back to article Belgian police seize 28 tons of cocaine after 'cracking' Sky ECC's chat app encryption

The Belgian plod says it seized 27.64 tons of cocaine worth €1.4bn (£1.2bn, $1.65bn) from shipments into Antwerp in the past six weeks after defeating the encryption in the Sky ECC chat app to read drug smugglers' messages. "During a judicial investigation into a potential service criminal organization suspected of knowingly …

Page:

  1. RegGuy1 Silver badge

    Encyrption back door?

    So you CAN put back doors into encrypted software. So what our Pritti Home Secretary said is correct and our security services CAN have their data.

    ... Wait a cotton-picking minute there. I thought the mathematics says its not possible. Two very large primes are all that's needed, and there's no other way in. So presumably either the messages were not encrypted, or the platform got hacked and someone installed a keylogger. Hmm, now which of these is the more likely...?

    1. JimboSmith Silver badge

      Re: Encyrption back door?

      Or somebody was arrested and on the receiving end of a lot of charges. They decided to open their device so their messages could be read and replied to by the plod in return for less charges. The encryption could have been shit or for Police Specialists you can read another unnamed agency.

      1. Mark 65 Silver badge

        Re: Encyrption back door?

        Potential source is, as another post states, someone in a lot of chats/group messages got caught and made a deal. No breach of encryption necessary as you have a device able to see all those messages.

        There's always the possibility of a flaw in the implementation - crypto is hard.

        If they have access to an unlocked device then all bets are off.

    2. Mr. A

      Re: Encyrption back door?

      No-one every said they couldn't back door encryption, only that it's a monumentally stupid idea. But hey, I'm sure those in power can be trusted not to abuse that power, right?

      1. big_D Silver badge

        Re: Encyrption back door?

        And they'll be able to stop the "bad guys" from getting the backdoor keys within a couple of hours of them being issued.

        1. Yet Another Anonymous coward Silver badge

          Re: Encyrption back door?

          Especially when the bad guys and good guys is a matter of opinion

    3. Nick Porter

      One sub postmaster's story

      It's very unlikely to have been a straight crack of encrypted data in-flight. If they managed to do that they would certainly not announce the fact.

      Much more likely to be trojaned software (like Encrochat), keylogger or traditional human intelligence, followed by a nice big announcement to scare the shit out of the remaining users and drive them to (potentially less secure) communication methods.

      1. chivo243 Silver badge
        Holmes

        Re: One sub postmaster's story

        I'm sure they inserted their "own" server\node it's the general MOD lately with the Dutch authorities...

        1. John Sturdy
          Holmes

          Re: One sub postmaster's story

          Or inserted their own person into the dealer network --- probably easier.

    4. Anonymous Coward
      Anonymous Coward

      Re: Encyrption back door?

      You're assuming the crypto was correctly implemented. Doing it right isn't just a matter of picking an algo with a long key length and then weaving some code around it, and I suspect it;s there where the problem was.

      I actually caught the interview about this on TV, and if I'm right, the person interviewed accidentally revealed they were (and are) listening in in real time. To me, that suggests a cracked algorithm instead of just a single subverted phone, and I think the people who were selling this may not sleep all that well right now.

      As I said before, pissing off a customer base that is mainly composed of criminals strikes me as a good way to add a lot of excitement and possible life shortening events to your existence :).

      1. John Riddoch

        Re: Encyrption back door?

        The mention of "exchanging text messages" in the article implies short payloads and that may have made it easier for them to crack the encryption too. I'm pretty sure that short payloads are significantly easier to crack if you know the encryption and there's often "padding" put into short messages in real encryption to make it harder to crack.

        So, yeah, poorly implemented crypto is a likely method of interception. I wonder how much they may have to reveal in the subsequent court cases on their methods?

        1. Michael Wojcik Silver badge

          Re: Encyrption back door?

          I'm pretty sure that short payloads are significantly easier to crack if you know the encryption

          Only for certain broken protocols, and in the trivial sense that very short messages only have a small number of possible corresponding plaintexts. (If you intercept a single-bit message, you know the original plaintext was one of two bits, and the actual message was one of two possibilities.)

          In fact large amounts of ciphertext are generally more problematic, though for modern algorithms and protocols, it's not an issue for most use cases.

          and there's often "padding" put into short messages in real encryption to make it harder to crack.

          Not really. A number of cryptographic algorithms and protocols make use of padding, but the technical reasons for that are more complex than just "it's too short". And as a practical matter, padding is more often a source of vulnerabilities, such as padding oracles.

      2. low_resolution_foxxes Silver badge

        Re: Encyrption back door?

        The other option, is that the whole encrypted phone business was an intelligence scam in the first place, with the US are inditing the Sky Global chappy as a cover story to prevent their lead man getting shot in revenge and making it sound plausible

    5. Blazde Silver badge

      Re: Encyrption back door?

      The mathematics doesn't say its not possible. Decades of trying to factor (or whatever) quickly and failing says maybe it's not possible. Decades of trying to prove it's not possible and failing says it still might be.

      I wish people understood this subtlety better now our entire digital world, global financial system and several whole currencies all rely on modern crypto.

      1. Michael Wojcik Silver badge

        Re: Encyrption back door?

        RSA depends on factoring. DLP and ECC do not; neither do the various PQC schemes in the NIST competition, for example.

        I wish people who talk about "modern crypto" understood that it's not all RSA.

    6. Doctor Syntax Silver badge

      Re: Encyrption back door?

      "So presumably either the messages were not encrypted, or the platform got hacked and someone installed a keylogger."

      Or the service mediated the key exchange and kept copies or was being monitored.. End to end encryption is fine so long as nobody else knows the keys.

      1. Michael Wojcik Silver badge

        Re: Encyrption back door?

        If it was actually end-to-end encryption -- a term of art -- then the service couldn't have discovered the keys. So we're back to a lie, a bad implementation, or tampering. At this point idle speculation is just that.

    7. low_resolution_foxxes Silver badge

      Re: Encyrption back door?

      It's an Android OS, there are plenty of hackers and nation states who can backdoor the OS and monitor the screen, so they think encryption of messaging would cause a fuss who knows.

    8. Dave 15 Silver badge

      Re: Encyrption back door?

      The maths say that you can break it with enough power and time. Moreover of course there are likely to be implementation flaws. I wonder as well about the keys, how do we really know whether these are shared, after all they may be on your security chip but that is actually zero guarantee given how few people can really check the chips innermost workings. I smell some complicity here, lull the criminals into falso security to build up.enouhh evidence, or use strong arm threats to get cooperation from a supplier. We managed to hide bletchley park from the jerries all through ww2 i have little doubt what NSA and gchq have known for sometime how to break all common cipher algos

      1. Michael Wojcik Silver badge

        Re: Encyrption back door?

        The maths say that you can break it with enough power and time.

        A meaningless statement, in practice.

        First, of course, "it" hasn't been defined. RSA? ADH? ECC? Some other key agreement protocol? AES? Some other symmetric cipher? Or is this just hand-waving?

        Second, once you assume unbounded resources, the question is no longer interesting. If you have a decision procedure for determining what the correct plaintext is, you can just try every possible key, or even every possible plaintext, "with enough power and time".

        Third, it's quite easy to scale cryptographic algorithms up to the point where there aren't enough resources in the visible universe to brute-force them using a conventional computer. It's quite easy to do that for symmetric algorithms and hashing even with general quantum computing. It's a bit harder to do that for asymmetric crypto (key agreement and signatures), but we have candidates with strong evidence for being secure under GQC.

        It's vanishingly unlikely that any correctly-implemented, well-studied, modern cryptography was broken in this case. Any of the mooted alternatives -- bad implementation, false implementation (the "it was a trap" theory), insider compromise -- are all much, much more probable.

        Years ago, Bruce Schneier famously claimed that cryptography was good enough, and that "if you think your problem is cryptography, you don't understand cryptography and you don't understand your problem". Since then there have been successful attacks on widely-deployed cryptographic algorithms (MD5, SHA1, RC4) and protocols (all SSL/TLS versions prior to TLSv1.2, pretty much anything using CBC and not making a special effort to mitigate padding oracles, etc.). And we have the perennial worry that maybe someone will get feasible large-scale GQC working and so we need post-quantum asymmetric cryptography. But Schneier's basic point was right: implementations and people are the big threats to communication and data security, not the underlying cryptography.

  2. Dave314159ggggdffsdds Silver badge

    Why don't the police cut out the middleman and set up their own encrypted messaging service as a honeytrap? It worked for the NSA with tor...

    1. alain williams Silver badge

      Cut out middle men

      I would be very surprised if this did not happen. It is an obvious tactic and the cops are not that stupid.

      I was wondering what they do with 28 tons of cocaine ? It is not a small bag that can be tossed into a bin and forgotten about. Burning it would have interesting effects on anyone down wind of the incinerator.

      1. Anonymous Coward
        Anonymous Coward

        Re: Cut out middle men

        It is an obvious tactic and the cops are not that stupid.

        They are in the US. For decades now police departments specifically discriminate against the intelligent claiming intelligent people don't want to stay cops, but instead move on the become lawyers and the like. As a result, the average cop IQ in the US is only 104. It's probably a factor in why the US has such a large problem with cops shooting people when it's not justified. For perspective, the average IQ of enlisted soldiers in the US armed forces is 109, and officers in the US armed forces is in the low 120's.

        https://abcnews.go.com/m/story?id=95836

        1. Anonymous Coward
          Anonymous Coward

          Re: Cut out middle men

          The difference in training between countries is a bit pronounced as well.

          UK: Join and commence a 3 month training programme, which qualifies the holder to use handcuffs, and a truncheon for the 3 years worth of on the job training and mentorship. So 3 years and 3 months on from joining you've qualified to work on your own. Two years after this is completed (with a satisfactory service history) then you could apply to become one of a few thousand armed police officers nationwide, and if you could pass dozens of stringent courses with a very low pass rate designed to weed out undesirables and individuals without a high enough level of competence then you might eventually be allowed to carry a firearm. If you use it at all expect to be grilled mercilessly and if it transpires to be an inappropriate use of force then you'll be charged with murder.

          Random US Town: join and get given a police badge, handcuffs and a pistol and shotgun for your police car on the first day. And um, want an assault rifle or a minigun mounted on a humvee or anti tank mine proof assault vehicle? Available through our military disposals program for your town if you ask nicely at a huge discount! And try not to kill too many people; it causes bad PR and we might fire you.

        2. onemark03 Bronze badge

          officers in the US armed forces is in the low 120's.

          To be an officer in the US armed forces you have to have a tertiary degree but I don't know whether that makes much of a difference in this context.

          1. Jan 0 Silver badge

            Re: officers in the US armed forces is in the low 120's.

            Tertiary Degree? As in First, Second, Third and Fail?

        3. CrackedNoggin Bronze badge

          Re: Cut out middle men

          There is a difference between IQ and being wise. Wisdom includes social morals and sociability. There are plenty of high IQ people who are sociopaths. In the 90's the term EQ (Emotional Quotient) became popular. EQ itself became a monetized fad, but the original idea is correct.

          1. Michael Wojcik Silver badge

            Re: Cut out middle men

            There's a difference between IQ and intelligence, too. "Intelligence" is a poorly-defined blanket concept which represents some arbitrary subset of many intellectual faculties, while "IQ" is a nonsense metric invented to promote scientific racism.

      2. JimboSmith Silver badge

        Re: Cut out middle men

        There's a shaggy dog story I was told about that. One of the South American countries had found a stash of marching powder in a rural area. They were worried about a cartel trying to get it back. So they decided to incinerate it quickly at a disused, local but out of the way industrial facility. Something went wrong and loads of it went unburned, up the chimney to be carried by the winds elsewhere.

        Also this happened to the BBC journalist Quentin Sommerville at a drugs incineration.

        https://www.youtube.com/watch?app=desktop&v=NAssPedIdbk

        1. Fruit and Nutcase Silver badge
          Happy

          Re: Cut out middle men

          Ship the lot off to SpaceX - Musk may be able to find some use for it - convert it to rocket fuel, or something like that. Lift-off powered by marching powder

          1. Michael Wojcik Silver badge

            Re: Cut out middle men

            Sell it to Coca-Cola so they can come out with a line of Really Classic Coke.

      3. Anonymous Coward
        Anonymous Coward

        Re: Cut out middle men

        "I would be very surprised if this did not happen."

        The way that Apple continuously go on about how they are committed to user's privacy etc often makes me wonder if they are a TLA front organisation!

        N.b. there is evidence of this sort of thing in the past - when Mint launched their "global SIM card" there was significant amount of oppostion from the US authorities as this allowed bad-agents to have mobile phone accounts that they "couldn't track" which clearly registered with some targets as a couple of years later a US General in Afghanistan, showing a lack of judgment, boasted that they were having great succcess against the Taliban as "they all use Mint phones ... as soon as we see one connect to a cell tower we send in a drone to take them out" - result was Taliban immediately stopped using all mobiles and relied on commuinicating by passing messages personn-to-person only.

        1. Fruit and Nutcase Silver badge
          Alert

          Re: Cut out middle men

          Apple do try to control one particular aspect with respect to iPhones

          "Apple does not 'let bad guys use iPhones on screen'

          https://www.theguardian.com/technology/2020/feb/26/apple-does-not-let-bad-guys-use-iphones-on-screen

      4. Khaptain Silver badge

        Re: Cut out middle men

        "I was wondering what they do with 28 tons of cocaine"

        Next time you are at a demo and the police seem to have an extremely cocky/overpowering attitude just think back to that 28 tonnes of the purest.......

      5. bazza Silver badge

        Re: Cut out middle men

        Depends how hot it gets. Converted to plasma and its nothing but carbon, hydrogen ions plus a few traces of other elements.

    2. macjules Silver badge

      Rather suspect the Albanians running the cocaine import business have already cut out the middlemen .. probably quite literally.

    3. Mark 65 Silver badge

      If it worked for the NSA and Tor that must mean that the NSA's intentions were to just watched a never ending stream of p0rn.

  3. amanfromMars 1 Silver badge

    I suppose there are different rules for certain other convenient conduits

    One does have to wonder whether such thinking extends to threaten the state and the fate of the dollar, which has for decades at least, and is still blatantly used as the default prime medium for the purchase and trafficking of drugs.

  4. Muppet Boss Bronze badge

    Looks like new market opportunities for certain types...

  5. Version 1.0 Silver badge

    Job opportunities ?

    Maybe there are organizations out there that would pay developers to create their own encryption apps? This is actually a good example of how encryption that is sold as "100% secure" ... in reality is not 100% safe, regardless of where you use it.

  6. Anonymous Coward
    Anonymous Coward

    potential service criminal organization suspected of knowingly providing

    GUILTY! GUILTY! GUILTY!

  7. Bertieboy

    Cocaine

    Hmmm... 27.64 tonnes - that's not to be sniffed at!

    1. Khaptain Silver badge

      Re: Cocaine

      Hey Charlie, please don't blow on the snow or the ice, even though at it's base it is free, this crystal sugar feels nice..

    2. Persona Silver badge

      Re: Cocaine

      Way too much for personal use. With that sort of tonnage they really should be using the wholesale price and not the retail one.

      1. Al fazed

        Re: Cocaine

        Or a fatter tube

    3. Alan Brown Silver badge

      Re: Cocaine

      no, but it's a drop in the ocean of what's actually coming in and is essentially letting the authorities have some cheap publicity for something with a very cheap actual wholesale value (essentially thousands, and trivially replacable. the gangs are far more concerned about losing cash, not products)

      this is why the war on drugs was won long ago by the people with the drugs

      1. Yet Another Anonymous coward Silver badge

        Re: Cocaine

        Hopefully it is a drop in the ocean. If it was a significant effect on supply it would lead to price rises and presumably 'enhanced competitive behaviour' in the distribution staff

      2. Michael Wojcik Silver badge

        Re: Cocaine

        Replace it? It's not like coca leaves grow on trees!

        Oh, wait.

  8. This post has been deleted by its author

  9. Huw D

    Getting prepared for the restart of arena-sized concerts in Europe?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021