I don’t see refenece in this article or any others, but how did prosecutors get access to SBF’s Signal messages?

Was it simply a court order that he unlock his phone (and agreed), or a codefendant who flipped to the prosecution and handed over the thread?

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    65
    ·
    edit-2
    1 year ago

    One of the co-defendends in the group chat starting taking screen shots when the writing was on the wall, I believe that is what I read earlier

    The threat model guides say it many times, but its easy to forget, even if signal works perfectly the people your talking to can compromise you… by taking screen shots, using a second phone to take photos of the first phone, hooking up a audio recorder to record voice conversations, etc.

    We also saw this behavior in some of the political trials post trump. Signal + screenshots.

    https://www.cnbc.com/2023/10/19/read-the-secret-signal-messages-that-could-help-put-sbf-behind-bars.html

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      Honestly you can just use a modified signal client that doesn’t delete messages. When you send something to someone you need to trust them.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      2
      ·
      edit-2
      1 year ago

      None of the screenshots had self destruct timers, so I’m not sure how they were using signal… kinda looks like signal desktop

      more of the screenshots arnt cropped, they do have disappearing message timers, but they are using signal desktop, which doesn’t do local encryption. So those disappearing messages are still on disk floating around…

      (Signal desktop AFAIK has a terrible security posture, not secure at all)

      • essteeyou@lemmy.world
        link
        fedilink
        arrow-up
        9
        ·
        1 year ago

        Signal desktop doesn’t even have a PIN to unlock it. IIRC the reason was that if someone is already on your machine then you’re screwed.

        I just want it to stop someone like my son, who may have access to my computer legitimately, from seeing some of the NSFW messages me and my friends send each other.

        • RaoulDook@lemmy.world
          link
          fedilink
          English
          arrow-up
          11
          ·
          1 year ago

          Just make a separate user acct for the kid. That way your stuff is separate and you can also implement parental controls if needed.

          • essteeyou@lemmy.world
            link
            fedilink
            arrow-up
            6
            ·
            1 year ago

            Yeah, we have separate profiles, but sometimes I just let him use some software on mine, like a game, or whatever, and then I go and do something else. The use-case is there, along with encrypted messages, but people say things like what you said because they don’t personally have that use-case.

            I’d look at implementing it myself, but they wouldn’t merge it, and I’m not going to maintain a fork indefinitely.

            • jet@hackertalks.com
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              1 year ago

              For your use case, running a VM on your desktop should be sufficient. The VM could have disc encryption. So when you’re letting somebody else use your terminal, they can’t access your interesting messages.

              Hyper-V has this built in I believe, QEMU does it as well, UTM on Mac OS makes it pretty easy. But there’s a thousand different ways to skin this cat

              • essteeyou@lemmy.world
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                Most sensible way in my opinion would be for the Signal app to have a PIN and encryption on desktop, just like it already does on the mobile apps.

      • ikiru
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Is there a way to clear messages from the disk other than by deleting the Signal Desktop app itself or is that sufficient?

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          1 year ago

          Not really. Once data is written to disk it’s more or less there forever. At least from a risk perspective.

          If your disc is encrypted, you can change the disc encryption key, throw away the old key, then it doesn’t matter that the data is there you no longer have the key so the date is lost.

          Most people use full disc encryption, and they’re unlikely to want to throw away all of their data just for signal.

          Unless you’re using a container to run signal, or a virtual machine, or qubes : with disc encryption, then anything signal writes to the hard disk is more or less there forever from a risk perspective.

  • sadreality@kbin.social
    link
    fedilink
    arrow-up
    23
    ·
    1 year ago

    Encryption can’t protect you from the counterparty dumping the chat log to the feds for “protection”

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    This is the best summary I could come up with:


    Sam Bankman-Fried and other members of the inner circle of the collapsed cryptocurrency exchange FTX allegedly formed a chat group on the encrypted platform Signal under the name “Wirefraud”.

    The Australian Financial Review reported that the Wirefraud chat group was used to send end-to-end encrypted information about FTX and its hedge fund, Alameda Research, in the run-up to the implosion of the exchange.

    According to the newspaper, members of the secret group included Bankman-Fried, his FTX partners Zixiao “Gary” Wang and Nishad Singh, and the CEO of Alameda Research Caroline Ellison.

    The reported existence of a “Wirefraud” chat group among top FTX operatives was revealed just a day before Bankman-Fried had been scheduled to testify before the US House financial services committee.

    Ray has taken over as CEO of FTX in order to steer the firm through bankruptcy as well as the multiple criminal and other investigations it is now facing from law enforcement and regulators in the US and abroad.

    He added that the job of untangling FTX’s finances was complicated as “we are starting from near-zero in terms of the corporate infrastructure and record-keeping that one would expect to find in a multibillion dollar international business”.


    The original article contains 419 words, the summary contains 198 words. Saved 53%. I’m a bot and I’m open source!