Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Thursday November 19 2015, @08:56AM   Printer-friendly

The New York Times Quietly Pulls Article Blaming Encryption in Paris Attacks

Questions about how the terrorists behind Friday’s attacks in Paris managed to evade electronic surveillance have fueled worrisome speculation in Europe and in the U.S. from intelligence experts, lawmakers and the press — including The New York Times, which on Sunday quietly pulled from its website a story alleging the attackers used encrypted technology.

On Sunday, the Times published a story citing unidentified “European officials” who told the outlet the attackers coordinated their assault on the French capital via unspecified “encryption technology.”

“The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly,” the article, which has since been removed, stated.

“It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption.”

Sorry, Grey Lady, after the past decade of shilling for the Powers-That-Be, the credibility ship has sailed...

ISIS Encrypted Communications with Paris Attackers

And So it Starts. ArsTechnica is carrying a story where they quote from a story in The New York Times the speculation of an un-named French Official:

European officials said they believed the Paris attackers had used some kind of encrypted communication, but offered no evidence. “The working assumption is that these guys were very security aware, and they assumed they would be under some level of observation, and acted accordingly,” said a senior European counterterrorism official who spoke on the condition of anonymity to discuss confidential information.

Ars points out that there is still no evidence of encryption used, and in any event, there were lots of digital tracks (meta data) left by these terrorists with communication between Belgium and Syria.

[More after the break.]

The use of encrypted communications by ISIS has prompted various former intelligence officials and media analysts to blame NSA whistleblower Edward Snowden for tipping off terrorist organizations to intelligence agencies' surveillance capabilities and for their "going dark" with their communications. Former CIA Director James Woolsey said in multiple interviews that former NSA contractor and whistleblower Edward Snowden "has blood on his hands".

Ars also mentions that encryption has been used for decades by terrorist organizations

It's been known for some time that terror organizations use cryptography of various sorts. Since the late 1990s, Al Qaeda has used various forms of encryption to hide files on websites for dissemination, as well as using encrypted or obfuscated files carried on CDs or USB drives by couriers.

The story points out that placing of blame on Snowden for terrorists using encryption seems "outlandish" but they jump right in and do it anyway, listing a wide variety of software known or suspected to be used for this purpose, including WhatsApp, Signal, RedPhone, Wickr, and Telegram.

Ars suggests it is just such an incident as this that governments have been waiting for to impose some regulations on encryption. Of course a lot of people have been suggesting this would happen eventually.

Will there be a push to outlaw any form of encryption of private communication? What percentage of people will rally around that idea?


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by FatPhil on Thursday November 19 2015, @10:17AM

    by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Thursday November 19 2015, @10:17AM (#265304) Homepage
    As far as I know, OTR is still trusted. It's been well reviewed and audited. Of course, that doesn't mean it won't be back-doored in the future, so keep using a trusted version and don't upgrade blindly. And if they start introducing incompatibilities which force you to upgrade, be extremely suspicious. Yes, skype/microsoft, I'm looking at you.

    My boss is looking to create an alternative to OTR with most of the same basic principles. Alas he's too busy working on stuff customers are willing to pay for presently. Secure communication will still be a problem in the future, so as long as he gets around to it eventually all will be good.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by frojack on Thursday November 19 2015, @05:57PM

    by frojack (1554) on Thursday November 19 2015, @05:57PM (#265425) Journal

    By OTR do you refer to the opportunistic encryption in the Jabber/XMPP clients or some other more specific application?

    Jabber ORT still uses SHA1 http://wiki.xmpp.org/web/OTR [xmpp.org] which is considered insecure.

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 2) by draconx on Thursday November 19 2015, @06:28PM

      by draconx (4649) on Thursday November 19 2015, @06:28PM (#265435)

      Jabber ORT still uses SHA1 http://wiki.xmpp.org/web/OTR [xmpp.org] which is considered insecure.

      SHA-1 is known not to be collision resistant. A collision is defined as any two messages which hash to the same value, without any constraints on either message. To this date, there are no publicly known collisions for SHA-1 (although it seems likely one will be found "soon").

      Collision resistance is important for some applications (primarily signatures), but not others (e.g., HMAC does not require collision resistance for security). This means we should move away from SHA-1 for new applications, but it does not mean all current applications are automatically insecure.

      That being said, I am not familiar with the OTR protocol, so you could be right that it uses SHA-1 in an insecure way.

      • (Score: 0) by Anonymous Coward on Thursday November 19 2015, @11:17PM

        by Anonymous Coward on Thursday November 19 2015, @11:17PM (#265553)

        A pair of messages with identical SHA-1 hashes has been constructed.

        https://eprint.iacr.org/2015/967 [iacr.org]

    • (Score: 2) by FatPhil on Thursday November 19 2015, @06:45PM

      by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Thursday November 19 2015, @06:45PM (#265443) Homepage
      OTR, Off The Record, available over many transports including XMPP.

      I don't think I see how any weakness of SHA-1 can be exploited, the values being hashed either aren't arbitrarily chosen by the attacker, or are accompanied by AES-encrypted values that must match. Having said that, I've not looked into the algorithm closely. However, Bruce Schneier has, and he's happy to use it, which is recommendation enough for me.
      --
      Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves