[HN Gopher] Belgian Police Say They Decrypted Half a Billion 'Sk... ___________________________________________________________________ Belgian Police Say They Decrypted Half a Billion 'Sky' Messages Author : wglb Score : 42 points Date : 2021-03-15 16:56 UTC (1 days ago) (HTM) web link (www.vice.com) (TXT) w3m dump (www.vice.com) | toyg wrote: | Surely this is not a smart move from authorities? The whole point | of having these capabilities is to not advertise them until | extremely necessary. The seizures reported don't seem | particularly significant. Would've smarter to keep mum and look | for some "parallel construction" when doing these busts, | surely...? | dclusin wrote: | Any more details on the type of phones they use? iPhones, stock | Android, feature phones? | | Would be neat to get a tech breakdown of the phones. | Scoundreller wrote: | Seems like Google pixels. Just do an image search for the | product name and you'll see it for sale from "spy stores" that | sell things like hidden cameras. | dstick wrote: | One interesting thing I read in a Dutch paper today was that a | cyber security expert that was involved in the hack was surprised | they kept using these specialized services. It's very easy for | authorities to get approval to hack and read _all_ the messages | of a service that has a user base that is nearly 100% criminal. | If criminals were smart (his words), they'd use Signal or | Whatsapp where they'd be a small percentage of the user base and | authorities would have a much harder time to get court-allowed | blanket access like they had with Sky or Encro. | cm2187 wrote: | > _a service that has a user base that is nearly 100% criminal_ | | The article says this service is widely used among criminals. | That doesn't mean the user base of this service is largely | criminals. In fact I would be surprised there would be 170k | criminals around the world using a single service I had never | heard about, seems very high to me. | fao_ wrote: | > In fact I would be surprised there would be 170k criminals | around the world using a single service I had never heard | about, seems very high to me. | | Do you not think that, perhaps, criminals will know other | criminals (I mean we're talking organize crime here), and | will have whisper-networks in place? Or are you saying that | you're plugged-in to what smugglers, etc. do and you had | never heard of it? | GauntletWizard wrote: | He's saying he thinks that there would be 170k criminals | forming a singular network seems like a high number. | | To me, it sounds low. There are very niche interest | websites with 750k accounts[1]. Further, 170k isn't the | number of criminals, but the number of people who had | interaction with Sky - Which may be basically anyone who | had a shady friend. | | The problem with our modern understanding of "innocent | until proven guilty" is that unsubstantiated rumor can | spark fire very quickly, while real damage can fly under | the radar for a very long time. People who have been | actually damaged often try to extricate themselves from the | situation as quickly as possible, or end up trapped and | pushing further into it. Without real numbers to back this | up: If you marry an abusive spouse, Either you get a quick | if painful divorce, or you normalize it and become embedded | deeply in the relationship and cut off from your friends | who tell you to get away, because their advice for setting | boundaries only gets you hurt further. | | I have no doubt that the niche interest of shady behavior | can attract a few hundred thousand users, while staying | unknown to anyone outside the niche. | | [1] Furaffinity claims this number, as a standard internet | oddity, but fimfiction.net boasts nearly 300k; Many other | "weird" websites probably have numbers in the 50-500k | range. | danielheath wrote: | Assuming A) you are not a criminal, and B) the service is | only used by criminals - why would you have heard of it? | inflorescer wrote: | > If criminals were smart (his words), they'd use Signal or | Whatsapp where they'd be a small percentage of the user base | and authorities would have a much harder time to get court- | allowed blanket access like they had with Sky or Encro. | | How could I get a court order to get blanket access to Signal? | SSLy wrote: | Ineffective, or using side-channels | dstick wrote: | You can't, that was his point. | cosmodisk wrote: | I presume most user of such service are professionals in | anything but cyber security and can be as misguided as an | average Joe on the street. | vmception wrote: | From what I can tell, encryption services like this function | more like an affinity scam. People believe any claim to make | them feel safe. | | (Not saying this service was a fraud, just that the users are | not objective) | foolmeonce wrote: | I think it's an issue with estimating probabilities. | | They probably saw a few failures a year of people using | Signal or WhatsApp slopily on old Android phones that were | easy to sideload onto with a warrant, had microphones with no | hard switch, etc, etc. | | They probably saw no failures of Sky ECC (as it sounds like a | vendor hardened the phone for them and any convenience over | security features are non-existent) right up until the claim | that the protocol is broken and everyone is affected. | akvadrako wrote: | Based on this story, for all we know most criminals are smart. | It's just the dumb ones use Sky and get caught. | dylan604 wrote: | And yet, the police all claim that criminals are dumb, and | wait for them to do something that gets them caught. That's | one of the basic investigation tactics--wait for the criminal | to screw up. | hyperman1 wrote: | An interesting aspect is the guilty until proven innocent aspect: | | Rough translation of parts of the header of | https://www.vrt.be/vrtnws/nl/2021/03/11/oproep-sky/ : | The federal police sent out a special 'wanted' message: All users | of the encrypted Sky ECC phone have to report [...]If the phone | was used for legitimate purposes, the collected data will after | verification be [veiliggesteld] | | I don't know how to translate [veiliggesteld] as it is pretty | vague. The word might be approximated as 'made safe' or 'put in a | secure location', but it surely does not mean destroyed. | | As expected, the whole thing raises some eyebrows in privacy | circles. | nanis wrote: | > An interesting aspect is the guilty until proven innocent | aspect | | A few years back people considered "H.R.4681 - Intelligence | Authorization Act" to be a victory in terms of limiting how | long government can keep information of U.S. citizens "not | wittingly"[1] captured by intelligence agencies in their | hoovering activities. I thought the coincidence of the specific | provisions in that law with the drive towards making sure all | communications on the web is encrypted was "interesting".[2] | | [1]: https://fas.org/blogs/secrecy/2014/01/clapper-ssci/ | | [2]: https://www.nu42.com/2014/12/https-everywhere-and- | hr4681.htm... | Griffinsauce wrote: | Veiliggesteld would translate somewhere close to safeguarded or | stored securely. | | Which is a strange thing to do with an innocent person's data | but that is what's reported. | [deleted] | tehwebguy wrote: | Full headline: "Belgian Police Say They Decrypted Half a Billion | 'Sky' Messages, Arrested 48 People" | | From the article: "Around the world, there are approximately | 171,000 SKY ECC telephones in service [...] Each month, around | 70,000 of these phones actively communicate on the SKY ECC | network [...] More than 1.2 million euros, 15 prohibited weapons, | including six firearms, eight luxury vehicles, three machines | used to count money, police uniforms and GPS beacons were also | seized today" | | Doesn't sound like a great hit rate to me! | | What do you reckon the 9 non-firearm prohibited weapons are, | trebuchets? Medieval flails? Clubs with nails in them? | hyperman1 wrote: | There's a bullet list halfway here: | | https://advo-recht.be/kennisbank/strafrecht/misdrijven/welke... | | Some non-firearms on the list: | | * Lots of types of knives, like Stilettos | | * shurikens | | * Blank weapons which look like other objects, like a knife | hidden in an umbrella | | * Clubs and batons | | * Electric shockers | | * Aerosol cans and sprays for self defence | | * Nunchuks | | Technically, anti personnel mines, flamethrowers and laser | weapons might also be considered non-firearms, but I assume | even the USA forbids these. | | Interesting point is your medieval flail, which is probably | legal as a historical ornamental weapon. Good luck explaining | that one to the cops, though | andrewflnr wrote: | Nunchuks are banned in a lot of places in the US, too (CA and | VA at least). I think it's easy for people outside the US to | miss what a patchwork of regulation we have here. | cheschire wrote: | Knives have many restrictions such as opening and locking one | handed or being too long. Certain kinds of flashlights and | clubs are illegal for civilians in Germany so I imagine | something along those lines might be applicable in Belgium as | well. | klyrs wrote: | There are some pretty silly weapon prohibitions out there. In | Canada, the list includes some familiar ones like brass | knuckles and butterfly knives... and yes, it appears that | flails are on the list. Trebuchets, ballistas and catapults | appear to be legal here. | | https://laws-lois.justice.gc.ca/eng/regulations/sor-98-462/f... | monkeybutton wrote: | >Any instrument or device commonly known as "shuriken" | | I can now walk confidently at night knowing I'm safe from | Ninjas | [deleted] | TheSpiceIsLife wrote: | _Law abiding_ ninjas. | | You're probably safe from most law abiding people, | tautologically. | | If anything, the most dangerous people, statistically, are | those closest to you, rather than, say, random street | ninjas. | TheSpiceIsLife wrote: | What's silly about prohibiting knuckledusters? | | They have one and only one use, are easily consealed, and | very effective. | | I operate a laser cutter and am not infrequently asked to cut | knuckles and always politely refuse with a brief explanation | why. | williamscales wrote: | > What do you reckon the 9 non-firearm prohibited weapons are | | I wonder if a hand grenade would be counted as a firearm or | not? | | The other thing that springs to mind would be switchblades. | dylan604 wrote: | I'd guess grenades are more likely to be categorized as | explosive devices. | vzaliva wrote: | In US you can sieze that many firearms raiding a random | nightclub. :) | Griffinsauce wrote: | Keep in mind this is not the American continent and there are | considerably less firearms to begin with. | faeyanpiraat wrote: | What about Switzerland? | klyrs wrote: | And yet, the US still has problems with certain knives: | https://www.akti.org/federal-switchblade-act/ | | No federal law, but brass knuckles are banned in many states: | https://worldpopulationreview.com/state-rankings/brass- | knuck... | harry8 wrote: | This will be used as support when they come for signal by | pressuring Apple and Google to ban it from the store. Facebrick | will just remove whatsapp end to end encryption. | | How should we react when it starts? ___________________________________________________________________ (page generated 2021-03-16 23:00 UTC)