Having just spent much of the day browsing throughWikileaks latest batchof documents from the intelligence community in which government agents discussed ways to circumvent mobile encryption and to listen in on conversations near smart devices including smart TVs its clear that government agents have long had the ability to grab mobile content before its encrypted.

Some of the tactics have names that are quite explicit about their function, such as a TV mode called TV Fake-Off. These docs provide a fascinating look into the government teams that are emulating cyberthieves, trying to improve on their techniques rather than thwart them.

Personal security products (PSP) sandboxes typically have a set time limit they analyze a program for before making a decision. PSPs do not want to impose unnecessarily long wait times on the user, which may cause the user to disablePSPcomponents or try other products out of frustration, said one typical passage. A common technique of exploiting this mechanism is using a Sleep-like call at the start of a program to run out the clock. PSPs caught on and many will skip the sleep calls in their sandbox environment. To counteract this, Malware authors will call a meaningless function which performs some kind of task or calculation that takes a while to complete, before performing any malicious action. This makes it harder/impossible for PSPs to know what to skip, and the Malware can effectively run out the clock while in aPSPsandbox.

Interestingly, the CIA and other intelligence firms are doing the same process as most security firms studying cyberthief tactics but instead of using that knowledge to improve defenses, the CIA is using those lessons to craft better attacks.

This is a very impressive set of tools gathered, said Doug Barbin, principal cybersecurity leader of Schellman & Co., a CPA firm. But it wasnt something that a security researcher would be too surprised by. Its so detailed, though, that it takes the debate out of whether or not these types of attacks are hypothetical.

Barbin added, though, that some of the initial reports have been misleading. The CIAs tested method of monitoring that smart TV, for example, he said, used a USB stick placed into the set to initiate any monitoring. That would require physical contact with the set, as opposed to an over-the-air method of intercepting data.

Although Barbins point is well taken, some of these memos are two years old. Just because it was tested with a USB insert doesnt mean that the attack couldnt today be launched wirelessly.

Another security professional, Ken Pfeil, the chief architect at the TechDemocracy consulting firm, was equally unimpressed with the CIAs tactics.

These are pretty standard. The fact that they are using DLL injection is not surprising. In the exploit world, some of this stuff is pretty basic, Pfeil said. There is nothing sitting in front of me [from the Wikileaks data dump] that would surprise me. Absolutely nothing.

Agreed. Only the dumbest terrorist would opt to hold terror planning meetings in the same room as a smart TV that supports voice recognition. Then again, who ever said terrorists are especially smart? If only one plan is thwarted from some IQ-deficient murderer, its likely worth the effort.

Some of the advice in the CIA memos is positively coach-like. Consider: After verifying that the CTNR was called for thread creation, the kernel code can do some basic checks to see if the thread is being created in an interesting process. The important thing to remember about running code in the CTNR is that NO new threads can be created until each CTNR is finished. If your CTNR code takes 1 minute to run, then youve bottlenecked thread creation to 1 new thread a minute extreme example of course. Whatever you do in the CTNR, make sure its quick.

Many of the suggestions were aimed at, logically enough, tactics to avoid detection. Process Hollowing involves starting a benign process such as Internet Explorer using Windows CreateProcess, with a specific flag set to create the process in a suspended mode. At this point, the component removes the benign process code from the suspended process, injects its own malicious code, and resumes the process. PSPs may only do an initial scan when the process is created even though its suspended at the start and wont notice the code replacement. Also, dynamic analysis tools such as Procmon will only log/show that a benign process was created.

The CIA paid particular attention to getting around security defenses from Kaspersky. That might be a compliment of sorts to that products sophistication or it might simply be that Kaspersky has rejected many efforts to cooperate with government investigators.

The Kaspersky AVP.EXE process references a DLL called WHEAPGRD.DLL. This DLL is supposed to be located in one of the Kaspersky directories, which are protected by the PSP. Due to a UNICODE/ASCII processing mistake, the DLL name is prepended with the Windows installation drive letter, rather than the full path to the DLL, a memo said. For typical installations, this causes Kaspersky to look for the DLL CWHEAPGRD.DLL by following the standard DLL search path order. Loading our own DLL into the AVP process enables us to bypass Kasperskys protections.

Heres an interesting example of a more basic exploit on Windows. Process Hollowing involves starting a benign process, such as Internet Explorer, using Windows CreateProcess, with a specific flag set to create the process in a suspended mode. At this point, the component removes the benign process code from the suspended process, injects its own malicious code, and resumes the process, a memo said. PSPs may only do an initial scan when the process is created even though its suspended at the start and wont notice the code replacement. Also, dynamic analysis tools such as Procmon will only log/show that a benign process was created.

Other memos described time-savers. All function calls need to come from the ese.dll, and not esent.dll. The API appears the same, but exchange does not use esent.dll. Therefore all JET function calls need to be from ese.dll space. Thankfully, its already loaded into mem, the document said, before adding a smiley emoticon. Store.exe seems to export a wonderful function EcGetJetInstanceForMDB() that takes a GUID and returns a valid JET instance handle that has already been initialized and setup for use. Appears there is no need to figure out all the right SystemParameters, etc. and in order to create our own sessions from this instance. Use UuidFromString() to convert from String GUID to binary. However, this function isnt really need as once we are injected in, calling JetGetInstanceInfo() gives us everything we need.

The most interesting discussions, though, were candid in suggesting ways to bypass security restrictions. When building a tool, you will almost inevitably have to use some set of strings or sensitive data. When security products or professionals scan a system, we dont want to make it easy for them to find something malicious by just doing a string search. Thus, in order to obfuscate what the tool is doing, we obfuscate the strings or data being used, one memo said. You should also scan the binary you deliver against usernames and names of people on the project as many times mistakes are made and PDB strings file paths that often include usernames are left in the final binary. There are many products we use to help us automate portions or all of string/data obfuscation.

That memo continued, winking to the reader about its intended use. So you may already have a good idea of where were going with this. Memory refers to the volatile memory on the machine while the disk is non-volatile. This difference is important when developing malicious software, the note said. As a development shop, we tend to do most of our work in memory and rarely leave unencrypted artifacts on disk. That being said, all persistence is gained by writing to a non-volatile location on the machine. Thus, it is good to keep in mind that anything on disk shouldnt contain anything too cool for school. Also, on disk artifacts are more likely to be detected by Personal Security Products (PSPs).

All in all, just a run-of-the-mill day for your friendly neighborhood CIA agents.

Read the rest here:
If the CIA can sidestep encryption, what makes you think ... - Computerworld

FBI Director James Comey JOSHUA ROBERTS / Reuters

He said there needs to a balance between privacy and the FBI's ability to lawfully access information, a conversation that he acknowledged will require some "humility" on the part of the bureau.

"We need to stop bumper-stickering each other. This isn't the 'FBI versus Apple,'" he said.

"We need to build trust between the government and private sector."

Related:

Comey also addressed the need for the FBI to recruit top computer talent who might otherwise head to Apple or Google but joked that the bureau isn't resorting to "beanbag chairs and granola" to draw Silicon Valley whiz kids.

He said new hires do appreciate the FBI's culture.

"We are dogged people," he said. "We just gave up on D.B. Cooper, and that was after 50 years."

And Comey, who is three and a half years into a 10-year term, referenced his own doggedness.

"You're stuck with me for another six and a half years," he quipped.

Read the original here:
Comey: FBI Couldn't Access Hundreds of Devices Because of Encryption - NBCNews.com

Slide: 1 / of 1. Caption: WIRED

Of all the revelations to come out of the 9,000-page data dump of CIA hacking tools, one of the most explosive is the possibility that the spy agency can compromise Signal, WhatsApp, and other encrypted chat apps. If you use those apps, lets be perfectly clear: Nothing in the WikiLeaks docs says the CIA can do that.

A close reading of the descriptions of mobile hacking outlined in the documents released by WikiLeaks shows that the CIA has not yet cracked those invaluable encryption tools. That has done little to prevent confusion on the matter, something WikiLeaks itself contributed to with a carelessly worded tweet:

The end-to-end encryption protocols underpinning theseprivate messaging apps protect all communications as they pass between devices. No one, not even the companies providing the service, can read or see that data while it is in transit. Nothing in the CIA leak disputes that. The underlying software remains every bitas trustworthy nowas it was before WikiLeaks released the documents.

Of course, the CIA can compromise the devices sending or receiving those messages. By taking control of a so-called end point, spies can access everything on a smartphone, be it texts, videos, the camera, or the microphone. It isnt about defeating encryption, despite the hype, says Nicholas Weaver, a computer security researcher at the International Computer Science Institute. If you compromise a targets phone, you dont care about encryption anymore.

Its an important distinction. More than a billion people use Signal and WhatsApp, both of which use Open Whisper Systems Signal Protocol to protect communications. Other end-to-end encrypted apps, like Confide, have also seen a recent uptick in popularity. The people who use these apps rely on that rock-solid security to facilitatesensitive discussions, avoid oppressive regimes, communicate withjournalists, and more. Undermining trust in those tools creates the impression that vulnerable people have nowhere to turn. This is not true. They absolutely do.

The CIA/WikiLeaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption, said Open Whisper Systems in a response on Twitter. The story isnt about Signal or WhatsApp, but to the extent that it is, we see it as confirmation that what were doing is working.

The only people who may need to worry are those who might be the target of a total-device takeover, an exploit largely limited to nation-state actors. At that point, youve got farbigger concernsthan end-to-end encrypted chat. That Signal and WhatsApp are still viable also doesnt lessen the broader implications of the CIAs secrets being in the wild.

Specifically, users of encrypted comms programs arent targeted, but everyone is made less safe, says Malwarebytes security researcher Jean-Phillipe Taggart.

Fortunately, WikiLeaksclarified what it meant. After all, it values the ability to keep secrets as well as anyone.

This story has been updated to include a comment from Jean-Phillipe Taggart.

Go here to see the original:
Don't Let WikiLeaks Scare You Off of Signal and Other Encrypted Chat Apps - WIRED

In light of Wikileaks latest Vault 7 release, we figured it'd be prudent to take a look at the different levels of encryption used on popular messaging apps, as not all encryption is created equally.

However, if Wikileaks latest release is to be believed none of it matters anyway, as the CIA can get around it all.

Still, it does pay to be mindful about security as the CIA is one thing but hackers are something else completely.

Encryption was once a technology many thought was relegated to spies and security services, but the tech has actually been around for a long while in the ordinary persons everyday life. For example, when you make a bank transfer online, that data is encrypted so someone cant hack your account. But recently people have become interested in how well their less monetary communicationssuch as their text messages and calls with friendsare protected. Thats why a bunch of apps have sprung up that offer high-level encryption and existing communication apps have begun implementing encryption.

But not all encryption is created equal so the Electronic Frontier Foundation has put together an awesome Secure Messaging Scorecard that shows you just how well individual apps encrypt your data. Some apps offer end-to-end encryption that is almost unbreakable, but others only encrypt a message in transit. How well do your common messaging apps hold up and which are the most secure apps? Heres what the EFF, which rates each app as a pass or fail on 7 different metrics, says:

iMessage: Apples messaging app gets a 5 out of 7. It earns points for being both encrypted in transit and encrypted so even Apple couldnt read the messages if they were ordered to, but it loses points because you cant verify contacts identities and the code isnt open to independent review.

Facebook Chat: Facebooks chat messaging system scores a lowly 2 out of 7. Messages are only encrypted in transit, but Facebook could access them if ordered too.

Google Hangouts/Chat: As with Facebook, so with Google: Hangouts scores a lowly 2 out of 7. Messages are only encrypted in transit, but Google could access them if ordered too.

Skype: The worlds most popular VOIP client scores of horrible 1 out of 7. Messages are encrypted in transfer, but Microsoft could access them on their side, past comms arent secure if the encryption keys are stolen, and the code isnt open to independent review.

Snapchat: Snapchat scores a lowly 2 out of 7. Messages and pics are only encrypted in transit, so be sure any pic you send is something you wouldnt mind the world seeing if Snapchat gets hacked.

Viber: As with Facebook and Google: Viber scores a lowly 2 out of 7. Messages are only encrypted in transit, but the company could access them if ordered too.

WhatsApp: recently WhatsApp has started encrypting everything you send. This earned the app a 6 out of 7 on the EFFs scorecard. The only thing WhatsApp got dinged for is that the code is not open to independent review.

As you can see, the most commonly used messaging apps (above) arent completely secureor, because many lack independent review, users cant know 100% that the encryption on the apps actually works. But the EFF says there are other apps that score a 7 out of 7 on their scorecard. These apps are:

Signal: The free iOS and Android app allows you to take part in completely encrypted voice calls. Signal uses your existing number, doesn't require a password, and leverages privacy-preserving contact discovery to immediately display which of your contacts are reachable with Signal. Under the hood, it uses ZRTP, a well-tested protocol for secure voice communication, the company says.

Silent Phone: The company Silent Circle makes software and hardware for businesses who are worried about secure communications. Their Silent Phone software is available on Android and iOS and allows users to call and text with complete privacy.

Telegram: is another secure messaging app that received a 7 out of 7 from the EFF. The app allows you to text and chat with other Telegram users. Best of all, not only is it available on iOS and Android, they also make a Windows Phone app as well as clients for Mac and PCs.

Text Secure: Made by Open Whisper Systems, Text Secure enables encrypted voice calls and texts. Its available for Android and iOS and among its many advocates is Edward Snowden who has recommended those interested in secure communications should use anything by Open Whisper Systems.

See the rest here:
The Best Encryption Apps For Your Phone - Know Your Mobile

The importance of an adequate cyber security strategy cannot be exaggerated enough, with recent research revealing that almost seven in ten consumers will happily take their custom elsewhere in the event of a data breach

In 2016 consumers were exposed to a larger number of high profile data breaches than any year previously last year Yahoo disclosed the loss of more than half a billion customer records.

These events have helped raise public awareness around the serious threats to personal data that exist in the modern era. Awareness is also growing for some of the solutions that businesses and individuals can use to minimise the risks from data breaches.

Encryption is starting to gain some prominence in stories concerning data breaches, but do consumers actually understand what it involves, or how important it is?

Gemaltosrecent study has revealed that only 14% of UK consumers claim to fully understand what encryption is.

>See also:Network security doesnt just begin and end with encryption

Some responses were surprising, including believing encryption to be a fingerprint scanner, a puzzle and a system which sends parts of messages over many networks to protect it.

In reality, encryption is the process of converting data to an unrecognisable form. An encrypted document will appear scrambled to anyone who tries to view it.

It can only be decrypted using the correct encryption key, which must be kept secure at all times. If consumers dont truly understand the measures that businesses are putting in place to protect their data as this evidence suggests, they wont be aware of how secure their data is.

This contributes to any concerns and uncertainty consumers may have when sharing personal data with companies.

Businesses are increasingly starting to understand the potential financial damages that a data breach can incur, however they also need to consider the reputational damage too.

Educating consumers about the steps a business is taking to protect their data is crucial for building consumer trust and loyalty. If consumers are unsure of which protections are in place with a business, they may avoid dealing with them entirely.

Any business that suffers a data breach or gains a reputation for handling customer data insecurely will see consumers move to competitors they perceive to be more secure.

>See also:Will WhatsApp trigger an encryption revolution?

Additionally, with GDPR coming into effect in under 18 months, it will soon be mandatory for any business handling EU specific data, or doing business within the EU, to report any and all data breaches.

Any business found to be insecurely storing data will face severe fines. So, what can a business do to avoid this happening?

There are five key steps that any business must undertake when protecting their own, and consumers data.

First, in order for a business to begin protecting itself, it should organise a data sweep to understand what data it has produced or collected, and where the most sensitive parts of that data are stored.

Examples of personal identifiable information a business may collect include a customers email address, date of birth or financial details. Before a business can even think about how theyre going to protect their data, its crucial that they understand what they are trying to protect.

The next step an organisation should take is to adopt strong two-factor authentication, which provides an extra layer of security should user IDs or passwords ever become compromised.

Two-factor authentication involves an individual having something they have like a message on their smartphone and something they know, rather than simply relying on something they know, such as a password.

While two-factor authentication helps to stop information being taken in the first place, or accessed by people who dont have the correct permissions, encryption gives a layer of security which stops customers sensitive data being used if it is accessed or stolen.

>See also:Who owns your companys encryption keys?

This is why it is necessary for a business to understand where their most valuable data is stored before this step can occur. Whether the data is stored on your own servers, in a public cloud, or a hybrid environment, encryption must be used to protect it.

As consumers have seen in 2016, it is no longer a question of if, but when a data breach will occur. Companies need to approach protection with the assumption that they will be breached and employ the encryption necessary to protect their most important asset, the data.

Of course, once a business is properly encrypting their data, attention must turn to strong management of the encryption keys. Whenever data is encrypted, an encryption key is created, and is necessary for unlocking and accessing the encrypted data.

Encryption is only as good as the key management strategy employed. Companies must ensure the keys are kept safe through steps like storing them in secure locations, in external hardware away from the data itself for example, to prevent them being hacked.

After all, theres no point in buying the best locks for your house and then leaving the key under the mat for any passing burglar to pick up!

The final step a business should undertake is educating both their consumers and their workforce on the processes they have undertaken to protect their data. And it doesnt just end there.

Businesses need to employ a double-sided approach, educating both their employees and consumers on the steps they should also be taking to remain safe and protect their personal data themselves.

This helps to build their understanding of how to protect the companys data, and builds consumer confidence.

>See also:Researchers break hole in Apples unbreakable encryption

Only once a business has followed these steps, and educated their customers, can they be confident that they have adequate processes in place to protect their data.

The importance of an adequate cyber security strategy cannot be exaggerated enough, with recent research revealing that almost seven in ten consumers will happily take their custom elsewhere in the event of a data breach.

Additionally, an educated population of consumers will help encourage other businesses to improve their cybersecurity, ultimately leading to a more secure environment for both organisations and individuals to do business.

Sourced byJason Hart, CTO, data protect at Gemalto

The rest is here:
Encryption everybody claims to be doing it, but what does it mean? - Information Age

The Egyptian e-Signature Competence Center (ESCC) of the Information Technology Industry Development Agency (ITIDA) completed the e-signature encryption for financing cheques of government agencies at the Central Bank of Egypt (CBE).

Through the centre, ITIDA has encrypted the certified data and e-signatures from government agencies to the CBE and government banks linked to that system in order to protect the security of these checks and the data related to them.

The project comes within the framework of ITIDAs role in spreading the culture of e-signature in Egypt to ease and secure commercial and administrative transactions for individuals, companies, and government agencies.

The project included ESCC preparing the infrastructure for this system within the CBE, government agencies, and public banks linked to the system. This infrastructure is a group of computer servers and encryption-software produced in ESCC, next to service and technical support.

ITIDA CEO Asmaa Hosni stressed the importance of shifting into the digital economy and the need to begin strengthening cooperation to provide government services electronically, which requires the activation of e-signatures to ensure the protection and confidentiality of personal information.

Hosni also urged the need for cooperation of all stakeholders to activate the existing projects and move to securing and encrypting commercial e-transactions considering the impact on the economy, noting that ITIDA aims to achieve a breakthrough in electronic signature services.

ESCC has recently implemented a number of e-signature projects and securing e-mails for a number of government agencies, including the National Telecommunications Regulatory Authority (NTRA) and Damietta Ports Authority. The centre has also approved the e-signature software at the Ahli United Bank and the Suez Canal Insurance Company.

The centre is also set to implement a number of projects in encryption and e-signature, as well as securing emails for judiciary bodies and the commercial agreement sector of the Ministry of Trade and Industry, along with the Industrial Development Authority and the Ministry of Health.

Established in 2011, the ESCC works on managing and regulating e-signature standards and issues the licenses for electronic transactions activity.

ESCC is the only centre of its kind in the Middle East and North Africa to provide e-signature infrastructure services and their applications on different operating systems to achieve integration between the software and the Public Key Infrastructure.

E-signature practices in Egypt are governed and regulated by Law No. 15 of 2004 and its bylaw No. 109 of 2005, including civil, commercial, and administrative transactions that can be completed electronically. This aims to increase the efficiency of e-commerce and upgrade the performance of government services.

See original here:
ESCC completes signature encryption for financing checks of agencies at CBE - Daily News Egypt - Daily News Egypt

Share

Share

Share

Share

Email

On Tuesday (Mar. 7), Bluefin Payment Systems announced its new partnership with international online payments and fraud and data management solutions provider First Atlantic Commerce (FAC). Through the partnership, Bluefins PCI-validated point-to-point encryption (P2PE) solution will be used to help expand the data security for companies utilizing FACs payment gateway. These companies will also have access to Bluefins Decryptx PCI-validated P2PE solution, enabling merchants and acquiring banks in multiple jurisdictions across Europe, Mauritius and the Latin American Caribbean (LAC) region to get the security and scope reduction of PCI-validated P2PE.

PYMNTS caught up with Ruston Miles, Chief Innovation Officerof Bluefin Payment Systems, to learn more about the partnership announcement and why P2PE is such an integral security component for devaluing data in the fight against malware.

Here is an excerpt of the conversation.

PYMNTS: Why is this partnership so significant?

RM: FAC is the first payment processor to provide a PCI-validated P2PE solution to the LAC market through Bluefins decryption-as-a-service model, Decryptx. Decryptx is our standalone, PCI-validated P2PE offering that enables any processor or gateway globally to connect with our solution via an API and provide it direct through their platform. FAC can now provide a PCI-validated P2PE solution to all of the markets that they serve, including LAC, the European Union and Mauritius.

PYMNTS: How will the partnership help to expand data security in the market?What will it mean for the payments industry as a whole?

RM: FAC is a Level 1 PCI-certified payment gateway and registered ISO in the LAC region, and the partnership enables them to offer PCI-validated P2PE directly to their clients in that region where this solution was not available before. PCI-validated P2PE is an integral component of payment security because itencrypts cardholder data immediately upon swipe or dip in a PCI-approved P2PE terminal, and hardware decryption is done outside of the merchant environment preventing clear-text cardholder data from being present in a merchant or enterprises system or network where it could be accessible in the event of a data breach.

This partnership marks the growth of PCI-validated P2PE solutions globally, solidifying this technologys importance in the payments industry. Now that the EMV liability shift deadline has come and gone, and data breaches keep happening and credit card information keeps getting stolen from point-of-sale (POS) systems, companies understand that EMV does not encrypt card data it only authenticates the credit card. And in order to devalue their card data in the POS and make it useless to hackers, all merchants worldwide need technologies such as PCI-validated P2PE.

PYMNTS: Why was it important for Bluefin to make its solutions available to merchants and acquiring banks in the LAC region? Is this an entirely new market for Bluefin?

RM: The LAC market experiences the same data breach risks as the U.S., but unlike the U.S., where you have many validated P2PE providers, they dont have the PCI-validated P2PE tools within their region to mitigate their risks. So it was important for us to bring this solution to that market through FAC. Further, this solution is available through FACs virtual terminal product, which allows call centers, of which there are many in Latin America, to take payments securely in a card-not-present environment. And as eCommerce grows and there is more need for mail/telephone order transactions, the need for tools like PCI-validated P2PE to protect account data will increase.

PYMNTS: Whats next for Bluefin? Any more updates or news that can be shared?

RM: We will issue several more P2PE partner announcements in the next few months. Also, we invite anyone who wants to learn more about PCI-validated P2PE, including available solutions, how it is implemented and the return on investment to register for our webinar on Wednesday, Apr. 5 at 1 p.m. ET PCI Validated P2PE 3 Years in North America, What Has Changed?

Share

Share

Share

Share

Email

The rest is here:
Bluefin Boosts Payment Encryption Within The LAC Market - PYMNTS.com

The FBI and the Pennsylvania Attorney General's office are actively investigating a ransomware attack against the Pennsylvania Senate Democratic Caucus.

The Pennsylvania Senate Democratic Caucus has been attacked by ransomware, locking officials with the state organization out of their computers and rendering the group's website unavailable since Friday.

As of Monday, Mar. 6, any attempt to access http://www.pasenate.com results in an "Error establishing a database connection." The web pages for individual Democratic state senators are also unavailable, while Senate Republicans have not been affected. The FBI and the Pennsylvania Attorney General's office are actively investigating the attack.

According to local sources, Senate DemocraticLeaderJay Costa issued a statement acknowledging the infection and reassuring constituents, as the caucus continues to operate offline.Officials from the caucus have been in contact with law enforcement to investigate the incident and are working with Microsoft to restore the IT system. There is currently no indication that the caucus system was targeted or that any data has been compromised, Costa said in the statement, as reported by Harrisburg-area Fox affiliate WPMT.

In a separate interview on Monday, Sen. Costa told SC Media that the investigationcurrently involves "determining the point of entry and level of dissemination of the virus," noting that more information regarding the source of the infection will likely be made available by the evening. Once authorities officially reach this conclusion, "we'll begin to map out our recovery plan going forward," he added.

Costa did not elaborate as to whether there was a ransom demand, but did confirm that the caucus has adequate back-ups for all of its data, although it will not restore this data until its systems are thoroughly scrubbed free of infection.

Read more:
Encryption Key-stone state: Pennsylvania Senate Democratic Caucus struck by ransomware - SC Magazine

Many may have seen it within their WhatsApp and view encryption as being infinitely complicated, and while it is certainly no small feat to create truly secure encryption algorithms, there are a lot of simple types of encryption that you might have implemented yourself without knowing it.

pratyaksa via 123RF

Encryption was used by Julius Caesar during his reign of the Roman Empire, where he would change the first three letters of the alphabet to the last three thereby encrypting the messages he sent to his generals. Similarly, the Germans invented the Enigma machine to send encrypted messages during World War II, which meant the allies could not, at first, read the intercepted content.

Interestingly, the first prototype of the computer emerged from an investigation into figuring out how to decipher Enigma.

With this security technique, you will not only prevent identity theft but in the case of losing a device such as a smartphone, tablet or computer, you can be confident that cyber criminals will still not be able to access your data.

In this system, all internet users have two keys a public one that everyone can see and use and a private one that only a specific individual can use.

An alteration made by a mathematical algorithm transforms readable data (a message) into non-readable data. This means that when it is sent to a recipient, it is encrypted and in order to read it, a key is needed to decrypt it.

All the major operating systems and many popular software applications give you the option of encrypting files or folders on your device. When you use this option, you must choose a password that allows you (and anyone else you share the password with) to unlock and decrypt those files. As such, if a cybercriminal succeeds in intercepting one of the messages, he or she will not be able to read it without your private key, and your information remains secure.

Unlocking the file means that it has been decrypted in your devices memory. If for example, someone has opened a backdoor into your machine with malware, they can access that data if it is unlocked.

This does not mean encryption is ineffective, in fact, liberally using encryption can really limit the amount of damage someone can do and it can also shrink the window of time in which an attacker has access to your decrypted data.

Therefore, layers of defences are a good thing: one technology can help bolster the effectiveness of another as each shrinks the opportunity for an attacker to steal data.

Read the original here:
What is encryption, how does it work and why is it important? - Bizcommunity.com

It is not the first time developers of a popular ransomware strain suddenly throw in the towel. Various types of ransomware have had their master encryption key released to the public once their popularity starts to wane. The latest to do so is Dharma, and any victims of this malicious software can now have their files decrypted free of charge. A positive development, to say the least.

It is always a bit of a mystery as to why malware developers would provide the tools necessary to decrypt locked files free of charge. In the case of Dharma ransomware, very few people will be concerned as to what the reason behind this sudden decision may be, as they can now decrypt their files without paying the bitcoin ransom. The master encryption key for Dharma can now be found in Kaspersky Labs RakhniDecryptor tool.

It is always good to see the number of ransomware threats decline. Considering how crypto ransomware has become the new threat in the malware sector these days, a lot of consumers and enterprises are concerned about the dangers these tools present. Dharma is no longer a threat, but that doesnt mean ransomware is no longer an issue affecting enterprises and regular users all over the world.

To put this news into perspective, it was only a matter of time until the Dharma decryption key would be made public. A post appeared on the Bleeping Computer forum claiming to contain the decryption keys for Dharma ransomware. Although it took security researchers some time to determine the validity of this claim, it later turned out to be genuine information. No one knows the identity of the person responsible for posting the keys or what their motive may have been.

One thing very few people seem to be aware of is how Dharma is based on the once-popular Crysis ransomware strain. Criminals often take existing malware code and copy certain aspects of it. Once the developers make some minor modifications, they can release this new ransomware to the general public. Interestingly enough, the master decryption keys for Crysis were released through the Bleeping Computer forums as well. An intriguing correlation that should not be overlooked.

The Dharma master decryption key works for Crysis ransomware as well, which should not come as a surprise. Since both types of malware consist of nearly the same source code, it is only normal to see the decryption keys work for both tools. These keys should work fine for any other type of ransomware based on Crysis, although security engineers have yet to confirm or deny this statement.

Dharma started gaining popularity in November of 2016, as various reports came in from users who had their computer files locked and renamed to the .dharma filetype. It did not take long for researchers to link Dharma to Crysis due to some similarities in hex patterns at the footer of the encrypted files. It is good to see decryption keys made publicly available for these types of ransomware, as it helps victims evade paying hefty bitcoin fees to restore access to their files.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

The rest is here:
Dharma Ransomware Master Encryption Key Released - The Merkle