WikiLeaks released a trove of documents this week alleging that CIA agents undertake major efforts to circumvent user encryption, resorting to highly targeted attacks involving physical work-arounds. IT security experts from Rubicon Labs, CipherCloud and Pushfor commented below.
Rod Schultz, VP of Product at Rubicon Labs:
“Encryption has never been stronger, the algorithms we have today are mathematically sound and incredibly secure. But the real problem is key management, and that is where the system is attacked. The power of an encryption algorithm is only unlocked once you have a key, but that key is the linchpin to everything. Find the key, destroy the system, and this is what a good attacker will do.”
.Pravin Kothari, CEO and Founder at CipherCloud:
“Encryption definitely works if applied correctly, and is becoming a critical technology to help organizations leverage the cloud while protecting sensitive data and meeting compliance requirements. We expect the importance and awareness of encryption to increase as concerns about hacking, surveillance, and global compliance laws like the GDPR continue to grow.”
Willy Leichter, VP of Marketing at CipherCloud:
“Encryption has long been a fundamental building block for security, and a core technology for the internet. But the ongoing Snowden-effect has dramatically raised interest, awareness, and often uninformed punditry about encryption. At its core, encryption relies on strong mathematical algorithms to keep secrets, with concept of a key that needs to be guarded. The easiest way to defeat encryption is always to steal the key – not to crack the algorithm. Strong encryption algorithms that have not yet been cracked are readily available to good guys and bad guys. If the good guys water-down encryption by creating backdoors, that will only defeat its effectiveness for legitimate security purposes, but won’t prevent bad guys from using their own, more bullet proof versions.”
John Safa, Security Expert and Founder at Pushfor:
“The current issue that those in the tech industry have is that we have no idea what is in the leaked documents. It raises questions about why the vulnerabilities haven’t been caught before, and in a worse case scenario, whether the tech companies are working with the security services in order to enable them to monitor activities.
WikiLeaks wants to make the CIA’s job harder. That’s possibly why it released information about the CIA hacking tools. While this information will educate hacker communities, it could also prove to be a good thing for tech companies. Now that the information is out there, they can create the fixes and patches needed to secure our devices.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.