Dutch and French authorities have cracked another encrypted communication service that criminals allegedly used to communicate with each other. The service, named Matrix, was the successor to previously cracked services such as ANOM, Sky ECC, and EncroChat. Police were able to intercept over 2.3 million messages and were able to read along with conversations for months.

Archived, if you prefer that: https://ghostarchive.org/archive/Bif16

The investigation did not spotlight the similarly-named Matrix open source communication protocol.

Feel like there are going to be a lot of confused Lemmy users who won’t read more than the title.

Well goodness. I read the article, fortunately, but it’s good to see other people pointing out here.

My initial thought was that this was the matrix we obviously care about. I didn’t look at the details to see if these people are truly nefarious and do belong in jail, which I’m okay with, but it was definitely troubling to imagine that something I thought secure wasn’t secure. 😬

Why are these apps getting hacked? Wouldn’t just RSA 2048 be enough?

RSA doesn’t scale, so if the message is large then RSA becomes unwieldy. So most encryption methods that make use of RSA actually encrypt the data with a symmetric algorithm, and then just encrypt the key for the symmetric data using the RSA key.

But there is still way way way too many ways to implement crypto wrong, which can completely compromise the security of it.

Encryption is easy, key exchange is not

The real matrix’s key exchange is pretty headacheless, is there any downsides to it?

Encryption is really really hard, and avoiding some form of sidechannel attack is much much harder.

Sure key exchange also isn’t trivial, but I would say that key exchange is significantly easier. Care to elaborate?

Encryption is trivial. Getting a reliable keystream is not.

It all depends on the framing 😁

@CAVOK@lemmy.world
creator
link
fedilink
318d

Probably an implementation issue. Make a small error there, like storing parts of a key in memory or something like that and you’ve compromised security.

Mubelotix
link
fedilink
119d

deleted by creator

I’m surprised so many criminals are picking these niche services that haven’t had their security verified by trustworthy third parties. That’s just asking for trouble.

The allure of the potential for “security through obscurity” is great if you don’t know better.

As with all criminals, it’s only the dumb ones that get caught.

I wonder who works in the cartel’s IT department.

d-RLY?
link
fedilink
218d

Given the massive take down. I think you mean “I wonder who ‘worked’ in the cartel’s IT department.”

My undergraduate professor once worked for one of the largest banks in Germany, and she told me clearly that all encryption algorithms exported by the US have a way of being broken. A backdoor in the algorithm? Perhaps

JackbyDev
link
fedilink
418d

When was this? In years past there were weird restrictions about exporting strong encryption algorithms from the US. So much so that Java didn’t have unlimited strength algorithms bundled by default. Depending on the time she said this/she was talking about then it could’ve just been a comment on the weak algorithms being, well, weak.

Perhaps she was just wrong

Not really. Certainly some “encryption” algorithms or really implementations have backdoors, but RSA for example doesn’t. Encryption is only worthwhile if it’s mathematically sound, and you can’t backdoor mathematics without some random undergrad working on their maths degree figuring out for fun.

@rtxn@lemmy.world
link
fedilink
116
edit-2
19d

previously cracked services such as ANOM

Shit journalist. ANOM was created by the FBI as a honeypot trap. https://en.wikipedia.org/wiki/Operation_Trojan_Shield

veee
link
fedilink
2119d

I just listened to the Search Engine podcast episode covering ANOM last night! Completely wild the reach of this program entailed.

Link to the episode for those that are interested.

ANOM was also covered in a recent episode of the podcast Darknet Diaries!

veee
link
fedilink
117d

I’ll check it out. I don’t normally tune in, but they have a good show.

Did the authorities post “FIRSSTTT”?

d-RLY?
link
fedilink
418d

More than likely would mass post “Knock knock…” and wait for the first “who’s there?” reply.

asudox
link
fedilink
-119d

lol

I wonder if this matrix app was just a honeypot that was named to trick people into thinking they were using the “real” matrix.

Cyborganism
link
fedilink
1319d

What is the Matrix?

La matrice est universelle, elle est omniprésente, elle est avec nous ici en ce moment même, elle est le monde qu’on superpose à ton regard pour t’empêcher de voir la vérité.

Quelle vérité ? Le fait que tu es un esclave Néo. Le monde est une prison, sans espoir, ni saveur, ni odeur, une prison pour ton esprit.

Cyborganism
link
fedilink
119d

Ben voilà! 😁

What is the Matrix?

A viral advertising campaign in 1999…

Cyborganism
link
fedilink
1619d

Aw man. I was fishing for a movie quote. LoL

FYI it’s different matrix from the matrix.org

It’s it different from the matrix Neo lives in too?

But what is the Matrix?

Look Neo, soon you won’t have to ask that question.

But, why male models?

Thank you

Wish OP had written that in post… I nearly got a heart attack and was wondering how TF they done that 🤣

Dude seriously lol

@CAVOK@lemmy.world
creator
link
fedilink
2118d

I don’t change the headline generally, but I also didn’t catch that it wasn’t “the real” matrix.

Since France uses matrix themselves, they could’ve simply shut their own server down 😛 Which would be horrible of course …

I would love to call the headline clickbaity bs, but it’s technically accurate and somehow this makes it worse and better at the same time.

The investigation did not spotlight the similarly-named Matrix open source communication protocol.

huh

I like the full quote better:

Dutch police said the Matrix app was targeted along with similar encrypted services known by the names Mactrix, Totalsex, X-quantum and Q-Safe. The investigation did not spotlight the similarly-named Matrix open source communication protocol.

Absolute dupe-magnets.

Totalsex

heh

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.12K Posts
  • 78.1K Comments
  • Modlog