Cleartext Is Dead

clearOn Friday the Washington Post published a nice writeup covering how US defense contractor CloudShield worked with the Gamma Group in the UK to create tools that could easily plant spyware on adversary computers. Victims just needed to view a regular website over HTTP and the tools could inject one of 250 Trojans into the target computer.

Of course the big take-away in defeating such attacks is to always use an encrypted channel. Yeah, it could be circumvented for a targeted attack but enabling encryption by default is our best defense overall. The general theme here as noted in the article is that “cleartext is just dead.”


CloudShield Technologies, a California defense contractor, dispatched a senior engineer to Munich in the early fall of 2009. His instructions were unusually opaque.

As he boarded the flight, the engineer told confidants later, he knew only that he should visit a German national who awaited him with an off-the-books assignment. There would be no written contract, and on no account was the engineer to send reports back to CloudShield headquarters.

His contact, Martin J. Muench, turned out to be a former developer of computer security tools who had long since turned to the darkest side of their profession. Gamma Group, the British conglomerate for which Muench was a managing director, built and sold systems to break into computers, seize control clandestinely, and then copy files, listen to Skype calls, record every keystroke and switch on Web cameras and microphones at will.

Continued here.


Today’s post pic is from

6 comments for “Cleartext Is Dead

  1. August 18, 2014 at 3:38 am

    Cleartext Is Dead

  2. August 18, 2014 at 4:06 am

    BLOGGED: Cleartext Is Dead

  3. August 18, 2014 at 4:21 am

    Cleartext Is Dead

  4. August 18, 2014 at 1:02 pm

    Cleartext Is Dead – see our post for more info #infosec

  5. August 18, 2014 at 5:00 pm

    Cleartext Is Dead – see our post for more info #infosec

  6. August 19, 2014 at 1:01 pm

    Cleartext Is Dead – see our post for more info #infosec

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.