Category Archives: Cyber Espionage

Enc

Shhh… New US Bill to Stop State-Level Decryption

California Congressman Ted Lieu has introduced the “Ensuring National Constitutional Rights for Your Private Telecommunications Act [ENCRYPT]of 2016” – find out more from the WIRED.

Poles

Shhh… Poles Protest Against Internet Surveillance

Poland’s online media laws are some of the most invasive in Europe. Polish law requires telecom companies to retain metadata on its users for some length of time and allows nine different law enforcement agencies (an exceptionally large number) to demand it. According to the digital rights group Panoptykon Foundation, nearly two million requests for user data are made by the government yearly, whereas in most EU countries it is less that half that number.

Find out more from the KraKow Post.

sk

Shhh… Skype to Hide Your IP Address (Finally)

Here’s the Skype announcement:

Skype is fully committed to delivering as safe and secure of an experience as possible to our customers. We have recently introduced the ability to hide a Skype user’s IP address and we’ve set this as a default status in the latest versions of Skype.

Starting with this update to Skype and moving forward, your IP address will be kept hidden from Skype users. This measure will help prevent individuals from obtaining a Skype ID and resolving to an IP address.

You can find this update in the latest versions of Skype on desktop and mobile* devices, which you can download here. We also recommend you update Skype across your devices to ensure you benefit from the best experience possible.

*Android, and coming soon as default on iOS.

BB

Shhh… Blackberry Deny Dutch Police Crack Encryption

BlackBerry has claimed on its corporate blog that its phones are “as safe as they have always been” after reports that Dutch police are capable of accessing encrypted BlackBerry messages (like the video clip above).

pw

Shhh… The 25 Worst Passwords of 2015

From the CIO.com, here’s the complete list of the 25 worst passwords for 2015, with their ranking from 2014 in brackets:

1. 123456 (Unchanged)
2. password (Unchanged)
3. 12345678 (Up 1)
4. qwerty (Up 1)
5. 12345 (Down 2)
6. 123456789 (Unchanged)
7. football (Up 3)
8. 1234 (Down 1)
9. 1234567 (Up 2)
10. baseball (Down 2)
11. welcome (New)
12. 1234567890 (New)
13. abc123 (Up 1)
14. 111111 (Up 1)
15. 1qaz2wsx (New)
16. dragon (Down 7)
17. master (Up 2)
18. monkey (Down 6)
19. letmein (Down 6)
20. login (New)
21. princess (New)
22. qwertyuiop (New)
23. solo (New)
24. passw0rd (New)
25. starwars (New)

Fra

Shhh… France “Non” to Encryption Backdoor Bill

Check out the following ZDNET article:

Encryption backdoors by law? France says ‘non’

A proposed amendment to France’s Digital Republic Bill, suggesting mandatory hardware backdoors to bypass encryption, has been rejected by the government.

By Liam Tung | January 18, 2016

The French government has rejected a proposed bill that would have required hardware makers to design products that give authorities access to stored data, even if it is encrypted.

The draft bill, proposed by a right-leaning politician in the wake of the Paris terrorist attacks, would have required all tech companies to insert backdoors into devices, on the grounds that encryption should not impede a police investigation.

The proposal, brought by Republican politician Nathalie Kosciusko-Morizet, came as an amendment to the Digital Republic Bill, France’s proposed legal framework for open data, net neutrality, and data protection in the context of cloud computing.

“France must take the lead by requiring equipment manufacturers to consider the imperative of access of police and gendarmes, under the supervision of a judge and only in the context of a judicial inquiry, to these materials,” the draft amendment read.

The failed bid to introduce mandatory backdoors marked one more effort to legislate against encryption in a debate that’s been reignited by the Paris terror attacks, after speculation the attackers used encryption to coordinate the assaults.

It came alongside a proposal in New York to ban the sale of any smartphone using encryption that cannot be bypassed by its manufacturer.

Critics of such proposals have repeatedly pointed out that secret backdoors cannot be kept exclusively open to law enforcement without the risk that they’ll be found and exploited by criminals or other governments.

That was the argument taken up by France’s deputy minister for digital affairs, Axelle Lemaire, who was quoted by French site Numerama as calling the proposal “vulnerability by design”. With the Digital Republic Bill, the government hopes to enable privacy by design.

“With a backdoor, personal data is not protected at all,” Lemaire said. “Even if the intention is laudable, it also opens the door to players who have less laudable intentions, not to mention the potential for economic damage to the credibility of companies planning these flaws.”

A case in point, she said, was the recently discovered backdoor in Juniper’s ScreenOS, thought to have been inserted in 2012, giving the attacker a free hand to decrypt data passing through its equipment.

She also pointed to the recent announcement by the Netherlands that it would not legislate against the development, availability and use of encryption due to its importance to businesses, such as online banking, and personal privacy.

While acknowledging that the Paris attackers possibly did use encryption, the Netherlands government said, “A technical input into an encryption product that can be seen by the prosecution authorities would allow encrypted files in digital systems to be vulnerable, eg to criminals, terrorists and foreign intelligence services.”

Kosciusko-Morizet defended her proposal on the grounds that police should be able to inspect computers the way they can search a home.

BBs

Shhh… No Safe Haven – Cops Can Access Encrypted PGP Blackberry

So much for this useful video instructions, the cops are now able to break into the supposedly safe havens – ie. decrypting PGP BlackBerry.

JB

Shhh… Interview: James Bamford on NSA’s Global Surveillance, Snowden and Technology Companies

Find out from this ComputerWeekly article an interview with James Bamford, the investigative journalist and documentary maker James Bamford who has had an extensive interview with Snowden and who was also among the first to uncover the NSA secrets of its secretive global surveillance.

Tal

Shhh… TOR: The NO NO Guide to Staying Anonymous

I uploaded what Snowden said about Tor earlier this week and here’s a really handy guide of the DO NOT TO when you’re supposedly surfing anonymously, from Whonix.