After being hit with a cyberattack in 2016, the Democratic Congressional Campaign Committee wants to be hack-proof. To do that, it's turning to a new messenger with end-to-end encryption.

Back in June, theDCCC migrated toencrypted messaging service Wickr, which is now the primary method of communication in the office. It's the first political committee to make the shift to end-to-end encryption.

Outside of the office, Wickr does not replace email.

End-to-end encryption services work by usingcryptographic keysthat can only be decoded and deciphered by message recipients.Wickr works byencrypting not just the messages, but also the keys themselves. Thisadded layer of encryptionkeeps communication as secure as possible.

SEE MORE: Obama Tells SXSW: Don't Be 'Absolutist' On Encryption

Some sayend-to-end encryption could help secure future political campaigns, but other offices and political figures aren't taking so kindly to the idea.

Back in July, theDCCC sent a letterto the National Republican Congressional Committee about cybersecurity. The letter called for combined non-partisan efforts to protect against future attacks. But Steve Stivers, chair of the NRCC, dismissed it as a"political stunt."

Attacking encryption has become a bipartisan effort. Last spring, Republican Sen. Richard Burr and Democratic Sen. DianneFeinstein introducedlegislation thatorders tech companiesto decrypt messages sent by terrorist groups and criminals.

The legislation was written in response toApple's refusalto help the FBI hack the iPhone of one of the San Bernardino shooters. But months later,Reuters reportedFeinstein and Burr's bill to be dead.

Governments outside of the U.S., however, have called for similar anti-encryption efforts. In response to the attacks on London Bridge, the U.K. parliament passed the "Snooper's Bill," which gives law enforcement authorities unprecedented access to web-browsing histories and data.

Earlier in July, Australian Prime Minister Malcolm Turnbull alsosupported legislationthat would obligate internet companies like Facebook to comply with law enforcement.

In regards to fears that the policy wouldn't be technically feasible, Turnbull said: "The laws of mathematics are very commendable, but the only laws that apply in Australia is the law of Australia."

One of the mainissues regarding decryption or creating a "back door" for government and law enforcement officials is that it opens the door for any hacker to intercept communications.

In other words, it would make end-to-end encryption functionally useless.

Read more:
House Democrats Are Using End-To-End Encryption To Avoid Future Hacks - ABC2 News

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

THE BIG STORIES:

--DEMS DOCRYPTOGRAPHICCYBERCOMMUNICATIONS: The Democratic Congressional Campaign Committee (DCCC) has taken to using an encrypted messaging app called Wickr for internal communications and correspondence with the campaigns of the most vulnerable House Democrats, BuzzFeed News reported Tuesday. The DCCC was among the organizations targeted by a Russian hacking campaign during the 2016 elections -- an attack that exposed the internal documents of a handful of Democratic House campaigns. Wickr, an end-to-end encrypted messaging software, was installed at the DCCC in June, according to BuzzFeed, and is a first for political party committees on both sides of the aisle. Encrypted messaging systems prevent third parties from deciphering communications and data sent using that software, meaning that only the sender and the intended recipient can view the information. Wickr is not intended to replace email and is used to send ephemeral messages and share files.

To read the rest of our piece,click here.

--DEMS ANXIOUS ABOUT PULLING RUSSIAN SANCTIONS BILL OVER FINISH LINE: The top Democrat on the House Foreign Affairs Committee expressed pessimism on Tuesday that long-stalled Russia sanctions legislation could get done before lawmakers leave Washington for August. The bipartisan bill passed in the Senate last month by a 98-2 vote, but it has since been stuck in the House due to multiple procedural problems. The Senate subsequently approved technical changes by unanimous consent three weeks ago. But House Democrats then objected to a provision that prevents them from forcing a floor vote to block the Trump administration if it tries to lift sanctions. And on Friday, House Majority Leader Kevin McCarthy (R-Calif.) suggested that the package, which also slaps sanctions on Iran, include a bill passed by the House earlier this year to sanction North Korea. Rep. Eliot Engel (D-N.Y.), the ranking Democrat on the House Foreign Affairs panel, appeared skeptical that the sanctions package could be sent to President Trump's desk before the House is scheduled to leave for the month long August recess at the end of next week. "I would hope. But every day passes and nothing is getting done, it makes it less and less likely. But that's not our fault. That's the Republicans' fault," Engel told The Hill. Engel added that he thinks adding North Korea sanctions will make it harder to resolve the already-complicated talks to move the package. "It makes no sense to me to have a North Korea sanctions bill thrown into the mix when we apparently can't even agree on a Russia-Iran sanctions bill," Engel said.

To read the rest of our piece,click here.

A POLICY UPDATE:

HOUSE VOTES TO FUND DHS CYBER OFFICE; SLASHES FUNDING FOR RESEARCH:

House lawmakers on Tuesday advanced a spending measure that would provide roughly $1.8 billion in funding for a Department of Homeland Security (DHS) cyber unit.

The bill would allocate the money for the National Protection and Programs Directorate (NPPD), the DHS office tasked with securing critical infrastructure from cyber threats.

The House Appropriations Committee approved the fiscal 2018 funding measure for the DHS by a vote of 30-22 during a markup on Tuesday.

The allocation for NPPD is similar to fiscal 2017 spending levels and on par with the Trump administration's request for $1.8 billion in discretionary funding for the office.

NPPD, which is charged with protecting U.S. cyber and physical infrastructure, would receive nearly $1.4 billion to help secure civilian networks, prevent cyberattacks and espionage, and help modernize emergency communications infrastructure.

However, the bill would cut funds to the DHS's Science and Technology Directorate by more than $100 million, reducing its budget to $638 million and putting it in line with President Trump's budget request. Rep. Dutch Ruppersberger (D-Md.) took issue with that cut on Tuesday.

"We are drastically cutting the important cybersecurity and research and development work that happens at the Science and Technology Directorate and shifting that money to fund a border wall," said Ruppersberger.

"The president may have promised a border wall, but I explicitly remember him saying Mexico would pay for it, not saying he would gut the important research and development work at the Department of Homeland Security to fund it," he continued.

To read the rest of our piece,click here.

A LIGHTER CLICK:

EARLY FAKE NEWS."Goodnight Moon"is not scientifically accurate.

WHAT'S IN THE SPOTLIGHT:

MORE LIKE WHATSOUT:

WhatsApp users in China are reporting that the app isn't properly working across the country, sparking concerns that the Chinese government is censoring the encrypted messaging app.

Many users on the app in China have not been able to send videos, pictures and, in some cases, even texts, reports The New York Times. One Beijing-based reporter tweeted that the app had not been working since Sunday and could only be used with the help of a VPN.

Security groups reportedly confirmed that WhatsApp was being disrupted by government internet filters.

"According to the analysis that we ran today on WhatsApp's infrastructure, it seems that the Great Firewall is imposing censorship that selectively targets WhatsApp functionalities," Nadim Kobeissi, an applied cryptographer at Symbolic Software, a cryptography research startup, said to the Times.

Instagram and its parent company, Facebook, which also owns WhatsApp, are both already blocked by Chinese government censors.

To read the rest of our piece,click here.

LETTERS APLENTY:

DEMS PUSH TO UPDATE PIPELINE CYBERSECURITY:

Sen. Maria CantwellMaria CantwellOvernight Cybersecurity: Dem campaign arm embraces encryption | Panel signs off on .8B for DHS cyber office | Dems want review of pipeline security Dems call for review of pipeline cybersecurity rules 2 national monuments safe from Trump administrations review MORE (D-Wash.) and Rep. Frank Pallone Jr. (D-N.J.) asked the Government Accountability Office and Transportation Security Administration on Tuesday whether voluntary guidelines for cybersecurity defenses for fuel pipelines need to be updated or codified.

"An assessment of these guidelines and their effectiveness is needed as a number of major trends have emerged, with potentially significant implications for our energy, national and economic security," the lawmakers wrote in a letter.

Cantwell and Pallone are the ranking members of the Senate Energy and Natural Resources Committee and House Energy and Commerce Committee, respectively.

In the letter, they note that the same type of cybersecurity standards legislation protecting the energy grid is not in place for pipelines delivering natural gas and oil despite pipelines' dependence on the same types of internet-connected systems.

To read the rest of our piece,click here.

WYDEN ASKS DHS TO HELP STOP FAKE GOVERNMENT EMAILS:

A Democratic senator is pressing the Department of Homeland Security (DHS) to mandate the government-wide use of an email authentication tool "to ensure that hackers cannot send emails that impersonate federal agencies."

"I write to ask you to take immediate steps to ensure that hackers cannot send emails that impersonate federal agencies," Wyden wrote on Tuesday to Jeannette Manfra, the DHS official. "The threat posed by criminals and foreign governments impersonating U.S. government agencies is real."

Wyden asked DHS to require agencies to use a tool called the Domain-based Message Authentication, Reporting and Conformance, or DMARC, a standard developed by industry that can reroute emails that fake the sender's address to the spam folder or have them outright rejected.

Without DMARC or another authentication method, there is nothing that prevents a sender from putting whatever email address they would like in the "from" field.

To read the rest of our piece,click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Muellergave his blessingsfor the Senate Judiciary to interview Donald TrumpDonald TrumpHouse Dems question Ivanka Trumps security clearance Dem lawmaker wears Trump, Putin 2016 hat for Made in America week Christie: Trump should 'move on' from healthcare MORE Jr. (The Hill)

The White House makes its case fordismantling net neutrality.(The Hill)

The FBI warnssmart toysmight be dumb. (The Hill)

"Far from expanding its system of biometric border screening,DHS should end it." (The Hill)

Headline of the day "Myspace fixes account security hole -but delete your account anyway." (Graham Cluley)

Lots ofsecurity camerasshare the same security flaw, inherited from a shared code library. (Motherboard)

If you'd like to receive our newsletter in your inbox,please sign up here.

View original post here:
Overnight Cybersecurity: Dem campaign arm embraces encryption ... - The Hill

Apple's top privacy executives have flown out to Australia twice in the past month to lobby the Turnbull government over looming changes to laws that govern access to encrypted messages.

Play Video Don't Play

Play Video Don't Play

Previous slide Next slide

The government wants to work with tech companies to ensure police and security officials can access the encrypted messages of criminals and terrorists.

Play Video Don't Play

Mario and friends join Ubisoft's Rabbids for a feel-good and modern combat adventure, coming to Nintendo Switch in August.

Play Video Don't Play

The company's project is designed to provide a rich interactive experience of the national park that can be enjoyed from anywhere around the world.

Play Video Don't Play

Disney-Pixar and Sphero have announced a robotic version of the iconic film character that talks, moves and drives just like the animated version.

Play Video Don't Play

Uber suspends its pilot program for driverless cars after a vehicle equipped with the technology crashed in Arizona.

Play Video Don't Play

Beyond Media's Shashi Fernando explains how Lenovo's Entertainment Hub can 'upscale' regular 2D movies and games into VR experiences.

Play Video Don't Play

Tech editor Tim Biggs takes a look at the three modes that make up the very first Super Mario game for smartphones.

The government wants to work with tech companies to ensure police and security officials can access the encrypted messages of criminals and terrorists.

The global technologygiant, which is on track to become the world's first trillion-dollar company, met with Attorney-General George Brandis and senior staffin Prime Minister Malcolm Turnbull's office on Tuesdayto discuss the company's concerns about the legal changes, which could see tech companies compelled to provide access to locked phones and third party messaging applications.

Apple has arguedin the meetingsthat as a starting point it does not wantthe updated laws to block tech companies fromusingencryption on their devices, nor for companies to have to provide decryption keys to allow access to secure communications.

The company has argued that if it is compelled to provide a software "back door" into its phonesto help law enforcement agencies catch criminals and terrorists, this would reduce the security for all users. It also says it has provided significant assistance to police agencies engaged in investigations, when asked.

Apple famously refused to comply with a request by the FBI to unlock the phone of one of the shooters in the San Bernardinoterrorist attack in 2016, drawing criticism from law enforcement agencies and praise from privacy advocates.

While the Turnbull government is preparing new legislation to introduce by the end of the year, it is not yet clear howit wants tech companies to facilitate access to secure devices such as phones.

Get the latest news and updates emailed straight to your inbox.

The laws will be modelled on those introduced in Britain about a year ago and the government saysit will update and enhance the obligations on tech companies that make phones and secure messaging applications such as WhatsApp to provide assistance to police and spyagencies when requested, subject to a warrant.

Just how this greater access to, for example, locked devices and encrypted messages can technically be achieved is not clear and this, in part, was the purpose of the government-Apple meeting.

A source familiar with the discussions between Turnbull government representatives and Apple saidthe company was effectivelytrying tominimise the amount ofadditional regulation and legal obligation that would be placed on it and other tech companies to hand over or facilitate access to secure information.

Another source familiar with the discussions said both sides were taking a collaborative approach, and that the Turnbull government had explicitly said it did not want agovernmentback door into people's phones, or to weaken encryption.

Last week, Senator Brandis said the government wouldwork with companies such as Apple to faciliate greater access to secure communications but warned that"we'll also ensure that the appropriate legal powers, if need be, as a last resort, coercive powers of the kind that recently were introduced into the United Kingdom under the Investigatory Powers Act...are available to Australian intelligence and law enforcement authorities as well".

The Prime Minister has been pushing for tech companies to work more closely with government and not allow "ungoverned spaces" to flourish online, and to allow easier access to encrypted information on phones and in the cloud, subject to a warrant.

Mr Turnbull has saidtech companies such as Apple and Facebook "have to face up to their responsibility. They can't just wash their hands of it and say: 'It's got nothing to do with us'."

At the G20he played a key role in drafting a section of the leaders' final statementon encryption that emphasised the law had to apply online, just as it did elsewhere.

The paragraph promised, in part, that "in line with the expectations of our peoples, we also encourage collaboration with industry to provide lawful and non-arbitrary access to available information where access is necessary for the protection of national security against terrorist threats".

Follow us on Facebook

Read the original:
Apple flies in top executives to lobby Turnbull government on encryption laws - The Sydney Morning Herald

Get today's popular DigitalTrends articles in your inbox:

Why it matters to you

This technique shows hackers don't need bottomless wallets or even direct access to a system to breach heavy encryption.

Security researchers have devised a method of defeating AES-256bit encryption in as little as five minutes, and most importantly, you dont need an expensive supercomputer to do it. The technique leverages radio hardware to measure the frequency changes in the magnetic field generated during encryption to record and decode the information from a distance.

Manufacturing and digital security often have the project management triangle in common. Defeating security and breaching encryption can rarely be done fast, well and without significant cost. But what this Fox-IT technique achieves is very close to that ideal, offering the ability to crack even complex AES-256bit encryption in a few minutes with relatively cheap, off-the-shelf hardware.

Although using more-expensive radio recording hardware can yield better results, the technique is capable of cracking software encryption using just a $25 USB stick and a small wire loop antenna.

By measuring the power output of the encrypting system, the snoopers can tell when an algorithm is receiving input data and later outputting it in an encrypted form. With a mixture of guesswork and correlation, the researchers are able to take that and begin to decode the AES algorithm. By attempting to figure out what the correct value (of 256 options) for each of the 32 bytes is, only 8,192 guesses must be made.

If you were to attempt to brute force hack the encrypted message itself, youd be making an impossible number of guesses (two, to the power of 256). This technique makes the impossible not only viablebut easy.

Better yet, the technique doesnt require direct access to the encrypting hardware. The researchers were able to perform the technique from up to a meter away.

That was technically only possible because of ideal testing conditions though. In reality, the most even those with high-end equipment could expect to conduct such an attack is from 30 centimeters away. Still, being able to make such an attack from a distance with cheap hardware highlights the potential for new attack vectors against typically near-foolproof encryption systems.

Although breaking open someones obfuscated files is almost always going to be easier if you extract the decryption key from the owner, this system offers a new way for all sorts of organizations and individuals to target it. In turn, this should lead to better shielding for protected hardware in the future.

Read the original here:
$20 antennas can now help breach 256-bit encryption standards - Digital Trends