Telegram Messenger Service Suffers Cyberattack Originating From China

The CEO of messaging service Telegram has suggested that a recent cyber attack on the encrypted chat platform was the work of the Chinese government as part of an attempt to disrupt use of the app to coordinate ongoing protests in Hong Kong.

Telegram founder Pavel Durov said the messaging service experienced a "state actor-sized" distributed denial of service (DDoS) attack yesterday and this morning after "garbage requests" flooded its servers and disrupted communications.

DDoS attacks typically work through the use of botnets – often operating on hijacked computers infected with malware – which bombard servers with redundant requests to prevent them from processing legitimate requests.


Most of those requests came from IP addresses originating in China and appeared to be coincided in time with protests in Hong Kong, founder Pavel Durov said in a later Twitter post.

Protesters in the hundreds and thousands have been marching through Hong Kong's streets this week in opposition to a controversial law that would allow people in the city to be extradited to China.

Chinese state media have condemned the protests, which they claim is being motivated by outside forces and risks undermining social stability in the region.

This isn't the first time apps have been blocked in Hong Kong. In 2014, China's cyberspace administration cut access to Instagram during the city's Umbrella Movement, which used umbrellas as a tool of passive resistance to the police's use of pepper spray on protestors who were seeking more transparent elections.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "Telegram Messenger Service Suffers Cyberattack Originating From China" first appeared on MacRumors.com

Discuss this article in our forums

Apple and Other Tech Giants Condemn GCHQ Proposal to Eavesdrop on Encrypted Messages

Apple and other tech giants have joined civil society groups and security experts in condemning proposals from Britain's cybersecurity agency that would enable law enforcement to access end-to-end encrypted messages (via CNBC).

British Government's Communications HQ in Cheltenham, Gloucestershire

In an open letter to the U.K.'s GCHQ (Government Communications Headquarters), 47 signatories including Apple, Google and WhatsApp urged the U.K. eavesdropping agency to ditch plans for its so-called "ghost protocol," which would require encrypted messaging services to direct a message to a third recipient, at the same time as sending it to its intended user.

Ian Levy, the technical director of Britain's National Cyber Security Centre, and Crispin Robinson, GCHQ's head of cryptanalysis, published details of the proposal in November 2018. In the essay, Levy and Robinson claimed the system would enable law enforcement to access the content of encrypted messages without breaking the encryption.

The officials argued it would be "relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," and claimed this would be "no more intrusive than the virtual crocodile clips," which are currently used in wiretaps of non-encrypted chat and call apps.

Signatories of the letter opposing the plan argued that the proposal required two changes to existing communications systems that were a "serious threat" to digital security and fundamental human rights, and would undermine user trust.
"First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat.

"Second, in order to ensure the government is added to the conversation in secret, GCHQ's proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.

"The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ's ghost proposal completely undermines this trust relationship and the authentication process."
Apple's strong stance against weakened device protections for the sake of law enforcement access was highlighted in the 2016 Apple vs. FBI conflict that saw Apple refuse to create a backdoor access solution to allow the FBI to crack the iPhone 5c owned by San Bernardino shooter Syed Farook.

Responding to the open letter, which was first sent to GCHQ on May 22, the National Cyber Security Centre's Ian Levy told CNBC: "We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion."

"We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible," Levy said.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "Apple and Other Tech Giants Condemn GCHQ Proposal to Eavesdrop on Encrypted Messages" first appeared on MacRumors.com

Discuss this article in our forums

FBI Director Christopher Wray on Encryption: We Can’t Have an ‘Entirely Unfettered Space Beyond the Reach of Law Enforcement’

Encryption should not provide an "unfettered space" for criminals to hide behind, FBI Director Christopher Wray said today in an interview at the RSA conference, a cybersecurity event in San Francisco.

As noted by CNET, Wray said that while the FBI is not seeking backdoors in electronics, encryption needs to have limitations.

"It can't be a sustainable end state for there to be an entirely unfettered space that's utterly beyond law enforcement for criminals to hide," Wray said, echoing a position that law enforcement officials have taken on encryption time and time again.

Apple and other technology companies have been clashing with law enforcement agencies like the FBI and fighting anti-encryption legislation for years now. Apple's most public battle with the U.S. government was in 2016, when the Cupertino company was ordered to help the FBI unlock the iPhone used by Syed Farook, a shooter in the 2015 attacks in San Bernardino.

Apple opposed the order and said that it would set a "dangerous precedent" with serious implications for the future of smartphone encryption. Apple held its ground and the U.S. government backed off after finding an alternate way to access the data on the device, but Apple is continually dealing with additional law enforcement attempts to weaken encryption.

Multiple tech companies, Apple included, have formed the Reform Government Surveillance coalition to promote strong device encryption and fight against legislation calling for backdoor access into electronic devices.

Apple has argued that strong encryption is essential for keeping its customers safe from hackers and other malicious entities. A backdoor created for government access would not necessarily remain in government hands and could put the company's entire customer base at risk.

During the interview, Wray said that encryption is a "provocative subject" and he provided no additional insight into how tech companies might provide strong encryption for customers while also acquiescing to law enforcement demands for device access.

Wray did say that the U.S. is seeing an uptick in threats from "various foreign adversaries" that are using criminal hackers, which suggests the need for strong encryption is greater than ever.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "FBI Director Christopher Wray on Encryption: We Can't Have an 'Entirely Unfettered Space Beyond the Reach of Law Enforcement'" first appeared on MacRumors.com

Discuss this article in our forums

How to Encrypt a USB Flash Drive in macOS Mojave

In macOS Mojave, you can choose to encrypt and decrypt disks on the fly right from the desktop. Using this convenient Finder option, we're going to show you how to encrypt a USB flash drive (or "thumb drive"), which is useful if you're traveling light and want to take sensitive data with you for use on another Mac.

Finder uses XTS-AES encryption, the same encryption that FileVault 2 uses to prevent access to data on a Mac's startup disk without a password. Note that the following method is only compatible with Macs – you won't be able to access data on the encrypted drive using a Windows machine.

If this is a requirement, you'll need to use a third-party encryption solution like VeraCrypt. With that in mind, here's how to securely encrypt your USB flash drive.


Attach the USB flash drive to your Mac and locate its disk icon on your desktop, in a Finder window, or in the Finder sidebar, then right-click (or Ctrl-click) it and select Encrypt "[USB stick name]"... from the contextual menu.

(Note that if you don't see the Encrypt option in the dropdown menu, your USB flash drive hasn't been formatted with a GUID partition map. To resolve this, you'll need to erase and encrypt the USB drive in Disk Utility – before that though, copy any data on the drive to another location for temporary safekeeping.)


When you select Encrypt, Finder will prompt you to create a password, which you'll need to enter the next time you attach the USB flash drive to a Mac. (Don't forget this, otherwise you'll lose access to any data stored on the USB drive!) Once you've chosen a password, verify it, add a meaningful hint if desired, and click Encrypt Disk.

The encryption process depends on how much data you have on the USB flash drive, but you'll know it's completed when its disk icon disappears and re-mounts. You'll now be able to access the contents of the USB flash drive as usual, but if you physically detach it and re-attach it to your Mac you'll be prompted to enter the password.


Note that the prompt includes an option for macOS to remember this password in my keychain. Check the box, and whenever you attach the USB stick to your Mac again you won't be prompted to enter the password and you'll have automatic access to it, just like any other drive.


If you ever want to decrypt the USB flash drive in future, right-click (or Ctrl-click) its disk icon, select Decrypt "[USB stick name]" from the contextual menu, and enter the password to turn off encryption protection.

How to Encrypt a USB Flash Drive in Disk Utility

Before proceeding, make sure you've copied any data on the USB flash drive to a safe location, like your Mac's internal disk.
  1. Launch Disk Utility, located on your Mac in Applications/Utilities.

  2. In the Disk Utility toolbar, click the View button and select Show All Devices if it isn't already ticked.

  3. Select your USB flash drive in the sidebar by clicking its top-level device name (i.e. not the volume name that's listed beneath it).

  4. Click the Erase button in the toolbar.

  5. Give the USB flash drive a name.

  6. Next, click the Scheme dropdown menu and select GUID Partition Map. (It's important to do this first before the next step, otherwise you won't see the encryption option in the Format dropdown.)

  7. Now click the Format dropdown menu and select Mac OS Extended (Journaled, Encrypted).

  8. Click Erase.

  9. Enter your new password, enter it once more to verify, include a password hint if desired, then click Choose.

  10. Click Erase once again, and wait for your disk to be formatted and encrypted.
Once the process is complete, copy across your sensitive data to the blank USB flash drive, where it will be automatically encrypted and secured with a password.


Discuss this article in our forums

Australia Passes Controversial Encryption Bill Despite Opposition From Apple and Other Tech Companies

The Australian parliament on Thursday passed controversial encryption legislation that could result in tech companies being forced to give law enforcement access to encrypted customer messages.

As we reported in October, Apple opposed the legislation in a seven-page letter to the Australian parliament, calling the encryption bill "dangerously ambiguous" and wide open to potential abuse by authorities.


Advocates of the bill, officially titled "Assistance and Access Bill 2018," argue it is essential to national security because encrypted communications are used by terrorist groups and criminals to avoid detection.

CNET provided a breakdown on the Australian bill and the three tiers of law enforcement and state agency assistance it covers:
  • Technical assistance request: A notice to provide "voluntary assistance" to law enforcement for "safeguarding of national security and the enforcement of the law."

  • Technical assistance notice: A notice requiring tech companies to offer decryption "they are already capable of providing that is reasonable, proportionate, practicable and technically feasible" where the company already has the "existing means" to decrypt communications (e.g. where messages aren't end-to-end encrypted).

  • Technical capability notice: A notice issued by the attorney general, requiring tech companies to "build a new capability" to decrypt communications for law enforcement. The bill stipulates this can't include capabilities that "remove electronic protection, such as encryption."
The Australian government insists that the laws don't provide a backdoor into encrypted communications, however Apple says says the language in the bill permits the government to order companies who make smart home speakers to "install persistent eavesdropping capabilities" or require device makers to create a tool to unlock devices.

Likewise, the joint industry lobby group DIGI, which includes Amazon, Facebook, Google, Oath, and Twitter, said they were willing to work with the government to promote public safety, but the laws could "potentially jeopardize the security of the apps and systems that millions of Australians use every day."

Apple has fought against anti-encryption legislation and attempts to weaken device encryption for years, and its most public battle was against the U.S. government in 2016 after Apple was ordered to help the FBI unlock the iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino.

Apple opposed the order and claimed that it would set a "dangerous precedent" with serious implications for the future of smartphone encryption. Apple ultimately held its ground and the U.S. government backed off after finding an alternate way to access the device, but Apple has continually had to deal with further law enforcement efforts to combat encryption.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Apple Criticizes Proposed Anti-Encryption Legislation in Australia

The Australian government is considering a bill that would require tech companies like Apple to provide "critical assistance" to government agencies who are investigating crimes.

According to the Australian government, encryption is problematic because encrypted communications "are increasingly being used by terrorist groups and organized criminals to avoid detection and disruption."


As noted by TechCrunch, Apple today penned a seven-page letter to the Australian parliament criticizing the proposed legislation.

In the letter, Apple calls the bill "dangerously ambiguous" and explains the importance of encryption in "protecting national security and citizens' lives" from criminal attackers who are finding more serious and sophisticated ways to infiltrate iOS devices.
In the face of these threats, this is no time to weaken encryption. There is profound risk of making criminals' jobs easier, not harder. Increasingly stronger -- not weaker -- encryption is the best way to protect against these threats.
Apple says that it "challenges the idea" that weaker encryption is necessary to aid law enforcement investigations as it has processed more than 26,000 requests for data to help solve crimes in Australia over the course of the last five years.

According to Apple, the language in the bill is broad and vague, with "ill-defined restrictions." As an example, Apple says the language in the bill would permit the government to order companies who make smart home speakers to "install persistent eavesdropping capabilities" or require device makers to create a tool to unlock devices.

Apple says additional work needs to be done on the bill to include a "firm mandate" that "prohibits the weakening of encryption or security protections," with the company going on to outline a wide range of specific concerns that it hopes the Australian parliament will address. The list of flaws Apple has found with the bill can be found in the full letter.

Apple has been fighting against anti-encryption legislation and attempts to weaken device encryption for years, and its most public battle was against the U.S. government in 2016 after Apple was ordered to help the FBI unlock the iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino.

Apple opposed the order and claimed that it would set a "dangerous precedent" with serious implications for the future of smartphone encryption. Apple ultimately held its ground and the U.S. government backed off after finding an alternate way to access the device, but Apple has continually had to deal with further law enforcement efforts to combat encryption.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

‘Five Eyes’ Governments Urge Tech Companies to Build Backdoors into Encrypted Services

Five nations including the U.S. and the U.K. have urged tech companies to comply with requests to build backdoors into their encrypted services, or potentially face legislation requiring them to do so by law.

The statement is a result of a meeting last week between the "Five Eyes" intelligence sharing countries, which include the U.S., the U.K., Canada, Australia, and New Zealand.

In a published memo, the governments claim that the use of such backdoors for accessing encrypted data would respect personal rights and privacy, and be limited only to criminal investigations by law enforcement.
Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute. It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards. The same principles have long permitted government authorities to search homes, vehicles, and personal effects with valid legal authority.
The memo goes on to note that each of the Five Eyes jurisdictions will consider how to implement the statement principles, including "with the voluntary cooperation of industry partners", while adhering to lawful requirements for proper authorization and oversight.

The statement of principles underlines the fractious relationship between some governments and tech companies regarding encryption over the last few years, in which the popularity of digital messaging services has exploded.

The U.K. government has long argued that encrypted online channels such as WhatsApp and Telegram provide a "safe haven" for terrorists because governments and even the companies that host the services cannot read them.

In 2016, Apple and the FBI were involved in a public dispute over the latter's demands to provide a backdoor into iPhones, following the December 2015 shooter incidents in San Bernardino.

Apple refused to comply with the request, saying that the software the FBI asked for could serve as a "master key" able to be used to get information from any iPhone or iPad - including its most recent devices - while the FBI claimed it only wanted access to a single iPhone.

In another potential test case, Facebook is currently contesting a demand from the U.S. government that it break the encryption of its popular Messenger app so that law enforcement can listen in to a suspect's conversations as part of an ongoing investigation into a criminal gang.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Facebook Fights US Government Demand to Break Messenger Encryption in Criminal Case

Facebook is contesting a demand from the U.S. government that it break the encryption of its popular Messenger app so that law enforcement can listen in to a suspect's conversations as part of an ongoing investigation into the MS-13 gang.

The U.S. Department of Justice's demand is in relation to a case proceeding in a federal court in California that is currently under seal, so public files are unavailable. However, Reuters' sources said the judge in the case heard arguments on Tuesday on a government motion to hold Facebook in contempt of court for refusing to carry out the surveillance request.

Facebook says it can only comply with the government's request if it rewrites the code relied upon by all its users to remove encryption or else hacks the government's current target, according to Reuters.

Legal experts differed over whether the government would likely be able to force Facebook to comply. However, if the government gets its way in the case, experts say the precedent could allow it to make similar arguments to force other tech companies to compromise their encrypted communications services.

Messaging platforms like Signal, Telegram, Facebook's WhatsApp and Apple's iMessage all use end-to-end encryption that prevents communications between sender and recipient from being accessed by anyone else, including the service providers.

Tech companies have pushed back against previous attempts by authorities to break encryption methods, such as the FBI's request that Apple help it hack into the iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino.

In February 2016, a U.S. federal judge ordered Apple to help the FBI, but Apple opposed the order in an open letter penned by Tim Cook, who said the FBI's request would set a "dangerous precedent" with serious implications for the future of smartphone encryption.

Apple's dispute with the FBI ended on March 28, 2016 after the government found an alternate way to access the data on the iPhone with the help of a private contractor and withdrew the lawsuit.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Australia Prepares Laws Forcing Tech Companies to Help Police Access Encrypted Data of Criminals

Australia is gearing up to release new laws that will force Australian telecommunications companies and global tech companies to comply with law enforcement agencies, when such agencies ask for access to encrypted data on the smartphones of suspected criminals (via ABC News Australia). The laws are the latest in an ongoing global data battle that hit a fever pitch in the United States in early 2016 when the FBI asked Apple for a backdoor into the smartphone of one of the San Bernardino shooters.

Specifics in regards to the Australian laws have not yet been shared, but they are said to affect companies like Apple, Facebook, and Google, which would face "significant fines" if they choose not to comply with encrypted data requests. Australian telecommunications companies affected under the law include Telstra and Optus.


Cyber security minister of Australia Angus Taylor was asked if the laws would allow surveillance codes to be implanted into smartphones and "avoided directly answering," stating a lack of preparation to get into technical details.

Notably, one detail Taylor did confirm is that the government would not ask companies to install a backdoor into their apps and equipment, nor would they be asked to "provide law enforcement agencies with an encryption key." Because of this, it's unclear exactly how the Australian government's demands would need to be met by companies.
"There's been ideas around for decades that you should create some kind of key that law enforcement can get access to, to access any data at any time — that's not what we're proposing here," Mr Taylor said.

"But at the same time we must ensure that law enforcement doesn't lose access to the data and the information they need to pre-empt terror attacks and crimes, and to hold criminals and terrorists to account."
Taylor explained that the new proposals are an update to antiquated laws in Australia: "Those laws should be extended to a situation where messages are being sent through an app, or via any other means, in ways that the current laws hadn't anticipated," he said. "It's not appropriate to have a world where we can do this for analogue data, analogue communication, but we can't do it in the digital world."

In the United States, last month an anti-surveillance coalition, including Apple, condemned recent proposals for backdoor access into electronic devices. The coalition previously published a core principle pledging to ensure device security through strong encryption and calling on governments to avoid taking actions that would require companies to "create any security vulnerabilities in their products and services."

The news came as law enforcement officials were said to be revisiting proposals that would require tech companies to build backdoor access into devices for better access to data in criminal investigations. Apple continued enhancing user security in the recent iOS 12 beta, where a new setting was discovered that prevents USB accessories from connecting to the iPhone when it's been more than an hour since the device was unlocked.

Law enforcement officials use USB access to iOS devices to connect accessories like the GrayKey box, a tool that plugs into the Lightning port of an iPhone and uses the data connection in an attempt to brute force a passcode. With the new setting, an iPhone's Lightning port data connection will not work with the GrayKey box if it's been more than an hour since a passcode was entered, rendering it effectively useless unless used immediately after an iPhone is obtained from a suspect.

In Australia, draft legislation of the new laws will be presented "in weeks" so more details about the plans should emerge soon. Ahead of the launch, Taylor said that the government is "very sympathetic to the concerns that the tech service providers have had" in regards to forced compliance with data gathering on electronic devices.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Russia Demands Apple Remove Telegram From Russian App Store

The Russian government has asked Apple to help it block Telegram, the secure messaging app that's highly popular in the country, reports WCCFTech.

A Russian court in April ordered carriers and internet providers in the country to block Telegram back in April, after Telegram refused to provide Russia with backdoor access to user messages.


Telegram, for those unfamiliar with the app, offers end-to-end encryption for secure messaging purposes. With end-to-end encryption, no one, not even Telegram, can access the messages that are sent between users.

Despite issuing the block order back in April, Russia has only been able to disrupt Telegram's operations in the country by 15 to 30 percent.

Given the government's inability to block the app, Roskomnadzor, the division of the government that controls media and telecommunications, has demanded that Apple remove the Telegram app from the Russian App Store. The group first asked Apple to remove the app in April, but is appealing to Apple again.

"In order to avoid possible action by Roskomnadzor for violations of the functioning of the above-mentioned Apple Inc. service, we ask you to inform us as soon as possible about your company's further actions to resolve the problematic issue," the regulator wrote.

Roskomnadzor has given Apple one month to remove the Telegram app from the App Store. Roskomnadzor's director Alexander Zharov said he did not want to "forecast further actions" should Apple not comply with the request following the 30 day period.

The Russian government said that it needed access to Telegram to read messages and prevent future terror attacks in the country.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums