Risk
8/17/2011
12:27 PM
50%
50%

Scotland Yard Read Encrypted BlackBerry Messages During Riots

British police officials said they used confiscated BlackBerry smartphones to "break into" encrypted communications.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
What's the easiest way to access an encrypted smartphone communications network? Have a smartphone that can listen in.

At least, that was one tactic employed by police in London as they sought better intelligence on the outbreak of riots across England. So said Tim Godwin, acting police commissioner for the Metropolitan--the country's largest police force, which is more commonly known as Scotland Yard--on Tuesday, as he appeared before the U.K. Parliament's Home Affairs Committee. The committee, which oversees many of the country's police forces, is investigating the success or failure of police tactics used during the riots.

According to Godwin, as riots broke out in 22 of London's 32 boroughs last Monday and threatened to overwhelm police officers, he made the decision to begin eavesdropping and acting on encrypted BlackBerry Messenger (BBM) communications. Godwin said that by using BlackBerry smartphones seized by police, detectives were able to "break into" BBM and gain "live time monitoring," according to the Guardian. As a result, police officers were able to secure locations before rioting broke out, as well as proactively shut down stores and businesses in areas that faced looting. Police were also monitoring Twitter and Facebook, and Godwin's testimony suggested that police may have used confiscated BlackBerry smartphones to gain access to private Twitter feeds.

In Britain, multiple politicians had called for a curfew on BBM--widely used by the rioters, who were largely young and male--as well as social networks, to help quell the unrest. (As some privacy advocates have noted, such tactics echo strategies recently employed by autocratic rulers in such countries as Egypt and Libya, as they clung to power in the face of mass riots.) But Godwin confirmed that the police considered that tactic. "We did consider seeking the legal authority to switch it off. The legality is questionable, very questionable," he said, according to the Guardian.

Interestingly, BlackBerry manufacturer Research In Motion had released a statement in which it offered to assist investigators, in accordance with U.K. laws. Numerous security experts took that to mean that any police requests for BBM communications would, as usual, require a warrant.

Using a seized device to surreptitiously access BlackBerry Messenger communications, however, is gray territory. Furthermore, by detailing the difficulties police faced in amassing intelligence about planned rioting and looting, Godwin may not only be seeking exculpation for that intelligence gathering, but also laying the groundwork for a formal police request for new laws, giving them explicit power to eavesdrop on encrypted communications during times of unrest.

According to the Guardian, Godwin told the committee that police were not "at this moment of time" seeking the ability to deactivate social networks or eavesdrop on encrypted smartphone communications channels, during times of civil unrest. But news reports suggest that police are already working with the domestic intelligence service, MI5, as well as the country's electronic signals intelligence center, the Government Communications Headquarters, to decrypt BBM communications in the hunt for people who organized riots and looting.

Beyond using confiscated BlackBerry smartphones, police monitored riot-related and looting-related public messages sent via Twitter and Facebook, which resulted in multiple arrests.

But some of the resulting sentences have been criticized as being disproportionate. Notably, on Tuesday, two men were sentenced to four years in prison on charges of inciting a riot via Facebook. One 20-year-old man created a Facebook event page for "Smash Down in Northwich Town," and set the McDonald's in his town center as a meeting point. But he was the sole attendee and was arrested by waiting police. In the other case, a 22-year-old man created a Facebook page called "Let's Have a Riot in Latchford," but removed it the next day--after 300 people had viewed it--and published an apology on Facebook.

In handing down the stiff sentences, the judge said they were meant to serve as a deterrent.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6123
Published: 2014-12-28
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs.

CVE-2014-6160
Published: 2014-12-28
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.