Security or Convenience – Manafort May Have Picked the Wrong Option

June 5, 2018 CyberCecurity Leave a comment

Paul Manafoft, President Trump’s former campaign manager, is in trouble with the Feds. Again.

Federal prosecutors say that Manafort attempted to tamper with witnesses to make sure that their testimony coordinated with his.

How the feds found out is that they got a warrant for his iCloud account. Whatsapp and Telegram messages backed up to iCloud are not encrypted.

Poof, his cover was blown.

Manafort has been charged with money laundering, tax evasion and failing to register as a foreign agent. Now the feds may add witness tampering to that.

Since he is currently out on bond and possible witness tampering probably was not on the court’s approved list of things to do while you are out on bond, they could, possible, revoke his bond and send him to jail. My guess is they will more likely use these new allegations to squeeze him some more.

So what should you do to avoid this situation?

Number one is don’t commit crimes.

Number two is if you are being prosecuted for possibly committing crimes, don’t commit even more crimes.

Number three is to remember that even if your end is secure, there is nothing to stop the recipients from giving you up. The feds, for example, could say that they are going to charge the other person with a crime unless they cooperate. Even if the charges are flimsy and don’t eventually hold up, they will still spend a lot of money and have their life turned upside down, so someone might decide to cooperate.

If you are creating records for yourself and you encrypt them, that makes it much harder for anyone to read them. But you have to make sure that the software is well written and the keys are securely managed. This is true whether you are planning a crime spree or just trying to protect your business. Leaving the key in the locked door is not very secure. Happens to businesses all the time. They think they are protecting their data by encrypting it, but in reality, the keys are stored with the data. If you do it right, they (meaning the feds or hackers from China) might be able to get the data, but the data will still be encrypted. Could they crack the encryption? Maybe. All that takes is time and money. Possibly a lot of both. OR, they could hack your phone/computer and steal the encryption keys.

Bottom line – encryption is not a silver bullet; even if you are not a crook. It is hard to do right and easy to do wrong.

Information for this post came from Gizmodo.