Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Crime Government Privacy

How the FBI Hacks Around Encryption 91

Advocatus Diaboli writes with this story at The Intercept about how little encryption slows down law enforcement despite claims to the contrary. To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that's just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it's called hacking.

Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.
This discussion has been archived. No new comments can be posted.

How the FBI Hacks Around Encryption

Comments Filter:
  • Well, but... (Score:2, Informative)

    by Anonymous Coward

    It does not give the FBI bulk surveillance capabilities unless they work with bulk tools, namely botnets and worms trying to infect everything they can get. And that looks pretty bad when discovered.

    So widespread use of end-to-end encryption would mean that the FBI would be mostly restricted to operating within the confines of the Constitution. We can't really have that.

  • by Cow Jones ( 615566 ) on Tuesday September 29, 2015 @04:59AM (#50618531)
    To allow "hacking" to circumvent encryption, the FBI must have (direct or indirect) access to a suspect's device.
    For that, they must first have a suspect. Encryption can still prevent becoming a suspect in the first place.
    • by Yetihehe ( 971185 ) on Tuesday September 29, 2015 @05:21AM (#50618579)

      For NSA, if you use encryption, you ARE a suspect.

    • by PolygamousRanchKid ( 1290638 ) on Tuesday September 29, 2015 @05:30AM (#50618595)

      For that, they must first have a suspect.

      . . . So the FBI just declares everyone in the US to be suspects . . . so they can spy on everyone . . . that's more or less how it works these days.

      • In my opinion the idea behind encryption is to provide us with the privacy that is needed in an environment that is open as the internet of today.
        In order for expediency, would it not be easier to repeal the Fourth Amendment and get rid of the right which our ancestors fought for to protect us from warrant-less search and seizure. Shall we re-institute the "writ of assistance" and allow the controlling party to do anything they want just to see if they can find a violation of a law?
        FBI, NSA, CIA, etc...
      • You'll just become unindicted co-conspirator #3

      • To be a suspect you must have links to terrorism, or links to people who have links to terrorism, or links to people who have links to people who have links to terrorism....

        This will eventuall include everyone but a small number of isolationist Amish ....

    • To allow "hacking" to circumvent encryption, the FBI must have (direct or indirect) access to a suspect's device. For that, they must first have a suspect. Encryption can still prevent becoming a suspect in the first place.

      According to them, encryption would still prevent people becoming suspects anyway, as I understand it. I believe they claim that they'd only ever use the back door* to access encrypted data of people who are already suspects, not to conduct fishing expeditions.

      *Erm, I mean the "front doo

    • Brings a whole new definition for "Eve Online" :D
    • by Anonymous Coward

      The metaphor the FBI uses to describe encryption is a locked door. There should be no reason to open the locked door unless someone is already a suspect. I'd say it's generally a good thing if encryption prevents people from becoming suspects. In detective work, often when someone is suspected of a crime, the police look for evidence to support their hypothesis while disregarding evidence to the contrary. It's not necessarily malicious, but rather how the human mind works. While this may prevent a few guilt

    • by AmiMoJo ( 196126 )

      I guess it depends how indiscriminate their malware and delivery systems are. Brute forcing a WPA key is one thing, but we know from the leaked NSA catalogues that at least some government agencies use malware too.

    • Except that using encryption at all makes you a suspect automatically.

    • > To allow "hacking" to circumvent encryption, the FBI must have (direct or indirect) access to a suspect's device.
      For that, they must first have a suspect. Encryption can still prevent becoming a suspect in the first place.

      Not at all. Hacking can include unauthorized access to online records, to email, to phone records or audio recording on devices of people who've been in contact or may hold records of the targtet, etc. Search warrants and subpoenas are theoretically to balance the privacy of individua

      • I find it hard that anything but a corner case would require hacking to get to records held by third parties. I have decades of working in the hosting and ISP industries, requests for data come in daily get reviewed by council and generally processed, we get paid rather well to do the work. Hacking should require that you have a good reason to think that the third party is actually in collusion with the suspect. If they have a clue about security we dont have much to give them just encrypted data and lo

        • > I find it hard that anything but a corner case would require hacking to get to records held by third parties.

          Then I urge you to look at the history of the "PRISM" program, I'd count that as wholesale cracking, precisely to avoid the need for telling anyone what they elect to monitor or to compelled to justify subpoenas. The NSA has traditionally, I'm sorry to say, engaged in wholesale monitoring of both domestic and international communications.

          • It's exactly the opposite PRISM used fisa warrants, NSL etc to badger companies into sending them the requested data. This was not tapping is or hacking rather having data requested sent to them via various means. The slides Snoden released were pretty clear PRISM was with the aid of companies FAIRVIEW and BLARNEY seem to be tapping cables accessing intermediary routers etc. As an ISP there are pretty well defined methods for that sort of thing to give them real time access to traffic.

            • > It's exactly the opposite PRISM used fisa warrants,

              Except, I'm afraid, when they didn't bother with warrants or simply ignore the limitations of warrants or subpoenasTake a look at the rebuke by exactly the kind of judge who issues such warrents, at http://www.nytimes.com/2013/08... [nytimes.com].

              The ongoing decryption efforts are tied to prism, and constitute hacking or "cracking" of the most basic nature. Examples include: the doucumented spying on embassies of allies, to quote from The Guardian.

              • Read the paper, PRISM has nothing to do with the data they gathered via intercepts that is a different program. From the article 90% of the data was coming from PRISM that is data they got via fisa warrants, they were overly broad and the NSA pushed for a broader scope than what they told the courts.

                Of course the NSA spies on other nation states and foreign nationals that is their job as the primary spy agency for the US. But they dont need to bother with the clandestine bits when they get a rubber stampe

    • by AHuxley ( 892839 )
      re "Encryption can still prevent becoming a suspect in the first place."
      The US has a way of 'updating' your standard cells telco network day to day function over the network.
      "Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?" (2015-09-29)
      https://theintercept.com/2015/... [theintercept.com]
      "...the report concluded that someone had loaded unauthorized “corrections,” i.e. malware implants" ... " secretly activate the lawful intercept’s tapping function while at the same time hiding the
  • by 140Mandak262Jamuna ( 970587 ) on Tuesday September 29, 2015 @06:08AM (#50618687) Journal
    ... so can everybody. Chinese, Russians, Bulgarians, Ukranians, Germans....
    • by AHuxley ( 892839 )
      Thats why weak junk encryption per US backed standard networks/software over decades is so problematic.
      If the mil has keys, so do federal taskforces, all nations staff that worked with the US, ex staff, former staff... nations, groups that can gain insights into the methods.
      eg SISMI-Telecom scandal, Italy 2006
      https://en.wikipedia.org/wiki/... [wikipedia.org]
    • ...and?

      It's amazing the Nigerians even have to trick you to give them your bank account number. I suppose it's nice the Russian mob shows restraint and doesn't just rip EVERYONE off.

  • Of course the FBI isn't happy about people going dark.

    It's easier without having to deal with the encryption.

    More and more endpoints are also getting full disk encryption.

    Thinking long term, the FBI doesn't want to be in an arms race with the software developers of browsers, operating systems and the like.

    Will they still be able to hack to software running on the endpoints ?

    Maybe someday they won't find a way around it. Even though they have a court order they might not be able to do what they are asked to

  • The point is not whether that can decrypt a selected target, rather it is that encryption causes a problem with surveillance from both a practical and legal standpoint. First by encrypting your communications, you clearly establish an assumption of privacy, which isn't as obvious with clear text (IANAL, but I assume that creates a hurdle in the courtroom). Second, applications that take in massive data of warrentlessly available data streams don't have the facilities to hack each one and still provide timel
  • I'm curious if off the shelf protection programs detect the FBI malware, or they've been compromised at the money layer.

  • The criminal mind-set is obviously strong with the FBI. No surprise there.

  • Elections are coming up. Is it an issue worth bringing up? Since it's given that neither democrats or republicans are going to reign them in, what's the plan? There are other choices. Or is everybody just going to treat it like the weather and complain because they can't work an umbrella?

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...