Police In Canada Used BlackBerry’s Key To Read Encrypted BBM Messages

When it comes to mobile phones Blackberry pride themselves on their security, with many companies taking up the device as their go-to model thanks to its support and security features. It now appears that those security features may not have been so secure after all with the Royal Canadian Mounted Police (RCMP) gaining the ability to read encrypted BBM messages.

When it comes to encryption, companies are having to be careful with the likes of Apple going to congress to discuss just how much they can be expected to help and support law enforcement without oversight or detailed rulings on how and when they can access private data. In this case, the RCMP gained access to BlackBerry’s BBM (BlackBerry messenger) services by using the encryption that came with your everyday BlackBerry, meaning the only ones that were safe from this interception are those connected to enterprise servers.

If you weren’t connected to an enterprise server, your BlackBerry would have used a peer-to-peer key that is loaded into your phone when it’s built, something that the RCMP managed to gain access to and in turn granted them access to people’s encrypted BBM messages and conversations.

As part of an operating, titled Project Clemenza, the RCMP intercepted and decrypted roughly one million messages as reported by Vice news in a joint investigation with Motherboard, who in turn revealed that the RCMP actually had a server in Ottawa that acted like a mobile phone by simulating “a mobile device that receives a message intended for [the rightful recipient]”.

With BlackBerry looking to step away from mobile devices and into security consulting, this news couldn’t come at any worse of a time given that if the server is still operational (key and all) then without a large update to its phones, the RCMP could still be reading people’s messages to this day even after the operation ended in 2012.

Hacker Diverts Traffic from 19 ISPs to Steal a Large Sum of Bitcoins

It is said that researchers over at Dell’s SecureWorks security division have uncovered a series of hacking attempts in which a bitcoin thief redirected a portion of online traffic from 19 ISPs, including data from Amazon, DigitalOcean and OVH, in order to steam digital currency from a group of bitcoin users.

The hijack said to have lasted just 30 seconds, but the hacking attempt is said to have been performed 22 times. On each attempt, the hacker gained control of the processing power of a group of bitcoin miners, redirecting their mining activity towards his private pool. Security researchers say that the hacker was able to pocket a flow of bitcoins and other digital currencies worth roughly $9,000 through the hijacking.

“With this kind of hijacking, you can quite easily grab a large collection of clients,” said Pat Litke, one of the Dell researchers. “It takes less than a minute, and you end up with a lot of mining traffic under your control.”

A technique called BGP is said to have been used, exploiting the border gateway protocol. The hacker took advantage of a staff user account at a Canadian ISP to periodically broadcast a spoofed command that redirected traffic from other ISPs from February throughout May this year. The command, along with miners not checking their rigs to notice the ‘new’ settings, led to the hacker pocketing $83,000 worth of cryptocurrency.

“Some people are more attentive to their mining rigs than others,” said Joe Stewart, a Dell researcher whose own computers were caught up in one victimized mining pool. “Many users didn’t check their setups for weeks, and they were doing all this work on behalf of the hijacker.”

The BGP hijacking method has been discussed as a potential threat to the internet security since 1998. Back then, a group of hackers known as L0pht stated that they could use the attack to take down the entire Internet in 30 minutes. The discussion was followed at the DefCon security conference in 2008 and was later used in 2013 to temporarily redirect a portion of US internet traffic to Iceland and Belarus.

Thank you Wired for providing us with this information

Bitcoin Offers Accepted By A Vegas Developer Selling His $7.85 Million Mansion

A developer and casino owner based in Los Vegas is reportedly attempting to sell his 25,000 feet mansion at a $7.85 million and is willing to accept Bitcoin currency as well. The idea apparently comes from his two sons who currently are digital “miners” and deal with the aforementioned currency.

“The advantage is that we’re expanding our market and adding some notoriety,” said Jack Sommer, the developer and casino owner. However, Julian Tosh, a consultant and owner of the marketplace website bitcoinsinvegas.com stated in the “Las Vegas Review-Journal” that using the currency can streamline international business deals: “There are a bunch of people who have bitcoins, and they’re dying for a place to spend it”.

Craig Tann, Sommer’s sales agent, said that Sommer’s mansion would be the first home in southern Nevada tp be marketed formally around bitcoins. But there are also other businesses which accept the currency. For example, a California Lamborhini dealership sold a $103,000 Tesla for 91.4 bitcoins. Also, a Canadian citizen listed his Alberta home for an estimated 480 bitcoins ($405,000 in US dollars).

But there is also a downside to all of this. As Tosh points out, one bitcoin was valued at $10 in January and rose up to over $1,000 in the October-November timeline. However, Friday it was valued at $870, but Bank of America Merrill Lynch speculates the bitcoint to rise again to $1,300, therefore a transaction in bitcoins is very risky. You can win big or you can lose heavily.

Thank you TheStar for providing us with this information
Image courtesy of TheStar