We are always lost in debate when it comes to the question of technology either helping or hindering the fight against terror. Encryption which hide user identities are increasingly used by terrorist outfits to communicate in secrecy online, enabling them to go off-the-grid when planning and coordinating attacks.
In the past, authorities could easily gain access to plain text information in SMS and phone calls from telecommunication providers.
Nowadays, messages and sometimes even calls are encrypted when using services like WhatsApp or Signal. Service providers don’t have access to encrypted message and don’t generally want any access.
Chairman of Information Technology Society Sri Lanka Rajeev Yasiru Kuruwitage Mathew explained what an encrypted application is and why they cannot be deciphered easily.
Mathew acknowledged that modern encryption jumbles data using a key that the data can then be decrypted, or made readable to the normal users, by using the same or a corresponding key.
“For data communicated over a network, the key is typically known by both the sender and receiver, while for stored data, only the owner knows the key. End-to-end encryption is any form of encryption in which only the sender and intended recipient can read the message. No third party, even the party providing the communication service, has knowledge of the encryption key. End-to-end encryption is the most secure form of encryption that you can use. So where possible, always use end-to-end encryption to protect yourself and your data. Famous applications like WhatsApp, Signal, Telegram, and Threema are known to be some examples of end-to-end encryption communication services.”
End-to-end encryption protects data that can only be read on the two ends, by sender and recipient.
Former Army Chief Mahesh Senanayake claimed that the National Thowheed Jama’ath (NTJ) terrorist cell behind the Easter Sunday attacks used a highly encrypted mobile communication App named ‘Threema’.
Senanayake admitted that the level of encryption used by Threema makes intercepting or decrypting very difficult for Sri Lanka authorities with available technologies.
Terrorism is effective because it always seems near. It always seems new. Threema is an interesting and a common choice for terrorists because it is available in both Google Play and Apple App Stores. Even though it is a paid application in cyber space, Threema has many users around the world.
Threema started its days as an abbreviation of ‘EEEMA’ that stands for End-to-End Encrypted Messaging Application. The three “E”s were a bit bulky, so it became ‘Threema’. Threema is a completely independent and fully self-financed Swiss company based in the Zurich metropolitan area. They are dedicated to privacy protection since day one. Everything is done in-house, from software development to support, and they maintain their own servers.
Threema makes secure communications easy and fun. Users can send text and voice messages as well as files and locations in single and group chats. Users are able to make voice calls, create polls, and use Threema on the desktop with Threema Web.
Threema is a full end-to-end encryption which is between the sender and the recipient. It protects all messages end-to-end; on not only messages in single chats but also group messages, files and even profile pictures and status messages. A separate transport encryption is used to protect the header information in transit. Threema uses two different encryption layers to protect messages between the sender and the recipient. And that is end-to-end encryption layer and the transport layer which each end-to-end encrypted message is encrypted again for transport between the client and the server, in order to protect the header information.
The crucial part is that the end-to
-end encryption layer passes through the server uninterrupted that the server cannot remove the inner encryption layer.
But the real question here is what makes Threema so secure and why does it have the strength of encryption it has? Threema provides forward secrecy on the network connection. In Threema client and server negotiate temporary random keys, which are only stored in Random Access Memory (RAM) and replaced every time the app restarts. So if an attacker who has captured the network traffic will not be able to decrypt it even if he finds out the long-term secret key of the client or the server after the fact.
An interesting element in Threema is it stores local data such as the history of incoming and outgoing messages, and the contact list in encrypted form on the device. The way in which this data is encrypted varies among platforms.
Russia vs Telegram
Talking about decrypting Threema, Mathew said that decryption is a process of converting encoded or encrypted data in a form that is readable and understood by a human or a computer. This method is performed by un-encrypting the text manually or by using keys used to encrypt the original data.
“An example is the incident in Russia where the app Telegram, which had 200 million global users and was popular in countries such as Iran, was banned because it refused to comply with a Court order to give security services access to users’ encrypted messages. The Russian Government targeted to block Internet Protocol address hosted by different platforms. But the new system being tested using a new technology called Deep Packet Inspection. This system operates in more and systemic way, analysing the Internet traffic, identifying the data flows and blocking them.”
“As a result the Moscow Court ordered to block access to Telegram which the messenger’s founder and CEO Pavl Durov called it as an open farce. Reports say that some Russian technology firms were invited to submit their Deep Packet Inspection technology for testing.” He explained further.
End-to-end encryption is closer to users as much as they are closer to their mobile. Mathew opined it is a hard to get secret codes which are known as secret keys from the service providers even when the Government kept requesting.
“It is not 100 per cent undoable. The spyware called Pegasus built by NSO Group which many talked implicated in a breach of WhatsApp is capable of scraping a target’s data the servers of Apple, Google, Microsoft and Facebook. Pegasus targeted more than 20 human right defenders, journalists and parliamentarians in Mexico including the murdered Saudi Journalist Jamal Khashoggi,” he added.
Mathew emphasised that Pegasus is being distributed among countries in order to target terrorists globally.
“Pegasus spyware was introduced by Israeli Government to target activists globally and they are ready to lend it to other countries. The spyware is an accurate as well as well built platform with the newest technology. We do not know whether this Government has requested for the spyware or are they are writing new software to decrypt the data which were used in the encrypted applications,” he added.
Speaking the actions and investigations Information Security Engineer of Sri Lanka Computer Emergency Readiness Team (SLCERT) Ravindu Meegasmulla said that they are not conducting any investigations or did not take any actions regarding the terror attack and the technology used.
“We do not have authority or the power to conduct any investigations against anyone or about anyone. What we do is take complaints that occur because of social media and direct the victim to the relevant area,” he added.
It is clear that like everything else, data encryption has positive and negatives to consider. For these reasons there needs to be a strategic planning for data encryption within the organization and it is the key element. Without detailed planning, data encryption can easily become complex for the IT administrator to manage and becomes complicated for users in the end.