GRyan Masters Blog

Cybersecurity and Encryption

2. FBI Vs. Encryption — March 27, 2016

2. FBI Vs. Encryption

The FBI continues to target Apple and the security of their devices. FBI Director, James Comey, is trying to get legislation passed that will restrict technology companies from having encryption that prevents the government from accessing the data stored on devices (Lord, 2014). As mentioned in my previous post, allowing any kind of backdoor into a system cripples the security of the device. It is obvious that anything that is encrypted can be decrypted, but adding a cellar door to your basement is just an invitation for anyone that wants what you have.

I am in total disagreement with the request of the FBI. Right now it is Apple that is being ordered to comply, but in the future it may be all other companies that sell products in the USA. If these types of laws are allowed to exist then the competitive advantage for the U.S technology companies has just been crippled by its’ own government (Lord, 2014).

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized (“Bill of Rights Transcript Text,” n.d.).

Over 220 years ago the government tried to protect use against ourselves and now we see things of this nature in the news so often. We are a free nation, but are we really. We can’t even protect our own data without someone else wanting access to it. Without encryption we would not be the nation that we are, or have the technologies and pleasures that we do have. What secrets would the government have without being able to protect the data that they have? To ask the people to give up a means to secure their persons, or effects is unconstitutional at worst, and just poor programs, politics, and leaders at best.

Grant Ryan

 

Bill of Rights Transcript Text. (n.d.). Retrieved March 27, 2016, from http://www.archives.gov/exhibits/charters/bill_of_rights_transcript.html
Lord, N. (2014, October 20). The Security Hot Seat: Personal Device Encyption. Retrieved March 27, 2016, from https://digitalguardian.com/blog/security-hot-seat-personal-device-encyption
1. Encrypted — March 15, 2016

1. Encrypted

With the steady increase of cyber crimes, encryption should be a top priority for everyone. Whether you are a basic computer user to a company that deploys multiple server across multiple locations, encryption should be considered. Using encryption to protect your data can be as simple as securing a single file, to a folder that you store important information in, or it could be used to protect entire systems/servers.

Encryption used to Protect

A big controversy right now is the Apple vs. FBI. The incident that start this battle over encryption was the attack on the Inland Regional Center in San Bernardino, California by Syed Rizwan Farook and Tashfeen Malik (NPR Report). After the attack the two men committed suicide and there was an iPhone 5c recovered at the crime scene. The FBI confiscated the phone and was not able to access the data stored on the device. Since the FBI cannot access the data many questions could not be answered.

The FBI filed suit against Apple requesting them to supply a way to get into the device and Apple denied the request. Tim Cook, CEO of Apple, said

“In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession. …

“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable (NPR Report).”

This is a major issue in encryption. By creating a backdoor to encryption methods you are opening the encryption and reducing the security of the algorithms. Someone will eventually crack it and now the encryption is worthless.

Encryption used to Restrict

Another way that encryption can be used is to restrict access. Yes, I know, encryption is supposed to be used to restrict access, but not the way that unethical hackers are using it.

There are many reports that have been linked to hackers gaining access to systems and then encrypting them so the users and administrators of the system is unable to access it. This is being called Ransomware, or Remote Access Hacking.

These hackers are gaining access to different systems and then encrypting the data on these systems. Then the hackers are demanding a ransom in order to decrypt the systems. In 2012, there was an attack on an Australian business, and the hackers asked for $3000 in ransom for the password to the encryption. The company paid the ransom and the hackers claimed that child pornography was detected on their computers (Ransom Attack).

20120924013801_unlock

Many more attacks of this type can be found online.

No matter what type of computer, smart phone, server, or any other type of electronic device that connects to the internet you should research ways to encrypt your personal data. There are many different types of encryption methods available. We all should use some type of encryption to protect our personal effects.

Grant Ryan

Apple, The FBI And iPhone Encryption: A Look At What’s At Stake. (n.d.). Retrieved March 15, 2016, from http://www.npr.org/sections/thetwo-way/2016/02/17/467096705/apple-the-fbi-and-iphone-encryption-a-look-at-whats-at-stake
Dealing with ransomware and remote access hacking | NetSafe Security Central. (n.d.). Retrieved from http://www.securitycentral.org.nz/cybersecurity-for-small-businesses/dealing-with-ransomware-and-remote-access-hacking/