Category Archives: Encryption

Franco-Dutch SIM card maker claims US and UK hacked its networks

Posted on by

Gemalto chief executive Olivier Piou said an internal investigation had shown that in 2010 and 2011 there had been two particularly sophisticated intrusions. Photograph: Ian Langsdon/EPA

The worlds largest producer of SIM cards says it believes both the US and UK security services hacked its computer systems in 2010 and 2011 trying to steal encryption keys that could have given them unfettered global access to mobile phone data.

The Franco-Dutch firm, Gemalto, which has its headquarters in Amsterdam, is listed on both the Paris and Amsterdam stock markets, and has 10,000 employees in 85 countries, said the hacks had breached its office network though it was unclear whether they had accessed the encryption keys.

The alleged hacks were reported last week by the specialist website, Intercept, which cited documents leaked to it by former National Security Agency (NSA) contractor Edward Snowden.

Gemaltos chief executive Olivier Piou said that while hacking was a constant problem, an internal investigation had shown that in 2010 and 2011 there had been two particularly sophisticated intrusions consistent with the Snowden documents.

They had reasonable grounds for believing, he said, those hacks had probably been the work of the NSA in the US and GCHQ (Government Communications Headquarters), based in Cheltenham in the UK.

The operation appeared to have been an attempt to intercept the encryption keys that unlock mobile phone SIM cards while they were being transferred from Gemaltos high-security production facilities to mobile network operators worldwide.

Whether SIM security codes were stolen and how many, thats difficult to say, Mr Piou told reporters. How many were used, thats even harder to say.

However, even if the hack had succeeded in stealing codes, the agencies would have been able to spy only on 2G mobile phone networks. More up-to-date 3G and 4G networks were not vulnerable to that type of attack.

Asked if the company had contacted either GCHQ or the NSA when the hacks were discovered or since, he said it would have been a waste of time and they did not intend to take legal action for the same reason.

Here is the original post:
Franco-Dutch SIM card maker claims US and UK hacked its networks

Clinton is looking for a middle ground on encryption that experts say doesn’t exist

Posted on by

Hillary Rodham Clinton avoided taking a position on how easy it should be forlaw enforcement to access people'sencrypted e-mails and textsduring an interview at a women's leadership conference in Silicon Valley on Tuesday, calling the debate a "classic hard choice."

"I think what we're missing is that people are kind of in their corners arguing about liberty versus security instead of saying, 'Look, we all want to have privacy for the end users' that's what the companies are responding to. They're trying to be able to tell their customers, 'We're going to protect your data,'" she said. "But we also don't want to find ourselves in a position where it's a legitimate security threat we're facing and we can't figure out how to address it because we have no way into whatever is holding the information."

Clinton said people have a legitimate right to privacy, but she argued that the encryption debate was about finding "the right balance a balance Clinton said she hasn't figured out yet.

Clinton saidher position was "not a dodge," but some within the tech industry were not convinced, including Nu Wexler, a member of Twitter's policy communications team.

Asked by Re/code's Kara Swisher how she might resolve the issue, Clinton said she would start with having a "real conversation" with tech executives. "I think the conversation, rather than 'you don't understand privacy and you don't understand security,' ought to be 'OK, let's figure out how to do this,'" she said.

But there is already a dialogue going on between theObamaadministration and leaders of the technology industry and much of it is coming down to the technicalities of how encryption works more than an ideological debate over privacy and national security.

Technology companies have moved to expand their deployment of encryption in the wake of revelations about the scope of the National Security Agency's surveillanceprograms. Apple and Google, for instance, have made it impossible to unlock many mobile devices using their operating systems even if served with a legitimate warrant. This hascreated tensionwith U.S. law enforcement officials, who warn that this could allow cybercriminals or terrorists to "go dark." The officials have urged technology companies to build into their products ways for the government to intercept encrypted communications.

But cybersecurity experts have criticized this approach, saying that such "lawful intercept" technology can't be implemented without fundamentally undermining how encryption works adding complexity into the code that multiplies risks and gives hackers yet another target to attack.

The debate sparked aheated exchange between NSA Director Mike Rogers and Yahoo's information security chief officer, Alex Stamos, at a cybersecurity conference Monday. "Its like drilling a hole in the windshield," Stamos said.

Clinton's husband, former president Bill Clinton, oversaw an earlier round of the encryption debate, during the 1990s commonly known as the "cryptowars." As part of the cryptowars, the government promoted the use ofNSA technology called the "clipper chip" to provide intercept capabilities forencrypted phone calls. But researchers discovered vulnerabilities in the design that could be exploited, leaving those calls insecure against others hoping to eavesdrop.

Read more here:
Clinton is looking for a middle ground on encryption that experts say doesn’t exist

Designing an Efficient Image Encryption Then Compression System via Prediction Error Cluste – Video

Posted on by


Designing an Efficient Image Encryption Then Compression System via Prediction Error Cluste
Frontline offers Final Year IEEE Projects. Get the abstract, project source code, documentation ,ppt and UML Diagrams. Online Demo and Training Sessions available. Frontline India visit us...

By: IEEE Projects Karur Frontline

Go here to see the original:
Designing an Efficient Image Encryption Then Compression System via Prediction Error Cluste - Video

How to restore files from encryption program "Folder Protect" —Part 01 – Video

Posted on by


How to restore files from encryption program "Folder Protect" ---Part 01
In this first part we will talk about the problem of restoring the encrypted files by" Folder Protect" program and what are the problems encountered by the user when the forgotten password...

By: We Learn To Change For The Better

The rest is here:
How to restore files from encryption program "Folder Protect" ---Part 01 - Video

What President Obama is getting wrong about encryption

Posted on by

President Obama tried to walk a very fine line on encryption, the technology that secures much of the communications that occur online, during his recent visit to Silicon Valley -- saying that he is a supporter of "strong encryption," but also understands law enforcement's desire to access data.

"I lean probably further in the direction of strong encryption than some do inside of law enforcement," Obamasaid during aninterviewwith tech news site re/code. "But I am sympathetic to law enforcement because I know the kind of pressure theyre under to keep us safe. And its not as black and white as its sometimes portrayed."

But the technical aspects of encryption actually are quite black and white, experts say, adding thatthe example Obama usedto illustratethe risks of encryption doesn't match up with how tech companies are deploying the security measure for customers. Obamasuggestedthat the FBI might be blocked from discovering who a terrorist was communicating with by tech companies' recent efforts to beef up encryption. But that type of data would still remain available, technical experts say.

The White House declined to comment.

Tech companies have expandedtheir encryption offeringssincedetails about the National Security Agency's efforts to get around security practices were revealed by former National Security Agency contractor Edward Snowden. Perhaps most notably, Apple and Google have made it so they are unable to unlock many mobile devices that use their operating systems -- even if served with a warrant.

This has set up a conflict between tech companies and law enforcement officials, who warn such technology can allow bad guys to "go dark" and evade legitimate attempts at surveillance.

Obama tried to explain a scenario where this might harm national security during his re/code interview:

Lets say you knew a particular person was involved in a terrorist plot. And the FBI is trying to figure out who else were they communicating with, in order to prevent the plot. Traditionally, what has been able to happen is that the FBI gets a court order. They go to the company, they request those records the same way that theyd go get a court order to request a wiretap. The company technically can comply.

With the expansion of encryption, Obama said, a tech company may have secured that data so well that it would be inaccessible. But that's not actually how the iOS or Android default encryption works, technical experts say.

"The example he gives in his interview is one where encryption deployed by a company prevents them from being able to tell the government who someone is in contact with," said Christopher Soghoian,the principal technologist at the American Civil Liberties Union's Speech, Privacy and Technology Project. "That's not taking place right now."

Excerpt from:
What President Obama is getting wrong about encryption

NSA, Britain’s GCHQ allegedly seized encryption keys for millions of phones

Posted on by

British and American spy agencies allegedly hacked into a Dutch company that makes SIM cards to obtain encryption keys used to shield the cellphone communications of millions of customers around the world, according to a report in the Intercept.

Citing documentsobtained by former intelligence contractor Edward Snowden, the online publication reported Thursday that Britains GCHQ and the National Security Agency targeted Gemalto, the worlds largest manufacturer of SIM cards.

The multinational firms clients include AT&T, T-Mobile, Verizon and Sprint, as well as hundreds of wireless network providers around the world. It produces 2billion SIM cards a year, the Intercept reported.

The cards, which are chips barely larger than a thumbnail, are inserted into cellphones. Each card stores contacts, text messages, the users phone number and an encryption key to keep the data private.

Gemalto produces the SIM cards for cellphone companies, burns an encryption key onto each and sends a copy of the key to the provider so its network can recognize an individuals phone.

According to the Intercept, GCHQ targeted Gemalto employees, scouring their e-mails to find individuals who might have access to the companys core networks and systems that generate the encryption keys. The goal, the publication said, was to steal large quantities of keys as they were being transmitted between Gemalto and its wireless network providers.

The NSA did not immediately respond to a request for comment.

Stealing the encryption keys makes it possible to eavesdrop on otherwise-encrypted communications without undertaking the more difficult challenge of cracking the encryption. It also avoids alerting the wireless company or the person using the phone.

The NSAs interception of phone calls and other content is bound by different legal standards. A warrant is required to target an Americans calls and e-mails. In general, targeting a foreigners communications for collection overseas does not require a warrant.

The publication cited one 2010 GCHQ document that said that agency personnel developed an automated technique with the aim of increasing the volume of keys that can be harvested.

Read the original:
NSA, Britain’s GCHQ allegedly seized encryption keys for millions of phones

Spy agencies’ hacking of mobile encryption keys is no surprise, says security expert

Posted on by

The alleged hacking of Sim maker Gemalto by UK and US spy agencies to steal mobile communication encryption keys is not a huge surprise, according to a Europol adviser on cyber security.

If it is true, it is plausible that they would do this, but then I suspect every other significant communications interception intelligence agency will be doing the same, said Alan Woodward, cyber security expert and visiting professor at Surrey University.

But Woodward believes the journalists who first reported the hacking have their own political agenda. So one needs to calibrate the way it is written with that in mind, he told Computer Weekly.

There appears to be a desire in some quarters to conflate the ability to listen in on mobile calls with mass surveillance.I don't see that as the case.

If it is true, the joint GCHQ and NSA operation simply shows intelligence organisations adapting to new technologies as they come along to make sure they do not go blind, said Woodward.

If the encryption keys were stored on a computer network that the spy agencies hacked into, and Gemalto had no idea it had been hacked prior to the report by The Intercept, Woodward believes this suggests many others may have been into that same network for the same purpose.

I'm afraid it's what secret intelligence services do, and personally I'd rather my country was doing it where there is at least some oversight of such operations, he said.

But this again raises the whole issue of whether the UK government should be conducting such surveillance, even if it is under various rules.

Just like policing, it has to be done by consent, said Woodward. And, if the population were to turn to the government and say 'you must dismantle this capability', then it should be clearly understood that this will have security implications.

Woodward does not see this as a trade-off between privacy and security. He believes that although mass surveillance is undesirable, it is possible to have both privacy and security if there are appropriate rules and oversight.

Follow this link:
Spy agencies’ hacking of mobile encryption keys is no surprise, says security expert