This had nothing to do with encryption. 99.99% of breaches aren’t some pen hack, it’s social engineering of someone to gain access. You have all the best software and practices in place, but if the dumbass on the fourth floor decides that they’re gonna let someone in who’s called them from Microsoft, then it doesn’t matter.
They let the FBI into the chat because they don’t know opsec for shit.
But like. A lot of the time security/privacy fails like this are user-inflicted. Either because people don’t understand the apps and services they use, or because other people aren’t as vigilant about auditing their networks (the people, the hardware the software).
I don’t know who still needs to hear this, so I’m going to say it again for the people in the back.
Assume every form of communication you have is being spied on.
If you’re using an app like signal or similar, make sure you and everyone else in the chat has encryption enabled.
Verify the other users in the chat.
Do not plan any activity that could be considered a criminal enterprise on an electronic device with a connection to the internet.
This had nothing to do with encryption. 99.99% of breaches aren’t some pen hack, it’s social engineering of someone to gain access. You have all the best software and practices in place, but if the dumbass on the fourth floor decides that they’re gonna let someone in who’s called them from Microsoft, then it doesn’t matter.
They let the FBI into the chat because they don’t know opsec for shit.
I agree that you’re right. My thought was it was more likely that they socially engineered their way into getting invited to the chat.
This is why I said that a lot of people are the weakest link in their own secured communications networks.
I just got downvoted in the comments above for basically having the EXACT same sentiment. I fucking hate it here.
Yeah. I dunno man. I’m sorry.
But like. A lot of the time security/privacy fails like this are user-inflicted. Either because people don’t understand the apps and services they use, or because other people aren’t as vigilant about auditing their networks (the people, the hardware the software).
Fair point!