Australian newspapers reporting a “major breakthrough” in the fight against international crime, with the reveal that the encrypted communication network “Anom” has been used to monitor worldwide crime activity. Hoping Steve Gibson might pick this up in the next few weeks as a subject to discuss.
So, my question is pretty basic. What is the difference between networks like Anom and Ciphr and the encrypted messaging apps on our devices? My limited understanding of encrypted messaging is that no one, except the sender and receiver, can read the unencrypted message. Is this a report of law enforcement actually accessing the unencrypted data, or getting access to the metadata, and following the trail of who receives the messages?
I haven’t seen the news report you mentioned, nor have I heard of “Anom” or “Ciphr” but in my experience, the biggest practical difference between messaging apps is how the private keys are handled. They’re either user-controller (good, but possibly more technical as the onus for securing and maintaining the keys is placed on the user) or controlled by the company running the service (bad, but easier since the user doesn’t need to think about anything at all, which people really seem to appreciate these days).
I’m sure the app developers will probably go on about the superiority of whatever cryptography they’re using, but practically speaking, it doesn’t matter all that much beyond a point. Nobody using these apps is important enough to spend the compute time on to break encryption.
I will point out, however, that the Aus gov’t having announced that they’re actively monitoring this Anom service will probably be a pretty big red flag for anyone using the Anom service. Why would they announce it rather than sit in secret and actually gather intel from it? I’d guess their intrusion is blown at this point.
I didn’t provide a link to the news story, as most Aussie newspapers only allow access if one has an account. News release pretty sparse on details, other than it was a joint US/Aus investigation. A later news story indicates the network An0m, was infiltrated and controlled by law enforcement.
I’m going to wait and see what actual prosecutions follow. This smells a little like a justification for requiring backdoors on all encrypted products. “See what we could so with An0m? Imagine what we could do with Signal or iMessages?”
