Tag Archives: Quantum Computing

MI-6 Follows CIA, Just 22 Years Late

Why? Quantum Computing and Artificial Intelligence!

For those of you who are not familiar with MI-6, even via a somewhat romanticized version in James Bond movies, MI-6 is Britain’s spy agency. Working along MI-5 and GCHQ, their goal is to protect Britain from the bad guys. MI-6, similar to our NSA (often referred to as No Such Agency), prefers to stay in the shadows. The agency’s existence wasn’t even formally acknowledged until the 1990s.

However, now they are they are talking very publicly. Richard Moore (AKA “C” in MI-6 speak) talked publicly for the first time since taking over the role of Chief of MI-6. He said that developments in quantum computing and AI are good for society.

Speaking at the International Institute for Strategic Studies, Moore warned that China, Russia and Iran are a threat to the UK (and the rest of the world), who could exploit technology to meet their aims.

While human intelligence is important (and, I might add, becoming harder by the day because of the digital footprint that every human leaves behind – or if they are a spy, do not leave behind), technology is going to be critical to assessing that intelligence.

He warned that “our adversaries are pouring money and ambition into mastering artificial intelligence, quantum computing and synthetic biology because they know that mastering these technologies will give them leverage”.

However, “C” admitted that they (the UK) will lose the battle if they try to out-do big tech.

So, they are doing what the CIA started to do in 1999 and have started a venture capital fund called the National Security Strategic Investment Fund. The CIA calls theirs In-Q-Tel. While I don’t know NSSIF, I did pitch In-Q-Tel a few years ago. Some super smart people. Likely also true for NSSIF. Both are looking for smart people with even smarter ideas who need money. Of course, they want to use, partner, or own the tech that these investments produce. “C” said that this is a culture change for the organization that is going to be a sea-change. The CIA seems to have figured out how to do it. Perhaps the two organizations should chat. Or maybe they already are.

Key point is that Quantum computing and AI are going to be critical to national security and, my guess is, China and the others know that too (read my November 25th blog post if you doubt this). If they can’t develop it themselves, there are other alternatives that they seem to be pretty good at also. Credit: ZDNet

Booze Allen says that the Chinese are already planning for the day when powerful quantum computers are running inside their state run intelligence service. Booze says that Chinese hackers might soon start trying to steal encrypted data such as encrypted weapons design data, biometric data and spy agency human asset info, with the hope that, with quantum computing, they will be able to decrypt it in the future.

Booze writes:

In the 2020s, Chinese economic espionage will likely increasingly steal data that could be used to feed quantum simulations,” the analysts write in the report Chinese Threats in the Quantum Era

Hackers could steal encrypted data now and crack it with quantum computers later, warn analysts | ZDNet

We either need to protect our tech. Or learn Mandarin.

Security News for the Week Ending November 26, 2021

Tesla Locks Owners Out of Cars – On Accident

Hundreds of Tesla owners got locked out of their cars when a server that powers the Tesla app crashed due to load. Apparently those owners forgot there is such a thing as a car key. The outage lasted about 5 hours and Elon Musk later tweeted that they would work to avoid this in the future. This doesn’t happen often; just a reminder that no tech is perfect. Credit: The Guardian

The Zelle Fraud Scam – Don’t Fall Victim

The Zelle fraud scam starts with a fake text message that asks if you made a Zelle payment in the amount of $X. If you respond to the text with anything, you will get a call from the scammer pretending to be your bank. The scammer asks for your online banking USER NAME (not password) and the hacker then does a password reset, asking you for the PIN that your bank sends to do the password reset. And then empties your bank account. For more details, see the Brian Krebs account of the attack.

Microsoft Says Attackers Don’t Bother to Brute Force Long Passwords

A Microsoft engineer analyzed over 25 million password attempts against a honeypot of SSH servers and discovered that 77% of the attempts to brute force a password used passwords of 7 characters or less and only 6% used passwords of over 10 characters. Also, only 7% of the attempts used a special character. This gives users some parameters for constructing passwords. Credit: The Record

US Sanctions 28 Quantum Computing Companies in China, Russia, Pakistan and Japan

The US continues to work on protecting our technology from foreign bad actors. The Commerce Department added 28 companies in multiple countries as a risk to the US. These sanctions prohibit US companies from dealing with these organizations. Given that quantum computing is a strategic technology for everyone, we do not want to accidentally be helping the bad guys. For a list of these companies, check out this article.

Israel Bans Sales of Hacking Tools to 65 Countries

In the wake of all of the negative press that Israeli hacking tools company NSO Group is getting, including being banned in the US, Israel reduced the list of countries that companies like NSO can sell to from 102 to just 37 countries. See the list here.

India to Ban Almost All Private Crypocurrencies

India is about to ban almost all private cryptocurrencies. A new bill will create a framework for an official digital currency, to be issued by the Reserve Bank of India. Included in the ban would be Bitcoin and Ethereum. Effectively, if this bill becomes law non-fiat cryptocurrency would cease to exist in one of the world’s most populous countries. Credit: Euronews

China Charts Plan for Tech Self-Sufficiency

China’s policymaking body, the Central Comprehensively Deepening Reforms Commission (I did not make up this name) approved a plan yesterday for developing home grown science and technology with an eye toward self-sufficiency.

According to a press release by the state run news agency, Xi said that while China has made substantial progress in trying to develop its science and technology sectors, they are still struggling. Which means that stealing intellectual property from the west is still critical.

And what are they trying to focus on?

Artificial intelligence and quantum computing.

This comes as Biden continues to tighten the screws on the Chinese tech sector, adding another dozen Chinese companies to the entities list, banning US companies from selling to them.

China’s vice premier wrote an article for the People’s Daily yesterday saying, using a lot of words, that innovation is critical and since Xi said that they were still challenged at doing that, it is pretty clear what the alternative is.

China, of course, is not pleased that more companies have been blacklisted, but my guess is that asking us to un-blacklist them will not produce results for them.

Based on this, expect more espionage – both by breaking into US company networks and by planting insiders inside targeted companies. Also expect them to continue to expand the Thousand Talents program.

All in all, this means that US companies with critical tech need to stay on their toes. If you think your tech is important, so does China and they are very motivated to steal it. Likely they will do it very quietly so that you don’t even know that you have been hacked.

Credit: The Record

NIST Prepares Post-Quantum Encryption Standards

Long before quantum computing becomes “main stream”, state actors will have access to it. In part, because they command large budgets; in part because it is important to them.

Why do they care? Because, it will allow them to decrypt both communications that they intercept going forward and communications that they have intercepted in the past and stored. That is a game changer.

While we can make things more difficult with perfect forward secrecy (PFS), which requires each message to be separately decrypted, there are plenty of places were PFS is not being used.

NIST, the part of the Department of Commerce, is responsible for creating encryption standards used by most of the government (except for the spies) and all of the commercial sector, and has been working on this problem since 2016. They are not there yet, but this week they made an important announcement.

They plan to announce finalists for new standards roughly by the end of the year.

Then they have to document them as standards and put out the documents for public comment. Possibly, rinse and repeat.

They expect approved standards by 2024 – an 8 year process.

THEN COMPANIES NEED TO IMPLEMENT THEM AND INTEGRATE THEM INTO SOFTWARE AND HARDWARE PRODUCTS.

They have selected 8 algorithms as candidate standards.

And just to make sure that things don’t get away from them, they are also looking at 7 backup standards.

These standards use different strategies, not just different implementations of solving the same problem. (Like RSA encryption uses the hard problem of factoring large prime numbers. That is not quantum proof, but that is an example of one strategy). So we potentially have 15 different problems which NIST thinks will be hard for even quantum computers to break. If they are wrong about one, they have 14 more. Backups with backups to the backups.

Look for NIST to release draft proposals in a few months. Then we have more wait. But at least this seems like light at the end of the tunnel.

For software developers, that means work, documentation and testing. Plan to be doing that around 2024.

Credit: SC Magazine and NIST

Does Quantum Computing Mean the End of Encryption

If you believe all of the news reports, quantum computers are here and can break Quantum Computing Mean the End of Encryption all of the encryption that we have ever used.

A bit hyperbolic.

Dorothy Denning, a very well know security researcher who has written 4 books and over 200 articles while teaching at Purdue, Georgetown and the Naval Postgraduate School wrote a very readable article on the subject.

She explains what is and what is not real and why.  In English.

She makes a distinction between symetric key encryption like AES and public key encryption.  For AES,  there are reasonable solutions to the problem.

For public key encryption, one algorithm is based on the supposedly hard problem of factoring numbers.  So far the largest number that they have factored is 15 (4 bits).  Given that most public key encryption is 1,024 or 2,048 bits, they are not quite there. yet.

One study said that quantum computers would need to be 100,000 times faster and 100 times less error prone.

But they will get there.

However, the National Institute of Standards (NIST) is evaluating 69 new potential post quantum encryption algorithms.  They plan draft standard by 2024 if not sooner.

So as long as quantum computers don’t get 100,000 times faster and 100 times more reliable in the next 5 years or so, we are probably OK.

Read Dr. Denning’s article here.  Put your mind at ease.