[German]Some users are concerned about the security and confidentiality of their data stored into the cloud. Often we heard advice: "Then I encrypt that stuf, and I'm sure that no one can read my data'. During the last days, two 'disturbing' pieces of a puzzle have just come to my attention, that put a bad light to the encryption approach. So I like to get an overview about your experiences.
A short review
The cloud is broadly propagated and widely used. However, cloud also means that data is theoretically accessible to everyone if it is unprotected in the cloud. Time to do something to protect your data? Let's see what comes to my mind in an ad hoc way.
Idea 1: Protect cloud content from misconfiguration
It really comes in handy when an Elasticsearch server, an AWS S3 bucket or a database in the cloud is open and accessible via the Internet without password protection. Such misconfigurations happen again and again and in my opinion can never be prevented. In the private area there are the cases where shares of online storage can be used by third parties (share link posted by mistake, etc.). Here, an encryption of the data could help.
Idea 2: Protect cloud content from content scans
The second problem is the confidentiality of the files that people upload to the cloud. Keyword is 'content scan' of all files by providers, their service providers or third parties. There is the popular bon mot that US companies have been given the task of scanning the contents of online storage devices for documents containing trade secrets and then making the information available to the US companies concerned via intelligence agencies.
And there is the scanning of the files like pictures for illegal content. I just had two posts about Microsoft's account suspensions and the OneDrive 'nude' photos and the When the degoo bot closes your lifelong account … here in the blog. You could counter with encryption, to prevent third party users from accessing the content of your files.
Encryption of files in the cloud
Away from the idea that the encryptions can possibly be cracked by secret services via specifically introduced weak points, there is another practical issue. A user could prevent the cloud providers – at least for private files – to sneak into your files, when these files are encrypted.
OneDrive: Encrypted files quoted as ransomware
IThe other day I came across the forum post OneDrive recognizes the crypted files as RansomWare with new Vault7 in the Cryptomator community.
Cryptomator is a free software for cloud-optimized encrypted file storage. These files can then be synchronized with a cloud provider like Dropbox without the provider being able to read the data in plain text.
A Cryptomator user describes his experiences with OneDrive and encrypted files in the forum.
I've been doing some tests with the new Vault7 version and uploaded lots of files to Microsoft OneDrive. I constantly get automated mails from them that the files I've uploaded are possibly due to RansomWare as they look encrypted. Here's the mail text in German though:
I've translated the German notification as:
Signs of ransomware detected.
Office365 has industry-leading data protection technology that watches out for cyber attacks on your files. Your OneDrive account has recently begun showing signs of suspicious activity. We have found 133 files that appear to be affected by a ransomware attack.
Ransomware is a type of malicious software designed to block access to your files until you pay money.
Visit OneDrive.com within 30 days of the attack to:
- Review suspicious files and confirm that they have been compromised
- remove ransomware from your devices
- Restore your files to OneDrive
You can only recover your files on OneDrive for 30 days from the time they are compromised. If you do not recover the compromised files within 30 days of the ransomware attack, they cannot be recovered.
The files encrypted by Boxcryptor on OneDrive are classified as ransomware when uploaded and deleted after 30 days. It's a bug or just a feature? Maybe a filter that is set to 'If x encrypted files are found, trigger an alert and quarantine'. It shows the risk, to store encrypted files within a cloud.
Does Google not like anything encrypted?
I haven't verified it – but add a second piece of information here in the blog. On my article Wenn der Degoo Bot dein Benutzerkonto schließt … in my German blog there was the advice to 'use encrypted files for the cloud'. One reader responded with the following comment:
Quote, "For future reference, always remember this tip: If you "must" use the cloud of a provider, then upload only encrypted files or folders.
If that is allowed. A few years ago I tried to send an encrypted 7Z archive with confidential data to someone's GMail account. The Gmailer Daemon reported that the email wasn't delivered because it wasn't possible to open the attached file and scan it for malware. So much for privacy on Google. Of course, this is only to protect the customer.
Are all just information fragments and it can be individual cases or bugs. Therefore I will post it here and ask for your experiences in general.
Cookies helps to fund this blog: Cookie settings