Lazarus: Data Leakage with PGP and Resurrection of the Revoked User
Keywords:Data Leakage, Privacy, Data Loss, Drive Encryption, Encryption, PGP, Symantec, NASA
The cybersecurity is the issue on the international agenda. The abuse of communication and faulty software is a common practice that brings the decade of 70. Invariably technology is the great protagonist of data leakage and loss of privacy. However, issues related to cybersecurity are founded on sociotechnical approach: technology, people, processes and environment, which interact indistinctly in a sensitive relationship. In this intricate sociotechnical environment of cybersecurity, this paper discloses a flaw in Symantec Encryption Desktop (SED), which can allow the leakage of sensitive information from governments, military and research centers around the world. In this context, as an example, the National Aeronautics and Space Administration (NASA) uses the Symantec Pretty Good Privacy (PGP) Encryption Desktop (SED). The Technology is not the main culprit for data leakage. Sometimes, the users are influenced by sophisticated marketing campaigns, which reaffirms the quality of products and services. In practice, this work is focused in the design errors and past vulnerabilities which are still present in recent technological solutions and allow data leakage and loss of privacy in a general way.
CISCO. (2008). Data Leakage Worldwide: Common Risks and Mistakes Employees Make. Available at: Data Loss Prevention: http://www. cisco.com/c/en/us/solutions/collateral/enterprise-networks/data-loss-pre vention/white_paper_c11-499060.html (Retrieved: February 24, 2014).
Corbin, K. (2016). Cybersecurity much more than a compliance exercise. Available at CIO: http://www.cio.com/article/3025452/cyber-attacks-espionage/cybersecurity-much-more-than-a-compliance-exercise.html (Retrieved February 24).
Denning, D. E. (1987). “An Intrusion-Detection Model,” in IEEE (Ed.) IEEE Transactions on Software Engineering – Special Issue on Computer, Vol. 13, (Piscataway, NJ, USA: IEEE Press), 222–232. doi:10.1109/TSE.1987.232894
Ellacott, J. (2014). Leading Email Encryption Vendors Respond to Heartbleed Bug Threat. (Infiniti Research Limited). Available at: TechNavio: http://www.technavio.com/report/global-email-encryption-market-2014-2018 (Retrieved February 22, 2015).
Filatovs, A. (2014). Data Security Solutions. Available at: Slide Share: http://pt.slideshare.net/AndSor/dss-symantec-pgp-encryption-fortress-2014-arrowecs-roadshow-baltics (Retrieved February 25, 2015).
Greenberg, A. (2010). Symantec Acquires Encryption Provider PGP For $300 Million. (Forbes) Retrieved February 24, 2015, from Forbes Magazine: http://www.forbes.com/sites/firewall/2010/04/29/symantec-acquires-encryption-provider-pgp-for-300-million/
NASA. (2012). NASA Data At Rest (DAR) Symantec Pretty Good Privacy (PGP) Desktop Encryption. (NASA). Available at: NASA SHARED SERVICES CENTER: https://answers.nssc.nasa.gov/app/answers/detail/a_id/6235/∼/nasa-data-at-rest-%28dar%29-symantec-pretty-good-privacy-%28pgp%29-desktop-encryption (Retrieved April 24, 2015).
Ruiz, R., Amatte, F. P., and Park, K. J. (2014). Security Issue on Cloned TrueCrypt Containers and Backup Headers. Kuala Lumpur, Malaysia: SDIWC. Available at: https://www.researchgate.net/publication/271498536
Symantec Corporation. (2014). Symantec Endpoint Encryption – Protect Your Data. (Google Inc.) Available at: You Tube: https://www.youtube.com/watch?v=NtGSX3pYkLQ (Retrieved February 24, 2015).
Symantec Corporation. (2015). How Endpoint Encryption Works. Available at: from Symantec Enterprise: http://www.symantec.com/content/en/us/enterprise/white_papers/how-endpoint-encryption-works_WP_21275920.pdf (Retrieved February 24, 2015).
The New York Times. (2005). Nytimes. Available at: http://www.nytimes.com/2005/05/10/technology/internet-attack-called-broad-and-long-lasting-by-investigators.html?_r=0 (Retrieved 01 05, 2016).
Winter, R., and Ruiz, R. (2015). Luke 8:17 – Errors that Compromise the Privacy and Information Security. Def.camp. Bucharest.
Winter, R., and Ruiz, R. (2016). Corrosive secrecy and confidence: the paradox among bypassing cryptographic software, loss of privacy and information security. Cyber Secur. Rev. 66–74.