Tag Archives: encryption

5 Myths Regarding the Paris Terror Attacks

As usual, the politicos and talking heads are all talking their own book, using the Paris terror attacks to push their own agendas.

As shown below, they’re spouting nonsense.

Mass Surveillance Won’t Help

https://s3-eu5.ixquick.com/cgi-bin/serveimage?url=http%3A%2F%2Fmedia-cache-ec0.pinimg.com%2F736x%2Fef%2Fb7%2F33%2Fefb73373d254b9271cbcdf43756d9b27.jpg&sp=3690435b194768bf72e0637128ae858c

The NSA and other spy agencies are pretending that the Paris attacks show that we need more mass surveillance.

But the New York Times correctly points out in a scathing editorial that mass surveillance won’t help to prevent terrorism:

As one French counter terrorism expert and former defense official said, this shows that “our intelligence is actually pretty good, but our ability to act on it is limited by the sheer numbers.” In other words, the problem in this case was not a lack of data, but a failure to act on information authorities already had.

In fact, indiscriminate bulk data sweeps have not been useful. In the more than two years since the N.S.A.’s data collection programs became known to the public, the intelligence community has failed to show that the phone program has thwarted a terrorist attack. Yet for years intelligence officials and members of Congress repeatedly misled the public by claiming that it was effective.

In reality, top security experts agree that mass surveillance makes us MORE vulnerable to terrorists.

Indeed, even the NSA has previously admitted that it’s collecting too MUCH information to stop terror attacks.

Encryption Isn’t What Made Us Vulnerable

The spy agencies are also pretending that encryption made it impossible to stop the attacks.

But the Washington Post reports:

Several French outlets reported last night that a smartphone recovered near one of the massacre sites was not encrypted at all.

***

Hours after the attacks in Paris, Forbes quickly pointed to remarks by a Belgian official who said that Islamic State militants use the PlayStation 4’s chat functions as a way to communicate securely. The article also mentioned that a Sony PlayStation 4 was recovered in a police raid connected to the Paris investigation.

That report was later undermined by the real facts — that no PlayStation 4 had been collected and that the Belgian official had been talking about the use of PlayStation technology generally by terrorism suspects.

But it was too late. Reports spread across the news industry tying the PlayStation to the attacks (there is a second wave of stories sweeping the Internet trying to undo the damage).

Tech Dirt notes:

Most of the communications between the attackers was conducted via unencrypted vanilla SMS:

“…News emerging from Paris — as well as evidence from a Belgian ISIS raid in January — suggests that the ISIS terror networks involved were communicating in the clear, and that the data on their smartphones was not encrypted.

European media outlets are reporting that the location of a raid conducted on a suspected safe house Wednesday morning was extracted from a cellphone, apparently belonging to one of the attackers, found in the trash outside the Bataclan concert hall massacre. Le Monde reported that investigators were able to access the data on the phone, including a detailed map of the concert hall and an SMS messaging saying “we’re off; we’re starting.” Police were also able to trace the phone’s movements.

The reports note that Abdelhamid Abaaoud, the “mastermind” of both the Paris attacks and a thwarted Belgium attack ten months ago, failed to use any encryption whatsoever (read: existing capabilities stopped the Belgium attacks and could have stopped the Paris attacks, but didn’t). That’s of course not to say bat shit religious cults like ISIS don’t use encryption, and won’t do so going forward. Everybody uses encryption. But the point remains that to use a tragedy to vilify encryption, push for surveillance expansion, and pass backdoor laws that will make everybody less safe — is nearly as gruesome as the attacks themselves.

7 of the 8 Terrorists Were Known to U.S. or French Intelligence Agencies

Just as with 9/11, the Boston marathon bombings, and other recent attacks, governments are pretending “it wasn’t foreseeable”.

But CBS reports that law enforcement sources say that 7 of the 8 terrorists were known in advance to U.S. or French intelligence services.

The New York Times confirms:

Most of the men who carried out the Paris attacks were already on the radar of intelligence officials in France and Belgium, where several of the attackers lived only hundreds of yards from the main police station, in a neighborhood known as a haven for extremists.

Escalating War Against ISIS Is Not the Only Option

I’m all for killing members of ISIS.

But given that the U.S. and its close allies – Saudi Arabia, Turkey, Qatar and Bahrain – are massively supporting ISIS, stopping the arming, feeding and logistical support is even more important if we want to stop these crazies.


None
of the Terrorists Were Syrian

None of the Paris terrorists were Syrian. All of them were European nationals.

The German Interior Minister suggests that the Syrian passport found at the scene of the terror attacks was a “false flag” by ISIS meant to force countries to seal their borders against further refugees.

Why would they do this? Numerous security experts suggest that refugees fleeing ISIS’ “Caliphate” is a PR disaster for ISIS. After all, happy fundamentalist Muslims wouldn’t flee utopia, would they?

But we do take the risk of infiltration of refugee groups by terrorists very seriously. Indeed, the Telegraph reports today:

The mastermind of the Paris attacks was able to slip into Europe among Syrian migrants, it emerged last night, as police on the continent admitted they are unable to monitor thousands of suspected jihadists.

***

It has emerged that Abaaoud, and at least two of the Paris terrorists took the migrant route via Greece, intensifying fears that terrorists are able easily to exploit the refugee crisis to get to Europe.

Specifically, many of the Paris terrorists were European nationals who went to fight for ISIS in Syria, and then they slipped in with the refugees coming from Syria to get back into Europe.

So those saying that the civilians fleeing war and mayhem in Syria are all terrorists are wrong … but so are those saying that the massive refugee flow poses no danger.

by George Washington in Zero Hedge

Advertisements

Bush Campaigns For Broader Government Surveillance Of Americans

Republican presidential candidate Jeb Bush on Wednesday said he favors broader government surveillance of Americans, calling for private tech firms to cooperate better with federal agencies to “make sure that evildoers aren’t in our midst.” 
“There’s a place to find common ground between personal civil liberties and [the National Security Agency] doing its job,” the former Florida governor said. “I think the balance has actually gone the wrong way.”

At a national security forum in South Carolina on Tuesday, the presidential hopeful addressed the enforcement officials should have guaranteed access to encrypted customer data at major tech firms.

Bush said encryption “makes it harder for the American government to do its job” and called for “a new arrangement with Silicon Valley” to address what he termed as a “dangerous situation.”
 
Prominent tech CEOs — such as Apple’s Tim Cook — have argued for strong, universal encryption, in which even the company can’t see customers’ communications. Security experts support such calls, arguing that a guaranteed “back door” weakens worldwide encryption and compromises privacy. 
 
A few other Republican candidates have staked out early positions on cyber security. 
 
Former Hewlett-Packard CEO Carly Fiorina also called for “more collaboration … between private sector companies and the public sector” during Fox News’s undercard Republican presidential debate earlier this month. 
 
On Monday, Ohio Gov. John Kasich took a more tech-friendly stance, calling for a “safe place” for private-sector tech experts to contribute to national cyber security efforts.
 
“They want to be patriots,” Kasich said. “Sometimes they need a Sacagawea to guide them through the system.”

How To Keep NSA Computers From Turning Your Phone Conversations Into Searchable Text

Featured photo - How To Keep NSA Computers From Turning Your Phone Conversations Into Searchable Text

by The Intercept

As soon as my article about how NSA computers can now turn phone conversations into searchable text came out on Tuesday, people started asking me: What should I do if I don’t want them doing that to mine?

The solution, as it is to so many other outrageously invasive U.S. government tactics exposed by NSA whistle blower Edward Snowden, is, of course, Congressional legislation.

I kid, I kid.

No, the real solution is end-to-end encryption, preferably of the unbreakable kind.

And as luck would have it, you can have exactly that on your mobile phone, for the price of zero dollars and zero cents.

The Intercept’s Micah Lee wrote about this in March, in an article titled: “You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone.”

(Signal is for iPhone and iPads, and encrypts both voice and texts; RedPhone is the Android version of the voice product; TextSecure is the Android version of the text product.)

As Lee explains, the open source software group known as Open Whisper Systems, which makes all three, is gaining a reputation for combining trustworthy encryption with ease of use and mobile convenience.

Nobody – not your mobile provider, your ISP or the phone manufacturer — can promise you that your phone conversations won’t be intercepted in transit. That leaves end-to-end encryption – using a trustworthy app whose makers themselves literally cannot break the encryption — your best play.

As Lee writes:

Signal’s code is open source, meaning it can be inspected by experts, and the app also supports forward secrecy, so if an attacker steals your encryption key, they cannot go back and decrypt messages they may have collected in the past.

Using Signal and Red Phone means your voice conversations are always full scrambled. As Lee wrote:

Other apps with encryption tend to enter insecure modes at unpredictable times — unpredictable for many users, at least. Apple’s iMessage, for example, employs strong encryption, but only when communicating between two Apple devices and only when there is a proper data connection. Otherwise, iMessage falls back on insecure SMS messaging. iMessage also lacks forward secrecy and inspectable source code.

Signal also offers the ability for power users to verify the identity of the people they’re talking to, confirming that the encryption isn’t under attack. With iMessage, you just have to take Apple’s word for it.

The big announcements by Apple and Google last fall were about encrypting data on users’ phones, not the calls made by those phones.

Although regular phone calls on the iPhone are not encrypted, Apple’s extremely popular FaceTime service is encrypted by default, as is iMessage. So when you’re using those services (with another Apple user) your conversations are encrypted whether you knew it or not.

There are of course some caveats, as Lee writes:

It’s important to keep in mind that no technology is 100 percent secure, and an encrypted messaging app can only be as secure as the device you install it on. Intelligence agencies and other hackers can still exploit security bugs that have not been fixed, known as zero day exploits, to take over smartphones and bypass the encryption that privacy apps employ. But apps like Signal go a long way to making mass surveillance of billions of innocent people infeasible.

 Photo illustration by Dan Froomkin and Connie Yu.