{"id":863,"date":"2016-04-01T07:11:37","date_gmt":"2016-04-01T07:11:37","guid":{"rendered":"http:\/\/www.dogoodsoft.com\/blog\/?p=863"},"modified":"2024-12-23T07:41:52","modified_gmt":"2024-12-23T07:41:52","slug":"forget-iphone-encryption-the-fbi-cant-legally-touch-the-software-isis-uses","status":"publish","type":"post","link":"https:\/\/www.dogoodsoft.com\/blog\/forget-iphone-encryption-the-fbi-cant-legally-touch-the-software-isis-uses-863\/","title":{"rendered":"Forget iPhone encryption, the FBI can\u2019t legally touch the software ISIS uses"},"content":{"rendered":"

\"Forget<\/a><\/p>\n

The FBI insists that encrypted products like the iPhone and encrypted online services will put people in harm\u2019s way, especially in light of the ISIS-connected San Bernardino shooting late last year. That\u2019s why the Bureau has been arguing for encryption backdoors that would be available to law enforcement agencies, and why it looked to coerce Apple to add a backdoor to iOS.<\/p>\n

However, extensive reports that show the preparations ISIS made before hitting Paris and Brussels revealed the kind of encrypted products ISIS radicals used to stay in touch with central command. Unsurprisingly, these products are out of the FBI\u2019s jurisdiction, and one in particular was one of the safest encrypted communication products you can find online. In fact,its original developers are suspected to have ties to the criminal underworld.<\/p>\n

Telling the inside story of the Paris and Brussels attacks, CNN explains that ISIS cell members used a chat program called Telegram to talk to one another in the moments ahead of\u00a0the attacks. Using data obtained from official investigations,CNN<\/em> learned that just hours before the Bataclan theater was hit, one of the attackers had downloaded Telegram on a Samsung smartphone.<\/p>\n

Police never recovered communications from the messaging app. Not only is Telegram encrypted end-to-end, but it also has a self destruct setting.<\/p>\n

\"Forget<\/p>\n

Conceived by Russian developers, the app is out of the FBI\u2019s jurisdiction. But Telegram is the least problematic encrypted service for intelligence agencies looking to collect data and connect suspects. CNN also mentions a far more powerful app, one that hasn\u2019t yet been cracked by law enforcement.<\/p>\n

TrueCrypt is the app in question. One of the ISIS radicals who was captured by French police in the months leading to the mid-November Paris attacks revealed details about this program.<\/p>\n

TrueCrypt resides on a thumb drive and is used to encrypt messages. French citizen and IT expert Reda Hame was instructed to upload the encrypted message to a Turkish file-sharing site. \u201cAn English-speaking expert on clandestine communications I met over there had the same password,\u201d Hame told interrogators. \u201cIt operated like a dead letter drop.\u201d<\/p>\n

\"Forget<\/p>\n

According to The New York Times, Hame was told not to send the message via email, so as to not generate any metadata that would help intelligence agencies connect him to other terrorists.<\/p>\n

The ISIS technician also instructed Hame to transfer TrueCrypt from the USB key to a second unit once he reached Europe. \u201cHe told me to copy what was on the key and then throw it away,\u201d Hame explained. \u201cThat\u2019s what I did when I reached Prague.\u201d<\/p>\n

Hame made a long journey home from Turkey, making it look like he was a tourist visiting various cities in Europe. Whenever he reached a new place, he was to call a special number belonging to one of the masterminds behind the attacks, and he used a local SIM card to mark his location.<\/p>\n

\"Forget<\/p>\n

The Times also mentions a secondary program that was installed on flash drives. Called CCleaner, the program can be used to erase a user\u2019s online history on any computer.<\/p>\n

If that\u2019s not enough to show the level of sophistication of these bloody ISIS attacks on Europe and other targets, a story from The New Yorker sheds more light on TrueCrypt, a program whose creators can\u2019t be forced to assist the FBI.<\/p>\n

According to the publication, TrueCrypt was launched in 2004 to replace a program called Encryption for the Masses (E4M) developed long before the iPhone existed. Interestingly, the programmer who made it is Paul Le Roux, who also happens to be a dangerous crime lord, having built a global drug, arms and money-laundering cartel out of a base in the Philippines.<\/p>\n

E4M is open-source, and so is TrueCrypt, meaning that their creators aren\u2019t companies motivated by a financial interest to keep their security intact.<\/p>\n

\u201cTrueCrypt was written by anonymous folks; it could have been Paul Le Roux writing under an assumed name, or it could have been someone completely different,\u201d Johns Hopkins Information Security Institute computer-science professor Matthew Green told The New Yorker.<\/p>\n

The developers stopped updating it in 2014 for fear that Le Roux\u2019s decision to cooperate with the DEA might cripple its security. Le Roux was arrested in Liberia on drug-trafficking charges in September 2012. But Green concluded in 2015 that TrueCrypt is still backdoor-free, which explains why ISIS agents still use it.<\/p>\n","protected":false},"excerpt":{"rendered":"

The FBI insists that encrypted products like the iPhone and encrypted online services will put people in harm\u2019s way, especially in light of the ISIS-connected San Bernardino shooting late last year. That\u2019s why the Bureau has been arguing for encryption backdoors that would be available to law enforcement agencies, and why it looked to coerce … Continue reading Forget iPhone encryption, the FBI can\u2019t legally touch the software ISIS uses<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[52,88,175,341],"class_list":["post-863","post","type-post","status-publish","format-standard","hentry","category-software-updates","tag-encryption","tag-fbi","tag-iphone","tag-isis"],"_links":{"self":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/863","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/comments?post=863"}],"version-history":[{"count":1,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/863\/revisions"}],"predecessor-version":[{"id":868,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/863\/revisions\/868"}],"wp:attachment":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/media?parent=863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/categories?post=863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/tags?post=863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}