MEGA secure upload service gets its Chrome extension hacked | Cyber Security

0
Want create site? Find Free WordPress Themes and plugins.

Remember – or, more precisely, Megaupload as it once was?

Sure you do!


It was a New Zealand cloud storage business masterminded by Kim Dotcom, a larger-than-life digital-era entrepreneur (Dotcom is literally as well as figuratively big, standing more than 2m tall).

Megaupload is no more, having ended up embroiled in piracy allegations that led to a controversial raid on Dotcom’s home, Dotcom’s high-profile arrest, and the demise of the company.

Dotcom himself is still in New Zealand, where he’s been fighting extradition to the US for the past six years.

As far as we know, three Kiwi courts have already pronounced that his extradition can go ahead, so Dotcom is down to his final legal appeal now, assuming he can persuade the Supreme Court to hear his case.

After the bust

After the bust, the Megaupload noisily reinvented itself, minus the controversial word “”, as the capital-lettered MEGA, bullishly and very pointedly launching on the anniversary of Dotcom’s arrest.

MEGA took the approach that by doing all its cryptography right in your browser, instead of relying on encrypted sessions terminating at the company’s servers, it wouldn’t know and would never be able to tell what you had uploaded.

The only person who would ever have copies of the cryptographic keys used for scrambling and unscrambling your files would be you – just as if you encrypted them offline on a USB drive and then uploaded a sector-level disk image of the already-encrypted data.

The new-look MEGA service announced itself as truly cloud storage and argued that it could never again be accused of knowingly contributing to copyright infringement.

Similarly, there would be no point in any law enforcement agency appealing to MEGA to decrypt customer data, with or without a warrant.

The company simply couldn’t comply with any such request in the first place, so it could never be accused of refusing to comply.

If this sounds familiar in 2018, it’s because true end-to-end encryption has become mainstream since Mega’s launch in 2013, and is now implemented in many of today’s mobile and web-based products, notably messaging apps and password managers.

As for Kim Dotcom, well, he fell out with Mega in 2015, claiming that he no longer trusted the site for a variety of rather vague reasons related to Chinese investment, New Zealand government involvement and Hollywood interference.

MEGA, for its part, is sailing along without Dotcom, dubbing itself as “The Privacy Company,” with an enviably simple tagline of user-encrypted cloud services.