Wikileaks CIA Files – What this means for Internet security and encryption

wikileaks cia vault7

Earlier today, Wikileaks dumped a large database of secret documents from the CIA in a released dubbed #Vault7. Here we do a deeper analysis of the leak and the broader implications on online security and encrypted services.

Our in-depth analysis of the leaked CIA files is found at the bottom of this post. First, we will discuss the main question on everybody’s mind – how are encrypted services like ProtonMail impacted, and what insights did we gain into the strategies of state-backed attackers.

No, Encryption Is Not Dead

Immediately after the news broke, stories began circulating, along the lines of “Signal/Whatsapp encryption broken!”, fueled in part by Tweets put out by Wikileaks. This was followed predictably by online chatter speculating into whether or not ProtonMail had been cracked.

Wikileaks - CIA bypasses Signal, Telegram, Whatsapp

We can state unequivocally that there is nothing in the leaked CIA files which indicates any sort of crack of ProtonMail’s encryption. And despite claims to the contrary, there is also no evidence that Signal/Whatsapp end-to-end encryption has been breached. Here’s what we do know:

Over the past three years, the CIA has put together a formidable arsenal of cyberweapons specially designed to gain surveillance capabilities over end-user devices such as mobile phones and laptop/desktop computers. These advanced malwares enable the CIA to record actions such as keystrokes on a mobile device, allowing them to conduct surveillance without breaking encryption. Through this technique, US intelligence agencies can gain access to data before they have been encrypted. This is in fact the only way to achieve data access, because cracking the cryptography used in advanced secure communication services such as ProtonMail and Signal is still impractical with current technology.

In other words, the core cryptographic algorithms and techniques used by ProtonMail and other encrypted services remain secure. The exploitation of user endpoints (mobile phones, personal computers, etc) is actually not a new technique, but one that has existed since the first malware was created. This unfortunately is not something that cryptography is designed to defend against, as encryption by itself cannot guarantee the security of end-user devices. What the CIA files dumped by Wikileaks do reveal however, is a significant shift in strategy since the last disclosure of this kind was made by Edward Snowden in 2013.

State-backed Cyberattack Strategy is Changing

ProtonMail is tool that is used by millions of people around the world to ensure email communications security. In addition to ordinary people and businesses, ProtonMail is also used by journalists, activists, and dissidents, who often require protection from government surveillance for their personal safety. Because of these factors, we make it our business to carefully study and understand state adversaries in order to better protect our userbase.

The Wikileaks CIA files is therefore, a comprehensive update into state cyberwarfare strategies since Snowden gave us the first edition. In fact, the trends that the files reveal are arguably global, since it is highly probable that other major players in this space (Russia, China, UK, Israel, etc) will have independently reached the same conclusions regarding overall strategy.

Some of the most interesting revelations from the Snowden leaks was the extent in which the NSA actively sought out information from the US tech giants, either with consent, or even without consent. This made a lot of sense, because the biggest global databases of sensitive personal data do not belong to the NSA, but actually to companies like Google and Facebook, who have already shown ample willingness to exploit such data for profit, sometimes via unscrupulous means.

Since 2013 however, the world has changed. Consumer and business awareness of online privacy and security is at an all time high, and more and more people around the world are increasingly choosing more secure services which respect privacy. Today, end-to-end encryption has gone mainstream, and services such as ProtonMail and Whatsapp boast millions of regular people as users. The use of end-to-end encryption means services such as ProtonMail are not actually able to decrypt user data. Even if we wanted to compromise user data, we do not have the technical means to decrypt the user emails. Furthermore, even if an attacker breached ProtonMail servers, all the emails stored on our servers are encrypted, so an attacker also would not be able to read user emails.

It’s clear from the leaked CIA documents that as the world has changed, stated-backed cyberattackers have also evolved. As we describe below, the varied leaked files are tied together by a common thread – an almost singular focus on producing malware to attack end-user devices. This is a logical response to the rise of end-to-end encrypted services such as ProtonMail. Services such as ProtonMail have significantly raised the barrier for obtaining data directly from the service provider, and many services are now based outside of the United States, beyond the reach of legal coercion. As such, it has now become easier, and more productive to directly hack individual users.

This opens up a terrifying new narrative where government spies are actively deploying viruses and trojans against their own citizens, joining the ranks of common cybercriminals. While this is by no means good news for privacy rights worldwide, it is in some ways, a win for privacy tech, because governments are having to shift away from mass surveillance and towards more targeted surveillance. In short, services such as ProtonMail are doing exactly what they were designed to do, which is raising barriers to large scale mass surveillance.

Our initial analysis into the Wikileaks CIA documents can be found below. Questions can be directed to media@protonmail.ch. If you would like to start benefiting from secure email, you can get a free ProtonMail account here.

Best Regards,
The ProtonMail Team

ProtonMail Analysis of Wikileaks CIA Documents

 

#Vault7 in a sentence: It is a leak about the CIA’s hacking arsenal used against foreign governments and citizens both domestically and abroad.

Name of the database: Vault7. It is the first part in a series of leaks titled Year Zero.

Origin: Allegedly from the CIA’s Center for Cyber Intelligence unit in Langley, Virginia USA

Volume: 7,818 web pages with 943 attachments. According to Wikileaks, the entire archive of CIA material consists of several hundred million lines of computer code. Estimated to be bigger than the Snowden leaks (unconfirmed).

Dates of documents: from the time Snowden left the intelligence community till 2016. 2013-2016.

Intention: the source of the information told WikiLeaks in a statement that they wish to initiate a public debate about the “security, creation, use, proliferation and democratic control of cyber weapons.”

How is it different from the Snowden leaks: Snowden leaks exposed the NSA and its techniques of blanket surveillance on citizens and governments around the world. Vault7, on the other hand, exposes the CIA and what technologies it uses in cyber warfare against foreign governments as well as against targeted individuals.

What did we learn so far?

As we are examining the documents, we have identified that the leak concerns the CIA and what cyber weapons it uses. Over the next weeks we will continue to verify and update the information. Below is what we know so far about the programs used by the CIA, legality of the operations, and what this means for your privacy and security.

Germany is the CIA’s European Spybase

It was disclosed that the American consulate in Frankfurt is the main base for CIA hackers in Europe. This certainly raises some interesting questions, because it is highly unlikely that the CIA could run a major spy operation out of Frankfurt without German authorities being aware of it. Although it is not confirmed (and likely never will be), it is most probable that German authorities were in on it, and perhaps even actively participating as part of the Fourteen-Eyes program. It does call in question whether it is appropriate for a EU member state to authorize spying of EU citizens by a foreign power.

Programs used by the CIA

Weeping Angel – It is a program that transforms the microphones of smart TVs into surveillance tools. By manipulating the hardware, CIA hackers are able to turn on people’s smart TVs and listen to users’ conversations. In effect, Weeping Angel transforms smart TVs into bugs.

Our team quickly drew parallels between Weeping Angel and other surveillance tools described by Snowden. Weeping Angel is a technique that bears close resemblance to Nosey Smurf, a tool used by UK’s GCHQ to turn on a phone’s microphone and use it for audio surveillance. While Tracker Smurf – is a geo-location tool that offers a more accurate method of locating a phone and its carrier than using triangulation.

Zero day – Refers to a general type of vulnerability used by the CIA against any adversary’s device. WikiLeaks reports that Zero Day have been primarily used against companies in industrial espionage. In 2013, Snowden, also, revealed that the NSA was committing industrial espionage against Brazilian, Russian and European oil companies, banks, airlines and trade delegations. According to Vault7, the program produced over “a thousand hacking systems, trojans, viruses, and other “weaponized” malware.”

Hive is a multi-platform CIA malware suite that can be specifically utilized against states. “The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.”

There are many parallels between Hive and Zero Day and the 2010 Stuxnet virus that attacked and infected the Iranian Nuclear program. Although no state took responsibility for the attack in 2010, Stuxnet has been linked by political pundits to American and Israeli surveillance and intelligence agencies due to its degree of sophistication.

Hacking mobiles

Vault7 also reveals that the CIA has developed advanced capabilities for hacking mobile phones. The leaks show that the agency developed and used its tool to primarily control mobile phones and then extract data from them.

CIA’s Mobile Development Branch produces malware to pull data from iPhones and other Apple products running iOS, such as iPads. MDB also targets Android OS which is a much popular system than iOS and is the default operating system for the majority of smartphones including Sony, Samsung and Google Pixel. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

Framing other governments

We were alarmed by the discovery of a tool that allows the CIA to potentially frame foreign governments for its cyber warfare acts. It works as follows. Imagine that each government or a hacking group has its own signature move or malicious software or a combination of both that it uses to attack its targets. After a while, whenever an attack occurs, it can be linked to to group based on that fingerprint.

WikiLeaks reports that a program ran by its Remote Devices Branch called UMBRAGE “collects and stores an extensive library of attack techniques”. According to Vault7, amassed techniques include those that are frequently used by Russia. 

Some of the techniques currently at CIA’s disposal via UMBRAGE include: keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Vault7 reveals that the CIA has also produced rules on how its malware should be hidden when deployed to avoid any fingerprints leading back to the US or the agency.

Was this legal?

Preliminary findings reveal that the CIA had known about and enhanced the dissemination of these tools. In fact, according to WikiLeaks, the agency wanted the programs to be legal so that agents or CIA sponsored hackers can operate with full impunity.

According to Vault7, if ‘CIA software was classified then officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. As a result- “the CIA has secretly made most of its cyber spying/war code unclassified”. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber ‘arms’ manufacturers and computer hackers can freely “pirate” these ‘weapons’ if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secret.

Why is this critical?

While we are still mapping the dangers of such findings and capabilities, some conclusions are clear.

  • The CIA can frame other governments

By using Hive and zero days, the US can wage a cyber attack against a nation state while purposefully leaving behind a trace that leads to another state. As governments around the world migrate their infrastructure control to cyber space – any cyber attack can have a devastating effect if targeted against hospitals, power plants or telecommunications providers.

  • CIA backdoors can be exploited by others

When the CIA undermines a service or a device, it creates the backdoor that can be abused by other parties. With the agency’s newly revealed tools, everything people do or say around their phones and TV’s can create a very revealing and intimate picture of people’s lives.

ProtonMail is funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

About the Author

Andy Yen

Andy is the Co-Founder of ProtonMail. He is a long time advocate of privacy rights and has spoken around the world about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about ProtonMail's mission.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

28 comments on “Wikileaks CIA Files – What this means for Internet security and encryption

  • “Attacking end-user devices” and “large scale mass surveillance” are by no means opposites. On the contrary: the strategic goal is in fact “automated large scale end-user device mass surveillance”, NOT old-fashioned targeted attacks on individual end-user devices.

    In other words: no matter whether you buy and use a device or software from Apple, Samsung, Microsoft or whomever, it is going to be an “NSA-compatible device”: you could have bought it just as well straight from Fort Meade.

    And don’t forget: by tapping your online social and search queries, the NSA not only knows what you do, but even what you THINK. If you got the wrong thoughts, you are listed. It is called precrime, my friends. Eh, what are you thinking right now…?

    Reply
    • Luckily there are 320,000,000 million people in the United States and you and I are just one. The government would have to employ the entire population of Canada in order to filter out and find things in our daily interactions in which to go after. Meaning, mass surveillance is simply a tool used to focus on people they’ve already identified. Don’t get on their radar in the first place and you’re fine.

      Reply
      • nope. Mass surveillance is not “simply a tool used to focus on people they’ve already identified”. It’s a tool used to control whole populations and economies.

        And btw, having written a comment on here, YOU already are on their radar. Good luck.

        Reply
        • The use AI to filter potential suspects. You will have to use sensitive keywords such as bombs, how to make bombs and where to buy nitrogen, how to process nitrogen from fertilizer and etc to be on their radar.

          Reply
  • I did not know hive & umbrage , so i learned something reading your article & i disagree on some sentences but it is not important (…authorize spying of EU citizens…operate with full impunity… e.g).
    Should it be a good strategy or running toward the right way to demand a free (gratis) access at internet & hardware without backdoor ?
    These revelations are a lot very old but the evidence is done ; it is not anymore opinions, point of view or discreet words between closed friends.

    Reply
  • “the core cryptographic algorithms and techniques used by ProtonMail and other encrypted services remain secure.”

    Simply because there was nothing about e2ee being compromised in the leaks does not mean the encryption algorithms you employ are not susceptible to other exploits unbeknownst to us and used by the CIA. Of course still use e2ee, but be careful how you claim that it remains secure when the recent Wikileaks revelations alone do not allow for you to reasonably claim as such.

    Reply
    • yup, agreed. that’s why it’s a 0-day. only one part of the system has to be broken for an entire system to be broken anyway. our current encryption is broken regardless of what people are saying, that’s why the big push for quantum encryption. and den, what good is your 100 character password if i own the text box you type it into?

      Reply
  • “These advanced malwares” – it would be nice if someone writes about how to remove these malware from our routers/computers. It’s not much about an organization, but an ability of a random school boy from China or Russia to get an instant access to anything.

    Reply
  • “These advanced malwares” – is it possible to remove these malware from our routers/computers? If so, please write a tutorial.

    Reply
    • there are a lot of how-to on the net for this purpose ; ask, read reviews & blogs about that:
      – router : you must choose carefully yours , some of these provide different features like set dns/firewall/firmware/encryption.
      – computer : avoid all operating system/computer/laptop/cellphone/iphone/tablet/tv which the brand is well known to be infiltrated.
      – prudence : verify when you buy one (computer) if it is not yet registered as owner/admin by the shop/hypermarket/supermarket – turn off wake on lan if you do not use it – avoid wifi/bluetooth keyboard/mouse (some provide encryption) especially if it is a new gadget not yet tested by the users.

      “an ability of a random school boy from China or Russia to get an instant access to anything” vs “an organization” ? afaik, as soon as you are the owner/admin of your computer you must know, learn, understand the danger of internet : as (unknown)user , you are targeted more rarely from a china or russia boy/girl than an by an organization.
      “These advanced malwares” avoid exotic device, foss not audited, and tweak your o.s.

      Reply
  • The CIA will get in the most trouble for spying on ordinary Americans.

    The Vault 7 release states there were 22,000 American IP addresses spied on. Some of those will be American citizens. Some Americans will have been spied on for political purposes only. THAT is the pressure point the CIA will be most afraid of.

    Wikileaks lawyers need to select a class action law firm to examine the American IP addresses, and get the matter into a court of law with American plaintiffs who have been spied on by the CIA.

    If the matter can be drawn out in court, the CIA’s budget could be cut by a third.

    Reply
  • Encryption does not have to be broken if the system is compromised. If I can watch you access it as though I were there, what does encryption do for you? I’m not saying that every attempt to secure a system shouldn’t be made, I’m just saying that if the system was broken before you even installed it… see where I’m going? Of course, anything can be hacked. If your system utilizes SoCs with embedded back doors, what good is a checksum in that situation? Your machine could be woken on lan without you knowing that it’s on.

    Reply
  • i would like inform you that european union allow you to obtain the circuit diagram of the device you buy making a request : -printed circuit board/electronic circuit/- A circuit diagram (electrical diagram, elementary diagram, electronic schematic) is a graphical representation of an electrical circuit. A pictorial circuit diagram uses simple images of components, while a schematic diagram shows the components and interconnections of the circuit using standardized symbolic representations.).
    i obtain one of my tv (usually the diagram is included also when you buy a radio) but where are the diagram of our computer/laptop/cellphone:tablet /usb device ?
    i mean that you could find some component undefined, not clear, implemented without real clear purpose and sometimes , the circuit board contains empty or broken electronic component (yes empty ! yes broken/cut !).
    i think european union could at least verified that the product sold are conformed at their own rules:laws lol.

    Reply
  • Dear Andy,

    I appreciate the current update, my apologies from not responding sooner. I was asked to be the President of the United Nations, but I serve Almighty YHWH and the people, not ONE WORLD ORDER. I appreciate their offer, but I then become limited, if I lean in that direction.

    I have presented many with a REAL SERAPHIM presented by Almighty YHWH, the another responsible for the Real Yah’Shua, etc… meaning that the Ecumenical System under Pope Francis that is dead in spirit, this will be cleaned up by Yah’Shua as we read in Revelation 16:16 – Magiddo.

    If we consider the SOURCE of CIA hidden agenda comes from Mount Hermon compliments of azazel that dates back pre flood, this allows us to have insight into why various parties set themselves up near Mount Hermon Israel.

    One must consider the coming TEMPLE OF RUACH HAKODESH not made with the hands of man, its huge, it will cover 3,000 square Kilometres upon the LAND OF OPHIR you know a Commonwealth of Australia being a Military Vessel. I take the men up each Friday Sundown the beginning of Sabbath to Boat Mount named after Noah for PRAYER, we open the gates, then on Saturday Sundown we close them.

    If we consider 4 levels of the ADMINISTRATION – GOVERNMENT, it begins with a BAPHOMETS, JESUITS, ILLUMINATI and MASONS, this is the agenda that Donald Trump faces, here in Australia the Honourable George Brandis has been confronted as to the STRUCTURE he allows OFFICIAL CORRUPTED to enter into the ATTORNEY GENERALS OFFICE, thus via the Courts, Transport, etc… to follow his lead and where the ADMINISTRATION protects such corruption. How do I know this, I started the FITZGERALD INQUIRY that exposed MENA CONNECTIONS that involves INTERNATIONAL CORRUPTION, hence why Queensland Government changed the trading names of many Business Houses, also allows the DUMBING DOWN OF EDUCATION, Chemicals Dumps, etc… then also links into the term SUSTAINABLE DEVELOPMENT run by UNISCO, in reality called DEPOPULATION, yes this effects HUMANITY.

    If you consider various trading houses that functions upon MARITIME LAW – GUILTY UNTIL PROVEN INNOCENT, placed into the courts, etc… if one wants to plead innocent, then the support is limited, meaning Business Houses are set up pretending to be LAWFUL, but in REALITY unlawful designed to collect shekels to pay off the investors, thus for the investors to make shekels, the innocent are railroaded & treated like cattle – vermon, the term RESPECT & LOVE is not on their agenda, these are called ACTS OF BASTARDY, they hate COMMON LAW via Legal Maxims that gives a Human Being Rights by LAW.

    If we consider the term TAXES created by a MILITARY VESSEL upon Dry Dock, they claim to require funds to repair their vessels that fell apart long ago. Commonwealth of Australia being a Military Vessel comes under the Barracks Act of 1850, known as the SCOTTISH RITE, this is hidden from the people, then we have those responsible for removing evidence that dates back to Abraham that confirms the land I am writing from comes under Abraham is the land of OPHIR.

    I am not in judgement, just providing the facts for your attention, if we consider CROWN CORPORATION OF LONDON being a MILITARY VESSEL, thus created another Military Vessel called United States of America, aboard that Military Vessel we have the United States Security Exchange Commission, where all other Military Vessels are registered known as the SEA OF COMMERCE.

    If you consider your motor vehicle, you don’t own it, the corporation does, in order to drive their vehicle, you need their license, this is why it is called a PRIVILEGE, not a right. The ADMINISTRATION is designed to create SLAVES known as HUMAN BEINGS, thus if we come back to ALMIGHTY YHWH who created first Yah’Shua in in the SHAMAYIM – Kingdom of Heaven, long before the world was every formed, the influence of azazel upon Mount Hermon is the cause & effect of GLOBALLY CONFLICT, yes just one entity, it is not human, this is why Yah’Shua cast demons into the pigs, so they would not be destroyed, to teach others how to deal with things unseen in the right manner, ensuring that LOVE & RESPECT is maintained for all HUMAN BEINGS.

    I have share this with you as I care about PEOPLE, thus when dealing with the FALLEN ONES, this is how INFLUENCE comes into being, people are deceived, as was Adam and Eve pre flood, nothing new at all, as we have experience with deliverance seeing people be free from such things, seeing people healed, etc…

    I leave this with you to consider the overall perspective, shalom.

    HRH Dr Bishop Chris Kember

    Reply
    • > the post above from dr ‘doolittle’, fun post is not it ?
      … after the second sentence i wondered if it should not be better with picture …
      all private message should have to be encrypted and send discreetly not post publicly on a blog.
      question : is Andy Yen an israeli guy or a member of this ‘gay-church’ ?

      Reply
  • Once upon a time (as all good stories start…) I built my own Linux systems from scratch using the commonly and openly available source codes downloaded from the internet. I meticulously downloaded the checksums from a trusted source and checked the files to ensure they had not been tampered with, by for instance, a man-in-the-middle attack. And I felt secure that my servers and desktops were not infiltrated.
    All for nothing! The back-doors were probably all in the code from the beginning.

    Here in the UK, the British Misgovernment (who run GCHQ with money they steal from me) is constantly giving itself new powers of surveillance. They do it, they say, to protect us from terrorism and serious crime – and actually I believe their motives. But like CCTV surveillance before it, it will ALWAYS get used for political uses and mundane law enforcement – like vehicle parking offences, and putting the wrong item in the recycling – and for political uses like dishing dirt on political opponents thereby corrupting democracy.

    I have often said before that if you dress a policeman in Body Armour and give him a Stun-Gun you get a Storm Trooper, not a Public Guardian. This is the same thing! Allowing mass surveillance without specific warrant of a court with due process is dressing the surveillance team as Storm Troopers, and that is how they will behave.

    Reply
    • Why the code should be corrupted by a backdoor or someone should be responsible (from scratch=yourself – check/dev/gpg/contact) ?
      … so : mismatch !
      You know, against a body armor, you have a bullet anti-body armor :
      … so : mismatch !
      Looking at the same subject in another place, another period, you could compare at the police in new-york e.g : it is private team paid by private funds for confidential goals ; you are speaking about an european union policy still active in u.k with the support of a u.s.a. anti-terrorism influence :
      … so : mismatch !
      Using a warrant (a ‘legal’ democratic way to spoil you life with your agreement) has nothing to do with a mass surveillance in u.k. ; that is good for u.s.a. doe not run smoothly in another countries or structures :
      … so : mismatch !
      Mass surveillance in the u.k is a particular subject – it is serving very dark purposes from spying nuclear fission to how to choose the right target (or the wrong) :
      … so : mismatch !
      Now if you are not respected as citizen, it is coming from thatcher period (5 millions in the misery during 15 years) ; this dirty female created a virtual social-class who is working in the city -protected- and the label of an ‘exposed_invisible’ native people who is living a real live without to be included in the nation.
      Does Mass surveillance is the weapon, the tool, the help from abroad and on the ground, inside the territory, by dressing policemen in Body Armor, the step of a hidden plot that a government regulated speaking publicly of democracy in the indecent goal to obtain all for himself (and for the banks) and nothing for the british citizen ?
      … so : match !
      Are they reserving the english language, civilization for themselves like they cut the heads and the tongues in the old times ?
      if yes the mass surveillance is another mechanic oppression from a e.u. tyranny and the u.s censorship is dressing on body armor : this modern police force costs a lot for a doubtful result.
      Wikileaks cia files are learning us that it is very sophisticated strategy.
      But the Brexit is coming slowly and you have the rare opportunity to built your own from scratch : be active, you are listened, read and your opinions & point of views are very important _ all that you are doing is becoming an incredible source to follow the right way defending your rights.

      Reply
      • Thank you.
        Looking carefully at the way you use my English language, I deduce that you are Slavonic speaker, probably Russian. I don’t think President Putin is any better or worse than Mrs May, in fact I like him a lot more. But I’ll lay bets that anything GCHQ and the NSA/CIA are doing, the Russian State Security are doing too; ditto Mossad, ditto the Chinese.
        The only safety is to take action yourself, understand the technology, and find ways, like TOR and ProtonVPN/Mail to strike back.
        Thomas Jefferson, an American Father and Constitutionalist, said famously (quoting from memory): The Tree of Liberty needs feeding with the blood of patriots.
        We all must consider how much we are prepared to spend to stand up for our internet freedoms.

        Reply
        • # in few weeks , the brexit will begin ; you should write publicly every where you can all the ideas that you want apply for building the great britain : yours. It is a rare opportunity ; do not miss it !

          hmm… The path of a glory war is for a real one, digital rights are in a virtual space. I do not care of jefferson : like a lot of cowards and fellows of the organized crime he repeats and steals the gold clothes of the heroes . Do the us male&female live their culture, country, future in a positive, constructive way with morality & education or are they fake citizens ? how many of them are intellectual deficiency / handicapped in percentage ?
          hmm… i am not at all certain that people from european union & brexit do wish a democracy, a republic, liberty or freedom …
          hmm… gchq,nsa,cia,russian,mossad,chinese do not do the same.

          The internet freedom is a matter of the model you build for the future ; the reason is clear : you have not it now you will not have it tomorrow.
          Very Important Person think that it must be included in a business plan like a toy for kids and it is not because they are stupid that they are wrong. Maybe privacy and encryption will become an option on anti-virus software.
          A very bad rumor was running during a long time after the war : intelligence hides his devil plan using encryption tool so, internet security cannot be achieved taking this way.
          Wikileaks cia files show us that since 70 years someone, somewhere built his fortune & standings with your secrets.
          It is the time to understand that encryption is a solid rock that you can trust : that’s yours stays protected.

          Reply
  • I’d really like to hear what you guys at Protonmail use for device security. I’ve read through some of the leaked file and Symantec is not mentioned at all which concerns me as to whether an agreement is in place between them and the US Government regarding passing on data. This latest leak makes it clear device security itself needs to be key and the security vendors need to use these code snipets to scan public machines to see if the tools have been widely used and to then defend against them.

    Reply
  • In newer Samsung devices there is the option to run apps inside a “security folder”. Is this helping in any way to defend against the tactics outlined in the Wikileaks files?

    Reply
  • Yesterday, in a Belgian newspaper there was an interview with the head of the Belgian intelligence department. He said that we could never get as professional as the Germans because their budget is a lot higher. Then he stated that the Germans invested a huge amount of money to crack the Signal encryption. So, according to his words it has been broken or will be broken soon.

    Reply
    • afaik – and it is written above in the article on this blog – it is not broken and will not be soon.
      mathematics rules are stronger than a belgian newspaper and even than the head (are you sure that he did not speak about his feet ?) of the belgian intelligence departement : germans are not able to success this challenge even with a huge amount of money (are you sure that germans did not speak investment in frankfurt ?).
      Vulnerabilities or bugs , and models or brands are every day a new approach for a better privacy protected by a best encryption process/protocol … it is something like a race between technical trouble & a basic right.
      I suppose that innovation & democratic choice will give an answer at your question : can we break encryption with a lot of money ?
      It is too soon for affirming or have doubt about encryption ; i have not any = trust.
      Even with the usage/help of a quantum computer , you could not : the poor mind will tell you that is a modern brute force attack but if you read carefully the doc (rare) you will understand easily that it implies a new infrastructure , a new computer, a new internet : no , it is not yet for tomorrow.

      Reply