A fool and his secure criminal text messages are soon parted
-
-
Phantom Secure
The name tells it all: Security is a Phantom.
-
Technically clever, but not so much a Trojan Horse as it's a one trick pony. How many of those 400 arrests will even stick and put a dent in the problem? And now the horse has bolted...
-
@Applied-Mediocrity said in A fool and his secure criminal text messages are soon parted:
How many of those 400 arrests will even stick and put a dent in the problem?
If the arrests done are ones where the police believe they have admissible evidence (standards for which aren't the same everywhere) then it will have been worth it. Especially if the people arrested are the ones who are usually very good at avoiding the law.
-
@Applied-Mediocrity look. They did the same thing with Tor like 10 years ago - FBI put a backdoor in it and they've arrested a whole bunch of pedophiles and civil rights activists. The fact that the criminals took the bait again shows that continuous use of this strategy is a viable option.
-
@Applied-Mediocrity said in A fool and his secure criminal text messages are soon parted:
Technically clever, but not so much a Trojan Horse as it's a one trick pony. How many of those 400 arrests will even stick and put a dent in the problem? And now the horse has bolted...
As far as I see, they basically had two options: (a) don't do it at all, or (b) do it once. They opted for (b).
One of the articles mentioned that the timing coincided with some TLA's warrants expiring. So, technically they could have kept it going for a bit longer, but it would have eventually gotten out.
There's also the side effect on overall trust on those systems. It kept going for quite a while. What's to say that ${alternative} isn't another ploy? If you're a criminal/organization ... what do you do? Build your own? Will your collaborators trust yours? Do you theirs?
-
@Gąska Sure. People get duped into "bug fixes and performance improvements" over and over again (some of them are also playing Far Cry series ). Some would totally fall for An0m 2.0, too (now with headphone jack).
But manufacturing a phone is a bit more involved process. I'm amazed it even worked at all. It's like bopping some crim's head, taping a wire on him while he's unconscious and then hoping he never showers so that he won't find out.
Build your own? Will your collaborators trust yours? Do you theirs?
I'd say these same problems apply to some phone that nobody knows. How about getting some turbonerds to find out what that thing does?
Or could it be that some action movie plot happened - said turbonerds did take a look, but "did the right thing" and said "everything's fine"? In which case I believe their lives may become... rather uncomfortable.
-
@Applied-Mediocrity said in A fool and his secure criminal text messages are soon parted:
Or could it be that some action movie plot happened - said turbonerds did take a look, but "did the right thing" and said "everything's fine"? In which case I believe their lives may become... rather uncomfortable.
If the sending of the stuff to an additional address was placed in the secure enclave of the phone, it would have been very difficult to inspect.
Those are their own separate processor that manages the low level comms, and which is the highly regulated piece (so that the phone obeys telecoms laws) and isn't generally open to poke around in. The other possibility is that the tracking was done on the service side through monitoring the IMEI, and that's not possible to find via inspection at all.The real criminals won't have been using any of this; they'll do all their part in person at their club, leaving the operational communications to lieutenants.