> The Serbian criminals shared photos of their victims on Sky without realizing police had installed a probe on the Sky ECC servers in France, which allowed authorities to intercept and read every user’s messages.
I'm surprised criminals keep picking these niche messaging services, which keep turning out not to use proper end to end encryption, rather than Signal.
I guess you didn't really read the article so I'll put it here :
> They intercepted one billion messages, but they couldn't read them at first because they were encrypted. It wasn’t until late 2020 that they managed to decrypt them.
The article is extremely vague on how they did this. The one big red flag though is that the protocol for the messenger in the article was a bespoke secret design by a single person who wasn't a cryptographer and not a well vetted public one.
I would love to see a technical analysis of the supposed end-to-end encryption methodology used here.
If you enjoy this story, read the book Dark Wire which focuses on the FBI’s infiltration of Anom, another encrypted message service. It also covers sky briefly. Fascinating story
Pretty ironic that they got caught after going out of their way to buy secure phones and use secure messaging services when an off-the-shelf iPhone and Whatsapp/Signal/Telegram would have made them 100% untraceable.
Probably Signal would have been a safe bet. Telegram doesn't do encryption by default (on group messages? Been a year or two since I've used it). And Facebook complies with law enforcement agencies, and I don't think it's unreasonable for them to have a feature flags to selectively and transparently disable encryption for some participants if need be.
What makes this different from a typical attack on encryption is that this company (probably) knowingly distributed to and worked with criminal enterprises.
But this article is written in a way that suggests that encryption is dangerous - an angle that the CBC has taken before - which makes sense considering that it is a government-owned news outlet in a Five Eyes member state.
> But this article is written in a way that suggests that encryption is dangerous - an angle that the CBC has taken before - which makes sense considering that it is a government-owned news outlet in a Five Eyes member state.
While neither of these points is completely incorrect, that is a heck of a connection to make without evidence.
That's doing a lot of heavy lifting. I'm sure they knew, personally, but since everything is encrypted, even for themselves, they have plausible deniability. If there is no solid proof of e.g. the company selling to someone they knew is a criminal, there's nothing to be done, legally speaking.
And even then, criminals can talk using e.g. commercially available phones and mobile networks; are those networks / manufacturers / anyone but the criminal responsible for what is talked about?
Yes the seller could reasonably assume their stuff was used by criminals, but so can Signal, Whatsapp, Messenger, anyone offering (encrypted) communication. It doesn't make them guilty themselves.
>>If there is no solid proof of e.g. the company selling to someone they knew is a criminal, there's nothing to be done, legally speaking.
If you look at the article it has examples found of the company employees explicitly saying they are meeting with criminals so to play it safe. It doesn't get any more "solid proof" than that.
>>are those networks / manufacturers / anyone but the criminal responsible for what is talked about?
No, but again - read the article. There are examples of their employees saying that a client of theirs was arrested so they proactively wiped their phone - that could be interpreted as knowingly destroying evidence. They did end up changing this policy to not wipe phones of people who have been arrested, precisely because of this concern.
>>Yes the seller could reasonably assume their stuff was used by criminals, but so can Signal, Whatsapp, Messenger, anyone offering (encrypted) communication
The difference is most likely in how it's advertised and sold. Whatsapp is a free app that anyone can use, Facebook can reasonably claim that they don't advertise to criminals or encourage illegal use because the app is free to anyone. The owners of this app made it paid and they actively pursued clients they knew were members of criminal rings. Whether that passes the threshold for holding the company liable - that's for courts to decide. But that's generally where I think the line is. Anyone can make and sell a knife, but start selling knives(knowingly) to gang members and you're going to be in trouble even though selling a knife isn't illegal in itself.
Even if true, this sure feels like a loophole though, like the Saul Goodman's burner phone side business, doesn't it? Should there perhaps be a stricter KYC requirement/similar measures to the same end when it comes to re-/selling technology explicitly designed for encrypted communication? Note that we are not just talking about an end-to-end encrypted messenger app, it's a whole integrated phone with an explicit special purpose. This feels more like a regulation oversight: the encrypted transmissions in AM/FM bands are outright prohibited in most Western jurisdictions after all, and so is possession of the respective equipment.
> which makes sense considering that it is a government-owned news outlet in a Five Eyes member state
re the mention of FVEY, I strongly suspect it's law enforcement rather than the spooks who have any issue with encryption there. I don't think FVEY SIGINT are having any issue reading the messages they want to read, it's the City of Spokane Police Department, FBI Tampa, and the Manitoba RCMP who are struggling, and would like Apple to give them decryption keys. SIGINT would love you to believe they can't read your messages because of encryption.
There are thousands of millions of people who are not criminals, who are not trying to be criminals.. yet somehow the literate audience is led by media such that a small, dedicated bunch of adults half-way around the world is proof positive that all encryption is "for me, not for thee"
> “Privacy is really, really important and we all have the right to our privacy,” said Catherine De Bolle, executive director of Europol, the law enforcement agency of the European Union. “But when we see now that encrypted communication is really an enabler for crime, then we have to do something.”
Can she hear herself when she talks? Apparently we don’t have a right to our privacy. Interpol intercepting every message going across a server just because some of the messages might be criminal is explicitly acting in a way that does not imply any right to privacy.
As soon as someone follows "we all have the right to privacy" with "but", a springboard should pop up from under their feet and launch them into space.
Unsurprising the first time I see a CBC article at the top of HN, it's a puff piece about how taking people's privacy is supposedly good for us. Real glad I paid for this article, but it's not like I'm not constantly paying for these clowns to produce slop that I find appalling. They recently spent $2 million to create a bunch of liberal propaganda podcasts that got a few hundred views per episode.
What makes you believe they don't / didn't already? That's the thing, if it's done right you'll never know until it's found out and decrypted like what is in this article.
Vast majority of criminals are actually stupid though. For every criminal using quantum guaranteed encryption there will be 10 just doing normal unencrypted calls over regular GSM - you use the same tactics against criminals that have been used forever, before IMs were even invented - you infiltrate these groups, arrest lower members, get them to incriminate the people higher up until you dismantle the entire structure. Yeah I know it sounds simple and in reality there are million other steps to do this - but it has been done in the past and is still being done now. That's what the police will do. They caught criminals before they could read their messages, they will catch them again when they can't read their messages.
If the marketing is to be believed we are months away from having AI assist someone with no dev, technology, devops background just asking for an app like this.
I mean, nobody really believes that, this is just what you have to say if you have a stake in an AI company. Or you don’t know what you’re talking about.
I'm surprised criminals keep picking these niche messaging services, which keep turning out not to use proper end to end encryption, rather than Signal.
reply