Damn, you'd think that someone at that level would pay for better OPSEC support. But then, I guess that I'm not surprised. Blackberry does have a reputation, not at all deserved at this point. I'm pretty sure that the President's phone is just as poorly secured. Probably less, from what I've read.
This issue is huge in politics. The entire Clinton personal e-mail scandal was essentially her unwilling to give up her BlackBerry, something Obama was unwilling to give up too. These people learned how to use some technology decades ago, and will continue using it no matter what other issues it causes.
Just a question. Who would they pay? I know a few people I might pay for that but only incidentally & I’ve worked in tech. for 20 years.
Where would an average though maybe high priced attorney go to get advice other than “use signal & WhatsApp” if they knew they needed protection from a federal investigation?
>>Damn, you'd think that someone at that level would pay for better OPSEC support
I think that he thought himself as untouchable and neglected it. Maybe dodged so many bullets over the years.
Question for HN: did the FBI break the Signal encryption or just managed to open his device to find all the messages there? Maybe sensitive messages need to be deleted.
Which level was Michael Cohen at? From a career perspective he was an ambulance chaser (involved with a number of fraudulent car crash claims) with shady, Saul Goodman "back of the nail salon" style offices. Then he purportedly helped a reality star pay off people.
My point, I suppose, is that normally the associates of the president would be upstanding individuals who had achieved heights. In this case, as with many of DJTs associates, it is anything but that.
Manfort [not Cohen, as I originally wrote, but Manafort] had his message stored on iCloud. That turned out to be part of how the FBI was able to recover them so easily.
Your comment had me struggling to determine how one could store WhatsApp messages on iCloud. (From a Blackberry no less.)
But then I followed your link. I don't think that article was about Cohen. You may want to change your post.
On an equally important note, why is it that people out there assume that ANY form of electronic communication is impervious from government surveillance? The reality is that if a three letter agency is after you, it's probably unwise to be using WhatsApp and Signal in an incriminating fashion. (Or anything else for that matter.)
It's like locking your physical spaces. Yeah, you should go ahead and lock your house or office and turn on the alarm system while you're gone...
but you should also go ahead and assume that those three letter agencies planted surveillance devices in that house or office even in the face of your security measures.
> The letter to Judge Kimba Wood stated that "the Government was advised that the FBI’s original electronic extraction of data from telephones did not capture content related to encrypted messaging applications, such as WhatsApp and Signal... The FBI has now obtained this material."
I don't get this. How could you possibly decrypt encrypted messages without WhatsApp or Signal's assistance?
Isn't the whole point of encryption that no-one can decrypt it unless they have the necessary keys?
They probably decrypted it on the device through some brute force methods. This may be easy or difficult depending on the passcode/PIN used by the user on the device. This is a weak point from the user's side. They may have also obtained this from backups elsewhere that weren't encrypted or strongly encrypted.
There is no indication that they decrypted anything by breaking into the end-to-end transport/network encryption used by these apps.
P.S.: Your honest question (which wasn't snarky) was downvoted by some people for reasons I don't understand. Upvoted in an attempt to compensate. Such questions and responses can help more people learn about encryption and the protections necessary at different stages/layers.
I haven't used Whatsapp or Signal, but you don't login every time you use the chat app, right? The phone could have just been unlocked by the owner or the PIN or pattern guessed, assuming the keys are stored on the device.
Is the model of the phone known? If it's a relatively new BlackBerry running Android, and if it can be rooted:
* the main WhatsApp msgstore database in /data is not encrypted
* the msgstore backup databases (.crypt* in /sdcard) can be decrypted easily using the key file (mentioned in the article) which is also stored in /data
One could probably reverse engineer the WhatsApp APK to figure out how the key file is generated.
I would hazard a guess that Signal messages are also not stored encrypted at the source and destination (beyond the protection offered by the operating system).
Yea this is key. It's possible to have Signal on your device but not implement any device locking passcode or passcode for unlocking Signal... That would make it trivial to recover data if you have the device.
Signal encryption relies on a password (last I used it, which was a long time ago). Typing long random passwords in a phone is nothing if not impractical.
It wouldn't shock me to find out they just brute forced the password.
EDIT: It is suspected that Michael Cohen, being a long time Trump friend and personal lawyer, is familiar with Trump's money laundering. If Michael Cohen believes he's at risk of being sent to jail for many years, he might collaborate with the FBI.
A lot of trouble. A Ukrainian national said in an interview that he testified in front of a grand jury convened by the Mueller investigation last Friday. He said that the prosecutor's questions focused on Cohen so he is about to be squeezed from both sides and his family is now selling several multimillion dollar apartments (including his in-laws), supposedly to cover legal bills. His current legal team will cease all work for Cohen after today with sources saying that it is due to a failed attempt at negotiating down some already owed bills.
Federal grand juries convene on Fridays so we will know by Monday whether more indictments will be handed down.
It says that they have "731 pages of encrypted data" but nowhere does it say that they managed to decrypt the data, and read the plain text.
It states that they did not disclose what was in the "encrypted data" so... there's no indication or assurance that they've managed to access the plain text.
My reading of that was that they had 731 pages of texts, which were supposed to have been encrypted by WhatsApp or Signal, that were stored in plain text.
> Investigators have restored 16 pages of documents found in Cohen’s shredder and recovered 731 pages of messages sent on encrypted platforms, including WhatsApp and Signal.
[+] [-] mirimir|7 years ago|reply
[+] [-] boomboomsubban|7 years ago|reply
[+] [-] kasey_junk|7 years ago|reply
Where would an average though maybe high priced attorney go to get advice other than “use signal & WhatsApp” if they knew they needed protection from a federal investigation?
[+] [-] yjftsjthsd-h|7 years ago|reply
[+] [-] onetimemanytime|7 years ago|reply
I think that he thought himself as untouchable and neglected it. Maybe dodged so many bullets over the years.
Question for HN: did the FBI break the Signal encryption or just managed to open his device to find all the messages there? Maybe sensitive messages need to be deleted.
[+] [-] dragonwriter|7 years ago|reply
Cohen (and the whole Trump circle) went from operating at one level to a much higher level fairly quickly.
Also, there's a “you don't know what it is that you don't know” issue involved.
[+] [-] endorphone|7 years ago|reply
My point, I suppose, is that normally the associates of the president would be upstanding individuals who had achieved heights. In this case, as with many of DJTs associates, it is anything but that.
[+] [-] ggg9990|7 years ago|reply
[deleted]
[+] [-] MilnerRoute|7 years ago|reply
https://gizmodo.com/paul-manafort-learns-that-encrypting-mes...
[+] [-] bilbo0s|7 years ago|reply
???
Your comment had me struggling to determine how one could store WhatsApp messages on iCloud. (From a Blackberry no less.)
But then I followed your link. I don't think that article was about Cohen. You may want to change your post.
On an equally important note, why is it that people out there assume that ANY form of electronic communication is impervious from government surveillance? The reality is that if a three letter agency is after you, it's probably unwise to be using WhatsApp and Signal in an incriminating fashion. (Or anything else for that matter.)
It's like locking your physical spaces. Yeah, you should go ahead and lock your house or office and turn on the alarm system while you're gone...
but you should also go ahead and assume that those three letter agencies planted surveillance devices in that house or office even in the face of your security measures.
[+] [-] wpdev_63|7 years ago|reply
0:https://wikileaks.org/ciav7p1/?
[+] [-] jlgaddis|7 years ago|reply
[+] [-] lstyls|7 years ago|reply
[+] [-] justboxing|7 years ago|reply
I don't get this. How could you possibly decrypt encrypted messages without WhatsApp or Signal's assistance?
Isn't the whole point of encryption that no-one can decrypt it unless they have the necessary keys?
[+] [-] ben1040|7 years ago|reply
For instance, WhatsApp on Android will happily back up to Google Drive, if you allow it, and it does so in cleartext.
[+] [-] newscracker|7 years ago|reply
There is no indication that they decrypted anything by breaking into the end-to-end transport/network encryption used by these apps.
P.S.: Your honest question (which wasn't snarky) was downvoted by some people for reasons I don't understand. Upvoted in an attempt to compensate. Such questions and responses can help more people learn about encryption and the protections necessary at different stages/layers.
[+] [-] odorousrex|7 years ago|reply
But if the person who knows the relevant keys willingly hands over appropriate passwords/etc. for a more lenient sentence then encryption is moot.
[+] [-] ipsum2|7 years ago|reply
[+] [-] 49bc|7 years ago|reply
[+] [-] polar|7 years ago|reply
I would hazard a guess that Signal messages are also not stored encrypted at the source and destination (beyond the protection offered by the operating system).
[+] [-] craftyguy|7 years ago|reply
[+] [-] qrbLPHiKpiux|7 years ago|reply
Bet he sung.
[+] [-] em3rgent0rdr|7 years ago|reply
[+] [-] gpm|7 years ago|reply
It wouldn't shock me to find out they just brute forced the password.
[+] [-] michaelchisari|7 years ago|reply
[+] [-] naner|7 years ago|reply
[+] [-] saagarjha|7 years ago|reply
[+] [-] Willson50|7 years ago|reply
[+] [-] oxide|7 years ago|reply
[+] [-] UnoriginalGuy|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] fwdpropaganda|7 years ago|reply
EDIT: It is suspected that Michael Cohen, being a long time Trump friend and personal lawyer, is familiar with Trump's money laundering. If Michael Cohen believes he's at risk of being sent to jail for many years, he might collaborate with the FBI.
[+] [-] civilitty|7 years ago|reply
Federal grand juries convene on Fridays so we will know by Monday whether more indictments will be handed down.
[+] [-] sctb|7 years ago|reply
Edit: thanks.
[+] [-] pandasun|7 years ago|reply
[deleted]
[+] [-] xamarinthrw|7 years ago|reply
[deleted]
[+] [-] mrcactu5|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] econ_th0|7 years ago|reply
did they have his phone password or is this saying they hacked the chat softwares?
[+] [-] hurrrrrrrrrr|7 years ago|reply
It states that they did not disclose what was in the "encrypted data" so... there's no indication or assurance that they've managed to access the plain text.
[+] [-] davesque|7 years ago|reply
That's what this article appears to suggest:
https://www.bloomberg.com/news/articles/2018-06-15/prosecuto...
From paragraph 2 in the article:
> Investigators have restored 16 pages of documents found in Cohen’s shredder and recovered 731 pages of messages sent on encrypted platforms, including WhatsApp and Signal.
[+] [-] JustSomeNobody|7 years ago|reply