Tracking Islamic State Impeded By Encryption

Islamic State is "very security-conscious" and a prolific user of strong encryption technology, posing a major challenge as the US works to uncover and disrupt plots by the terrorist group, Director of National Intelligence James Clapper said.

Clapper said the group uses end-to-end encryption, which refers to messaging applications or other services that secure communications when they are sent and received with scrambled code that can be unlocked only with a special key.

"ISIL is the most sophisticated, by far, user of the Internet and the technologies that are available privately to ensure end-to-end encryption," Clapper, using an acronym for the group, told reporters recently at an event in Washington hosted by the Christian Science Monitor. "That is a major inhibitor to discerning plotting going on principally by ISIL, or others."

The increasing availability of strong encryption has stoked a fierce debate inside the US, pitting officials and agencies responsible for security against technology companies such as Apple Inc. that view the technology as essential to helping their customers and users secure personal and business information.

Find a Balance

Clapper said he supports strong encryption but that he and other US officials are trying to "thread the needle so that we ensure privacy and security." He declined to say whether the Obama administration would support draft legislation in the Senate that would require companies to comply with court orders giving law enforcement agencies access to data by releasing it from encryption.

"Somehow we need to find a balance here," Clapper said. "I don’t know the technicalities of how we might arrive there."

Apple, Google and other companies began offering more and stronger encryption after former US contractor Edward Snowden exposed extensive government spying.

Snowden Impact

The National Security Agency estimates that the Snowden revelations pushed the development and adoption of commercial encryption technology forward by seven years, Clapper said. It was the first time a US official offered such a calculation.

"It has had, and is having, a profound effect on our ability to collect, particularly against terrorists," Clapper said. "From our standpoint, it’s not a good thing."

The FBI served Apple with a court order in February compelling the company to help break into an encrypted iPhone used by Syed Rizwan Farook, who with his wife carried out the deadly December attack in San Bernardino, California. Apple resisted and the FBI dropped the case last month after saying it bought a tool from a private organization it hasn’t identified to break into the phone.

Clapper declined to comment on how the FBI got into the phone. The FBI has said an entity it hasn’t identified helped it hack into the phone, and agency Director James Comey suggested last week that it paid more than $1.3 million for the hacking tool that won’t work on newer phones.
Information-Management: http://bit.ly/1US00Qf

 

 

« SpyEye Masterminds Begin 24 Year Sentence
Hit By DDoS? You Will Be Hit Again… »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

GreatHorn

GreatHorn

GreatHorn offers the only cloud-native security platform that stops targeted social engineering and phishing attacks on communication tools like O365, G Suite, and Slack.

Fidus Information Security

Fidus Information Security

Fidus is a team of security professionals providing Penetration Testing and Cyber Security Consulting services throughout the UK and worldwide.

Epati Information Technologies

Epati Information Technologies

ePati Information Technologies is a specialist in information technology and cyber security.

Slovenska Akreditacija (SA)

Slovenska Akreditacija (SA)

Slovenska Akreditacija is the national accreditation body for Slovenia. The directory of members provides details of organisations offering certification services for ISO 27001.

IAR Systems

IAR Systems

IAR Systems are a frontrunner in a changing industry, and a future-proof software supplier enabling the IoT.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

Fusion Risk Management

Fusion Risk Management

Fusion Risk Management focuses on operational resilience encompassing business continuity, risk management, IT risk, and crisis and incident management.

Nineteen Group

Nineteen Group

Nineteen Group delivers major-scale exhibitions within the security, fire, emergency services, health and safety, facilities management and maintenance engineering sectors.

CrowdSec

CrowdSec

CrowdSec is an open-source & participative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

Securance Consulting

Securance Consulting

Since 2002, Securance has empowered enterprises to assume proactive security, compliance, and risk management strategies.

Professional Labs

Professional Labs

Professional Labs specialize in simplifying complex problems for our customers with Cloud Services, Managed Services and Cyber Security.

Convergint

Convergint

Convergint is a service-based systems integrator working alongside a global network of partners and manufacturers to deliver a range of solutions including cybersecurity.