Translated Article: Germany becomes the Federal Trojan Republic

Sanna/ July 12, 2021/ Security, Stories/ 0 comments

Deutschland wird zur Bundestrojanerrepublik by Erich Moechel for fm4.ORF.at All 19 secret services now have a license to use malware. IT security vulnerabilities can therefore be kept open, preventive cyber attacks are the best defense – security expert Manuel Atug on the new German “cybersecurity strategy.” Since Friday, the “Law to Adapt the Constitutional Protection Law” has been in force in Germany. All 19 federal and state secret services are now allowed to use Trojan malware. Another law is already in the Federal Council, which authorizes the police authorities to use Trojans even before a criminal offense has occurred. German police and customs authorities have had a legal license to distribute such malware since 2017. At the same time, a new cybersecurity strategy is being worked out which, among other things, stipulates that newly discovered security

Read More

Translated Article: EU-US Negotiations on Cloud Monitoring started

Sanna/ June 7, 2021/ Stories/ 0 comments

Verhandlungen EU-USA zur Cloud-Überwachung gestartet by Erich Moechel for fm4.ORF.at The EU has quietly started negotiations on direct data access for European law enforcement officers to data from Whatsapp, YouTube, Zoom and Co with the USA. The next round of negotiations is scheduled for June. The EU Council of Ministers has started negotiations behind the scenes with the USA on “cross-border access to electronic evidence”, according to a Council document classified as “sensitive” that ORF.at has. The first round at diplomatic and official level was held on March 26th. The declared aim of the council is direct access to data in the clouds from WhatsApp, YouTube, or Zoom. The EU directive of the same name on transnational data access within the EU is currently stuck in the trialogue negotiations between the Commission, Council and Parliament. There

Read More

Murder Board Blog Series: Chapter 4 – Trojan Horses or: State Hacking

Sanna/ May 17, 2021/ Internet, Security, Stories/ 1 comments

Feeding Pigeons in the Park—Espionage Knowledge is power. Knowing nothing makes one envious when looking at the model of modern information societies. The natural application of networks that transport information is espionage. So the Internet early made acquaintance with it. The aspect of smuggling messages in and out of an area is obvious. It also involves breaking through security measures to gain access to protected information. Whereby large parts of our own information are much less protected than we would like or even be aware of. The e-mails mentioned above are always in plain text and therefore are visible to everyone. An unknown number of third parties read them on the way from sender to recipient and assess this information. And all the information we have in accounts on US platforms (photos, more or

Read More

Murder Board Blog Series: Chapter 3 – Serial Hackers: Organized Crime or Grand Theft Data

Sanna/ May 7, 2021/ Internet, Security, Stories/ 1 comments

Motivations and Motifs of the “Cosa Data” Elevate data to a valuable commodity and it gets automatically traded, hoarded, stolen and counterfeited. We can use digital processes both legally and illegally, just like the economy in the physical world. However, cyber crime is about much more than data. Accounts with certain privileges also represent value because they act as a multiplier. For example, a simple e-mail account with stored contacts (address book or even the contact data in existing e-mails). This has several properties at once: Identity, trust and an archive of messages. The archive can be searched directly for valuable data. The identity can be used for fraud with the help of the trust of the contacts to get further access to more accounts and data. Motivation is—on balance—always something like a benefit

Read More

Murder Blog Series: Chapter 2 – Investigations

Sanna/ April 30, 2021/ Stories/ 2 comments

Letters as Windows to the World When young people discover the world, they are often happy to receive mail. Who doesn’t like it when others think of you? Once the love letters from the crush have undergone the metamorphosis into heartless letters with windows, we realize: Money rules their content, just like in this story. Leon has a habit. When walking back from the mailbox, he likes to feel the meaning of the contents of letters with his fingers. Here, it’s the letter from the credit card bill. And it has grown to several meaty millimeters. Leon hopes for a change in the terms and conditions. However, after opening it, it turns out that, unfortunately; it is a list of payments. He can barely remember the individual items. There are just too many—and most

Read More

Murder Board Blog Series: Prequel

Sanna/ April 16, 2021/ Security, Stories/ 3 comments

[This is the first part of a five-part article series describing analogies between the world of IT security and research in other fields. Analogies are often used to deflect and conceal missing arguments. Didactics uses analogies as a powerful tool to explore your own understanding and to help you use your knowledge from other fields. Please use the articles of the Murderboard series (our name for the five-part article) for educating IT-affine people about information security. It’s never bad to have allies who understand what to look for in time of trouble.] It was a warm summer day when I got a call from an acquaintance who wanted to hire me for data protection coaching with one of his clients. Besides crime writing, I also work in data protection, helping self-employed people and small

Read More

Translated Article: EU-US Summit Against Secure Encryption

Sanna/ March 31, 2021/ Legal, Stories/ 0 comments

Gipfel EU-USA gegen sichere Verschlüsselung by Erich Moechel for fm4.ORF.at The agenda of the virtual meeting at a high-ranking official level in two weeks features pretty much all data protection-related topics that are currently controversial in Europe. Joe Biden’s appearance before the EU Council of Ministers will be followed by a two-day video conference on April 14th at the top level of officials in the field of justice and homeland security between the EU and the USA. Practically all currently controversial issues around data protection are on the agenda, from cross-border data access for law enforcement officers to joint action against secure encryption. This is also the case with the “fight against child abuse”, which is once again being instrumentalized for these general surveillance projects. Ylyva Johansson, EU Commissioner for Home Affairs and Justice, commissioned a

Read More

Translated Article: Further Wrangling in the Council of Ministers over Competences for Europol

Sanna/ March 30, 2021/ Discussion, High Entropy, Legal, Stories/ 0 comments

Weiter Gerangel im Ministerrat um Kompetenzen für Europol by Erich Moechel for fm4.ORF.at A majority led by Germany and France does not even want to give Europol the power to initiate transnational investigations itself in the event of a major cyber attack. On Monday the EU Council of Ministers decided on an approach for a new cybersecurity strategy. A network of “Security Operation Centers” across Europe will form an early warning system against attacks, and a new “Joint Cyber Unit” will be responsible for crisis management. In addition, they want to promote strong encryption methods together – but with back doors for law enforcement officers. Whether this collection of buzzwords will actually become an EU-wide implemented strategy is very much in question. The ongoing discussions in the Council of Ministers about the planned new powers of

Read More

Translated Article: E-Privacy Regulation allows retained Data and duplicate Keys

Sanna/ March 29, 2021/ Discussion, Internet, Legal, Stories/ 0 comments

E-Privacy-Verordnung erlaubt Vorratsdaten und Nachschlüssel by Erich Moechel for fm4.ORF.at The most important EU regulation for the protection of privacy contains a license for data processing of all kinds without the consent of the user and allows political parties to spread spam mail. For four years the e-privacy regulation has been stuck in the EU Council of Ministers, but under the Portuguese presidency, it was possible to agree on a version for the first time. However, this version of the “Ordinance on the Respect of Privacy and the Protection of Personal Data” has been designed in such a way that Germany’s top data protection officer, Ulrich Kelber, sees “several red lines crossed at the same time”. In addition to the reference to data retention, which was rejected by the EU Court of Justice for the third

Read More

Translated Article: EU Decryption Plans apparently “Done Deal”

Sanna/ December 30, 2020/ Stories

EU-Entschlüsselungspläne offenbar „beschlossene Sache“ by Erich Moechel for fm4.ORF.at Even without an official mandate from the Council for such a regulation, the Commission has already started to anchor a decryption requirement in other regulation projects. Chronicle of the second Cyberwars from 2014 to today, Part II. You can find part one here. The controversial resolution of the Council of Ministers against secure encryption was anchored in the new draft guidelines for “high-class cyber security” of December 16. Since resolutions are not binding per se, this indicates a “Fait Accompli”, an informally already decided matter. From data retention (until 2006) to the currently adopted regulation against online terrorist propaganda (start in 2016) , all major EU surveillance projects have started in this way. So much more than the public information available so far should have already

Read More

Translated Article: EU Directive for “High-Class Cybersecurity” with Duplicate Keys

Sanna/ December 29, 2020/ Conference, Security, Stories

EU-Richtlinie für „hochklassige Cybersicherheit“ mit Nachschlüsseln by Erich Moechel for fm4.ORF.at. The key message of the Council of Ministers’ resolution against secure encryption has already arrived in a first draft directive. For this reason here’s a historical outline of the new Crypto Wars since 2014. The resolution of the EU Council of Ministers against secure encryption, which resulted in so much criticism, has already appeared in a first draft directive. A corresponding passage can be found in the new draft directive on “Measures for high-quality cybersecurity in the Union”. The date of December 16 of the document shows that it was already drawn up before the Council resolution was passed (on December 19). Here, too, it is claimed that secure end-to-end encryption remains intact if duplicate keys are generated for third parties. Meanwhile the EU

Read More

Translated Article: Urgent Warning of Back Doors in Citrix Systems

Sanna/ October 6, 2020/ Stories

Dringende Warnung vor Hintertüren in Citrix-Systemen by Erich Moechel for fm4.ORF.at An unknown number of these VPN gateways, which protect important networks in Austria such as electronic official traffic, ministries, supermarket chains, etc., are infected with malware. Ransomware blackmailers are now attacking one network after another. After the huge security gap in Citrix dial-up systems (“Shitrix”) at the beginning of the year, the consequences are now coming to light. The German security consultants HiSolutions have recently discovered a number of encryption attacks that were carried out through back doors installed at the time. Large company and authority networks are affected, which, like the electronic file traffic of the Republic (ELAK), were open for weeks over the turn of the year. Almost all of these “VPN gateways” were backed up by software updates much too

Read More

Translated Article: EU Council of Ministers discusses Back Doors in Encryption again

Sanna/ July 21, 2020/ Security, Stories

EU-Ministerrat diskutiert wieder Hintertüren in Verschlüsselung by Erich Moechel for fm4.ORF.at Gilles de Kerchove, EU’s anti-terror coordinator, is once again working against secure encryption per se. Since these new demands by law enforcement officials on the EU Council of Ministers are nowhere openly accessible, this confidential Council document is published in full by FM4. The corona virus pandemic has led to a surge in teleworking worldwide. Instead of behind firewalls in secure corporate networks, millions of employees worldwide work from insecure home offices. The only real protection is the end-to-end encryption (E2E) of the data traffic. In the middle of this scenario, the “Five Eyes” secret service alliance is starting the next phase of its global campaign against secure encryption. Again, police law enforcement is used as a vehicle. After the United States, the European protagonist

Read More

Translated Article: US bill against Secure Encryption of Chats

Sanna/ July 17, 2020/ Internet, Security, Stories

US-Gesetzesentwurf gegen sichere Verschlüsselung von Chats by Erich Moechel for fm4.ORF.at A new US law on “Access by law enforcement officers to encrypted data” is intended to force chat providers such as Signal or WhatsApp to incorporate back doors into their security architectures. In the United States, a bill is on its way to the Senate that has stunned the IT industry. The planned law on “Access by law enforcement officers to encrypted data” turns upside down all the rules that have been in force on the WWW for 25 years. Encrypted chats and data backup for a wide audience should therefore only be offered if the provider has duplicate keys. That would be the end of end-to-end encryption (E2E) from Signal, WhatsApp and others. The same applies to hardware manufacturers who have to provide access

Read More