Spanish
Madrid .- ‘Steal now to decrypt later’; is the new tactic that cybercriminals are already using, who would be stealing and ‘freezing’ large volumes of data that are encrypted and inaccessible, but that they do hope to be able to unravel in the future thanks to the development of new technologies, including quantum computing.
Cybersecurity companies have warned of the real risks of this tactic ('store now, decrypt later') and some experts have stated that before the year 2030, sufficient technological capacity could be reached to break the mathematical and cryptographic algorithms that currently protect communications, financial transactions, or numerous databases.
A tactic already used by states and espionage groups
It's not a fictional scenario, but a real one that has already been documented, according to experts consulted by EFE, who have observed that the cycles of technological renewal in many companies and critical infrastructures are relatively slow - between 6 and 10 years - which means that some of current security technologies will still be operational when quantum computing becomes a reality. The key idea: "it is not enough to protect data against current threats, but against future capabilities, even if those capabilities are not yet commercially available," said Alejandro Rebolledo, a solutions consultant engineer at the multinational NetApp -specialized in the storage and protection of large data volumes- for Spain and Portugal. In statements to EFE, Rebolledo has assured that there is already evidence that some actors, especially states and espionage groups, are employing this tactic and that they are capturing and "kidnapping" large volumes of data and communications encrypted with classical algorithms to decrypt the information when quantum computing reaches a certain level of maturity. Many data points are very ephemeral and lack long-term value, but in some sectors - such as defense, health, finance, or industrial property - they do maintain their strategic value for decades, this expert has assured, and in that sense, he has referred to design plans, formulas, market strategies, contracts, or production information, which attackers can "freeze" today to use in the future.A Retrospective Threat
In the same vein, Ángel Serrano, head of Technical Solutions for Iberia at the American multinational Palo Alto -specializing in cybersecurity-, has stated that "the quantum threat is already here" and poses a "retroactive" threat, and has warned that the security breaches that will allow criminals to decipher that information "are happening now". «It's as if an adversary were robbing all the closed safes today, knowing that they will soon have a master key to open them,» Serrano pointed out to EFE, and noted that some companies have pointed to 2029 as the moment when conventional cryptography could begin to be insecure and the moment when hostile nation-states could militarize quantum technology.The intelligence unit data from this company reveals that the average time to infiltrate and steal data has been reduced to just 25 minutes and attacks now last only 72 minutes from initial access to extraction, which means they are four times faster than last year; "at that speed, attackers do not distinguish between encrypted and unencrypted data".
The two experts have framed in this tactic ('steal now to decipher tomorrow') some of the attacks and massive data theft that have occurred in recent years but have not had an immediate impact despite the significant media coverage, convinced that the 'bad guys' already have frozen huge amounts of encrypted data waiting to have the technology that will allow them to access it.
