Giambattista della Porta (1535 – 1615): The Egg-cryption Man

Della Porta invented a method which allowed him to write secret messages on the inside of eggs. 

Some of his friends were imprisoned by the Inquisition. At the gate of the prison, everything was checked except for eggs. Della Porta wrote messages on the eggshell using a mixture made of plant pigments and alum. The ink penetrated the eggshell which is semi-porous. When the eggshell was dry, he boiled the egg in hot water and the ink on the outside of the egg was washed away. 

When the recipient in prison peeled off the shell, the message was revealed once again on the egg white. - Philalethe Reveal'd Vol. 2 B/W

Signal App - New Usernames Keeps Cops Out of Your Data

Ephemeral usernames instead of phone numbers safeguard privacy — and makes Signal even harder to subpoena...

Signal is the gold standard for secure messaging apps because not only are messages encrypted, but so is pretty much everything else. Signal doesn’t know your name or profile photo, who any of your contacts are, which Signal groups you’re in, or who you talk to and when...

With the long-awaited announcement that usernames are coming to Signal — over four years in the making — Signal employed the same careful cryptography engineering it’s famous for, ensuring that the service continues to learn as little information about its users as possible. more

Intel Patent Addresses Privacy Issues with Voice Assistants

Intel wants to give you peace of mind when talking to your digital assistant.
The company filed a patent application for a “privacy preserving digital personal assistant.” Rather than sending your raw voice data to the cloud for processing, Intel’s tech encrypts that data to keep your personal information and identity from being shared in that environment.

“Existing digital personal assistant technologies force users to surrender the content of their voice commands to their digital personal assistance provider, and most actions of the available digital personal assistants are performed in the cloud,” Intel said in the filing. “This presents a large privacy and security concern that will only grow (over time) with increased adoption.” more

Qphone Claims to Secure Communications

Highly Secure Communications Platform Enables Encrypted, End-to-End Voice, Messaging, and Video

Global Integrity announced the immediate availability of Qphone, a secure communications software platform that encrypts and protects voice, text, and video conversations between mobile devices, laptops, and desktop computers. Supporting iOS and Android, the Qphone app ensures total privacy of communications using end-to-end quantum-resistant encryption.

“Every day there are new instances of eavesdropping, corporate espionage, and compromised systems initiated from bad actors, leaving organizations vulnerable,” explained Bill Marlow, CEO of Global Integrity. “Messaging apps and cybersecurity infrastructure available today are mostly compromised in some fashion. Qphone offers a new approach, delivering a native phone app that is easy to use yet highly secure. In short, Qphone makes privacy simple.” more

BlackBerry Updates SecuSUITE to Secure Phone Calls from Eavesdropping

BlackBerry has announced that its SecuSUITE for Government offering now provides certified end-to-end encryption of all group phone calls and instant messages for governments and enterprises alike.

As a result of the global pandemic, millions of employees are working from home, with many teams turning to group calling methods to ensure business continuity. However, enterprises and government officials around the world are increasingly being targeted by coordinated eavesdropping attacks. SecuSUITE protects these individuals against identity spoofing, metadata harvesting and communications interceptions, which can compromise sensitive discussions and major operations. more  infographic

The "Encrypted" Cell Phones Had One Flaw: The FBI Controlled Them

The criminals texted each other about drug deals and money laundering, confident in special encrypted devices using a platform dubbed Anom. There was just one problem for the crime rings: The FBI was being copied on every message — millions of them worldwide. In fact, the agency had sent the Anom devices into the black market in the first place.

Those are the details and allegations that are now emerging about Operation Trojan Shield, an international effort coordinated by the FBI that has resulted in more than 800 arrests.

With the help of Europol, the FBI identified "over 300 distinct TCOs [transnational criminal organizations] using Anom, including Italian organized crime, Outlaw Motorcycle Gangs, and various international narcotics source, transportation, and distribution cells," according to a search warrant affidavit filed in court by Nicholas Cheviron*, an FBI special agent in San Diego. The document was unsealed Monday.

In addition to heading the investigation, FBI Special Agent, Nic Cheviron (son of the best corporate security director ever), wrote the search warrant. It is a fascinating read.

The CIA's Greatest Hit... that we know of so far.

For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret.

The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades...

The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.

But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages. more

Talk about your self-licking ice cream cone. 
Profit from selling expensive crypto gear.
Profit by deciphering everything going through it. 
Brilliant! ~Kevin

Security Director Alert: Check for Unsecured Wi-Fi Printers

A group of hackers linked to Russian spy agencies are using "internet of things" devices like printers and internet-connected phones to break into corporate networks, Microsoft announced on Monday. more

We see this vulnerability at approximately a third of the corporations where we conduct inspections. It is a very common issue. Very dangerous. 

Q. "So, why does this happen so often?"

A. When initially outfitting the office the IT Department usually does a good job of turning on encryption for Wi-Fi Access Points, and the things connecting to them. 

Later, someone decides they need their own printer. It arrives. It is plugged in. Nobody thinks about turning on the encryption.

Often, the Wi-Fi feature of the printer is not even used, but it's on by default. The company network is now subject to compromise.

The only way to know if you have this issue is to look for it. Have your IT Department check periodically, or have us do it, but do it. ~Kevin

The ‘Golden Age of SIGINT’ May Be Over

The US government cannot control the skyrocketing use of encrypted communications that allow adversaries, terrorists, criminals — and ordinary folks who care deeply about privacy, including journalists — to block eavesdropping by national security agencies, says a new study funded by DARPA and the Center for Advanced Studies on Terrorism (CAST).

“The ‘golden age of SIGINT’ may be over, particularly within the next five or ten years,” the study, “Going Dark: Implications of an Encrypted World,” finds. The traditional methods of collecting signals intelligence and eavesdropping on communications used by the Intelligence Community (IC) will no longer be effective. “End-to-end encryption of all communications and data, differential privacy, and secure communications for all users are likely to be the new reality,” the study says. more

Information Security and Cryptography Seminar - June 17-19, 2019

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience. This includes the foundations needed to understand the different approaches, a critical look at the state-of-the-art, and a perspective on future security technologies.

The material is presented at three different levels. At the highest level, the basic concepts are presented in detail, but abstractly (e.g., as black boxes), without mathematics. No background is required to follow at this level. At an intermediate level, the most important concrete schemes, models, algorithms, and protocols are presented as well as their applications. Here some minimal mathematical and systems background is assumed. At the deepest level, which is not required to understand the higher levels, different special topics, requiring some mathematical background, are discussed.

Lecturers:
Prof. David Basin and Prof. Ueli Maurer
Advanced Technology Group GmbH
Grundgasse 13
9500 Wil
Switzerland
F: +41 (0)44 632 1172

Seminar Location: 
Marriott Courtyard Zurich North
Max-Bill-Platz 19
CH-8050 Zurich
Switzerland
more

Australia's New Encryption Law May Rock the World - bad'day mate

A new law in Australia gives law enforcement authorities the power to compel tech-industry giants like Apple to create tools that would circumvent the encryption built into their products.

The law, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, applies only to tech products used or sold in Australia. But its impact could be global: If Apple were to build a so-called back door for iPhones sold in Australia, the authorities in other countries, including the United States, could force the company to use that same tool to assist their investigations. more

Without Spies There May Have Been No 'Fourth of July'

By Nina Strochlic, for National Geographic magazine.

In 1777, the American colonies were badly losing their fight for independence from Great Britain. The British Army had captured New York City’s crucial port. Expecting further advances, the Continental Congress was evacuated from Philadelphia. It seemed that the war was lost.

Then George Washington, then Commander-in-Chief of the Continental Army, wrote a letter that changed the course of the war.

Washington was desperate to discover what was happening inside New York, but military scouts couldn’t get close enough. The general needed someone to penetrate enemy lines, but when he asked for volunteers, few of his troops raised their hands.

“Spying wasn’t seen as gentlemanly,” says Vince Houghton, resident historian at the International Spy Museum in Washington, D.C.

Finally, a young army captain named Nathan Hale volunteered for the dangerous assignment. He was caught a week later and hanged, the first known American spy to be executed on the job. (He’s memorialized with a statue outside CIA headquarters.)

Washington realized that the mission was too big for untrained volunteers, so he set about building an espionage organization.

John Jay, later the first Chief Justice of the Supreme Court, had been running counterintelligence as head of the New York State Committee and Commission for Detecting and Defeating Conspiracies. One of Jay’s operatives, a merchant named Nathaniel Sackett, had experience in secret writing and codes. 

In February 1777, Washington wrote a letter to Sackett in which he offered him $50 a month—out of his own pocket—to establish the first formal apparatus for the “advantage of obtaining the earliest and best Intelligence of the designs of the Enemy.” “Without the organization that Sackett set up, it would have been very difficult for us to win the war,” says Houghton. “We had a ragtag army and [the British] had the greatest army, greatest navy, and greatest economy in the world. We had no real business winning this war.”

But America’s spy service got off to an inglorious start. Most of Sackett’s agents failed at their jobs—including Sackett himself, who was fired after just six months.

Fortunately for the infant nation, Sackett’s replacement, 26-year-old Benjamin Tallmadge, created what is considered one of America’s greatest espionage operations: the Culper Spy Ring. Comprised of childhood friends from Long Island, the group included a shop owner inside New York City who gathered information, a traveling trader who smuggled it out of the city, and a whale boat captain who delivered it to Washington’s camp.

Employing the tools and tricks of the 18^th-century spy trade—hiding secret messages in hollow feather quills, using “dead drops” to transport letters—the Culper operatives unmasked enemy spies, busted a money counterfeiting plan, and stopped the British from sabotaging a French aid mission to the colonies.

After important letters were lost during an enemy raid, Tallmadge invented a “numerical dictionary” code that matched 763 cities, names, and words to numbers. (Washington’s code name was Agent 711.) Washington also asked physician James Jay (brother to John) to invent an invisible ink that could be revealed only with another chemical and would “relieve the fears of such persons as may be entrusted in its conveyance.”

Washington’s espionage experiment paid off. In 1781 the British surrendered, thanks in part to the intelligence gathered by the Culper Ring and their networks. “Washington didn’t really out-fight the British. He simply out-spied us,” a British intelligence officer allegedly said after the war.

None of the Culper spies were ever caught, and even Washington himself never learned exactly who was in the group. The ring’s very existence wasn’t discovered until the 1900s, and to this day no one knows for certain how many members it had.

After the war Washington asked Congress to reimburse him $17,000—nearly half a million dollars today—for his espionage expenses. The lawmakers obliged.

How to encrypt your entire life in less than an hour

Quincy Larson has written an excellent article on how to protect your digital privacy. Worth reading. Worth doing. ~Kevin

“Only the paranoid survive.” — Andy Grove

And Grove isn’t the only powerful person urging caution. Even the director of the FBI — the same official who recently paid hackers a million dollars to unlock a shooter’s iPhone — is encouraging everyone to cover their webcams.

But you obey the law. What do you have to worry about? As the motto of the United Kingdom’s surveillance program reminds us, “If you’ve got nothing to hide, you’ve got nothing to fear.”

Well, law-abiding citizens do have reason to fear. They do have reasons to secure their devices, their files, and their communications with loved ones.

“If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” — Cardinal Richelieu in 1641

In this article, I will show you how you can protect yourself by leveraging state-of-the-art encryption. In a single sitting, you can make great strides toward securing your privacy. more

FontCode: Embed Secret Messages Within Text

Click to enlarge.

Computer scientists have invented FontCode, a way to embed hidden information in ordinary text by imperceptibly changing the shapes of fonts in text. 

The hidden information persists even when documents or images with perturbed texts are printed or converted to another file type. Method could prevent document tampering, protect copyrights, as well as embed QR codes and other metadata without altering the look or layout of a document.

"While there are obvious applications for espionage, we think FontCode has even more practical uses for companies wanting to prevent document tampering or protect copyrights, and for retailers and artists wanting to embed QR codes and other metadata without altering the look or layout of a document," says Changxi Zheng, associate professor of computer science and the paper's senior author.  more

Tinder Hackers May Find Out How Desperate You Are

Eavesdroppers could be able to peek in on mobile flirts.

A lack of security protections in Tinder's mobile app is leaving lonely hearts vulnerable to eavesdropping.

That's according to security biz Checkmarx this week, which claimed Android and iOS builds of the dating app fail to properly encrypt network traffic, meaning the basic actions of peeps looking to hookup – such as swipes on profiles – could be collected by anyone on the same Wi-Fi or carrying out similar snooping. more

Counterespionage Tip # 022: The Encryption & Password Mistake

An excerpt from the Forever 21 press release last week...

...After receiving a report from a third party in mid-October 2017 suggesting there may have been unauthorized access to data from payment cards that were used at certain Forever 21 stores, we immediately began an investigation. We hired leading payment technology and security firms to assist. The investigation determined that the encryption technology on some point-of-sale (POS) devices at some stores was not always on... more

The setting to enable encryption may never have been set to on. If it was, the setting may not have been password protected, thus allowing the encryption to be turned on and off.  Costly mistakes.

This happens frequently on devices which are introduced after the initial set-up of similar devices. It's similar to the not changing the default password syndrome.

Counterespionage Tip # 022: When installing new devices:

1. Change the default password.
2. Review all the settings. Turn off all the eavesdropper and espionage friendly settings.
3. Pay particular attention to security-related settings.
4. Enable encryption.
5. Change the administrator's password if the device has one.
6. Deter physical access to internal memory and components using security tape. Check often for tampering.

Removing an unencrypted printer drive for covert duplication.
Murray Associates case history photo.

You may be surprised how many devices offer password protection and encryption these days...

• Point-of-sale (POS) devices.
• Wi-Fi Access Points.
• Audio and video teleconferencing equipment.
• Networked print centers.
• Stand-alone printers with Wi-Fi capabilities.
• VoIP telephone systems.
• Interactive white boards.
• Fax machines with memory vaults.
• Computers, tablets, mobile phones.
• Manufacturing equipment.
• Medical devices.
• CCTV cameras and recording systems.

Your list of vulnerable devices may have additional items. All are hacker/espionage/criminal catnip. 

Security settings on items in your environment should be checked periodically. A knowledgeable Technical Surveillance Countermeasures (TSCM) team can do this for you. It should be part of their inspection for electronic surveillance devices and information security loopholes. 

If you don't have a TSCM team already, or are not sure of their capabilities, give me a call. ~Kevin

Hedy Lamarr - The Spread Spectrum Lady

“Bombshell” (Alexandra Dean’s timely documentary) explores, Lamarr, in collaboration with avant-garde composer George Antheil, of all people, came up with a way to ensure secure radio signals, a frequency-hopping technology that has been called the basis for such up-to-date innovations as Wi-Fi, Bluetooth and GPS.

Though one of the most recognized faces in the world, Lamarr, executive producer Susan Sarandon has said, “was never seen for who she was.”

Yet what makes “Bombshell” intriguing is not just Lamarr’s gift for invention, it’s also what a fiery individualist she was, someone who had no regrets about her eventful life (”You learn from everything”), not even its racy, tabloid elements. more

End-to-End Encryption App for Business Customers

End-to-end encrypted messaging app Wire has introduced a version of its service for business customers...

Wire CEO Alan Duric told ZDNet that the company had 300 firms on the Teams pilot and that businesses were using the service for their top managers or M&A teams and issues like crisis communications.

Wire is also eyeing the Internet of Things, arguing that end-to-end encryption could be applied to messages to devices as well as chats with your colleagues.

"There is quite a bit of awareness that industrial espionage is not a myth and that they need to protect their data," he said. more

Without Spies There May Have Been No 'Fourth of July'

By Nina Strochlic, for National Geographic magazine.

In 1777, the American colonies were badly losing their fight for independence from Great Britain. The British Army had captured New York City’s crucial port. Expecting further advances, the Continental Congress was evacuated from Philadelphia. It seemed that the war was lost.

Then George Washington, then Commander-in-Chief of the Continental Army, wrote a letter that changed the course of the war.

Washington was desperate to discover what was happening inside New York, but military scouts couldn’t get close enough. The general needed someone to penetrate enemy lines, but when he asked for volunteers, few of his troops raised their hands.

“Spying wasn’t seen as gentlemanly,” says Vince Houghton, resident historian at the International Spy Museum in Washington, D.C.

Finally, a young army captain named Nathan Hale volunteered for the dangerous assignment. He was caught a week later and hanged, the first known American spy to be executed on the job. (He’s memorialized with a statue outside CIA headquarters.)

Washington realized that the mission was too big for untrained volunteers, so he set about building an espionage organization.

John Jay, later the first Chief Justice of the Supreme Court, had been running counterintelligence as head of the New York State Committee and Commission for Detecting and Defeating Conspiracies. One of Jay’s operatives, a merchant named Nathaniel Sackett, had experience in secret writing and codes. 

In February 1777, Washington wrote a letter to Sackett in which he offered him $50 a month—out of his own pocket—to establish the first formal apparatus for the “advantage of obtaining the earliest and best Intelligence of the designs of the Enemy.” “Without the organization that Sackett set up, it would have been very difficult for us to win the war,” says Houghton. “We had a ragtag army and [the British] had the greatest army, greatest navy, and greatest economy in the world. We had no real business winning this war.”

But America’s spy service got off to an inglorious start. Most of Sackett’s agents failed at their jobs—including Sackett himself, who was fired after just six months.

Fortunately for the infant nation, Sackett’s replacement, 26-year-old Benjamin Tallmadge, created what is considered one of America’s greatest espionage operations: the Culper Spy Ring. Comprised of childhood friends from Long Island, the group included a shop owner inside New York City who gathered information, a traveling trader who smuggled it out of the city, and a whale boat captain who delivered it to Washington’s camp.

Employing the tools and tricks of the 18^th-century spy trade—hiding secret messages in hollow feather quills, using “dead drops” to transport letters—the Culper operatives unmasked enemy spies, busted a money counterfeiting plan, and stopped the British from sabotaging a French aid mission to the colonies.

After important letters were lost during an enemy raid, Tallmadge invented a “numerical dictionary” code that matched 763 cities, names, and words to numbers. (Washington’s code name was Agent 711.) Washington also asked physician James Jay (brother to John) to invent an invisible ink that could be revealed only with another chemical and would “relieve the fears of such persons as may be entrusted in its conveyance.”

Washington’s espionage experiment paid off. In 1781 the British surrendered, thanks in part to the intelligence gathered by the Culper Ring and their networks. “Washington didn’t really out-fight the British. He simply out-spied us,” a British intelligence officer allegedly said after the war.

None of the Culper spies were ever caught, and even Washington himself never learned exactly who was in the group. The ring’s very existence wasn’t discovered until the 1900s, and to this day no one knows for certain how many members it had.

After the war Washington asked Congress to reimburse him $17,000—nearly half a million dollars today—for his espionage expenses. The lawmakers obliged.

Crack the Code - Get a Drink

The Bletchley is a spy-themed London bar where you have to crack codes to order drinks.

To do that, you use imitation World War 2 Enigma machines which generate a unique code for every "agent." Orders are then transmitted via radio to the bar.

The venue is inspired by Bletchley Park, the site where British mathematician and codebreaker Alan Turing and his team used to crack German codes during World War 2. more with video