[Cryptography] Suggestion that a bad crypto tool led to a wide-scale roll-up?

ianG iang at iang.org
Fri Oct 7 19:10:05 EDT 2016 

https://www.theguardian.com/technology/2016/aug/03/turkey-coup-gulen-movement-bylock-messaging-app



Turkey coup plotters' use of 'amateur' app helped unveil their network
Turkish authorities identified thousands of undercover Gülenist 
operatives, whom they blame for the failed coup, after cracking 
messaging app ByLock

Turkish authorities were able to trace thousands of people they accuse 
of participating in an underground network linked to last month’s failed 
military coup by cracking the weak security features of a little-known 
smartphone messaging app.

Security experts who looked at the app, known as ByLock, at the request 
of Reuters said it appeared to be the work of amateur software 
developers and had left important information about its users unencrypted.

A senior Turkish official said Turkish intelligence cracked the app 
earlier this year and was able to use it to trace tens of thousands of 
members of a religious movement the government blames for last month’s 
failed coup.

Members of the group stopped using the app several months ago after 
realising it had been compromised, but it still made it easier to 
swiftly purge tens of thousands of teachers, police, soldiers and 
justice officials in the wake of the coup.

“The ByLock data made it possible for us to map their network – at least 
a large part of it,” a senior Turkish official said. “What I can say is 
that a large number of people identified via ByLock were directly 
involved in the coup attempt.”

The Turkish official said ByLock may have been created by the Gülenists 
themselves so they could communicate. However, experts consulted by 
Reuters were not able to verify this.

“ByLock is an insecure messaging application that is not widely used 
today,” Tim Strazzere, director of mobile research at US-Israeli 
security firm SentinelOne told Reuters. “Anyone who wanted to 
reverse-engineer the app could do so in minutes.”

More than a dozen security and messaging experts contacted by Reuters 
had never heard of ByLock until it was mentioned in recent days by the 
Turkish authorities.

According to Matthew Green, a cryptologist and assistant professor of 
computer science at Johns Hopkins University in the US who examined the 
app’s code after being contacted by Reuters, the ByLock network 
generates a private security key for each device, intended to keep users 
anonymous.

But these keys are sent to a central server along with user passwords in 
plain, unencrypted text, meaning that anyone who can break into the 
server can decrypt the message traffic, he said.

“From what I can tell it was either an amateur app (most likely) or 
something that someone wrote for the purpose,” he said in an email.

The ByLock messaging app appears to have been launched in 2014 on both 
Apple and the Google Play app stores, only to be removed by the 
developers later the same year. New versions subsequently appeared on 
less secure app downloading websites targeting Android, Windows Phone 
and Blackberry users.

An anonymous blogpost in November 2014 purporting to be from the 
developer claims ByLock had attracted around 1 million users, making it 
difficult to maintain, in part because the app had come under attack 
from unnamed “Middle East countries”.

Even if it had reached a million users, that would still make it 
minuscule compared with mainstream smartphone messaging apps like 
Facebook Messenger or WhatsApp, which each have around a billion users 
worldwide, or iMessage, the messaging app available on all Apple iPhones.

According to some websites that allowed users to download ByLock, and to 
the security certificate inside the software itself, the author of the 
app was listed as David Keynes of Beaverton, Oregon. Reuters was unable 
to locate anyone matching that name or verify whether this identity is 
genuine.

Starting in May 2015, Turkey’s intelligence agency was able to identify 
close to 40,000 undercover Gülenist operatives, including 600 ranking 
military personnel, by mapping connections between ByLock users, the 
Turkish official said.

However, the Turkish official said that while ByLock helped the 
intelligence agency identify Gülen’s wider network, it was not used for 
planning the coup itself. Once Gülen network members realised ByLock had 
been compromised they stopped using it, the official said.

Instead, the coup plotters seem to have switched to the far more secure 
WhatsApp by the time they launched their putsch. While WhatsApp 
encryption is harder to crack from the outside than ByLock, the 
authorities have been able to access messages sent that night by getting 
their hands on the phones of detained plotters.

Transcripts published by Turkish media show officers coordinating troops 
movements in WhatsApp chat groups. “With thousands of people in a single 
WhatsApp chat, it only takes one person to get captured while their 
phone is unlocked to discover every planned detail,” said Dan Guido, 
head of New York-based information security firm Trail of Bits.

==

More information about the cryptography mailing list