Tag: encryption

Louis XIV’s Great Cipher Baffled Codebreakers Until the 19th Century

In the clandestine corridors of 17th-century France, a remarkable cryptographic system known as the Great Cipher emerged, becoming the go-to code for the French monarch Louis XIV. The genius behind this ingenious cipher was Antoine and Bonaventure Rossignol, two brothers recognized for their exceptional skills in cryptography. Appointed as royal cryptologists by the ‘Sun King’, who ruled France from 1643 until 1715, the Rossignol brothers developed the Great Cipher to protect sensitive diplomatic and military communications from prying eyes.

The Rossignol brothers, who were appointed as royal cryptologists by Louis XIV in the 17th century, hailed from a family renowned for its exceptional skills in cryptography. The family first came to the attention of the royal family when a young mathematician named Rossignol managed to decipher a Huguenot cipher during the siege of Réalmont in 1626 leading to their surrender.

This brought him to the attention of the Louis XIII’s chief minister, Cardinal Richelieu, who recognized the value of cryptologists for diplomatic and intelligence purposes. On his deathbed, Louis XIII reportedly stated that Rossignol was “most necessary to the good of the state.”

Keep reading

NYPD faces backlash as it prepares to encrypt radio communications

The New York police department (NYPD) is facing serious backlash after announcing additional details about its plan to encrypt its radio communications system, which experts warn will limit transparency and accountability.

NYPD radio signals have been publicly accessible since 1932, allowing journalists and civilians to listen to police communications, Gothamist reported. The NYPD will now be encrypting its radio channels for the first time ever. Police radio encryption is already underway in several US cities, including Chicago and Denver.

Since starting in July, 10 precincts have already “gone dark”, or fully encrypted their radio systems. The entire “upgrade” to a new, encrypted radio system will be completed by December 2024 and cost an estimated $400m, a hefty price tag as several city agencies have been forced to swallow major budget cuts.

Critics of encryption say that the public radio channels are necessary for police accountability, press freedom and public safety.

Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project (Stop), a New York-based civil rights organization, called planned encryption a “disturbing attack on transparency and public oversight of the police”.

“Radio monitoring is one of the few ways that we can get an unfiltered look at how the NYPD is policing,” Cahn said.

Several police-involved killings have been uncovered by the press after listening to police radios, Cahn said. Video of an NYPD officer killing Eric Garner in 2014 was obtained due to a call on the police radio, Gothamist reported. The police killings of Amadou Diallo in 1999 and Sean Bell in 2006 were also uncovered due to police radio communications.

“Without public radio, we will simply be at the mercy of police to tell us when they killed someone. There’ll be no one else who knows,” Cahn said.

Press freedom advocates have also argued that encrypting police radios will prevent journalists from accurately reporting or covering police misconduct, ultimately allowing the NYPD to decide what should be considered news.

Todd Maisel, founder of New York Media Consortium, a group of eight media organizations against radio encryption, says: “Having the NYPD controlling the narrative is the worst possible scenario.

“They’re not going to tell you stories about anything that didn’t go well,” he added.

Keep reading

AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on.

The FBI spent much of Tuesday locked in an online tug-of-war with one of the Internet’s most aggressive ransomware groups after taking control of infrastructure the group has used to generate more than $300 million in illicit payments to date.

Early Tuesday morning, the dark-web site belonging to AlphV, a ransomware group that also goes by the name BlackCat, suddenly started displaying a banner that said it had been seized by the FBI as part of a coordinated law enforcement action. Gone was all the content AlphV had posted to the site previously.

Around the same time, the Justice Department said it had disrupted AlphV’s operations by releasing a software tool that would allow roughly 500 AlphV victims to restore their systems and data. In all, Justice Department officials said, AlphV had extorted roughly $300 million from 1,000 victims.

An affidavit unsealed in a Florida federal court, meanwhile, revealed that the disruption involved FBI agents obtaining 946 private keys used to host victim communication sites. The legal document said the keys were obtained with the help of a confidential human source who had “responded to an advertisement posted to a publicly accessible online forum soliciting applicants for Blackcat affiliate positions.”

“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” Deputy Attorney General Lisa O. Monaco said in Tuesday’s announcement. “With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

Within hours, the FBI seizure notice displayed on the AlphV dark-web site was gone. In its place was a new notice proclaiming: “This website has been unseized.” The new notice, written by AlphV officials, downplayed the significance of the FBI’s action. While not disputing the decryptor tool worked for 400 victims, AlphV officials said that the disruption would prevent data belonging to another 3,000 victims from being decrypted.

“Now because of them, more than 3,000 companies will never receive their keys.”

Keep reading

Gang ringleader who smuggled at least 127kg of cocaine into Britain using Encrochat is jailed for 16½ years after detectives ‘hacked into’ encrypted service

The ringleader of a drug network smuggled at least 127kg of cocaine into the UK using the Encrochat messaging service that has been burst open by detectives.

Marius Bucys, 43, of Dagenham in London, has been sentenced to 16 years and six months in prison after being convicted of conspiracy to import Class A drugs.

Bucys is the latest criminal to be busted after cybercrime experts cracked open the Encrochat service and used its data to arrest hundreds of criminals who had, until then, used the app as a near-untraceable means of coordinating drug deals.

European officers blew the app wide open in 2020, and Metropolitan Police detectives used a combination of its data and old-fashioned detective work to snare the drug smuggler – whose drivers used secret compartments to hide their wares.

The Met says Bucys acted as the ringleader in a wider drug network, arranging travel and logistics for the substances to be brought into the UK.

After Encrochat was accessed by police in the Netherlands and France, data was passed to police forces in the UK via the National Crime Agency (NCA) that detectives were able to use to link Bucys to the illicit trade.

Officers also trawled through hundreds of hours of CCTV showing lorry drivers stopping at locations up and down the M25 to pick up the drugs.

When officers raided his address, they found a notebook containing details of the importations.

Keep reading

NYPD Will Spend Nearly $400 Million to Hide its Radio Communications

The New York Police Department (NYPD) will spend nearly $400 million to upgrade its radio system, including encrypting its communications channels, which the public has been able to tune into since 1932.

At a New York City Council meeting Monday, NYPD Chief of Information Technology Ruben Beltran said the upgrade, expected to cost $390 million, will be completed by the end of next year, replacing the old analog radio network with a fully encrypted digital system. 

The move is part of a growing trend. Over the last decade, other large police departments in ChicagoBaltimoreWashington, D.C., and Portland have all encrypted their radio communications or are planning to do so. Departments say broadcasting in the clear gives criminals advance warning. Beltran said encryption would also protect the information of crime victims and block pranksters who jam up NYPD frequencies. (The NYPD regularly leaks information on arrestees and even victims for political purposes.)

However, scanner enthusiasts, news organizations, and elected officials complain that encrypted radio is cutting off a longstanding and useful source of information on police activity. As Gothamist reported, NYPD radio chatter has been the source of several major news stories over the years:

The New York Daily News obtained the crucial video of Officer Daniel Pantaleo killing Eric Garner thanks to a call that came over the police radio in Staten Island. As tens of thousands of peaceful demonstrators flooded the streets in June 2020, Gothamist recorded NYPD officers on radio airwaves using threatening language about the protesters, including saying that officers should run protesters over and shoot them. Responding, one officer was recorded saying “don’t put that over air.”

Police frequencies going dark is especially challenging for photojournalists, who rely on scanners to get to emergency scenes as fast as possible. The Chicago Police Department is considering a 30-minute public broadcast delay to allow news organizations to still hear dispatch calls.

Keep reading

In a first, cryptographic keys protecting SSH connections stolen in new attack

For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established.

Underscoring the importance of their discovery, the researchers used their findings to calculate the private portion of almost 200 unique SSH keys they observed in public Internet scans taken over the past seven years. The researchers suspect keys used in IPsec connections could suffer the same fate. SSH is the cryptographic protocol used in secure shell connections that allows computers to remotely access servers, usually in security-sensitive enterprise environments. IPsec is a protocol used by virtual private networks that route traffic through an encrypted tunnel.

The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host.

While the percentage is infinitesimally small, the finding is nonetheless surprising for several reasons—most notably because most SSH software in use—including OpenSSH—has deployed a countermeasure for decades that checks for signature faults before sending a signature over the Internet. Another reason for the surprise is that until now, researchers believed that signature faults exposed only RSA keys used in the TLS—or Transport Layer Security—protocol encrypting Web and email connections. They believed SSH traffic was immune from such attacks because passive attackers—meaning adversaries simply observing traffic as it goes by—couldn’t see some of the necessary information when the errors happened.

The researchers noted that since the 2018 release of TLS version 1.3, the protocol has encrypted handshake messages occurring while a web or email session is being negotiated. That has acted as an additional countermeasure protecting key compromise in the event of a computational error. Keegan Ryan, a researcher at the University of California San Diego and one of the authors of the research, suggested it may be time for other protocols to include the same additional protection.

Keep reading

5 WAYS TO PREPARE FOR THE ONLINE PRIVACY CRACKDOWN

The internet is about to change. In many countries, there’s currently a coordinated legislative push to effectively outlaw encryption of user uploaded content under the guise of protecting children. This means websites or internet services (messaging apps, email, etc.) could be held criminally or civilly liable if someone used it to upload abusive material. If these bills become law, people like myself who help supply private communication services could be penalized or put into prison for simply protecting the privacy of our users. In fact, anyone who runs a website with user-uploaded content could be punished the same way. In today’s article, I’ll show you why these bills not only fail at protecting children, but also put the internet as we know it in jeopardy, as well as why we should question the organizations behind the push.

Let’s quickly recap some of the legislation.

Keep reading

The EU Could Push its Private Message Ban as Early as Next Week

The EU is getting ever closer to pushing through the legislation known among critics as “chat control” – officially, Child Sexual Abuse Regulation, CSAR – and is hoping to reach a deal on this within the bloc as early as next week.

One of those who have been consistently opposed to the controversial upcoming rules, a German member of European Parliament (MEP) and lawyer Patrick Breyer, has reacted by warning once again that regardless of some minor changes if passed, the bill would effectively spell the end of proper encryption and private messaging in the EU.

Instead, the implication is, that CSAR would usher in the era of indiscriminate mass surveillance in this part of the digital space.

Warning that a recent “minor concession” the EU member-states have managed to agree on was a bid to finally come up with a majority and push the plans over the top, Breyer, referring to the proposal as “chat control 2.0,” calls it an “unprecedented” (at least for the EU) example of mass surveillance.

The summary of the regulation is that online services that provide messaging and chat would, going forward, have to implement automatic scanning of all private text and images – looking for potential abusive content, and then let the EU know about it.

There is no shortage of controversy and misgivings here, with two clearly standing out: once in place, what can this infrastructure be used for next (if politicians decide) – and the other, how are online platforms even supposed to make it work accurately and fairly, technically speaking?

Now, we are hearing that the EU Council is looking to “soften the blow,” at least rhetorically, but saying that the scanning would at first only apply to “previously classified CSAM (child sexual abuse material)” – but then later still expand it to everything.

Keep reading

9 Mysterious Undeciphered Codes and Inscriptions in History

From Neolithic tablets containing the oldest known system of writing, to a series of letters scrawled on the back of a dead man’s book, some of the most legendary undeciphered codes and texts remain a challenge for even the world’s best cryptographers, code breakers and linguists. Yet unravelling these mysterious puzzles remains as important as ever, since many of these enigmatic inscriptions could hold the keys to understanding civilizations that have long since faded into historic oblivion. Here we feature nine of the most fascinating undeciphered codes and inscriptions throughout history.

Keep reading

Police Seek a Radio Silence That Would Mute Critics in the Press

As a freelance journalist many years ago, I was walking the streets of Brooklyn, looking for a juicy story, anything that I could get into print. I was coming up empty. So I did what anyone would do in that situation. I had lunch.

Halfway through my Jamaican jerk chicken, I heard several gunshots, and in a flash, a man ran by the restaurant. I threw my money on the table and headed to the scene. When I got there a bystander pointed me toward the spent shells. I looked around and talked to witnesses. As one young man pontificated to me about poverty and unemployment leading to crime, I noticed that the cops weren’t there yet. But a photographer from the Daily News was.

That was because, like any good crime reporter, he was listening to police radio and responding to 911 calls, hoping to catch fresh crime footage, fires and other colorful photos that editors love. He’s not alone. Journalists around the country do this, as does anyone who is simply interested in cops, firefighters and other emergency services. Police scanners aren’t cheap, but they are readily available at many electronics retailers.

Keep reading