Page 10«..9101112..2030..»

Device encryption in Windows 10 –

What is device encryption?

Device encryptionhelps protect your data, and it'savailable on a wide range of Windows devices. If you turn on device encryption, the data on your device can only be accessed by people who've beenauthorized.If device encryption isn't available on your device, you may be able to turn on standard BitLocker encryption instead.

Note:BitLocker is not available on Windows 10 Home edition.

Device encryption is available on supported devices running any Windows 10 edition. If you want to use standard BitLocker encryption instead, it'savailable on supported devices running Windows 10 Pro, Enterprise, or Education. Some devices have both types of encryption. For example, a Surface Prowhich runs Windows 10 Prohas both the simplified device encryption experience, and the full BitLocker management controls. Not sure which version of Windows you have? SeeWhich Windows operating system am I running?

In the search box on the taskbar, type System Information, right-click System Informationin the list of results, then selectRun as administrator. Or you can select theStartbutton, and then under Windows Administrative Tools, select System Information.

At the bottom of the System Information window, findDevice Encryption Support. If the value says Meets prerequisites, then device encryption is available on your device. If it isn't available, you may be able to use standard BitLocker encryption instead.

Sign in to Windows with an administrator account (you may have to sign out and back in to switch accounts). For more info, seeCreate a local or administrator account in Windows 10.

Select theStart button, then selectSettings > Update & Security > Device encryption. If Device encryption doesn't appear, it isn't available. You may be able toturn on standard BitLocker encryption instead.

If device encryption is turned off, select Turn on.

Sign in to your Windows device with an administrator account (you may have to sign out and back in to switch accounts). For more info, seeCreate a local or administrator account in Windows 10.

In the search box on the taskbar, type Manage BitLocker and then select it from the list of results. Or you can select theStartbutton, and then under Windows System, select Control Panel. In Control Panel, select System and Security, and then under BitLocker Drive Encryption, select Manage BitLocker.

Note:You'll only see this option if BitLocker is available for your device. Itisn't available on Windows 10 Home edition.

Select Turn on BitLocker and then follow the instructions. (If BitLocker is turned on and you want to turn it off, select Turn off BitLocker.)

If your device requires a recovery key to unlock, see Find your recovery key.

Go here to read the rest:
Device encryption in Windows 10 -

Read More..

How to Encrypt Files, Folders and Drives on Windows 10 …

One of the best ways to protect your privacy is to encrypt important information on your computer. Whether you need to send personal information to someone, or simply want to make sure that no one who gets access to your computer can see stuff you would rather keep private, encryption is the way to go.

Editors Note:Guest author Heinrich Long is a writer at Restore Privacy, a blog dedicated to inform about best online privacy practices, secure your electronic devices, unblock restricted content and defeat censorship.

As a Windows 10 user, you have numerous options for encrypting information. In this guide we will show you ways to encrypt individual files, file folders, and even entire disk drives. Each approach has its own benefits and drawbacks, so well cover those, too. That way, youll have a better sense of which type of encryption you will need for various situations. Before we go further, here are a couple of points to keep in mind:

Now lets talk about when to use the three types of encryption that you can use:

As the name implies, individual file encryption refers to encrypting one file at a time. Each file has its own password or key.

Individual file encryption is great for files you plan to share or store in the cloud. Windows 10 users can encrypt individual files using a tool like 7-zip. You can also encrypt individual Microsoft Office files from within their apps, although this is better suited to casual person use than protection against serious adversaries.

Next up is folder level encryption. This approach involves encrypting everything that is stored in a folder. Passwords or keys are assigned to the folder, not individual files.

Folder encryption is a great organizational tool. For example, you could create a different encrypted folder for each member of your family. Give Sally only the password for her folder, and Jimmy only the password for his, and each can have their own private space on the same device.

Note that storing a file in an encrypted folder doesnt prevent you from also encrypting files individually.

Hard drive or disk encryption protects the entire drive at once. To use a device with an encrypted hard drive you would need to enter the password or key when you logged on, or nothing on the disk would be accessible.

This kind of encryption is a good first line of defense in case of theft. If someone stole your laptop, or ripped the drives out of one of your servers, they would need to defeat the hard drive encryption to get any data at all.

You can still apply folder level encryption and individual file encryption to an encrypted disk.

Before we dive into the details of file encryption, we need to make an important note on passwords. You need to be using a good password manager, along with good password hygiene.

Why is that? Well, if you lose or forget the password for accessing your encrypted files, then theyll probably be gone for good. A good password manager is critical. Weve reviewed many options, including 1Password, LastPass, and many more.

See our guide on the best password managers for the top recommendations and step-by-step information for good password management. Now that weve hit the basics, it is time for some specifics. Lets start with

Your options for encrypting files and folders on Windows 10 devices depend on which version of Windows 10 you have. Windows 10 Pro and Enterprise users have a built-in encryption tool called the Encrypting File System (EFS). Any Windows 10 user, including those with the Home edition, can also use third-party apps such as 7-zip for file and folder encryption.

Beyond these options, Microsoft Office apps have a basic file locking / encryption feature built in, as does Adobe Acrobat. Well round out our coverage of Windows 10 encryption by taking a look at these.

The Encrypting File System (EFS) is built into the Professional and Enterprise versions of Windows 10. It is treated as an Advanced feature of the Windows File Explorer. This makes a lot of sense, since used carelessly, EFS can leave you with files you can never access again.

EFS does all its encryption work in the background, including automatically creating a File Encryption Key (FEK), and encrypting that key so only the account that encrypted the file can decrypt it. All this happens automatically and transparently.

Aside from a lock symbol that appears in the File Explorer next to a file or folder that is encrypted, there is no easy way to tell that a file or folder is encrypted with EFS.

Unfortunately, EFS has some quirks that make it a less than ideal choice for many uses. Knowing what these are will help you decide whether EFS is the answer to your Windows 10 file encryption needs:

If these quirks havent scared you away, heres how to encrypt files and folders with EFS:

That is all you need to do, from now on, the encrypted file or folder will appear encrypted to anyone other than the user account that encrypted the item in the first place.

7-zip is a freeware file compression program that can also encrypt files and folders using AES-256 encryption, which is the industry standard for most encrypted systems. If you plan to use 7-zip to encrypt files or folders you should know that the process creates an encrypted copy of the file or folder. The original, unencrypted file or folder is unchanged.

If you are creating the encrypted item because you plan to send it somewhere, or store it in the cloud or something like that, this is fine. But if your goal is to protect the files and folders on your own device, this isnt ideal.

In the rest of this section, well first look at how to encrypt files and folders with 7-zip. After that well talk about what else you need to do if your goal is to protect the files and folders on your own device. The following instructions assume you already have 7-zip installed on your system. If not, you can download it here.

The result of encrypting something with 7-zip the way we did here is a zipped archive that is AES-256 encrypted. This archive appears in the same folder as the file or folder that you encrypted, alongside the original file or folder. What this means to you depends on what you plan to do with the encrypted file or folder.

If you created the archive to share copies of the file or folder, this is fine. Just send the archive to the recipient. Assuming they have 7-zip or a similar program on their system (and you securely conveyed the password to them somehow), they will be able to unzip the archive, then double-click the file to enter the password in a dialog box like this one:

Once they do that, the operating system should open the file in whatever app is appropriate, and the recipient can view it, or save it, or do whatever is necessary with it. Note that they will still have the encrypted files on their system as well.

If you created the archive to protect the files or folders on your system, you should skip down to the section titled, Eliminate any possible unencrypted copies of the file once you are done encrypting files and follow the instructions there to make sure no unencrypted copies of things are lying around where some snoop can find them.

Some applications now have options to encrypt the types of files they themselves use. For example, Microsoft Word can encrypt Word files, and Adobe Acrobat can encrypt PDF files. Well demonstrate this below.

Lets use Microsoft Word to show how it is done by encrypting a simple Word document.

From now on, the only way to view this document will be by entering the password when prompted from within a Microsoft Office application that supports the unencrypted file type. But please see the next section to eliminate any possible unencrypted copies of the file on your computer.

If you use 7-zip or Microsoft Office to encrypt files, it is likely that Windows 10 still has one or more temporary copies of the unencrypted files stashed on the disk. To be safe, you will want to delete all temporary files once you are done encrypting things.

When it comes to disk encryption on Windows 10, BitLocker Device Encryption is the tool that Microsoft provides. Built into Windows 10 Pro and Enterprise, BitLocker Device Encryption does exactly what it sounds like it encrypts all the storage devices in your system.

This sounds ideal, but there are some drawbacks to using BitLocker.

Happily for us, there is a great alternative available. Called VeraCrypt, it addresses all of the drawbacks we just saw:

VeraCrypt is Free, Open Source Software (FOSS), which we really like. Without getting into the OpenSource vs Proprietary software argument that plagues the computer world, from our perspective, FOSS software is generally considered more secure, and of course is free to use. Once VeraCrypt is installed, all you need to do is enter your VeraCrypt password whenever you start the computer.

Given all that, you know where were going with this. In the following section well walk you through installing VeraCrypt on one of our lab machines. Ready?

While installing VeraCrypt is much simpler than the alternative, there is more to it than just launching an installer and pressing Okay a few times. And if you mess up, there is a chance you will lose files or even access to the entire disk drive.

We suggest you read through the instructions that follow before starting the process. If you are not confident you can complete the steps shown, or if you have a bad habit of losing important passwords, it is better to skip this type of encryption.

Here are the steps to install VeraCrypt on Windows 10:

Encrypting important information is one of the best things you can do to protect yourself from everyone who is trying so hard to get their hands on your personal information.

In this guide we covered techniques that Windows 10 users can use to encrypt individual files, folders, and entire drives on their Windows systems. While no one can guarantee that your data will be 100% safe against any and all attacks, the simple act of encrypting your most important data can make a big difference.

Masthead credit: eamesBot

Read the original:
How to Encrypt Files, Folders and Drives on Windows 10 ...

Read More..

Countering disinformation and protecting democratic communication on encrypted messaging applications – Brookings Institution


Encrypted messaging applications (EMAs) that rely on end-to-end encryption (E2EE), like Signal, Telegram, and WhatsApp, offer a level of intimacy and security that have made them remarkably popular among activists and others who want to communicate without fear of government surveillance. These qualities also make them a useful vector for disinformation: they offer a means of spreading untraceable claims to users via trusted contacts in a secure environment. This policy brief argues that successfully countering disinformation on EMAs does not require undermining this stronger form of encryption.

Although EMAs typically end-to-end encrypt the content of private messages, they often do not encrypt the metadata of those messages. Interventions based on that metadata show particular promise. Metadata-based forwarding limits on WhatsApp, for instance, appear to have slowed the proliferation of disinformation in India and elsewhere. Third-party evaluations of such approaches are needed to develop and guide best practices for use on other platforms, particularly given criticism of, and broader worry surrounding, WhatsApps use of said metadata.

Disinformation campaigns on EMAs are successful primarily because of the intimacy and trust they afford. Regulatory responses to disinformation EMAs should therefore target how that trust is leveraged, rather than EMAs use of E2EE. For example, stricter advertising disclosure laws would prevent influence farms coordinating on EMAs from spreading untraceable political messaging.

See the original post:
Countering disinformation and protecting democratic communication on encrypted messaging applications - Brookings Institution

Read More..

2021 Hong Kong Encryption Trends: As cyber threats grow, Hong Kong outpaces the world in enterprise encrypt… – Security Boulevard

The digital landscape has changed in profound ways over the past year, and the pace of change isnt likely to slow down any time soon. So there is no better time to look deeper into the changing threat landscape and solutions highlighted in the Entrust 2021 Hong Kong Encryption Trends Study, part of the 16th annual multinational survey by the Ponemon Institute. The study reports on the cybersecurity challenges organisations face today, and how and why organisations deploy encryption.

Identified threats and prioritiesMore than half (54%) of Hong Kong enterprises report having consistently applied encryption strategies, well ahead of the global average (50%) for the second year running. This is not surprising, with a fast-rising number of IT professionals in Hong Kong citing compliance with external privacy or data security regulations (39% from 30% last year) as driving their encryption use, the second fastest growth worldwide in the survey.

When it comes to selecting encryption tools, organisations in Hong Kong seek out a few specific features more than the global averages. Most notably, more than three-quarters of respondents say they want encryption tools that are scalable, and they also show a strong preference for products that offer hardware-based tamper resistance, such as hardware security modules (HSMs).

However, the rapid rise of encryption tools and applications comes at a price. On average, organisations reported having eight different products that perform encryption. We see this pain point when talking with our customers there are many good tools, but not enough people to use, learn, and implement them to avoid exposing the sensitive data they are protecting in the first place.

The pain of encryption: the key management problemPerhaps not surprisingly given the high rate of enterprise encryption adoption, two-thirds of organisations in Hong Kong rate their level of key management pain as a 7 or higher (out of 10). This is up from 61% last year and higher than this years global average of 56%, but the next step is locating the source of the pain.

Three-quarters of organisations say that it is concerns about ownership that make key management painful. Thats 10% above the global average and this is the second straight year its been the top reason in Hong Kong. Also, well over half (58%) of respondents say that key management tools are inadequate, and more than half say that systems are isolated and fragmented, both of these being above the global average.

The rise of the hardware security module (HSM) solutionTo solve the issue of effective encryption with painless key management, more organisations in Hong Kong are deploying hardware security modules (HSMs).

Four out of ten of organisations in Hong Kong use HSMs, up from 34% last year. Although this is lower than the global adoption rate of 49%, it represents the second highest growth from the regions surveyed since last year showing that the many benefits of HSMs, especially in the role of key management, are being recognized in the region.

Other use cases for HSMs continue to grow, in some cases very significantly. Over the next 12 months, organisations anticipate greater use of HSMs for several use cases, led by TLS/SSL going from 38% to 78% year over year, the largest expected increase of any use case. Other leading use cases include database encryption (increasing from 25% to 45%), blockchain applications (from 13% to 30%) and payment transaction processing or payment credential issuing/provisioning (expected to increase from 26% to 40%).

The way forwardBest practices, more than ever, need to focus not just on effective encryption, but also securing an organisations encryption and signing keys. It is clear that Hong Kong enterprises are doing whatever they can to simplify their encryption strategy, mitigate manual process where mistakes can often be mange, and having a genuine focus to do encryption right is a huge step forward to protecting enterprises data against attacks, misuse, and breaches.

However, these strategies in themselves bring forward new challenges associated with discovering where sensitive data resides, effective deployment of encryption technology, and resolving the pain of key ownership and inadequate key management tools.

As they deploy encryption for databases, containers and cloud applications, organisations in the region seek encryption solutions that offer scalability, tamper resistance with an HSM, but as cloud use increases, organisations prefer to own and manage the HSMs used to protect cloud applications.

Read the full Hong Kong Encryption Trends Study here and its companion 2021 Global Trends Study to learn more.

The post 2021 Hong Kong Encryption Trends: As cyber threats grow, Hong Kong outpaces the world in enterprise encryption strategies. appeared first on Entrust Blog.

*** This is a Security Bloggers Network syndicated blog from Entrust Blog authored by Jiro Shindo. Read the original post at:

Read more from the original source:
2021 Hong Kong Encryption Trends: As cyber threats grow, Hong Kong outpaces the world in enterprise encrypt... - Security Boulevard

Read More..

FBI, Australian Police Ran A Backdoored Encrypted Chat Service For Three Years – Techdirt

from the we've-got-a-server-on-the-inside-[wink] dept

Recently unsealed documents have revealed the FBI and the Australian Federal Police ran a backdoored encrypted communications service for more than three years, resulting in dozens of arrests and several large drug busts. Here's a brief summary via Joseph Cox for Motherboard.

For years the FBI has secretly run an encrypted communications app used by organized crime in order to surreptitiously collect its users' messages and monitor criminals' activity on a massive scale, according to a newly unsealed court document. In all, the elaborate operation netted more than 20 million messages from over 11,800 devices used by suspected criminals.

This honeypot/chat app went into development following law enforcement's takedown of other encrypted phone providers like Phantom Secure and Sky Global. According to the unsealed warrant [PDF] targeting a Gmail account of a suspect, the backdoored communications offering was the direct result of the indictment of Vincent Ramos, the CEO of Phantom Secure.

After Ramos was arrested, San Diego FBI agents recruited a Confidential Human Source (CHS) who had been developing the next generation encrypted communications product, poised to compete for market share against established hardened encrypted device competitors. At the time, the void created by Phantom Secures dismantlement provided a new opportunity for criminal users to switch to a new, secure brand of device. The CHS previously distributed both Phantom Secure and Sky Global devices to TCOs [transnational criminal organizations] and had invested a substantial amount of money into the development of a new hardened encrypted device. The CHS offered this next generation device, named Anom, to the FBI to use in ongoing and new investigations. The CHS also agreed to offer to distribute Anom devices to some of the CHSs existing network of distributors of encrypted communications devices, all of whom have direct links to TCOs.

ANoM was first distributed to criminals in Australia by the FBI's source. But not before both the FBI and AFP added interception capabilities.

The FBI opened a new covert investigation, Operation Trojan Shield, which centered on exploiting Anom by inserting it into criminal networks and working with international partners, including the Australian Federal Police (AFP), to monitor the communications. Before the device could be put to use, however, the FBI, AFP, and the CHS built a master key into the existing encryption system which surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted. A user of Anom is unaware of this capability. By design, as part of the Trojan Shield investigation, for devices located outside of the United States, an encrypted BCC of the message is routed to an iBot server located outside of the United States, where it is decrypted from the CHSs encryption code and then immediately re-encrypted with FBI encryption code. The newly encrypted message then passes to a second FBI-owned iBot server, where it is decrypted and its content available for viewing in the first instance.

The investigation began in Australia with the AFP intercepting messages, utilizing the expanded powers given to it by 2018's Telecommunications and Other Legislation Amendment (TOLA) to secure permission to intercept every communication carried by the ANoM devices. But the permission it received had limits. It was only able to "discuss generally" the content of the intercepted communications, rather than share them directly with the FBI.

As more devices made their way into the hands of suspected criminals, the FBI began performing its own interceptions. But it didn't do it directly. Instead, it asked an unnamed third country to perform the interception for it with the understanding it would hand over intercepted communications to the FBI.

[T]he FBI itself was not yet reviewing any of the decrypted content of Anoms criminal users. Also by summer of 2019, the investigative team engaged representatives from a third country to receive an iBot server of its own and obtain the contents of communications occurring between Anom users The third country agreed to obtain a court order in accordance with its own legal framework to copy an iBot server located there and provide a copy to the FBI pursuant to a Mutual Legal Assistance Treaty (MLAT). Unlike the Australian beta test, the third country would not review the content in the first instance. FBI geo-fenced the U.S., meaning that any outgoing messages from a device with a U.S. MCC would not have any communications on the FBI iBot server.


In October 2019, the third country obtained a court order which enabled the copying of the iBot server and the receipt of its contents every two to three days. The initial MLAT between the U.S. and the third country authorized FBI to receive data from October 7, 2019, through January 7, 2020. [...]

Since October 2019, the third country has obtained additional court order pursuant to its own laws to copy the iBot server and the United States has obtained the server data pursuant to additional MLATs. The third country provides Anom server data to the FBI every Monday, Wednesday, and Friday, and will continue to do so until the expiration of the third countrys court order on June 7, 2021. This data comprises the encrypted messages of all of the users of Anoms with a few exceptions (e.g., the messages of approximately 15 Anom users in the U.S. sent to any other Anom device are not reviewed by FBI).

The 15 or so users in the US were monitored by the Australian Federal Police for "any threats to life" and this information "shared generally" with the FBI. Once this was all in place, the FBI was soon swimming in intercepted messages from all over the world.

Since October 2019, the FBI has reviewed the content from the iBot server in the third country pursuant to the MLAT. They have translated the messages (where necessary and where translations are available) and have catalogued more than 20 million messages from a total of 11,800 devices (with approximately 9000 active devices currently) located in over 90 countries.

The affidavit notes that most of ANoM's users reside in Serbia, Germany, Netherlands, Spain, and Australia. Other than Australia, no other country (or their applicable laws/legal processes) are discussed.

There's a whole lot of criminal activity being discussed using these devices. And not all of it is directly drug-related.

[T]he review of Anom messages has initiated numerous high-level public corruption cases in several countries. The most prominent distributors are currently being investigated by the FBI for participating in an enterprise which promotes international drug trafficking, money laundering, and obstruction of justice.


From those messages, more than 450,000 photos have been sent detailing conversations on other encrypted platforms discussing criminal activity, cryptocurrency transactions, bulk cash smuggling, law enforcement corruption , and self-identification information.

Yep. Law enforcement corruption.

Information reviewed on the platform has revealed law enforcement sensitive information passed to TCOs, such as reports and warrants. TCOs have also been notified of anticipated enforcement actions against the TCO or other criminal associates.

This multi-national investigation shows it's still possible to take down criminal organizations despite their use of encrypted communications. One solution for law enforcement appears to be to "roll your own" -- one that allows investigators to listen in on conversations as they happen.

Thank you for reading this Techdirt post. With so many things competing for everyones attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise and every little bit helps. Thank you.

The Techdirt Team

Filed Under: australia, backdoor, encrypted chat, encryption, fbi, honeypotCompanies: anom

Follow this link:
FBI, Australian Police Ran A Backdoored Encrypted Chat Service For Three Years - Techdirt

Read More..

New beta reveals more info about upcoming end-to-end encrypted backups in WhatsApp – TechRadar

We have known for some time that WhatsApp is working to bring a new secure backup option to the chat service. Just like chats themselves, backups will soon be protected with end-to-end encryption, greatly reducing the risk of backed up messages and media being seen by unwanted third parties.

Hints at just how end-to-end encrypted backups will be implemented in WhatsApp have been visible in numerous beta versions, and the latest preview build of the app provides even more information.

It is the latest beta release of the Android version of WhatsApp that gives us a glimpse into the future. From this most recent build, we can see that WhatsApp will be giving users the ability to view the encryption key that has been used to protect their backups, making it possible to make a note of it.

When saving backups to Google Drive, WhatsApp will use a hexadecimal key for encryption. This is a fairly standard way of formatting encryption keys, and in the case of WhatsApp as we can see from screenshots shared by WABetaInfo keys will be 64 characters long. The image also show that WhatsApp will remind users that keys are made up of digits and lowercase letters between a and f; this reminder serves to help people avoid typing the letter O in place of the digit 0.

The Android app gives us an insight into what is being worked on at the moment this time around. Based on past experience, however, it is fairly safe to assume that anything we see introduced in the Android app will also make its way to the iOS version of the app although not necessarily at the same time.

If you're interested in taking part in the beta program, you can sign up here.

Via WABetaInfo

Originally posted here:
New beta reveals more info about upcoming end-to-end encrypted backups in WhatsApp - TechRadar

Read More..

Hacking, encryption and threat of attack: What the dead Israeli intel officer did before he was drafted – Haaretz

The mystery behind the jailing and death of the Israeli army intelligence officer has yet to be revealed. The Israel Defense Forces has yet to tell the public what offenses he committed and what led to his death in a prison cell.

The media have reported that friends and colleagues regarded him as a computer genius who completed his bachelors degree in computer science while still in high school. But what areas of technology did he specialize in before he was drafted? What tasks was he actually performing? What interested him?

The military courthas banned the media from publishingthe officers name, age or picture, but those questions can be partly answered by looking at his public activity on the GitHub programmer platform and other online forums.

Although it cant be revealed, the officer consistently used the same user name on the internet. His past work is still online and it may also have caught the attention of the military intelligence officials that enlisted him. It shows that one of the jobs he worked on was breaking into Israels smart transportation card - the Rav-Kav, a contactless-card-based electronic payments system used for public transportation. The system is based on the NFC protocol. Another project that he worked on was to enable an iPhone to read such cards.

He was a phenomenon, a software genius. What he did just between the ages of 14 and 19, most people wouldnt have been able to do for many years, said a software engineer who examined his online work.

Eleven years ago, he worked on a project based on open-source code in the programming language C. Its aim was to hack into the iPhone 4. I dont know if it really worked, but it looks serious, said the engineer, who asked not to be named.

Six years ago, he wrote in Java script a system that works with text, encrypts it by all sorts of methods and then performs statistical analyzes on it, probably for the purpose of encryption testing or for trying to break a code.

At that time, he also wrote a system that tried to hack into the Rav-Kav and similar smart cards. He did other projects based on open source in [the programming languages] Python and Java, working with databases, reading NFC devices, etc., he said.

The officer was arrested last September and indicted the same month on serious national security violations, the substance of which has been barred from publication. What has been made public is that the allegations involvedserious damageto Israels national security. The army says that its investigation revealed that the officer was aware how serious the harm was and sought to cover it up.

At first glance, it appears that all the work done by the intelligence officer, who died in his cell last month, occurred between 2010 and 2016. But it should be noted that a large part of his online activity including his personal accounts on social media networks have been taken down, apparently by the authorities. His Twitter feed, for example, is completely empty, even though he is known to have used it in the past.

It should also be noted that the kind of projects he was doing publicly is the hype of ethical hacking often done by programmers without malicious. Ethical or white hat hacking are cyberattacks done not to cause damage, but to test an organization's cyberdefenses.

However, in one instance it seems the man broke the rules of ethical hacking: In a discussion appearing on a technical forum, one of the participants talked about a scam in which sites offer to provide a service for a fee apparently, a simulation of the Siri voice-recognition software but dont deliver.

The participant then goes on to cite others making the same complaints, including a Tweet from the future officer that threatened: If you dont make good [on the complaints], Ill flood your systems until its brought down and then Ill hack into your site to show that it is a scam."

The young man was threatening the scammers with what is known as a DDoS (distributed denial of service) attack. However, there is no evidence that he made good on his threat. As noted on his LinkedIn profile, the future officer was working for a large startup before he was drafted into the army.

View post:
Hacking, encryption and threat of attack: What the dead Israeli intel officer did before he was drafted - Haaretz

Read More..

Fitting Into IoT Security with a New Open-Source Encryption Standard – IoT For All

If todays IoT devices have an Achilles heel, its that theyre prone to security lapses and often catastrophic data leaks. Part of that has to do with the breakneck speed at which the IoT industry developed and continues to churn out new devices. That speed made it impossible for the industry to coalesce around any agreed-upon security standards.

And as a result, todays IoT implementations force users to find their own security solutions to stay safe. But for IoT to reach its true potential, those fundamental security issues will require an industry-wide solution and soon.

So far, most efforts toward that end have seen manufacturers employing a mixture of legacy technologies like VPNs and SSL encryption to protect data going to and from their devices. But those technologies are of a different time and werent built to accommodate the unique use cases involved in IoT networking.

For example, its common for IoT devices to communicate in a one-to-many or many-to-one configuration, which most existing encryption schemes dont support without requiring significant hardware resources. And those shortcomings make it clear that new, custom-built encryption technology is a core component of whats really needed to protect IoT devices now and in the future.

Preferably, that technology would be open-sourced so every IoT manufacturer could adopt it. And at this years Real World Crypto conference in New York, thats exactly what Swiss cryptography company Teserakt announced they were working on. Heres a look at their announcement and how it fits into the broader security situation in the world of IoT.

The product that Teserakt unveiled is called E4, and its an all-in-one encryption implant that manufacturers can include in their IoT devices and server backends. At the event, Teserakts CEO Jean-Philippe Aumasson likened their approach to the end-to-end encryption used in major messaging platforms like WhatsApp and Signal. He indicated that the decision to make their solution open source was intended to encourage industry-wide adoption and foster consumer trust through code transparency.

And crucially, the company also indicated that theyre building their system in consultation with technology companies in the aerospace, automotive, energy, healthcare, and agriculture industries. The idea behind that is to consider the many use cases that an IoT encryption system would have to accommodate. And by covering all of the major industries that might one day employ the technology, Teserakt hopes to create a universal solution that can protect many data streams.

The E4 system, for all its utility, wont be a complete IoT security solution, however. Security researchers have already pointed out that it will only protect devices from man-in-the-middle attacks and other similar exploits. It doesnt do anything to improve the devices security or the servers they communicate with.

Those problems would remain even if the IoT industry achieved universal end-to-end encryption adoption using E4 or similar technology. But creating a single wide-use IoT encryption solution would protect against many of the mistakes IoT vendors make today. For example, a recently announced flaw in implementing the open platform communication (OPC) network protocol by multiple vendors and issues like it would be rendered moot by end-to-end encryption.

Its also important to note that the E4 solution is still not ready for production environments. For that reason, Teserakt still hasnt released the fully open-source server code for it. However, they have indicated that a release will be forthcoming when theyve completed the documentation for the software.

But even when they do release the code, experts and industry stakeholders are quite likely to spend months if not years going over it with a fine-tooth comb before committing to use it. And thats yet another hurdle that has prevented previous IoT security solutions from ever making it into wide use. Major vendors may instead opt to create their own proprietary solutions in the intervening months. And history has shown that theyll be loath to make changes once that happens.

The good news here is that Teserakts E4 IoT encryption solution is a step in the right direction for the industry, even if its an incomplete one. In the end, some security standards will have to materialize for the IoT industry to fulfill its lofty promise, and its good to know that available options are coming online. That will make the jobs of device manufacturers and IoT software developers a little easier in the coming years. But for now, all anyone can do is keep an eye on Teserakts GitHub page to watch as E4s development unfolds. With some luck, it will catch the attention of enough stakeholders in the IoT industry to start making its way into their near-term plans. And if it does, that will go a long way towards making the future of IoT a little more secure. And thats something.

View post:
Fitting Into IoT Security with a New Open-Source Encryption Standard - IoT For All

Read More..

Raids worldwide as police reveal vast hack of criminal encryption platform – FRANCE 24

Issued on: 08/06/2021 - 03:00Modified: 08/06/2021 - 02:59

Sydney (AFP)

International law enforcement agencies on Tuesday revealed a vast three-year global operation to infiltrate an encryption platform popular among criminal groups, resulting in hundreds of arrests worldwide.

Unveiling the "world's most sophisticated" sting, law enforcement from New Zealand, Australia the United States and Europe revealed they had access to the supposedly secure 'AN0M' platform for years.

Forces monitored as members of the mafia, Asian crime syndicates and outlaw motorcycle gangs discussed drug deals, money laundering and even gangland hits, resulting in hundreds of arrests.

The Australian Federal Police said that in that country alone, a total of 224 people were now facing more than 500 charges while six underground drug labs were shut down and firearms and Aus$45 million (US$35 million) in cash was seized.

"We allege they are members of outlaw motorcycle gangs, Australian mafia, Asian crime syndicates and serious and organised crime groups," federal police commissioner Reece Kershaw said.

"We allege they've been trafficking illicit drugs into Australia at an industrial scale."

Australian Prime Minister Scott Morrison said the operation "has struck a heavy blow against organised crime -- not just in this country, but one that will echo around organised crime around the world".

New Zealand Police said it was the "world's most sophisticated law enforcement action against organised crime to date".

Detective superintendent Greg Williams said 35 people had been arrested across the country on 900 "serious drug dealing, money laundering and other conspiracy-type charges" and were due to appear in court Tuesday.

Police in New Zealand seized methamphetamine, firearms, and millions of dollars in cash and assets during the operation.

"Warrants are coming in and we expect a number of other arrests to be undertaken," Williams told reporters in Auckland.

More arrests were also expected to be announced around the world, Australian police said.

2021 AFP

Read the original here:
Raids worldwide as police reveal vast hack of criminal encryption platform - FRANCE 24

Read More..

Crowd-funding campaigns for boy injured in attack on Muslim family continue to grow – CTV News London

LONDON, ONT. -- People from around the world are showing support for Fayez Salman, the nine-year-old boy who lost his family in Sundays horrific attack on a Muslim family in London, Ont.

As of Thursday, two different online crowd funding campaigns have raised more than $1.7 million combined.

Organizers say the money will go towards helping the boy in the future, along with a number of charitable causes in the familys name.

Relatives have identified the deceased as 46-year-old Salman Afzaal, his 44-year-old wife Madiha Salman, their 15-year-old daughter Yumna Salman and her 74-year-old grandmother, Talat Afzaal.

GoFundMe organizer and family friend Sana Yasir says the boy, who suffered serious injuries, is in stable condition and being taken care of by an aunt and uncle.

She says shes overwhelmed by the support shown by people who were touched by what happened.

People all over the world from different races and religions all donating, and sending me messages about Fayez, and asking how he is, and they are all concerned and sending love and support. So its very very relieving to see that, how many people are standing by us during this time.

Yasir says she began the campaign after being approached by a large amount of people asking how they could help.

The GoFundMe campaign can be found here. Another LaunchGood campaign has also been created.

Read the rest here:
Crowd-funding campaigns for boy injured in attack on Muslim family continue to grow - CTV News London

Read More..