FBI: Suspects Islamic State are using Smartphone Apps for Recruitment ‘

#AceNewsReport – USA:June.08: In all the to-do about federal collection of Americans’ phone data, a new surveillance worry is barely mentioned: smartphone apps that encrypt or destroy messages.

The FBI suspects Islamic State uses them to secretly recruit terrorists, and it wants authority to tap the apps. No way, say Apple and other providers, citing 1st Amendment rights.

It’ll be another fight in Congress.

@AceNewsServices

#apple-inc, #encryption, #federal-bureau-of-investigation, #james-b-comey, #united-states, #united-states-house-of-representatives

`Google Encrypts Gmail in Effort to Stop the Prying Eyes of the NSA – Maybe a Little To Late? ‘

#AceSecurityNews – Google is doing its best to put a lid on the NSA’s prying eyes by using enhanced encryption technology to make its flagship email service airtight.

Google Encypts Gmail“Your email is important to you, and making sure it stays safe and always available is important to us,” Gmail engineering security chief, Nicolas Lidzborski, said in a blog post.

“Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email.

“Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers — no matter if you’re using public WiFi or logging in from your computer, phone or tablet.”

The internet giant’s announcement is the latest attempt to bolster the company’s widely used email service and follows a similar step in 2010, when the company made HTTPS the default connection option.

At the time, however, users had the option to turn this protection feature off.

Starting from Friday, Gmail is HTTPS-only.

The move is a response to a disclosure made by National Security Agency (NSA) whistleblower, Edward Snowden, that the agency had been secretly tapping into the main communications links that connect Yahoo and Google data centres around the world.

 

Enhanced by Zemanta

#acesecuritynews, #edward-snowden, #barack-obama, #computer-surveillance, #encryption, #gmail, #google, #municipal-wireless-network, #national-security-agency, #nsa, #yahoo

#NSA “Trying to Develop a Computer that Could Ultimately Break Most Encryption Programs”

National Security Agency Seal

National Security Agency Seal (Photo credit: DonkeyHotey)

#AceSecurityNews says according to (Reuters) – The U.S. National Security Agency is trying to develop a computer that could ultimately break most encryption programs, whether they are used to protect other nations’ spying programs or consumers’ bank accounts, The Washington Post reported on Thursday.

The report, which the newspaper said was based on documents leaked by former #NSA contractor #Edward- Snowden, comes amid continuing controversy over the spy agency’s program to collect the phone records Internet communications of private citizens.

In its report on Thursday, The Washington Post said that the #NSA is trying to develop a so-called “quantum computer” that could be used to break encryption codes used to cloak sensitive information.

Such a computer, which would be able to perform several calculations at once instead of in a single stream, could take years to develop, the newspaper said. In addition to being able to break through the cloaks meant to protect private data, such a computer would have implications for such fields as medicine, the newspaper reported.

The research is part of a $79.7 million research program called “Penetrating Hard Targets,” the newspaper said. Other, non-governmental researchers are also trying to develop quantum computers, and it is not clear whether the #NSA program lags the private efforts or is ahead of them.

More soon ………………………………………………………………………………………………………………………………………………………..

 

Enhanced by Zemanta

#acesecuritynews, #edward-snowden, #encryption, #national-security-agency, #newspaper, #nsa, #quantum-computer, #reuters, #thursday, #washington-post

“NSA had Secret Contract with a Computer Security Company #RSA

#AceSecurityNews says according to SAN FRANCISCO (Reuters) – As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with #RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Documents leaked by former #NSA contractor #Edward-Snowden show that the #NSA created and promulgated a flawed formula for generating random numbers to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that #RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

Undisclosed until now was that #RSA received $10 million in a deal that set the #NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at #RSA had taken in during the entire previous year, securities filings show.

The earlier disclosures of #RSA’s entanglement with the #NSA already had shocked some in the close-knit world of computer security experts. The company had a long history of championing privacy and security, and it played a leading role in blocking a 1990’s effort by the #NSA to require a special chip to enable spying on a wide range of computer and communications products.

#RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness.

#RSA and EMC declined to answer questions for this story, but #RSA said in a statement: “#RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of #RSA products are our own.”

The NSA declined to comment.

The #RSA deal shows one way the #NSA carried out what#Snowden’s documents describe as a key strategy for enhancing surveillance: the systematic erosion of security tools. #NSA documents released in recent months called for using “commercial relationships” to advance that goal, but did not name any security companies as collaborators.

The NSA came under attack this week in a landmark report from a White House panel appointed to review U.S. surveillance policy. The panel noted that “encryption is an essential basis for trust on the Internet,” and called for a halt to any #NSA efforts to undermine it.

Most of the dozen current and former #RSA employees interviewed said that the company erred in agreeing to such a contract, and many cited RSA’s corporate evolution away from pure cryptography products as one of the reasons it occurred.

But several said that RSA also was misled by government officials, who portrayed the formula as a secure technological advance.

“They did not show their true hand,” one person briefed on the deal said of the #NSA, asserting that government officials did not let on that they knew how to break the encryption.

STORIED HISTORY

Started by MIT professors in the 1970’s and led for years by ex-Marine Jim Bidzos, RSA and its core algorithm were both named for the last initials of the three founders, who revolutionized cryptography. Little known to the public, RSA’s encryption tools have been licensed by most large technology companies, which in turn use them to protect computers used by hundreds of millions of people.

At the core of RSA’s products was a technology known as public key cryptography. Instead of using the same key for encoding and then decoding a message, there are two keys related to each other mathematically. The first, publicly available key is used to encode a message for someone, who then uses a second, private key to reveal it.

In some related signature schemes, the private...

In some related signature schemes, the private key is used to sign a message; anyone can check the signature using the public key. Validity depends on security of the private key. (Photo credit: Wikipedia)

From RSA’s earliest days, the U.S. intelligence establishment worried it would not be able to crack well-engineered public key cryptography. Martin Hellman, a former Stanford researcher who led the team that first invented the technique, said NSA experts tried to talk him and others into believing that the keys did not have to be as large as they planned.

The stakes rose when more technology companies adopted RSA’s methods and Internet use began to soar. The Clinton administration embraced the Clipper Chip, envisioned as a mandatory component in phones and computers to enable officials to overcome encryption with a warrant.

RSA led a fierce public campaign against the effort, distributing posters with a foundering sailing ship and the words “Sink Clipper!”

A key argument against the chip was that overseas buyers would shun U.S. technology products if they were ready-made for spying. Some companies say that is just what has happened in the wake of the Snowden disclosures.

The White House abandoned the Clipper Chip and instead relied on export controls to prevent the best cryptography from crossing U.S. borders. RSA once again rallied the industry, and it set up an Australian division that could ship what it wanted.

“We became the tip of the spear, so to speak, in this fight against government efforts,” Bidzos recalled in an oral history.

#RSA EVOLVES

RSA and others claimed victory when export restrictions relaxed.

But the NSA was determined to read what it wanted, and the quest gained urgency after the September 11, 2001 attacks.

Image representing VeriSign Authentication Ser...

Image via CrunchBase

#RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.

And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA’s revenue, less than 9% of the $310 million total.

“When I joined there were 10 people in the labs, and we were fighting the NSA,” said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. “It became a very different company later on.”

By the first half of 2006, #RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.

New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.

An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST’s blessing is required for many products sold to the government and often sets a broader de facto standard.

RSA September 29

RSA September 29 (Photo credit: BillT)

RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.

RSA’s contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

“The labs group had played a very intricate role at BSafe, and they were basically gone,” said labs veteran Michael Wenocur, who left in 1999.

Within a year, major questions were raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that the weaknesses in the formula “can only be described as a back door.”

After reports of the back door in September, RSA urged its customers to stop using the Dual Elliptic Curve number generator.

But unlike the Clipper Chip fight two decades ago, the company is saying little in public, and it declined to discuss how the NSA entanglements have affected its relationships with customers.

The White House, meanwhile, says it will consider this week’s panel recommendation that any efforts to subvert cryptography be abandoned.

Courtesy of the (Reporting by Joseph Menn; Editing by Jonathan Weber and Grant McCool)

 

#edward-snowden, #bsafe, #clipper-chip, #computer-security, #cryptography, #emc, #encryption, #martin-hellman, #national-security-agency, #new-york-times, #reuters, #verisign, #white-house