DOCSLIB.ORG

(In-)Secure Messaging with the Silent Circle Instant Messaging Protocol

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

(In-)Secure messaging with the Silent Circle instant messaging protocol Sebastian R. Verschoor Tanja Lange David R. Chariton School of Computer Science Department of Mathematics and Computer and Institute for Quantum Computing, Science, Technische Universiteit Eindhoven University of Waterloo [email protected] [email protected] ABSTRACT 1.1 History of SCimp Silent Text, the instant messaging application by the com- Silent Text uses XMPP for transportation and adds a pany Silent Circle, provides its users with end-to-end en- crypto layer to generate shared keys between communicating crypted communication on the Blackphone and other smart- parties. Messages are passed (and temporarily stored if nec- phones. The underlying protocol, SCimp, has received many essary) by Silent Circle's server. Instead of deploying OTR, extensions during the update to version 2, but has not been the Off-The-Record protocol [6] by Borisov, Goldberg and subjected to critical review from the cryptographic commu- Brewer, Silent Circle started from SecureSMS, introduced nity. In this paper, we analyze both the design and imple- in Belvin's masters' thesis [3], and adapted it to the XMPP mentation of SCimp by inspection of the documentation (to setting. The resulting protocol by Moscaritolo, Belvin, and the extent it exists) and code. Many of the security prop- Zimmermann from 2012 is called SCimp: \Silent Circle in- erties of SCimp version 1 are found to be secure, however stant messaging protocol". SCimp is described on Silent Cir- many of the extensions contain vulnerabilities and the im- cle's web page [24] and in a white paper [21]; some source plementation contains bugs that affect the overall security. code and explanations are available on GitHub. In 2014 These problems were fed back to the SCimp maintainers Silent Text 2.0 was rolled out [20] \to improve the security and some bugs were fixed in the code base. In Septem- and refine the user experience of our customers". This up- ber 2015, Silent Circle replaced SCimp with a new protocol date changes how parties provide keys, most importantly it based on the Signal Protocol. allows Alice to start a communication with an offline Bob, and added functionalities for group messaging and encrypted Keywords file storage. SCimp, Silent Circle, Instant Messaging Protocol 1.2 Advertised security properties 1. INTRODUCTION SCimp is designed to provide end-to-end encryption in such a way that no intermediary|such as the Silent Circle Blackphone by Silent Circle is an Android-based smart server|needs to be trusted in order for the communication phone running the Silent OS operating system, with cur- to be secure. SCimp supports erasure of old keys, so that rent versions (Blackphone 2) selling at a hefty 799 USD. a potential device compromise does not leak old messages The phone promises its users higher security and privacy: (which is also known as forward secrecy), by updating the \Blackphone puts privacy first". The Blackphone 1, costing encryption key for every message and rekeying every once more than 600 USD, was rolled out in summer 2014 and in a while. The protocol allows for deniability of all com- came with service subscriptions for encrypted phone (Silent munication, which means that nobody, including the users Phone) and chat (Silent Text). Silent Circle's \Products and Alice and Bob themselves, can provide any proof to con- Solutions" page [25] advertised Silent Text as vince a third party about what was said over SCimp or even Share unlimited encrypted texts on any Silent provide any proof that a conversation took place in the first OS, iOS or Android device. Use the burn feature place. The last important property of SCimp is that it pro- to set messages to automatically self-destruct af- vides future secrecy through key continuity: an attacker ter a set time period. Silent Text also offers that compromises key material shared between users, but secure file transfers of up to 100MB and voice misses the opportunity to set up a man-in-the-middle at- memo functionality. tack during rekeying, cannot decrypt future messages. This Silent Text was available for free on Apple's App store (since property is advertised as the \self-healing property". 2012) and on Google Play (since 2013) but users needed to buy a subscription for using the servers, with prices starting 1.3 Results at 9.95 USD per month. Given these prices one could expect SCimp version 2 was in use since May 2014 [20], but the some security analysis of the services, but only after an in- details have only been released in August 2015 [27], and then tense online discussion, started by Zooko Wilcox-O'Hearn's only upon our request. Our paper shows that the update in- open letter to Phil Zimmermann and Jon Callas [31], did troduced new vulnerabilities, most remarkably that a man- Silent Circle post source code for Silent Text for iOS on in-the middle attacker Eve can arbitrarily delay authenti- GitHub [27] allowing inspection of their code base. We are cation between Alice and Bob and thus remain undetected. not aware of any public analysis of SCimp. Eve can also easily interrupt communications and force a new key exchange, which she then can man-in-the-middle. SCimp modes: PubKey mode and Symmetric mode. This interruption also destroys the advertised self-healing property of key continuity (version 1 and 2). 2.1 Key negotiation Due to the insufficient level of documentation (or close Alice and Bob are both registered by their XMPP ad- to none in the case of SCimp version 2), code review was dresses: A = \[email protected]/blackphone" and B = necessary, though tedious. The implementation of SCimp \[email protected]/android". Without loss of generality, provided on GitHub had several implementation errors, in- we assume that Alice initiates the key negotiation with Bob. cluding cryptographic errors. The SCimp version 2 imple- It is not specified how Alice and Bob learn each others mentation defines a state machine that leaves the protocol XMPP addresses. Alice needs to know the address (B0), to vulnerable to an undetectable man-in-the-middle attack. In which she wants to send a message. When Bob receives the addition, the way the state machine is often bypassed in first message, he can extract the sender address (A0) from the code leaves the implementation vulnerable to another the stanza. For the analysis, we assume that these addresses man-in-the-middle attack. are not authenticated, meaning that Alice does not know if B0 = B and Bob does not know if A0 = A. 1.4 Disclosure and updates The initial key negotiation is basically an ephemeral elliptic- Throughout this study we have communicated with Jon curve Diffie-Hellman key exchange (ECDHE) with a subse- Callas and Vinnie Moscaritolo from Silent Circle. In Septem- quent confirmation of knowledge of the derived shared se- ber 2015, Silent Circle announced [26] that they will stop cret. It consists of four messages: Silent Text on September 28 and change to a messaging ap- plication integrated with an updated Silent Phone app which 1. Alice commits to her public DH key in the Commit would be based on the Signal Protocol [13]. Jon Callas con- message. firmed that we may say that our analysis motivated their decision to switch. The switch takes care of most of our 2. Bob sends his public DH key in the DH1 message. concerns reported in Section3 and Section5, and possibly (but not necessarily) Section4. 3. Alice opens her commitment and confirms knowledge of the shared secret in the DH2 message. 2. PROTOCOL DESCRIPTION 4. Bob confirms knowledge of the shared secret in the This section presents the SCimp protocol and explains the Confirm message. design rationale. We base our analysis on the Silent Circle documentation provided in [21] and [19]. A comparison with The key negotiation is depicted in Figure1, with some the code|showing several inconsistencies|is given in Sec- details omitted for brevity. tion5. The reason for the high level of detail in the protocol description is that the official documentation lacks the re- 2.1.1. Commit. Alice, as initiator, starts by computing quired details for proper cryptographic analysis. an ephemeral secret key for her DH key pair, which is a SCimp version 1 has two modes of which one, basic Diffie- random key ska. She computes the public key of her DH Hellman (DH) mode, provides encryption. Users do not have key pair pka = skaG, where G is a fixed base point on the 1 certified long-term keys. The protocol uses an ephemeral elliptic curve. Alice commits to point pka by computing DH key exchange (explained in Section 2.1) to establish a hash(pka), where hash is a hash function. shared key between two devices. After key negotiation, users If Alice and Bob have negotiated keys before, they share need to verify the identity of the other party by confirming a a cached secret (cs). They use this value in subsequent key short authentication string (SAS) out-of-band. Sessions are negotiations in order to authenticate to each other. When not time limited, so for enhanced security, the users period- they do not yet have a shared cs, they substitute cs with ically need to renegotiate their keys, which is explained in a random value and skip the corresponding validations and Section 2.2. SCimp uses the derived keys to perform authen- they authenticate later (see Section 2.1.5). ticated encryption to provide confidentiality and integrity of Alice proves knowledge of cs by sending hcsa: a Message the messages, as explained in Section 2.3. Authentication Code (MAC) using cs as the key.
Recommended publications
  • Group Messaging for Secure Asynchronous Collaboration

    Group Messaging for Secure Asynchronous Collaboration

    Group Messaging for Secure Asynchronous Collaboration Matthew A. Weidner Churchill College A dissertation submitted to the University of Cambridge in partial fulfilment of the requirements for the degree of Master of Philosophy in Advanced Computer Science University of Cambridge Computer Laboratory William Gates Building 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom Email: [email protected] June 6, 2019 Declaration of originality I, Matthew A. Weidner of Churchill College, being a candidate for the M.Phil in Advanced Computer Science, hereby declare that this report and the work described in it are my own work, unaided except as may be specified below, and that the report does not contain material that has already been used to any substantial extent for a comparable purpose. The word count excludes appendices. Signed: Date: This dissertation is copyright c 2019 Matthew A. Weidner. All trademarks used in this dissertation are hereby acknowledged. Acknowledgements I would like to thank my supervisors, Dr. Alastair Beresford and Dr. Martin Kleppmann, for their time and valuable input on this project throughout the year, including feedback on multiple drafts of this dissertation. I also thank Michael Dodson for providing feedback on a draft of Chapter 4. I was supported by a Churchill Scholarship from the Winston Churchill Foundation of the USA. Group Messaging for Secure Asynchronous Collaboration Abstract End-to-end encrypted applications improve users' privacy by making their data unread- able to anyone besides their intended recipients. In particular, their data is unreadable to application servers. Although end-to-end encryption is currently deployed only for messaging apps, recent academic work shows that it is possible to create end-to-end en- crypted asynchronous collaborative applications, like Google Docs but without a trusted server, by layering Conflict-free Replicated Data Types (CRDTs) on top of a secure group messaging protocol.
  • Crypto Projects That Might Not Suck

    Crypto Projects That Might Not Suck

    Crypto Projects that Might not Suck Steve Weis PrivateCore ! http://bit.ly/CryptoMightNotSuck #CryptoMightNotSuck Today’s Talk ! • Goal was to learn about new projects and who is working on them. ! • Projects marked with ☢ are experimental or are relatively new. ! • Tried to cite project owners or main contributors; sorry for omissions. ! Methodology • Unscientific survey of projects from Twitter and mailing lists ! • Excluded closed source projects & crypto currencies ! • Stats: • 1300 pageviews on submission form • 110 total nominations • 89 unique nominations • 32 mentioned today The People’s Choice • Open Whisper Systems: https://whispersystems.org/ • Moxie Marlinspike (@moxie) & open source community • Acquired by Twitter 2011 ! • TextSecure: Encrypt your texts and chat messages for Android • OTP-like forward security & Axolotl key racheting by @trevp__ • https://github.com/whispersystems/textsecure/ • RedPhone: Secure calling app for Android • ZRTP for key agreement, SRTP for call encryption • https://github.com/whispersystems/redphone/ Honorable Mention • ☢ Networking and Crypto Library (NaCl): http://nacl.cr.yp.to/ • Easy to use, high speed XSalsa20, Poly1305, Curve25519, etc • No dynamic memory allocation or data-dependent branches • DJ Bernstein (@hashbreaker), Tanja Lange (@hyperelliptic), Peter Schwabe (@cryptojedi) ! • ☢ libsodium: https://github.com/jedisct1/libsodium • Portable, cross-compatible NaCL • OpenDNS & Frank Denis (@jedisct1) The Old Standbys • Gnu Privacy Guard (GPG): https://www.gnupg.org/ • OpenSSH: http://www.openssh.com/
  • Encryption and Anonymity Follow-Up Report

    Encryption and Anonymity Follow-Up Report

    PALAIS DES NATIONS • 1211 GENEVA 10, SWITZERLAND www.ohchr.org • TEL: +41 22 917 9000 • FAX: +41 22 917 9008 • E-MAIL: [email protected] Mandate of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression Research Paper 1/2018 June 2018 Encryption and Anonymity follow-up report Contents I. INTRODUCTION ............................................................................................................................... 2 II. TRENDS IN STATE RESTRICTIONS ON ENCRYPTION AND ANONYMITY .............................. 3 A. An Overview of State Obligations ........................................................................................................... 3 B. State practice: examples and concerns ..................................................................................................... 4 (i) Bans on Use and Dissemination of Encryption Tools ......................................................................... 5 (ii) Licensing and Registration Requirements .......................................................................................... 5 (iii) Intentional Weakening of Encryption ................................................................................................ 5 (iv) Government Hacking ......................................................................................................................... 7 (v) Mandatory Data Localization and Key Escrows ................................................................................. 8 (vi)
  • Security Analysis of the Signal Protocol Student: Bc

    Security Analysis of the Signal Protocol Student: Bc

    ASSIGNMENT OF MASTER’S THESIS Title: Security Analysis of the Signal Protocol Student: Bc. Jan Rubín Supervisor: Ing. Josef Kokeš Study Programme: Informatics Study Branch: Computer Security Department: Department of Computer Systems Validity: Until the end of summer semester 2018/19 Instructions 1) Research the current instant messaging protocols, describe their properties, with a particular focus on security. 2) Describe the Signal protocol in detail, its usage, structure, and functionality. 3) Select parts of the protocol with a potential for security vulnerabilities. 4) Analyze these parts, particularly the adherence of their code to their documentation. 5) Discuss your findings. Formulate recommendations for the users. References Will be provided by the supervisor. prof. Ing. Róbert Lórencz, CSc. doc. RNDr. Ing. Marcel Jiřina, Ph.D. Head of Department Dean Prague January 27, 2018 Czech Technical University in Prague Faculty of Information Technology Department of Computer Systems Master’s thesis Security Analysis of the Signal Protocol Bc. Jan Rub´ın Supervisor: Ing. Josef Kokeˇs 1st May 2018 Acknowledgements First and foremost, I would like to express my sincere gratitude to my thesis supervisor, Ing. Josef Kokeˇs,for his guidance, engagement, extensive know- ledge, and willingness to meet at our countless consultations. I would also like to thank my brother, Tom´aˇsRub´ın,for proofreading my thesis. I cannot express enough gratitude towards my parents, Lenka and Jaroslav Rub´ınovi, who supported me both morally and financially through my whole studies. Last but not least, this thesis would not be possible without Anna who re- lentlessly supported me when I needed it most. Declaration I hereby declare that the presented thesis is my own work and that I have cited all sources of information in accordance with the Guideline for adhering to ethical principles when elaborating an academic final thesis.
  • How Secure Is Textsecure?

    How Secure Is Textsecure?

    How Secure is TextSecure? Tilman Frosch∗y, Christian Mainkay, Christoph Badery, Florian Bergsmay,Jorg¨ Schwenky, Thorsten Holzy ∗G DATA Advanced Analytics GmbH firstname.lastname @gdata.de f g yHorst Gortz¨ Institute for IT-Security Ruhr University Bochum firstname.lastname @rub.de f g Abstract—Instant Messaging has gained popularity by users without providing any kind of authentication. Today, many for both private and business communication as low-cost clients implement only client-to-server encryption via TLS, short message replacement on mobile devices. However, until although security mechanisms like Off the Record (OTR) recently, most mobile messaging apps did not protect confi- communication [3] or SCIMP [4] providing end-to-end con- dentiality or integrity of the messages. fidentiality and integrity are available. Press releases about mass surveillance performed by intelli- With the advent of smartphones, low-cost short-message gence services such as NSA and GCHQ motivated many people alternatives that use the data channel to communicate, to use alternative messaging solutions to preserve the security gained popularity. However, in the context of mobile ap- and privacy of their communication on the Internet. Initially plications, the assumption of classical instant messaging, fueled by Facebook’s acquisition of the hugely popular mobile for instance, that both parties are online at the time the messaging app WHATSAPP, alternatives claiming to provide conversation takes place, is no longer necessarily valid. secure communication experienced a significant increase of new Instead, the mobile context requires solutions that allow for users. asynchronous communication, where a party may be offline A messaging app that claims to provide secure instant for a prolonged time.
  • Is Bob Sending Mixed Signals?

    Is Bob Sending Mixed Signals?

    Is Bob Sending Mixed Signals? Michael Schliep Ian Kariniemi Nicholas Hopper University of Minnesota University of Minnesota University of Minnesota [email protected] [email protected] [email protected] ABSTRACT Demand for end-to-end secure messaging has been growing rapidly and companies have responded by releasing applications that imple- ment end-to-end secure messaging protocols. Signal and protocols based on Signal dominate the secure messaging applications. In this work we analyze conversational security properties provided by the Signal Android application against a variety of real world ad- versaries. We identify vulnerabilities that allow the Signal server to learn the contents of attachments, undetectably re-order and drop messages, and add and drop participants from group conversations. We then perform proof-of-concept attacks against the application to demonstrate the practicality of these vulnerabilities, and suggest mitigations that can detect our attacks. The main conclusion of our work is that we need to consider more than confidentiality and integrity of messages when designing future protocols. We also stress that protocols must protect against compromised servers and at a minimum implement a trust but verify model. 1 INTRODUCTION (a) Alice’s view of the conversa-(b) Bob’s view of the conversa- Recently many software developers and companies have been inte- tion. tion. grating end-to-end encrypted messaging protocols into their chat applications. Some applications implement a proprietary protocol, Figure 1: Speaker inconsistency in a conversation. such as Apple iMessage [1]; others, such as Cryptocat [7], imple- ment XMPP OMEMO [17]; but most implement the Signal protocol or a protocol based on Signal, including Open Whisper Systems’ caching.
  • Security & Privacy for Mobile Phones

    Security & Privacy for Mobile Phones

    Security & Privacy FOR Mobile Phones Carybé, Lucas Helfstein July 4, 2017 Instituto DE Matemática E Estatística - USP What IS security? • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; • That TRIES TO KEEP THE ABOVE PROMISES forever. Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; 1 • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; • That TRIES TO KEEP THE ABOVE PROMISES forever. Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; 1 • That TRIES TO KEEP THE ABOVE PROMISES forever. Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; 1 Security IS ... A System! • That ASSURES YOU THE INTEGRITY AND AUTHENTICITY OF AN INFORMATION AS WELL AS ITS authors; • That GRANTS THE INFORMATION YOU PROVIDE THE ASSURANCES above; • That ENSURES THAT EVERY INDIVIDUAL IN THIS SYSTEM KNOWS EACH other; • That TRIES TO KEEP THE ABOVE PROMISES forever. 1 Security IS ... A System! Eve | | | Alice "Hi" <---------------> "Hi" Bob 2 Security IS ... Cryptography! Eve | | | Alice "Hi" <----"*****"------> "Hi" Bob 3 Security IS ... Impossible! The ONLY TRULY SECURE SYSTEM IS ONE THAT IS POWERED off, CAST IN A BLOCK OF CONCRETE AND SEALED IN A lead-lined ROOM WITH ARMED GUARDS - AND EVEN THEN I HAVE MY doubts.
  • Modern End-To-End Encrypted Messaging for the Desktop

    Modern End-To-End Encrypted Messaging for the Desktop

    Die approbierte Originalversion dieser Diplom-/ Masterarbeit ist in der Hauptbibliothek der Tech- nischen Universität Wien aufgestellt und zugänglich. http://www.ub.tuwien.ac.at The approved original version of this diploma or master thesis is available at the main library of the Vienna University of Technology. http://www.ub.tuwien.ac.at/eng Modern End-to-End Encrypted Messaging for the Desktop DIPLOMARBEIT zur Erlangung des akademischen Grades Diplom-Ingenieur im Rahmen des Studiums Software Engineering and Internet Computing eingereicht von Richard Bayerle Matrikelnummer 1025259 an der Fakultät für Informatik der Technischen Universität Wien Betreuung: Privatdozent Dipl.Ing. Mag. Dr. Edgar Weippl Mitwirkung: Dr. Martin Schmiedecker Wien, 2. Oktober 2017 Richard Bayerle Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Modern End-to-End Encrypted Messaging for the Desktop DIPLOMA THESIS submitted in partial fulfillment of the requirements for the degree of Diplom-Ingenieur in Software Engineering and Internet Computing by Richard Bayerle Registration Number 1025259 to the Faculty of Informatics at the TU Wien Advisor: Privatdozent Dipl.Ing. Mag. Dr. Edgar Weippl Assistance: Dr. Martin Schmiedecker Vienna, 2nd October, 2017 Richard Bayerle Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Erklärung zur Verfassung der Arbeit Richard Bayerle Seestraße 67 78315 Radolfzell am Bodensee Deutschland Hiermit erkläre ich, dass ich diese Arbeit selbständig verfasst habe, dass ich die verwen- deten Quellen und Hilfsmittel vollständig angegeben habe und dass ich die Stellen der Arbeit – einschließlich Tabellen, Karten und Abbildungen –, die anderen Werken oder dem Internet im Wortlaut oder dem Sinn nach entnommen sind, auf jeden Fall unter Angabe der Quelle als Entlehnung kenntlich gemacht habe.
  • Message-Layer Encryption in Ricochet

    Message-Layer Encryption in Ricochet

    Message-Layer Encryption in Ricochet by Liam Kirsh Computer Science Department College of Engineering California Polytechnic State University 2017 Date submitted: 06/07/17 Advisor: Dr. Bruce DeBruhl Table of Contents Background.........................................................................................3 Project Goals.......................................................................................6 Stronger cryptography................................................................................................6 Support for relay nodes..............................................................................................6 Implementation...................................................................................7 Choice of cryptographic protocol...............................................................................7 GPGME cryptographic library...................................................................................8 Modifications to the Ricochet client........................................................................10 Future Improvements........................................................................10 Use of the Signal Protocol in Ricochet....................................................................10 Use of Off-the-Record Messaging in Ricochet........................................................11 Ephemerality in D-H................................................................................................11 Ricochet Relays........................................................................................................11
  • Obstacles to the Adoption of Secure Communication Tools

    Obstacles to the Adoption of Secure Communication Tools

    Obstacles to the Adoption of Secure Communication Tools Ruba Abu-Salma M. Angela Sasse Joseph Bonneau University College London, UK University College London, UK Stanford University & EFF, USA Anastasia Danilova Alena Naiakshina Matthew Smith University of Bonn, Germany University of Bonn, Germany University of Bonn, Germany Abstract—The computer security community has advocated Recent mobile phone-based secure communication tools widespread adoption of secure communication tools to counter have often been designed to hide security from the user com- mass surveillance. Several popular personal communication tools pletely (albeit at some security cost [1]). WhatsApp famously (e.g., WhatsApp, iMessage) have adopted end-to-end encryption, and many new tools (e.g., Signal, Telegram) have been launched deployed E2E encryption to approximately a billion users with security as a key selling point. However it remains unclear through a code update to its application for messages, voice if users understand what protection these tools offer, and if they calls and video communications [18], with only negligible value that protection. In this study, we interviewed 60 partici- changes to the user experience. Some other communication pants about their experience with different communication tools tools (e.g., Signal, Threema) have launched with security and their perceptions of the tools’ security properties. We found that the adoption of secure communication tools is hindered by as an explicit selling point, but they also hide nearly all fragmented user bases and incompatible tools. Furthermore, the cryptographic details. vast majority of participants did not understand the essential There are key differences in the security model of dif- concept of end-to-end encryption, limiting their motivation to ferent E2E-encrypted tools, in addition to a large gap in adopt secure tools.
  • Untraceable Links: Technology Tricks Used by Crooks to Cover Their Tracks

    Untraceable Links: Technology Tricks Used by Crooks to Cover Their Tracks

    UNTRACEABLE LINKS: TECHNOLOGY TRICKS USED BY CROOKS TO COVER THEIR TRACKS New mobile apps, underground networks, and crypto-phones are appearing daily. More sophisticated technologies such as mesh networks allow mobile devices to use public Wi-Fi to communicate from one device to another without ever using the cellular network or the Internet. Anonymous and encrypted email services are under development to evade government surveillance. Learn how these new technology capabilities are making anonymous communication easier for fraudsters and helping them cover their tracks. You will learn how to: Define mesh networks. Explain the way underground networks can provide untraceable email. Identify encrypted email services and how they work. WALT MANNING, CFE President Investigations MD Green Cove Springs, FL Walt Manning is the president of Investigations MD, a consulting firm that conducts research related to future crimes while also helping investigators market and develop their businesses. He has 35 years of experience in the fields of criminal justice, investigations, digital forensics, and e-discovery. He retired with the rank of lieutenant after a 20-year career with the Dallas Police Department. Manning is a contributing author to the Fraud Examiners Manual, which is the official training manual of the ACFE, and has articles published in Fraud Magazine, Police Computer Review, The Police Chief, and Information Systems Security, which is a prestigious journal in the computer security field. “Association of Certified Fraud Examiners,” “Certified Fraud Examiner,” “CFE,” “ACFE,” and the ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc. The contents of this paper may not be transmitted, re-published, modified, reproduced, distributed, copied, or sold without the prior consent of the author.
  • Open Whisper Systems Protocol

    Open Whisper Systems Protocol

    Open Whisper Systems Protocol Azotic or picayune, Walther never intermarries any butlerages! Logy Brewster predestinate luridly. Farcical and corneous Merv never break-ups spherically when Rajeev understocks his Java. If not, then it is famous with the encryption. In quick release, Open Whisper Systems released Signal and then versions for Android and the Chrome browser. On the lead hand, chatting apps started deploying encryption in as name of security. Group threads in open whisper systems protocol manager takes the table in two sessions are not? Sms needs of open whisper systems. Initial shared key of people, great track secret world, and propagated with some additional feature was that? This may result in bad UX. How much does the world, if you need for using the signal browser is latest blogs and implementation. Its code received a duplicate of passenger for the basic structure as cost as code quality which the Messenger service. It uses your mobile phone number can create an account fee can bypass be used to baby with other users having a Signal. Please try at later. His sense, he says, is determined make those protections possible for the average amount without much tech savvy. No spam, we promise. No access to open whisper systems protocol in hundreds of infrastructure and system of data that secure is a message transfer security analyses in person on. It is thought possible to delete an entire marital history. Signal protocol developed by open whisper systems project zero code strong as always focused on telegram account. Signal protocol implementation of open whisper systems was exchanged between them in my phone number to another piece of health, or decrypt a great if turned on.