Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Encryption

Federal Investigators Say They Used Encrypted Signal Messages To Charge Far-Right Militia Group Leader (cnbc.com) 294

JoeyRox shares a report from CNBC: Federal investigators claimed to access encrypted Signal messages used to help charge the leader of the Oath Keepers, an extremist far-right militia group, and other defendants in a seditious plot on Jan. 6, 2021. It's not clear how investigators gained access to the messages. One possibility is that another recipient with access to the messages handed them over to investigators. The complaint references group messages run on the app, so it's possible another participant in those chats cooperated.
This discussion has been archived. No new comments can be posted.

Federal Investigators Say They Used Encrypted Signal Messages To Charge Far-Right Militia Group Leader

Comments Filter:
  • by Anonymous Coward on Friday January 14, 2022 @08:08AM (#62172133)

    Check out ~/.config/Signal/config.json. The key in there, that's the clear text key to the sqlcipher database that holds all user content... Always felt like signal was explicitly designed for forensic analysis.

    • Well, it has to be somewhere. Unless you want to enter a password/pin every time you open the Signal program, it will be in plaintext.
      Full device encryption is what you want.
      I suppose there could be a kind of automagic per-program config encryption scheme (with overlay mounts), but based on what secret?

      • by fuzzyfuzzyfungus ( 1223518 ) on Friday January 14, 2022 @08:57AM (#62172215) Journal
        Depending on platform support you could probably do something with keys that are stored in the TPM/Secure Enclave/any conceptual equivalent; with the OS only unsealing the encrypted blob on demand, only after authentication; and only for a specific process. That would scuttle attacks based on just extracting the filesystem(unless there is some vulnerability that allows you to act as the signal process to send an unsealing request; or one that allows you to violate the OS' protection of processes from one another and hijack the signal process); but that would be a lot of extra complexity for something that (now more or less ubiquitous) full device encryption would also solve.

        Especially if you have the device because its owner has agreed to cooperate in exchange for a plea deal or something, and can have them unlock it for you, there really isn't any technical measure you could expect to save you: even if some very clever and/or byzantine obfuscation mechanism forced you to use the signal UI rather than a more efficient forensic tool; for a case of any nontrivial value having the intern painstakingly scroll and screenshot their way through the entire chat history is a perfectly viable option.
        • iOS and Android both have this. My password manager uses this to decrypt the password vault.

        • Building upon the TPM/whatever idea:
          The program could receive a directory, or multiple (not a path, but an FD) with which it can work (for config, logs etc...) .This directory is unlocked by the OS based on a combination of deviceSecret + appSignature + optional_secret (biometrcis/password/token...).
          The linux kernel IMO provides enough features for this (namespaces mainly come to mind), but the setup needs to be meticulous.

          This presents many usability challenges, the major being a per-app password. And the

      • by gweihir ( 88907 ) on Friday January 14, 2022 @09:07AM (#62172257)

        That is a fundamental problem.

        1. Password: You can either ask it each time, or you can keep things open for a while. That can go badly wrong though, depending on attacker model.
        2. Biometrics: Only work if the attacker cannot access them. The attackers in the case at hand likely can.
        3. External token: Pretty nice, but expensive, lot of effort and needs 1. or 2. itself for reasonable security.

        In the end, you can only do risk-management and select something that works for you. Signal wants to have users, so they cannot go very high with the security level.

    • by Gravis Zero ( 934156 ) on Friday January 14, 2022 @09:38AM (#62172365)

      Signal is designed to keep your messages safe in transit which it does quite well. Device-side security was never the point. It does it's job well, you simply have expected something it was not designed for, similar to the banks that sent emails claiming a HTTPS connection symbol meant the website was legitimate.

      • > Signal is designed to keep your messages safe in transit which it does quite well.

        Its actually quite horrible at that. There is no way to view, double check, or directly share public keys. They are always delivered OTA and always with 100% trust and authority given the the centralized phone carriers. They even automatically accept key rollovers.

        That means you have zero secure way to send encrypted messages using signal. For government or law enforcement, the messages are always clear text whenever they

      • by AmiMoJo ( 196126 )

        This is why it's bad that we only have one Signal client - we can't choose one that has some local protection as well.

        Most phones have a secure enclave, many computers have a TPM. We should be using those things to enhance our security.

    • Of course the whole drive is encrypted, so you'd have to give up something to the feds for them to crack it... in theory anyway.

  • The FBI was running one of their entrapment operations and were inside the group driving things so the fact that the channel was encrypted didn't matter.
    • by JRZO ( 6971596 )

      The FBI was running one of their entrapment operations and were inside the group driving things so the fact that the channel was encrypted didn't matter.

      Good old fashioned police work is always appreciated.

      • It certainly worked in the Bundy Nat park incident. Oh wait, those charges were all dropped for those who didn't plea out except for trespassing because the fibbies not only refused to indicate how many LEOs were among the group but what their actions in the group had been. Meanwhile, if you actually read the charging documents the part of the 'sedition' law they are charged with is the delaying of the execution of a law. Not actual sedition. Which means this is entirely theater as such a charge has never a

        • Meanwhile, if you actually read the charging documents the part of the 'sedition' law they are charged with is the delaying of the execution of a law. Not actual sedition.

          That attempt to delay the execution of a law was part of a plan to change the outcome of a free and fair election, which is why it was a coup attempt. Intent matters. What's your intent in posting this BS?

          • by Moryath ( 553296 )

            He's one of the same KKK terrorist shitbags who thinks any time one of their cross burning shithead groups gets observed committing crimes it's "entrapment."

            Probably thinks that Ron Stallworth [ron-stallworth.com] was engaged in "entrapment" too.. it's just a pity David Duke and the rest of these treasonous terrorist KKK shits weren't rounded up and disposed of long ago, and were allowed to create a next generation in the lives of treasonous shitbags like Rhodes, Trump and the rest of the modern Repugnant Klan Party.

            Remembe

          • by Phact ( 4649149 )

            Don't call it a free and fair election: trump got caught cheating multiple times! ...and still lost!

            • Re:Simple (Score:5, Informative)

              by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Friday January 14, 2022 @10:05AM (#62172465) Homepage Journal

              Don't call it a free and fair election: trump got caught cheating multiple times! ...and still lost!

              sssh that was a trap. When they start ranting about how the election was stolen, then you start pasting links about how the majority of fraud was a) engaged in by republicans and b) discovered during republican-sponsored audits. Even the republicans know that the republicans tried to steal the election. Well, the officials do. The followers know fuck-all.

    • by gweihir ( 88907 )

      The FBI was running one of their entrapment operations and were inside the group driving things so the fact that the channel was encrypted didn't matter.

      Pretty likely. Also has the advantage that it can be explained to a jury and that you do not risk losing expensive toys.

    • by Moryath ( 553296 )

      "Entrapment"? Do tell. Observing and recording the acts of terrorist KKK republican treason trash so they can be prosecuted for their crimes isn't "entrapment", it's proper investigatory work.

      • Yes entrapment, I have been wondering if many of the war on terror arrests in the US were legit. For example, did the individuals have the capacity to build a bomb and timer had the FBI and DOJ not provided it as part of their involvement. I just feel some of the FBI's and DOJ war on terror arrests look really flaky. If individuals really have no way to execute any plan without the FBI was there really a threat in the first place. Or just dumb people being dumb.
        • by Moryath ( 553296 )
          Ahh, you're part of the KKK's "tinfoil hat apologism" division. We have video evidence of these fucking KKK terrorists from your group committing their crimes, so kindly go shove your burning cross up your treasonous, lying ass. Fucking neonazi KKK shithead.
        • Intent matters. If you think there isn't already a black market for those shorts of things, I guess you can keep pretending.

    • The top officials in the FBI and DOJ were appointed by Trump. So your theory is Trump's appointees decided to stage this insurrection so he would what, lose the election that was held 3 months prior ?

      What was the motive for Trump's appointees to 'fake' the events on Jan 6. How and why did they convince Trump and his closest allies to do everything they could to make it look like a predictable consequence of his rally ?

      Is it just that Trump is the dumbest president ever or are you possibly grasping at str

  • ...or was in any way responsible for what transpired in this despicable chain of events should be ashamed of themselves. Their actions were an affront to civilised society & to democracy itself.
  • Keeping Secrets (Score:5, Insightful)

    by necro81 ( 917438 ) on Friday January 14, 2022 @10:45AM (#62172685) Journal
    Remember, the ability of N people to keep a secret tends to go like 1/N^2. The more people involved, the more likely it is to be blown. Corrolary: the more people involved, the sooner it is likely to be revealed.

    This is why, despite the red-pill pushers out there, I tend to accept that the world is not, in fact, full of conspiracies. I take comfort in the simple fact that people - especially groups of people - are terrible at keeping secrets. Take the 2020 presidential election, for example. The number of people that would need to be involved to pull off a "steal", across many electoral precincts and levels of administration, is so vast that it could not possibly be kept a secret for long.

    Maybe I am deluded, the Matrix has me, and there really are puppet masters controlling everything behind the scenes. They must be superhuman to cover their tracks so well. There's plenty of nefarious stuff happening in broad daylight without needing to fill my time chasing ghosts.
  • The complaint references group messages run on the app, so it's possible another participant in those chats cooperated.

    1. You don't talk about Sedition Club.
    ...

Some people claim that the UNIX learning curve is steep, but at least you only have to climb it once.

Working...