Everything you need to know about encryption and information security

GSM Interceptor

We are living in a world where not just our computers are at risk.  Today’s digital economy thrives on real-time communications and we are all highly dependent on our cell phones.  Our reliance on this technology to broker deals, make sales and transmit sensitive information is frightening. They are our most trusted companions when it comes to communication.

Technology to eavesdrop on GSM communications has existed in the black market for decades.  First retailing at around $200,000 this technology remained largely out of reach to all but the most professional thieves.  Nowadays however, this equipment is readily available not only to buy, but also to rent.

There are numerous threats to corporate information.  GSM eavesdropping is being used more often, and in many cases intercepts are occurring directly from GSM cell towers. This presents a real risk when it comes to GSM communications due to the many vulnerabilities inherent in the system.  To ensure information is secure, corporations need to rely on technology normally used by government agencies, guaranteeing that voice-traffic is undecipherable to anyone but the intended recipient.

After all, it is the accessing and sharing of information that creates vulnerabilities and this is why it is necessary to implement security measures such as the use of encryption.  Gold Lock Enterprise is a tool that can ensure the security of not just GSM communications, but also the whole spectrum of digital media.

Gold Lock delivers a range of hardened products tested up to military grade encryption levels, which can ensure the security of most forms of data.  When used in conjunction with sound data security policies corporations can finally start to fill in the huge gaps between firewalls, anti-virus and other security measures.

Gold Line Group Ltd. and its network of worldwide Gold Lock partners are now offering Pre Installed Encrypted Phones, VIP service, shipped to your door using worldwide express shipping.

All supported devices are available, sold ready to use,  including:

• A life time license for Gold Lock Enterprise
• Unlimited Free Support (Phone / Email)
• Unlimited Free Upgrades
• Unlimited changes of hardware due to lost / stolen / broken phones.

Note: All phones are shipped unmarked, without external identifications of being encrypted phones, for your security.

Contact Us for more information.

Encrypted Nokia 5700

Encrypted Nokia 5800

Encrypted Nokia 6110

Encrypted Nokia 6210

Encrypted Nokia 6220

Encrypted Nokia 6290

Encrypted Nokia 6120c

Encrypted Nokia E51

Encrypted Nokia E66

Encrypted Nokia E71

Encrypted Nokia E90

Encrypted Nokia N76

Encrypted Nokia N78

Encrypted Nokia N79

Encrypted Nokia N81

Encrypted Nokia N82

Encrypted Nokia N85

Encrypted Nokia N95

Encrypted Nokia N95-8GB

Encrypted Laptop

Encrypted HTC

Encrypted Windows Mobile Phone

Contact Us for shipping quotes and order information.

Recent developments in Quantum Cryptography could usher in a new era for encryption technology and the recent news that China has became one of the first governments to adopt a quantum encrypted network is perhaps an example that we are about to see a new era of corporate security.

Quantum computing has remained in the realms of science fiction up until recently and due to advancements made by researchers quantum cryptography is now a real and effective safeguard for anyone with the funds to spend on such groundbreaking technology.

Quantum technology is a revolutionary concept that involves photons, quantum states, entanglement and countless other terms, which enable a cryptographic key to be generated by taking advantage of quantum entanglement and quantum indeterminacy to detect eavesdropping on  any communications.

Quantum cryptography is a fascinating revelation for governments and large corporations, but the truth is that it is neither economical nor realistic for smaller organizations to implement. The costs required and more importantly, the expertise needed to implement such as system is beyond the scope of most security analysts.

In truth, quantum cryptography still relies on existing encryption algorithms, as the quantum cryptography is merely a way to negotiate a highly secure key for use in encryption.  Quantum cryptography does provide a highly secure private key, but it still relies on existing cryptographic techniques.  So smaller corporations that feel left out, are not actually missing a great deal if they have an adequate encryption package, which utilizes the highly successful Diffie-Hellmann key exchange system.

Gold Lock Enterprise is an example of successful Diffie-Hellmann implementation in conjunction with ECIC encryption.

In previous posts, we have talked about key strength and protection of encryption keys, but for those who are not directly involved in the line of IT, encryption terminology can be slightly confusing and bewildering at times.

When it comes to security, often terminology is over-complicated and almost never simplified to a level in which the average end-user can understand.

Cryptography is one of those areas in which everything has an acronym and nothing seems to stay the same for any length of time.  With numerous forms of encryption available, making an informed decision can be difficult or near on impossible at times.

When it comes to encryption, generally there are three factors involved.

1.  Sensitive data

2.  An encryption cipher

3.  An encryption key

This is breaking it down into an elementary level, but essentially these three parts are required for any form of cryptography.

Ciphers and encryption are two parts of the cycle in which people need to constantly be aware of changes and evolutions in cryptographic techniques.

A cipher is essentially a mathematical algorithm, which uses some form of factoring to encrypt sensitive data based on an encryption key.

This encryption key is exactly what it sounds like – it is the key to unlocking encrypted information and most undoubtedly the most important asset of any corporation, which relies on cryptographic security.

Keys are essential in ensuring security, and often they are the only vulnerability of the system not because of the technology, but because of end-users and their reluctance to use strong keys.

With the advent of wireless networks and other technologies, we are increasingly exposing our data to the risk of theft and interception by third parties with nothing more than a notebook computer and some freely available tools, which can be acquired online.

Whilst most home users and many organizations are now aware of the security implications of having unsecured private networks, the truth is that not many are aware of the limitations and the vulnerabilities that exist with wireless communications.

Wireless networks using older encryption technology are easily attackable using brute force attack.  By snooping encrypted packets for long enough, potential intruders can extrapolate the encryption key and gain access to the network.

This means the whole network becomes compromised and as a direct result of poor encryption standards, e-mails and other communications can be intercepted with ease.

To secure wireless networks, it is recommended to ensure that more popular and recognized encryption protocols are used and that key strength is strong enough to mitigate the risks of brute force attack.

However, many networks can still be breached so it is important to ensure that networks offer multiple layers of protection.  One way of protecting data, file transfer and VOIP communications that occur on a wireless network is to ensure that third party encryption software is used that effectively ‘double-encrypts’ any sensitive data being broadcasted wirelessly.

This ensures not only that the information is secure, but also reduces the value of data which is sniffed off the air, as it is essentially worthless due to the fact it is encrypted.

Numerous examples of malicious software have been found on hundreds of ATM machines running Microsoft Windows.  This ‘software’ is apparently able to record card numbers and details that are contained in the magnetic strip on the back of cards.

Up until now, this exploit has only been found on ATM machines located in Eastern Europe, but it looks to be that the software is highly advanced, and before long it may make its way to the west.

This highly advanced exploit not only records card details, but it also gives full access to the ATM machine functions.  From printing money to rebooting the machine, criminals need only insert a special ‘card’ which allows them to literally do anything they want.

It would seem that the evolution of the ATM machine has ensured that it is now vulnerable to attack because of the developers desires for it to remain ‘user-friendly’.  But has user friendly gone one step too far in this case?  The vulnerable ATM machines all run a standard version of Windows XP which obviously, has major vulnerabilities.

It would seem that simply securing parts of a computer inside a steel cage is no longer enough to deter these attackers and they have found a way to load their sinister software without banks actually knowing.

Looking at this, one can only make the realistic conclusion that ATM machines are no longer simply ‘thin clients’.  It is ironic to see that banks are putting their trust in operating systems such as Windows XP straight out of the box.

Evidence supporting the security limitations of Windows XP has existed since before 2003.  Even the NSA admits that standard editions of XP are flawed and vulnerable.  As a result, USAF actually petitioned Microsoft for a locked-down and secure version of the operating system.  Why didn’t banks think of that?

Various world governments have started significant research into one-touch hacking tools, which can be utilized on the battlefront.  These tools are being designed to be able to target weaknesses in Wi-Fi networks as well as intercept VoIP communications and satellite relays.

Following recent developments, the United States government has publicized the fact that it is researching such technologies in order to empower and increase the role of the battlefront soldier.  This technology should enable users to exploit weaknesses in security, control power grids and manipulate security systems remotely.

This is of great concern to any organization because this technology is just a showcase of what is actually currently available online.  Things such as packet sniffers, WEP and WPA-PSK key decryptors have been available online from one source or another for years and it is only now that the government is starting to adopt the practices of experienced hackers and adapt them for battlefield use.

The modern organization faces a real threat of digital attack on a daily basis, and with tools on this being developed by the government; one can only imagine what is available to the digital underground.

Traditional security measures in the forms of IDS systems, firewalls and others are no longer adequate when it comes to protecting security.  Organizations need to stop thinking about ‘if’ they are breached, but ‘when’ they will be breached.  By changing company focus from that of prevention to limitation ensures that should the worst-case scenario occur, companies can still minimize risk by ensuring all assets are secure with technologies such as advanced Encryption amongst others.

Gold Lock Enterprise not only serves as a military grade voice encryptor, but actually works to ensure that all file and text communications are also protected from hackers at a level equivalent to that in use by the NSA and worldwide military organizations.

Security experts from remote-expoit.org have recently released an open-source wireless keyboard sniffer known as Keyleriki.  This application is reportedly capable of intercepting and decoding keystrokes from Microsoft based wireless keyboards. The security group known as has finally released this software to the general public in the hopes of making manufacturers and the general public aware of this serious security concern.

The increased prevalence of wireless technology in business environments has lead to significant research by cyber criminals into ways to exploit our new found dependence on such equipment.  This is just one example of countless many exploits that are currently ‘in the wild’.  But this, is perhaps one of the more severe examples as there is no way to encrypt keystrokes other than relying on the obviously poor XOR protocols that are so weak they can be decrypted on the fly.

Whilst critics argue that the range of these attacks is minimal, they have been launched from as far away as 30 feet. What is the risk of an intruder talking their way into your office? Recent studies have shown that a great many corporations are still vulnerable to social engineering attacks.  With potentially no way to secure these keystrokes, corporations really do need to consider their security policies in the wireless age, but how do you ensure your policies are adequate to protect against this sort of attack?  Think about wired alternatives until a safe wireless solution comes along.

In conclusion, attacks like this are remarkably easy to avoid by simply having rugged staff training and regular hardware auditing.  Encryption, firewalls and anti-virus only go so far.  These days multi-layer security policies are essential in ensuring both data and now, even keystrokes are safe.

Recent sources close to the US government have admitted that army web servers have been the victim of attack by a group of ‘elite’ computer hackers known as M0sted.  This group, it claims, were able to use a remote injection exploit to gain access to a number of web servers belonging to the US Army Corps of Engineers.

Reportedly, other than setting up a number of redirects to their own homepage, it is not clear as to how far the attacks actually went and whether or not they actually managed to steal any sensitive records or classified information, but the fact that these hackers seem to have managed to exploit remote injection vulnerabilities to gain access to these servers is perhaps evidence that the US Army’s computer network is still the equivalent of Swiss cheese.

This particular attack was executed by a group of Turkish hackers, who may very well be operating for Al Qaeda.  The aim of this attack seemed to be website defacement, but it is unclear as to whether the group actually progressed beyond that to to access sensitive computer systems.

In this example, these attacks were not the cause of a glitch in hardware or software, but more likely than not the result of human error. Specifically, it would seem that the army was the victim of remote SQL-injection hack that gave these hackers the ability to insert anything of their choosing into the database of the server, which is the result of nothing other than bad coding.

The US army should be leading the fight against cybercrime, not becoming victim to it, instead, they operate under the impression their systems are “secure”.  In today’s age of targeted cyber attacks, this is literally the equivalent of putting your head in the sand.

Nokia Siemens Networks has responded to recent speculation about sales it made of network monitoring kit to the Iranian government, confirming that it provided Lawful Intercept capability solely for the monitoring of local voice calls in Iran. However, the company refuted reports that it had provided any deep packet inspection, web censorship or Internet filtering capability to the country.

In most countries around the world, including all EU member states and the U.S., telecommunications networks are legally required to have the capability for Lawful Intercept and this is also the case in Iran. Lawful Intercept is specified in standards defined by ETSI and the 3GPP.

To fulfill this Lawful Intercept requirement as part of an expansion to provide further mobile connectivity to Iran in the second half of 2008, Nokia Siemens Networks provided TCI, the Iranian national operator, with the capability to conduct voice monitoring of local calls on its fixed and mobile network.

The restricted functionality monitoring center provided by Nokia Siemens Networks in Iran cannot provide data monitoring, internet monitoring, deep packet inspection, international call monitoring or speech recognition. Therefore, contrary to speculation in the media, the technology supplied by Nokia Siemens Networks cannot be used for the monitoring or censorship of internet traffic.

The Intelligence Solutions division of the company was itself sold earlier this year to Perusa Partners Fund, a private investment firm. Nokia Siemens Networks says that it made the decision to exit this business as it primarily addresses customer segments which differ from telecom service providers and is therefore not part of its core business.

Gold Lock encryption systems, while forbidden to be sold in Iran (due to Israeli MOD restrictions), are completely free from backdoors (under contract), and provide complete protection against both lawful and illegal interception systems around the world.