Original story

NEW Press Agency - 5.6.2001. Corporate secrets at risk

Hackers find backdoor to InterDict encryption codes

There is a nervous atmosphere amongst the data executives of small and medium-sized companies today, despite the public holiday. They fear the exposure of company secrets that could be vital to the well-being of their employers. The reason for the concern is the news that a group of hackers has intercepted net messages passing through the InterDict online dictation center, and has succeeding in opening a so-called “backdoor” in the encryption algorithms that allows them to convert the coded messages into unciphered readable or audio form. As yet, the hackers have not been traced or identified.

From the companies’ perspective, the most dangerous aspect of the hackers’ mischief is that they have handed on the dismantled algorithms to the press and television stations. If the media decide to go public with the information at their disposal, then commercial secrets contained in the minutes of Board meetings and in sensitive internal documents could easily leak into the public domain. Numerous companies have for this reason abruptly terminated their agreements with InterDict, and have reverted to writing up documents and memorandums in the more traditional fashion.

Interdict, one of the great stock market success stories of the last two years, is the world’s leading online secretarial agency, using its own sophisticated voice recognition and text processing software package to convert the spoken contents of meetings and dictated documents into text form. The material passes between the company and InterDict in encrypted form, and the process of transcribing the data is fully automated, thus preserving secrecy in transmission and at the InterDict end of the system. InterDict completed development of the software in late 1999.

The service works in practice in such a way that the client company uploads coded meeting material to the InterDict computer, which transcribes the material as an official record. The completed minutes of the meeting are then returned almost instantly - again in encrypted form - to the client company, and the InterDict host computer memory is cleared. The returned document can then be signed by the meeting participants immediately, and then transferred for filing in either the company’s own data archives or at InterDict’s own secure facility. The same procedure has also been followed for many of the other routine functions previously given over to the old typing pool or performed laboriously by executives themselves. Not surprisingly, InterDict’s services were welcomed by smaller businesses, and within the space of 18 months the company has built up a clientele of around 24,000 firms spread across the United States. Plans for the launch of European operations were well under way, but it remains to be seen whether this setback will affect Interdict’s future.

InterDict’s key selling-point has been absolute confidentiality. Not even the company’s own staff have been able to gain access to the sensitive material passing through its computers. Each customer has its own encryption algorithm, and thus far the algorithms have been thought to be uncrackable. A spokeswoman from InterDict claimed yesterday that their encryption systems are still 100% safe, and that the recent scandal has arisen out of leaks occurring within the company itself. An internal inquiry is in progress.

According to FBI and CIA comments, the problem is nevertheless a very serious one, since for example the already massive Internet credit card trade and smart cash cards use basically the same algorithm encryption methods as employed by the InterDict software.

Toteuma-arvio 2026

Toteuma lyhyesti

  • Ilmiön toteuma: 4/5
  • Toteuma viiden vuoden tarkkuudella: kyllä; arviointi-ikkuna on 1996–2006
  • Toteuma väljemmällä aikahorisontilla: kyllä, erittäin vahvasti
  • Ilmiön ydin: ulkopuolinen verkkopalvelu käsittelee yrityksen luottamuksellista aineistoa ja sen tietoturva-aukko voi paljastaa koko asiakaskunnan tiedot.

Pilvipalveluihin, puheentunnistukseen ja muihin alihankittuihin tietojärjestelmiin liittyvät toimitusketju- ja tietovuotoriskit ovat toteutuneet toistuvasti. Kuvattu yksi salauksen takaovi on vain yksi mahdollinen mekanismi.

Johtopäätös: ydin kolmannen osapuolen palveluun keskittyvästä tietoturvariskistä toteutui olennaisilta osin.