How Silly Mistakes can ruin High Security

[wa_desert_rat]

Watched a movie about Alan Turing and his work (and life) last weekend and since Turing's secret work (as well as those before and after Turing) was important in my life and his non-secret work (mostly after him) affected all of us who use computers, this little morality-play struck me as appropriate.

 

You can encrypt your hard drive, and you can encrypt all your on-line work. But encryption is useless if you (or someone else) cannot ultimately read the encrypted data. And if all that encrypted data reveals who you are then all it takes is someone gaining control over the device that harbors that data while it's in the clear.

 

If you are arrested while logged in to your encrypted laptop then those arresting you do not need to crack your crypto keys; as long as they don't log back out or turn off the laptop, they can operate as you. (This issue has caused problems with corporate laptops left in taxi cabs with the password, "Password".)

 

The story of how the FBI linked the "Dread Pirate Roberts" to Ross William Ulbricht through a series of blunders. But avoiding blunders like that is more difficult than you'd think.

 

Here is the story. http://www.itworld.com/article/2881775/four-technologies-that-betrayed-silk-roads-anonymity.html?phint=newt%3Ditworld_today&phint=idg_eid%3Dafbdce93df1132e5de07d306edf23bac#tk.ITWNLE_nlt_best_2015-02-12

 

It's interesting to note that the famous German Enigma machine really would have remained unbreakable were it not for the actions of several operators who completely ignored proper security precautions. Mainly, sending a weather report that was encrypted under Enigma AND sending the same weather report in the clear (along with other stupid errors). Just goes to show you... sometimes it's the simplest things....

 

WDR