“Safe space for extremist ideology”

An engineers take on the words of his world being thrown around by those with even less understanding than myself – as quite frankly it hurts. It hurts to hear assumptions and blame, and a lack of understanding – short or long term. To borrow from another it is “academically lazy”. So – to clear my mind, here are a few words, most of which will be sound, but open to reasoned correction. This comes with the heavy caveat that InfoSec is not my line of work – but, and a weighty ‘but’ – even the most minor exposure to a live internet at an enterprise level and the rudiments of PKI would give you a glimpse into the Pandora’s Box of what she shakes and prods.

TALK TO ME ABOUT ENCRYPTION

End to end encryption is what this is mostly about. The concept that you can use a cipher that will mean your information will be sent from one location to another in a way that unless you posses the private key at the recipients end – cannot be intercepted and read.

Seems legit.

Ciphers in use today are mostly secure. It’s a given that you can probably brute force them or work on them in such a way you could eventually get hold of the data, but in the majority of cases, this will be out of context and of little use. The use of point to point encryption – as long as the private keys remain just that – are hard to change in transit.

The suggestion from the powers that be is that backdoors are created, weaknesses inserted, or if cryptography is used, that the keys are escrowed, with a copy living with them. Yay.

What could possibly go wrong?

STAYING SECURE

I mean the state has a long and distinguished background of not having things leaked, broken into, crypto lockered, you name it. So sure – that stock pile of known vulnerabilities that The Man keeps for a rainy day – known ways to get in, well – lets just assume we were the only ones smart enough to figure that out and we are keeping these in such a way that no one else can distribute them. Because we would not want internet wide cryptographic security (upon which everything but physical security relies upon after all) breached everywhere it is used… sure… no… this would just effect “the bad man” as we see it. Obviously. Duhh. Lets take a famous example – Enigma. That was pretty bad-ass wasn’t it? Extra reels for slow moving stuff like boats too. Bravo. However us lot over here in the UK could intercept their messages, and we could decipher them with a bit of engineering, and well… that’s that. They had no idea. The cheeky bit is when we went on to sell technology… and no one knew it was fatally flawed. National security all over the spinning ball of mud and water in the pan. Naughty. No… nothing like that would ever happen. Oh, and remember – if it did – you would be bound by new laws that would mean that talking about them would have very very very very bad consequences for you. So basically – hey – so they got out – no one knows.

THEY WILL USE SOMETHING ELSE

Remember James Bond? Sure. He had a bunch of gadgets, but modern IT was on the whole not one of them. That was the era of the clandestine meetings. Talking in a park facing each other, hands over mouth. Brief cases left by benches. You know the cliche’s. Two things will happen – they will either use different tools, evolve or regress. With so much talk of air-gapping these days – a return to writing things down, invisible ink, burning notes, meeting face to face, couriers. That or switch it up to harder crypto. The big differentiator here is that we are dealing with a smart higher echelon, and from what I gather, not so much further down i.e. people who are willing to blow themselves up for a cause – surely this is exhibiting sever narcissistic tenancies or psychological issues that are pretty deep seated. I should think it is pretty safe to say these are not Nihilistic or severely depressed individuals… they would simply lack the motivation? So I am guessing the issue becomes compartmentalisation, and a lowest common denominator… for example the recent media revelation of Telegram, and the old one always trotted out WhatsApp.

IT IS ONLY POINT TO POINT

Strong encryption works point to point, when leaving that machine, through the router, through the carrier, over the wider network and reversed the other end. Not back to clear text until a process at the other end re assembles it. This is POINTLESS if either of the two endpoints has been compromised – as the decrypted data will be loud and clear, even if you have to dig for it.

SOLUTION

Lets assume we have a person of interest. Let us GO THROUGH ALL THE PROPER JUDICIARY CHANNELS so that we maintain the tattered remains of our rights and compromise one end of the connection. The software and hardware tools are available (referencing above, to the bad man as well as The State – and the list of those available is long and distinguished) to aide the short or long term compromise of that host. Magically we retain the ‘freedom’ we are all so proud of, process has been followed, and the very glue that currently keeps the internet from seeing each others dirty washing… bank details… personal habits…. Stays intact. What we are seeing is a high focus, high skill type attack, on a single host, or hosts, sanctioned by law – and all this goes away… with no reduction to existing security of you, me, our children.

So yeah – lets blame providers, safe havens, cryptography. Lets systematically go about breaking all the good stuff. That is the future.   …and it makes you wonder WHY?

Lets not head off down the WHY, lets not head off or even start on why we find ourselves in this situation to start with – we could talk about that for HOURS. However this, in simple terms, is it. Why such words are empty, dangerous, and quite frankly lazzy – in laymans terms.

Rant ends.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this:
Skip to toolbar