Russia Declares Cyber War

Photo: TheDigitalArtist Pixabay

Weeks before Russia invaded the Ukraine, American intelligence agencies warned that Vladimir Putin was planning state-sponsored cyber operations around the world against critical infrastructure. Targets include Defense, Energy, Governments, Healthcare, and Telecommunications. The Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and National Security Agency issued a joint Cybersecurity Advisory outlining the threats and for the global community to adopt a proactive, heightened state of awareness.

The CSA overview served to highlight the risks and list strategies to assist with detection, mitigation and incident response. The advisory noted in the technical details, “Historically, Russian state-sponsored advanced persistent threat actors have used common but effective tactics—including spearphishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—to gain initial access to target networks.” A reward of up to $10 million may be offered for information about Russian cyber operations targeting U.S. critical infrastructure, an example of how seriously CISA, the FBI, and NSA are taking the threat.

How it started?

On February 24, 2022, as Russia launched a large-scale attack on the Ukraine, CISA issued another alert about a group of Iranian government sponsored APTs known as MuddyWater, a subordinate element within the Iranian Ministry of Intelligence and Security. The group was observed “Conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America.”

The eve of the invasion came with a dire warning from President Putin, translated into English, “To anyone who would consider interfering from the outside – if you do, you will face consequences greater than any you have faced in history.” Of course, the world has good reason to take the threat seriously.

Just days before the physical assault came a pre-emptive virtual strike, with distributed denial of service attacks on Ukraine’s government websites, foreign ministry, state security services and banks. Ukraine’s defense ministry and major banks were hit with DDoS attacks the week before, with limited impact.

How it’s going?

“The war [in cyberspace] is underway and unfolding very intensively,” the Russian Foreign Ministry’s international information security director said in December 2021. “The media rightly says that this [is] a Third World War, and what matters now is to calculate the damage and determine who will lose it in the end and what shape the world will eventually acquire as a result of this war.”

A botnet malware dubbed Cyclops Blink is being used by the notorious Sandworm hackers, a destructive threat group that has been working with the Russian military to exploit vulnerabilities in firewalls and infect networks to gain remote access. Systems may then be used as a conduit to conduct additional attacks elsewhere, as the point of entry may not be the primary target.

Such strategy may well have been underway for months if not years. The US Energy Secretary noted, “Experts believe that Russian hackers trying to bring down part of the U.S. grid would probably enter via a side route — breaking into a major energy provider’s networks by infecting a software update from a less secure company.”

Another weapon in the Russian war machine cache is misinformation. Putin’s propaganda tactics have been a hallmark of his political career. Social Media has been infiltrated by Russian troll farms to wage political warfare on his adversaries. Russia was accused of spreading fake news through troll factories, swaying the US Presidential election in favour of Trump, confirmed by former FBI Director Robert Mueller when he investigated the alleged Russian interference in the 2016 election.

When the Kremlin invaded Crimea, Ukrainian journalist and political analyst, Mykola Riabchuk, said the Russian hype had evolved into a full-fledged information war. Riabchuk wrote, “Three major narratives emerged that can be summed up as “Ukraine’s borders are artificial”, “Ukraine’s society is deeply divided”, and “Ukrainian institutions are irreparably dysfunctional.” To put it simply, Ukraine is a failed state (“not a country”) . . . and it, therefore, needs external, apparently Russian, guardianship.”

Putin’s deceptive attempt to rationalize his attack on Ukraine was characteristic, according to one criminal justice professor who was quoted as saying, “This is one of those times where we can expect Russian troll farms to be heavily active in an attempt to either depict a narrative that fits the notion that they’re a peacekeeping force, or that there’s false flag events that have occurred that justify their presence there or the use of serious violence against civilians or anything else.”

Ukraine responded to the cyber threats by asking the hacker world to come to its aid. Just as the country has built a strong resistance from within to defend against the military attack, volunteers have rushed in to answer the call to strike back at Russian targets online. An IT army with thousands of hackers have already answered the call within a matter of days. Elon Musk assisted the effort by activating Starlink satellite service over Ukraine.

Hacktivists took over Russian TV stations to broadcast footage from the front lines, thwarting the state efforts to control the narrative, which likely fuelled the increased number of protestors who risked arrest by defiantly demonstrating against the invasion of their neighbours. Russian media sites were hijacked to be replaced with a tombstone bearing the number of reported Russian troop casualties.

How to be prepared?

With the potential for anyone to become a victim if Russia retaliates with a global cyber conflict, now is the time to be extra vigilant with your online behaviour.

Know that governments are focused on keeping critical infrastructure safe in this heightened state of crisis. This means being aware is important but there is no need to panic. Arm yourself with trustworthy information and don’t amplify baseless reports.

Myntex recommends several methods to keep your digital vectors safe from attack. Start with some basics, like ensuring your system updates are handled promptly to patch developer vulnerabilities. Implement multi-factor authentication wherever possible. Practice cybersecurity common sense by staying apprised of phishing attack techniques and other means of infiltration used by threat actors. Ensure your service provider secures the servers you rely on with DDoS protection. In these uncertain times, it is wise to have a plan to remain operational in the event of a cyber-attack, such as ransomware.

The best way for business to secure mobile devices is to remove the risk from online browsing and to use end-to-end encrypted communications to safeguard your privacy. Don’t trust free apps, you’ll be giving away your personal data when you agree to their terms of use. If you’re not paying for the product, you become the product.

While the implications for a growing cyber-conflict are real, it is encouraging to note the world is standing guard against attacks, which have yet to materialize at the time of writing this post.

The Riskiest Coding Loophole Ever and Other Vulnerabilities


Image by gstockstudioon Envato

There’s so much public discussion about digital security and privacy these days. In 2022, the number of mobile phone users worldwide is 7.2 billion, over 90% of the population. Anyone using a cell phone can be targeted by hackers or fall victim to identity theft. While digital security concerns can impact most people, few understand the nature of specific vulnerabilities.

Examining a major cybersecurity threat can shed light on how hackers access unauthorized material and demonstrate the importance of how your personal and sensitive data may be exposed online.

The Canada Revenue Agency recently reported it was susceptible to the Log4j security vulnerability, known as Log4Shell. It was not alone, 44% of global corporate networks were reportedly affected. Estimates of 10 million attempts per hour in the U.S. alone were made to exploit it after being discovered in December 2021.

The CRA outlined the problem in a series of statements and was offline for several days while it took precautionary measures to mitigate the risk to Canadians. While the agency claims no system or user information was compromised, it was a major disruption for those who use the site for a variety of tax and income benefit programs.

CyberNews noted, “Log4j is incorporated in widely used Apache-related frameworks, which means the spread of vulnerability might be like something never seen before.” In addition to government sites—like the CRAs—Amazon, Android OS, Apple, Google Documents, LinkedIn, Netflix, Steam, Twitter, Uber, and millions of other firms were exposed due to the software bug.

Software Flaw

Log4J is known as a Zero Day exploit, a term that applies to vulnerabilities that are compromised by malicious threat actors before the software developer discovers the error. Despite multiple fixes implemented to the Java-based library for the open-source logging utility, the threat lingers. Cybersecurity experts worry that many were unaware of the danger and didn’t act fast enough to mitigate the risk.

If IT teams didn’t patch the defect promptly it would be able to grant easy access to internal networks where those with mal-intent could mine data, launch malware attacks, manipulate information, etc. Hackers who were able to find loopholes may be waiting for opportunities to attack or sell access to the compromised sites on the dark web for future exploitation.

The vulnerability was rated 10 out of 10 by the non-profit Apache Software Foundation, which administers the software’s development. “Anyone with the exploit can obtain full access to an unpatched computer that uses the software. Experts said the extreme ease with which the vulnerability lets an attacker access a web server–no password required–is what makes it so dangerous.”

Big Implications

Log4j is present in almost all Java-based products and web services, from webcams to car navigation systems and medical devices. The repercussions from something like a ransomware attack or any number of other threats would be enormous.

While no major attacks have been detected, experts said there probably would be eventually. Fear, uncertainty, and doubt is a strong motivator in a digital society. For Log4j, an urgent alarm was raised within the IT community for valid reasons. The FUD factor was not exaggerated and was, in fact, necessary to achieve the prompt response required to avert a potential disaster online.

Illusion of Security

Vulnerabilities exist in many free apps that are popular today. Unlike this recently discovered one, that the world has scrambled to fix, there are issues you should be aware of before you trust your privacy to an encrypted cell phone communication app like Telegram.

While these types of free services may offer end-to-end encryption or promote their service as being encrypted on their cloud, if the messages you send are stored on its servers, they are still vulnerable to being hacked. Many encrypted devices are sold using free services, like Signal, despite a list of vulnerabilities.

Businesses, governments, and individuals need the confidence of knowing their encrypted cell phone is built for security from the ground up.

Even if free messaging services offer ample levels of encryption, vulnerabilities may still exist in the company’s business model that undermine the level of security they offer. For example, WhatsApp has been known to share users’ personal information with Facebook (Meta) and third-party marketers.

Similarly, WhatsApp has accidentally permitted unauthorized access to user information after storing sensitive data insecurely. A company can offer the strongest level of encryption available, but it’s all for nothing if they also compromise data privacy as a routine part of their business practices or because they don’t have strong security protocols in place.

Security Above All

Myntex prioritizes security and privacy. Where other companies market personal data leveraged from their customers to third parties, Myntex secure communications ensures users’ private information remains confidential.

From the proprietary design that ensures servers don’t store confidential information like notes, emails, or encrypted messages, people can enjoy peace of mind knowing that their information won’t get into the wrong hands. Keeping totally secure is also straightforward for anybody, even if they aren’t especially tech-savvy.

Germany to Support End-to-End Encryption

Smartphones are popular around the world, so it’s not surprising that people everywhere care about digital privacy. Phones are an incredible piece of technology that keep us connected to the people, products, and information all around us.

They are also a means through which hackers, cybercriminals, government agencies, and other groups can gather your personal information.

Germany’s new coalition government offers many things digital rights activists have asked for, such as a “right to encryption,” “a right to anonymity,” “increased IT security,” and more. However, in practice, even governments that claim they value encryption often don’t guarantee it.

How can people be sure of their privacy when robust encryption laws exist simultaneously with legal mechanisms for state surveillance and decryption? A deeper look into Germany’s recent past and present makes it clear that the difference between total privacy and some privacy is irreconcilable.

Encryption Backdoors Versus Government Hacking

The government has at least two ways of accessing people’s private information: installing a secret backdoor into encryption protocols or outright hacking. Both methods compromise citizens’ privacy but in different ways.

In 2021, the prior conservative German government issued statistics about its use of hacking for the first time. Police and investigative authorities ordered the more invasive online search 33 times in 21 procedures and used it in 12 cases. Hacking to eavesdrop through surveillance was used 31 times and used in three cases. “These authorities use government hacking tools primarily to investigate drug and property crimes, not murder or terrorism as initially intended.”

According to another report, German government hacking wasn’t used in any successful criminal investigation or emergency response between 2017 and 2020. “Government hacking is understood as interfering with the integrity of software – including online services — or hardware to access data in transit, data at rest, and sensors to manipulate a target’s device by law enforcement for the purpose of criminal investigations [in a targeted manner].”

Encryption backdoors would allow the government to bypass any encryption used by the population. Unlike government hacking, using a backdoor to sidestep encryption still compromises security and would be done outside of the protections afforded by law.

Whereas hacking exists within a legal framework, encryption backdoors directly contradict the law as it currently stands. That’s why policy discussions within Germany only extend to government hacking. However, they might influence EU law to allow for encryption backdoors, where they may have a higher chance for success.

German Foreign Intelligence and the CIA / NSA

The European Council, in December 2020, adopted a resolution called Security Through Encryption and Security Despite Encryption. It underlines the importance of encryption for security while also undermining encryption by indirectly asking for backdoors to encryption for the authorities.

Such a conflicting approach is not new to German surveillance.  During the Cold War, the Federal Republic of Germany’s foreign intelligence service worked with the CIA to decode messages from allies and enemies alike. Dubbed Operation Rubicon, these intelligence agencies both made money off the technology and used it to eavesdrop for decades.

The partnership was considered the “intelligence coup of the century”. The encryption devices, made by a Swiss firm and sold to NATO allies for their own espionage purposes, were owned by the CIA—unbeknownst to the buyers—and enabled the two countries to spy on their own allies with ease.  
The US and Germany not only listened freely, but they also collected money from the victims. However, such alliances aren’t always trustworthy in the long term. It turns out that undermining encryption communications can backfire against the perpetrators.

Denmark helped the US spy on countries like Germany, including eavesdropping on German chancellor Angela Merkel between 2012-2014. The US National Spy Agency accessed text messages and phone conversations of numerous prominent individuals by tapping Danish internet cables with the cooperation of the FE, Denmark’s secret service.

Known by the codename Operation Dunhammer, the digital communications surveillance of allied countries heads of state proved not only enemies couldn’t be trusted with respecting privacy and security. How can ordinary citizens put their faith in government to secure their privacy if world leaders can’t protect their own?

For almost too many reasons to name, the importance of secure and open communication cannot be overstated: people need to feel like they can chat freely for the sake of staying in touch with friends, engaging in political discourse, conducting business, and so much more.

Permeable Encryption

The group in Germany that supports embedding systematic weaknesses in encryption, to enable intelligence and law enforcement agencies to be more effective, is small.

Governments, like Germany, are increasingly exploiting the public’s rights to privacy. Using the premise of heightened security to extend law enforcements’ reach, governments justify hacking and asking for backdoors into encryption.

Encryption keeps people safe from cybercrime and prying eyes, but it can’t do that if governments’ want access to support justice because once a backdoor is in place bad actors will get in. Germany might be seeking to appease digital rights advocates in the country, but deliberately leaving holes in their privacy protection is a risk to the government and its’ citizens.

Using a hardened phone on a device built from the ground up for maximum security and privacy protection is the only way to ensure your digital communications are never compromised. Business leaders, journalists, lawyers, and, as the above has made clear, world leaders need to know that no one can crack their phone.

The only way to ensure your conversations remain confidential is to get a phone with military-grade encryption with secondary security features hosted on a private server to protect against potential vulnerabilities.

BlackBerry Classic Goes Dark

It was the end of an era for the BlackBerry 10 Operating System, which now ceases to exist starting today – January 4, 2022. BlackBerry BB10 powered smartphones—with the legacy QWERTY keyboard favoured by professionals, businesses, and world leaders—haven’t been produced since 2017.

BlackBerry delayed decommissioning the service out of loyalty to its customers, according to CEO, John Chen, who successfully transitioned the firm to a software company in 2016. However, BlackBerry Android devices were not affected by the BB OS end of life.

The BlackBerry phone was introduced in 1999, by the Canadian technology parent company originally called Research in Motion. The phone was a hit, with the business world thanks to email on the go and instant messaging.

Celebrities played a role in the brand’s popularity. In 2008, Kim Kardashian flaunted an 8330 Pink Curve and President Barack Obama had to fight hard to be able to continue to use his BlackBerry when elected that same year. BlackBerry Messenger was even featured in the lyrics and titles of songs by the likes of Sean Kingston. The BBM encrypted program ceased in 2019.

BlackBerry phone sales peaked at 50 million in 2011. But it had already peaked as having the largest slice of pie in the smartphone segment, which was serving a different experience to a new demographic.

When RIM released its first touch screen—Storm—in 2008, it was certain their product would prevail. The company wasn’t convinced its new competitors were not a threat. By 2011, the iPhone had eclipsed BlackBerry. But the company was tenacious and would not give up easily.

Designed to save the one-time industry front-runner, the BB10 OS was two years late in its rollout. During the delay the company’s market share had taken a dive from 20 per cent to just five per cent of a mobile phone niche catering to business. The company’s stock plummeted.

Two new phones were designed to work with the OS, which finally arrived in January 2013. To coincide with the late launch, RIM changed its name to BlackBerry Limited. The rebranded company had high hopes for its latest touch screen model, without an external keyboard, the Z10. The Q10, which featured a full functioning QWERTY setup, was released a few months later. But the phones felt dated upon arrival and struggled to compete in the saturated market of touch screens dominated by Apple.

Wall Street Journal columnist Walter Mossberg was quoted as saying, ““The Z10 and BB10 represent a radical reinvention of the BlackBerry,” writes Mossberg. “The hardware is decent and the user interface is logical and generally easy to use. I believe it has a chance of getting RIM back into the game, if the company can attract a lot more apps.”

When BlackBerry’s then CEO, Thorsten Heins, launched BB10, he laid claim to the Z10s target audience. “The device is for people with a hyperconnected social group, who like to get things done, who like balance in their work and social life, who like the simplicity of having everything in one place, who want to move from app to app without having to hit the home button the whole time.” Even though the Z10 promised an extraordinary battery life with 10 hours of talk time, smartphone users had moved on. Developers were designing apps for the competitors instead, which was what consumers wanted.


Myntex CEO, Geoff Green says, “I think it’s great to see a company like BlackBerry show initiative and create one of the first mainstream encrypted communication platforms for customers. If we think back a decade ago, neither Apple nor Android had anything similar.” The public is still being educated about the advantages of encryption and the risks of using free apps. But the business world embraced the benefits of privacy and security when they made BlackBerry a sensation, with stock prices rising to $145 a share..

When Myntex was a start-up business, BlackBerry PGP encryption was an attractive prospect thanks to  its security and authentication, providing users with peace of mind their email was private. Myntex began by providing custom encrypted solutions for BlackBerry phones. Although, Myntex did not adopt the BB10 OS to use with the company’s flagship product, ChatMail; various models of hardware from the BlackBerry collection have been used. BlackBerry relinquished fabrication of its hardware in 2019 when it also stopped adding BB10 to its phones.

Myntex has also used Blackberry Unified Endpoint Management as a trusted security model. BlackBerry UEM continues to be an industry-leading interface for business, regardless of the platform they choose to use, and will continue to serve business—which is what the company does best—providing protection for years to come.

What Happens to Your Information After a Data Breach?

People everywhere are worried about keeping their private data confidential when using digital technology, but convenience usually outweighs concern people have about encryption and what happens after sensitive information becomes public. How is your data being gathered? What do companies or governments who harvest personal information do with it and what happens when a hacker gets your details?

People would be surprised to know how data is collected and what’s done with it. Let’s examine some of these questions to further understand why safeguarding your personal data is crucial.

Government Spying

Governments worldwide use the power at their disposal to gather data on citizens who they perceive to be a threat, like activists, political rivals, journalists and others. Vice reported that border agents seize tens of thousands of digital devices every year from travellers, even when they haven’t been charged with a crime.

The information extracted from these devices is then uploaded into a searchable database and retained for up to 75 years, including sensitive information like GPS history, text messages, emails, social media posts, photos, transaction records, financial accounts and more.

The idea of a centralized collection of personal data gathered from people who aren’t even charged with a crime is disturbing. Can an entity that goes to such elaborate lengths to compile this much sensitive data on innocent people be trusted to use it responsibly?

Corporate Data Harvesting

Most free app developers tell users they take digital security seriously, often proclaiming their product has “end-to-end encryption.”

However, while many do use encryption on data in transit, none of these free apps can promise encryption at rest. And the majority have policies to sell the data they collect from users to third-party marketing companies. Sometimes, users don’t realize how much personal information they turn over to companies when they agree to the permissions on these apps.

This is potentially dangerous. The stakes are high when hackers obtain all the information available from millions of people. In June 2020, the data from one-fifth of all Facebook users appeared for sale on an online forum. By April of the following year, a dataset of 500 million Facebook users became available for free to download by anyone online.

Hackers want to make money from the data they steal, but they also make it widely accessible to large numbers of people to increase their prestige within the hacker subculture. In other words, they’re leveraging stolen data for profit, but they’re also driven to give it away for free.

Companies and businesses need privacy to keep up with digital threats, staying a step ahead instead of constantly being a step behind. It’s all too common for people to conduct business through platforms where leaks have occurred.

Secure features such as ChatMail encrypted calling let managers and executives keep up with the pace of business in a way that’s fundamentally safe. It’s essential to avoid using third-party platforms that put them at risk. Using a platform with features that are built for security from the ground up keeps you connected without risking your privacy.

What Can Happen to Stolen Data?

Companies that harvest data may use it in a way that negatively impacts your business. What happens to your data after a breach? Back in 2015, researchers sought to answer this question by posting fake employee credentials online to an anonymous dark web file-sharing site, which they would then track to learn where stolen data goes.

Embedding a hidden watermark in files the researchers were able to find out information about the person who opened it, including their geolocation, IP address and device type. In just a few days, the data reached more than five countries on three continents and gained over 200 views. Less than two weeks later, it reached more than 22 countries and had over 1,000 views.

Deeper analysis revealed a high rate of activity among two cybercrime syndicates from Nigeria and Russia. The dark web’s organized marketplace for criminal activity includes data harvested from breaches. These data resellers are even formalized to the point where suppliers, who number in the hundreds, have user reviews from people who have purchased their stolen data.

In 2020, Verizon concluded in a study that most data theft is driven by financial motives rather than mischief or grudge settling. Typically, hackers steal data then ask for ransom, or they’ll sell the info they stole on the dark web. Financial hacks are six to seven times more likely to occur than those driven by ideology or something else.

Double Extortion

High-profile hacks like the one conducted in 2014 against Sony had a double effect: the hackers threatened to publish sensitive information unless their demands were met and once they were, the hackers published the stolen data anyway. Sony had to pay millions to compensate employees whose data was stolen and published online and suffered vast economic and operational damage.

Companies like IBM are now opposed to paying a ransom because there’s no guarantee the hackers will deliver on their promise. How trustworthy can data thieves possibly be?

Sometimes the hacker doesn’t steal information but prevents users from accessing their own computer until they get a ransom. Even in these cases, the payment isn’t the only problem.

Ultimately, once you’ve been hacked, the best possible outcome is still quite grim. Using an encrypted phone line on a platform designed for maximum security prevents this scenario from even arising.

Trying to find out what happens to your data after a breach is not something you want to experience. Best to heed the warnings and use a hardened device with security features that intentionally doesn’t allow third-party apps, to ensure your privacy.

The Security Vulnerabilities of Apple

People are becoming increasingly concerned about their privacy rights when using communication platforms and are attracted to the promise of safeguards and offerings of end-to-end encryption. Billions of people use free apps for encrypted communications, including WhatsApp despite its many leaks.

Even Apple, which has a reputation of security, has been the victim of high-profile hacks. Apple’s defences were breached by the United Arab Emirates infamous hacking case in 2016 using a cyber super-weapon.

Project Raven was the name of the operation, which resulted in three former US intelligence and military personnel being charged with two counts each of conspiracy to commit device fraud and computer hacking and conspiracy to violate arms export control regulations.

The trio of hackers-for-hire were fined $1.68 million – the first resolution of its kind – for providing the Emirates government with the malicious software used in the exploits. The tool was a unique type of spyware that remotely targeted victims.

Zero-Click Exploits

Newly unsealed court documents charged former US intelligence officers Marc Baier, Ryan Adams and Daniel Gericke in the attack, which used a cyber tool known as Karma.

Typically, to use malware on a victims’ phone the user would need to click on a link before their device could be compromised. That wasn’t the case with this type of breach. In a zero-click attack, the victim isn’t aware they have been targeted. The hackers were able to get remote access to the iPhones of those under surveillance by simply uploading phone numbers or email addresses into the automated targeting system.

Veterans of cyber warfare say tools that can exploit hundreds of iPhones at once are being used by many nations including Russia, China, the US and its closest allies. Knowledge of security vulnerabilities for Apple devises can be valuable and the company knows it, which is why it has paid up to $1-million through the Security Bounty program to head off attacks.

Apple users are right to be worried they too could become victims of hackers.

Who Was Hacked?

Reuters reports those targeted under the direction of UAEs monarchy included the Emir of Qatar as well as a Nobel Peace laureate human-rights activist in Yemen and several people in the United States.

In 2016 and 2017, Karma allowed hackers to obtain photos, emails, text messages, and location information from the iPhones of its targets. It also let the hackers harvest saved passwords, which could then be used for other breaches.

The former US intelligence operatives said Karma relied, at least partially, on a flaw in Apple’s messaging system, iMessage. This flaw let the hackers implant malware on the phones even if they were not in use.

It is estimated thousands were monitored in Project Raven. If prominent citizens and heads of state can get hacked using a phone that is thought to be secure, no wonder the public feels unsafe?

Americans selling spy tools to foreign countries so they can spy on American citizens is scandalous, but is it different than the US spying on its own citizens, as the NSA has done for years?

Not an Isolated Incident

Anybody following similar scandals like Operation Dunhammer won’t be surprised that the privacy scandals of big and small countries are inextricably linked. In that case, the US got Denmark to spy on its own citizens, versus in this case, where they enabled another country to spy on Americans.

The number of countries with the capacity to hack on this scale isn’t very relevant when the ones that lack the tools can make deals with the ones that can. If a country or institution wants to spy on people but doesn’t have the technology, they can partner with those who do.

Without the world’s most secure custom mobile communications system anyone could fall prey to attacks in which personal information can be leaked to governments intent on using hackers to spy. Only the strongest encryption on the market can prevent hackers from obtaining your sensitive information.

The possibility is real for a major cyber-attack to be taking place now that we won’t hear about for years. Protect your communications today with advanced encryption on a platform that provides you with true security and ensures your privacy.

The Security Vulnerabilities of Telegram

Credit: Daira Shevtsova via Pexels

Most people are trapped when it comes to their phones:  they know smartphones often pose major privacy and security liabilities, but they’re a required part of modern life. As a result, billions of people continue to use phones despite their worries over privacy breaches.

Some try to solve this dilemma by using free apps, like Telegram, which claim to be “heavily encrypted” to keep users secure. However, even apps that offer “end-to-end encryption” can pose data liabilities if they share user’s information (as Telegram does).

By delving deeper into the topic, the dangers in some of these allegedly secure platforms come to light.

Telegram Scrapers

Telegram has over 500 million downloads. It is advertised as a secure platform.  However, the presence of encryption doesn’t mean it doesn’t have vulnerabilities.

There are many software tools designed to export members of Telegram groups, the most popular one is called Telegram Scraper, which is the name for all AI apps that search through Telegram group chats to compile information about members. Telegram Scraper advertises itself as a “great tool for creating custom audiences for Telegram advertising campaigns.”

Telegram Scraper lets users build a list of “Telegram niche group IDs or usernames.” Extracting private data without the user’s knowledge is invasive and it’s possible to extrapolate even more information by connecting the extracted pieces together. How could such a tool exist if Telegram was truly secure?

Anyone can download Telegram Scraper and sample how it works before they buy it. In other words, you can get user information from people on Telegram before you even spend a penny.

By comparison, ChatMail encrypted mobile phones offer fully encrypted group chat and even an anonymous group chat, so this type of intrusion can’t occur.

Encryption Isn’t the Default

The word “encryption” suggests the idea of maximum security, but Telegram requires users to switch on their encryption. Why would a platform invested in security allow the option to turn encryption off, never mind default to such an insecure mode for new users?

While it’s hard to know the number, it’s likely many of the 500 million people who use it don’t know their communications are not protected by encryption. Also, Telegram only offers encryption in certain places: Secret Chats and voice and video calls.

The app supports group chats of up to 200,000 people, an astonishingly high number that surpasses what rivals offer in the group chat mode. In other words, if hackers manage to hack one group, it could breach the privacy of many innocent and unsuspecting people.

In fact, in 2018, Motherboard reported that German police had hacked Telegram and used it to spy on citizens for years. They even coded a software called “Bundestrojaner” (a federal Trojan horse) that made it easy.

Although police, in this case, spied on citizens to arrest a far-right terrorist cell, the fact remains Telegram users were vulnerable in ways they didn’t know at the time. Police have spied on at least twelve other groups, too, according to Motherboard’s information.

Law enforcement agencies have occasionally been criticized for pursuing the wrong people, accidentally or even for deliberately targeting perceived enemies who were not guilty of committing a crime.

It could have been the other way around, with terrorists hacking the platform to get confidential, sensitive information on citizens. While it’s easier to shrug off an illegal communications breach when authorities stop a violent terrorist threat, accepting this type of snooping sets a dangerous precedent.

At the very least, it’s scary to think that nefarious actors can also exploit such a gaping security hole. There are many reasons to secure your communication no matter who you are, as every ordinary person has sensitive data worth a lot of money to hackers.

Telegram Relocates

The country in which a communications platform operates has important implications for security, since any government can change the laws in ways that effect user privacy. Telegram was based in Russia and left St. Petersburg for Dubai, UAE, citing “local IT reasons.” As Russia officially blocked Telegram in June, 2020, that is an understatement.

The Russian government had asked Telegram to store users’ encryption keys and provide them to the Federal Security Service. The company protested, saying it was impractical, since the encryption keys are only stored on the devices themselves and the move would violate the constitutional rights of citizen’s privacy. The Kremlin didn’t back down so Telegram left, saying they’d move again if faced with the same conflict elsewhere.

This story outlines why it’s important to be based in a democratic country that respects the rule of law and citizen’s rights. It says something of Telegram’s integrity to relocate rather than remain in place and then having to bow to the state’s overreach. This type of pressure is being exerted around the world.

Cloud Chats

Telegram stores messages in “cloud chats,” which are described as “automated algorithms” that analyze communications to prevent spam or phishing. The cloud chats are not encrypted. A flaw was detected that allows an adversary to reorder messages, potentially allowing a hacker how to manipulate Telegram’s bots.

Researchers from the University of London discovered coding that enabled attackers to extract plaintext from encrypted messages in Android, iOS and desktop versions of Telegram. There are also privacy problems with Facebook and its encryption on smartphones and other platforms it owns, like WhatsApp, but even apps that are known for being secure can have exposures.

The only way to ensure your private communications are not accessed, analyzed, stored, or sold is to get a fully encrypted phone, built from the ground up with privacy in mind. When a phone has industry-leading security and privacy features, you’ll be confident the encryption is protecting you and that the service provider has safeguards in place to prevent anyone from spying on you or selling your data.

Myntex solutions deliver military-grade encryption and a suite of secondary security features to protect your communications. ChatMail phones deliberately exclude third-party apps because we value privacy above all, so we’ve designed our platform to let people enjoy the best of both worlds: modern smartphone functionality without fear of a data breach.

Is Facebook Undermining Its Own Encryption?

It’s no surprise encryption is under attack in a digital world where information is highly profitable. Knowledge is power and companies who traffic in personal data, like Facebook, know its value.

Privacy protection laws force social media companies to obtain permission before collecting marketing data from users, so encryption presents an obstacle. Facebook is researching how to get around this using artificial intelligence with homomorphic encryption. This technology would allow the company to read and analyze data without decrypting messages.  It could be used to develop targeted advertising technology. Third-party companies could also analyze the data.

Other tech giants, including Microsoft, Amazon and Google, are working on homomorphic encryption. Although the ability to deploy this technology is still years away, Facebook could harvest insight across its direct message platforms with this approach, including Messenger and Instagram (which currently are not encrypted) as well as WhatsApp.

Clearly, there is a conflict between user privacy and the business model of tech corporations like Facebook. Despite Facebook’s repeated assurances to the contrary, how devoted to privacy can a company possibly be if they are working this hard to undermine it?

Legitimate Uses for Homomorphic Encryption

Homomorphic encryption isn’t inherently bad or necessarily a privacy loophole. There may be instances where homomorphic encryption could solve real problems. A medical researcher, for example, could collate information about patients, which may be useful for treatments, but the US Health Insurance Portability and Accountability Act prevents the sharing of private medical data. In this example using a homomorphic encryption scheme would ostensibly retain user privacy while permitting the data to be reviewed for medical purposes. However, it introduces the possibility of misuse — especially when the companies using it are known for privacy breaches and security gaps.

End-to-End Encryption

ChatMail encrypted phones use the strongest cryptography available, layered within our impenetrable ChatMail Advanced Messaging and Parsing Protocol, using both PGP and ECC encryption.

Facebook claims to provide end-to-end encryption on WhatsApp, however, if your backups are stored on the cloud they are not encrypted – which means it is not secure.

Law enforcement agencies can use a search warrant to have Google or iCloud hand over this data WhatsApp data would show how many members a chat group has, how long the group has existed and how they interact with each other. The company collects the phone numbers and IP addresses of users, tracks how often they send outgoing messages, when they’re online, who they message, as well as their names and profile photos. It is easy to imagine how this information could be exploited.

Critics worry Facebook would optimize its platforms to harvest this data and for targeted advertising with ultra-precision.

WhatsApp alone has about two billion global users, many of whom conduct business on the platform and discuss a range of sensitive things under the belief they are protected by “end-to-end encryption.” It may be an old observation by now about how the internet works, but it still holds: if you are not paying for a product, you are the product, not the consumer.

Unreliable History

Some telecom companies seem willing to work with legal authorities. Some wonder what’s wrong with private companies creating a backdoor into their platforms if it helps fight crime? The problem is the door is open to abuse and will not only target bad actors. Innocent activists, journalists and regular citizens will all lose their privacy with such measures. Companies would be unable to prevent their data from being accessed unscrupulously.

Facebooks relationship with the Indian government was on good terms when Mark Zuckerber launched the “Free Basics” program back in 2016. But that soon soured. WhatsApp is currently suing the Indian government after it asked for a fingerprint of every single message sent on the service. Facebooks’ falling out with the government coincided with India’s attempt to gain more control over social media. A raid on Twitter’s New Delhi office by Indian police left employees feeling frightened and intimidated.

Facebook policies are hypocritical. People it considered “dangerous” and in violation of their policies were nonetheless allowed to remain on the platform when they’re allied with the government. Contradictory policies like this erode public confidence if the company can’t even enforce its own policies fairly.

Credible evidence that supporters of Donald Trump used Facebook to plan an attempted coup on the US government January 6, 2021; resulting in the death of several civilians and police officers, including two who have since committed suicide. Facebook responded by banning Trump from the platform until 2023 — when the candidates for the next Federal US election will declare their nomination.

The company has publicly rejected responsibility for allowing such a violent attack to be planned on their platform, even while an internal task force at Facebook concluded the company didn’t do enough to halt the “Stop the Steal” groups.

Facebook has one privacy standard when authorities ask them for data and another when they’re asked to turn over information about themselves.

Staying Above the Fray

Facebook’s lack of transparency is an issue — from its methods for targeting user advertising to how it allows extremist groups on the platform — which has led to dangerous real-world consequences.

Anybody looking to stay entirely above the fray and conduct business and conversations safely needs an encrypted mobile phone centred around privacy and security rather than a platform that exists so the company can sell your private data for profit to advertisers. While encryption is complicated and keeps evolving, people understand the need for business security and privacy on a visceral level. Buy a Myntex phone that uses the strongest encryption possible and comes with many secondary security features to ensure you and your data are always safe.

When Tech Giants Enter and Undermine the Encryption Communications Industry

The World Wide Web was born 30-years ago on August 6, 1991. Just two months earlier an American computer scientist and cryptographer, Philip R. Zimmerman, wrote the code for the encryption program Pretty Good Privacy (PGP). Zimmerman shared the PGP open-source code in the United States, making it the first widely available data security program. It quickly spread globally on the web.

The U.S. government had long considered cryptographic software a munition and thus subject to arms trafficking. The Customs Service started a criminal investigation against Zimmerman for violating the Arms Export Control Act because they deemed PGP cryptography to be too strong to export. Zimmerman asserted he was not responsible for sharing the software outside of the states and responded by publishing his entire code in the book, PGP: Source Code and Internals, to the delight of those who wanted to ensure digital privacy. After 3-years the investigation was dropped in 1996 without charges against Zimmerman ever being filed. U.S. restrictions on the export of encryption software relaxed in the new millennium and cypherpunks claimed a small victory in the war on cryptography.

Today the encrypted communications industry is dominated by giants like Amazon, whose cloud computing arm Amazon Web Services (AWS) recently bought the private messaging app Wickr. Facebook owns WhatsApp and is now said to be trying to analyze encrypted WhatsApp messages.

These companies have millions of users deeply attached to their products and services, and their business leaders have one-on-one meetings with heads of state in countries worldwide.

The creator of PGP has weighed in on the contemporary situation saying the fight over encryption is not over. While Amazon and Facebook bring knowledge, relationships and wealth to the table their own privacy policies have been subject to lawsuits and public outcry. Not to mention they are mining your data every time you use their service.

Facebook is Leaky and Problematic

Almost 2-billion people use Facebook every day — a quarter of the world’s population! In April 2021, the personal data of over half a billion users was posted to a low-level hacking forum — the data included phone numbers, locations, full names, email addresses and biographical information.

Researchers say this information could be used by scammers to commit fraud. While hackers exploiting your personal data stolen from Facebook is a major concern, policies of the social media giant also threatens users privacy.

WhatsApp is suing the Indian government for severely undermining the tech giant’s encryption by requiring the platform to store all messages in a traceable database. WhatsApp promises its users that all messages are protected by end-to-end encryption, but if governments have a back door to read your messages it is an empty promise.

Twitter has also had problems in India. In May 2021, Indian police visited Twitter’s New Delhi office to serve notice about an inquiry into a tweet published by a member of the ruling party which Twitter had labelled manipulated media. Critics called it censorship.

Amazon’s Payment Processor Leaked

Last August there was a data breach at Juspay, the payment processor used by companies like Swiggy and Amazon. As a result, the personal data of 100 million debit and credit card users was leaked on the dark web. The hack didn’t come to light until January of this year. The data included the name, mobile number and bank name of customers.

Security experts noted this isn’t the end of the Juspay threat. Since the leak included phone numbers, the hackers could call unsuspecting cardholders and dupe them into revealing their full credit card number, PIN, CVV and one-time passwords.

The information of paying customers is worth a lot more to hackers and scammers than non-paying customers. The threat and scope of this enormous breach could continue to grow.

Amazon CEO Jeff Bezos famously had his cell phone hacked. What would be revealed if yours was too? Learn how Myntex keeps you safe from hackers in this guide to encryption so you’ll never be the victim of a data breach on your phone.

Technology has developed by leaps and bounds since the 1990s but the fight to maintain privacy rights and prevent government intrusion continues. Using an encrypted phone on a hardened device free of third-party apps is the best way to ensure your personal data is safe and secure. With our proprietary solutions, Myntex keeps you fully protected anywhere in the world.

Operation Dunhammer: Wiretapping is a Net That Traps Us All

When the government spies on citizens, we usually don’t find out until years later, if at all. In 2013, whistleblower Edward Snowden famously pulled back the curtains to reveal the size and scope of the US National Security Agency spy apparatus.

Society spent years digesting the news and considering the implications of an institution with so much power and access to eavesdrop on its own citizens. Therefore, it might be surprising to learn that the NSA spy apparatus was even more far-reaching than it appears.

Spying on European Leaders, Sharing with Europe

Governments aren’t supposed to spy on their citizens, and they definitely aren’t supposed to eavesdrop on politicians and residents of allied countries, either. Yet, a recent report lays out how the NSA collaborated with the Armed Forces Intelligence (FE) to use Danish internet cables to spy on important heads of state, top politicians, and high-ranking officials in Germany, Sweden, Norway, and France.

A 2015 internal investigation known as Operation Dunhammer revealed the extent of the spying and the nature of the collaboration between the two agencies, which took place between 2012-2014. Using a secret computer called XKeyscore, the US searches, analyzes, and collects global Internet data continually.

If foreign governments spying on their own citizens and world leaders wasn’t bad enough, the NSA has shared data gathered by XKeyscore with other intelligence agencies from New Zealand, Canada, Australia, the UK, Japan, and even Germany.

Denmark’s Defence Minister, Trine Bramsen, told the Danish public service broadcaster that “systematic wiretapping of close allies is unacceptable.” Actually, espionage is widespread and, in practice, accepted all the time, so long as it’s accompanied by a public condemnation once it’s made known.

That the NSA spied on Germany and shared intelligence data with them highlights how give-and-take international spying really is. How can a country object to such data gathering when used against them while actively collaborating with the same intelligence service?

Angela Merkel is among Europe’s most powerful leaders, and not even she was immune from having her text messages and phone calls intercepted. Indeed, the more valuable your communications are, the more likely they are to get targeted.

Not Just World Leaders 

The NSA eavesdropping on politicians and world leaders inevitably ensnares ordinary people, some of whom have excellent reasons for requiring privacy. Politicians need to communicate with a cross-section of the public, so, with the help of FE, the NSA intercepted conversations with people who contact politicians from a range of backgrounds.

What if a person is illegally hiding because they’re persecuted in their home country? What if a journalist needs to discuss sensitive issues? It could be political activists, opposition politicians from foreign countries, and countless others. 

Indeed, the NSA engages in such widespread wiretapping to maximize the communications intercepted. Relying on encrypted cell phone communication is the only way citizens and even high-ranking politicians can stay above the fray and ensure their messages, emails, and phone conversations don’t get intercepted.

Fallout Since the Scandal

In June 2021, France’s Europe Minister Clement Beaune spoke to France Info radio about the fallout since the Operation Dunhammer scandal became public. “It’s extremely serious,” he said.

“We need to see if our partners in the EU, the Danes, have committed errors or faults in their cooperation with American services…between allies, there must be trust, a minimal cooperation, so these potential facts are serious.” Notice, the objection expressed is not over spying in general, but the levels of cooperation and trust in espionage.

It’s not clear if the Danes knew the US was using their cables for spying on neighbouring countries. Other allegations need to be verified, and officials from Germany and other European nations offered measured statements stressing the need to figure out precisely what happened while condemning what appears to have occurred.

Everybody knows that countries spy. American politicians may worry about the diplomatic consequences between allied nations after having been caught. But the US has had a broad wiretapping service in place for years and even tapped Merkel’s mobile phone. If the Danish-US spying story is confirmed, the NSA carried out its spy program before and after Snowden blew the whistle on it.

Moving Forward

It’s essential to take a slow and sober look at this story and determine what exactly occurred. But there’s nothing encouraging here for ordinary people with fears over privacy concerns.

The NSA does not appear like it’s about to reverse course, let alone slow down its spy program, and France and the other European countries will likely resume their relationship with the US as if nothing happened once the headlines die down.

Amid all the very pressing international news concerning COVID-19 and conflicts, Operation Dunhammer wasn’t exactly the main story on the newspaper’s first page. However, the story itself is a new revelation about spying that took place years ago, and maybe it would have got more traction had the events themselves been new.

One person whose notice it didn’t escape is Edward Snowden himself, who pointed out on Twitter that: “Biden is well-prepared to answer for this when he soon visits Europe, since, of course, he was deeply involved in this scandal the first time around.”

If these politicians were using ChatMail device encryption on a hardened phone, they would have been safe against the NSA and other hackers or international spy agencies. It’s impossible to discover that you need this level of security until it’s too late. If even allied nations spy on their friends, who exactly is safe?

Please read this encryption guide to understand how Myntex products use military-grade encryption that can’t be decrypted and several secondary security features to fill any potential vulnerabilities. Foreign intelligence services don’t have a pressing need to intercept your phone records. Still, they eavesdrop on countless ordinary people every day, and even people with a dedicated service of bodyguards don’t have secure communications. So take care of your online privacy now because, by the time you realize it’s necessary, it’ll be too late.