Gadgets News

The FBI tries to break encryption without breaking encryption

Illustration for the article titled How the FBI Tries to Break Encryption Without Really Breaking Encryption

Photo: MANDEL NGAN / AFP (Getty Images)

Since at least the 1990s, federal officials have publicly spoken out worried that encrypted communications provide assistance to terrorists and criminals. More often than not they have, to some degree, been right.

In the early 2000s, Los Zetas, the infamous Mexican cartel, actually created his own military-grade encrypted radio networks, which they used to mask the movements of their drug supply chain. Around the same time, Al Qaeda and other Mujahideen terrorist groups began to use self-managed encryption software in hopes of avoiding the eye that sees the entire state of America’s national security. Other criminal groups immediately followed suit and, today, the need for “dark” capabilities has given rise to companies that intentionally court and sell only to inferior customers. These companies, which presumably go to great lengths to protect their customers, appear to have a short lifespan, however: In recent years, a number of prominent encryption platforms and other technologies they were infiltrated and dismantled from law enforcement — with the most recent example occurring just a week ago.

Last Tuesday, the U.S. Department of Justice announced “Trojan Shield”, a bold, excessive law enforcement operation. In this, the FBI used a high-level criminal informant to cooptate and then run an encrypted chat platform, called ANOM, designed specifically for transnational criminal organizations. Instead of infiltrating an existing platform, the feds had decided to create and operate their own. When drug traffickers and money launderers approached ANOM, the FBI and other authorities waited, ready to intercept and study all the communications the scammers had to offer. It was the honey to finish all the honey – a trap set on a global scale.

Of course, the short-term benefit from the operation has been overwhelming: all last week, governments around the world have continued a parade of hundreds of arrests, with the police holding press conferences and happily trotting the charges related to the operation. Alleged gangs of motorcyclists, Italian crime families, drug traffickers around the world were all trapped. In the United States, the Department of Justice accused 17 people allegedly involved in the “management” of the ANOM (despite the FBI’s secret role), arresting the majority. The operation also revealed a deluge of intelligence on the ways in which international criminal unions operate, which will undoubtedly help to inform future investigations aimed at such groups.

However, one of the long-term goals of the operation, as stated by the police, seems elusive – if not quirky. “Our goal is to shatter any confidence in the hardened encryption devices industry with our accusation and announcement that this platform was managed by the FBI,” said Randy Grossman, U.S. Attorney. during a press conference last week. Similarly, Suzanne Turner, the special agent in charge of the San Diego FBI office, said this should be considered a “warning” for criminals. “[Those] who believe they operate under an encrypted cloak of secrecy, your communications are not secure, “Turner said. He later added that the operation will hopefully” keep criminals in check “if a platform was a legitimate enterprise or one secretly managed by the federals.

Grossman and Turner’s statements mark a turning point in a decades-long effort by the U.S. government to undermine encrypted communication, which has proliferated in the mainstream in recent years, from Signal to iMessage, WhatsApp to Google Messages. If the cops can’t break the encrypted technologies, they will instead break our trust in them – even if it means crossing the line themselves.

“Encrypted messaging applications are virtually untouchable by law enforcement,” James A. Lewis, a security professional with the Center for Strategic and International Studies, said in a phone call. Lewis has been studying the problem for years.

“People were talking about air conditioners, or going for walks in the park,” he said, referring to Godfather-type scenarios, in which criminals sneak in to avoid interception. Now, he said, everyone, too the mafia, has a smartphone in his pocket. Thus, the temptation to rely on such easy methods of communication is strong. “It’s just a general change to send to messaging,” he said. “Criminals have traded with the rest of the population.”

The companies that preceded the ANOM – many of which have been infiltrated and dismantled by the cops – have worked hard to hide their activities, which have been done to serve criminal ecosystems centered around drug trafficking. and murder, government officials have argued. For example, Phantom Secure, a now defunct phone company that offers modified, encrypted Blackberry and Android devices, it says it has sold most of its services to Mexican drug cartels, which used the devices to communicate with subcontractors and strategize drug shipments. Two other platforms that have recently been downed by police – Sky Global and EncroChat – would have worked very much the same way.

Similarly, the devices used by the type of groups trapped in “Trojan Shield” are very different from your encrypted “chat” media app like Signal or WhatsApp-both of which use end-to-end encryption, meaning only the sender and recipient have access to any conversation. Most often, they are modified phones that have GPS, microphone and camera capabilities disabled, and include a specialized encrypted chat app that works on a “closed circuit” with other devices specifically designed to communicate with each other. In addition to this, the government claims that companies that sell such devices will often offer secret protection to their customers – helping to remotely wipe the contents of phones if they are confiscated by the police. With all these advantages, criminals have little incentive to give up this type of service because they are simply too useful for their operations.

“A lot of the encrypttion is un-hackable,” Lewis said. “If you can gain access to the device then your chances are better, but if you just intercept traffic, it can be exceptionally difficult — perhaps even impossible. [to hack it]. “

This unbridled impasse is in part because the FBI and other federal agencies have spent the past 30 years campaigning against the use of cryptography. During the first so-called “Crypto Wars” in the 1990s, national security politicians in the Clinton administration argued that the proliferation of cryptographic technologies around the world would effectively create a force field around corruption. Since then, federal officials have, in one way or another, aggressively pursued a solution to technology, often using strategies that threatened civil liberties and treated Americans ’privacy as a reflection.

This went through a series of different iterations. When the 1990s lobbying to stop the export of encryption didn’t work out, the feds quickly turned to a different strategy: lobbying the private sector to install backdoors on their encrypted networks so that the FBI could enjoy intimate access to American protected communications. Beginning in the mid-2000s, the Justice Department and the FBI made an offensive statement – trying to explain to Congress and the American people why they really needed to do this. This campaign has lasted for years, with ongoing lobbying by the FBI director continuing to the present moment.

With “Trojan Shield,” it really seems like a new tactic in the government’s ongoing battle against cryptography, but one that is much more psychological than legal. Here, the office appears to have been trying to shake general confidence in encrypted platforms – raising questions about whether those communications are truly secure or just a giant honeycomb with an FBI agent persisting in the rearview. In doing so, they essentially seek to undermine a technology that serves as one of the few protections for the privacy of everyday people in a world intentionally designed to evade it.

Jennifer Lynch, director of surveillance litigation at the Electronic Frontier Foundation, said the recent operation was concerning – adding that she doubted the FBI also had the legal authority in the United States to carry out “Trojan Shield.” which is probably why it has been associated with “more than 100 countries,” according to a DOJ.

“We don’t even know much about how this investigation happened and how all the data sharing went between the different countries that were involved,” Lynch said in a telephone interview. What we do know, however, concerns enough. “The FBI said they have geo-fenced communications from Americans. That tells me that even the FBI doesn’t believe they have the legal authority under the Fourth Amendment or our federal interception act to do that. what they did. ”

Extrapolating on this point, Lynch noted the office’s partnership with Australia, which recently passed the Act TOLA. The law allows the Australian government to force private companies and technology companies to redesign software and products so that they can be used to spy on users. Australian laws also allow for broad phone interception, which far exceeds those available in the United States, Lynch said.

“Basically, the FBI is washing its surveillance across another country,” he said.

Alternatively, Lewis argues that the challenges posed by cryptography force law enforcement to become creative as they combat the growing use of technology by criminal groups.

“You have to get a subpoena, you have to get the company to cooperate,” Lewis said, explaining the current restrictions when police try to investigate malfunctions via encrypted chat platforms. “The company will not – in many cases – have access to unencrypted data. This is where something similar becomes attractive. [to criminals]. “

Even with high power entities like the National Security Agency, the data they intercept will not necessarily be useful in traditional law enforcement investigations, he said. “The NSA is not in the business of ordering,” he said. “I’m not collecting evidence. So, even in cases where they intercepted traffic, it couldn’t be used in court,” Lewis said. “So you have technological and legal issues.”

If the operation cast doubt on the security of the platforms for criminal use, then it has done its job, he argues.

“He certainly planted a seed of doubt in his mind,” he said, of the criminals. “Uncertainty really helps. It means they want to do more face-to-face meetings or something other than talk on the phone, ”which may make them easier to catch up, he said.

Of course, the FBI plants seeds of doubt by throwing handfuls of clothes at everyone’s fingertips – they’re not just criminals who are afraid that someone will read all the texts, they’re all of us. And for Lynch, it’s an injustice.

“I think what the FBI has done is very suspicious,” he said, “and I think we should all be concerned about that, because it makes us question the privacy and security of our communications.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button