Thanks for the info. I decided to learn korean instead of dutch, so I'm at a disadvantage for getting detailed info outside of the canadian stuff.
It goes back to this case in Canada, where a similar hack of Blackberry Messenger was used:
In that case also, the police didn't want to reveal how they could decrypt the messages, as RIM refused to provide decryption keys that were stored on the server (like in the Ennetcom case).
Interesting. My guess is that they know of other companies selling similar products, (these encrypted phones are a dime a dozen on ebay and DNMs) and they don't want to let on exactly what their methods were in case they want to bust another network
I doubt there's an easy-to-use unpatched attack on current PGP.
It's a lot more likely that the PGP version is outdated or the keys were generated sever-side (or some flaw in the DH exchange from device to device through the central point of failure)
Nu.nl is not tech press, if hardly any press at all...
https://www.om.nl/actueel/nieuwsberichten/@98279/versleutelde/
Sorry, but I don't agree with how you feel about our country. I don't think this is the time or place to discuss Dutch politics, but let's hope we will see some changes after the 15th.
Interesting, it's definitely noticeable how little info is given how the authorities knew the keys were being generated and stored on the servers.
Yes, the keys were generated and stored server-side. I just can't wrap my head around the idea of people paying 1500 Euros for a blackberry while you can get anonymous sim card for free and cell phones for a couple of Euros.
1 Like
Readng up on the archived marketing material from ennetcom:
They were using BIS and BES, which gives us a much larger attack surface area than just PGP. It's looking less and less like a PGP problem and more like an outdated corporate security infrastructure problem
The BES documentation says that the server always creates and stores the keypairs as part of the Blackberry EMM, meaning the servers likely had a mirror of the devices' keystores, ripe for the picking. This has got to be a BES exploit.
It certainly looks like it, but does this mean all BES setups are compromised? I believe numerous leaders of countries use BES so that could be interesting then.
Looking at the Canadian court document and the press release of the Dutch public prosecutor, it is almost suspicious that zero information is given how the police got the info needed to convince Canadian court to hand over the data.
Another interesting fact is that the data was already handed over on the 19th of September, why make it public now?
The difference is that getting unlimited physical access to government BES installations is going to be far more difficult. (we have to assume whatever they used requires this, as they physically confiscated the data) It's also possible that BB is working in concert with the Dutch and want to keep mum.
public six months later, maybe things cooled down enough and this is just SOP for holland. It's also possible that they have the case completely nailed down now and this is just part of the disclosure proceedings.
I don't claim to know enough about dutch law to tell you with any certainty.
thoughts?
(this is on our placeholder site, I don't want to publish anything too alarmist or inaccurate)
Agreed. Talking about physical access, I wonder why Ennetcom would use servers in Canada instead of here in the Netherlands. A Dutch judge would never granted access to the server so easily. Or are the servers part of the BES and did Ennetcom have no say where they would be located?
Me neither, but with the Dutch elections coming up on March the 15th, everything is suspicious. I guess its time for me to get some tinfoil.
Interesting article which covers the story very nice I think. Only thing what is a little inaccurate is "The Blackberries were purchased by the criminal organization". It's not one organization they are after. Basically every serious criminal and criminal organization used them according to the police.
Also interesting: the Canadian court has put limitations on the use of the data
"[24] In summary, the appropriate way, in my view, to protect the rights of third persons in this situation is to include, in the sending order, terms and conditions that:
(i) require that the Kingdom of the Netherlands restrict access to the data to the Dutch investigators involved in the four investigations that formed the basis for the search warrant, and such other Dutch investigators who can satisfy a court in the Netherlands that they should have the right to also access that data, and;
(ii) require that the Kingdom of the Netherlands prohibit access to the data by any persons, including investigators, from any other country."
So on the one hand we have the Dutch prosecutor stating they have obtained evidence for over a dozen criminal investigations already. On the other hand we have the Canadian judge who said the data should only be used for four specific investigations, and in order to use the data in any other investigations they should first convince the court.
If the Dutch authorities really bring all those investigations to court, they might not be making friends with the Canadians.
2 Likes
You might say it'll clog the diplomatic pipes if they don't keep their tulips sealed, causing a windmill of chaotic relations, leading to Canada putting the red lights up on discourse, that protective dikes will no doubt debate on Tumblr once the weeds and psychedelic truffles of divisiveness start to spread.
(I had to, I've been holding it in since the tread started)
1 Like
Badum tsssss. (ok, you made me smile)
2 Likes
did I miss any of the key stereotypes? I try to keep up to date on the pulse of international ignorance
Hookers. Hookers everywhere you look. Other than that you nailed it.
1 Like
how could I have forgotten? edited for accuracy and posterity.
I will let it slide this time. Too busy eating cheese anyway
1 Like
So basically the tl:dr version is that there was a criminal organization that was targeted, they used those blackberries, authorities then got a court order to raid ennetcomms servers, but were authorized to only 'crack' 4 users' data.
Symantec was the company behind the PGPs and most likely those certs were backdoored lol.
1 Like
can you provide citation for the symantec connection (preferably in english? or with rough translation for my bilingual pleb brain)
No one said it's backdoored tho, I said 'most likely' because what's more likely?
A) Dutch forensic agencies broke encryption
B) A proprietary encryption algorithm developed in an orwellian nation is backdoored.
Trick question, it was:
C) SEP lets you access keystores if you have physical access to the server
You can use a variety of algos with all the modern, OSS implementations of PGP. (At least in GPG)
I'm not disagreeing with you about the possibility of a back door, I just doubt that it'd be utlilized for the first time under public scrutiny because the Dutch can't keep their house clean. Just curious as to your though process