Risk
8/17/2011
12:27 PM
Connect Directly
RSS
E-Mail
50%
50%

Scotland Yard Read Encrypted BlackBerry Messages During Riots

British police officials said they used confiscated BlackBerry smartphones to "break into" encrypted communications.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
What's the easiest way to access an encrypted smartphone communications network? Have a smartphone that can listen in.

At least, that was one tactic employed by police in London as they sought better intelligence on the outbreak of riots across England. So said Tim Godwin, acting police commissioner for the Metropolitan--the country's largest police force, which is more commonly known as Scotland Yard--on Tuesday, as he appeared before the U.K. Parliament's Home Affairs Committee. The committee, which oversees many of the country's police forces, is investigating the success or failure of police tactics used during the riots.

According to Godwin, as riots broke out in 22 of London's 32 boroughs last Monday and threatened to overwhelm police officers, he made the decision to begin eavesdropping and acting on encrypted BlackBerry Messenger (BBM) communications. Godwin said that by using BlackBerry smartphones seized by police, detectives were able to "break into" BBM and gain "live time monitoring," according to the Guardian. As a result, police officers were able to secure locations before rioting broke out, as well as proactively shut down stores and businesses in areas that faced looting. Police were also monitoring Twitter and Facebook, and Godwin's testimony suggested that police may have used confiscated BlackBerry smartphones to gain access to private Twitter feeds.

In Britain, multiple politicians had called for a curfew on BBM--widely used by the rioters, who were largely young and male--as well as social networks, to help quell the unrest. (As some privacy advocates have noted, such tactics echo strategies recently employed by autocratic rulers in such countries as Egypt and Libya, as they clung to power in the face of mass riots.) But Godwin confirmed that the police considered that tactic. "We did consider seeking the legal authority to switch it off. The legality is questionable, very questionable," he said, according to the Guardian.

Interestingly, BlackBerry manufacturer Research In Motion had released a statement in which it offered to assist investigators, in accordance with U.K. laws. Numerous security experts took that to mean that any police requests for BBM communications would, as usual, require a warrant.

Using a seized device to surreptitiously access BlackBerry Messenger communications, however, is gray territory. Furthermore, by detailing the difficulties police faced in amassing intelligence about planned rioting and looting, Godwin may not only be seeking exculpation for that intelligence gathering, but also laying the groundwork for a formal police request for new laws, giving them explicit power to eavesdrop on encrypted communications during times of unrest.

According to the Guardian, Godwin told the committee that police were not "at this moment of time" seeking the ability to deactivate social networks or eavesdrop on encrypted smartphone communications channels, during times of civil unrest. But news reports suggest that police are already working with the domestic intelligence service, MI5, as well as the country's electronic signals intelligence center, the Government Communications Headquarters, to decrypt BBM communications in the hunt for people who organized riots and looting.

Beyond using confiscated BlackBerry smartphones, police monitored riot-related and looting-related public messages sent via Twitter and Facebook, which resulted in multiple arrests.

But some of the resulting sentences have been criticized as being disproportionate. Notably, on Tuesday, two men were sentenced to four years in prison on charges of inciting a riot via Facebook. One 20-year-old man created a Facebook event page for "Smash Down in Northwich Town," and set the McDonald's in his town center as a meeting point. But he was the sole attendee and was arrested by waiting police. In the other case, a 22-year-old man created a Facebook page called "Let's Have a Riot in Latchford," but removed it the next day--after 300 people had viewed it--and published an apology on Facebook.

In handing down the stiff sentences, the judge said they were meant to serve as a deterrent.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0914
Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947
Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948
Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

CVE-2014-2356
Published: 2014-07-30
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.

Best of the Web
Dark Reading Radio