Also, he DID swap out his phone for a secured one, and his staff instituted a number of security protocols to keep it secure.
Being elected president is not the time to learn a new technology suite. Hopefully most presidents have better things to do with their time than that.
At that level your people have people who have people to deal with that kind of minutiae.
At what level does this stop being a waste of time for the person?
I'm not suggesting Obama should have been forced to change, but every else in his administration was forced to change. There's some serious clashing between the need for secure devices and the reluctance to change from old technology.
My understanding is that internal hardware was removed/shielded, and I assume software modifications were made as well, like only connecting to specific cellular base stations (such as the one in his official vehicle).
The main scandal was her violating FOIA. There were some additional security concerns, but her running on a platform of undoing civil rights era legislation was the bigger issue.
I feel like this needs more explanation
Where would an average though maybe high priced attorney go to get advice other than “use signal & WhatsApp” if they knew they needed protection from a federal investigation?
I have more than a couple times witnessed and thought "are you actually exchanging highly sensitive information with your board while using an open wifi in the same room as 5 of your direct competitiors, their staff and 1k random guys like me?"
They can ask legal or IT but either way it will end up being a project relegated on a larger roadmap and will not be properly implemented in a timely manner.
I guess what I'm looking for is a piece written by a reputable source (from their POV) such as Bloomberg or the WSJ. Any ideas?
Edit: So are y'all dumping on me because my 20% estimate is too high, or too low?
Even I know the basic issues to address, even if I don't know all of the implementation specifics.
Now name one that an average attorney could find.
I’m not picking on you, I’m serious. I have a couple of people I might ask, but if expect most of them to say “no thanks”
No, "I'm doing sensitive work for a huge company and we fear that hackers are trying to penetrate our network and devices." How many would say yes now? Until the raid he was a big shot...and the personal "lawyer" to Trump.
Mine suggests that until very recently working as a personal lawyer for a reality star & planning for the “normal” security concerns therein wouldn’t be something high end firms would do (nor things lawyers would ask for) as a matter of course.
Remember by the time the feds come knocking it’s too late.
So is it any surprise that he'd be targeted?
If there aren't security firms that handle stuff like that, isn't that quite the market opportunity? From what I know, one would start with an iPhone. And then tweak for known fails. Buy the various hacking services/systems, and test against them. Not cheap, I know. And not easily doable without connections. But hey, better safe than sorry.
(Reading might do 99% of work though)
I disagree with the assertion that reading gets the job done. He was using signal. He read something about encrypted messaging.
When the feds came calling it wasn’t enough. You need highly specialized skills.
He's a braggart and not a great businessman considering the head-start he had, IMO, but that is irrelevant. Whether he has $3 billion or $10 Billion, he's still super rich, private jet rich for life. Even his children can sit by a beach house or two and live like kings for the rest of their lives.
>>I disagree with the assertion that reading gets the job done. He was using signal. He read something about encrypted messaging.
Signal message: "Joe, I'm sending a message so open Whatsapp and let me know when you're online...."
"OK, time to kill Jimmy. The rest of the money will be there tomorrow."
Delete it after it's read and...
Numerous people in that company outright went on the lamb. This happened extremely recently and the sinola cartel and Australian biker gangs were among their clients.
It was covered on risky.biz podcast
Edit: the Canadians actually did ask them about secure communication for cocaine smuggling
I think that he thought himself as untouchable and neglected it. Maybe dodged so many bullets over the years.
Question for HN: did the FBI break the Signal encryption or just managed to open his device to find all the messages there? Maybe sensitive messages need to be deleted.
I’m also interested in the answer to this question. From my layman’s understanding I see Signal as the most secure messaging solution out of the box, followed by WhatsApp but only if (and it’s a very big if) you don’t plan to do something that might raise the interest of a US 3-letter agency (i.e. you can use WhatsApp for random political corruption cases in European countries, like the politicians from my country do, but it’s not safe to use it if you plan to actively cross the interests of those 3-letter agencies). Telegram I also see as compromised by the Russian secret services, ignoring all the recent public brouhaha.
If anyone more knowledgeable has other views on this please feel free to correct me.
Cohen (and the whole Trump circle) went from operating at one level to a much higher level fairly quickly.
Also, there's a “you don't know what it is that you don't know” issue involved.
My point, I suppose, is that normally the associates of the president would be upstanding individuals who had achieved heights. In this case, as with many of DJTs associates, it is anything but that.
Your comment had me struggling to determine how one could store WhatsApp messages on iCloud. (From a Blackberry no less.)
But then I followed your link. I don't think that article was about Cohen. You may want to change your post.
On an equally important note, why is it that people out there assume that ANY form of electronic communication is impervious from government surveillance? The reality is that if a three letter agency is after you, it's probably unwise to be using WhatsApp and Signal in an incriminating fashion. (Or anything else for that matter.)
It's like locking your physical spaces. Yeah, you should go ahead and lock your house or office and turn on the alarm system while you're gone...
but you should also go ahead and assume that those three letter agencies planted surveillance devices in that house or office even in the face of your security measures.
Signal has a feature for self-destroying messages (on-read, or after x amount of time). Seems like that could've been used and it wouldn't have lead to this right here.
BlackBerry CEO blasts Apple for focusing on user privacy, data protection (2015)
RIM to share some BlackBerry codes with Saudis: source (2010)
BlackBerry approved in Russia (2007) [required access during criminal investigation]
I don't get this. How could you possibly decrypt encrypted messages without WhatsApp or Signal's assistance?
Isn't the whole point of encryption that no-one can decrypt it unless they have the necessary keys?
For instance, WhatsApp on Android will happily back up to Google Drive, if you allow it, and it does so in cleartext.
Backup key security is compromised by usability concerns (the need to restore the backup to a new phone without the old one).
In any case you are right that if you can restore an "encrypted" backup onto a fresh phone without any info from the old one, then all the bits necessary to do are held by parties who can be legally compelled to give them up.
No special skills needed except running locating the file, running a command and connecting using SQLite or something.
Hence, it is reasonable to apply any distinction to the content as a user of Google Drive sees it, and not as it may be stored on the backend. Hence, if the data WhatsApp pushes to the Google Drive API is unencrypted (and we're talking about the data, not about the HTTPS-encapsulated form that passes over the network), it is reasonable to call it "in clear text", and it wouldn't be reasonable to call it encrypted.
They would not be able to recover your data upon requesting a password reset, if they used proper end-to-end-encryption.
There is no indication that they decrypted anything by breaking into the end-to-end transport/network encryption used by these apps.
P.S.: Your honest question (which wasn't snarky) was downvoted by some people for reasons I don't understand. Upvoted in an attempt to compensate. Such questions and responses can help more people learn about encryption and the protections necessary at different stages/layers.
But if the person who knows the relevant keys willingly hands over appropriate passwords/etc. for a more lenient sentence then encryption is moot.
I believe Whatsapp has made a few compromises in this regard, but obviously Michael Cohen didn't bother to use disappearing messages in Signal or encrypt his Signal DB, despite how easy it is to do.
That screen was never meant to serve an encryption role and Moxie recommends using Android's full disk encryption feature to ensure data confidentiality at rest.
* the main WhatsApp msgstore database in /data is not encrypted
* the msgstore backup databases (.crypt* in /sdcard) can be decrypted easily using the key file (mentioned in the article) which is also stored in /data
I would hazard a guess that Signal messages are also not stored encrypted at the source and destination (beyond the protection offered by the operating system).
Bet he sung.
We've all seen it. Hundreds of times.
It wouldn't shock me to find out they just brute forced the password.
EDIT: It is suspected that Michael Cohen, being a long time Trump friend and personal lawyer, is familiar with Trump's money laundering. If Michael Cohen believes he's at risk of being sent to jail for many years, he might collaborate with the FBI.
Federal grand juries convene on Fridays so we will know by Monday whether more indictments will be handed down.
The only better sources for developments in this fiasco are the unsealed court documents coming out of the investigation.
My definition of the media is pretty expansive. If Trump is in so much trouble, I would think the Washington Post or New York Times would lead with it. Maybe they buried the trouble in the Style section.
The IG will also be looking at abuse of the FISA process:
Hopefully the government had a good reason for spying on Carter Page
did they have his phone password or is this saying they hacked the chat softwares?
It states that they did not disclose what was in the "encrypted data" so... there's no indication or assurance that they've managed to access the plain text.
That's what this article appears to suggest:
From paragraph 2 in the article:
> Investigators have restored 16 pages of documents found in Cohen’s shredder and recovered 731 pages of messages sent on encrypted platforms, including WhatsApp and Signal.
Also, to provide a vague, yet seemingly impressive metric, true to form for federal government employees, because it seems official to the non-technical layman.
If you were to declare a metric such as 900KB of encyphered base64, well, gee, that's like, almost nothing. But print it out, and non-expert jurors start thinking "Well, gee! 700 pages is longer than that Stephen King book that I just read!"
And anyway, they wouldn't have to print it out, to obtain a quotable metric. All they'd have to do is paste it into an evidence template, and prep it in a printable format, like a DOCX file or a PDF. Then, they can subpoena for the metadata, and at least maybe infer a relationship between entities, even if they are denied awareness of the nature of the conversations etween them.
Seriously, this is how government officials and lawyers tend to think.