WhatsApp, Threema, Wire and Telegram to cooperate and decrypt in Germany
According to SPIEGEL information, the Ministry of the Interior (Germany) wants to force providers such as WhatsApp, Threema, Wire and Telegram to cooperate and decrypt. They are to give readable chats to the authorities on a court order.
Federal Interior Minister Horst Seehofer (CSU) wants to give security authorities access to standard end-to-end encrypted chats and telephone calls. Messenger services such as WhatsApp or Telegram are to be obligated to record the communications of their customers on court order and send them to the authorities - in readable form, i.e. unencrypted. As SPIEGEL reports in its current issue, providers who do not comply with this obligation should be able to be blocked for Germany by order of the Federal Network Agency.
So far, only so-called source telecommunications surveillance is legally possible. To do this, you have to play a Trojan on each suspect's smartphone. The new obligations are to be launched by the end of the year.
The project is provoking protests from the companies concerned. Like WhatsApp, many offer their customers complete encryption ("end-to-end") of all communication content and so far have no access to such messages themselves. "This would have catastrophic consequences," says Alan Duric, co-founder of Wire, the Berlin-based messenger service. The project is dangerous, it would expose users to unacceptable risks.
The creators of Threema, of whose approximately five million users more than 80 percent live in the German-speaking world, are also reacting negatively. "Absolute confidentiality of communication" is "in the DNA of Threema", said a company spokesman. "We are not prepared to make any compromises. They do not have any infrastructure in Germany and therefore do not fall under German law. Should Germany want to prevent the use of Threema, "the country would seamlessly join the ranks of totalitarian states such as China or Iran".
https://www.spiegel.de/netzwelt/netzpolitik/horst-seehofer-will-messengerdienste-zum-entschluesseln-zwingen-a-1269121.html
#decrypt #whatsapp #telegram #wire #threema #germany #statetrojan #backdoor #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
According to SPIEGEL information, the Ministry of the Interior (Germany) wants to force providers such as WhatsApp, Threema, Wire and Telegram to cooperate and decrypt. They are to give readable chats to the authorities on a court order.
Federal Interior Minister Horst Seehofer (CSU) wants to give security authorities access to standard end-to-end encrypted chats and telephone calls. Messenger services such as WhatsApp or Telegram are to be obligated to record the communications of their customers on court order and send them to the authorities - in readable form, i.e. unencrypted. As SPIEGEL reports in its current issue, providers who do not comply with this obligation should be able to be blocked for Germany by order of the Federal Network Agency.
So far, only so-called source telecommunications surveillance is legally possible. To do this, you have to play a Trojan on each suspect's smartphone. The new obligations are to be launched by the end of the year.
The project is provoking protests from the companies concerned. Like WhatsApp, many offer their customers complete encryption ("end-to-end") of all communication content and so far have no access to such messages themselves. "This would have catastrophic consequences," says Alan Duric, co-founder of Wire, the Berlin-based messenger service. The project is dangerous, it would expose users to unacceptable risks.
The creators of Threema, of whose approximately five million users more than 80 percent live in the German-speaking world, are also reacting negatively. "Absolute confidentiality of communication" is "in the DNA of Threema", said a company spokesman. "We are not prepared to make any compromises. They do not have any infrastructure in Germany and therefore do not fall under German law. Should Germany want to prevent the use of Threema, "the country would seamlessly join the ranks of totalitarian states such as China or Iran".
https://www.spiegel.de/netzwelt/netzpolitik/horst-seehofer-will-messengerdienste-zum-entschluesseln-zwingen-a-1269121.html
#decrypt #whatsapp #telegram #wire #threema #germany #statetrojan #backdoor #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Spiegel
Seehofer will Messengerdienste zum Entschlüsseln zwingen
Das Innenministerium will nach SPIEGEL-Informationen Anbieter wie WhatsApp, Threema und Telegram zur Kooperation zwingen. Sie sollen auf richterliche Anordnung Chats in lesbarer Form an Behörden geben.
Letter to the eff (Electronic Frontier Foundation)
Dear ladies and gentlemen,
The legal situation in the EU and especially in Germany is getting worse every week.
After the upload filters, the state now demands that backdoors be built into the new 5G network so that the state can listen in and stingrays can be used effectively again (https://fm4.orf.at/stories/2982118/).
The highlight today is the news that Federal Interior Minister Horst Seehofer (CSU) wants to give security authorities access to standard end-to-end encrypted chats and telephone calls.
Messenger services such as WhatsApp or Telegram are to be obligated to record the communication of their customers on court order and send it to the authorities - in readable form, i.e. unencrypted. As SPIEGEL reports in its current issue, providers who do not comply with this obligation should be able to be blocked for Germany by order of the Federal Network Agency. (https://www.spiegel.de/netzwelt/netzpolitik/horst-seehofer-will-messengerdienste-zum-entschluesseln-zwingen-a-1269121.html)
These are all serious measures and the EU and Germany in particular are increasingly developing into a surveillance state.
We need help, we need attention, we need to make people think.
I would be happy to hear from you and be very grateful for any advice.
Yours sincerely
📡 @NoGoolag
#eff #decrypt #whatsapp #telegram #wire #threema #germany #statetrojan #backdoor #why #eu
Dear ladies and gentlemen,
The legal situation in the EU and especially in Germany is getting worse every week.
After the upload filters, the state now demands that backdoors be built into the new 5G network so that the state can listen in and stingrays can be used effectively again (https://fm4.orf.at/stories/2982118/).
The highlight today is the news that Federal Interior Minister Horst Seehofer (CSU) wants to give security authorities access to standard end-to-end encrypted chats and telephone calls.
Messenger services such as WhatsApp or Telegram are to be obligated to record the communication of their customers on court order and send it to the authorities - in readable form, i.e. unencrypted. As SPIEGEL reports in its current issue, providers who do not comply with this obligation should be able to be blocked for Germany by order of the Federal Network Agency. (https://www.spiegel.de/netzwelt/netzpolitik/horst-seehofer-will-messengerdienste-zum-entschluesseln-zwingen-a-1269121.html)
These are all serious measures and the EU and Germany in particular are increasingly developing into a surveillance state.
We need help, we need attention, we need to make people think.
I would be happy to hear from you and be very grateful for any advice.
Yours sincerely
📡 @NoGoolag
#eff #decrypt #whatsapp #telegram #wire #threema #germany #statetrojan #backdoor #why #eu
Germany mulls giving end-to-end chat app encryption das boot: Law requiring decrypted plain-text is in the works
Officials want to upgrade rules from device searching to message interception
Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.
According to Der Spiegel this month, the Euro nation's Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people's private enciphered chats to authorities that obtain a court order.
This would expand German law, which right now only allows communications to be gathered from a suspect's device itself, to also include the companies providing encrypted chat services and software. True and strong end-to-end encrypted conversations can only be decrypted by those participating in the discussion, so the proposed rules would require app makers to deliberately knacker or backdoor their code in order to comply. Those changes would be needed to allow them to collect messages passing through their systems and decrypt them on demand.
Up until now, German police have opted not to bother with trying to decrypt the contents of messages in transit, opting instead to simply seize and break into the device itself, where the messages are typically stored in plain text.
The new rules are set to be discussed by the members of the interior ministry in an upcoming June conference, and are likely to face stiff opposition not only on privacy grounds, but also in regards to the technical feasibility of the requirements.
Spokespeople for Facebook-owned WhatsApp, and Threema, makers of encrypted messaging software, were not available to comment.
The rules are the latest in an ongoing global feud between the developers of secure messaging apps and the governments. The apps, designed in part to let citizens, journalists, and activists communicate secured from the prying eyes of oppressive government regimes.
https://www.theregister.co.uk/2019/05/28/german_government_encryption/
Read as well:
Germany Seeks Access to Encrypted Messages on WhatsApp, Telegram
https://www.infosecurity-magazine.com/news/germany-seeks-access-to-encrypted/
📡 @NoGoolag
https://t.me/NoGoolag/1259
#decrypt #encrypt #whatsapp #telegram #wire #threema #germany #statetrojan #backdoor #why #eu
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Officials want to upgrade rules from device searching to message interception
Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.
According to Der Spiegel this month, the Euro nation's Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people's private enciphered chats to authorities that obtain a court order.
This would expand German law, which right now only allows communications to be gathered from a suspect's device itself, to also include the companies providing encrypted chat services and software. True and strong end-to-end encrypted conversations can only be decrypted by those participating in the discussion, so the proposed rules would require app makers to deliberately knacker or backdoor their code in order to comply. Those changes would be needed to allow them to collect messages passing through their systems and decrypt them on demand.
Up until now, German police have opted not to bother with trying to decrypt the contents of messages in transit, opting instead to simply seize and break into the device itself, where the messages are typically stored in plain text.
The new rules are set to be discussed by the members of the interior ministry in an upcoming June conference, and are likely to face stiff opposition not only on privacy grounds, but also in regards to the technical feasibility of the requirements.
Spokespeople for Facebook-owned WhatsApp, and Threema, makers of encrypted messaging software, were not available to comment.
The rules are the latest in an ongoing global feud between the developers of secure messaging apps and the governments. The apps, designed in part to let citizens, journalists, and activists communicate secured from the prying eyes of oppressive government regimes.
https://www.theregister.co.uk/2019/05/28/german_government_encryption/
Read as well:
Germany Seeks Access to Encrypted Messages on WhatsApp, Telegram
https://www.infosecurity-magazine.com/news/germany-seeks-access-to-encrypted/
📡 @NoGoolag
https://t.me/NoGoolag/1259
#decrypt #encrypt #whatsapp #telegram #wire #threema #germany #statetrojan #backdoor #why #eu
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Forwarded from BlackBox (Security) Archiv
We filed a criminal complaint: Prosecutor launches investigation into FinFisher for illegal export of state spyware
The state spyware FinFisher is developed in Munich and sold all over the world. The company needs approval for exports, but the German government has never granted that. Together with other NGOs, we have filed a criminal complaint. Customs is investigating, the crime is punishable by prison sentence up to five years.
Bahrain, Egypt, Ethiopia: Dictatorships around the world rely on surveillance technology „made in Germany“. The state spyware FinFisher or FinSpy is developed in Munich and sold to police and secret services in dozens of countries, including the German Federal Police.
To export such malware, FinFisher needs a license in accord with German and European law. However, the German Government has never issued one. Export without a license is a criminal offense. Thus we have filed a criminal complaint against the responsible companies and their managing directors.
Together with the Society for Civil Rights, Reporters without Borders and the European Center for Constitutional and Human Rights, we wrote a 21-page criminal complaint and an eight-page technical appendix, which we submitted to the public prosecutor’s office in Munich on July 5. Now they are investigating.
Our accusations are being taken seriously: The case was escalated directly to the Federal Customs Criminal Investigation Office, which is responsible for violations of the Foreign Trade and Payments Act.
From Munich via Turkey to prison?
Our principle case is Turkey. After the 2016 coup d’état attempt, the Turkish government arrested more than 77,000 people, including 34 journalists. A broad coalition of civil resistance organized against this repression, including the 2017 March for Justice.
During that time, a website „Walk for justice“ appeared, which offered an Android app to help organize the protest movement. This website was advertised on social media. But the app, which is still available today, is a camouflaged state spyware. After installation, it takes complete control of the device, monitors communication and extracts data.
In a detailed technical analysis and a technical appendix we prove that this Turkish state spyware is the German product FinFisher/FinSpy. We then analyze the company structure of FinFisher and suspicious individuals.
We are certain: FinFisher is developed in Munich and FinFisher was sold to Turkey without permission. That is a crime, punishable by a prison sentence up to five years. We hope that the authorities investigate extensively and confirm our accusations.
Until then, German authorities should stop using tools for dictators themselves and stop subsidizing such companies with taxpayers‘ money.
The legal documents are available in English as PDF and in German as HTML.
👉🏼 PDF:
https://cdn.netzpolitik.org/wp-upload/2019/09/2019-07-05_FinFisher_Criminal-Complaint_ENG.pdf
https://netzpolitik.org/2019/we-filed-a-criminal-complaint-prosecutor-launches-investigation-into-finfisher-for-illegal-export-of-state-spyware/
#FinFisher #FinSpy #spyware #CriminalComplaint #investigation #crime #StateTrojan #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
The state spyware FinFisher is developed in Munich and sold all over the world. The company needs approval for exports, but the German government has never granted that. Together with other NGOs, we have filed a criminal complaint. Customs is investigating, the crime is punishable by prison sentence up to five years.
Bahrain, Egypt, Ethiopia: Dictatorships around the world rely on surveillance technology „made in Germany“. The state spyware FinFisher or FinSpy is developed in Munich and sold to police and secret services in dozens of countries, including the German Federal Police.
To export such malware, FinFisher needs a license in accord with German and European law. However, the German Government has never issued one. Export without a license is a criminal offense. Thus we have filed a criminal complaint against the responsible companies and their managing directors.
Together with the Society for Civil Rights, Reporters without Borders and the European Center for Constitutional and Human Rights, we wrote a 21-page criminal complaint and an eight-page technical appendix, which we submitted to the public prosecutor’s office in Munich on July 5. Now they are investigating.
Our accusations are being taken seriously: The case was escalated directly to the Federal Customs Criminal Investigation Office, which is responsible for violations of the Foreign Trade and Payments Act.
From Munich via Turkey to prison?
Our principle case is Turkey. After the 2016 coup d’état attempt, the Turkish government arrested more than 77,000 people, including 34 journalists. A broad coalition of civil resistance organized against this repression, including the 2017 March for Justice.
During that time, a website „Walk for justice“ appeared, which offered an Android app to help organize the protest movement. This website was advertised on social media. But the app, which is still available today, is a camouflaged state spyware. After installation, it takes complete control of the device, monitors communication and extracts data.
In a detailed technical analysis and a technical appendix we prove that this Turkish state spyware is the German product FinFisher/FinSpy. We then analyze the company structure of FinFisher and suspicious individuals.
We are certain: FinFisher is developed in Munich and FinFisher was sold to Turkey without permission. That is a crime, punishable by a prison sentence up to five years. We hope that the authorities investigate extensively and confirm our accusations.
Until then, German authorities should stop using tools for dictators themselves and stop subsidizing such companies with taxpayers‘ money.
The legal documents are available in English as PDF and in German as HTML.
👉🏼 PDF:
https://cdn.netzpolitik.org/wp-upload/2019/09/2019-07-05_FinFisher_Criminal-Complaint_ENG.pdf
https://netzpolitik.org/2019/we-filed-a-criminal-complaint-prosecutor-launches-investigation-into-finfisher-for-illegal-export-of-state-spyware/
#FinFisher #FinSpy #spyware #CriminalComplaint #investigation #crime #StateTrojan #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
CCC analyses Munich's state trojan FinSpy
The technical #analysis of copies of the #FinSpy #malware substantiates the reasons for the criminal complaint against the Munich manufacturer of the #StateTrojan. The #CCC publishes its report as well as several variants of FinSpy and a complete documentation of the analysis.
#Security researchers of the Chaos Computer Club (CCC) have analyzed a total of 28 copies of the #spy-#software FinSpy for #Android from 2012 to 2019. The main focus of the investigation was the origin of the malware and the date of its production. The reason for the investigation is the criminal complaint of the Gesellschaft für Freiheitsrechte (GFF) and other organizations against the German group of companies #FinFisher because of the deliberate violation of licensing requirements for dual-use software according to § 18 para. 2 No. 1 and § 18 para. 5 No. 1 Foreign Trade Act (AWG).
The CCC today publishes its comprehensive report: Evolution of a private sector malware for governmental players
💡 The result of the analysis is that a copy of malware, which according to the GFF was used against the Turkish opposition movement in 2016, was clearly created after the EU export control regulations for surveillance software came into force.
💡 By comparing it with over twenty other copies from a seven-year period, the CCC shows continuity in the further development into which this copy fits. This is seen as a strong indication that it is a variant of the state Trojan "FinSpy". FinSpy is a product of the FinFisher group of companies, which has branches in Munich and elsewhere.
💡 In its report, the CCC also documents references to German-speaking developers that can be found in the source code.
"Our analysis shows that surveillance software originally from Germany was apparently used against democratic dissidents," said Linus Neumann, one of the authors of the analysis. "How this could have come about, the public prosecutor's office and the customs criminal office must now clarify."
https://github.com/linuzifer/FinSpy-Dokumentation
https://github.com/devio/FinSpy-Tools
👉🏼 Read more:
https://www.ccc.de/de/updates/2019/finspy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
The technical #analysis of copies of the #FinSpy #malware substantiates the reasons for the criminal complaint against the Munich manufacturer of the #StateTrojan. The #CCC publishes its report as well as several variants of FinSpy and a complete documentation of the analysis.
#Security researchers of the Chaos Computer Club (CCC) have analyzed a total of 28 copies of the #spy-#software FinSpy for #Android from 2012 to 2019. The main focus of the investigation was the origin of the malware and the date of its production. The reason for the investigation is the criminal complaint of the Gesellschaft für Freiheitsrechte (GFF) and other organizations against the German group of companies #FinFisher because of the deliberate violation of licensing requirements for dual-use software according to § 18 para. 2 No. 1 and § 18 para. 5 No. 1 Foreign Trade Act (AWG).
The CCC today publishes its comprehensive report: Evolution of a private sector malware for governmental players
💡 The result of the analysis is that a copy of malware, which according to the GFF was used against the Turkish opposition movement in 2016, was clearly created after the EU export control regulations for surveillance software came into force.
💡 By comparing it with over twenty other copies from a seven-year period, the CCC shows continuity in the further development into which this copy fits. This is seen as a strong indication that it is a variant of the state Trojan "FinSpy". FinSpy is a product of the FinFisher group of companies, which has branches in Munich and elsewhere.
💡 In its report, the CCC also documents references to German-speaking developers that can be found in the source code.
"Our analysis shows that surveillance software originally from Germany was apparently used against democratic dissidents," said Linus Neumann, one of the authors of the analysis. "How this could have come about, the public prosecutor's office and the customs criminal office must now clarify."
https://github.com/linuzifer/FinSpy-Dokumentation
https://github.com/devio/FinSpy-Tools
👉🏼 Read more:
https://www.ccc.de/de/updates/2019/finspy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv