It’s no surprise that Mega’s co-founders spar over crime, security

Photo of Megaupload founder Kim Dotcom

Megaupload founder Kim Dotcom
photo: Hannah Peters (Getty Images)

remember Mega, encrypted cloud storage company? Do not? Well, maybe you remember its predecessor, super uploadthe file hosting provider accused of acting as a safe haven for pirated licenses in the mid-2000s shutters by the authorities. Before the shutdown, Megaupload was considered the go-to site for those who wanted to flout intellectual property laws, until the FBI took it down in a regulatory retaliation. After Googling the full “Breaking Bad” episode, you might be able to get to the site with just a few clicks.

2013, after Megaupload bite the dustoriginal founder Kim Dotcom (real name Kim Schmitz) and former executives Bram van der Kolk, Mathias Ortmann and Finn Batato, created a new company from the ashes of an old company, Start “Super”. internet finally bow But for the better part of a decade, Mega has persevered, promising users a safe and inexpensive way to store and protect their files.

But this week has been tough for the Mega.Not only Van der Kolk and Altman plead guilty Crimes linked to its predecessor site have sparked Dotcom’s ire, but researchers have found evidence of a security breach in the company’s infrastructure that could allow decrypt user data. Mega has long promised its users that their data is protected end-to-end encryption– This means it should be hidden from everyone except the user. But that’s not the case, as the company admitted in a blog post about patching the vulnerability.

Dotcom, which has been similarly charged but maintains its innocence, wrote of his former business partner: “Mathias Ortmann and Bram Van der Kolk stole the Mega from me for a convicted Chinese criminal Benefit…some extradition case that just got rid of the US with the US and New Zealand governments by falsely accusing me. Delete your super account. It’s not safe.”

Two Megaupload founders plead guilty

Legal action against Mega’s chief system architects Bram van der Kolk and Mathias Ortmann, list As its co-founders, stemming from their time at platform authority Megaupload accuse used to promote large-scale, illegal Distribute copyrighted material. Immediately after the company’s collapse in 2012, van der Kolk, Ortmann, Dotcom and Batato were involved in legal disputes over their alleged role in the site’s inappropriate activities.US and New Zealand authorities (including they were arrested) accused the defunct site of being a piracy hub and that the site’s operators knew very well how their products were being used. All four have been part of ongoing court cases over the past decade and have faced the threat of extradition to the United States, where federal officials have said they hope to prosecute them in U.S. courts.

Extradition proceedings are fall Against Barto last year, he died of cancer earlier this month. Meanwhile, Altman and van der Kolk, plead guilty They were charged in New Zealand on Tuesday to avoid extradition.Two people plead guilty Was part of an “organized criminal group” that profited illegally from copyrighted material. They each face up to 10 years in prison.Meanwhile, Dotcom has maintained his innocence and it is unclear whether he will be extradited to the US

in an interview thingvan der Kolk says he’s excited about what the future can accomplish at Mega: “We put an incredible amount of effort into the Mega and we feel strongly that our recovery process started a long time ago. What we’ve built for us Very proud and we are very much looking forward to continuing to build as we still have a lot of work to do.”

Asked for comment on Wednesday, a spokesperson for Mega noted that this particular court case has been going on for a long time:

The charges against Mathias Ortmann and Bram van der Kolk relate to activities 10 to 20 years ago, when the Internet was still in its early stages. Many other companies have taken similar action, including YouTube and Rapidshare, but have not faced the same harsh criminal charges.

Meanwhile, Dotcom hasn’t been involved in Mega for several years. We reached out to Dotcom for comment and will update this story if he responds.

Decryption is possible, researchers say

Legal news aside, Mega gained notoriety this week for revealing new security concerns. The company has long claimed it protects user data with end-to-end encryption.The company in a blog post Write: “As long as you make sure your password is strong and unique enough, no one will be able to access your data on MEGA. Even in the highly unlikely event, MEGA’s entire infrastructure is confiscated!”

But there are problems with those promises, say researchers at the University of Zurich, who published a study at the company earlier this week. In fact, there are many situations in which user data can be decrypted.

The researchers said that someone with access to the company’s back-end infrastructure could crack the Mega’s encryption. In other words, the company itself — or someone with access to its internal tools — has the ability to decrypt user data under certain circumstances. The researchers say there are a number of fundamental problems with the cryptography that Mega uses to protect data that allows it to be decrypted.To see the full scope of these security issues, you can go to the researchers’ website.

On Tuesday, Mega finally admitted that security was a problem and released a statement Confirm that security updates have been released to fix related vulnerabilities:

“Today, MEGA released a software update that fixes a critical vulnerability reported by researchers at ETH Zurich in Switzerland, one of Europe’s leading universities. Further updates to address less severe identified issues will follow in the near future. MEGA does not Are aware of any user accounts affected by these vulnerabilities.”

When Gizmodo reached out to the company for comment, the company further sought to downplay the seriousness of the security risk. Most of the security issues have been patched, and others will be “fixed with client updates in the coming days,” a spokesperson said. He added:

Note that the most significant findings required the client to log in more than 512 times while being observed by a malicious attacker. Of our 250 million registered users, only a fraction exceeded the number of logins.

While this does seem to narrow down the pool of potentially affected users, it’s still not a great option for a company that promises to keep your data hidden.

Source link