It is a scene in a movie, where the keystrokes or keypad presses of an unsuspecting person are captured by the highly sophisticated method of looking over their shoulder, be it literally, with a telescope, or from a security camera. Either way, Wetware is by far the largest security gap.
Politician Accidentally Doxes His Old Boss By Reading Encrypted Signal Messages in Front of a Bunch of Cameras
All the encryption in the world is not going to help if someone can read over your shoulder.
Jan 31 2018, 9:25am
Using a secure messaging app to communicate with your political allies is a great idea in this day and age, where government hackers actively try to break into the email accounts of high-profile politicians and staffers in order to plaster them online. But all the unbreakable encryption in the world isn’t going to save you if you read the supposedly secret messages in front of a camera.
Even though that scenario sounds like the subplot of a Mr. Robot episode, that’s precisely what happened to recently ousted Catalan president Carles Puigdemont.
On Wednesday morning, a Spanish TV station showed a photo of a series of messages apparently sent by Puigdemont to another Catalan politician using the popular encryption app Signal. Puigdemont appeared to admit the end of his attempt to lead Catalonia to secede from Spain and become an independent country.
“I guess you’ve realized that this is over,” reads one message from Puigdemont to his former Catalan health minister Toni Comin. “Our people have sacrificed us. Or at least me.”
Comín releyendo los mensajes que supuestamente le ha enviado Puigdemont con tropecientas cámaras en la sala. Mensajes que además son un monólogo escritos con intervalos de 10 minutos. pic.twitter.com/e3KuNDYmKB
— Lara Hermoso (@lhermoso_) January 31, 2018
As a Spanish journalist said during the TV show that broke the news, “Comin didn’t notice we were just behind him.”
Comin and the journalists were attending a public event in Belgium where Puigdemont was supposed to speak. He didn’t show, but instead sent a video message. During the event, Puigdemont sent Comin the messages, in which he apparently admitted his defeat in his attempt to make Catalonia, one of the richest regions in Spain, independent.
In October of last year, the Catalan government, then led by Puigdemont, celebrated a referendum where a majority of the voters sided with independence. Spanish authorities ruled the referendum unconstitutional and illegal, and ousted the Catalan government, calling for new elections.
Hours after the news broke, Puigdemont wrote on Twitter that, as a journalist himself, he has “always understood that there are limits, including privacy, which should never be violated.”
“I’m human and there are moments where I have doubts. I’m also the president and I will not give up nor back down,” he added. “We continue!”
This incident is a good reminder that just using a certain technology—no matter how secure it is—won’t save you if there are prying eyes all around you. If you are writing and reading sensitive stuff over Signal, make sure you don’t do that in a place where others might see it. Especially if the place is filled with journalists and you’re a very interesting politician. Be aware of your surroundings. And remember that anything you send can be screenshotted and shared by the person you’re sending it to.
In other words, there’s more to good OPSEC than just using an app.