An anonymous reader shared this report from NBC News: Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers... In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China's intercepting their communications. "Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," Greene said. The FBI official said, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for email, social media and collaboration tool accounts... The FBI and other federal law enforcement agencies have a complicated relationship with encryption technology, historically advocating against full end-to-end encryption that does not allow law enforcement access to digital material even with warrants. But the FBI has also supported forms of encryption that do allow some law enforcement access in certain circumstances. Officials said the breach seems to include some live calls of specfic targets and also call records (showing numbers called and when). "The hackers focused on records around the Washington, D.C., area, and the FBI does not plan to alert people whose phone metadata was accessed." "The scope of the telecom compromise is so significant, Greene said, that it was 'impossible" for the agencies "to predict a time frame on when we'll have full eviction.'"

Read more of this story at Slashdot.

Session, a small but increasingly popular encrypted messaging app, is moving its operations outside of Australia after the country's federal law enforcement agency visited an employee's residence and asked them questions about the app and a particular user. 404 Media reports: Now Session will be maintained by an entity in Switzerland. The move signals the increasing pressure on maintainers of encrypted messaging apps, both when it comes to governments seeking more data on app users, as well as targeting messaging app companies themselves, like the arrest of Telegram's CEO in August. "Ultimately, we were given the choice between remaining in Australia or relocating to a more privacy-friendly jurisdiction, such as Switzerland. For the project to continue, it could not be centred in Australia," Alex Linton, president of the newly formed Session Technology Foundation (STF) which will publish the Session app, told 404 Media in a statement. The app will still function in Australia, Linton added. Linton said that last year the Australian Federal Police (AFP) visited a Session employee at their home in the country. "There was no warrant used or meeting organised, they just went into their apartment complex and knocked on their front door," Linton said. The AFP asked about the Session app and company, and the employee's history on the project, Linton added. The officers also asked about an ongoing investigation related to a specific Session user, he added. Linton showed 404 Media an email sent by Session's legal representatives to the AFP which reflected that series of events. Part of Session's frustration around the incident came from the AFP deciding to "visit an employee at home rather than arranging a meeting through our proper (publicly available) channels," Linton said.

Read more of this story at Slashdot.

An anonymous reader shared this report from Forbes: Recent headlines have proclaimed that Chinese scientists have hacked "military-grade encryption" using quantum computers, sparking concern and speculation about the future of cybersecurity. The claims, largely stemming from a recent South China Morning Post article about a Chinese academic paper published in May, was picked up by many more serious publications. However, a closer examination reveals that while Chinese researchers have made incremental advances in quantum computing, the news reports are a huge overstatement. "Factoring a 50-bit number using a hybrid quantum-classical approach is a far cry from breaking 'military-grade encryption'," said Dr. Erik Garcell, Head of Technical Marketing at Classiq, a quantum algorithm design company. While advancements have indeed been made, the progress represents incremental steps rather than a paradigm-shifting breakthrough that renders current cryptographic systems obsolete. "This kind of overstatement does more harm than good," Dr. Garcell said. "Misrepresenting current capabilities as 'breaking military-grade encryption' is not just inaccurate — it's potentially damaging to the field's credibility...." In fact, the Chinese paper in question, titled Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage, does not mention military-grade encryption, which typically involves algorithms like the Advanced Encryption Standard (AES). Instead, the paper is about attacking RSA encryption (RSA stands for Rivest-Shamir-Adleman, named after its creators)... While factoring a 50-bit integer is an impressive technical achievement, it's important to note that RSA encryption commonly uses key sizes of 2048 bits or higher. The difficulty of factoring increases exponentially with the size of the number, meaning that the gap between 50-bit and 2048-bit integers is astronomically large. Moreover, the methods used involve a hybrid approach that combines quantum annealing with classical computation. This means that the quantum annealer handles part of the problem, but significant processing is still performed by classical algorithms. The advances do not equate to a scalable method for breaking RSA encryption as it is used in practical applications today. Duncan Jones, Head of Cybersecurity at Quantinuum, tells Forbes that if China had actually broken AES — they'd be keeping it secret (rather than publicizing it in newspapers).

Read more of this story at Slashdot.

schwit1 writes: Chinese scientists have mounted what they say is the world's first effective attack on a widely used encryption method using a quantum computer. The breakthrough poses a "real and substantial threat" to the long-standing password-protection mechanism employed across critical sectors, including banking and the military, according to the researchers. Despite the slow progress in general-purpose quantum computing, which currently poses no threat to modern cryptography, scientists have been exploring various attack approaches on specialised quantum computers. In the latest work led by Wang Chao, of Shanghai University, the team said it used a quantum computer produced by Canada's D-Wave Systems to successfully breach cryptographic algorithms. Using the D-Wave Advantage, they successfully attacked the Present, Gift-64 and Rectangle algorithms -- all representative of the SPN (Substitution-Permutation Network) structure, which forms part of the foundation for advanced encryption standard (AES) widely used in the military and finance. AES-256, for instance, is considered the best encryption available and often referred to as military-grade encryption. While the exact passcode is not immediately available yet, it is closer than ever before, according to the study. "This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN structured algorithms in use today," they said in the peer-reviewed paper.

Read more of this story at Slashdot.