Jump to content

Wikileaks CIA Files – What this means for Internet security and encryp


securitybreach

Recommended Posts

securitybreach

PLEASE leave politics out of this post as it goes well beyond any currently elected officials....

 

Wikileaks CIA Files – What this means for Internet security and encryption

Posted on March 8, 2017 by Andy Yen

 

wikileaks_cia.jpg

 

Earlier today, Wikileaks dumped a large database of secret documents from the CIA in a released dubbed #Vault7. Here we do a deeper analysis of the leak and the broader implications on online security and encrypted services.

 

Our in-depth analysis of the leaked CIA files is found at the bottom of this post. First, we will discuss the main question on everybody’s mind – how are encrypted services like ProtonMail impacted, and what insights did we gain into the strategies of state-backed attackers.

 

No, Encryption Is Not Dead

 

Immediately after the news broke, stories began circulating, along the lines of “Signal/Whatsapp encryption broken!”, fueled in part by Tweets put out by Wikileaks. This was followed predictably by online chatter speculating into whether or not ProtonMail had been cracked.

 

Wikileaks - CIA bypasses Signal, Telegram, Whatsapp

 

gZ66i7H.png

 

We can state unequivocally that there is nothing in the leaked CIA files which indicates any sort of crack of ProtonMail’s encryption. And despite claims to the contrary, there is also no evidence that Signal/Whatsapp end-to-end encryption has been breached. Here’s what we do know:

 

Over the past three years, the CIA has put together a formidable arsenal of cyberweapons specially designed to gain surveillance capabilities over end-user devices such as mobile phones and laptop/desktop computers. These advanced malwares enable the CIA to record actions such as keystrokes on a mobile device, allowing them to conduct surveillance without breaking encryption. Through this technique, US intelligence agencies can gain access to data before they have been encrypted. This is in fact the only way to achieve data access, because cracking the cryptography used in advanced secure communication services such as ProtonMail and Signal is still impractical with current technology.

 

In other words, the core cryptographic algorithms and techniques used by ProtonMail and other encrypted services remain secure. The exploitation of user endpoints (mobile phones, personal computers, etc) is actually not a new technique, but one that has existed since the first malware was created. This unfortunately is not something that cryptography is designed to defend against, as encryption by itself cannot guarantee the security of end-user devices. What the CIA files dumped by Wikileaks do reveal however, is a significant shift in strategy since the last disclosure of this kind was made by Edward Snowden in 2013.

 

 

State-backed Cyberattack Strategy is Changing

 

ProtonMail is tool that is used by millions of people around the world to ensure email communications security. In addition to ordinary people and businesses, ProtonMail is also used by journalists, activists, and dissidents, who often require protection from government surveillance for their personal safety. Because of these factors, we make it our business to carefully study and understand state adversaries in order to better protect our userbase.

 

The Wikileaks CIA files is therefore, a comprehensive update into state cyberwarfare strategies since Snowden gave us the first edition. In fact, the trends that the files reveal are arguably global, since it is highly probable that other major players in this space (Russia, China, UK, Israel, etc) will have independently reached the same conclusions regarding overall strategy.

 

Some of the most interesting revelations from the Snowden leaks was the extent in which the NSA actively sought out information from the US tech giants, either with consent, or even without consent. This made a lot of sense, because the biggest global databases of sensitive personal data do not belong to the NSA, but actually to companies like Google and Facebook, who have already shown ample willingness to exploit such data for profit, sometimes via unscrupulous means.

 

Since 2013 however, the world has changed. Consumer and business awareness of online privacy and security is at an all time high, and more and more people around the world are increasingly choosing more secure services which respect privacy. Today, end-to-end encryption has gone mainstream, and services such as ProtonMail and Whatsapp boast millions of regular people as users. The use of end-to-end encryption means services such as ProtonMail are not actually able to decrypt user data. Even if we wanted to compromise user data, we do not have the technical means to decrypt the user emails. Furthermore, even if an attacker breached ProtonMail servers, all the emails stored on our servers are encrypted, so an attacker also would not be able to read user emails.

 

It’s clear from the leaked CIA documents that as the world has changed, stated-backed cyberattackers have also evolved. As we describe below, the varied leaked files are tied together by a common thread – an almost singular focus on producing malware to attack end-user devices. This is a logical response to the rise of end-to-end encrypted services such as ProtonMail. Services such as ProtonMail have significantly raised the barrier for obtaining data directly from the service provider, and many services are now based outside of the United States, beyond the reach of legal coercion. As such, it has now become easier, and more productive to directly hack individual users.

 

This opens up a terrifying new narrative where government spies are actively deploying viruses and trojans against their own citizens, joining the ranks of common cybercriminals. While this is by no means good news for privacy rights worldwide, it is in some ways, a win for privacy tech, because governments are having to shift away from mass surveillance and towards more targeted surveillance. In short, services such as ProtonMail are doing exactly what they were designed to do, which is raising barriers to large scale mass surveillance.

Our initial analysis into the Wikileaks CIA documents can be found below. Questions can be directed to media@protonmail.ch. If you would like to start benefiting from secure email, you can get a free ProtonMail account here.

 

Best Regards,

The ProtonMail Team .................

 

https://protonmail.c...aks-encryption/

  • Like 4
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...