Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: encryption – Page 44

As the Equifax hack last year showed, there’s a lack of legislation governing what happens to data from a breach. And ultimately, a breach of genetic data is much more serious than most credit breaches. Genetic information is immutable: Vigna points out that it’s possible to change credit card numbers or even addresses, but genetic information cannot be changed. And genetic information is often shared involuntarily. “Even if I don’t use 23andMe, I have cousins who did, so effectively I may be genetically searchable,” says Ram. In one case, an identical twin having her genetic data sequenced created a tricky situation for her sister.

This week, DNA testing service MyHeritage revealed that hackers had breached 92 million of its accounts. Though the hackers only accessed encrypted emails and passwords — so they never reached the actual genetic data — there’s no question that this type of hack will happen more frequently as consumer genetic testing becomes more and more popular. So why would hackers want DNA information specifically? And what are the implications of a big DNA breach?

One simple reason is that hackers might want to sell DNA data back for ransom, says Giovanni Vigna, a professor of computer science at UC Santa Barbara and co-founder of cybersecurity company Lastline. Hackers could threaten to revoke access or post the sensitive information online if not given money; one Indiana hospital paid $55,000 to hackers for this very reason. But there are reasons genetic data specifically could be lucrative. “This data could be sold on the down-low or monetized to insurance companies,” Vigna adds. “You can imagine the consequences: One day, I might apply for a long-term loan and get rejected because deep in the corporate system, there is data that I am very likely to get Alzheimer’s and die before I would repay the loan.”

MyHeritage doesn’t offer health or medical tests, but many companies, like 23andMe and Helix, do. And there are plenty of players interested in DNA: researchers want genetic data for scientific studies, insurance companies want genetic data to help them calculate the cost of health and life insurance, and police want genetic data to help them track down criminals, like in the recent Golden State Killer case. Already, we lack robust protections when it comes to genetic privacy, and so a genetic data breach could be a nightmare. “If there is data that exists, there is a way for it to be exploited,” says Natalie Ram, a professor of law focusing on bioethics issues at the University of Baltimore.

Read more

S cientists have created the UK’s first ever “unhackable” fibre network in anticipation of the dawn of quantum computers, a technology that could render current security systems completely useless and leave critical infrastructure, banking and healthcare networks open to hackers.

The network, constructed by researchers from BT, the University of York and the University of Cambridge over the past two years, is secured by the laws of quantum physics which dictate how light and matter behave at a fundamental level. Using this, it is able to block anyone attempting to crack into the fibre link.

This could be a game changer for the healthcare and financial sector, when it is feared existing encryption…

Read more

Developers at major technology companies, outraged by the Snowden disclosures, started pushing back. Some, such as those at WhatsApp, which was bought by Facebook a year after the story broke, implemented their own encryption. Others, such as Yahoo’s Alex Stamos, quit rather than support further eavesdropping. (Stamos is now the head of security at Facebook.)

Five years after historic NSA leaks, whistleblower tells the Guardian he has no regrets.

Mon 4 Jun 2018 13.00 EDT Last modified on Tue 5 Jun 2018 04.46 EDT.

Read more

E xperts are suggesting quantum computing may render blockchain obsolete. As the tech giants such as Google and IBM are showing interest in Quantum computing the danger is evident. According to MIT Technology Review, this type of computing can hack the cryptography hash that universally secures the blockchain and in general the internet. This would suggest quantum computers may complete fraudulent transactions and steal coins. With its exponential power, quantum computers threaten blockchain’s future security.

Blockchain consists of encrypted nodes connected on a chain, which currently makes it almost impossible to hack. The order of entries adheres to the blockchain protocol, which makes it counterfeit-resistant.

To successfully hack a blockchain, you would need to alter both the targeted block and all of the blocks connected. Blockchains are synced throughout a peer-to-peer network. In this type of system, there is no central point of failure for hackers to penetrate. For a hacker to have a chance of penetrating the network, they would need to simultaneously alter at least 51% of the blockchain.

Read more

Machine-learning technology is growing ever more accessible. Let’s not have a 9/11-style ‘failure of imagination’ about it.

There is a general tendency among counterterrorism analysts to understate rather than hyperbolize terrorists’ technological adaptations. In 2011 and 2012, most believed that the “Arab Spring” revolutions would marginalize jihadist movements. But within four years, jihadists had attracted a record number of foreign fighters to the Syrian battlefield, in part by using the same social media mobilization techniques that protesters had employed to challenge dictators like Zine El Abidine Ben Ali, Hosni Mubarak, and Muammar Qaddafi.

Militant groups later combined easy accessibility to operatives via social media with new advances in encryption to create the “virtual planner” model of terrorism. This model allows online operatives to provide the same offerings that were once the domain of physical networks, including recruitment, coordinating the target and timing of attacks, and even providing technical assistance on topics like bomb-making.

Read more

There are certain classes of technology that, by their nature, put those who possess their secrets in danger: Nuclear weapons. Ballistic missiles. Advanced encryption software.

Now, add unmanned aerial vehicles—drones—to that list.

A Palestinian electrical engineer who had published research on drones was assassinated in Malaysia, the Wall Street Journal reported (paywall). A helmeted person on a motorcycle fired 10 shots at 35 year-old Fadi al-Batsh, killing him as he walked to a mosque for morning prayers.

Read more

Sometimes sensitive data, like passwords or keys that unlock encrypted communications, are accidentally left open for anybody to see. It’s happened everywhere from the Republican National Committee to Verizon, and as long as information can be public on the internet the trend isn’t going to stop.

But researchers at software infrastructure firm Pivotal have taught AI to locate this accidentally public sensitive information in a surprising way: By looking at the code as if it were a picture. Since modern artificial intelligence is arguably better than humans at identifying minute differences in images, telling the difference between a password and normal code for a computer is just like recognizing a dog from a cat.

The best way to check whether private passwords or sensitive information has been left public today is to use hand-coded rules called “regular expressions.” These rules tell a computer to find any string of characters that meets specific criteria, like length and included characters. But passwords are all different, and this method means that the security engineer has to anticipate every kind of private data they want to guard against.

Read more

Locking up super-secret information with digital encryption has become even more secure with the production of numbers that aren’t just ‘nearly random’, but are truly unpredictable in every sense of the word.

Using the data generated by a three-year-old experiment on quantum entanglement, the US National Institute of Standards and Technology (NIST) recently generated codes that are guaranteed to be one of a kind, and it could set a new landmark in communications.

On one level, randomness is an easy thing to grasp. We flip coins, roll dice, and pick cards with a basic sense that the outcome can’t be easily predicted.

Read more

It has no inherent value and causes observers to rotate between feelings of fascination and anger. We’re talking about cryptocurrency, but also art. In a new series, artist Andy Bauch is bringing the two subjects together with works that use abstract patterns constructed in Lego bricks. Each piece visually represents the private key to a crypto-wallet, and anyone can steal that digital cash—if you can decode them.

Bauch first started playing around with cryptocurrencies in 2013 and told us in an interview that he considers himself an enthusiast but not a “rabid promoter” of the technology. “I wasn’t smart enough to buy enough to have fuck-you money,” he said. In 2016, he started to integrate his Bitcoin interest with his art practice.

His latest series of work, New Money, opens at LA’s Castelli Art Space on Friday. Bauch says that each piece in the series “is a secret key to various types of cryptocurrency.” He bought various amounts of Bitcoin, Litecoin, and other alt-coins in 2016 and put them in different digital wallets. Each wallet is encrypted with a private key that consists of a string of letters and numbers. That key was initially fed into an algorithm to generate a pattern. Then Bauch tweaked the algorithm here and there to get it to spit out an image that appealed to him. After finalizing the works, he’s rigorously tested them in reverse to ensure that they do, indeed, give you the right private key when processed through his formula.

Read more