blackberry Police say they can read BlackBerry PGP encrypted email

[steven36]

Police in two countries have claimed that they can read encrypted data from BlackBerry devices that are being marketed as having “military-grade security.”

 

 

The story originally broke when Dutch website Misdaadnieuws (Crime News) published documents from the Netherlands Forensic Institute (NFI), a Dutch law enforcement agency, stating that police were able to access deleted messages and read encrypted emails on so-called BlackBerry PGP devices.

 

A representative from NFI confirmed that “we are capable of obtaining encrypted data from BlackBerry PGP devices,” according to a report from Motherboard.

 

On Tuesday, the Royal Canadian Mounted Police (RCMP) also told Motherboard they can crack encrypted messages on PGP BlackBerrys.

 

The PGP stands for Pretty Good Privacy, a program for encrypting and authenticating data that is often used to encrypt email.

 

 

PGP BlackBerry devices, however, are not sold by BlackBerry, but by resellers like GhostPGP, which customizes BlackBerry devices with PGP encryption.

 

GhostPGP says on its website that it has been offering “military-grade encryption solutions on the BlackBerry device for more than 15 years without a single breach in security,” and a company spokesman told Motherboard that its services are “not affected” and had not been compromised.

 

Nevertheless, NFI and the RCMP said they have been able to decrypt messages from PGP BlackBerrys, although they won’t say exactly how.

 

Motherboard reported that NFI may have used a method known as “chip-off,” by extracting memory chips from the device and pulling the data off them to attack it off-line, without any limits on how many password guesses are allowed, or how quickly those guesses can be tried.

 

Whatever technique the Dutch police used, it required physical access to the device, according to Motherboard.

 

And it’s not 100% effective – NFI had been able to decrypt only 279 out of 325 encrypted emails in the criminal case described by the Dutch crime news website.

 

In a statement to the BBC, BlackBerry said it could not comment without knowing any details about the device or “the nature of the communications that are said to have been decrypted.”

 

BlackBerry and backdoors

These revelations come at a time when some governments are considering laws to require encryption backdoors in order to fight crime and terrorism.

 

Perhaps ironically, the Netherlands has come out against backdoors, with a new policy that says the government will not seek restrictions on the development or use of encryption within the country.

 

For BlackBerry, this story raises uncomfortable questions for the company, such as, “Are law enforcement agencies exploiting a zero-day security vulnerability?”

 

Alternatively, “Is there an intentional backdoor that law enforcement has discovered?”

 

BlackBerry has faced questions before about whether it was providing backdoors for intelligence and law enforcement agencies, including reports that the UK intelligence agency GCHQ had compromised BlackBerry devices to spy on world leaders at the G20 summit in 2009.

 

Unlike stalwart backdoor opponents Apple and Google, BlackBerry has taken a more conciliatory tone when talking about government access and encryption.

 

Last month, BlackBerry CEO John Chen said in a provocative blog post that “our privacy commitment does not extend to criminals,” and indicated that it was a company’s duty, “within legal and ethical boundaries,” to help law enforcement.

 

Also last month, BlackBerry announced it would be pulling its operations out of Pakistan because the government of that country had ordered BlackBerry to shut down unless it provided access to its BES servers.

 

However, BlackBerry announced on 31 December 2015 that it had reached an agreement with Pakistan to remain in the country, after Pakistan “accept[ed] BlackBerry’s position.”

 

BlackBerry says its position on backdoors has always been “no backdoors.”

 

Although it’s reaffirmed that position many times, the questions about BlackBerry’s backdoor policy haven’t gone away.

 

Source

[dMog]

 this is kind of scary...but last time i checked north america is still (as well as the rest of of true democratic countries) are not yet police states where warrants are not needed  and people speaking out like this still do not disappear in the middle of the night  never to be seen nor heard of again... but if you vote the Donald Trump into office...well that would change pretty quick...bit it would be wonderful as he would build that wonderful wall along with very nice internment  camps to house press  all those who did not vote for him and  those who he just does not like,,,tongue in cheek rant about trump...at least i hope so 

[steven36]

46 minutes ago, dMog said:

this is kind of scary...but last time i checked north america is still (as well as the rest of of true democratic countries) are not yet police states where warrants are not needed

They can use something like  this and spy on you illegally and  just start watching you tell you  foul up . They don't need  warrant as long as they never get caught  Just like criminals  are not criminals tell they get caught . If we lived in a prefect world were all law enforcement was honest  then warrants would matter . But we live in a world  were some  Cops sells drugs,  take bribes  and use illegal methods  .

 

The way law enforcement  works  they could investigate someone for well over a year  tell they build  a good case against  them  then get a warrant and using something like could help them .  Code of honor that cops don't tell on each other ... But they tell on everyone else.

 

People just keep having a false illusion of privacy they think warrants a piece paper is going protect it when in reality  it never will.  

[vibranium]

PGP is supposed to be pretty tight. The details are hazy (reading off raw memory) but I'm guessing it's shoddy implementation. Yet another example that open-source stuff is not always a miracle pill. There are bugs and there are bad implementations.

[dMog]

population of america is what    316.1 million people...do you think they are going to sit  on you and everyone else and wait for you to screw up so they can throw you in jail... yes it is  bad they have that capability to do what they do but put it into perspective o just how they implement it and think hard on who you think will actually use this stuff...most of the politicians i hear and see in the news  that say this is great idea are republicans...and again...they will not be sitting at a monitor looking at you personallly  and with attention to detail of all you say and do  and alos look at  the rest of the entire population of 316 million

[steven36]

2 hours ago, dMog said:

population of america is what    316.1 million people...do you think they are going to sit  on you and everyone else and wait for you to screw up so they can throw you in jail... yes it is  bad they have that capability to do what they do but put it into perspective o just how they implement it and think hard on who you think will actually use this stuff...most of the politicians i hear and see in the news  that say this is great idea are republicans...and again...they will not be sitting at a monitor looking at you personallly  and with attention to detail of all you say and do  and alos look at  the rest of the entire population of 316 million

I know for a fact they do  its nothing to read  and investigation  to go on for  a year .  Sometimes they will send the same snitch in many times in and investigation and  get the  criminal on many counts over a year and they don't apprehend  the criminals  tell the Indictments  come out . You don't have a clue how the law works in the states do you ?

 

Now if you was a murderer  or a  terrorist they will  get you fast as  they can but still  they have to have a case before they are  issued a warrant by a judge so they have to go out and investigate 1st. they have to  have proof    witch illegals don't have no rights no way if they don't have papers they ship them back are put them in jail without a trial .

 

You have the DEA witch have very long investigations because they're  trying to catch as many people as the can before word gets on the street  and then you have Homicide  witch tries catch those type criminals as fast as they can . There's many different branches  of law enforcement  with different techniques . Most of the time the DEA  will use CCTV and record  it all too for how ever long they investigate .  Some cites  have CCTV installed now in the USA and are being watched by the cops 24/7.  If you're  in a city with a 1000 drug dealers if they just arrested one every time they cached  one. The other 999 would lay low so they  have to arrest them all  in waves  to even  try to make  a dent in the drug trade .  A tool like this would be very useful  to the DEA  were they read  drug dealers  email over the phone  while there running there  year + investigations for places  to send there snitches  in to make a buy  .

 

The DEA  runs programs like the NSA are they been running illegal phone taps for years

http://www.usatoday.com/story/news/2015/11/11/dea-wiretap-operation-riverside-california/75484076/

Quote

Federal agents often prefer to seek permission to tap phones from state courts, instead of federal courts

 

They don't  need a warrant only they need permission from a judge  and if you were talking to some drug dealer  they be spying on you too

 

in this case they got permission from  one state judge and cached drug dealers  all trough the US .

 

Its the same with  NSA  most  people who were spied on who didn't do nothing  were just caught  in the crossfire but still its a invasion of privacy. 

 

This is the whole reason  Microsoft  got took to court because Microsoft  would not hand  over the encrypted keys to a  drug dealers email  because  the server was not in the USA . If they  can break  encryption already  there's no need . In they cant break it in the end there going to  end up banning  it anyways. Like New york is talking about banning smart phones .

[CODYQX4]

6 hours ago, dMog said:

population of america is what    316.1 million people...do you think they are going to sit  on you and everyone else and wait for you to screw up so they can throw you in jail... yes it is  bad they have that capability to do what they do but put it into perspective o just how they implement it and think hard on who you think will actually use this stuff...most of the politicians i hear and see in the news  that say this is great idea are republicans...and again...they will not be sitting at a monitor looking at you personallly  and with attention to detail of all you say and do  and alos look at  the rest of the entire population of 316 million

That's pretty much the point of mass surveillance.

 

Don't like someone? Get dirt, handwave previous protections, arrest them. No warrant needed, or can just show up, claim probably cause, find something you knew was there but only due to 4th amendment breaking surveillance.

 

Also, there's enough random laws on the books to mean we're all criminals daily, sometimes without knowing it. There's a state law here that says you can't leave your car running for 10+ minutes, but everyone does every morning and nobody has been charged with it. I'd never heard of it at all, cops didn't care/point it out.
Make a legal system overly complex (why do we need more special laws to handle shootings? Selling guns to kids, or murdering people is already illegal. Why create a whole bunch of random paperwork and hoops for legal people? So you can show up and say some shit like a magazine has to have 29 shots max, not 30 or something).

 

Also, for "not disappearing people": This is pretty damn close enough and unacceptable in a democratic society that we claim we are. Hitler was elected, remember that.
http://www.theguardian.com/us-news/2015/feb/24/chicago-police-detain-americans-black-site

 

Hell the President was trying to claim he should be able to drone kill anyone without any legal obstacles to pressing that button. VERY Slippery Slope stuff going on these days...

 

I won't get a cruise missile drop for this post, we're not that far gone, but the slippery slope leads to exactly that.

[steven36]

Still  USA V Microsoft case  is not over  about them being able read encrypted emails stored  in other countries .

 

If the USA/DOJ  loses it will be easy for them to get it took too High Court . But if Microsoft loses  its not going be so easy.  If it goes to the Highest court then it may be 2017 before there's a real ruling .

http://www.irishtimes.com/life-and-style/motors/data-case-has-huge-implications-for-personal-privacy-1.2495493

[dMog]

ain't no easy cut and dried answers is there,,, but thankfully there are vigilant ....not vigilanties ,,,,, but vigilant people and the powers that be are in full knowledge of they themselves being scrutinized all the time....

[Holmes]

The article mentions they have been able to decrypt and wont say exactly how Im sure they didnt decrypt it they just bypassed the encryption using a exploit or vulnerability.  Ghostpgp website mentions they use aes twofiftysix and that so far as far as I know hasnt been cracked yet I could be wrong if Im right then there not really using aes twififtysix if Im wrong they are and Im sure the same for that exploit or a vulnerability.

[steven36]

42 minutes ago, Holmes said:

The article mentions they have been able to decrypt and wont say exactly how Im sure they didnt decrypt it they just bypassed the encryption using a exploit or vulnerability. 

That's like saying a app wasn't cracked because they attacked its protection even though it works perfect . It dont matter how they done it of course  there not going to share it with the public for anyone to do it , then  it would get patched  Still its been cracked and if they dont share how they dont know what to patch. 

 

It dont say they can decrypt it says can read it

 

[Holmes]

How else can you read encrypted data getting it decrypted somehow whether its actually decrypting it or using a exploit or vulnerability and I read that aes twofiftysix is cracked has been cracked using a weakness in the algorithm used.  I know they wont mention it to the public before its patched thats not what I meant.  I was just saying they didnt actually decrypt it they just bypassed it.

[steven36]

13 minutes ago, Holmes said:

How else can you read encrypted data getting it decrypted somehow whether its actually decrypting it or using a exploit or vulnerability and I read that aes twofiftysix is cracked has been cracked using a weakness in the algorithm used.  I know they wont mention it to the public before its patched thats not what I meant.  I was just saying they didnt actually decrypt it they just bypassed it.

What do you think most all weakness in encryption are ? The Heartbleed Bug , FREAK and Logjam there all known vulnerabilities .  BackDoors  some found into encryption . Unless its been patched its vulnerable. No telling how many backdoors  out there  we dont even know about yet . 

[Holmes]

I know that there talking about the new heartbleed now.  I know that to I would honestly use PGP over any encryption not just from any company I would pick one based on research.

[CODYQX4]

4 hours ago, steven36 said:

What do you think most all weakness in encryption are ? The Heartbleed Bug , FREAK and Logjam there all known vulnerabilities .  BackDoors  some found into encryption . Unless its been patched its vulnerable. No telling how many backdoors  out there  we dont even know about yet . 

There is one way that doesn't involve decrypting, and that's a vulnerability that lets you bag the messages either before encryption or after decryption.

 

I could use an absolutely flawless disk encryption that nobody can break, but turn the PC on and get malware? Encryption is irrelevant there.

[dMog]

not good news for the paranoid is it

[CODYQX4]

3 hours ago, dMog said:

not good news for the paranoid is it

Does anyone actually use BlackBerry anymore, paranoid or not?

 

I imagine somewhere there's some really old execs still clinging to BlackBerry, but it's been a good 8-9 years since I've seen a BlackBerry, back before Android devices weren't even a thing and iPhones were somewhere between 3G and 3GS.

[Holmes]

Me and my mom used blackberries I sold my moms and got her a new phone i got mine I dont know what Im going to do with it.  There up to version seven now I think the new blackberries look better I wouldnt buy a new one I like my samsung galaxy sfive.