Canadian! fella! admits! hacking! Gmail! inboxes! amid! Yahoo! megahack! A Canadian hacker for hire has admitted ransacking webmail accounts for miscreants accused of orchestrating the Yahoo! megahack that hit all three billion Purple Palace user accounts. Karim Baratov, 23, appeared in a federal district court in San Francisco on Tuesday after striking a plea deal with US prosecutors. He was …
"“The illegal hacking of private communications is a global problem that transcends political boundaries,” said US Attorney Brian Stretch.
“Cybercrime is not only a grave threat to personal privacy and security, but causes great financial harm to individuals who are hacked and costs the world economy hundreds of billions of dollars every year."
I call it secure end-to-end encryption - why don't we: i) Implement more and stronger encryption and: ii) take some real steps to stop various TLAs from trying to break the concept with fuckwit requests for backdoors.
Partly because we're (yes, I mean us right here) are cowards. We won't generally go on the record and clearly state that "yes" we're prepared to make things easier for terrorists, paedophiles and assorted other nefarious characters. We won't explicitly admit that "yes" I value my personal privacy more highly than the lives of some future terrorist victims and "no" the thought of obstructing the detection of child abusers does not make me reconsider.
Of course it's not about terrorists and child abusers at all. It's about predation of the state. Future or present.
That "we" up there is incongruously linked to argument made by politicians and instrumented by politicians to sell the no-crypto poison. I am not a politician.
That "we" up there is incongruously linked to argument made by politicians and instrumented by politicians to sell the no-crypto poison. I am not a politician.
I'm not a politician either, but the fact remains that, if you're a child porn merchant, ubiquitous, uncrackable, end to end crypto would be a godsend. Tor is probably good enough for tech aware paedophiles (most of the time), but the majority of them would likely benefit significantly from law enforcement proof cryptography being a universal default.
I can live with that, just as I acknowledge that any time I support military action I am likely de facto endorsing innocent people getting blown limb from limb. Supporting "our troops" implicitly means supporting child murder in almost all active theatres. As I said, I can live with that. Trying to pretend that crypto issues are only about TLA snooping is mendacious cowardice. If you're going to advocate something that can facilitate terrorism and child abuse (which I do) then you should be prepared to own it.
We won't generally go on the record and clearly state that "yes" we're prepared to make things easier for terrorists, paedophiles and assorted other nefarious characters.
It certainly isn't the binary alternative you present.
A backdoor is a backdoor for anyone who comes past to try turning its handle and they're not all good guys. Introduce a backdoor to aid law enforcement and you're also aiding some of those nefarious characters as well. Was that what you wanted?
Another factor is that a society that believes in freedom under the law has got to build on elements such as due process and presumption of innocence. Backdoors are antithetical to these.
And, for the record, I spent a good proportion of my working life in a job gathering evidence to prosecute, terrorists, sex offenders and other nefarious characters. One thing that I take away from that is a strong belief in due process of law and the presumption of innocence. Terrorists would remove those if they got their way so why should we give in to them by removing them ourselves?
It certainly isn't the binary alternative you present.
A backdoor is a backdoor for anyone who comes past to try turning its handle and they're not all good guys........
I'm aware of that. I don't disagree with any of your points, I'm just opposed to trying to weasel out of the potential consequences. It makes privacy advocates look disingenuous. Ubiquitous end to end encryption will result in a situation somewhere, sometime, where a child rapist and murderer remains undetected longer than he otherwise would have done.
Own it. If you've supported any of the military actions this century you have way more blood on your hands than that already. Admit that the lives of abstract children are not your highest priority (probably not even in the top five). Admit that if you actually are faced with a binary choice then you'll choose principles over innocent lives.
I don't see why this is so difficult: the US Presidential oath of office says essentially the same thing (defend the Constitution, not necessarily the people). Spiralling off on a tangent of whataboutism and sophistry whenever the point is raised simply discredits the argument.
"FSB approaches a canadian dude on the darknet undercover to hack accounts of murrican companies to get info about Russian members of the state. It's fauxly true!"
Sounds plausible only to Murrican brains fed a lifetime of Navy CSI bullshit.
"Organized Crime" is probably too mundane for "cyber".
His targets included an assistant to the deputy chairman of the Russian Federation; a cybercrime officer in the Russian Ministry of Internal Affairs; and the chairman of a Russian Federation council committee. Interestingly, Baratov was also tasked with pwning the managing director, sales director, and a researcher at a "major Russian cybersecurity firm."
Or it could be our own TLAs. You know, the ones with people of such quality that they brew up fake dossiers on Trump's multicultural ties on demand.
Where did it mention breaking into an ISP and installing a logger for all the network traffic? Or even that the hacked email accounts didn't use end to end encryption?
Most breaches of this kind are spear phishing (used to be called social engineering).
Tell me how end to end encryption protects your email account if you give someone your account details!
striking a plea deal
Baratov confirmed he was pleading guilty and wasn't being coerced
How is this possible, he is denying he entered a plea deal in front of court ?
Oh, a plea deal is not coercion, no, of course not ...
No idea if he can be proven guilty, now, we will never know, for sure.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
