Slashdot Mirror
Encrypted WhatsApp Message Recovered From Westminster Terrorist's Phone (indiatimes.com)
Bruce66423 brings word that a terrorist's WhatsApp message has been decrypted "using techniques that 'cannot be disclosed for security reasons', though 'sources said they now have the technical expertise to repeat the process in future.'" The Economic Times reports:
U.K. security services have managed to decode the last message sent out by Khalid Masood before he rammed his high-speed car into pedestrians on Westminster Bridge and stabbed to death a police officer at the gates of Parliament on March 22. The access to Masood's message was achieved by what has been described by security sources as a use of "human and technical intelligence"...
The issue of WhatsApp's encrypted service, which is closed to anyone besides the sender and recipient, had come under criticism soon after the attack. "It's completely unacceptable. There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other," U.K. home secretary Amber Rudd had said.
Security sources say the message showed the victim's motive was military action in Muslim countries, while the article adds that though ISIS claimed responsibility for the attack, "no evidence has emerged to back this up."
The issue of WhatsApp's encrypted service, which is closed to anyone besides the sender and recipient, had come under criticism soon after the attack. "It's completely unacceptable. There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other," U.K. home secretary Amber Rudd had said.
Security sources say the message showed the victim's motive was military action in Muslim countries, while the article adds that though ISIS claimed responsibility for the attack, "no evidence has emerged to back this up."
The claim is dubious. Why would they inform all the Terrorists that they can decrypt WhatsApp with ease? They wouldn't. The reason for the "disclosure" is to influence Terrorists to use some other - perhaps less secure - means of communication because they CAN NOT decrypt WhatsApp.
If you want news from today, you have to come back tomorrow.
It is completely unacceptable that history majors like Amber Rudd, who evidently has not the slightest understanding of technology, end up in positions like Home Secretary. or "Secretary of State for Energy and Climate Change". Rudd seems to be an object lesson in how money and political connections trump competency and skill.
Regardless if the claim is true or not, all your data and messaging should be encrypted at all times PERIOD! I will gladly accept terror acts for the right to have my data protected and safely stored. Across all my computers and my phone, everything is encrypted when possible, including my emails, which are sent from a encrypted provider, my SMS messages, which are sent encrypted and almost everything else I do. Encryption is a right to not have your data / personal information exposed and one that must be protected, even if that means acts of terror are untracable / untrackable.
(OBNOTE: they might have done something far different, but this is one way it could be done -- and it is being done in Brazil):
1. Clone the victim's phone line (not chip, not iemsi, you just need to reassign its phoneline. Costs about US$100 in Brazil to get a sleazy, disgruntled phone-company-cellphone-outlet employee to do it for you).
2. Using the rogue SIM that has the victims' phone number active for a while, install whatsup. Do the SMS verification, it will pass. And yes, that *does* mean you could use the same !@#$@#$ trick to invade banking accounts, steal accounts with SMS verification enabled, etc. Say, like google, microsoft, or DNS registrar (and from there, anything else, such as US$ 200k-worth twitter identities, etc).
==> IT IS NO JOKE that the newest US gov regulations *strongly recommends against* (read: FORBID) the use of anything phone-carrier-routed (SMS, voice, phone number, etc) for security id/validation.
3. Whatsup will download the message history and contacts database, and you have access to the information.
Now, if the target is not an imbecile, he has whatsup 2FA enabled. That means step (2) is a lot more difficult, *but not impossible*. Here's where human intelligence can help, phone hacking can help, and even a court order for whatsup to NOT nuke the account no matter how many failed tries (assuming this does not run afoul of whatever protections did not allow them to order whatsup to shell out the history directly) can help.
IOW: have you removed the insanely dangerous "phone-number-based" recovery options of every account you treasure? If you did not, you better do now. It is quite possible to add defensive layers to SMS-based and voice-based recovery options, but all of them are of the "force several successful attempts over a *large* period of time, with random factors involved" so that the victim will notice what is happening, recover his phone number, and engage defensive measures. NOBODY implements this.
If there's no place for terrorists to hide then there's no place for *anyone* to hide, and that is unacceptable considering how valuable it is to hide from oppression or the abusers of the system used to ensure there are no hiding spots, those who operate the system are disproportionately advantaged and with access comes the capability of concealing themselves, censoring, framing content and concealing context, etc.
This idea is ridiculous and imbalanced off the bat.
Twinstiq, game news
I am personally insulted by the ineptitude of this troll. Please try again. This time with feeling.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.