
Mass arrests after BlackBerry cracked five years after seizure - CPAhem
https://www.smh.com.au/national/nsw/silver-bullet-mass-arrests-after-blackberry-cracked-five-years-after-seizure-20200731-p55hbq.html
======
jaimex2
Wonder how many cases out there are time locked for when the cracking tech
catches up. A case where some pedos encrypted their disks come to mind.

~~~
edude03
This is the general problem with committing a crime - the authorities have
forever to solve the crime, whereas you only have a limited amount of time in
which you can commit the crime and "get away" with it.

This is true for things like encryption where once the encrypted data is
captured it will eventually possible to decrypt it as technology advances, as
well as things like murders, where new evidence may randomly come to light, or
new technology can better analyze old evidence.

~~~
DEADBEEFC0FFEE
I don't really understand vwhy people who need to encrypt thing to stop from
going to prison, don't encrypt multiple times using different algorithms.
Surely that buys centuries of time.

~~~
quinndiggity
Few reasons off the top of my head:

\- why doesn't everybody already encrypt everything to begin with? there's
often a disconnect between the benefit and the ease/overhead of doing so (it's
hard enough to for people to care about using distinct and strong passwords,
or 2fa; if the implementer isn't concerned with their users' security then
often no one is) - people are lazy in general and security takes effort for a
variety of reasons. how many users do you know who want to put in more than
one password on every boot/resume from sleep/hybernation (which would be
necessary, as using the same password would obviously be dumb, and using a
keyfile beyond the first layers breaks the model for having those layers in
the first place)?

\- hindsight is easier to gain than foresight. people rarely predict the
specific fuck up that seals their fate, and most don't think about operational
security at a high level of competency, never mind in ways that survive 5+
years of advancements in technology, and against someone whose job it is to
keep on trying (or more realistically just waiting for
developments/discoveries made in security research).

\- how many operating systems can you name that support multiple layers of
full disk (or root partition) encryption with little to no effort? probably
the closest would be encrypted GRUB with LUKS, with ecryptfs for encrypted
home, maybe an encrypted loopback filesystem, and finally individually
encrypted files; mobile is far worse too (ie. how would you approach
implementing your own several layers of encryption on blackberry? that's what
system was broken in this instance). aosp/android? good luck. macOS you'll
find much more difficult to do any 3rd party FDE, and anything you do get
working will break in miraculous ways - close-knit integration hell. iOS? HA -
try convincing Apple to let you do a better job on anything system-wide, and
while you're at it convince them to let other browser vendors do a better job
there too, it would seriously improve iOS and be great for the web if Safari
wasn't holding the whole industry back.

Overall, it's generally not the encryption itself that breaks; sure sometimes,
but far less often than other channels that can be attacked. Cold boot attack
for a device still powered but locked to pull encryption keys from memory is
fun, but more often it's a weak/dictionary-based password or a 4 digit
passcode that bottlenecks the security offered all the way down to 16 measly
bits, or just attacking the joints where the encryption begins and ends. If
you weld a metal frame on top of a bamboo frame, it'll be the bamboo that
breaks, not the metal.

Also, the article doesn't even specify if the encryption was broken; the "new
technology capabilities" could have been simply the purchase of some new
hardware tooling or software to extract and dump the keys from the hardware
devices securing them, or simply a court order was obtained to compel RIM to
do so on their behalf.

------
rjkennedy98
Wish they would clarify what caused the 5 year delay. Were they running a
password solver algorithm the whole time or were there major advances in
technology that allowed them to crack the encryption?

~~~
bitminer
Because it took five years for an email from Canadian police to arrive in
Australia.

[https://www.ctvnews.ca/canada/outrageous-rcmp-can-unlock-
bla...](https://www.ctvnews.ca/canada/outrageous-rcmp-can-unlock-blackberry-
messages-1.2861290)

A news report from April 2016.

