Hackers Are Stealing Encrypted Data For Quantum Computing To Decrypt Later

There is solid evidence that cybercriminals are stealing encrypted data that they hope to decrypt when quantum computing breaks cryptography, thus enabling the mass decryption of years of stolen information. Zac Amos, reporting in VentureBeat, calls it the “harvest now, decrypt later” strategy. 

Companies may be unaware that their data has been stolen until the attackers use quantum computing to decrypt it. The theft will be revealed when there is a sudden surge in account takeovers, identity theft, cyberattacks, and phishing attempts. 

Data, aka “plaintext,” is encrypted by turning it into a string of random, undecipherable code called “ciphertext.” The mathematical formulas for this are technically impossible to decode without a decryption key or access to a quantum computer.

It is estimated that encryption that would take a standard computer 300 trillion years to decrypt could be cracked in seconds with a quantum computer using technology that involves “qubits.” 

Only well-funded research institutions and government labs can afford it now, but quantum computing technology could become accessible within a decade. For cybercriminals, it’s a simple matter of delayed gratification.

Here are some steps the article suggests businesses can take to prepare for hackers stealing encrypted data:

• CISA and NIST will soon release post-quantum cryptographic standards, leveraging techniques to make ciphers that quantum computers cannot crack. These standards should be adopted as soon as they are available. 
• Quantum-safe private networks that prevent exfiltration and eavesdropping are said to be in the testing phase. They should also be adopted as they become available.
• IT and legal departments should decide what information bad actors have or may have stolen will still be relevant when it is decrypted. Consider the worst-case scenario to understand the risk level and promptly transfer sensitive data to a heavily guarded, constantly monitored local network not connected to the Internet.