Thursday, 10 August 2017

Amber Rudd breaks the irony meter

The UK Home Secretary, Amber Rudd, is no fan of encryption. She's said that 'real' people don't need  encryption as an argument against secure communications apps such as Whisper System's Private Messaging service Signal, which uses end-to-end (e2e) encryption meaning that not even the operators themselves can intercept their users' messages.

It's ironic, then, that she has fallen victim to a prank which would not have been possible if she - presumably a real person - had used encryption.

The now-notorious email prankster known as Sinon Reborn set up an email address in the name of
Theresa May's communications chief, Robbie Gibb.  Reborn emailed Rudd's parliamentary email address and she replied from a private address.
“I managed to speak to a home secretary with relative ease on her personal email address,” Reborn told the Guardian. “I replied again saying: ‘Don’t you think you should be more aware of cyber security if you are home secretary?’ and I never got a reply from that.”
This ought to be embarrassing for any cabinet member. I'm sure there are numerous guidelines and memos on this, especially as Reborn has pulled the same trick on other high profile figures:
The same hoaxer has tricked the son of the US president, Eric Trump, the next US ambassador to Russia, Jon Huntsman Jr, and the former White House communications chief Anthony Scaramucci, sparking an investigation in Washington into cyber-security. He has also duped the governor of the Bank of England, Mark Carney, and Barclays boss Jes Staley by setting up fake email accounts.
It's especially embarrassing for the minister who is supposed to be in charge of cyber-security.

And even more so given her strong anti-encryption stance. If MPs and government staff used encryption, then Rudd could have verified that the email was really from Gibb.
A Home Office source confirmed that the exchange had taken place, but said Rudd does not use her personal email address to discuss government business. “As the email exchange shows, she rapidly established that this was a hoax and had only exchanged pleasantries up to that point.”
That, of course, is not the point. It was still a security breach and a national embarrassment. That it happened to the minister who is supposed to lead us through an age of rising cyber-crime is also terrifying.

No comments:

Post a Comment