ISIS's Encrypted Messaging App Isn't Real; But Backdooring Encryption Still Won't Help The NSA
from the be-real dept
So we recently reported on a claim that ISIS had been spotted making use of their very own encrypted messaging app, and highlighting how totally useless US laws requiring tech companies to backdoor encryption would be in that situation. However, it turns out that we should have been a lot more skeptical of the original report, coming from a single sourced security company. Over the years, we’ve learned that single-sourced security company claims are often highly suspect, and designed much more to get attention or increase FUD, than based on any real issue. The good folks over at Daily Dot are now reporting that this encrypted messaging app doesn’t really appear to exist, and their investigation is pretty thorough and fairly convincing. Just like the claims that ISIS had a “training manual for encryption,” this claim appears to be false.
That said, it still doesn’t mean that ISIS is actually relying on encrypted apps that would be opened up by a US legal change requiring encryption backdoors. As we noted in our last post, research from the Open Technology Institute showed that almost all the popular encrypted communications app that were named as being used by ISIS were either open source or not maintained by a US company, meaning any such law would be basically meaningless to ISIS folks trying to communicate.
Filed Under: backdoors, encryption, going dark, isis, messaging
Comments on “ISIS's Encrypted Messaging App Isn't Real; But Backdooring Encryption Still Won't Help The NSA”
Even if the DAESH (let’s stop calling them ISIS) had an app that had encryption the NSA couldn’t break, it would be a bad reason to break all encryption.
Re: Re:
let’s stop calling them ISIS
Why?
Re: Re: Re:
It’s the name they want to be called as it seems to imply they’re a legitimate “State”.
DAESH is the acronym for the same thing in their native tongue but has pun-like connotations with the word for “coward”.
It’s similar to how we call the MPAA/RIAA the MAFIAA because it mocks them by alluding they are something we see them as vs. what they want to be seen as.
Re: Re: Re: Calling The Islamic State "Daesh" or whatever.
When I’m talking about ISIL or any entity, I’m inclined to name them by a neutrak or respectful term since I want to focus on my specific point.
The Islamic State is an organization intent on global conquest and the erection of a society against which I have clear conflicting interests (given I want a society that celebrates pluralism and social equality). Giving ISIL a name would only distract from this point.
I do think it is appropriate to mock methods such as Hollywood Accounting since that serves as a mnemonic and shorthand of a terrible practice. Hollywood accounting is cause to despise the MPAA and IP law, and is part of an argument.
Just backdoor the encryption already!
This going dark “problem” is flipping simple to fix.
1. Create a “secure” messaging application that has a hidden back door.
2. Infiltrate ISIS, share secure messaging app with them.
3.Release news articles about how this new messaging app that ISIS is using is uncrackable.
4.Pat yourself on the back for a job well done
Maybe step 3 is whats really going on here?
This is not that difficult to pull off, everyone trusted TrueCrypt until the people behind it said its insecure.
Re: Just backdoor the encryption already!
In computer encryption there is no such thing as a secret back door.
I’ll use a very very simplistic example of a “secret back door” in an encryption algorithm. When a hacker goes through the encryption algorithm that has no back door (again extremely simplistic) this is what it would look like metaphorically of coures.
22222222222
22222222222
22222222222
with a good encryption there are no holes or back doors.
Now your encryption with a back door
22222222222
22222223222
22222222222
This is how easy it is for an expirenced hacker to find the secrete back door.
any hole in encryption is like taping your house key to your front door after locking it. not under the matt taped to the door
not so easy now is it?
Daesh sticks with Telegram, pkTron, ICQ, tor
Rumour has it that both friend and foe (daesh,anonymous,…) are mostly using ICQ (stupid), Telegram Messenger (a bit less stupid) and PkTron Chatstream (smarter) via Tor browser or vpn. Both Telegram’s and PkTron’s owners/administrators/sysops are the real weak links. Even better than a backdoor is an inside man… Having said that, I guess they use pkTron for the anonymity and obfuscation. Hiding / cloaking possibly beats encryption anyway.
Ariel.
Re: Daesh sticks with Telegram, pkTron, ICQ, tor
You forgot using “Land Lines and speaking foreign language.”
Re: Re: Foreign language?
Our intel guys can’t speak Arabic or Farsi?
Not that rare foreign languages haven’t been famously used as military encryption. The US use of Native American code talkers served to be the strongest obfuscation of WWII transmitted communication.
But I don’t think any Middle Eastern languages are obscure enough to be implemented that way. I could be wrong. I know a Dane whose family speaks a dying language used only in a single village, not that anyone ever hire the villagers to send obscured communications.
“I’m inclined to name them by a neutrak or respectful term “
Because you respect them? I’m sure DAESH would happily remove your head and rape your young sister or daughter anyway. They deserve neither neutrality or respect.
Re: It's not about deserve.
Maybe it’s because I’m more respectful than they are.
To be fair, at the government level respect is commanded not by gentle regard (or crimes against humanity) but by brute force, and they do seem to be holding territory despite our efforts to depose them.
And the US continues a drone strike program in at least two theaters that annihilates civilians at a greater rate than gun fatalities in the US, and we continue to detain and torture people without due process. So our own record of humane treatment and war crimes is direly lacking as well.
The US doesn’t have the moral high ground, and we can’t really say that the US is even pushing for a more egalitarian system anymore, they’re just more subject to pressure.
So yeah, what members of the Islamic State might do to my family is not very relevant. What the US would do to my family (were I on the other side) is pretty bad.
And as I noted, my point is not that either one has a derisible name, but that they both engage in derisible behavior. Both really shitty when it comes to confining the devastation and massacre from their conflict to just belligerent forces. In fact both sides seem eager to make a big mess that affects everyone.
I think that if I point that out without mocking them in the meantime, it keeps the focus on aforementioned mess.
Re: Re: It's not about deserve.
The only thing I can come up with that they deserve, is pity.
The drone strikes are questionable and Guantanamo a blight on the US record. The DAESH have intentionally killed Christians and raped hundreds of innocent young girls. Did I mention drowning prisoners and throwing gay men off of buildings. DAESH are sick animals.
Back on topic, the US should still not undermine encryption because of these lowlife scum.
Re: Re: Re: As I said, it's not about deserve.
Guantanamo is not a blight. Camp delta still exists. We’re still detaining and torturing people. This is a thing that continues to go on.
And any dubiousness of drone strikes is because we choose not to look very hard at it. Though we do like to count bugsplats. (Yes, we really do call drone-strike victims that.)
The US massacres villages full of children on the intel that there’s a village there. Not because there’s someone we want to kill, though that would still be horrific. But because we don’t know that we don’t want to kill them. So we presume that we do. We strike at maximum range without any clear idea of what we’re striking at or who it is.
We could stop the CIA drone strike program today. We’d lose no strategic ground for it and lots of people would have a better year for it. The only reason we don’t because our government likes massacring brown people.
The Islamic State are evil shits. But the US is batting well into the evil shit threshold as well. It’s a shitty war and neither side has a moral high ground.
It's almost like a movie.
Specifically: Sneakers. Where they snag a code breaking machine, but figure out that it’s only good for breaking codes of US encryption. So who are they really spying on again?
Encryption...
All this makes me wanna do is check out the ones in the “Safest” column.