#Cryptoleaks est le nom donné aux révélations faites plusieurs médias dans le monde, en février 2020, selon lesquelles l'entreprise #suisse #CryptoAG aurait fourni à des gouvernements du monde entier des systèmes de chiffrement contenant une porte dérobée permettant aux renseignements allemands et américains d'avoir accès aux communications transitant par ces systèmes.
C’est le coup du siècle du #renseignement. Pendant des décennies, la CIA et ses alliés ont réussi à intercepter et déchiffrer des #communications #secrètes du monde entier, grâce à Crypto AG, une #entreprise suisse hors de tout soupçon. A la base créée par un véritable passionné, le suédois Boris Hagelin, cette dernière va finir par tomber entre les mains du renseignement #américain, grâce à beaucoup d’argent, pas mal d’audace et une amitié bien utile à exploiter.
Pour plus de renseignements sur cette affaire, allez check ces merveilles :
L’article de CryptoMuseum : https://www.cryptomuseum.com/manuf/crypto/index.htm
L’article de Greg Miller pour le Washington Post : https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/
Le documentaire de la RTS : https://youtu.be/SWFlA248spU
The Crypto AG CIA backdoor story (2020) clarifies to me much of the neverending flood of "outlaw strong crypto" thinkpieces and "lawful access" (a/k/a mandated backdoors) proposals.
I realised today that the whole #SecurityByObscurity discussion was missing a major insight: For much of the Cold War period, the operational standard has been instead #InsecurityByObscurity
Crypto AG was an allegedly secure system which was, obscure to the public, insecure. And that insecurity (along with fear, suprise, ruthless efficiency, and an almost fanatical devotion to the Pope), seems to have been a key element of US and #FiveEyes surveillance capabilities from the 1950s onward. (I'm aware Crypto AG's role under the CIA begain ~1970.) More recent stories of package intercepts (where backdoors are installed on specific equipment), zero-day hacks (such as are routinely purchased and exploited by Cellebrite, Palantir, the NSO Group, and others, is the logical extension of Crypto AG methods. As is putting a surveillance device in the pockets of the population that the surveillance targets themselves fight amongst themselves to buy.
Our information systems, technology, devices, and infrastructure are, obscure to us, insecure. And we fall for it again and again.
Because while the cryptography of the NSA and Five Eyes, as well as their counterparts worldwide, is no doubt prodigious, the cheapest way to break through a wall is to go around it. By far.
And virtually all the continuous whinging since the early 1990s about the hazards of emerging strong crypto makes vastly more sense in this context. The agencies know their own strengths, weaknesses, and secret weapons. And have been trying to preserve their advantage. (Even though this ultimately puts us all at vastly greater risk.) Their policy recommendations have been premised on this, even if they've been unwilling to admit this publicly.
But yeah, insecurity by obscurity as an operational norm. Describes much of the present Web as well.
Adapted from an earlier Mastodon thread: https://mastodon.social/@natecull/106112437055287730
#CryptoAG #security #surveillance #surveillanceCapitalism #surveillanceState #infosec #infotech
😖 Das schlimmste an dieser unqualifizierten Debatte zu #5G, #Huawei und „Die Kinesen tun Löcher ins Netzwerk häcken!!1!elf“-Debatte in Medien, Kabinett und Parlament ist, dass ALLE seit Jahren (und seit #Snowden!) wissen, dass #US-amerikanische Netzwerkausrüster wie #Cisco, #Juniper & Co. bewiesenermaßen genau so durchlöchert sind! 🗑️
dazu auch: https://m.heise.de/security/artikel/Best-of-Backdoor-Fails-4660194.html
Und wer jetzt nach 'nem theutschen #Siemens-Volksdampfrouter ruft, sei herzlich die #CryptoAG / #Rubikon um die Ohren gehauen! 😡
:quality(100)/arc-anglerfish-washpost-prod-washpost/public/JBWJ3HR4RQI6VL7CBEHLG63AWE.jpg)