The authenticity of the video could not be immediately verified.

In his remarks, Brennan said the attacks should serve as a “wake-up call” for those misrepresenting what intelligence services do to protect innocent civilians. He cited “a number of unauthorized disclosures, and a lot of handwringing over the government’s role in the effort to try to uncover these terrorists.”

He added that “policy” and “legal” actions that have since been taken now “make our ability collectively, internationally, to find these terrorists much more challenging.” In June, President Barack Obama signed into law legislation reforming a government surveillance program that vacuumed up millions of Americans’ telephone records. Passage of the USA Freedom Act was the result of a compromise between privacy advocates and the intelligence community.

Brennan’s remarks immediately sparked criticisms from civil liberties advocates who have fought for greater privacy protections from government surveillance and now fear the Paris attacks could roll them back.

For months, FBI and other law enforcement officials have pressed Congress about needing to access encrypted communications of potential criminals or terrorists that are concealed by smartphones and messaging apps. Privacy advocates and technologists worry that providing authorities with exceptional access to phones would be exploited by hackers and make the Internet more vulnerable to security breaches. The advocates also believe U.S. spies already have intrusive surveillance capabilities that put too much power in the government’s hands.

In his speech, Brennan underscored the challenges facing intelligence services, given the numerous ways terrorists can hide their communications from law enforcement. “They have gone to school on what it is that they need to do to in order to keep their activities concealed from the authorities,” he said.

Brennan also said the United States had “strategic warning” about the terrorist attack in Paris, but did not provide details, other than to say it was “not a surprise.” He said he believed the attack was planned over “several months.”

During a press conference in Turkey, which is hosting the G-20 summit, Obama said “there were no specific mentions of this particular attack” the United States could have used before it was launched to prevent the violence.

Photo credit: Getty Images

Tags: , , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
private
Private Blockchains Could Be Compatible with EU Privacy Rules, Research Shows
November 12, 2018

Private blockchains, such as interbanking platforms set to share information on customers, could be...

Read more
apple
Apple launches privacy portal, initiatives
October 18, 2018

Apple (NASDAQ:AAPL) launches a new privacy website letting users find personal data the company has ...

Read more
private
Just Don’t Call It Privacy
September 23, 2018

What do you call it when employers use Facebook’s advertising platform to show certain job ads onl...

Read more
static2.politico.com
Privacy and security: no simple solution, warns Rachel Dixon
September 18, 2018

The tide is turning when it comes to privacy and security, with Australians gradually becoming more ...

Read more
emailtracking-ta
Are you privacy literate?
September 11, 2018

Online privacy is a new literacy that educators and students need to learn and practice. But what sh...

Read more