[HN Gopher] Belgian Police Say They Decrypted Half a Billion 'Sk...
___________________________________________________________________
Belgian Police Say They Decrypted Half a Billion 'Sky' Messages
Author : wglb
Score : 42 points
Date : 2021-03-15 16:56 UTC (1 days ago)
(HTM) web link (www.vice.com)
(TXT) w3m dump (www.vice.com)
| toyg wrote:
| Surely this is not a smart move from authorities? The whole point
| of having these capabilities is to not advertise them until
| extremely necessary. The seizures reported don't seem
| particularly significant. Would've smarter to keep mum and look
| for some "parallel construction" when doing these busts,
| surely...?
| dclusin wrote:
| Any more details on the type of phones they use? iPhones, stock
| Android, feature phones?
|
| Would be neat to get a tech breakdown of the phones.
| Scoundreller wrote:
| Seems like Google pixels. Just do an image search for the
| product name and you'll see it for sale from "spy stores" that
| sell things like hidden cameras.
| dstick wrote:
| One interesting thing I read in a Dutch paper today was that a
| cyber security expert that was involved in the hack was surprised
| they kept using these specialized services. It's very easy for
| authorities to get approval to hack and read _all_ the messages
| of a service that has a user base that is nearly 100% criminal.
| If criminals were smart (his words), they'd use Signal or
| Whatsapp where they'd be a small percentage of the user base and
| authorities would have a much harder time to get court-allowed
| blanket access like they had with Sky or Encro.
| cm2187 wrote:
| > _a service that has a user base that is nearly 100% criminal_
|
| The article says this service is widely used among criminals.
| That doesn't mean the user base of this service is largely
| criminals. In fact I would be surprised there would be 170k
| criminals around the world using a single service I had never
| heard about, seems very high to me.
| fao_ wrote:
| > In fact I would be surprised there would be 170k criminals
| around the world using a single service I had never heard
| about, seems very high to me.
|
| Do you not think that, perhaps, criminals will know other
| criminals (I mean we're talking organize crime here), and
| will have whisper-networks in place? Or are you saying that
| you're plugged-in to what smugglers, etc. do and you had
| never heard of it?
| GauntletWizard wrote:
| He's saying he thinks that there would be 170k criminals
| forming a singular network seems like a high number.
|
| To me, it sounds low. There are very niche interest
| websites with 750k accounts[1]. Further, 170k isn't the
| number of criminals, but the number of people who had
| interaction with Sky - Which may be basically anyone who
| had a shady friend.
|
| The problem with our modern understanding of "innocent
| until proven guilty" is that unsubstantiated rumor can
| spark fire very quickly, while real damage can fly under
| the radar for a very long time. People who have been
| actually damaged often try to extricate themselves from the
| situation as quickly as possible, or end up trapped and
| pushing further into it. Without real numbers to back this
| up: If you marry an abusive spouse, Either you get a quick
| if painful divorce, or you normalize it and become embedded
| deeply in the relationship and cut off from your friends
| who tell you to get away, because their advice for setting
| boundaries only gets you hurt further.
|
| I have no doubt that the niche interest of shady behavior
| can attract a few hundred thousand users, while staying
| unknown to anyone outside the niche.
|
| [1] Furaffinity claims this number, as a standard internet
| oddity, but fimfiction.net boasts nearly 300k; Many other
| "weird" websites probably have numbers in the 50-500k
| range.
| danielheath wrote:
| Assuming A) you are not a criminal, and B) the service is
| only used by criminals - why would you have heard of it?
| inflorescer wrote:
| > If criminals were smart (his words), they'd use Signal or
| Whatsapp where they'd be a small percentage of the user base
| and authorities would have a much harder time to get court-
| allowed blanket access like they had with Sky or Encro.
|
| How could I get a court order to get blanket access to Signal?
| SSLy wrote:
| Ineffective, or using side-channels
| dstick wrote:
| You can't, that was his point.
| cosmodisk wrote:
| I presume most user of such service are professionals in
| anything but cyber security and can be as misguided as an
| average Joe on the street.
| vmception wrote:
| From what I can tell, encryption services like this function
| more like an affinity scam. People believe any claim to make
| them feel safe.
|
| (Not saying this service was a fraud, just that the users are
| not objective)
| foolmeonce wrote:
| I think it's an issue with estimating probabilities.
|
| They probably saw a few failures a year of people using
| Signal or WhatsApp slopily on old Android phones that were
| easy to sideload onto with a warrant, had microphones with no
| hard switch, etc, etc.
|
| They probably saw no failures of Sky ECC (as it sounds like a
| vendor hardened the phone for them and any convenience over
| security features are non-existent) right up until the claim
| that the protocol is broken and everyone is affected.
| akvadrako wrote:
| Based on this story, for all we know most criminals are smart.
| It's just the dumb ones use Sky and get caught.
| dylan604 wrote:
| And yet, the police all claim that criminals are dumb, and
| wait for them to do something that gets them caught. That's
| one of the basic investigation tactics--wait for the criminal
| to screw up.
| hyperman1 wrote:
| An interesting aspect is the guilty until proven innocent aspect:
|
| Rough translation of parts of the header of
| https://www.vrt.be/vrtnws/nl/2021/03/11/oproep-sky/ :
| The federal police sent out a special 'wanted' message: All users
| of the encrypted Sky ECC phone have to report [...]If the phone
| was used for legitimate purposes, the collected data will after
| verification be [veiliggesteld]
|
| I don't know how to translate [veiliggesteld] as it is pretty
| vague. The word might be approximated as 'made safe' or 'put in a
| secure location', but it surely does not mean destroyed.
|
| As expected, the whole thing raises some eyebrows in privacy
| circles.
| nanis wrote:
| > An interesting aspect is the guilty until proven innocent
| aspect
|
| A few years back people considered "H.R.4681 - Intelligence
| Authorization Act" to be a victory in terms of limiting how
| long government can keep information of U.S. citizens "not
| wittingly"[1] captured by intelligence agencies in their
| hoovering activities. I thought the coincidence of the specific
| provisions in that law with the drive towards making sure all
| communications on the web is encrypted was "interesting".[2]
|
| [1]: https://fas.org/blogs/secrecy/2014/01/clapper-ssci/
|
| [2]: https://www.nu42.com/2014/12/https-everywhere-and-
| hr4681.htm...
| Griffinsauce wrote:
| Veiliggesteld would translate somewhere close to safeguarded or
| stored securely.
|
| Which is a strange thing to do with an innocent person's data
| but that is what's reported.
| [deleted]
| tehwebguy wrote:
| Full headline: "Belgian Police Say They Decrypted Half a Billion
| 'Sky' Messages, Arrested 48 People"
|
| From the article: "Around the world, there are approximately
| 171,000 SKY ECC telephones in service [...] Each month, around
| 70,000 of these phones actively communicate on the SKY ECC
| network [...] More than 1.2 million euros, 15 prohibited weapons,
| including six firearms, eight luxury vehicles, three machines
| used to count money, police uniforms and GPS beacons were also
| seized today"
|
| Doesn't sound like a great hit rate to me!
|
| What do you reckon the 9 non-firearm prohibited weapons are,
| trebuchets? Medieval flails? Clubs with nails in them?
| hyperman1 wrote:
| There's a bullet list halfway here:
|
| https://advo-recht.be/kennisbank/strafrecht/misdrijven/welke...
|
| Some non-firearms on the list:
|
| * Lots of types of knives, like Stilettos
|
| * shurikens
|
| * Blank weapons which look like other objects, like a knife
| hidden in an umbrella
|
| * Clubs and batons
|
| * Electric shockers
|
| * Aerosol cans and sprays for self defence
|
| * Nunchuks
|
| Technically, anti personnel mines, flamethrowers and laser
| weapons might also be considered non-firearms, but I assume
| even the USA forbids these.
|
| Interesting point is your medieval flail, which is probably
| legal as a historical ornamental weapon. Good luck explaining
| that one to the cops, though
| andrewflnr wrote:
| Nunchuks are banned in a lot of places in the US, too (CA and
| VA at least). I think it's easy for people outside the US to
| miss what a patchwork of regulation we have here.
| cheschire wrote:
| Knives have many restrictions such as opening and locking one
| handed or being too long. Certain kinds of flashlights and
| clubs are illegal for civilians in Germany so I imagine
| something along those lines might be applicable in Belgium as
| well.
| klyrs wrote:
| There are some pretty silly weapon prohibitions out there. In
| Canada, the list includes some familiar ones like brass
| knuckles and butterfly knives... and yes, it appears that
| flails are on the list. Trebuchets, ballistas and catapults
| appear to be legal here.
|
| https://laws-lois.justice.gc.ca/eng/regulations/sor-98-462/f...
| monkeybutton wrote:
| >Any instrument or device commonly known as "shuriken"
|
| I can now walk confidently at night knowing I'm safe from
| Ninjas
| [deleted]
| TheSpiceIsLife wrote:
| _Law abiding_ ninjas.
|
| You're probably safe from most law abiding people,
| tautologically.
|
| If anything, the most dangerous people, statistically, are
| those closest to you, rather than, say, random street
| ninjas.
| TheSpiceIsLife wrote:
| What's silly about prohibiting knuckledusters?
|
| They have one and only one use, are easily consealed, and
| very effective.
|
| I operate a laser cutter and am not infrequently asked to cut
| knuckles and always politely refuse with a brief explanation
| why.
| williamscales wrote:
| > What do you reckon the 9 non-firearm prohibited weapons are
|
| I wonder if a hand grenade would be counted as a firearm or
| not?
|
| The other thing that springs to mind would be switchblades.
| dylan604 wrote:
| I'd guess grenades are more likely to be categorized as
| explosive devices.
| vzaliva wrote:
| In US you can sieze that many firearms raiding a random
| nightclub. :)
| Griffinsauce wrote:
| Keep in mind this is not the American continent and there are
| considerably less firearms to begin with.
| faeyanpiraat wrote:
| What about Switzerland?
| klyrs wrote:
| And yet, the US still has problems with certain knives:
| https://www.akti.org/federal-switchblade-act/
|
| No federal law, but brass knuckles are banned in many states:
| https://worldpopulationreview.com/state-rankings/brass-
| knuck...
| harry8 wrote:
| This will be used as support when they come for signal by
| pressuring Apple and Google to ban it from the store. Facebrick
| will just remove whatsapp end to end encryption.
|
| How should we react when it starts?
___________________________________________________________________
(page generated 2021-03-16 23:00 UTC)