{"id":1081,"date":"2024-12-04T23:46:23","date_gmt":"2024-12-04T23:46:23","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1081"},"modified":"2024-12-04T23:46:23","modified_gmt":"2024-12-04T23:46:23","slug":"european-law-enforcement-breaks-high-end-encryption-app-used-by-suspects","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1081","title":{"rendered":"European law enforcement breaks high-end encryption app used by suspects"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

A group of European law enforcement agencies were able to crack a high-level encryption app that a group of suspects created to avoid law enforcement monitoring, according to a statement issued Tuesday by Europol.\u00a0<\/p>\n

Europol, understandably, did not provide any specifics about how they broke the app, but encryption experts said that the most likely method involved cracking the app as opposed to the encryption algorithm itself. Still, for enterprise CISOs who are already nervous about trusting highly sensitive communications to encrypted apps, this incident will likely further deepen those suspicions.<\/p>\n

\u201cA joint investigation team (JIT) involving French and Dutch authorities has taken down another sophisticated encrypted messaging service, MATRIX. For three months, authorities were able to monitor the messages from possible criminals, which will now be used to support other investigations,\u201d the Europol statement <\/a>said. \u201cDuring a coordinated operation supported by Eurojust and Europol, the messaging service was taken down by Dutch and French authorities and follow-up actions were executed by their Italian, Lithuanian, and Spanish counterparts.\u201d<\/p>\n

The suspects named the app MATRIX, but that is not related to any companies or products using that name. Europol said thieves charged other thieves between \u20ac1,300 and \u20ac1,600 (roughly between $1,369 and $1,685) for a 6-month subscription. \u201cAt least 8,000 accounts\u201d were sold globally, and were used on more than 40 servers across Europe, Europol said.\u00a0<\/p>\n

\u201cMore than 2.3 million messages in 33 languages were intercepted and deciphered during the investigation,\u201d Europol said. \u201cThe messages that were intercepted are linked to serious crimes such as international drug trafficking, arms trafficking, and money laundering.\u201d<\/p>\n

Unlikely encryption itself was broken<\/h2>\n

Dean Coclin, a senior director and digital trust specialist at Digicert, stressed that he doubts law enforcement cracked the encryption itself, mostly because they didn\u2019t need to.\u00a0<\/p>\n

\u201cIt\u2019s highly unlikely that they broke the encryption, meaning the mathematical part. What is more likely, as we have seen in the past, is there was a weakness in the implementation that was uncovered and subverted,\u201d Coclin said. \u201cIt sounds like this system was quickly put together by the bad guys.\u201d<\/p>\n

That may be the only silver lining for enterprise CISOs, he said, because \u201centerprise encryption products tend to be more secure due to the use of published encryption algorithms that have been extensively vetted and having been developed by reputable companies.\u201d<\/p>\n

While encryption has been broken in the past, the threat potentially posed by quantum computing<\/a> could make much of 2024-level encryption irrelevant in any case.\u00a0<\/p>\n

But the issue is critical today, as more end users are relying on various free encryption apps, including Signal, WhatsApp, and Telegram, which raises concerns about the apps\u2019 weaknesses.<\/p>\n

With the European thief-created app, \u201cmaybe there was a flaw in the way that they put the program together, where the data might have been left in an unencrypted state for a period of time\u201d and that would make it vulnerable to malware on the device, Coclin said.\u00a0<\/p>\n

But he added that he thinks the real flaw was simply that the suspects didn\u2019t sufficiently test their app and didn\u2019t test it among a large enough group of beta users.<\/p>\n

The proper approach is to \u201cdevelop something and then you put it into the public domain. This app was likely thrown together by some hackers and it didn\u2019t get stress tested,\u201d Coclin said.\u00a0<\/p>\n

Erich Kron, security awareness advocate at KnowBe4, agreed that it was mostly likely the app that was broken and not the encryption.<\/p>\n

\u201cThere is not a lot to go off of at this time, so without knowing how the encryption was broken, it\u2019s difficult to say if this will have an impact on legitimate encryption,\u201d Kron said. \u201cTypically speaking, when encryption is broken, especially modern encryption, it usually happens through the way that the application using the encryption handles the keys, not in a fault with the encryption itself.\u201d<\/p>\n

Law enforcement\u2019s having broken this app, however, could send a frightening message to criminals, Kron said.\u00a0<\/p>\n

\u201cA secure way to communicate is vital to these criminal operations, and the disruption of the service will not only impact their ability to continue communications, but also their faith in other applications such as this,\u201d Kron said. \u201cIt may cause them a significant amount of anxiety as they wonder if their communications with other players have been decrypted, and many of the more cautious criminals might have to adjust their current operations to counter the potential that law enforcement knows about them.\u201d<\/p>\n

Implications for CISOs<\/h2>\n

A more dire perspective on the European encryption situation came from Georgianna Shea, the chief technologist for the Foundation for Defense of Democracies, which bills itself as \u201ca nonpartisan think tank focused on national security and foreign policy.\u201d<\/p>\n

\u201cThe Europol takedown of MATRIX underscores critical implications for enterprise CISOs regarding the fleeting security of encryption. Although the exact methods used by authorities remain undisclosed, this incident highlights that no system is impenetrable, and that encryption vulnerabilities may arise from operational weaknesses as much as technical flaws,\u201d Shea said. \u201cCISOs should be taking note of the diminishing lifespan of current encryption standards. Cryptography generally relies on hard mathematical problems, but as computing power advances, these problems become increasingly solvable. CISOs must implement multi-layered defenses such as tokenization, zero-knowledge proofs, distributed storage, and other technologies that protect data even if encryption is compromised. This proactive approach ensures a robust defense against the accelerating evolution of both technology and threats.\u201d<\/p>\n

Another security specialist, Audian Paxson, principal technical strategist at Ironscales, said encrypted communication in an enterprise is surrounded by other technologies, and those other <\/em>pieces of code may be the encryption app\u2019s undoing.<\/p>\n

\u201cI think this MATRIX takedown shows that criminals aren\u2019t losing because encryption is being cracked. It\u2019s because law enforcement is targeting everything around it,\u201d he said. \u201cThey\u2019re going after the infrastructure, endpoints, and sometimes even the people running these platforms. It\u2019s not Hollywood hacking. It\u2019s patient methodical work, like seizing servers or leveraging insider intelligence.\u201d<\/p>\n

Paxson noted that the Europol effort unintentionally illustrates the lack of a need for universal backdoors.<\/p>\n

\u201cThis takedown is a perfect example of law enforcement doing their jobs without needing surveillance backdoors. Those backdoors would create a circus of problems that, to me, will make everyone less secure,\u201d Paxson said. \u201cSure, law enforcement has constraints such as court orders, warrants, red tape, but here\u2019s proof that they can take some of these platforms down. By the way, criminals don\u2019t play by the same rules and constraints. They\u2019ll adapt, always. They\u2019ll move to fragmented and distributed tools, and keep exploiting the gaps.\u201d<\/p>\n

His takeaway? \u201cFor CISOs, the lesson here isn\u2019t to worry about encryption failing. It\u2019s to focus on protecting the endpoints, servers, and especially human vulnerabilities that criminals will always try to exploit \u2014 and they will do so without a court order.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

A group of European law enforcement agencies were able to crack a high-level encryption app that a group of suspects created to avoid law enforcement monitoring, according to a statement issued Tuesday by Europol.\u00a0 Europol, understandably, did not provide any specifics about how they broke the app, but encryption experts said that the most likely […]<\/p>\n","protected":false},"author":0,"featured_media":1082,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1081","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1081"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1081"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1081\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1082"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1081"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1081"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1081"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}