Why cryptography does not help careless idiots
Why cryptography does not help careless idiots
“The universe believes in encryption”. So goes a famous thought of one of the most important practicing adherents shirobana, founder and head of the collecting state information leak of WikiLeaks Julian Assange, voiced in his “Call to cryptographic arms”. This, of course, so.
It is the use of cryptography in all its diversity will enable us — supporters of personal liberty and privacy of private information flows “return it” by having no intelligence of the corporations, nor overly curious state security forces (and their employees wishing to use their technical capabilities and administrative powers in their own Mercantile interests), or attackers, ranging from modern robbers that use to steal digital assets methods came from the nineties of the last century, no “real” hackers would not be able to reach your data: correspondence, passwords and wallets and cryptocurrencies.
Cryptography protects. However, today, when it is so developed that, for example, the notorious “keys endpoint encryption” impossible to give she still has really bad enemy, a phenomenon inherent in human nature and has enormous destructive potential.
We are talking about carelessness, based on laziness, an attitude of “will do” and unwillingness to delve into how arranged technology designed to protect us and find out where there are gaps.
Anything you would like to keep hidden, and hide, and encrypt — all this will be on the surface, unless you turn your head and continue to flout basic rules of digital security.
Some of the stories told by Richard Fermana
The famous American physicist Richard Feynman, in addition to its primary professional profile had two equivalent for his Hobbies: he was a great lover of jokes, the object of which was, in particular his colleagues and human, carefully and enthusiastically engaged in a variety of different puzzles.
When Richard Penman participated in the development of the first atomic bombs as part of a secret government program called the Manhattan project, these two areas of his interests was found. The fact that the documents that secrecy were to be kept in safes. The more serious was this documentation and the higher the rank of the person who was responsible for its preservation from the eyes of a potential enemy spies, especially solid solutions were implemented to protect it.
Fenman, by that time, already learned to open a normal door locks with master keys and, finding the safes could not pass this challenge. He tells how, through relatively simple calculations could create a new way to define the codes on the safes, through reasonably limited selection of their combinations, together with the preliminary scouting their component parts.
The famous scientist was doing it for my own entertainment, and in order to maintain it arose in the team of creators of the bomb, the glory of cracker. It all started with the fact that he decided to check how reliable safes selected for storage of classified documents by representatives of the Ministry of defence, and came to the point that other scientists called him to get urgently needed for their work documents in a safe Deposit box colleagues who went on vacation.
Among other things, Feynman says that when he explained the principles he uses for “hacking” (really just open) safes, one of officer ranks, he instead followed his advice, has banned its employees to allow physics to your safe — that is, tried to solve the problem at the root and just eliminate the external stimulus. Do not repeat this mistake!
The second instructive example given by Richard Fermana in the collection of his “jokes” about their own lives “surely You’re joking Mr. Feynman” — a case that occurred to him when he first encountered the box with which it was not possible to conduct a preliminary reconnaissance.
Here physics had to remember tips from reading them guides for burglars, which in particular set out that fundamental (and relevant to the present day) observation: even if the password is not recorded by the Secretary in a conspicuous place: the edge of the table, separately laying a piece of paper or in your address book, pick it, put yourself in the place of the owner of the safe, and a little digging in his biography. If so highbrow scientists used as combinations not only of the values of physical constants, but the kids ‘ birthdays or important dates science – where there “normal” people. Don’t do it!
The classic example is a story that occurred around the safe one of the main cones among the military leadership of the Manhattan project. The case was this: in an effort to ensure maximum privacy, one of the generals decided that the usual box of those as they used the scientific staff of the laboratories, it would not be enough. His choice fell on a powerful heavy-duty construction of the safe, which had a door like the one that was used in those years in banks. The Hulk, as told by Feynman, it was impossible to raise the stairs to the General’s office and workers had to build a strong forest and raise it gradually, using a variety of jacks (in this case, if my memory serves me, was required also to dismantle the wall in order to make huge safe in the office of the officer. Himself, Feynman and his friend, with whom he discussed the opening of this safe is recognized that safe, really safe. All is good, just opened it with one of the two or three basic pre-installed at the factory, combinations, that is, to discover it does not need to possess the competencies of a burglar.
Soldering iron and iron
The intelligence and criminal communities in many countries it has long been clear that such a simple and accessible tool, as the infliction of physical suffering, the owner of some of the secrets can make him give them much faster than any entreaties or with a thorough search to find the “secret” password reminder, or something similar.
In Russia the “dashing nineties” one of these methods got a witty and apt name of “termorektalny cryptanalysis”. I think you know what it is. To seriously prepare for something like that, of course, impossible. Here it is possible to defend, only excluding the possibility of falling into a similar situation: it is not necessary to speak publicly about their income or share this information with the first counter, and in addition, to make access to your secret (or assets) would be impossible in a forest, right next to the excavated pit or directly at your home, in the company of those most thermocatalytical soldering iron and of iron.
Hackers are not “cybergate”, and cunning
A hacker in the public consciousness is still perceived as some character from the classic cyberpunk before him plunging lines of incomprehensible code, it with machine-gun speed pounding on the keys, takes a SIP from the glass of single malt whiskey, drags blunt, a few strokes of the keyboard and — voila — “I hacked their code”, whatever that means. After that “hacker” will recline on the chair and all the questions will answer complex intricate phrases, until it is recognized that generally acted on intuition and inspiration. In fact such an image procedures of penetration differs little from the three-dimensional journeys through “the matrix” depicted in the movie “johnny mnemonic” (just the same classic cyberpunk work of William Gibson and filmed) or in a computer game System Shock, and to contemporary reality, as well as those methods that are in practice “hackers” computer systems has relationships equally small. Moreover, such a naive image procedures the penetration of hackers playing on hand — you just won’t know what you’re dealing with, meeting with a real intrusion attempt, just because she might not even be related to code protection programmes.
This, apparently, is due to the fact that the description of the actual work with the programs, as well as their demonstration on the silver screen would be a rather boring spectacle for an ordinary reader or viewer. Hence, there are all these deliberately spectacular images. However, you can meet and truthful moments – for example the old movie “Hackers” (note to young angelina Jolie with a hairstyle “under the boy”) that was released four years ago, Black Hat (in Russian translation, of course, again, the “Hacker”) Michael Mann you can find examples of that in the environment of computer “bugbears” is called “social engineering”. Call the Corporation with a question “Hello, I forgot my password from our local area and wanted to work from home” or a letter from the person’s immediate superiors, within which is hidden the “Keylogger”, which will remove the entries, revealing the desired password shown in these films, the examples are quite typical and go in the times, who describes in his memoirs, Richard Feynman. Remember the advice to “look for the entry combination to the safe in a visible place”. Do not fall for these provocations and be careful!
And what now?
XXI century significantly expanded the space of possible surveillance. “Factory” password, the router will allow you to take control of this device “free” VPN collect information about the pages you view, and “anonymous” cryptocurrency will be not too resistant to tracking transactions. And such examples are really a lot, an awful lot.
Some practical recommendations
Two-factor authentication, when you need to not only enter a password but also to confirm the login with an additional code for your telephone to be used wherever it is possible. This protects you from keyloggers and other ways of “looking over the shoulder” of intruders or prying representatives of the Supervisory authorities. But to save the password on the device you use is quite possible. To know that the password is not difficult. Although for very important passwords this is not an option, their cache is not worth it. In particularly serious cases, we recommend to use for additional authorization codes separate phone stored so that it is not available to you (and therefore attackers) just like that. More about this will be discussed below.
Use “secret chats” telegram. That they use endpoint encryption. General correspondence is stored including on the company’s servers and not just locally — you need to ensure that you could have access to them where you are comfortable. In “secret chats”, if necessary, expose the Erasure of messages. Ideally, you should go to the use of really encrypted traffic instant messengers, for example, on Signal, to the benefit of which is expressed by Edward Snowden. However, never forget to follow not only the technical news reporting detected vulnerabilities of the used technology, but also for information about what kind of relationship the developers have with government agencies and how these relationships change over time. No matter how good was the chosen tool of communication, a change for the worse can happen at any time, because “everything that can be spoiled will be spoiled.”
Always change passwords that were installed by default. Wherever it is, including “iron”: from the local networks, WiFi connections, to the modems and routers.
Choose truly untraceable cryptocurrency (if this is important to you). As for passwords, they should be stored in a location that would be routinely available, for example, in a safety Deposit box or a trusted lawyer — this is done not only to them securely hide, but to ensure that in case you fall into the hands of criminals who decide to apply to you gangster methods “hacking” you would have had to go password in a place where there will be people who can assist you themselves, then call her.
5. Use your head
Always. This is the most important tip. Without it everything else is useless talk. Carelessness leads to losses. Treat yourself and your assets responsibly.