Pavel Durov Arrested France

[0xDEADBEEF]

Hypothetically, there’s a massive company (maybe one in your stock portfolio). R&D is their core‌ focus, giving them a huge competitive edge. They bought a well-known, battle-tested communication platform specifically‍ for their R&D teams. Communication is only possible through their corporate network, and the R&D⁠ team can only use job-specific equipment on-site.

This is a company with a top-tier security⁤ department and a mature approach to security controls and principles. The software they use is⁣ 'air-gapped', and their security and network teams monitor those network segments 24/7. Yet, they still⁢ got breached, and the attacker managed to grab some sensitive data.

After seeing something like︀ this, I’d say if you really want secure comms, just meet your business partner in︁ a sauna. Of course, only if your threat model permits. ;-)

 

[mraleph]

C'mon, it was obviously industrial espionage and sabotage fin4774" At least you know that safety︁ can be achieved across spectrum. And appropriate ACL across and between layers. Somebody was dis-loyal︂ and others were over confident in complex phrases that were compensating their lack of comprehension︃ and a fear of failure.

If I would need safety, I would never ever engage︄ Cyber-security experts nor auditors 😎 Too much confidential information exposure to external persons without leverage and︅ balance.

We advise - the client decides whether to correct the behavior or to be︆ lazy. It's certainly not our responsibility if a client has bad OPSEC.

Remember a person - a naturalized Swiss citizen from Germany that was educated︈ in a private school in former - that said it performs confidential discussions in a︉ Bürgenstock sauna or in a beach in Cyprus or Sicily 🙄 I cleary told that person︊ in one of our last conversationa that such behavior will have consequences ns2 That person is︋ now indicted because of those sauna and beach talks - with a threat of about︌ significant number of years in prison and a heafty fines. Quite an expert in AML︍ finished without that A in indictment and a series of predicament crimes beside organized syndicate︎ membership ns2 That idiot reminds me of Mr Durov actually 😉

There is a seriously good program️ from Israeli vendor regarding perky microphones for let's say, less hospitable and extreme environments fin4774"

 

[clemens]

very good advise, it's really the only way for sensitive⁠ talks.

 

[dany]

this
https://line.me/en/
it is Chines again? how can you relay on Chinese based tech?‍

 

[12345]

japan based. Line has nice design and user experience for me,‍ similar to telegram

 

[Clank]

If you don't want to be spied by the US, EU or any‌ western country it's the best solution to use China tech.

 

[Clank]

I wouldn't trust a Japanese company.

 

[Wellington]

Japanese

Google Japanese privacy laws

Or Russian

1) client side encryption is a absolute must
Forgot to⁣ add

 

[0xDEADBEEF]

That's a valid point. The risks associated with engaging (most) external cybersecurity experts or⁠ auditors are huge, particularly when it comes to red team exercises. The probability of sensitive⁤ information leaking is considerable, and many organizations often fail to implement recommended security measures promptly.⁣
In this︀ particular incident, the IT environment was compromised elsewhere, and the attackers employed a series of︁ sophisticated techniques and exploits to reach their target. The method they used to infiltrate the︂ R&D networks is quite amusing, as it involved an attack vector that hadn't been considered︃ in their security planning.
Indeed, the attack was attributed to a threat actor known for utilizing such advanced approaches. Given︅ the value of the intellectual property at stake, their efforts were justified. This highlights why︆ I emphasize the importance of threat modeling. Defending against these adversaries is an uphill battle,︇ as they combine human intelligence, signals intelligence, and cyber tactics.

You're right about the sauna︈ strategy losing effectiveness once it becomes common knowledge. However, it does complicate matters for any︉ potential "partner" attempting to wear a wire. 😛
Absolutely! While they managed to access sensitive︋ information, they couldn't exfiltrate the most critical data. Their detection was also relatively quick. As︌ mentioned, the organization had a mature security posture, and I'm certain they've further enhanced their︍ defenses since this incident. A common issue I've observed is that many organizations/individuals focus solely︎ on technical solutions without addressing security holistically across all aspects of their operations.

 

[Clank]

It doesn't matter they will share‌ information in a blink of an eye.

5 eyes alliance:

Several countries have been prospective‍ members of the Five Eyes. Israel,[104] Singapore, South Korea,[105] and Japan have collaborated⁠ or continue to collaborate with the alliance, though none are formally members

 

[Wellington]

See_ LINE Corporation's Compliance with Applicable Laws⁠ | LINE Corporation | Security & Privacy

Line app is encrypted client side FYI between⁤ all counterparties unique

All requests have to go through Japanese Justice Processes (LINE Transparency⁣ Report - LINE Corporation)

- See US, UK etc in:

Disclosure Requests​

Also
Responding to Law Enforcement Agencies | LINE Corporation | Security & Privacy
https://linecorp.com/en/security/article/291

What it shows⁢ is that privacy is baked into the app, but also the law, so for legal︀ use cases where privacy is the main concern you are better using say Line than︁ say Messenger

Likewise criminals unfortunately use due to that.

 

[Clank]

Line is closed source so it's⁠ impossible to tell if they have any backdoors or if it's safe.

 

[Wellington]

LINE

・ Registered account data (profile image, display name, email address, phone number, LINE ID,‌ date of registration, etc.)

・ Communication history of specified users (message delivery date, IP address‍ of sender, port number of sender)*

*There is no disclosure through Investigation-Related Inquiry

・ Specified⁠ users' text chats**

**Only when end-to-end encryption has not been applied (if end-to-end encryption has⁤ been enabled, we cannot decrypt/extract the contents of text chats, so no disclosure of the⁣ contents of text chats is possible). End-to-end encryption is applied by default since July 1,⁢ 2016. For more details, please see Data Security.

**Even if unencrypted text chats are︀ disclosed, as per our policy, only up to seven days of text chats will be︁ disclosed.

**Only when receiving an effective warrant issued by the court.

**Video / picture /︂ files / location information / phone call audio and other such data will not be︃ disclosed.

https://linecorp.com/en/security/encryption/2022h1
True

 

[AlexPCS]

I think that with this whole arrest case one could see a parallel with crypto.‌ Pseudo-decentralized ones have a pronounced leader (like V. Buterin in ethereum) whereas truly decentralized ones‍ like bitcoin do not - Satoshi cannot be arrested because nobody can find him 🙂

A real anonymous messenger shouldn't have a publicly known director/leader (call it as you like), it⁠ should be distributed, open-source and governed by the community.

There are things like tox out⁤ there, but not many people are using it because indeed it is less convenient than⁣ telegram. So there is always a tradeoff when you try to balance true anonymity and⁢ day-to-day convenience.

 

[dany]

That's a really good discussion you have going here, but how are Line, Tox, Messenger‌ connected with Telegram? I can't quite understand the connection. Are they all owned by the‍ same person, namely Pavel Durov?

 

[Wellington]

Another one gone (never heard of before): Europol arrests 51 people and dismantles platform used‌ for cybercrime

 

[jafo]

It was a "honeypot" since the beginning. 😉

 

[mraleph]

This is related to Telegram and Mr Durov‍

https://www.europol.europa.eu/media...akes-down-new-criminal-communication-platform
as it erodes the fundamental liberties and rights.

The crucial narative that is created⁠ is

Europol and its partners continue to prioritise the fight against encrypted communication technologies used⁤ by criminals, while also advocating for a balanced approach that respects privacy rights and upholds⁣ legal standards.

Private companies that wish to ensure their services are used in compliance with⁢ the law also have an important role to play. They must ensure that their platforms︀ are not safe havens for criminals and should provide mechanisms for lawful data access under︁ judicial oversight and in full respect of fundamental rights.

Law enforcement needs access to communications︂ among suspects to combat serious crimes. This can coexist with privacy protection, while cybersecurity is︃ guaranteed and strong legal safeguards and oversight are in place

There is no mechanism that︄ protects the security and privacy of communication and allows government access for surveilance. Cyber-security isn't︅ guaranteed and legal norms are as strong as people ethics are.

 

[Wellington]

one of the reasons I started to feel uncomfortable having a secure email service available‌ to the public (as a company) was the terror attacks in Europe (I believe Paris)‍ - I am a firm believer in privacy but I will admit it kept me⁠ up at night in cold sweats - most if not all of the user base⁤ based on the social media content we could glean was Latin America at the time⁣

In 2018 I created a new method for secure private data storage which I realized⁢ in doing so was the perfect string broadcaster / or messenger solution basically everywhere but︀ nowhere, Wally amongst the crowds, non discernible as detectable.

At the time we used it︁ in system for the AIs to communicate but closed the front end where anyone could︂ use as it was a novel solution and not widespread or read

I then did︃ a paper and submitted it as a hypothetical to MI5, FBI and the US Senate︄ via a moniker - real concern at the ease and the power of the solution︅ should a terrorist come to the same idea/solution

Fortunately they continue to instead use services︆ or devices

And my brothers keep sending them Shalom mother fucker messages in return

 

[brianK]

I think‍ it’s better to avoid carrying any electronics at all. The fact is, you can’t really⁠ trust any manufacturer of electronic devices used for communication on this planet.