Encryption and blackmailing

Just read something quite interesting here.

Apparently, all the research put into mathematical algorithms is a double edged sword. Encryption can be used to deny the rightful owner access to his data. Fortunately, the attacker in this case made a mistake resulting in a 128 bit key that was easily brute forced. If he had used an actual 1024 bit key, it would have been impossible to recover the data.

Encryption seems to be the perfect tool for such an application. The alternative would be to upload all the data onto a server the attacker controls and wiping it off the disk. However such an operation would likely raise a couple of red flags especially in corporate environments due to the high volume of network traffic. In addition, the attacker would also need to provision for a server which increases costs and might give him away. In place encryption allows him to render the data useless to the owner and the only actual signs would be an increase in CPU usage. If implemented properly, the victim might not even realise until it is too late. Demanding payment in through bitcoins also helps preserve his anonymity.

Quite a novel application for encryption indeed.