Wah, encryption makes policing hard, cries UK's National Crime Agency

Ever since Snowden it's been the default – report


Encryption is making it more difficult for law enforcement agencies to detect dangerous offenders, according the the National Crime Agency's (NCA) yearly assessment of serious organised crime in Britain.

"Since 2010, communication service providers have migrated to encrypted services 'by default', a process that accelerated following the Snowden disclosures," said the National Strategic Assessment of Serious and Organised Crime 2018.

"Now, the majority of internet traffic is encrypted and publicly available mobile device apps offer end-to-end encryption as standard."

Although the report acknowledged this meant enhanced privacy for users, the NCA warned the use of encryption "is impacting on law enforcement's ability to collect intelligence and evidence".

NCA director general Lynne Owens said: "This year's assessment shows that organised crime groups are exploiting digital technology, for instance using encryption to communicate, and dark web marketplaces to aid their activities."

The report warned encryption built into mainstream products would continue to expand and will offer criminals enhanced protection by default, rather than design. "The pace of these developments will continue to challenge law enforcement capability and resource, with narrowing options for mitigation," it said.

Amber Rudd

Rudd-y hell, dark web! Amber alert! UK Home Sec is on the war path for stealthy cyber-crims

READ MORE

However, the report did not cover whether the government should break encrypted services, as has been previously suggested, which could potentially lead to anyone exploiting back doors, including criminals.

On the subject of the dark web, the combination of encryption and anonymisation pose "substantial challenges to law enforcement's collection of intelligence and evidence", the NCA document stated.

In April, former Home Secretary Amber Rudd announced a £9m war chest to tackle crims using the darker recesses of the web for illegal activities, such as selling firearms, drugs, malware and people.

Rudd had previously spoken out about encryption, often prompting criticism due to her apparent lack of understanding.

Technologies such as virtual private networks and virtual currencies will support fast, "secure" and anonymous operating environments, facilitating all levels of criminality," the report said.

Unsurprisingly, a number of the security services were consulted prior to publication, including MI5 and GCHQ.

Elsewhere in the report, the NCA warned the UK remained a prime destination for money laundering. "Investment in UK property, particularly in London, continues to be an attractive mechanism to launder funds," it said. ®

Broader topics


Other stories you might like

  • Protecting data now as the quantum era approaches
    Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering

    Analysis Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.

    It's unclear when quantum computers will easily crack classical crypto – estimates range from three to five years to never – but conventional wisdom is that now's the time to start preparing to ensure data remains encrypted.

    A growing list of established vendors like IBM and Google and smaller startups – Quantum Xchange and Quantinuum, among others – have worked on this for several years. QuSecure, which is launching this week after three years in stealth mode, will offer a fully managed service approach with QuProtect, which is designed to not only secure data now against conventional threats but also against future attacks from nation-states and bad actors leveraging quantum systems.

    Continue reading
  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading
  • Europe proposes tackling child abuse by killing privacy, strong encryption
    If we're gonna go through this again, can we just literally go back in time?

    Proposed European regulations that purport to curb child abuse by imposing mass surveillance would be a "disaster" for digital privacy and strong encryption, say cybersecurity experts.

    A number of options have been put forward for lawmakers to mull that aim to encourage or ensure online service providers and messaging apps tackle the "detection, removal, and reporting of previously-known and new child sexual abuse material and grooming."

    These options range from voluntary detection and reporting of child sexual abuse material (CSAM) and grooming, to legally mandating that service providers find and report such material using whatever detection technology they wish — essentially scanning all private communications and, if necessary, breaking end-to-end (E2E) encryption for everyone.

    Continue reading

Biting the hand that feeds IT © 1998–2022