Tag: Encryption

They Want to Give Your Encryption Keys to the Golden State Killer

No Comments
Joseph James DeAngelo is accused of the being the Golden State Killer (there are now reports that he is negotiating a plea deal).

One of the reasons that he evaded capture so long was that he was a police officer when some of the crimes were being committed.

As such, he had access to inside information about both the investigation and police techniques.

Congress is proposing the EARN act, which would require that internet providers provide an encryption back door to law enforcement, which would mean that the next serial killer with law enforcement connections would be able to access your most private communications, and your bank records.

If you don’t think that this would happen, know that a few years back, NSA employees were using the agency’s surveillance capabilities to spy on girlfriends, spouses, and exes:

A bipartisan pair of US senators today introduced long-rumored legislation known as the EARN IT Act. Meant to combat child sexual exploitation online, the bill threatens to erode established protections against holding tech companies responsible for what people do and say on their platforms. It also poses the most serious threat in years to strong end-to-end encryption.

As the final text of the bill circulated, the Department of Justice held a press conference about its own effort to curb online child predation: a set of 11 “voluntary principles” that a growing number of tech companies—including Facebook, Google, Microsoft, Roblox, Snap, and Twitter—have pledged to follow. Though the principles the companies are pledging to adopt don’t specifically impact encryption themselves, the event had an explicit anti-encryption message. The cumulative effect of this morning’s announcements could define the geography of the next crypto wars.

………

EARN IT focuses specifically on Section 230, which has historically given tech companies freedom to expand with minimal liability for how people use their platforms. Under EARN IT, those companies wouldn’t automatically have a liability exemption for activity and content related to child sexual exploitation. Instead, companies would have to “earn” the protection by showing that they are following recommendations for combatting child sexual exploitation laid out by a 16-person commission.

………

Though it seems wholly focused on reducing child exploitation, the EARN IT Act has definite implications for encryption. If it became law, companies might not be able to earn their liability exemption while offering end-to-end encrypted services. This would put them in the position of either having to accept liability, undermine the protection of end-to-end encryption by adding a backdoor for law enforcement access, or avoid end-to-end encryption altogether.

If you give this power to law enforcement, it will be abused, if not by a serial killer, then by domestic abusers stalking exes, or bad cops determined to evade the Constitution.

This is a VERY bad law.

Gerald Cotten is Sharing a Condo with Elvis and Andy Kauffman

No Comments
If you don’t know who Gerald Cotten is, then you are note a former customer of the Quadriga bitcoin repository.

The official story is that he died in India on December 9, and no one can access the BitCoin stored on the service because only he had the passwords to the service.

Weird, but here is where it gets weirder: Like many BitCoin wallets out there, but much of the deposits is kept offline in something called a “Cold Wallet”, the theory being that if it is offline, no one can hack into it.

The thing is that this means that you have to regularly transfer from a cold to a hot wallet when your customers need it.

A meat-space analogy would be the difference between the teller’s tray and the bank vault.

It appears that the money was never moved, which strongly implies that something hinky was going on with the accounts.

The only two logical conclusions to be reached are either that Mr. Cotton is on the lamb spending his ill-gotten gains, or with exposure of his fraud imminent, he took his own life.

Presented for your consideration:

When Quadriga Fintech Solutions Corp. founder Gerald Cotten died, account holders feared the encrypted access keys needed to recover C$190 million ($143 million) of cryptocurrencies held by the exchange in offline storage could be lost forever.

It looks now like the storage Quadriga is known to have used — dubbed cold wallets — has been empty since April.

………

Ernst & Young identified six cold wallet addresses used by Quadriga to store Bitcoin in the past. Five of those wallets haven’t had any balances since April 2018, and a sixth “appears to have been used to receive Bitcoin from another cryptocurrency exchange account and subsequently transfer Bitcoin to the Quadriga hot wallet” on Dec. 3. The only activity since was an inadvertent transfer of Bitcoin into that sixth wallet last month, which was disclosed earlier.

Crypto investors and exchanges often keep their holdings in cold wallets — typically, physical devices disconnected from the web that can be plugged into a computer when needed since internet-connected hot wallets can be vulnerable to hackers.

A preliminary review of transactions of the six wallets using public blockchain records showed that from April 2014 to approximately April 2018, aggregate Bitcoin month end balances in the identified cold wallets ranged from zero to a peak of 2,776 Bitcoin. The average aggregate month end balance over the four-year period was approximately 124 Bitcoin. Some Bitcoin in the wallets appear to have been transferred to accounts at other crypto exchanges.

………

Another 14 user accounts created outside the normal process were also identified, with deposits artificially created and used for trading. The monitor has reached out to 14 exchanges and received responses so far from four. It didn’t name the exchanges.

It sounds to me like Cotten used BitCoin to play the horses, or, even more disastrously, play the BitCoin markets.

About F%$#ing Time

No Comments

For three years, International Standards Organization has been wrangling over which cryptographic algorithms will be incorporated into a standard for interoperability in “Internet of Things” gadgets; at issue has been the NSA’s insistence that “Simon” and “Speck” would be the standard block cipher algorithms in these devices.

The NSA has a history of sabotaging cryptographic standards; most famously, documents provided by Edward Snowden showed that the NSA had sabotaged NIST security standards, but the story goes farther back than that: I have been told by numerous wireless networking exercises that the weaknesses in the now-obsolete Wireless Encryption Protocol (WEP) were deliberately introduced by NSA meddling. And of course, the NSA once classified working cryptography as a munition and denied civilians access to it, until EFF got a court to declare code to be a form of protected speech under the First Amendment.

Now, the NSA has been defeated at ISO, with its chosen ciphers firmly rejected by the committee members, who were pretty frank about their reason for rejecting Simon and Speck: they don’t trust the NSA.

Good.  I don’t trust the NSA either, and I do not want them in my home appliances.