Tales from the (En)crypt #41

deepnews logo

Deepnews Digest #41

Tales from the (En)crypt

This week saw wave after wave of bombshell pieces about encryption and cybersecurity, with accusations about Huawei and the Equifax breach as well as revelations about the CIA’s longtime control of a major encryption company. It is a hard subject to cover and enough to have one’s head swimming in a sea of code and news. Luckily Deepnews is here to help decrypt everything that is going on, with these 25 articles found with the Deepnews Scoring Model.

Story Source
Washington Post
But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.

Editor’s Note: This is the article that inspired this issue of the Digest. Washington Post reporter Greg Miller got access to the history of what was called operation Rubicon, confirming CIA involvement in a major encryption company. It is a major story, and this is good journalism that we wanted to share with you.

The Wall Street Journal ($)
U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persuade allies to exclude the Chinese company from their networks.

Editor’s Note:

Security Boulevard
New legislation being introduced by Sen. Lindsay Graham ostensibly to prevent the spread of child porn and other child sexual abuse materials (CSAM) may have the effect of prohibiting the kinds of good security practices that prevent unauthorized access to medical records, credit card records, bank records and other personal information, and may make the internet a hell of a lot less secure. That’s because the bill, the Eliminating Abusive and Rampant Neglect of Interactive Technologies (or EARN IT) Act, would remove the limited immunity that internet online service providers currently enjoy for the acts of users on their systems and networks, and would require that these providers comply with “recommended best practices” for the prevention of online child exploitation as determined by a federal commission.

Editor’s Note:

Ars Technica
Ransomware operators stealing data before they encrypt means backups are not enough.

Editor’s Note:

Next Gov
ITAR’s new encryption carve-out paves the way for secure and private collaboration.

Editor’s Note:

Computer World
BlackBerry has integrated its Desktop and Access Browser with partner Awingu’s secure browser-based workspace and AI-driven security software from its acquisition of Cylance.

Editor’s Note:

Washington Post
The National Security Agency is known for keeping secrets. But a bug it recently discovered in Microsoft’s operating system was so potentially catastrophic that it fast-tracked a lengthy decision-making process to alert the company and the public as quickly as possible.

Editor’s Note:

PRI
In a paper released Thursday, MIT researchers say they have discovered the Voatz app is riddled with vulnerabilities, including ones that would “allow different kinds of adversaries to alter, stop, or expose a user’s vote,” according to the paper.

Editor’s Note:

Times Picayune
Last week’s cyberattack on Louisiana ITI College in Baton Rouge — which followed similar attacks in New Orleans and elsewhere in the state — suggests that hackers have no intention of leaving Louisiana alone.

Editor’s Note: One place that encryption comes up is in ransomware. Here the Times Picayune looks at attacks in Louisiana against governments, who cannot simply give up on recovering data thats been encrypted by attackers. It is a good example of a local paper taking a worldwide issue and bringing it home.

The Globe and Mail
It’s a decision that has exposed a sharp divide between long-time allies. On Jan. 28, Britain said it would allow Chinese telecom equipment maker Huawei Technologies Co. Ltd. to play a limited role in the country’s 5G networks, a decision government officials are calling a compromise.

Editor’s Note:

CSO Online
How the OPM hack happened, the technical details, and a timeline of the infiltration and response.

Editor’s Note:

ZDNet
A Senate debate on Monday showed that while Labor may talk the talk when it comes to balancing the needs of cops and spooks against our privacy and freedoms, it’s still likely to cave in when faced with any pressure.

Editor’s Note:

The Wire
“Brain freeze”, “mind-numbing”, “deadwood”, “a feeling of forcibly being confined in a cold storage” – during a recent visit to the Kashmir Valley, journalists search for words to describe to me the experience of having been stripped of their professional identity and dignity by government diktat.

Editor’s Note:

Lawfare Blog
The battle between Congress and Silicon Valley has a new focus: the EARN IT Act of 2019. (The title is an embarrassing retronym that I refuse to dignify by repeating; you can safely ignore it.) A “discussion draft” of the bill is attributed to Republican Sen. Lindsey Graham and Democratic Sen. Richard Blumenthal. To hear the Electronic Frontier Foundation (EFF), the Center for Internet and Society, and Gizmodo tell it, the draft EARN IT Act is an all-out assault on end-to-end encryption.

Editor’s Note: Several articles on this list deal with the EARN IT legislation in the U.S. Congress, which would put new responsibilities on companies to stop the distribution of child pornography. Stewart Baker here explores why it is controversial.

VentureBeat
For some, fears of AI lie in images of robot overlords and self-aware malware — the stuff of science fiction. Among the many threats we will deal with in the coming years, sentient AI taking over the world isn’t one of them. But AI that empowers cybercriminals is a very serious reality, even as some espouse the benefits of AI in cybersecurity.

Editor’s Note:

CNet
The Equifax breach affected more than half of the US population.

Editor’s Note:

Forbes
The Post and German broadcaster ZDF obtained a detailed classified report about the Crypto program, which included substantial information about the company’s internal operations. They also interviewed people and reviewed additional documents. The Post said that, at the insistence of the source, they were reporting on excerpts of the material. It is a juicy story that raises some serious issues worth a Congressional investigation.

Editor’s Note:

Reuters
On Feb. 19, U.S. District Judge Kevin Castel of Manhattan will hear competing motions for summary judgment in the Securities and Exchange Commission’s most significant enforcement action to date against a blockchain developer. The SEC will argue that entrepreneurs from the encrypted messaging app Telegram breached securities laws when they raised nearly $2 billion to develop a new blockchain platform. Telegram will counter that it wasn’t required to register its offering – and that the cryptocurrency tokens investors will receive are not in the SEC’s purview. Blockchain industry groups, as I told you last month, filed amicus briefs in the case, pleading with the SEC to provide clearer regulations for digital assets and to set out a better-defined path to launch blockchains.

Editor’s Note:

Scroll.in
Internet service providers in the Valley are asking customers for written undertakings saying they will not access VPN applications.

Editor’s Note:

Gov Tech
West Virginia, which has become an early tester of blockchain voting, is expanding Internet voting to include those with physical disabilities.

Editor’s Note:

Krebs on Security
It is sensitive because years of testing shows whoever wields it would have access to an unending stream of passwords, email and other proprietary data belonging to hundreds of thousands of systems at major companies around the globe.

Editor’s Note:

USA Today
NEW YORK – Inside a steel-encased vault in lower Manhattan, investigators are bombarding an Apple iPhone 7 with a jumble of numerical codes generated by nearby computers.

Editor’s Note: Battles between Big Tech encryption and law enforcement who want to get beyond it are famously contentious. Here USA Today looks at the effort to crack an iPhone in New York.

The New York Times
Companies like Equifax threaten our personal privacy and our national security.

Editor’s Note:

MIT Technology Review
The FBI found Eric Marques by breaking the famed anonymity service Tor, and officials won’t reveal if a vulnerability was used. That has activists and lawyers concerned.

Editor’s Note:

Hacker Noon
With anticipation for the US 2020 presidential election following concerns over foreign intervention in the 2016 presidential contest, there is an important focus on securing our voting systems while increasing voter participation.

Editor’s Note:

($) = This source has a hard paywall. You will need to suscribe to view this article.