The race to save the Internet from quantum hackers

In cybersecurity circles, they call it Q-day: the day when quantum computers will break the Internet.

Almost everything we do online is made possible by the quiet, relentless hum of cryptographic algorithms. These are the systems that scramble data to protect our privacy, establish our identity and secure our payments. And they work well: even with the best supercomputers available today, breaking the codes that the online world currently runs on would be an almost hopeless task.

But machines that will exploit the quirks of quantum physics threaten that entire deal. If they reach their full scale, quantum computers would crack current encryption algorithms exponentially faster than even the best non-quantum machines can. “A real quantum computer would be extremely dangerous,” says Eric Rescorla, chief technology officer of the Firefox browser team at Mozilla in San Francisco, California.

As in a cheesy time-travel trope, the machines that don’t yet exist endanger not only our future communications, but also our current and past ones. Data thieves who eavesdrop on Internet traffic could already be accumulating encrypted data, which they could unlock once quantum computers become available, potentially viewing everything from our medical histories to our old banking records. “Let’s say that a quantum computer is deployed in 2024,” says Rescorla. “Everything you’ve done on the Internet before 2024 will be open for discussion.”

Even the most bullish proponents of quantum computing say we’ll have to wait a while until the machines are powerful enough to crack encryption keys, and many doubt it will happen this decade — if at all.

But the risk is real enough that the Internet is being readied for a makeover, to limit the damage if Q-day happens. That means switching to stronger cryptographic systems, or cryptosystems. Fortunately, decades of research in theoretical computer science has turned up plenty of candidates. These post-quantum algorithms seem impervious to attack: even using mathematical approaches that take quantum computing into account, programmers have not yet found ways to defeat them in a reasonable time.

Which of these algorithms will become standard could depend in large part on a decision soon to be announced by the US National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland.

In 2015, the US National Security Agency (NSA) announced that it considered current cryptosystems vulnerable, and advised US businesses and the government to replace them. The following year, NIST invited computer scientists globally to submit candidate post-quantum algorithms to a process in which the agency would test their quality, with the help of the entire crypto community. It has since winnowed down its list from 65 to 15. In the next couple of months, it will select a few winners, and then publish official versions of those algorithms. Similar organizations in other countries, from France to China, will make their own announcements.

But that will be only the beginning of a long process of updating the world’s cryptosystems — a change that will affect every aspect of our lives online, although the hope

Read More... Read More

Iranian hackers take down servers of Israeli internet hosting company Cyberserve

Hackers, seemingly joined to Iran, mentioned Friday they experienced broken into the servers of Israeli internet hosting corporation Cyberserve, bringing down a variety of commonly applied websites.

The Black Shadow group, which Hebrew-language media studies claimed was Iranian, warned the Israeli company that it was in possession of knowledge that could be leaked. The team has not verified that it is Tehran-backed.

“Hello Once more! We have news for you,” the hackers wrote in a message circulated on social media on Friday night. “You likely could not connect to quite a few websites right now. ‘Cyberserve’ business and their clients [were] strike by us. You may check with what about Details? As generally, we have heaps of it. If you do not want your Info leaked by us, get hold of us shortly.”

Black Shadow stole a vast trove of data from Israeli insurance plan company Shirbit final yr and then sold it on the darkish net when the business refused to shell out a ransom.

Cyberserve’s buyers consist of the Dan and Kavim public transportation providers, the Children’s Museum in Holon, the Pegasus travel enterprise and the blogsite of the Kan general public broadcaster.

The sites of a amount of Cyberserve’s consumers have been unavailable on Saturday morning.

Final calendar year, the Black Shadow attacked the Shirbit insurance policy organization and opened ransom negotiations, but the enterprise said it wouldn’t pay out, major to the darkish world-wide-web sale of data stolen from the business.

Lots of of Shirbit’s customers are from the general public sector and photographs of non-public documents launched incorporated the auto registration and credit history card information of an employee at the President’s Home, as effectively as particular correspondence and a relationship certificate, as effectively as the own information of the president of the Tel Aviv District Court docket.

Unnamed Israeli officials advised Channel 12 information at the time of the attack that they considered a condition was powering the Black Shadow attack. Having said that, they did not name the country.

Israel and Iran have been engaged in a years-extensive shadow war, with Israel allegedly directing most of its efforts — which includes many suspected cyberattacks — at sabotaging the Islamic Republic’s nuclear application.

This week, an unparalleled cyberattack took down Iran’s backed fuel distribution method.

A gasoline station is seen standing vacant because the pumps are out of support, in Tehran, Iran, Tuesday, Oct. 26, 2021. (AP Picture/Vahid Salemi)

Abolhassan Firoozabadi, a top rated official in Iran’s Supreme Council of Cyberspace, explained to point out broadcaster IRIB that the attack experienced seemingly been carried out by a foreign nation, while it was too early to identify suspects. He also joined the attack to yet another a person that qualified Iran’s rail procedure in July.

The next working day, an Iranian formal tweeted in Hebrew that the “enemy’s goal”

Read More... Read More