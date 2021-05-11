Security Leftovers Kerckhoffs’s Law for Security Engineers One of the first lessons in cryptography 101 is Kerckhoffs’s law: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. This is an often-repeated maxim accompanied with “there is no security with obscurity.” I always found this framing confusing: it felt inconsistent within itself. “don’t rely on secrecy except for the secrecy of the key” What is so special about keys? Why is it ok to rely on the secrecy of keys and not on secrecy of anything else? And because it is so focused on keys, it’s hard to really take this foundational lesson and apply it in contexts other than cryptographic algorithms.

How A New Team Of Feds [Cracked] The [Crackers] And Got Colonial Pipeline's Ransom Back [iophk: Windows TCO] Court documents released in the Colonial Pipeline case say the FBI got in by using the encryption key linked to the Bitcoin account to which the ransom money was delivered. However, officials have not disclosed how they got that key. One of the reasons criminals like to use Bitcoin and other cryptocurrencies is the anonymity [sic] of the entire system, as well as the idea that funds in any given cryptocurrency wallet can be accessed only with a complex digital key.

How a Fake FBI-Encrypted Device Ensnared Criminals Around the World Australian media reported that the country's most wanted fugitive, Hakan Ayik, was given early access to the device by undercover agents and unwittingly promoted ANOM to his associates. Demand for the messaging app grew when European investigators dismantled the popular EncroChat encrypted platform in July 2020. And usage exploded when the FBI dismantled Sky Global, another encrypted platform, in March 2021, officials said.

Police in 16 countries have arrested hundreds following a massive sting Operation Trojan Shield is the most wide-ranging attack on underworld communications, but not the first. Last year, the EU’s law enforcement agency, Europol, revealed that an operation initiated by French police had [cracked] a system known as EncroChat, which many criminals used. The [crack] has led police to arrest more than 1,000 people so far.

Hundreds arrested around the world in huge global organized crime sting ANOM's users believed the devices to be secure, according to Jannine van den Berg of the Dutch National Police at the press conference. Access to the communications of those involved in criminal networks meant that law enforcement agencies were able to read encrypted messages.

The Criminals Thought the Devices Were Secure. But the Seller Was the F.B.I. For years, organized crime figures around the globe relied on the devices to orchestrate international drug shipments, coordinate the trafficking of arms and explosives, and discuss contract killings, law enforcement officials said. Users trusted the devices’ security so much that they often laid out their plans not in code, but in plain language. b Unbeknown to them, the entire network was run by the F.B.I., in coordination with the Australian police. On Tuesday, global law enforcement officials revealed the three-year operation, in which they said they had intercepted over 20 million messages, and arrested at least 800 people in more than a dozen countries.

PGP Marks 30th Anniversary It was on this day in 1991 that Pretty Good Privacy was uploaded to the Internet. I had sent it to a couple of my friends for distribution the day before. This set in motion a decade of struggle to end the US export controls on strong cryptographic software. After PGP version 1.0 was released, a number of volunteer engineers came forward and we made many improvements. In September 1992 we released PGP 2.0 in ten foreign languages, running on several different platforms, upgraded with new functionality, including the distinctive trust model that enabled PGP to become the most widely used method of email encryption. q I became the target of a criminal investigation for violating the Arms Export Control Act by allowing PGP to spread around the world. This further propelled PGP's popularity. The government dropped the investigation in early 1996, but the policy debate raged on, until the US export restrictions finally collapsed in 2000. PGP ignited the decade of the Crypto Wars, resulting in all the western democracies dropping their restrictions on the use of strong cryptography. It was a storied and thrilling decade, and a triumph of activism for the right to have a private conversation.