Category Archives: Encryption
Manitowoc scanners go quiet with encryption – Herald Times Reporter
Manitowoc police officer Lt. Matt Wallander demonstrates the new radio Friday, May. 19, 2017, in Manitowoc, Wis. Josh Clark/USA TODAY NETWORK-Wisconsin(Photo: Josh Clark/USA TODAY NETWORK-Wisconsin)Buy Photo
MANITOWOC -For those listening in on a police scanner, radio transmissions have gone eerily quiet in Manitowoc County.
Over the past year, Manitowoc County Sheriffs Department, Manitowoc Police Department and Two Rivers Police Department have made the switch to exclusively using encrypted channels for their radio transmissions.
Sheriff Robert Hermann said the decision to switch was mainly to keep law enforcement officers safe. The encryption used in Manitowoc County is the same used for federal-level law enforcement and prevents people from hearing the chatter between officers.
OTHER NEWS:Manitowoc police search for shooting suspect
OTHER NEWS:For the Record court listings, public meetings: May 21, 2017
I can understand people like to monitor the scanners to find out what is happening in certain situations, Hermann said. However, our officers safety certainly outweighs that curiosity.
The Manitowoc County Sheriffs Department switched to encrypted communication in November while the Manitowoc Police Department has been using encrypted channels since July.
Hermann said the widespread use of smartphones and the availability of the police scanner app for anyone who has access to the internet meant more people committing crimes were able to listen in on what the officers were doing.
Manitowoc Police Chief Nick Reimer said city officers were encountering situations where someone who was trespassing or stealing had their phones out to listen to the police scanner in case officers were responding to their location.
Its really a good thing, this decision, Reimer said. It is available to us, so why not use it?We want to make sure to keep everybody safe, including our officers.
Reimer said law enforcement has had the ability to use encryption for years, and they would occasionally use it for sensitive situations. However, it did open up officers and dispatchers to confusion about whether they needed to use the encrypted channels or not, and communications were often delayed while officers switched back and forth between channels.
The whole county recently switched to using digital rather than analog signals for their communications and the switch to using encryptions came in concert with that. Reimer said communications have been stronger and clearer with the new equipment.
Reimer said he still wants to make sure the police department is as transparent as possible. He said he will be sending information to the public through press releases, social media posts and email.
We always want people to feel we are being transparent we want people to know what we do, Reimer said. But the information shared on our radios could damage our investigation if the wrong people found out.
One of the new radios used by the Manitowoc Police Department Friday, May. 19, 2017, in Manitowoc, Wis. Josh Clark/USA TODAY NETWORK-Wisconsin(Photo: Josh Clark/USA TODAY NETWORK-Wisconsin)
Law enforcement radio encryption is not a new thing. Police and sheriff's departments across the nationhave been exclusively using encrypted channels for years. The Sheboygan Police Department also recently decided to make the switch, which will take effect in November.
Not everyone is thrilled with the change. In a previous USA TODAY NETWORK-Wisconsin article, Bill Lueders, president of the Wisconsin Freedom of Information Council, said it would be a tragic decision to take information away from the public.
There are questions about police conduct and accountability that hinges on the ability of media to know, real-time, what is happening in communities in regards to police response, Lueders said. Why would the police, especially at this point in our history, demand less scrutiny and culpability? Are they trying to keep people with their cellphone cameras away? Is that what they are really after?
Alisa M. Schafer: 920-686-2105 or aschafer@gannett.com
Read or Share this story: http://htrne.ws/2qJcKA1
Read the rest here:
Manitowoc scanners go quiet with encryption - Herald Times Reporter
Available Tools Making Dent in WannaCry Encryption – Threatpost
Tools are beginning to emerge that can be used to start the process of recovering files encrypted by WannaCry on some Windows systems.
This takes on extra urgency because today marks one week from the initial outbreak, and files encrypted during that first wave are on the clock and close to being lost forever.
Adrien Guinet, of Quarkslab, yesterday released a tool to the public called Wannakey that tries to recover one prime number from memory used to factor the RSA public key stored by the malware on the local drive. Once the public key is retrieved, it can be used to rebuild the private key and eventually, with a decryptor, recover encrypted files.
Guinet said he had some luck once hed recovered the private key to decrypt files from an infected XP machine using Benjamin Delpys WanaDecrypt tool.
I actually tried the Wanadecrypt tool. It works pretty well once youve got the private RSA key, Guinet told Threatpost. It should be noted as well that these tools put victims on the road to recovering only from the WannaCry ransomware, and that the exploit used last week to spread the malware requires the MS17-010 patch from Microsoft. WannaCry may be spread by a number of different means aside from the EternalBlue NSA exploit, including phishing emails and exploit kits.
Wannakey has some limitations to it given that it was only able work on Windows XP machines since the prime numbers are overwritten in memory on later versions of the Microsoft OS.
Delpy overcame those limitations with his Wanakiwi tool that works on Windows XP and Windows 7 machines, with the implication being that it would work on all Windows versions including Windows Server 2003, Windows Vista, Windows 8 and Windows Server 8 R2, researcher Matt Suiche said.
The available tools try to recover the prime numbers of WannaCrys RSA private key, by searching for them in the wcry executable dropped by the ransomware. Guinet said this is the process that generates the RSA private key. The prime numbers are available, he said, because the CryptReleaseContext function available through the Windows Crypto API in later versions of Windows overwrites memory wiping out the prime numbers. In XP, Guinet said, the function does not clean up memory.
Guinet admitted there is a bit of good fortune involved in recovering the prime numbers, first and foremost that the associated memory has been erased and that theyre still in memory.
His tool is very ingenious as it does not look for the actual key but the prime numbers in memory to recompute the key itself, Suiche said of Wannakey. In short, his technique is totally bad ass and super smart.
Suiche stresses that victims should not reboot their infected machines if they havent already. Suiche, who did a breakdown of the crypto implementation of WannaCry during a webinar with Kaspersky Lab this week, said today that the killswitch domain he registered is still recording infection attempts, including a spike of almost 5,000 last night from Malaysia.
In the meantime, Guinet said that WannaCry authors properly use the Windows Crypto API, and the fact the prime numbers are recoverable are more on Microsoft than an implementation error.
I think the overall cryptographic scheme is good. It could have been done differently, but it works in theory, Guinet said. When you look at the part of the codes that handle cryptography, care has been taken so that what we are trying to do does not actually work. The issue is that the MS Crypto API does not cleanup memory, and theres not much the authors could have done against that, apart from using another cryptographic library that takes care of these issues. So, IMHO, on the cryptographic part, they made a decent job.
Continued here:
Available Tools Making Dent in WannaCry Encryption - Threatpost
Only 30% of businesses in Mideast have a full data encryption strategy – Saudi Gazette
DUBAI In the Middle East, only 30% respondents have a comprehensive encryption strategy a number that stands in marked contrast to the global rate of 41%, Thales, a leader in critical information systems, cyber security and data security, said Sunday in its Middle East edition of its 2017 Global Encryption Trends Study.
At 33%, IT operations has the most influence in directing that strategy. This finding is also in contrast to the global figure, where for the first time in the history of the study, business unit leaders had the highest influence. Other critical findings demonstrate organizations show a preference for control over encryption in the cloud and are readily deploying hardware security modules (HSMs) to protect their data:
60% of respondents take one of two routes: they either perform encryption on premise prior to sending data to the cloud, or encrypt in the cloud using keys they generate and manage on premise
Only 37% are willing to turn over complete control of keys and encryption processes to cloud providers
The overall HSM usage rate is 34% and the top deployment model for HSMs used with cloud applications is on-premise (49%)
The top two software-as-a-service (SaaS) applications that respondents currently encrypt with, or plan to encrypt with, are Microsoft Office 365 (50%) and Salesforce.com (38%)
Philip Schreiber, Regional Sales Director for Thales e-Security MEASA, said: As businesses the world over increasingly turn to cloud services, were seeing a rapid rise in sensitive or confidential data being transferred to the cloud and yet in the Middle East less than a third of respondents had an overall, consistently applied encryption strategy. Encryption is now widely accepted as best-practice for securing data and a good encryption strategy depends on well-implemented encryption and proper key management. Thales hardware security modules (HSMs) have provided reliable high-assurance key management for decades and this years study underscores their importance in securing a wide range of critical applications.
Other key findings:
30% are currently using or planning to use HSMs with Bring Your Own Key (BYOK) deployments, with 23% claiming the same for Cloud Access Security Broker (CASB) deployments. Usage of HSMs with CASBs is expected to almost double in the next 12 months (from 12 to 23%)
The top drivers for encryption are IP protection and protection of customer information. This is in contrast to the global data where compliance is, and historically always has been, the top driver for encryption. In the Middle East, compliance ranked 5th on the list at 28% (as compared to the global average of 55%)
Encryption use in the Middle East is highest for Internet communications, databases, and laptop hard drives. SG
Originally posted here:
Only 30% of businesses in Mideast have a full data encryption strategy - Saudi Gazette
Facebook expands on encrypted chat feature with new Messenger app update – Washington Times
An updated version of Facebooks widely successful Messenger app now lets users of the worlds largest social network to communicate privately across multiple devices, Facebook said Thursday.
While Facebook began last year letting its billion-plus users chat over Messenger using end-to-end encryption a communication method that uses cryptographic keys to scramble and safeguard digital data the initial deployment of Facebooks so-called Secret Conversations feature only worked until now on one device per user.
In a blog post Thursday, Facebook said the Secret Conversations feature now works between devices, meaning users who update their app will be able to initiate an encrypted chat on their smartphone or tablet, then carry-on those conversations from a different devices.
When we originally announced secret conversations in July of last year, they were available on one device per user. People can now access their secret conversations via multiple devices, for example when they upgrade or lose a device. Sending videos will soon be supported, too, the post said.
Facebook referred The Washington Times to a white paper containing the technical specifications involving Secret Conversation when reached for further comment Thursday.
About 1.2 billion Facebook account holders were considered monthly Messenger users as of April 2017, up from 200 million only three years earlier. Both Messenger and a separate chat application owned by Facebook, WhatsApp, provide users with the option of communicating with end-to-end encryption, the likes of which makes it more difficult for eavesdroppers, hackers and even authorized third-parties to intercept conversations.
Testifying on Capitol Hill before his abrupt termination as FBI director this month, James B. Comey recently said an increasing number of federal investigations are becoming hindered as companies like Apple and Google continue to incorporate strong encryption into their widely sold smartphones in addition to the availability of free chat applications such as Facebooks Messenger and WhatsApp.
The shadow created by the problem we call going dark continues to fall across more of our work, Mr. Comey said.
I dont know yet how the new administration intends to approach it, but its something we have to talk about, Mr. Comey continued. I care a lot about privacy. I also care an awful lot about public safety. There continues to be a huge collision between those two things we care about.
Read more:
Facebook expands on encrypted chat feature with new Messenger app update - Washington Times
UK government seeks additional surveillance powers, including overriding encryption – World Socialist Web Site
By Barry Mason 20 May 2017
A recent leaked document highlights how the UK Conservative government intends to spy on thousands of internet and phone users in real-time.
Its proposed measures dramatically weaken the ability to protect privacy through the use of encryption.
The plans only became known due to the Open Rights Group, a UK digital campaigning organisation whose remit is to protect the right to privacy and free speech online, releasing the leaked government Home Office consultation document.
The document is a draft statutory instrument. Despite its dry title; The Investigatory Powers (Technical Capability) Regulations 2017, the document spells out how Internet Service Providers (ISPs) and phone companies, at one days notice, would be obliged to give real-time access to a named individual including any related secondary data. It also puts a legal requirement on data providers to set up backdoor access to their systems to allow the UK state to override end-to-end encryption of data.
The draft proposals would build on the already draconian Investigatory Powers Act. The IPA, known as the Snoopers Charter, passed into law last December. It is an unprecedented attack on the rights and privacy of every UK citizen. The Open Democracy group described it as the most sweeping surveillance powers ever seen, not just in the UK, but in any western European nation or in the United States.
The act began as the Investigatory Powers Bill (IPB), the flagship policy of then Home Secretary and now Prime Minister Theresa May, who introduced it to parliament in November 2015. The act brings together previously diverse sets of rules into one piece of legislation. It also provides a legal stamp to vast illegal spying operations against the entire UK population, has been carried out for years by the intelligence apparatus without legal authorisationbefore being exposed by the US whistleblower Edward Snowden.
The act allows the state to monitor every web site visited by an individual as well as comments made and search terms used. It also compels tech companies to hack into customers devices at the request of state spying agencies to override their security, enabling the bulk hacking of millions of peoples electronic devices on the say-so of the home secretary. The IPA compels Internet Service Providers to keep Internet connection records for a 12-month period for access by the police and security services.
The nine-page document leaked by the Open Rights Group was produced and sent out for a four week consultation to six telecom companies, BT, O2, BskyB, Cable & Wireless, Vodafone and Virgin Media. These companies comprise the Technical Advisory Board, along with state spying agencies. It is presumed that a representative of one of the six telecom companies, concerned over the invasion of privacy implications decided to leak the document to the Open Rights Group. There is no mention of the consultation document on the Home Office web site or on the UK government information website, gov.uk.
Responses have to be made by May 19 to the Home Office. The Open Rights Group noted, This is a targeted consultationand has not been publicised to the tech industry or public. The Secretary of State is in fact not under any obligation to consult the public, but must consult only a small selection of organisations listed in Section 253 (6) of the Investigatory Powers Act.
The leaked document spells out how telecommunication operators would be required to provide and maintain the capability to ensure, where practicable, the transmission of communications and secondary data in near real time to a hand-over point as agreed with the person to whom the warrant is addressed To provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection to permit the person to whom the warrant is addressed to remove such electronic protection.
The authorization to carry out such surveillance on an individual would come from a secretary of state (a cabinet minister in charge of a government department), overseen by a judge appointed by the prime minister.
The Register, a web site carrying IT related news, commented on the leaking of the consultation document, In addition, comms providers will be required to make bulk surveillance possible by introducing systems that can provide real-time interception of 1 in 10,000 of its customers. Or in other words, the UK government will be able to simultaneously spy on 6,500 folks in Blighty [the UK] at any given moment.
Just in the case of BT, which has nine million British broadband customers, fully 900 people using its services could be, legally, monitored in real time, without their knowledge.
The Register concluded that the document would effectively make strong and unbreakable encryption illegal. This act of stripping away safeguards on peoples private data is also fantastic news for hackers, criminals, and anyone else who wants to snoop on Brits. The seals are finally coming off.
Writing on the techworld web site May 5, journalist Scott Carey commented, Simply put, either a message is encrypted or it is not. If there is backdoor for security services, there is essentially a backdoor for anyone with the right skills to exploit it, it is a Pandoras box.
While the government is not under any legal obligation to inform the public about draft regulations under consideration, it would have to pass both Houses of Parliament to become law. Jim Killock, executive director of the Open Rights Group, told the BBC, The public has a right to know about government powers that could put their privacy and security at risk.
The IPA was finally put on the statute books by the Conservative government elected in 2015, led first by Prime Minister David Cameron and now by May. Should the Conservatives win the June 8 snap election, they will extend its scope along the lines laid out in the leaked document.
However, workers cannot look to the Labour Party to oppose a further massive abrogation of democratic rights. In parliament, Labour ensured the Investigative Powers Bill became lawoffering only a few, token and minor amendments. Most Labour MPs voted for the IPA at its final reading. Labours general election manifesto makes no mention of state surveillance whatsoever, or of the IPAdespite it being introduced since the last election in 2015. If elected, Labour would use the vast powers now available to the state to monitor the entire population just as surely as will the Tories.
Read this article:
UK government seeks additional surveillance powers, including overriding encryption - World Socialist Web Site
Facebook Messenger upgrades encrypted chat feature – CyberScoop
Chatting on Facebook is quietlygetting more secure.
The social media companysMessenger, used by 1.2 billionpeople around the world, just launched a significant usability upgrade to its Secret Conversations feature that enables encrypted communications between two people on multiple devices. Previously, encrypted communications were availableto one device per person, severely limiting their attractiveness in a world where people rapidly switch between mobile, tablets and desktop devices.
Messengers adoption of strong encryption and this latest feature upgrade has won plaudits in the privacy community.
The change, however, was practically whispered in a small update to a year-old blog post that had first announced the encryption features and Facebook only added the information afterusers actuallynoticed the existence of the new feature. For a company with the ability to make a splash about almost anything it does, this seems a deliberate choice to keep the encryption conversation relatively quiet at the moment.
I love this, said Alec Muffet, previously a security engineer with Facebook. Its a clear step forward in bringing the benefits of secure, robust cryptography to billions of people around the world. My sole reservation stems from Facebooks apparent lack of public pride in this amazing achievement, and I fear that such indicates a lack of commitment to E2E in the Messenger product when compared to (say) WhatsApp.
WhatsApp, which is owned by Facebook, is the most popular messenger in the world, counting approximately 1.2 billion in its user base. It has led Messenger in the encryption department in both speed WhatsApp beganwork in 2014, Messengers cryptography landed last year and implementation. WhatApps encryption is on by default, Messenger requires a user to opt-in.
Correction:Messenger and WhatsApp both have approximately 1.2 billion monthly active users. This article previously misstated Messengers active user base as 900 million per month.
Read the original:
Facebook Messenger upgrades encrypted chat feature - CyberScoop
How One Security Setting Can Solve The Web Encryption Problem – Forbes
Forbes | How One Security Setting Can Solve The Web Encryption Problem Forbes As a cybersecurity professional, I've worked for more than two decades to educate business leaders on the importance of security to their companies' survival and growth. It's only become a more pressing issue as interactions between companies and their ... |
Originally posted here:
How One Security Setting Can Solve The Web Encryption Problem - Forbes
Researcher Open Sources WannaKey Tool That Cracks WannaCry Ransomware Encryption – Fossbytes
Its more than a week since WannaCry ransomware started causing panic among the internet community. However, as time passes, more and more security researchers across the world are coming up with fixes for the WannaCry ransomware.
Earlier, it was a researcher who accidentally created a kill switch for the ransomware. Now, another researcher namedAdrien Guinet has found a cure to fix a computer encrypted by the ransomware. He didnt land up on the method accidentally and his fix only works for machines running Windows XP, still, its a relief.
Guinet was able to crack the encryption in his lab by finding the prime numbers that constitute the RSA private key used by WannaCry ransomware.
The researcher has uploaded the tool which he calls WannaKey on his GitHub repo. There, he also explains the process he followed to gain access to the private keys.
In order to work, your computer must not have been rebooted after being infected, he writes on GitHub. Please also note that you need some luck for this to work andso it might not work in every cases!
Guinet says when the WannaCry ransomware infects a computer and encrypts it, the private keys are stored in the memory and are often left undeleted. This is where a persons luck comes into the picture, he should hope that the associated memory isnt reallocated and erased so that the prime numbers belonging to the key can be recovered.
The fact that Guinet has open sourced the tool might help other researchers to come up with a solution for other Windows versions. Wannakey as a fix for Windows XP might not be much useful. Various security researchers have noted that the worm that spread the ransomware didnt infect Windows XP machines.
If you have something to add, drop your thoughts and feedback.
Read the rest here:
Researcher Open Sources WannaKey Tool That Cracks WannaCry Ransomware Encryption - Fossbytes
File carving can reverse WannaCry ransomware encryption, says McAfee – SC Magazine UK
More details are available in a post from McAfee in The SC Blog.
As the dust from the worldwide outbreak of the WannaCry ransomware settles, and the hunt for patient zero begins, Raj Samani, chief scientist at McAfee, claims he and his team may have found a way to recover data from files which the WannaCry ransomware has encrypted.
Samani, Christiaan Beek and Charles McFarland have written a blog post on the experimental recovery method and warned that the technique is provided as is, we accept no responsibility if things don't go as expected.
However, if your files are all encrypted and you don't have a backup, you typically don't have much to lose.
Samani has given an early sneak peak to SC which describes how the researchers used a file recovery method named file carving to recover WannaCry encrypted data. This is possible thanks to WannaCry's file handling methods.
According to the researchers, this depends on whether WannaCry copies and then encrypts files, with their originals deleted, or if there is a different method at play.
The researchers write: In our testing we have had some cases where the recovery did an almost full recovery and others in which it was near zero. However, they caution: The number of variables are too exhaustive to list.
More details are available in a post from McAfee in The SC Blog.
Samani told SC Media UK at a press conference hosted by Barracuda Networksyesterday that his work to figure out this method of recovery was spurred on by complaints that WannaCry victims who paid the ransom didn't get a decryption key.
According to various sources, WannaCry doesn't have an automated system for processing decryption keys when victims pay, so each request has to be handled manually.
Samani, who helps run the nonprofit ransomware recovery hub NoMoreRansom.org in partnership with Barracuda Networks and a number of other security companies and law enforcement agencies, said they had a very busy weekend.
On a normal day No More Ransom, which provides free-of-charge recovery tools for victims for ransomware, sees around 400,000 HTTP connections. On 12 May when news broke of the WannaCry infection, Samani told SC that their connection numbers rose to eight million.
The website is also suffering attacks. Samani wouldn't elaborate but said the technology and infrastructure around the website collects information about these and has essentially become a honeypot. One particular IP address had orchestrated over 600,000 attacks on the website, Samani said without revealing more details.
Unfortunately, Samani said an encryption key for WannaCry has not yet been discovered. He claimed that according to vulnerability search engine Shodan, 1.4 million machines around the world are still open to the SMB vulnerability.
Samani told the Barracuda Networks press conference of both trade, specialist and national press yesterday that, Digitally speaking, we are constantly in crisis, and this has to stop. He added, Cyber-crime isn't bits and bytes, it's everyday life.
See original here:
File carving can reverse WannaCry ransomware encryption, says McAfee - SC Magazine UK
In encryption push, Senate staff can now use Signal for secure … – ZDNet
The US Senate just got a little bit more secure.
Without any fanfare, the Senate Sergeant at Arms recently told Senate staffers that Signal, widely considered by security researchers and experts to be the most secure encrypted messaging app, has been approved for use.
The news was revealed in a letter Tuesday by Sen. Ron Wyden (D-OR), a staunch privacy and encryption advocate, who recognized the effort to allow the encrypted messaging app as one of many "important defensive cybersecurity" measures introduced in the chamber.
ZDNet has learned the policy change went into effect in March.
The news comes just a week after the Senate's move to switch every page on its domain to HTTPS by default, a long-awaited upgrade that took more than a year to complete.
Read also: Secure messaging: Signal's the best, and then there's the rest | How the founder of the Silk Road made millions on his illegal startup on the Dark Web (TechRepublic) | Rich? This ransomware will charge you more to unlock your encrypted files | The uncrackable problem of end-to-end encryption
The Senate is just the latest across the political world to embrace the popular end-to-end encrypted messaging app.
In fact, many in politics -- in all branches of government, federal, and local -- have taken security more seriously following the hacks that hit the Democratic National Committee during last year's election season, which led to the leaking of thousands of emails to WikiLeaks. Aides close to the New York governor and the mayor are known to be avid users of the app.
But, more recently, aides to President Trump were embroiled in a legal brouhaha that led to some unease about the use of the encrypted messaging app conflicting with presidential record-keeping laws, leading in part to the government's chief archivist issuing fresh guidance to the newly incumbent administration.
Members of the Senate won't have that problem, however -- because they're exempt.
A spokesperson for the National Archives and Records Administration said on the phone Tuesday that for the most part members of Congress are permitted to do as they wish with their records so long as they are not "historically valuable," such as committee documents. That's in contrast to workers of the federal government and those who work directly with the president, both of whom are governed by federal and presidential record-keeping laws.
It's not known which senators and their staff have embraced Signal beyond staff in Wyden's office -- but it would be interesting to find out. Feel free to get in touch.
Contact me securely
Zack Whittaker can be reached securely on Signal and WhatsApp at 646-7558849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
Read more:
In encryption push, Senate staff can now use Signal for secure ... - ZDNet