A widely used method of computer encryption has a little-noticed problem that could allow confidential data stored by almost all Fortune 500 companies and everything stored on U.S. government classified computers to be “fairly easily” stolen or destroyed.
The warning comes from the inventor of the encryption method, known as Secure Shell or SSH.
“In the worst-case scenario, most of the data on the servers of every company in the developed world gets wiped out,” Tatu Ylonen, chief executive officer of SSH Communications Security Corp., told The Washington Times.
“It would take days, perhaps only hours,” to write such a virus, he said.
What’s more, the same security vulnerabilities plague the U.S. government’s classified networks, say the contractors who build them.
“I would venture to say that there is a very similar situation [in classified networks] to the one in the commercial space,” said Don Fergus, a senior vice president at Patriot Technologies Inc., an information technology and security firm in Frederick, Md.
Mr. Ylonen said encryption methods’ vulnerabilities prevent companies from honestly passing an audit for compliance with U.S. cybersecurity standards for government or the private sector.
He said that all of the “major audit protocols” for federal financial regulations and cybersecurity require that network managers know who can access their systems.
About “90 percent of U.S. companies are out of compliance with regulations governing financial institutions because of this issue,” Mr. Ylonen said.
A key problem
SSH scrambles data so it can be unlocked and understood only with the use of a special code — a string of numbers and letters about five lines long called a key.
When computers need to communicate with each other securely over the Internet or other networks, for instance from one bank office to another, SSH creates a key that scrambles and unscrambles the data.View Entire Story
© Copyright 2013 The Washington Times, LLC. Click here for reprint permission.
Shaun Waterman is an award-winning reporter for The Washington Times, covering foreign affairs, defense and cybersecurity. He was a senior editor and correspondent for United Press International for nearly a decade, and has covered the Department of Homeland Security since 2003. His reporting on the Sept. 11 Commission and the tortuous process by which some of its recommendations finally became ...
'Your papers, please' must never be heard in America
Independent voices from the TWT Communities
Contributions to the Communities Sports desk from readers.
Empowering mind/body/spirit and health dialogue along with cutting-edge, conscious social, political, and world commentary with Adam Omkara. Join the Evolution!
Born in 1930 in rural Missouri, Charles Vandegriffe, Sr., brings his time and place to the Communities.
Join the Communities and submit your column in response to one written, or on something totally new and unique. We want to hear from you
Benghazi: The anatomy of a scandal
Vietnam Memorial adds four names
Cinco de Mayo on the Mall