The FBI Secretly Ran the Anom Messaging Platform, Yielding Hundreds of Arrests in Global Sting - The Wall Street Journal

The FBI Secretly Ran the Anom Messaging Platform, Yielding Hundreds of Arrests in Global Sting - The Wall Street Journal

The FBI Secretly Ran the Anom Messaging Platform, Yielding Hundreds of Arrests in Global Sting - The Wall Street Journal

Posted: 08 Jun 2021 03:15 PM PDT

Hundreds of suspected members of criminal networks have been arrested by authorities around the world after being duped into using an encrypted communications platform secretly run by the FBI to hatch their plans for alleged crimes including drug smuggling and money laundering.

In the global sting operation dubbed "Operation Trojan Shield," an international coalition of law-enforcement agencies led by the Federal Bureau of Investigation covertly monitored the encrypted communications service Anom, which purported to offer a feature cherished in the criminal underworld: total secrecy.

The sting was revealed this week in a series of news conferences by authorities in the U.S., Europe, Australia and New Zealand. Alleged members of international criminal organizations adopted the platform as a means to communicate securely, unaware that authorities were covertly monitoring 27 million messages from more than 12,000 users across more than 100 countries, officials said.

The takedown involved more than 9,000 law-enforcement offices around the world that had searched 700 locations in the previous 48 hours alone, U.S. and European officials said early Tuesday. Police forces had in recent days carried out more than 800 arrests in 16 countries and seized more than 8 tons of cocaine, 22 tons of cannabis and 2 tons of synthetic drugs, as well as 250 firearms, 55 luxury vehicles and over $48 million in various currencies. More than 150 threats to human life were also disrupted, officials said.

In the U.S., the FBI charged 17 foreign nationals operating in places including Australia, the Netherlands and Spain with distributing encrypted Anom communications devices, saying they violated federal racketeering laws typically used to target organized-crime groups, officials said. Eight of those individuals are in custody and nine remain at large, they said.

The global effort put any other companies offering such services on notice that law-enforcement agencies world-wide consider developing and selling technology aimed at defeating their ability to monitor and intercept communications to be unlawful—the latest salvo in a debate unfolding globally about how to balance security and privacy on technology platforms.

Authorities, who see encrypted platforms like Anom as providing a haven for illicit activity beyond the reach of government monitoring, signaled that intelligence agencies and law enforcement would aggressively seek to infiltrate platforms designed in such a way that they can be used by terrorists and criminal gangs to evade detection.

"The immense and unprecedented success of Operation Trojan Shield should be a warning to international criminal organizations—your criminal communications may not be secure; and you can count on law enforcement world-wide working together to combat dangerous crime that crosses international borders," said Suzanne Turner, the special agent in charge of the FBI's San Diego field office.

Investigators in that office have been involved with Anom since 2018, when they co-opted and began running the service, which makes and distributes a type of secure, encrypted mobile device that has grown popular among criminals in recent years.

Anom devices are special mobile phones, costing thousands of dollars each, that have a single application for covert communication installed, with regular smartphone elements such as GPS removed for security and anonymity. They also can be remotely wiped when they are seized by law enforcement.

Similar devices were once sold on the open market. But after the 2018 arrest of an executive at a company called Phantom Secure, the distribution of mobile devices meant to evade law-enforcement access has increasingly moved underground. Governments in North America, Europe and Australia have all brought cases or opened investigations aimed at criminalizing the sale of such services and devices.

Trojan Shield grew from when the FBI developed a confidential human source involved in the development of Anom and used that access to make, market and distribute the devices around the world, according to an affidavit unsealed in U.S. federal court this week. The source, who had been involved in selling other secure devices to criminal networks before trying to develop Anom, agreed to cooperate with the bureau in order to reduce his or her own criminal exposure and lessen a potential sentence, court documents say.

With the source's cooperation, the FBI and its law-enforcement partners secretly built into Anom the ability to covertly intercept and decrypt messages. The FBI relied on the source's relationships with criminal gangs in Australia to help distribute the first batch of devices, with word of the service spreading organically after that, documents say.

Europol said Anom was used by more than 300 criminal groups in more than 100 countries, including Italian organized crime, outlaw motorcycle gangs and international drug-trafficking organizations. In court filings, the bureau detailed extensive conversations about narcotics trafficking, cryptocurrency transactions, cash smuggling, corruption and other illicit activity flowing through Anom's systems.

Drug smugglers in South America allegedly used a banana distributor and an Ecuadorean tuna company, for example, to smuggle narcotics to Asia and Europe in part by bribing port officials, U.S. authorities said in court documents. Belgian authorities seized 1,523 kilograms of cocaine bound for Antwerp based on leads from monitoring Anom messaging. Hollowed-out pineapples and refrigerated fish were used to conceal contraband, authorities said.

FBI official Calvin Shivers, in The Hague on Tuesday, said law enforcement gained insight into crime-gang activities by monitoring Anom messages.

Photo: jerry lampen/ANP/Agence France-Presse/Getty Images

According to U.S. court documents, one user boasted about his ability to move drugs internationally using French diplomatic pouches—the envelopes or packages that diplomats are authorized to use under the rules of international diplomacy without being searched.

The coalition of law-enforcement agencies involved in the effort—with Australia, Sweden and the Netherlands in leading roles—highlights the stepped-up international response to the global trade in illegal drugs in recent years.

The sting operation also marks the latest development in a global battle over encryption, privacy and security. People around the world have shifted onto encrypted communications platforms such as Signal, WhatsApp and Telegram, making their communication more difficult for law-enforcement and intelligence authorities to intercept.

Such apps offer users more security and privacy in response to concerns about hacking and data leaks, but also make investigations more difficult. While authorities have expressed concerns about the nefarious use of such apps, activists say encryption and secure communications are important for dissidents in authoritarian countries, journalists reporting sensitive stories and other users concerned about privacy.

Law-enforcement authorities say devices like Anom can go a step further than such commercial apps.

International law-enforcement agencies have targeted companies that manufacture such devices, alleging they are part of a criminal conspiracy to deny law enforcement access to evidence. The chief executive of Canada-based Phantom Secure, one such company, pleaded guilty in 2018 to charges of operating a criminal enterprise and received a nine-year sentence in the U.S.

European authorities also previously infiltrated EncroChat, a similar service that made hardened Android phones with encryption capabilities, shutting down the service last year and bringing charges against users suspected of organized crime.

In March, a federal grand jury indicted the CEO of Sky Global, another company based in Canada, on similar charges after an investigation that has had international repercussions. Belgian authorities arrested dozens of suspects in March in one of the largest police operations in the country's history after breaching Sky Global devices that they say were used from South America to Europe and Dubai to coordinate illegal drug shipments and attempted killings and torture, for example. The CEO of the company, Jean-François Eap, has denied wrongdoing.

Write to Byron Tau at byron.tau@wsj.com and James Marson at james.marson@wsj.com

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

17 Password Manager Apps - Small Business Trends

Posted: 08 Jun 2021 07:00 AM PDT

Password managers are computer programs allowing small businesses to generate, store and manage passwords for online services and software applications. These tools keep all the information for your business and the websites you use securely. They encrypt all information in your database, and they are one of the best ways for how to remember passwords.

These apps keep your business passwords protected so you don't need to be concerned about being hacked. Check out the links on our site to the best products.

Why You Need a Password Manager for Your Business

The best password managers work for business and personal uses. They help keep your credentials secure. These apps also help to prevent sensitive information from being hacked. Your password database gets encrypted with one master password. You only need to remember that.

Professional Accounts

Some businesses use the same passwords for all of their accounts. That's a bad move since hackers only need to know one to grab sensitive information. A password manager is another layer of protection.

One of the big advantages is they usually have military-grade encryption which is extremely hard for hackers to breach. Storage is usually in a cloud server which is a secure platform for small businesses.

The best passwords involve random characters and numbers. Remembering them can be a real problem for small businesses. Hackers use algorithms to get at weak passwords. That makes it impossible to remember long strings of vital passwords. Writing them down on sticky notes or somewhere else is looking for trouble.

How to Use a Password Manager?

They store the information in a vault. It's where a password manager stores information. There are browser add-on and mobile apps that connect the software and devices.

17 Best Password Manager Apps

There are several password manager options to choose from. Some are free and others have paid packages. You'll need to sort through the features and password manager apps to find the right one.

1. LastPass

LogMeIn is the company behind this password manager tool. They are one of the biggest software as a service (SaaS) companies globally. This password manager tool has 70,000 business users and 25.6 million clients overall. There's are free, premium, and family packages available. This password management tool offers some excellent business tools. For example, secure password storage allows workers their own space to store apps and web logins. Some of the other important policies include centralized control.

This allows business owners to enforce security policies and get insights into their employees' password behavior. Security is big with this password management software. LastPass uses third-party security firms to conduct audits and test the product. It's an excellent feature for small businesses looking for reliability and security.

One of The Better Deals

LastPass offers a browser extension and mobile app. The app offers an automated filling feature so you don't need to type out information. There is also a fingerprint access option for authentication. This is one of the best password managers because it offers a variety of plans. There is a free and premium option. The premium option bills in monthly increments. The families option comes with a free 30-day trial. it works with different devices.

The business plans range from an MFA package that costs $3 per user per month. The Identity Package combines the Enterprise and MFA options for $8 dollars.

Compatible with

LastPass is compatible with a variety of search engines and devices. You can get a version for Windows and Mac. It also works with Chrome, Firefox, Safari, and Microsoft Edge. You can download versions right from their website. You can also get versions for iPad and iPhone and Android smartphones.

2. 1Password

1Password makes our list of password manager picks for several reasons. You store important data on credit cards and logins. This tool also looks after things your company needs to keep secret like application keys and private certificates. These features make it one of the better deals.

1Password allows business owners to restrict access. Currently, they have millions of customers which include over 80,000 small businesses.

There's a free trial version with a business package that starts at $7.99 per user per month. This product offers some interesting integrations. You can use Slack with 1Password. There is also an advanced reporting feature so you can identify potential security threats.

It allows small businesses to see if credentials and email addresses have been exposed

There are personal and family options. Businesses can get unlimited items storage and free family accounts for $7.99 per user per month. There is also a Teams package that comes with a free version. It costs $3.99per user per month. You can get a custom quote for the Enterprise offering.

Compatible with:

The downloads available for 1Password include macOS and iOS. You can also find them for Windows, Android, and Linux. Chrome OS and Command Line are also on the list. There are some other options for small businesses who want to use 1password. Like standalone versions of these browser extensions. You can also get the latest release for Windows 10 for later versions. Some other browser extensions are available for Firefox and Edge as well as Chrome.

3. Keeper

Keeper is another one of the password managers it does similar things to 1password. It creates high-strength random passwords for applications and websites. One of the big differences is it stores the passwords in a vault on employee devices. It is considered one of the better password managers because each employee gets an encrypted vault.

It's good for small businesses because it allows employees to save time. They don't need to reuse, reset and remember different passwords. It works for traveling sales teams very well. Because they can have private client data files and credentials.

The pricing works as follows. There's a free version and a number of other options for business, personal, family, and student use. The family plan offers five private vaults where you can store unlimited passwords. It costs $6.24 per month. There is also a student version. The business version has a free trial. There is an encrypted vault for each and every user that includes folders and subfolders.

The enterprise version offers automated team management and other password management features

Compatible with:

Keeper is compatible with Chrome, Firefox, Safari, and Opera. It also works with Edge and Internet Explorer. Remember, this tool offers professional services and world-class support. They have teams that will help you to implement the tool and with configuration. That's great news if you have a complicated IT environment

Here's another note. Keeper can install this tool including encryption right on a user's device. Other products like 1Password only do that at the vault level. That means all records don't get this service with 1Password. Another advantage for Keeper is it supports Internet Explorer. 1Password doesn't offer that option.

4. RoboForm

RoboForm uses a random password generator to build unique and strong passwords for each website. You can share login information with other people who use this tool. Password sharing is simple. You only need the recipient's email. That doesn't mean this password management software isn't secure. It uses two-factor authentication to access every account.

Setting up an account is easy. All you need to do to get started is enter an email address and set a master password. You can even import other passwords from your browser or import them manually. It's even possible to use a competing password management product. RoboForm will save them in a password vault. This is done automatically when you log in to any online accounts.

There is a free version available. It includes unlimited logins and a password generator. The Everywhere option costs $1.99 a month and it is billed annually. The Family Plan costs $3.98 a month and you can get access on all of your devices.

The business option costs $3.35 a month and is billed annually. There are no contracts and you pay as you use the service. This option offers a complete separation of personal and business passwords.

Compatible with:

RoboForm works with a variety of different platforms. It works with Android, Windows, iOS and Mac. This tool has support for all of the larger browsers.

5. Dashlane

Dashlane is ahead of the competition when it comes to other password managers tools. It uses US Patented Security Architecture and AES 256-bit encryption. There is another feature here designed for work-life balance. Smart Spaces can monitor passwords in either the business or personal space. They also offer one single sign-on that covers different accounts.

The reporting dashboard allows you to look for problems with passwords and make changes.

This password management system comes with a free trial. If you are looking to buy Dashlane, there is a business, individual, or family plan to choose from. The business version costs eight dollars a month and is billed annually. It comes with a free trial.

The Essentials package offers dark web monitoring and two-factor authentication. Some of the other interesting features include personalized security alerts and 1 GB of file storage

Compatible with:

Dashlane is supported on mobile platforms and your small business's main desktop. It works with Windows 10, macOS, iOS, and Android. All the major browsers are supported like Firefox, Chrome, Edge, and Safari

6. Zohovault

Zohovault offers one sign-on for cloud applications. Users are able to log on to the apps they use every day without needing passwords. This is one of the best password managers because you can export visual reports from your vault account in PDF format. You can choose a data center from around the world to store your information.

Zohovault has a 15-day free trial. After that, you can move on to a paid version or to their free plan. There is a standard and professional paid plan as well as an enterprise-level option. You'll need to have a minimum of five users for this one.

This is one of the best password managers because it has a free version. That's something 1password doesn't have. This Zoho product also integrates with third-party apps.

Compatible with:

This product is compatible with Microsoft apps like OneDrive and other popular ones like DropBox. Included are several mobile apps too. There's a 15-day free trial making this one of the best deals.

7. BitWarden

This tool incorporates open-source software for secure data sharing. That means is possible to access password vault data on any device, anywhere you might be working. This tool also has enhanced security. The password vault is regularly audited.

There are several packages to choose from. The Teams and Business package has unlimited users for $3 dollars per user per month. The Enterprise Organizations option has unlimited users for $5 dollars per user per month

Compatible with:

The website reports that you can access information through any browser on any device

8. LogMeOnce

LogMeOnce offers a variety of features like auto-login and an automatic password generator. There's a multi-factor authentication process And different sign-ups for personal and business users. There are three different options to choose from for businesses.

The Teams and Business package starts at $3 dollars per user per month. The Enterprise package starts at $4 dollars and the Identity package goes up to $7 dollars per user per month

There are personal versions for sale and free trials.

9. Password Boss

Password Boss is the password management system that offers role-based access. This means different members of your team can manage access to clients' passwords. This tool also offers encrypted data and secured password sharing. That means that you can share internal passwords and customers' passwords as well as digital notes. There is a dark web scan available and a business and personal option. The business plans have a standard and advanced option. You can try each for 14 days for free.

Compatible with:

There is an app you need to install to get your account set up. It's compatible with Windows,OSX,iOs and Android.

10. Sticky Password

Sticky Password works on memory cards and USB sticks. As far as password managers go this product excels with additional features. There's an optional Wi-Fi synchronization. It's considered one of the best password managers available because it keeps credit card information safe and generates strong passwords.

There's a free version available that has data storage and unlimited encrypted password abilities. The premium version costs $29.99 for one year. Small businesses get secure cloud backup with this version. There is a team package for your business. For students and teachers, there is an academic version too.

Compatible with:

Sticky password is compatible with Windows and IOS as well as Android and Mac.

11. True Key

As far as secure password managers go, True Key is an industry leader. It uses the AES-256 encryption algorithm. When you're not signing in on a trusted device, this tool offers two-factor authentication for further security. Password management is also automatic

Compatible with:

True Key Supports several different platforms including IOS, Android, Mac, and Windows. It is also one of the better password managers you can find supported on popular browsers like Edge and Chrome.

You can download the app in the app store or on Google Play.

12. BitWarden

BitWarden is another one of the open-source password managers on this list. They offer administrative policies that help employees practice password hygiene. You can use either the cloud storage or host your self option with this password management tool.

The teams and business package is three dollars per user per month. It offers unlimited collections on an unlimited number of devices. The Enterprise Organizations option offers single sign-on authentication.

Compatible with:

BitWarden is compatible with the directory service your small businesses using presently.

13. KeePassXC

KeePassXC uses industry-standard encryption to store passwords. They are the password management solution offering a tool that logs into your e-commerce website. These browser plug-ins are extremely helpful as a quick and easy way to get these managers working. Security is covered with standard industry encryption.

There are some other interesting password manager features. The password database also works offline. That means you can access your passwords without an Internet connection.

There is a basic and advanced option to choose from. The basic version allows for integration with browsers like Mozilla Firefox and Google Chrome. The advanced version offers password reports and statistics

Compatible with:

This is one of the password managers that has been tested on Linux, macOS, and Windows.

14. NordPass

NordPass remembers the websites you frequent and fills in the correct password for you. Share passwords with their encrypted vault. Store information for credit cards and even shipping addresses. This is one of the password managers that use fingerprints and Face ID.

There's even a username generator that strengthens authentication. The business name generator places NordPass alongside the best password managers. There's a free and Premium as well as a Business version.

Compatible with:

There are apps available for Windows, macOS, Linux, iOS, and Android. And extensions for Chrome, Firefox, Edge, and Opera.

15. RememBear

RememBear is one of the password managers that lets you log in with one click. You can autofill passwords and even save notes.

Compatible with:

Like some of the other password managers, RememBear provides apps. There are ones available for macOS, Android, iOS, and Windows. Browers extensions include versions for Safari, Firefox, and Chrome.

16. EnPass

EnPass allows for secure password storage using over 80 built-in templates. This tool lets you store passwords. Then you can sync them on your own cloud servers.

There are several different plans to choose from. Small businesses can begin with a desktop app that's free and move on to individual or family plans. The one-time plan offers a personal Lifetime License

Compatible with:

The desktop app works with Windows, macOS, and Linux. Get the app from the App Store, the Windows Store, or the Mac Store. You can even import other passwords from Excel spreadsheets and your Chrome browser

17. Blur

Blur offers industry-leading privacy. There's a free version available, but only on a single device. Another big bonus is the excellent autofill support.

There are three different options for this password manager including Premium, Unlimited Premium, and a free plan.

Compatible with:

This tool works on several different platforms like Mac, Android,.iOS, and Linux. There are several browser plug-ins for Safari and Opera as well as Chrome and Firefox

Finding the Best Password Manager App: Features to Look For

Sorting through the best password managers doesn't need to be daunting. There are several features to look for like at least two-factor authentication. Make sure you understand how passwords are generated. Other features like dark web monitoring and cloud storage are important. However, all of this will be for not if you don't have company password policy best practice in place. The list below goes through some must-have password management features.

Role-Based Permissions

As the name suggests, this feature is about restricting access to users that have been authorized. A good password manager might do this based on management roles. It adds another layer of password security

Encrypted File Storage

Protecting your files using a password that allows users to decrypt them is another security layer. The files should never be uploaded to a server. If there's form filling involved, make sure the encryption only happens in your browser.

Password Generator

Passwords need to be secure. A password generator is another feature you can't overlook. Look for this on any interface meant for users. It will allow you to use different devices for your small businesses. Eight characters is usually the minimum for a good password that's automatically generated. Look for secure password storage too.

Digital Security Analysis

It doesn't matter whether you need a password manager for your business laptops or other devices. One that scans data for password hygiene is best. Dark web monitoring is another box to check. 1Password has a travel mode feature that can hide vaults when you travel. Bitwarden has platforms that include HIPAA security standards. They also offer third-party security audits for their browser plugins

Emergency Contacts Setup

The idea is to be able to override two-factor authentication if there's an emergency. Look for a built-in way to set up a recovery-type tool.

Automatic Form Filling

Any password manager needs to gather information. This is an authentication feature that automatically fills in the password and any username. You should find one that automatically fills in credentials that have been stored. Most of the top-notch platforms include this for their users. Read about some security issues below.

Password Sharing

Industry-leading password manager tools handle your private documents and logins and store them in a password vault. This is convenient and safe when more than one person needs to access an account. Look for a sticky password option when looking at sharing passwords. A great feature for security.

Reset Master Password

Many of these tools offer a master password reset option. The LastPass web browser extension allows you to do this. One note of caution here. Links to other users accounts will need to be reset after you've adopted a new master password

Multi-Factor Authentication Options

A good password manager needs to be secure. Two-factor authentication is good. However, a password manager like LastPass premium offers multi-factor authentication. Some of these offer a fingerprint option for a smartphone. Multi-factor authentication can include third-party tools like YubiKey.

A Large Password Vault

Any kind of password vault like the one that comes with LastPass is a good idea. This holds all of your logins, usernames, and passwords and gives you access with one password. The best of these use advanced encryption standards. It's the same one the US government uses to protect information is classified.

Why not Use Automatic Form Filling?

Automatic form filling isn't as secure without a password manager. Even so, there's evidence tracking scripts can capture information from auto form filling features. Some experts recommend disabling this item on these platforms. Even LastPass is vulnerable.

Which password manager is best?

Looking for the best password manager means checking out different features. Tom's Guide is a good source to point you to the best site. The site lists LastPass, Keeper, Bitwarden, Dashlane, and 1Password in that order. LastPass offers great features like automatic form filling. Bitwarden has excellent features too. It allows users access in 40 languages. Bitwarden Premium has a secure vault you can access from your device. The user interface is good for different devices. The authenticator is good for password sharing. If you're looking for free features, don't bypass Dashlane.

What is the best password manager for iPhone?

Dashlane is considered the best password manager for an iPhone. Some of the features put it ahead of others like Bitwarden and LastPass. For example, the premium plan has a built-in virtual private network. Platforms that use tools like Windows, macOS, and Android can streamline tasks.

Are password managers really safe?

Are you wondering if a password manager can really be secure and safe? One of the features to look for is cloud storage. Security is a number one priority. Tom's guide lists some of the features you can find in the best ones like Dashlane and LastPass. Look for things like excellent antivirus software and identity theft protection. Look for regular audits and compliance with global security standards.

The site also suggests you look for a password manager with a VPN service to keep business matters private. The key is to have password best practices in your organization.

Are free password managers safe?

Good security is just as important when you're looking at free password managers. Features like secure file storage are critical. They should also have browser plugins for android and ios. Look for other must-haves like password encryption. You'll need the security of end-to-end encryption too.

What is the best free password app?

Dashlane is one of the best free password manager app choices. Tom's Guide has some other platforms to consider too. They suggest Bitwarden has a good basic free option. LastPass is mentioned too. However, they only allow links to mobile devices or computers. Not both. To be fair LastPass does include an authenticator app for devices in its free plan. Dashlane also offers a free VPN.

Image: Depositphotos

Cryptography whizz Phil Zimmermann looks back at 30 years of Pretty Good Privacy - The Register

Posted: 08 Jun 2021 10:01 AM PDT

Encryption and verification package Pretty Good Privacy (PGP) has celebrated a troubled 30 years of securing secrets and giving cypherpunks an excuse to meet in person, with original developer and security specialist Phil Zimmermann toasting a world where encryption is common but, he warns, still under threat.

"It was on this day (6 June) in 1991 that Pretty Good Privacy was uploaded to the Internet," Zimmermann wrote in a piece published over the weekend. "I had sent it to a couple of my friends for distribution the day before. This set in motion a decade of struggle to end the US export controls on strong cryptographic software.

"I became the target of a criminal investigation for violating the Arms Export Control Act by allowing PGP to spread around the world. This further propelled PGP's popularity. The government dropped the investigation in early 1996, but the policy debate raged on, until the US export restrictions finally collapsed in 2000. PGP ignited the decade of the Crypto Wars, resulting in all the western democracies dropping their restrictions on the use of strong cryptography. It was a storied and thrilling decade, and a triumph of activism for the right to have a private conversation."

PGP's workaround for these export restrictions, the US International Traffic in Arms Regulations (ITAR), is storied. Realising that the nation enjoyed a constitutional right to free speech which extended to published work, the source code was published as a printed book – a protected work under the 1st Amendment to the US Constitution – and distributed abroad, where it was scanned through an optical character recognition system and compiled into a freely distributable international variant.

Hungry hungry mergers and acquisitions

Following the end of the criminal investigation into Zimmermann, the PGP team set up PGP Inc. which was quickly gobbled up by security specialist Network Associates Inc. (originally McAfee, then Intel Security, and now McAfee once more) in 1997. The feature set of PGP grew quickly, but Zimmermann grew disillusioned and parted ways with the company in 2001 before Network Associates put its PGP assets up for sale.

While there were definite fears that PGP would die a death in limbo, those assets became PGP Corporation in 2002, with Zimmermann taking the role of social advisor and consultant. PGP Corporation would in turn be swallowed by Symantec in 2010.

Despite concerns about its usability and a handful of security concernsthough never truly broken – the core technology introduced in PGP 1.0 remains very much alive among everyone from privacy enthusiasts and cypherpunks to CESG, the cybersecurity division of UK spy agency GCHQ – when it works, at least.

Three decades on, the battles remain

"Here we are, three decades later, and strong crypto is everywhere," wrote Zimmermann on the day of PGP's 30th anniversary. "What was glamorous in the 1990s is now mundane. So much has changed in those decades. That's a long time in dog years and technology years. My own work shifted to end-to-end secure telephony and text messaging. We now have ubiquitous strong crypto in our browsers, in VPNs, in e-commerce and banking apps, in IoT products, in disk encryption, in the TOR network, in cryptocurrencies. And in a resurgence of implementations of the OpenPGP protocol. It would seem impossible to put this toothpaste back in the tube.

"Yet, we now see a number of governments trying to do exactly that. Pushing back against end-to-end encryption. We see it in Australia, the UK, the US, and other liberal democracies. Twenty years after we all thought we won the Crypto Wars. Do we have to mobilise again? Veterans of the Crypto Wars may have trouble fitting into their old uniforms. Remember that scene in The Incredibles when Mr. Incredible tries to squeeze into his old costume? We are going to need fresh troops."

Zimmermann's retrospective indicated a need for defence on a range of fronts – from "ordinary citizens and grass-roots political opposition groups" to those who can "push back hard in policy space" – though stopped short of a full call to arms. PGP itself, meanwhile, is now most commonly used in tools adhering to the OpenPGP specification, an email-focused standard under the stewardship of the OpenPGP Alliance, founded by Zimmermann himself back in 2001. ®
-

Comments

Post a Comment

Popular Posts

6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog

Image
6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 5 best TrueCrypt alternatives | Encrypt your computer with these apps - proprivacy.com The Best Way to Encrypt Email in Outlook - Security Boulevard 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog Posted: 23 Nov 2019 12:00 AM PST Anti-forensic techniques can make a computer investigator's life difficult. From committing fraud in an organization to stealing crucial data, cybercriminals can perform a wide range of nefarious activities. In some cases, these perpetrators try to cover their tracks by deleting browser history, cache memory, and even cookies. But with an upward trend , it is now much convenient for cyber attackers to use already progr...
Read more

How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf

Image
How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Mobile Encryption Market – Key Players, Size, Trends, Growth Opportunities, Analysis and Forecast To 2027 – The Courier - The Courier Fleeing WhatsApp for Better Privacy? Don't Turn to Telegram - WIRED How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Posted: 23 Feb 2021 12:00 PM PST [unable to retrieve full-text content] How to Encrypt Your iPhone or iPad Backup    MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Posted: 24 Feb 2021 06:14 AM PST Share this: Covering certain stories–such as human rights abuses, corruption, or civil unrest–can place you at a higher risk of arrest and detention, particularly...
Read more

A Look At Blockchain Smartphones Available Now - I4U News

Image
A Look At Blockchain Smartphones Available Now - I4U News A Look At Blockchain Smartphones Available Now - I4U News Posted: 09 Oct 2019 06:19 AM PDT There is probably no one in the world who has not heard of cryptocurrencies. In the past few years, the general public's awareness of the likes of Bitcoin and Ethereum has skyrocketed. This has happened to such a degree that there are literally millions of us using Bitcoin wallets offered by Luno and other well established names in the industry. On the other hand, blockchain is not necessarily that well known and its capabilities maybe a little less. So although we know that blockchain is the basis of cryptocurrencies, many of us know little more than that. Anyways, this technology is extremely adaptable and is being applied to many industries/sectors from health to disaster recovery. So that it will come as no surprise that blockchain is shifting its attention to mobile. This has resul...
Read more