Wednesday, November 24, 2021

A massive police operation proves, yet again, that NO electronic communication is secure

 

I'm cynically amused by those who believe that an allegedly "secure" or "private" electronic communications facility - an encrypted cellphone, an e-mail service like Protonmail, a commercial encryption program, or whatever - will preserve their electronic privacy.  That's a pipe-dream.  Today, anyone - not just police or governments, but private citizens too - can buy software to penetrate just about any "secure" electronic communications you can imagine.

That's just been demonstrated in a major international police operation.  Note how "tame" hackers assisted their efforts.


The gangsters plotting to assassinate a judge thought they were leaving nothing to chance. But cops hundreds of miles away were on to them thanks to a stakeout with a modern twist.

Using supposedly impregnable encrypted phones, the Serbian hit men discussed earlier this year how wind direction and distance could affect the sniper’s bullet and planned their getaway. Unbeknown to them, their messages were also flashing up on the computer screens of a secret police team in Belgium that had hacked into the messenger service, called Sky ECC. The Belgians warned police in Serbia, who whisked the judge to safety.

The infiltration was a signature success in efforts by authorities across the world to counter encrypted communications—a powerful new tool for criminal gangs to hide their identities and hatch plans in secret.

. . .

Law-enforcement officials say infiltrating Sky was the largest of several recent strikes against encrypted platforms. Authorities gathered roughly one billion messages from tens of thousands of Sky-enabled devices world-wide, which could feed investigations for years. Belgium has detained more than 500 suspects and seized 88 metric tons of cocaine, already exceeding last year’s record haul.

“Sky was monstrous,” said Scott A. Albrecht, who served as the DEA’s attaché in Belgium until July. “It was so global and such a volume of messages.”

. . .

Sky, through its website and a network of resellers, offered Apple, Google and BlackBerry handsets loaded with sophisticated encryption software and with their GPS, cameras and microphones disabled. Messages were automatically deleted after 48 hours if the contact wasn’t reachable, and devices could be wiped remotely. Sky billed the platform as impenetrable and offered a prize of up to $5 million to anyone who could hack it.

. . .

Authorities tracked a Sky server to northern France and worked with officials there to gain access. At first, they could only see the metadata, including the nicknames of users and the names of group chats, but not the messages. Then, an international team of hackers from as far afield as Australia found a way to decrypt roughly half of the three million daily messages.

. . .

The messages and photos pinging across the world astounded even experienced investigators. Users, confident in the platform’s impregnability, shared pictures of corpses, severed heads and other body parts, as well as bricks of cocaine and stacks of cash. One user sent a photograph to demonstrate he had carried out an order to torture a victim. When one enforcer in a Western European country couldn’t find the man he was supposed to pummel, he received new instructions: “Here are pictures of the wife. You can break her legs” ... “Normally in an investigation, you have to dig a lot to find a small piece of gold,” said Belgian Federal Prosecutor Frédéric Van Leeuw. “Here, we had an open gold mine.”


There's more at the link.

Similar reports have been received from around the world in recent years.  If police forces can achieve such success, you'd better believe that the criminal world, and those who have good enough reason to want to penetrate personal Internet and communications security (including private detectives), can do the same.

That applies particularly to those opposed to the Biden administration's ideology, policies and actions.  They may think they can discuss countermeasures privately, but I guaran-damn-tee them that their communications are open to any scrutiny anyone in authority cares to apply.

Before and during World War II, the communications services of the German Wehrmacht (military) had a saying:  "Alle funkverkehr ist Landesverrat".  It translates as "All radio traffic is high treason".  They were right, because even if not decoded or decrypted, message traffic always reveals something of interest to the enemy.  It might be the frequency or volume of messages;  the radio frequency(ies) used to transmit and/or receive them;  the personal Morse code "signature" of an operator;  pattern analysis of traffic;  the whereabouts of transmitters, often revealing the existence of a unit or regional headquarters, or that it's moved to a new location;  and so on.  Thanks to the experts at Bletchley Park, Britain also had access to a great many coded messages that the Germans blithely assumed were completely secure.  Only many years after the war was it revealed that their signals had been penetrated to so vast an extent.

The same thing can be said today about any communication about any sensitive issue.  Unless conveyed by "sneakernet", using entirely trustworthy methods of transmission, the message is not secure - and even then, if a package is intercepted or a messenger is interrogated, all bets are off.  When cellphones can be triggered remotely, and download apps without your knowledge or permission, and Trojan horses or viruses such as Stuxnet can be used to infect your computer, there is no such thing as electronic privacy any more.

In this day and age, you might want to keep that firmly in mind.

Peter


5 comments:

Unknown said...

A related investigation from not to long ago.

https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring-surveillance-sting-in-history

Aesop said...

Everyone on the 'net lives in the PRC.

They just haven't been sent that memo yet.

Rick T said...

The Wehrmacht knew it but Donitz was too in love with his wolfpack tactics and micromanaging the fleet so the Kreigsmarine ignored that wisdom.

Nphyxx said...

"I'm cynically amused by those who believe that an allegedly "secure" or "private" electronic communications facility - an encrypted cellphone, an e-mail service like Protonmail, a commercial encryption program, or whatever - will preserve their electronic privacy. That's a pipe-dream."

This is off-base.

It's true that most commercially available encryption software is fake (either intentionally flawed or poorly implemented), but the technology itself is solid and reliable to a mathematical fact. No institution or agency anywhere in the world has demonstrated the capacity to decrypt an encrypted message without access to the encryption key. If they could do this, we would know it.

It is probably the case, if you're like most people, that _you_ don't know how to find reliable encryption tools or use them correctly.

You can learn this stuff though, if you want to put in the time. Or you can make an effort to include someone in your crew who does know it. _Not_ your slick shit "tech wiz" nephew who thinks he's a hacker. Rather, a qualified professional. Pro tip: many security researchers and penetration testers ("white hat hackers") have strong libertarian/conservative leanings. Some are also into prepping.

What you shouldn't do is give up on trying to protect your privacy. Closing your blinds isn't a surefire way to avoid peeping Toms, but it's better than walking around buck naked with the windows open every day. Locking your doors won't keep out a determined burglar, but it can slow them down or make them consider an easier target.

I won't go into a full on tech dissertation here or make any recommendations (besides which you shouldn't trust randos in comment sections on the internet). Just remember operational security is the absolute most important tool in your toolkit. It's more important than guns or numbers. If nobody you trust can provide it for you, you'd better find someone quick, or your whole plan is going to go up in smoke.

Ray - SoCal said...

Agree with nothing electronic being truly private.

It’s frustrating there is no hardwired audio switch in my phone I can use.

Plus the gps is always tracking me.

Of course cell phone towers also track me, and this data is sold to marketers and kept by AT&T for 3 years.

I question the Australian hacker that helped decrypt, probably the nsa or equivalent.

Interesting how they used cell phone towers location plus local cameras to ID Users.