Translated Article: German Cyber Security Strategy without Security

Sanna/ July 27, 2022/ Stories/ 0 comments

Deutsche Cybersicherheitsstrategie ohne Sicherheit by Erich Moechel for fm4.ORF.at The new German Interior Minister Nancy Faeser (SPD) is continuing the cyber course of her predecessor Horst Seehofer (CDU), which according to independent experts has been completely misguided. The professional world “is not amused”. Parallel to the finalization of the new EU directive on cyber security (NIS2), Germany’s new cyber security strategy was presented in Berlin. The European directive, which was negotiated unusually quickly, was welcomed almost unanimously by experts. The new German cyber security strategy, on the other hand, has been consistently criticized by experts since its publication. As a closer look shows, it is neither new nor a security strategy. First and foremost, new powers are being distributed to police authorities and secret services. Trojans instead of cyber security As the table of contents already

Read More

Translated Article: New EU Regulation makes securely encrypted Chats illegal

Sanna/ July 13, 2022/ Stories/ 0 comments

Neue EU-Regulierung macht sicher verschlüsselte Chats illegal by Erich Moechel for fm4.orf.at [This article has been sitting in our translation queue for a while. We have translated the content, because Erich monitors the development of the war against encryption for many decades and has always deep insights into the processes behind the scenes.] The word “encryption” is hardly mentioned directly in the Commission’s draft, which aims to make end-to-end encryption illegal in general. Series, Part 1. The EU Commissioner Ylva Johansson’s Regulation on Combating Child Abuse on the Internet, which was presented on Wednesday, caused incredulous amazement in the professional world. “This will be the most sophisticated system of mass surveillance ever set up outside of Russia or China,” prominent cryptographer Matthew Green wrote in a first reaction on Twitter. Securely encrypted chats are de

Read More

Translated Article: EU Control Committee Blocks Regulation on Chat Surveillance

Sanna/ April 4, 2022/ Stories

EU-Kontrollausschuss blockt Verordnung zur Chat-Überwachung by Erich Moechel for fm4.orf.at [We have translated this article, because we have criticised client side scanning and introducing backdoors to circumvent encryption in past articles. Erich Möchel has an update on the current EU initiative to make encryption useless.]. A leaked report from the Commission’s control committee shows that officials from the Commission’s interior department have not presented a legally compliant draft in two years. The publication of the ordinance on the automated monitoring of chats, which was announced at the end of March, has already been postponed again. This ordinance, ostensibly aimed at combating child abuse, is now 18 months behind schedule. A recent leak now shows the reason for this series of postponements. The officials responsible for the Commission’s draft could not come up with a text

Read More

Translated Article: Internet Traffic in Russia will be Rerouted

Sanna/ March 17, 2022/ Stories

Der Internetverkehr Russlands wird umgeroutet by Erich Moechel for fm4.orf.at With Lumen and Cogent, the leading transit carrier and the number three are just exiting the Russian market. Apparently, this doesn’t happen voluntarily and, above all, not as quickly as announced. After the media sector and the stock exchange, the western sanctions are now hitting the Russian IT industry with full force. With Cogent and Lumen, two of the top five international Internet carriers are in the process of cutting off their major customers in Russia one after the other. Market leader Rostelecom, all mobile phone companies and the Internet group Yandex are losing their strongest connections to the world. On Friday, the London Internet Exchange announced that Rostelecom traffic would no longer be routed. All of this is a first in the history of

Read More

Translated Article: CIA Data Mining in SWIFT Financial Data from Europe

Sanna/ March 2, 2022/ Stories

[Editor’s note: This article was translated before the invasion of Russian troops into Ukraine. It features SWIFT, and the discussed data mining methods still apply regardless of the sanctions.] Data-Mining der CIA in SWIFT-Finanzdaten aus Europa by Erich Moechel for fm4.orf.at Massive financial datasets are constantly being delivered from the EU to the US as part of the TFTP treaty against terrorist financing. The CIA receives this data. The fog is slowly clearing around the huge datasets in which the CIA claims to be data mining. The “foreign financial data platforms” from which the CIA “collects large amounts of structured financial data” to stop ISIS terrorist funding are the databases of payment processor SWIFT. Around 11,000 banks from 200 countries process their payment transactions via the SWIFT system, which currently processes around 40 million

Read More

Translated Article: New ETSI Standard for Reporting Security Vulnerabilities

Sanna/ September 9, 2021/ Stories

Neuer ETSI-Standard zur Meldung von Sicherheitslücken by Erich Moechel for fm4.ORF.at The European Standards Institute for Telecommunications ETSI, previously known more for the standardization of back doors for surveillance authorities than for IT security, is now concerned with finding non-standardized security vulnerabilities. Late but still, the discovery of ever new, critical security gaps in IT equipment in industry has finally woken up the European Standards Institute for Telecommunications (ETSI). The public review period for an ETSI specification, which is intended to standardize the reporting process of security vulnerabilities by third parties, runs until September 15. Since the introduction of LTE (4G), the standards of the IT world have increasingly applied to the formerly proprietary networks of the telecoms. This specification takes this into account by standardizing important IT security processes for the world of telecommunications. However,

Read More

Translated Article: Germany becomes the Federal Trojan Republic

Sanna/ July 12, 2021/ Security, Stories

Deutschland wird zur Bundestrojanerrepublik by Erich Moechel for fm4.ORF.at All 19 secret services now have a license to use malware. IT security vulnerabilities can therefore be kept open, preventive cyber attacks are the best defense – security expert Manuel Atug on the new German “cybersecurity strategy.” Since Friday, the “Law to Adapt the Constitutional Protection Law” has been in force in Germany. All 19 federal and state secret services are now allowed to use Trojan malware. Another law is already in the Federal Council, which authorizes the police authorities to use Trojans even before a criminal offense has occurred. German police and customs authorities have had a legal license to distribute such malware since 2017. At the same time, a new cybersecurity strategy is being worked out which, among other things, stipulates that newly discovered security

Read More

Translated Article: EU-US Negotiations on Cloud Monitoring started

Sanna/ June 7, 2021/ Stories

Verhandlungen EU-USA zur Cloud-Überwachung gestartet by Erich Moechel for fm4.ORF.at The EU has quietly started negotiations on direct data access for European law enforcement officers to data from Whatsapp, YouTube, Zoom and Co with the USA. The next round of negotiations is scheduled for June. The EU Council of Ministers has started negotiations behind the scenes with the USA on “cross-border access to electronic evidence”, according to a Council document classified as “sensitive” that ORF.at has. The first round at diplomatic and official level was held on March 26th. The declared aim of the council is direct access to data in the clouds from WhatsApp, YouTube, or Zoom. The EU directive of the same name on transnational data access within the EU is currently stuck in the trialogue negotiations between the Commission, Council and Parliament. There

Read More

Murder Board Blog Series: Chapter 4 – Trojan Horses or: State Hacking

Sanna/ May 17, 2021/ Internet, Security, Stories

Feeding Pigeons in the Park—Espionage Knowledge is power. Knowing nothing makes one envious when looking at the model of modern information societies. The natural application of networks that transport information is espionage. So the Internet early made acquaintance with it. The aspect of smuggling messages in and out of an area is obvious. It also involves breaking through security measures to gain access to protected information. Whereby large parts of our own information are much less protected than we would like or even be aware of. The e-mails mentioned above are always in plain text and therefore are visible to everyone. An unknown number of third parties read them on the way from sender to recipient and assess this information. And all the information we have in accounts on US platforms (photos, more or

Read More

Murder Board Blog Series: Chapter 3 – Serial Hackers: Organized Crime or Grand Theft Data

Sanna/ May 7, 2021/ Internet, Security, Stories

Motivations and Motifs of the “Cosa Data” Elevate data to a valuable commodity and it gets automatically traded, hoarded, stolen and counterfeited. We can use digital processes both legally and illegally, just like the economy in the physical world. However, cyber crime is about much more than data. Accounts with certain privileges also represent value because they act as a multiplier. For example, a simple e-mail account with stored contacts (address book or even the contact data in existing e-mails). This has several properties at once: Identity, trust and an archive of messages. The archive can be searched directly for valuable data. The identity can be used for fraud with the help of the trust of the contacts to get further access to more accounts and data. Motivation is—on balance—always something like a benefit

Read More

Murder Blog Series: Chapter 2 – Investigations

Sanna/ April 30, 2021/ Stories

Letters as Windows to the World When young people discover the world, they are often happy to receive mail. Who doesn’t like it when others think of you? Once the love letters from the crush have undergone the metamorphosis into heartless letters with windows, we realize: Money rules their content, just like in this story. Leon has a habit. When walking back from the mailbox, he likes to feel the meaning of the contents of letters with his fingers. Here, it’s the letter from the credit card bill. And it has grown to several meaty millimeters. Leon hopes for a change in the terms and conditions. However, after opening it, it turns out that, unfortunately; it is a list of payments. He can barely remember the individual items. There are just too many—and most

Read More

Murder Board Blog Series: Prequel

Sanna/ April 16, 2021/ Security, Stories

[This is the first part of a five-part article series describing analogies between the world of IT security and research in other fields. Analogies are often used to deflect and conceal missing arguments. Didactics uses analogies as a powerful tool to explore your own understanding and to help you use your knowledge from other fields. Please use the articles of the Murderboard series (our name for the five-part article) for educating IT-affine people about information security. It’s never bad to have allies who understand what to look for in time of trouble.] It was a warm summer day when I got a call from an acquaintance who wanted to hire me for data protection coaching with one of his clients. Besides crime writing, I also work in data protection, helping self-employed people and small

Read More

Translated Article: EU-US Summit Against Secure Encryption

Sanna/ March 31, 2021/ Legal, Stories

Gipfel EU-USA gegen sichere Verschlüsselung by Erich Moechel for fm4.ORF.at The agenda of the virtual meeting at a high-ranking official level in two weeks features pretty much all data protection-related topics that are currently controversial in Europe. Joe Biden’s appearance before the EU Council of Ministers will be followed by a two-day video conference on April 14th at the top level of officials in the field of justice and homeland security between the EU and the USA. Practically all currently controversial issues around data protection are on the agenda, from cross-border data access for law enforcement officers to joint action against secure encryption. This is also the case with the “fight against child abuse”, which is once again being instrumentalized for these general surveillance projects. Ylyva Johansson, EU Commissioner for Home Affairs and Justice, commissioned a

Read More

Translated Article: Further Wrangling in the Council of Ministers over Competences for Europol

Sanna/ March 30, 2021/ Discussion, High Entropy, Legal, Stories

Weiter Gerangel im Ministerrat um Kompetenzen für Europol by Erich Moechel for fm4.ORF.at A majority led by Germany and France does not even want to give Europol the power to initiate transnational investigations itself in the event of a major cyber attack. On Monday the EU Council of Ministers decided on an approach for a new cybersecurity strategy. A network of “Security Operation Centers” across Europe will form an early warning system against attacks, and a new “Joint Cyber Unit” will be responsible for crisis management. In addition, they want to promote strong encryption methods together – but with back doors for law enforcement officers. Whether this collection of buzzwords will actually become an EU-wide implemented strategy is very much in question. The ongoing discussions in the Council of Ministers about the planned new powers of

Read More