Google
 

Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 25th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2019 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk



Please visit the sponsor!
Please visit the sponsor!

The weakest link?

3 July 2020

How ironic is it that just days after I published a column in which I suggested that where data security is involved we should trust nobody, that a huge crime ring is busted for just that reason.

Reports abound in the media about a major crack-down on drug rings and organised crime that was made possible thanks to the interception of communications that were supposed to be secure.

According to those reports, over 800 people were arrested in a pan-European operation after their conversations on EncroChat were intercepted and recorded. The chat service allegedly offered secure communications, for a hefty subscription, via specially customised phones.

Despite the raft of supposedly secure features such as self-deleting messages and hard encryption of data, authorities apparently managed to gain access to the raw data by simply installing a monitor (called "a technical device" in the reports) on one of the servers, which was located in France.

Was it really that simple?

Who designed a supposedly "secure" system where the data was available in plaintext at anywhere along the path from sender to recipient?

If I was one of those who'd been flogging this "secure" service to some of the crime-world's biggest and most powerful players, I'd be pretty worried about my own future right now. I'm pretty sure they're not going to be at all happy that their empires have been dealt such a huge blow because some idiot decided that the messages should appear as plaintext on the servers -- assuming that is the case.

I say "assuming that is the case" because I think it's reasonable to say that the authorities may not be telling the whole truth here. If one of the group turned informer and grassed up the rest by handing over his phone and keys I expect that this would not be a fact they'd want known to the rest of the bad-guys. It's almost certain that any deal done like this would have had to guarantee the anonymity and safety of the informant. For that reason we might be seeing a bit of "creative storytelling" on the part of the NCA.

Whatever the reality however, this case just goes to prove that you should never assume that *any* communications is totally secure, especially if you're engaged in activities that are somewhat (or very) nefarious.

I actually wonder if criminal gangs might be better off giving the Net a wide berth and perhaps focusing on more old-school technologies for their comms. I'm pretty sure that a suitably encrypted digital stream sent via "good old radioTM" might be a lot more secure than a complex network of servers and internet links. The RF spectrum is a *very* big place (even bigger than the Net) so an RF-based commes network that chose random times and random frequencies to conduct such transfers would be hard to spot.

You could even engage in a bit of steganography by embedding the encrypted bitstream in some other seemingly legit data transfer on the HAM bands. Maybe a moonbounce?

On reflection, perhaps a combination of methods... splitting the encrypted data stream up into parallel streams that were sent via different transport layers -- internet, radio, carrier pigeon, etc. Without access to all the component streams, any one intercepting the data would have nothing.

Of course that doesn't solve the problem of someone who is a legitimate member of the criminal gang turning "state's evidence" and grassing everyone else up by handing over all the gear they have and their personal keys.

So perhaps here's the best suggestion to the criminal underworld...

Stop being arses. Get a real job and contribute to society instead of exploiting it.

Oh, hang on... if all those who wre exploiting people did that we'd have no politicians.

Meh... maybe *that* would be a good thing too.

Please visit the sponsor!
Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column


Rank This Aardvark Page

 

Change Font

Sci-Tech headlines

 


Features:

The EZ Battery Reconditioning scam

Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam

 

Recent Columns

China watches the world
The eyes of the state are upon us...

Complex solutions to simple problems
Over 120 years ago, Nikola Tesla demonstrated that electrical energy can be transferred across open space without wires...

Goodbye Libraries?
As a kid growing up in the late 1950s and 1960s, I spent a huge portion of my life in the local town library...

Sigh... CAA... again!
As long-time readers will know, I've bumped heads with CAA on one or two occasions in the past...

Picking winners(??) again
The New Zealand government has an appalling record when it comes to picking winners in the sci-tech fields...

Need money? Just sue a tech giant
Tech giants like Google, Microsoft, Amazon et al are turning into a great souce of revenue for cash-strapped governments around the world...

Ransomware... is anyone safe?
Ransomware attacks seem to be increasing at an alarming rate...

Cloudbursts, a new IT problem?
Into every life a little rain must fall...

Scam-central online
Get your free lunches here! ...

On sale, ethics and morals
New Zealand has always pitched itself as a country where freedoms, rights and egalitarianism matter...

An accident waiting to happen?
The global positioning system (GPS) has become an invaluable tool in a wide range of personal, commercial, industrial and military applications...