Monthly Archives: December 2015

Apple CEO Stands Strong Against FEDs on Encryption

encryption3Last Sunday, Apple CEO Tim Cook took part in an interview on the CBS new programĀ 60 MinutesĀ in which he asserted the rights of tech companies to provide encryption services to their clients.

“There’s all kinds of sensitive information on smartphones today,” claimed Cook. “You should have the ability to protect it. The only way we know how to do that is to encrypt it.”

Cook noted that Apple was still willing to comply with search warrants served on it by law enforcement officials.

FBI Director James B. Comey disagrees, believing encryption is only remains a legal service because of a lag between legislators and inventors: “Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem… We call it ‘Going Dark’ and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism, even with lawful authority.”

“We have the legal authority to intercept and access communications and informant pursuant to court order, but we often lack the technical ability to do so,” added Comey.

Plenty of security and tech advocates take issue with Comey’s initiative to ban encryption services.

“A proposal to protect our security by weakening our security is going in the wrong direction,” asserted executive director of the Electronic Frontier Foundation Cindy Cohn.

“If the government were to suggest that no one put locks on their doors because if we were a terrorist it would be harder to get into our house, we would think that was a bad idea… This is pretty much the digital equivalent of that.”

supercompute2Cohn makes an excellent point; as large scale hacks become commonplace, government agencies are finding that sometimes not even they can keep their sensitive data under wraps. If they have access to everyone’s data, or make that data more accessible to everyone, terrorists won’t be the only users made more vulnerable.

Berin Szoka, the president of TechFreedom, claims that this issue presents a historic crossroads in American history and the history of the internet:

“This is really a binary issue. Are you going to allow end-to-end encryption by the operating system makers or not? Once you say no, you start down this road without stopping the really smart bad guys from continuing to use encryption on their devices.”

CEO of Accellion Yorgen Edholm believes the government can achieve its goals by walking a separate path: “If the government law enforcement agencies are looking for an encryption compromise, maybe they should look outside the tech sector for it… Encryption can always be broken by people who have supercomputers- the government has more supercomputers than anyone else. So the government has the resources to decrypt anything. It’s just that those resources have to be made available to local law enforcement… That compromise wouldn’t make it easier for the bad guys to get into my privacy just because the government wants to have the computer equivalent of a wiretap.”

 

UK Police Crack Down on Young Cybercriminals

The UK has made headlines for turning the heat up on young hackers.

lizard stresser“Over the past few years, the NCA [National Crime Agency] has seen the people engaging in cybercrime becoming younger and younger,” Richard Jones explained. Jones is the current head of the Prevent team at the NCA’s Cyber Crime Unit.

Jones explained that a recent online attack tool known as Lizard Stresser was actually created by 7 people under the age of 18.

The NCA’s clamping down on teenage offenders come as part of the Cyber Choices campaign, which was in turn prompted by the fact that an NCA study revealed the average age of people involved in its investigations was only 17 years of age. The study also found that very few teenagers in the UK actually understood what constituted a cybercrime and what the legal consequences were.

Cybercrimes are common among young hackers who don’t actually want to steal anything or do any horribly catastrophic harm; often viruses are created solely to see how far they spread so that the hackers behind them can reap the bragging rights. Unfortunately, in this age of more serious hacking and cyberterrorism, many governments have no sense of humor for this new form of teenage pranking.

blackshades ratThe National Crime Agency’s Cyber Crime Unit was astounded after uncovering certain information during Operation Dermic in 2014. The operation was pitted against users of a remote-access Trojan (known as a Rat) called Blackshades. After an in-depth investigation of the origin of the Blackshades Trojan, a total of 17 arrests were made. During a follow-up, the National Crime Agency’s Cyber Crime Unit underwent over 80 “cease and desist” visits to people that they had found guilty of purchasing the Blackshades Trojan. Over 500 emails and letters were additionally sent out to people found responsible for purchasing the cybercrime kit that allows for the generation of the Blakshades remote-access Trojan. To the National Crime Agency’s Cyber Crime Unit’s surprise, a large portion of the people contacted due to buying or somehow being involved with the kit were under the age of 20 and still living at home with their parents. In fact, the youngest Blackshades buyer was just 12 years old.

The issue highlights the fact that programmers and hackers are becoming younger and younger, so ill-conceived cybercrimes are being enacted by younger and younger cybercriminals, often in a more experimental than malicious mindset. Early access to computers and the internet will yield an unprecedented generation of computer users, a generation that governments are struggling to educate in terms of the law and the consequences for breaking it. At the same time, laws regarding cybercrime are still forming and lawmakers are attempting to adapt to the constant need for new legislation in a world they weren’t trained to oversee.