Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

The FBI operation in which the agency intercepted messages from thousands of encrypted phones around the world was powered by cobbled together code. Motherboard has obtained that code and is now publishing sections of it that show how the FBI was able to create its honeypot. The code shows that the messages were secretly duplicated and sent to a ghost contact that was hidden from the users contact lists. This ghost user, in a way, was the FBI and its law enforcement partners, reading over the shoulder of organized criminals as they talked to each other.

Last year, the FBI and its international partners announced Operation Trojan Shield, in which the FBI secretly ran an encrypted phone company called Anom for years and used it to hoover up tens of millions of messages from Anom users. Anom was marketed to criminals, and ended up in the hands of over 300 criminal syndicates worldwide. The landmark operation has led to more than 1,000 arrests including alleged top tier drug traffickers and massive seizures of weapons, cash, narcotics, and luxury cars.

Motherboard has obtained this underlying code of the Anom app and is now publishing sections of it due to the public interest in understanding how law enforcement agencies are tackling the so-called Going Dark problem, where criminals use encryption to keep their communications out of the hands of the authorities. The code provides greater insight into the hurried nature of its development, the freely available online tools that Anoms developers copied for their own purposes, and how the relevant section of code copied the messages as part of one of the largest law enforcement operations ever.

Do you know anything else about Anom? Were you a user? Did you work for the company? Did you work on the investigation? Are you defending an alleged Anom user? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or emailjoseph.cox@vice.com.

The key part of the Anom app is a section called bot.

The app uses XMPP to communicate, a long-established protocol for sending instant messages. On top of that, Anom wrapped messages in a layer of encryption. XMPP works by having each contact use a handle that in some way looks like an email address. For Anom, these included an XMPP account for the customer support channel that Anom users could contact. Another of these was bot.

Unlike the support channel, bot hid itself from Anom users contact lists and operated in the background, according to the code and to photos of active Anom devices obtained by Motherboard. In practice the app scrolled through the users list of contacts, and when it came across the bot account, the app filtered that out and removed it from view.

That finding is corroborated by law enforcement files Motherboard obtained which say that bot was a hidden or ghost contact that made copies of Anom users messages.

Authorities have previously floated the idea of using a ghost contact to penetrate encrypted communications. In a November 2018 piece published on Lawfare, Ian Levy and Crispin Robinson, two senior officials from UK intelligence agency GCHQ, wrote that Its relatively easy for a service provider to silently add a law enforcement participant to a group chat or call, and You end up with everything still being end-to-end encrypted, but theres an extra end on this particular communication.

The code also shows that in the section that handles sending messages, the app attached location information to any message that is sent to bot. On top of that, the AndroidManifest.xml file in the app, which shows what permissions an app accesses, includes the permission for ACCESS_FINE_LOCATION. This confirms what Motherboard previously reported after reviewing thousands of pages of police files in an Anom-related investigation. Many of the intercepted Anom messages in those documents included the precise GPS location of the device at the time the message was sent.

In some cases, police officers reported that the Anom system failed to record those GPS locations correctly, but that authorities believe the coordinates are generally reliable as they have in some cases been matched with other information such as photos, according to those police files.

A lot of the code for handling communications was apparently copied from an open source messaging app.

The code itself is messy, with large chunks commented out and the app repeatedly logging debug messages to the phone itself.

Cooper Quintin, a senior staff technologist at activist organization the Electronic Frontier Foundation (EFF), didnt think it was unusual for developers to use other modules of code found online. But he did find it bonkers that the FBI used ordinary developers for this law enforcement operation.

This would be like if Raytheon hired the fireworks company down the street to make missile primers, but didnt tell them they were making missile primers, he said in a phone call. I would typically assume the FBI would want to keep tighter control on what theyre working on, such as working with inhouse computer engineers who had security clearance and not bringing in people who are unknowingly taking down criminal organizations, he added. (One reason for the use of third-party developers was that Anom already existed as a company in its own right, with coders hired by the companys creator who worked on an early version of the app, before the FBI became secretly involved in Anoms management).

Recently courts in Europe and Australia have seen the next step of the Anom operation: the prosecution of these alleged criminals with Anom messages making up much of the evidence against them. Defense lawyers in Australia have started legal requests to obtain the code of the Anom app itself, arguing that access to the code is important to determine that the messages being presented in court by the prosecution are accurate. The Australian Federal Police (AFP) has refused to release the code.

Anybody who has been charged with an offence arising from messages that are alleged to have been made on the so called Anom Platform has a clear and obvious interest in understanding how the device worked, how anyone was able to access these messages and most importantly whether the original accessing and subsequent dissemination of these messages to Australian authorities was lawful, Jennifer Stefanac, an Australian solicitor who is defending some of the people arrested as part of Operation Ironside, the Australian authorities side of the Anom operation, told Motherboard in an email.

A second lawyer handling Anom related cases said they didn't think the Anom code would be of much relevance to defendants cases. A third said they saw why defendants may seek access to the code, but that they believed it shouldnt be publicly available.

When asked for comment, the San Diego FBI told Motherboard in a statement that We appreciate the opportunity to provide feedback on potentially publishing portions of the Anom source code. We have significant concerns that releasing the entire source code would result in a number of situations not in the public interest like the exposure of sources and methods, as well as providing a playbook for others, to include criminal elements, to duplicate the application without the substantial time and resource investment necessary to create such an application. We believe producing snippets of the code could produce similar results.

Motherboard is not publishing the full code of Anom. Motherboard believes the code contains identifying information on who worked on the app. Most of the people who worked on the Anom app were not aware it was secretly an FBI tool for surveilling organized crime, and exposing their identities could put them at serious risk. Motherboard will not be releasing the app publicly or distributing it further.

Motherboard previously obtained one of the Anom phones from the secondary market after the law enforcement operation was announced. In that case, the phone had a locked bootloader, meaning it was more difficult to extract files from the device. For this new analysis of the code, a source provided a copy of the Anom APK as a standalone file which Motherboard then decompiled. Motherboard granted multiple sources in this piece anonymity to protect them from retaliation.

Decompiling an app is an everyday process used by reverse engineers to access the code used to construct an app. It can be used to fix problems with the software, find vulnerabilities, or generally to research how an app was put together. Two reverse engineering experts corroborated and elaborated upon Motherboards own analysis of the app.

Operation Trojan Shield has been widely successful. On top of the wave of arrests, authorities were also able to intervene using the messages and stop multiple planned murders. In June to mark the one year anniversary of the operations announcement, the AFP revealed it has shifted some of its focus to investigating thousands of people suspected of being linked to Italian organized crime in Australia and that it is working with international partners.

Subscribe to our cybersecurity podcast,CYBER. Subscribe toour new Twitch channel.

See the article here:
This Is the Code the FBI Used to Wiretap the World - VICE

Dive Brief:

The original Hive payload was previously used by large ransomware affiliates to attack organizations in healthcare and software.The Department of Health and Human Services in April warned healthcare organizations of the ransomware group and described it as exceptionally aggressive.

The new variant, which Microsoft discovered in multiple samples, has a low-detection rate and is more difficult for enterprises to accurately identify.

This migration is a sign that the gang is maturing, requiring more technical expertise and new skills to create ever more sophisticated ransomware, said Michela Menting, research director at ABI Research.

A complete overhaul, including the use of a new programming language, takes time and resources. This suggests the group behind Hive has a long-term plan that bodes ill for organizations.

It is highly likely that the gang is seeking to entrench itself into the ransomware market and ensure longevity, Menting said.

Rust provides Hive and other ransomware payloads with deep control over low-level resources. The latest Hive variant also introduces a new cryptography mechanism, according to Microsoft.

Instead of embedding an encrypted key in each file it encrypts, it generates two sets of keys in memory, uses them to encrypt files, and then encrypts and writes the sets to the root of the drive it encrypts, both with .key extension, the company wrote on its blog.

Rust is especially effective at processing large amounts of data, a key advantage for ransomware gangs that aim to encrypt as much data as they can in the shortest time possible, Menting said.

The programming language is also more difficult to master, making it harder for security companies and competing ransomware groups to reverse engineer the code.

More here:
Hive ransomware group migrates code to Rust, accelerating data encryption - Cybersecurity Dive

The homomorphic encryptionmarketreport contains detailed information on factors influencing demand, growth, opportunities, challenges, and restraints. It provides detailed information about the structure and prospects for global and regional industries. In addition, the report includes data on research & development, new product launches, product responses from the global and local markets by leading players. The structured analysis offers a graphical representation and a diagrammatic breakdown of theHomomorphic encryptionmarketby region.

The global homomorphic encryption market has valued at USD 117.8 million in 2016 and is expected to grow at USD 268.3 million at a 7.55% CAGR by 2027.

The digital economy affects the worlds trajectory and the societal well-being of common citizens. In addition, it influences everything from resource assignment to income allocation and economic growth. The adoption of the Internet of Things is pushing significant market growth. Additionally, in 5-10 years, the latest technologies such as robotics, AI, and augmented reality can illustrate around 27% of ICT spending. Consumer demand for access to content and products at any time and from any location is propelling the ICT market forward. The ICT sector is lucrative for vendors since it has about 7 billion mobile subscribers and 3 billion Internet, users.

Despite just marginal pay growth from US$ 66 per hour in 2005 to US$ 71.8 per hour in 2015, the U.S. economy has maintained its leadership position in the global economy. Prior investments in mobile operating systems and internet infrastructure have also aided China and India in reaping the benefits of prior ICT sector structural expenditures.

The United States has delivered gradual and steady economic growth within and beyond information technology since emerging from the global financial crisis. According to figures from the Bureau of Economic Analysis, the U.S. economy increased by 2.5 percent between 2010 and 2018.

Request To Download Sample of This Strategic Report:-https://reportocean.com/industry-verticals/sample-request?report_id=19310

IntroductionThe homomorphic encryption is a security form of encryption process which facilitates the execution of computations via cipher text to generate an encrypted output. It aids to manage the data to have authorized access without compromising the data. Homomorphic encryption is extensively used for valuable data security. Data encryption transforms data into a form or a code so that it is only accessible to people who have the password.

Homomorphic encryption secures the data and improves the privacy during data transmission. For instance, in the Banking sector, the total account value is encoded for a customer using a private key, and the data can be decoded only by using a password. Similarly, the privacy of data via homomorphic encryption can also implemented in the voting system for a secured transmission of data.The integration of cloud computing with the encryption process has a lot of advantages such as low cost, easy maintenance, and re-provisioning of resources. Also, industries such as banking & finance, healthcare, manufacturing among others are providing a huge amount of investment to secure their data on cloud. Therefore, the growing investment in cloud-based industries is propelling the homomorphic encryption market across the world. On the other hand, exposure to malware is a major risk for the homomorphic encryption, for which additional security is often added on to the encryption. For instance, during elections, in case of e-voting, the data is safeguarded with additive homomorphic encryption. Unfortunately, if one of the voting booths get infected with malware then the votes can be manipulated effortlessly before the process of decryption. Such situations can be a threat to the homomorphic cryptosystem used in the banking and finance sector. Hence, vulnerability to malware could be a challenging factor over the next few years.The global homomorphic encryption market has valued at USD 117.8 million in 2016 and is expected to grow at USD 268.3 million at a 7.55% CAGR by 2027.

Key PlayersThe key players of homomorphic encryption market include Gemalto (The Netherlands), Oracle Corporation (U.S.), Microsoft Corporation (U.S.), IBM Corporation (U.S.), Galois Incorporation (U.S.), CryptoExperts (France.), Netskope (U.S.).

Global Homomorphic Encryption Market Analysis & Forecast, from 2016 to 2027> To provide detailed analysis of the market structure along with forecast of the various segments and sub-segments of the homomorphic encryption market> To provide insights about factors affecting the market growth> To analyze the homomorphic encryption market based on porters five force analysis etc.> To provide historical and forecast revenue of the market segments and sub-segments with respect to four main geographies and their countries- North America, Europe, Asia, and Rest of the World> To provide country level analysis of the market with respect to the current market size and future prospective> To provide country level analysis of the market for segment on the basis of energy sources and application.> To provide strategic profiling of key players in the market, comprehensively analyzing their core competencies, and drawing a competitive landscape for the market> To track and analyze competitive developments such as joint ventures, strategic alliances, mergers and acquisitions, new product developments, and research and developments in the homomorphic encryption market.

Download Free Sample Report, SPECIAL OFFER (Avail an Up-to 30% discount on this report:-https://reportocean.com/industry-verticals/sample-request?report_id=19310

Target Audience> Manufacturing Companies> Software Developers> Technology Providers> Distributors> Research firms> Consultancy firms> Stakeholders> End-use sectors> Technology Investors

Key Findings> The global homomorphic encryption market is expected to reach approximately USD 270 million by 2027.> By type, fully homomorphic encryption segment market accounts for the largest market share and is growing with 8.49% CAGR during forecast period.> By application, banking and finance sub-segment holds the largest market share and is growing with 8.67% CAGR during the forecast period.> Geographically, North America region has been projected to hold the largest market share in global homomorphic encryption market followed by Europe region, while Asia Pacific has emerged as fastest growing market during forecast period.

Regional and Country-level Analysis of Homomorphic Encryption Market- Estimation & ForecastThe homomorphic encryption market is growing with a positive growth in all the regions. Increased adoption and advancements in technology associated with the government support to enhance the security system are driving the market on a global scale. On the basis of region, the market has been segmented into North America, Europe, Asia Pacific, and the Rest of the World. North America is dominating the global Homomorphic Encryption market share, owing to a constant growth rate, improved medical facilities, surging private sector investments, high exports and rising number of small and medium scale enterprises. Europe follows soon after which stands as the second biggest market due to the growing security concerns whereas, Asia Pacific follows as the fastest growing region, this growth is attributed to rapid industrialization and a huge customer base in the emerging economies such as China, India, and South Korea.

The reports also cover country-level analysis:> North Americao U.S.o Canadao Mexico> Europeo U.Ko Germanyo Franceo Rest of the Europe> Asia Pacifico Chinao Indiao Japano Rest of Asia Pacifico South Korea> Rest of the World

Access full Report Description, TOC, Table of Figure, Chart, etc. @:-https://reportocean.com/industry-verticals/sample-request?report_id=19310

What is the goal of the report?

The market report presents the estimated size of the ICT market at the end of the forecast period. The report also examines historical and current market sizes. During the forecast period, the report analyzes the growth rate, market size, and market valuation. The report presents current trends in the industry and the future potential of the North America, Asia Pacific, Europe, Latin America, and the Middle East and Africa markets. The report offers a comprehensive view of the market based on geographic scope, market segmentation, and key player financial performance.

Factors Influencing

The global market is forecast to witness a rapid growth, owing to increasing demand for technological advancements from end-users. Moreover, increasing investments in research and development activities, launches, partnerships, and other strategic initiatives will benefit the market.Furthermore, the growing focus of authorities towards increasing urbanization and industrialization is forecast to drive the market growth.

COVID-19 Impact Analysis

The COVID-19 pandemic has affected almost every industry. The market witnessed a significant decline in investments, mainly in the energy and power sector. According to the estimations by the International Energy Agency, investments in the energy and power domain are projected to decrease by 10% in 2020 as compared to the pre-pandemic statistics. This indicate the condition of global marketplace along with severe challenges faced during pandemic.

Regional Analysis

Asia-Pacific market is forecast to emerge as rapidly growing region in global market, owing to governments initiatives towards increasing urbanization and growing population leading to increasing demand of energy-based products and services. Also, North America is forecast to grow rapidly because of high energy consumption in the region and technological advancements across the sector. Energy consumption has been increasing in the region, mainly in the US; the primary energy consumption is segmented on the basis of nuclear electric power, petroleum, coal, renewable energy, and natural gas. The petroleum and natural gas segment is dominating the overall sector. In the mix of energy sources, petroleum accounts for around 35% of the overall consumption, whereas natural gas accounts for 34%.

Access Full Report, here:-https://reportocean.com/industry-verticals/sample-request?report_id=19310

About Report Ocean:We are the best market research reports provider in the industry. Report Ocean believes in providing quality reports to clients to meet the top line and bottom line goals which will boost your market share in todays competitive environment. Report Ocean is a one-stop solution for individuals, organizations, and industries that are looking for innovative market research reports.

Get in Touch with Us:Report Ocean:Email:sales@reportocean.comAddress: 500 N Michigan Ave, Suite 600, Chicago, Illinois 60611 UNITED STATESTel: +1 888 212 3539 (US TOLL FREE)Website:https://www.reportocean.com/

See the original post:
Homomorphic Encryption Market | Amazing Deal with 30% discount | Inclinations and Development Status Highlighted During Forecast Period till 2030 ...

Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can only be accessed by customers, even if its main system is taken over by law enforcement or others.

The design of the service, however, falls short of that promise thanks to poorly implemented encryption. Cryptography experts at ETH Zurich in Switzerland on Tuesday published a paper describing five possible attacks that can compromise the confidentiality of users' files.

The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "significant shortcomings in Megas cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files.

The findings, detailed on a separate website, proved sufficiently severe that Kim Dotcom, no longer affiliated with the file storage company, advised potential users of the service to stay away.

Mega chief architect Mathias Ortmann meanwhile published a blog post announcing a client software update addressing three of the five flaws identified by the researchers, promising further mitigations, and thanked the ETH Zurich boffins for responsibly reporting their findings.

"The first two attacks exploit the lack of integrity protection of ciphertexts containing keys (henceforth referred to as key ciphertexts), and allow full compromise of all user keys encrypted with the master key, leading to a complete break of data confidentiality in the MEGA system," the paper explains. "The next two attacks breach the integrity of file ciphertexts and allow a malicious service provider to insert chosen files into users cloud storage. The last attack is a Bleichenbacher-style attack against MEGAs RSA encryption mechanism."

The major issue here is that Mega's method for deriving the various cryptographic keys used to authenticate and encrypt files fails to check for key integrity. So a malicious server can tamper with the RSA private key and make it leak information.

The first issue is an RSA Key Recovery Attack. It allows an attacker controlling the Mega API or able to mount a TLS MiTM attack on the client, to abuse the authentication protocol to extract the user's private key. This is done by constructing an oracle a mathematical data leak to gather one bit of information per login attempt about a factor of the RSA modulus an integer that's the product of two primes used to generate the cryptographic key pair.

This attack takes at least 512 login attempts to carry out. Mega in its post cites this figure to suggest the attack is difficult to carry out but the ETH researchers note that it's possible to further manipulate Mega's software to force the client to log in repeatedly, allowing the attack to fully reveal a key within a few minutes.

The second is a Plaintext Recovery Attack. "Building on the previous vulnerability, the malicious service provider can recover any plaintext encrypted with AES-ECB under a users master key," the paper explains.

"This includes all node keys used for encrypting files and folders (including unshared ones not affected by the previous attack), as well as the private Ed25519 signature and Curve25519 chat key. As a consequence, the confidentiality of all user data protected by these keys, such as files and chat messages, is lost."

Attacks three and four allow a malicious service provider to "break the integrity of the file encryption scheme and insert arbitrary files into the users file storage which pass the authenticity checks during decryption. This enables framing of the user by inserting controversial, illegal, or compromising material into their file storage."

While this may sound outlandish, framing political opponents with fabricated evidence has been documented and represents a real threat.

The fifth attack is described as "a new Guess-and-Purge variant of Bleichenbachers attack." It relies on a lot of guesses (2^17) to decrypt node and chat keys.

Proof-of-concept code for these attacks has been published on GitHub.

Ortmann said Mega intends to release a client fix for attack number four and to remove the legacy code that allows attack number five.

Paterson, via Twitter said Mega has taken some steps to address these attacks but expressed disappointment that the company hasn't committed to a thorough overhaul of its approach because its cryptography is "pretty fragile."

"On the other hand, to fix everything thoroughly, all of [Mega's] customers would have to download all their files, re-encrypt them, and upload them again," he said. "With 1000 Petabytes of data to deal with, that's going to hurt."

Paterson and his colleagues argue that companies should work to standardize secure cloud storage to avoid repeated ad hoc implementations that repeat the same errors.

"We believe that this would be the easiest path to avoid attacks stemming from the lack of expert knowledge among developers, and that it would enable users to finally have confidence that their data remains just that theirs," the paper concludes.

Read this article:
Mega's unbreakable encryption proves to be anything but - The Register