Global Police Dismantle Encrypted Messaging App Used By Criminals (ft.com)
- Reference: 0175028729
- News link: https://it.slashdot.org/story/24/09/18/1838228/global-police-dismantle-encrypted-messaging-app-used-by-criminals
- Source link: https://www.ft.com/content/ce927443-fc93-4b88-adb3-2ed3cca8caa9
> Europol and law enforcement agencies from nine countries [1]dismantled Ghost
[2]non-paywalled source
, an online platform which used three different encryption standards and allowed users to destroy all messages by sending a specific code, Europol announced on Wednesday. The crackdown is the latest operation by international agencies to decode encrypted messaging services used by criminals to manage their international operations, following the takedown of platforms such as EncroChat and Sky ECC in recent years.>
> [...] McLean said Ghost was administered by a 32-year-old man from Australia, one of the operation's principal targets. As a result of the decryption operation, where officers broke the app's code so they could read users' messages, the death or injury of as many as 50 people could have been prevented, McLean said.
[1] https://www.ft.com/content/ce927443-fc93-4b88-adb3-2ed3cca8caa9
[2] https://www.politico.eu/article/police-ghost-encryption-app-drug-lords-mafia-europol/
Killer app (Score:1)
> As a result of the decryption operation,where officers broke the app's code so they could read users' messages, the death or injury of as many as 50 people could have been prevented
It's amazing how the writer of the story thinks the only way for people to communicate is one singular app.
Re: (Score:2)
> It's amazing how the writer of the story thinks the only way for people to communicate is one singular app.
Don't see how that follows. If they found out about a kidnapped person from the decrypt and rescued them, that's a life saved. If they listened in to a planned murder and arrested the murderer and the conspirator, that's a life saved. Other routes of communication irrelevant.
Re: (Score:1)
If you shut down cell phone service, how many lives would you save?
Re: (Score:1)
Yep. Life is risky, too. Just stay home in bed and think of the lives you could save.
Re: (Score:1)
Can I wear a mask like a Jain sadhu to lessen the chance of hurting insects?
Re: (Score:2)
RTFA... " Europol and law enforcement agencies from nine countries "
Back to PGP (Score:2)
I guess folks will go back to using PGP?
GPG, and I WISH they were going back to it. (Score:2)
Very few adopted PGP back in the day. A similarly narrow slice are in for GPG now. I can't understand why, [1]Mozilla Thunderbird [thunderbird.net] makes it pretty easy.
[1] https://www.thunderbird.net/
Re: (Score:1)
Few ever really used it and the ones that did probably had their passphrase keylogged by The Man at some point anyway. Don't rely on encryption for personal privacy if you know what's good for you. Don't use computers at all if you really want to increase your opsec.
Costing who, and how much? (Score:1)
I'll bet 50 people died for many more mundane reasons yesterday, like access to food, safe water, or effective housing. Or feeling and being alone.
But they want to feel self righteous... To judge someone else. And be paid well to do it by everyone else. Perpetuating their own delusion that 'they' (both the police and criminals) deserve what they get.
It's good to remember, illegal is not equivalent to immoral.
Re: (Score:1)
How many died from exploding pagers, all perfectly legal?
Re: (Score:1)
Right on. Good points, even though few will recognize them. People have fucked up priorities.
Uncomfortable pattern (Score:2)
Between this and Telegraph CEO being arrested in france, it looks like even though the underlying encryption and program isn't illegal, offering E2E services soon will be, or at least, unlicensed networks operating independently of The State
Re: (Score:1)
Is it any wonder no one want to bring kids into this world?
Re: (Score:1)
Exactly. Plus, if that doesn't work they can just get you for communicating misinformation without a license, wait... that's not illegal? Okay, I really meant hmm, uhh, kiddie porn! Yeah that's it!
The minute you share a resource someone can use for CSAM, they can always just get a criminal informant to use your network then turn state's evidence. This provides a huge retarding factor to the growth of any private non-commercial non-government networks.
Re: I wonder.. (Score:2)
If Ukraine had paid an assassin, Trump would be dead. I mean Kennedy was killed inside a driving car. More likely Putin paid someone to miss so Trump would get more votes.
Crypto done by amateurs (Score:2)
50 criminals only? There have been previous cases where they found thousands. To the point where the UK police had no chance following up on everything.
The first case was the providers update server being hacked, so criminals downloaded a version that was hacked by police. The second one, the NSA actually hired someone to write the application and managed to distribute it. No hacking involved; sending all your messages to the police was not a bug but a feature.
Re: (Score:1)
How did they know Ghost was used to kill 50 people? Did they have a pre-existing backdoor? Was the software compromised or did it use weak encryption? Also, if not, is encryption itself outlawed now? I think I should make an encryption software with E2E encryption that works like email. Host your own accounts, private keys, public keys, and DNS records to find the hosting server. No need for a centralized platform.
Re: (Score:2)
> Was the software compromised or did it use weak encryption?
In previous cases, NSA and GCHQ made sure that they didn't do any decryption. Instead the message was sent in the clear to the police, and then in encrypted form to the intended receiver.
That was done to get around loopholes where someone might claim that decrypting their messages was illegal and decrypted messages could not be used as evidence. The police received messages that had not been enrypted yet.
Re: (Score:1)
I run a private XMPP server and use SSL only. It's not what I'd call fort-knox secure, but it's all running on my own hardware and I approve and setup each client. It's just for my friends and family, but it does work for the purpose of keeping people from causally hacking and viewing my IM's. I've considered putting OTR over the top of all that, too, but I don't want to limit the types of clients I can take on.
Re: (Score:2)
not 50 criminals only. 50 people who were being targetted by criminals, criminals caught up in this number in the thousands.
Re: (Score:1)
In how many of those cases did they jump to conclusions? How many false positives are there?