Encrypted WhatsApp Message Recovered From Westminster Terrorist's Phone

Bruce66423 brings word that a terrorist's WhatsApp message has been decrypted "using techniques that 'cannot be disclosed for security reasons', though 'sources said they now have the technical expertise to repeat the process in future.'" The Economic Times reports: U.K. security services have managed to decode the last message sent out by Khalid Masood before he rammed his high-speed car into pedestrians on Westminster Bridge and stabbed to death a police officer at the gates of Parliament on March 22. The access to Masood's message was achieved by what has been described by security sources as a use of "human and technical intelligence"...

The issue of WhatsApp's encrypted service, which is closed to anyone besides the sender and recipient, had come under criticism soon after the attack. "It's completely unacceptable. There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other," U.K. home secretary Amber Rudd had said.
Security sources say the message showed the victim's motive was military action in Muslim countries, while the article adds that though ISIS claimed responsibility for the attack, "no evidence has emerged to back this up."

Bullshit.

[Frosty+Piss]

The claim is dubious. Why would they inform all the Terrorists that they can decrypt WhatsApp with ease? They wouldn't. The reason for the "disclosure" is to influence Terrorists to use some other - perhaps less secure - means of communication because they CAN NOT decrypt WhatsApp.

Re:Bullshit.

It's possible that they didn't actually decrypt anything and, instead, managed to get into the phone. If the terrorist didn't secure his phone, then whatsapp could easily be opened and messages read. They had access to his phone, that was stated in the article.

Re:Bullshit.

[thewolfkin]

This isn't a fucking TV drama, it is more important to get the psychological leverage over the terrorist groups who are reminded they can't use tech to hide. It is also more important to remind the public that terrorists can't do that.

no it isn't. If anything the past experience with government agencies is that they'll exploit the heck out of security holes they can find and use that to get whomever they want to get. Heck that was the whole point of Snowden. There's no incentive or historical trend of governmental agencies effectively shouting out that they've found a way to see through the door. Instead they keep looking through the door gathering and using intelligence until someone notices.

at best this suggests that "Oh we're so strong we cracked WhatsApp" but it does so completely at the cost of their loophole. It's a silly stunt that's only effective if they have a backup in place.

Re:Bullshit.

[Impy+the+Impiuos+Imp]

It's ironic that, if this kind of encryption existed during the US revolutionary war, the King of England would have outlawed it, and therefore the Founding Fathers would have included it as a right in the First Amendment. Government is the problem in the long run, the bigger picture, regardless of any short-term benefits.

Re:Bullshit.

[Impy+the+Impiuos+Imp]

Indeed, every time some politician in the West decries encryption for some teeny-tiny, transitory problem like terrorism, billions around the world's hearts sink a little more into despair as their governments break encryption using the same techniques precisely to catch political opposition.

Says the oppressed in China, Russia, Turkey, "Well, our nightmare continues but damn, we are glad you wern't hampered too much gleaning a useless iota of information on that guy who is one trillionth the plague on your society our governments are on ours."

Re:Bullshit.

[monkeyzoo]

Lookup information on Open Whisper end-to-end encryption, which is what WhatsApp uses. You will see that the whole point of the system is to prevent police from "simply" doing what you have said. There are no unencrypted temporary files, caches, etc.

Getting the contents from the recipient is a valid possibility however without defeating the technology.

Re:Bullshit.

[110010001000]

How do you know that is what WhatsApp uses? It is closed source. They could be doing anything, no matter what they CLAIM they are using. They could be sending all of your messages directly to the NSA. Why do people trust closed source apps?

Re:Bullshit.

[TheOuterLinux]

WhatsApp is owned by Facebook. It's encryption is a joke when the right people are asked nicely, hence the "using techniques that 'cannot be disclosed for security reasons.' What they mean is they can't tell you how they did it because it would look REALLY bad if people realized how stupid it is to put your faith in a company that specializes in profiling and biometric data collection; https://www.whatsapp.com/faq/g.... If you're using WhatsApp on Google anything (Android, Chrome, etc.), you're in even worse shape because it's Google for Christ's sake. Remember Dirty COW? Google waited until after the election to fix it while every other Linux-based OS did months ahead of them.

But anyway, Facebook also invests huge amounts of money into cloud computing and AI. That combination one day will make all encryption and anonymity useless because we will all be digitally fingerprinted whether you have an account or not, especially if quantum computing advances, and you can assume your government will get a copy, just like they get copies of your DNA when you fall for the "fun and easy" TV advertised "ancestry" services. This "profile" is going to replace social security numbers. If you want real encryption (at least for now), use Signal (similar to Telegram but better) or a Tox client (similar to OpenVPN but for messaging). More importantly, use your brain. Both are free and open source and support text, talk, video, and file sharing. I would never use anything that important that I couldn't look at the code for. If you could look at WhatsApp's source code, I think security researchers would be horrified. And, Facebook gets caught spying on their mobile app all the time, so I don't see how WhatsApp would be any different. And just because a lot of people use it, doesn't make it the best. Matter of fact, that would make more of a target.

• https://finance.yahoo.com/news...
• https://www.theregister.co.uk/...
• https://www.thememo.com/2017/0...
• https://arstechnica.com/tech-p...
• https://www.pcworld.com/articl...

Some of the above links are kind of old, but note the ISP one. Legally, your internet service provider in the U.S. can sell your browsing information. Because of this, intelligence agencies can just purchase your data for cheap rather than getting a warrant and paying a government employee to waste their time. I'm mentioning ISP because Facebook has been trying for over a year now to bring the Internet to all kinds of places. They would become an "Internet Service Provider." In any case, if the app has an advertisement, you can be tracked.

The real note to take away from this is to realize data can be created and never destroyed and don't put anything on the internet you don't want found. I wish people would realize privacy settings are a joke; they only protect you from the average person. Anytime you see "convenient" or "secure" for a service, just assume it's complete BS because your government doesn't have the time or resources to actually physically search and seize everyone so they have software for it, contrary to "Martial Law" conspiracies; cloud computing makes it easier.

And since this news regarding terrorism, do you know why it was so hard to find Osama? It's because so far as we know, the most technologically advanced thing he ever personally used was a kidney dialysis machine or the Cold War weapons the U.S. gave him. The wor

Re:Bullshit.

[AmiMoJo]

The BBC reported that they simply got it from the phone of the recipient (which they knew from metadata) who cooperated with them. That person was innocent and uninvolved in the attack so simply gave them the message in plain text.

Sorry no link, the BBC search engine is crap.

idiot

[ooloorie]

"It's completely unacceptable. There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other,"

It is completely unacceptable that history majors like Amber Rudd, who evidently has not the slightest understanding of technology, end up in positions like Home Secretary. or "Secretary of State for Energy and Climate Change". Rudd seems to be an object lesson in how money and political connections trump competency and skill.

Encrypt Everything!

[Murdoch5]

Regardless if the claim is true or not, all your data and messaging should be encrypted at all times PERIOD! I will gladly accept terror acts for the right to have my data protected and safely stored. Across all my computers and my phone, everything is encrypted when possible, including my emails, which are sent from a encrypted provider, my SMS messages, which are sent encrypted and almost everything else I do. Encryption is a right to not have your data / personal information exposed and one that must be protected, even if that means acts of terror are untracable / untrackable.

Huh? crooks in brazil do this all the time

(OBNOTE: they might have done something far different, but this is one way it could be done -- and it is being done in Brazil):

1. Clone the victim's phone line (not chip, not iemsi, you just need to reassign its phoneline. Costs about US$100 in Brazil to get a sleazy, disgruntled phone-company-cellphone-outlet employee to do it for you).

2. Using the rogue SIM that has the victims' phone number active for a while, install whatsup. Do the SMS verification, it will pass. And yes, that *does* mean you could use the same !@#$@#$ trick to invade banking accounts, steal accounts with SMS verification enabled, etc. Say, like google, microsoft, or DNS registrar (and from there, anything else, such as US$ 200k-worth twitter identities, etc).

==> IT IS NO JOKE that the newest US gov regulations *strongly recommends against* (read: FORBID) the use of anything phone-carrier-routed (SMS, voice, phone number, etc) for security id/validation.

3. Whatsup will download the message history and contacts database, and you have access to the information.

Now, if the target is not an imbecile, he has whatsup 2FA enabled. That means step (2) is a lot more difficult, *but not impossible*. Here's where human intelligence can help, phone hacking can help, and even a court order for whatsup to NOT nuke the account no matter how many failed tries (assuming this does not run afoul of whatever protections did not allow them to order whatsup to shell out the history directly) can help.

IOW: have you removed the insanely dangerous "phone-number-based" recovery options of every account you treasure? If you did not, you better do now. It is quite possible to add defensive layers to SMS-based and voice-based recovery options, but all of them are of the "force several successful attempts over a *large* period of time, with random factors involved" so that the victim will notice what is happening, recover his phone number, and engage defensive measures. NOBODY implements this.

If there's no place for terrorists to hide

[HalAtWork]

If there's no place for terrorists to hide then there's no place for *anyone* to hide, and that is unacceptable considering how valuable it is to hide from oppression or the abusers of the system used to ensure there are no hiding spots, those who operate the system are disproportionately advantaged and with access comes the capability of concealing themselves, censoring, framing content and concealing context, etc.

This idea is ridiculous and imbalanced off the bat.

Original article:

[Gravis+Zero]

Here's the original article that this is all based on.

Re:The Liberals' war on vaginas

[hey!]

I am personally insulted by the ineptitude of this troll. Please try again. This time with feeling.