BlackBerry Messenger a Major Threat to National Security

-

In view of the recent breaches in our national security through various bombings and explosion, it is important that we look at some issues that can easily become a tool in the hands of terror networks to enhance their operations. The essence of this write-up is to create the necessary alert to the dangers these devices pose to national security.




In 2002, a Canadian company Research in Motion (RIM) released a smartphone BlackBerry, which supported push e-mail, mobile telephone, text messaging, internet faxing, web browsing and other wireless information services. One of the most significant features of this smartphone was its extreme security in messaging through advanced encryption techniques. This extreme security implemented by BlackBerry services is now in news for risking national security in some of its fastest growing markets like UAE, Saudi Arabia and India.
In its statement, the company explained that data on its BlackBerry Enterprise Server network is encrypted so that no one, not even RIM, can access it. RIM added that it would be unable to “accommodate any request for a copy of a customer’s encryption key since at no time does RIM, or any wireless network operator, ever possess a copy of the key.








The BlackBerry for enterprise service on which the ban is sought.
.
.






At the heart of the blackberry service is the BlackBerry internet service server as shown in the diagram above as BlackBerry Infrasctructure.
The problem with this server with most National security apparatus is that this server is hosted outside their Domain and therefore they cannot have access to it in any way.
For the case of Nigeria, this server is hosted somewhere in Northern France and that is the case for most African countries. Therefore the Nigerian security apparatus do not have access to this server neither do all the wireless service providers (MTN, GLO, Airtel Etisalat etc).
The implication is that communication within this service cannot be monitored with the exception of voice calls only.
The main communication service within the blackberry network that is of real threat to our national security is the:


E-mail Services :
Generally speaking, e-mails can be intercepted for security checks within countries when a packet is suspected to contain information of interest. The mechanism used here is what we call “Man in the middle” in data communication parlance. The principle is simple and is described thus:

DEFINITION
The man-in-the-middle attack (often abbreviated MITM), bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).
A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other—it is an attack on mutual authentication. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL authenticates the server using a mutually trusted certification authority.
Name Origin: The name "Man-in-the-Middle" is derived from the basketball scenario where two players intend to pass a ball to each other while one player between them tries to seize it. MITM attacks are sometimes referred to as "bucket brigade attacks" or "fire brigade attacks." Those names are derived from the fire brigade operation of dousing off the fire by passing buckets from one person to another between the water source and the fire.

The problem with blackberry e-mail service is that that this mails are so scrambled with special security codes that they cannot be unscrambled except if RIM the markers of Blackberry devices allows access to the security algorithms and codes.
We cannot enforce this on them as their platform is outside the domain and jurisdiction of our legal boundaries.
This services and loopholes has been exploited by terror networks around the globe for their communications.


BlackBerry Messenger


The BB messenger as it is popularly called is the medium of choice for communication amongst terror networks around the globe and will easily lends itself to terror organization like Boko Haram in Nigeria.
The problem with this PIN to PIN messaging system is that it cannot be intercepted because it is well secured beyond the reach of security organizations.
All that the GSM networks do in Nigeria is simply to provide a channel for this communication between BB users. The actual routing mechanism is the BIS server situated in France owned by Research In Motion and cannot be accessed by our security apparatus.
This makes it a very easy tool for terror networks in their communication.
Giving that the BB users in Nigeria now approaches 700,000, it has become important that this community of users be effectively monitored and profiled for National security.

What Other Nations in this same dilemma did

RIM vs. Saudi Arabian Government:


The government of United Arab Emirates (UAE), has announced that it would suspend Blackberry mobile services like e-mail and text messaging beginning in October affecting 500K users and potentially paving the way for other Gulf states to follow suit. Nokia and Apple smart phones will were however supposed continue to operate as usual.
According to recent developments, Saudi Arabia's telecommunications watchdog has announced that it would allow BlackBerry Messenger (BBM) service to continue operation citing "positive developments" with the Research in Motion management.
In the case of Saudi Arabia, the government says it only wants access to RIM's consumer-focused BlackBerry Messenger service unlike other countries like Indonesia, Bahrain and India that are seeking access to encrypted emails which RIM routes through its own secure servers which have no master key.


RIM Vs. Indian Government


UAE, Saudi Arabia, India and Pakistan have all voiced similar concerns over wanting to be able to monitor Blackberry’s encrypted text messaging for national security reasons.
BlackBerry has a higher level of encryption that doesn’t allow monitoring of enterprise email (email run for companies) and messenger services. According to DoT in India (Department of Telecomm) guidelines, “Individuals/groups/organizations are permitted to use encryption up to 40 bit key length without having to obtain permission from the licensor. If encryption equipment higher than this limit is deployed then shall do so with prior written permission of the licensor and deposit the decryption key, split into two parts, with the licensor.” In case of BlackBerry, the level of encryption is much higher and very complex. The government has not given permission to any operator to start services without setting up server
A solution to the national security problem, as proposed by the Department of Telecommunication, was that RIM can shift the servers for the Indian network to India or create copies of data sent over Indian networks, archive it for six months, and give access to those copies to the Indian Government. However, once again, RIM could not grant this request as it was either unfeasible for the company or it compromised their customers’ privacy and security.
To resolve matters, the National Security Advisor had been asked to offer a possible solution to this problem. After several meetings with the Indian government, RIM proposed that it could share the IP address of BlackBerry Enterprise Servers (BES) and the PIN (Personal Identity Number) and IMEI (International Mobile Equipment Identity) numbers of BlackBerry mobiles, a senior government official familiar with the discussions said, but added these were not sufficient. So finally, to end this face-off, RIM has agreed to provide manual access to the BlackBerry Messenger service from September 1 which would be upgraded to automatic access from November. RIM officials are also expected to explain how the Black Berry Enterprise Server operates to the security experts.”

USA
RIM and US Security Issues:


The BlackBerry encryption is so advanced that even the United States government allows many military and law enforcement employees to send confidential messages by BlackBerry, but it also makes surveillance correspondingly difficult.
The encrypted data seems like a double-edged sword now as RIM management is now having clashes with officials elsewhere in recent years. A point to note is that RIM has been offering country specific solutions to its encryption message issues and has not come out openly in public domain over the exact deals reached with various governments worldwide including the US and China.
According to various reports however, U.S. authorities can seek a court order to tap BlackBerry traffic, giving them access to messages sent over the network. Officials with Research in Motion declined to talk about how they provide such access. It is possible that the government provides such requests directly to RIM's customers. Moreover unconfirmed reports say that US National Security Agency reportedly has the technology to crack encrypted mail in a few hours - with or without help from RIM.
If RIM denies their requests, its BlackBerry Messenger service and/or smart phones could be banned from these countries.

What we can Do In Nigeria

With a vibrant youthful population and the ever increasing incentives of operators in Nigeria, The BlackBerry Messenger has become a medium of choice in communication amongst them.
As at this writing, there are close to 700,000 users of the BB service in Nigeria when you take all the networks together. This means that we can ignore this trend as we did in the past.
We can do the following:
· As the Network operators to provide profiles of all the BB users to government
· Restrict new subscription except with security clearance
· Ask RIM the makers of Blackberry to provide access to this BBM to Nigerian security operatives or have the BBM expunged from BB service in Nigeria
· Suspend the BB service in the event of RIM’s inability to provide satisfactory technical solution to solve this security problems.
I will be available to provide further details if needed.

Henry O Ohakwe
Core Network Consultant

Comments

  1. RamJeeMarch 17, 2016 at 12:08 AM

    I am in fact grateful to the owner of this web site who has shared this great paragraph at here.
    Blackberry Encryption

    ReplyDelete

Post a Comment

Popular posts from this blog

Quality of Service in the Nigerian Telecoms Space

-
Hi, It is my intention to do a series on the inefficient communication networks we have in Nigeria and I welcome comments on this.It is over eight years now since the introduction of GSM and other mobile network services in Nigeria, given birth to a number of operators in the industry.While NCC has been largely successful in selling communication licenses to would be operators and existing ones, it has not met with equal success in regulating these kinds and quality of networks being rolled out in Nigeria. This have subjected the industry to a number of speculations, bad and poorly designed networks and equipment flooding the market with the attendant poor quality of services from all the operators , leaving the subscribers to the mercies of these operators whose only goal is profit, profit and moor profit.In these series I will like to pursue the causes of these poor qualities of services in the Nigerian telecom industry and perhaps proffer some solution to these problems. While some
Read more

4G Technologies

-
Image
The 4G is the fourth generation of cellular wireless standards. It is used broadly to include several type of broadband wireless access communication not only cellular telephone system.4G is an IP-based heterogeneous network. One of the terms used to describe 4G is “MAGIC”, M-Mobile Multimedia A-Anytime anywhere G-Global mobility Support I-Integrated wireless solution and C-Customized personal service While most of us are used to getting high speed Internet connections at home, the office or even the local cafe, once we are on the road those high speeds have to stay behind. With 4G the promise is that you can get real mobile broadband to go. In this piece I am going to tell you all about the technology and its benefits. But first, some background: 4G is the short name for fourth-generation wireless, the stage of mobile communications that will enable things like IP-based voice, data, gaming services and high quality streamed multimedia on portable devices with cable mode
Read more

The Future of the Telecoms market in Nigeria

-
Let me take a critical look at the market trends with a view of looking into the future going forward. The Nigerian Telecoms market has performed excellently well since the introduction of mobile telephony into the space especial the GSM operators. From a Paltry 400,000 installed capacity in 1997 to a whooping 85M lines today, the market has done well beyond expectation. What were the major drivers of the Market? 1 Available total hungry Market of over 100M subscribers yearning for Telco services which were unavailable 2 Government liberalization of the space 3 A transparent frequency licensing regime by NCC 4 A growing young and vibrant population, highly literate and highly mobile 5 A reasonable economic leverage within the population, that enabled them afford the services 6 Vibrant operators , offering mouth watering incentives in the form of mobile lottery in most instances What are the inhibiting factors to Growth and affordability? 1 Lack of basic Infrastructure
Read more