NCA (UK) Claim They Breached PGP Encryption

In a recent court case (http://www.theguardian.com/uk-news/2016/apr/21/gang-found-guilty-of-uks-largest-known-gun-smuggling-operation) -

Officers from the National Crime Agency, which led the investigation into the smuggling, breached the PGP (pretty good privacy) encryption software installed on multiple BlackBerry phones used by the group to intercept messages as the trafficking took place. The UK is only the third country in the world, after Canada and the Netherlands, to have publicly said its law enforcers have been able to breach the PGP programme for encrypting data.


Comments


[5 Points] Anti-Hero_AU:

... breached the PGP (pretty good privacy) encryption software installed on multiple BlackBerry phones used by the group to intercept messages as the trafficking took place.

It's not real PGP they're talking here, just Blackberry's implementation, for which RIM gets all the keys and hands them over to LE if requested.

It's quite easy to "breach" any crypto system, when someone gives you the privkeys etc. and you don't actually do any work yourself to crack anything.

It's just fear-mongering & FUD. Never trust a commercial corporation to handle your encryption. This is what happens.

What do you think, u/sapiophile?


[3 Points] Thriz_whistle:

I would assume they breached the phone OS and got the decrypted messages that way. If the owner of the phone is viewing decrypted messages, and they have rooted the phone, then they don't need to formally break PGP to see the messages.

That's why you need a really secure OS in concert with PGP to have good security...probably not something you can have on a phone.

It would be great if someone who knows more about this than I do could chime in.


[1 Points] KGhNoUCqVcAd:

I think it's far more likely that they obtained the private keys of one or several of the gang members (likely by subpoenaing RIM?) than they defeated the underlying crypto. That's a hand that the authorities would never show IMO.


[1 Points] lordredvampire:

That's because Blackberry retains your private and public key. They can't breach gpg4usb software which supposedly resides in your encrypted (veracrypt) USB drive.

Know the difference, teenagers.


[1 Points] None:

Blackberry has already given law enforcement their global decryption key, so probably that. This article says Canada's RCMP has had it since 2010.

https://news.vice.com/article/exclusive-canada-police-obtained-blackberrys-global-decryption-key-how