What the CIA WikiLeaks dump tells us: Encryption works

[conceptualclarity]

NEW YORK (AP) — If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works, and the industry should use more of it.

Documents purportedly outlining a massive CIA surveillance program suggest that CIA agents must go to great lengths to circumvent encryption they can't break. In many cases, physical presence is required to carry off these targeted attacks.

"We are in a world where if the U.S. government wants to get your data, they can't hope to break the encryption," said Nicholas Weaver, who teaches networking and security at the University of California, Berkeley. "They have to resort to targeted attacks, and that is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago."

MORE ENCRYPTION

Four years ago is when former NSA contractor Edward Snowden revealed details of huge and secret U.S. eavesdropping programs. To help thwart spies and snoops, the tech industry began to protectively encrypt email and messaging apps, a process that turns their contents into indecipherable gibberish without the coded "keys" that can unscramble them.

The NSA revelations shattered earlier assumptions that internet data was nearly impossible to intercept for meaningful surveillance, said Joseph Lorenzo Hall, chief technologist at the Washington-based civil-liberties group Center for Democracy & Technology. That was because any given internet message gets split into a multitude of tiny "packets," each of which traces its own unpredictable route across the network to its destination.

The realization that spy agencies had figured out that problem spurred efforts to better shield data as it transits the internet. A few services such as Facebook's WhatsApp followed the earlier example of Apple's iMessage and took the extra step of encrypting data in ways even the companies couldn't unscramble, a method called end-to-end encryption.

CHALLENGES FOR AUTHORITIES

In the past, spy agencies like the CIA could have hacked servers at WhatsApp or similar services to see what people were saying. End-to-end encryption, though, makes that prohibitively difficult. So the CIA has to resort to tapping individual phones and intercepting data before it is encrypted or after it's decoded.

See more of the story at EarthLink - Technology News

 

[Aleeyen]

If the amount of data is small any organization with access to very powerful hardware will be able to break it. But when some organization has a lots and lots of data then the powerful hardware also fails. As time goes by CIA will get more powerful hardware but at the same time the end users hardware will also become powerful so as the software. Its a cat and mouse game and it will never stop. One thing is for sure if everybody starts to use encryption agencies will really have a hell of a time.

 

[Deleted member 178]

Quantum Computing Kills Encryption

 

[larry goes to church]

A colleague of mine is currently studying Quantum computing and from what he tells me they are still far off form effectively utilizing this technology.
Essentially its still in development.

Never the less, you are correct, it kills encryption.
Until then..

From the Wikileaks page..

A similar unit targets Google's Android which is used to run the majority of the world's smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. "Year Zero" shows that as of 2016 the CIA had 24 "weaponized" Android "zero days" which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.

 

[amir 957]

Are the new documents about CIA true?
Even Google has confrimed that tacitly

 

[Winter Soldier]

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.

In the data made available to the public it's not told that the CIA has compromised the encryption of WhatsApp, Signal or Telegram, but who is able to intercept the keystrokes of the users in general if he manages to infect the entire smartphone on which these apps are running. Then the security of these apps is not violated but simply, as with any app, if the device has been compromised, there is nothing that the app can do to protect its user. Indeed, according to Moxie Marlinspike, the creator of Signal, the fact that the CIA has to resort to individual infection of the smartphone, means that the encryption of Signal is robust against eavesdropping of mass. And if an intruder has physical access to your personal devices means that could make everything he wants.