So you think a chat app being "encrypted" means it's "safe"?

dartel

dartel

Esteemed Citizen of ZV
Story hit the news yesterday about a worldwide drug and firearm sting operation reaching its conclusion. The sting was facilitated by an "encrypted" app secretly made and distributed into criminal organizations by the FBI, allowing them to monitor every communication through the app the criminals believed to be safe.

Can you prove telegram or kik or whatever stupid chat app you love to rely on also wasn't made and distributed by an entity seeking to obtain whatever "secure" discussion you're having behind that precious "encryption"?

 
I laughed eeeeevily when I read the story yesterday :ROFLMAO:
That was one hell of pwnage.
 
Zen said:
I laughed eeeeevily when I read the story yesterday :ROFLMAO:
That was one hell of pwnage.
Click to expand...
When I heard the story yesterday on my drive home from work the first thing I said was "oh please let it be telegram, that would be fucking great.".
 
dartel said:
When I heard the story yesterday on my drive home from work the first thing I said was "oh please let it be telegram, that would be fucking great.".
Click to expand...
As a supporter of TG, I would love that - then the truth would be known and I love the truth far more than being correct.
 
dartel said:
Story hit the news yesterday about a worldwide drug and firearm sting operation reaching its conclusion. The sting was facilitated by an "encrypted" app secretly made and distributed into criminal organizations by the FBI, allowing them to monitor every communication through the app the criminals believed to be safe.

Can you prove telegram or kik or whatever stupid chat app you love to rely on also wasn't made and distributed by an entity seeking to obtain whatever "secure" discussion you're having behind that precious "encryption"?

Click to expand...
If you've read anything about it you would've seen that the app was simply undercover federally-produced spyware disguised and marketed as encrypted software. But most criminals won't know a damn things about programming and the feds took advantage of that. What gangster would know how to decode a program?
 
Pillar said:
If you've read anything about it you would've seen that the app was simply undercover federally-produced spyware disguised and marketed as encrypted software. But most criminals won't know a damn things about programming and the feds took advantage of that. What gangster would know how to decode a program?
Click to expand...
Yeah. It was the "encrypted" chat app itself that was the "spyware". It WAS an encrypted chat app, but the servers every message went through were owned and monitored by the FBI with the master encryption key. They duped a handful of people into trusting it and then those people did the rest by endorsing and spreading it further. Dismantling the app wouldn't have revealed the server's location and ownership or the fact that the "encryption" was made and the key held by the FBI.
 
dartel said:
Yeah. It was the "encrypted" chat app itself that was the "spyware". It WAS an encrypted chat app, but the servers every message went through were owned and monitored by the FBI with the master encryption key. They duped a handful of people into trusting it and then those people did the rest by endorsing and spreading it further. Dismantling the app wouldn't have revealed the server's location and ownership or the fact that the "encryption" was made and the key held by the FBI.
Click to expand...
Was there any way to verify who owned the "app" or was it a shell corporation that owned it?
 
Pillar said:
Was there any way to verify who owned the "app" or was it a shell corporation that owned it?
Click to expand...
From the sound of it it wasn't technically an "app", you couldn't just download it. It came hard coded on special "phones", which weren't connected to any actual phone network and couldn't make calls, they existed solely to communicate through this "secure" network. The devices were sold through the black market for $2000 for a 6month plan, and functioned almost strictly through a referral system, you had to know someone in the network who'd vouch for you joining it.

So no "company" tied to it, but "The FBI effort was aided by a paid collaborator who had previously marketed other encrypted devices to members of the global criminal underworld." It was all built on trust and likely the assumption that there was this 1 or 2 people in the shadows making these totally secure devices for the right clientele.
 
dartel said:
From the sound of it it wasn't technically an "app", you couldn't just download it. It came hard coded on special "phones", which weren't connected to any actual phone network and couldn't make calls, they existed solely to communicate through this "secure" network. The devices were sold through the black market for $2000 for a 6month plan, and functioned almost strictly through a referral system, you had to know someone in the network who'd vouch for you joining it.

So no "company" tied to it, but "The FBI effort was aided by a paid collaborator who had previously marketed other encrypted devices to members of the global criminal underworld." It was all built on trust and likely the assumption that there was this 1 or 2 people in the shadows making these totally secure devices for the right clientele.
Click to expand...
So, in other words, they were duped based on someone's reputation.

On the black market there is absolutely no guarantee that you're getting what you are paying for.
 
I was under the impression that their "collaborator" was duped by undercover cops.

Either way, it isn't going well for him. According to the news articles I read, there's a price on his head now.
 
dartel said:
When I heard the story yesterday on my drive home from work the first thing I said was "oh please let it be telegram, that would be fucking great.".
Click to expand...
Sorry, but you don't know what you're talking about - there is some real security in encryption, but not in the label "encryption" - and in the case of telegram it isn't label only. That sting was with an app that wasn't designed securely but as a honeypot that got spread by street cred and not reviewed. You can criticise aspects of Telegram, but it is pretty heavily audited as it is not only on a global scale but in competition with other apps of that scale and with millions of users - not like a crime scene only app - Or our chat also has a pretty nice encryption, backed by an open source communication program with encryption in mind - but hosted on a zoo controlled server, so I'd even prefer it - my opinion. The bust was a typical trojan horse operation which can't happen that way with the big softwares that are widely used.
 
Ookami said:
That sting was with an app that wasn't designed securely but as a honeypot that got spread by street cred and not reviewed.
Click to expand...
Actually if you read the story the sting app WAS fully encrypted. The FBI just held the encryption key. Part of the goal of the sting was also to undermine the trust in encrypted apps as a means of securely evading the law.

The users believed their Anom devices were secured by encryption. They were — but every message was also fed directly to law enforcement agents.
Click to expand...
“The supreme irony here is that the very devices that these criminals were using to hide from law enforcement were actually beacons for law enforcement,” Grossman said in a statement. “We aim to shatter any confidence in the hardened encrypted device industry with our indictment and announcement that this platform was run by the FBI.”
Click to expand...
 
dartel said:
Actually if you read the story the sting app WAS fully encrypted. The FBI just held the encryption key. Part of the goal of the sting was also to undermine the trust in encrypted apps as a means of securely evading the law.
Click to expand...
Which is why they cannot break through certain Linux encryption, right? Then again, if you're using Linux chances are you probably have a basic knowledge of how to do your own encryption and most crooks won't be that intelligent or bother to deal with that.
 
Pillar said:
Which is why they cannot break through certain Linux encryption, right?
Click to expand...
What does that have to do with it? There's no need to crack an encryption when they made the encryption. The whole point is "do you even know who made the encryption you're relying on and is its key really safe?". Just because something is encrypted doesn't by default mean it's secure, someone made that encryption and has the key, and you don't know if they have or will develop ulterior motives that spur them to use that key without your knowledge. And frankly, the government spying through encryption is far less a threat than that of a faceless corporation that wants to exploit what they learn about you.
 
Well, the problem is that you have to be the owner of the hardware the app is running on to do anything - which is the case if you make your own encrypted chat app or with our chat - and want to break the encryption - which is the case with the sting app but likely not with out chat and also have the means to do so - which means writing the software or being able to modify it the way to break the encryption - which is the case with the sting app and highly unlikely with the chat we use. The forum is a different matter, there private messages likely can be read or it could easily be modified to do so but I still do think the admin doesn't want to. I made my own chat as an exercise with a different technology and could read the messages but it doesn't use end- to- end encryption like element does. I know I couldn't do it easily with element.
 
If we have to sit down and tell you why it's different, you aren't worth telling it to because you don't understand how it works already at a fundamental level.
 
The interesting thing about this is....it isnt the first time. They mentioned that on NPR when they ran it. That means its also not the last. Even where they cannot legally use the fruits of the tree, thry can figure out where to look for other evidence, and as someone pointed out, confidence in encryption and encrypted programming is shaken. Vastly over-rated outfits are making a great deal of money on things like this.
 
saddlebum66 said:
The interesting thing about this is....it isnt the first time. They mentioned that on NPR when they ran it. That means its also not the last. Even where they cannot legally use the fruits of the tree, thry can figure out where to look for other evidence, and as someone pointed out, confidence in encryption and encrypted programming is shaken. Vastly over-rated outfits are making a great deal of money on things like this.
Click to expand...
That's because too many people assume "encrypted" means secure. They really ought to find out who the developer was.
 
Did I already mention that there's a difference between the label "secure" and the real thing reviewed by the global community ? With real secure software a host of people try to hack it for fun and profit - and publish their results. This does happen for Telegram and the Matrix network for example- but not for the app your shifty partner in crime has as a hot recommendation.
 
You must log in or register to reply here.
Back
Top