Tracking Islamic State Impeded By Encryption

Islamic State is "very security-conscious" and a prolific user of strong encryption technology, posing a major challenge as the US works to uncover and disrupt plots by the terrorist group, Director of National Intelligence James Clapper said.

Clapper said the group uses end-to-end encryption, which refers to messaging applications or other services that secure communications when they are sent and received with scrambled code that can be unlocked only with a special key.

"ISIL is the most sophisticated, by far, user of the Internet and the technologies that are available privately to ensure end-to-end encryption," Clapper, using an acronym for the group, told reporters recently at an event in Washington hosted by the Christian Science Monitor. "That is a major inhibitor to discerning plotting going on principally by ISIL, or others."

The increasing availability of strong encryption has stoked a fierce debate inside the US, pitting officials and agencies responsible for security against technology companies such as Apple Inc. that view the technology as essential to helping their customers and users secure personal and business information.

Find a Balance

Clapper said he supports strong encryption but that he and other US officials are trying to "thread the needle so that we ensure privacy and security." He declined to say whether the Obama administration would support draft legislation in the Senate that would require companies to comply with court orders giving law enforcement agencies access to data by releasing it from encryption.

"Somehow we need to find a balance here," Clapper said. "I don’t know the technicalities of how we might arrive there."

Apple, Google and other companies began offering more and stronger encryption after former US contractor Edward Snowden exposed extensive government spying.

Snowden Impact

The National Security Agency estimates that the Snowden revelations pushed the development and adoption of commercial encryption technology forward by seven years, Clapper said. It was the first time a US official offered such a calculation.

"It has had, and is having, a profound effect on our ability to collect, particularly against terrorists," Clapper said. "From our standpoint, it’s not a good thing."

The FBI served Apple with a court order in February compelling the company to help break into an encrypted iPhone used by Syed Rizwan Farook, who with his wife carried out the deadly December attack in San Bernardino, California. Apple resisted and the FBI dropped the case last month after saying it bought a tool from a private organization it hasn’t identified to break into the phone.

Clapper declined to comment on how the FBI got into the phone. The FBI has said an entity it hasn’t identified helped it hack into the phone, and agency Director James Comey suggested last week that it paid more than $1.3 million for the hacking tool that won’t work on newer phones.
Information-Management: http://bit.ly/1US00Qf

 

 

« SpyEye Masterminds Begin 24 Year Sentence
Hit By DDoS? You Will Be Hit Again… »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

HackLabs

HackLabs

HackLabs is a penetration testing company providing services for network security, web application security and social engineering testing.

enSilo

enSilo

enSilo secures customers data on premise or in the cloud. Regardless of the where the threat comes from, enSilo can protect your data.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC) is a government body providing support for ICT related activities including formulating national ICT strategy and policy.

RATEL (SRB-CERT)

RATEL (SRB-CERT)

RATEL has been appointed as the National Center for the Prevention of Security Risks in ICT systems of the Republic of Serbia (SRB-CERT).

Assac Networks

Assac Networks

Assac Networks ShieldIT is an app that completely protects any BYOD smartphone from both tapping and hacking.

Get Indemnity

Get Indemnity

Get Indemnity are specialist insurance brokers with experience working on a wide range of innovative business insurance products that combine risk management, indemnity and incident response services.

Elpha Secure

Elpha Secure

Elpha Secure provides a comprehensive cybersecurity solution, combining technology and insurance to protect against cyber threats.

INFRA Security & Vulnerability Scanner

INFRA Security & Vulnerability Scanner

INFRA is a powerful platform with an easy interface for any kind of Ethical Hacking, from corporate monitoring and VAPT (vulnerability assessments and penetration testing) to military intelligence.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

InfoSystems Inc

InfoSystems Inc

InfoSystems provides reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.