How to encrypt your cloud service using CryptSync

Let me ask you a question: How many cloud services are you currently using?

If you’re like most people you probably have files disseminated across multiple cloud providers.

Perhaps you stash your family photos with Dropbox, your work documents reside on Microsoft OneDrive (formerly SkyDrive) and your music sings on Google Drive.

Since access is password protected and none of your co-workers have complained about any data breaches lately you’ve sagaciously deduced that your data is pretty safe.

But is it?

If Dropbox was ever arraigned and tried in a United States court, it could be forced to surrender its customers private data.

Yes, it’s true that your stuff is locked with a password but the private key guarding your data still resides on the cloud  providers servers.  In other words, the cloud provider still has a means of viewing your data.

Steve Santorelli, manager of internet security research firm Team Cymru, summed it up nicely to Business News Daily:

[Y]ou are abrogating responsibility for your data.  Someone else has access to it and someone else is responsible for keeping it safe

Most people don’t realize it but whenever you sync your desktop or smartphone with the cloud you are transferring trust to a group of people who:

  • Don’t always have your best interests in mind
  • You’ve never met
  • You don’t know where they live (where are those servers anyway?)

Furthermore, since there’s no official cloud standard for security the cloud is effectually like the wild west.  Each cloud provider has the liberty to espouse its own standard of “safety” and since different providers have different goals the possibilities are endless.

The problem is exasperated by the the fact that data breaches are becoming ascendant and so are the lawsuits.

For example, how can anyone forget the catastrophic breach at Target, in December of 2013, where about 70 million individuals were affected by a credit card breach?

Furthermore, in August of that year, the Syrian Electronic Army debilitated the New York Times website and just five months earlier, 50 million Evernote users were forced to change their passwords because of suspicious activity on the Evernote network.

But that’s not all – as you know, hackers never balk at tackling the big guys.

I could go on and on and adduce examples from 2012 when 6.5 million Linkedin passwords were stolen and posted on an underground website.  Or I could cite the abysmal TJX breach that exposed 45.7 million customers credit cards to the avaricious eyes of 11 heartless hackers.

Data providers can bandy excuses back and forth all day but you – as the consumer – can take some very simple steps to secure your digital assets.

Given the preponderance of data breaches these days, encrypting your files is simply the prudent thing to do.

In this article I felt it on my heart to equip you with a tool that will give you an edge up on the bad guys.

But first a little bit about the threats we’re facing…

The unholy trinity of threats

There are several threat agents in cloud computing that put your data at risk.  The list is long but the top offenders are:

  • Data Loss
  • Account Hijacking
  • Data Breaches

Data loss can result from a barrage of concerted attacks or from natural disasters such as floods or earthquakes.  And although, statistically, data loss is a corollary of hardware failure rather than natural disasters, cloud providers absolutely need to manage customer backups.  But managing them isn’t enough: the backups not only need to exist but need to be recent and offsite.

Backups are critical – Pixar found that out a few years ago.

Toy Story 2 almost never came into fruition because someone accidentally expunged the drive where the production elements were kept.  You should watch the 3 minute explanation about what almost happened to Toy Story 2 but my point is that data loss is a real problem.  Sometimes it happens by accident and other times it’s intentional but don’t think that just because your files are backed up to the cloud that you’re in the clear.

Account Hijacking happens when someone steals your username and password.  Usually the attacker impersonates someone you trust and then, through an unhealthy mix of guile and chicanery, gets you to give up the goods.

As far as Data Breaches go, I touched on them in the first segment so I won’t belabor the point.  The main thing I want to leave you with before I show you how to encrypt your cloud is that you should never trust that your stuff is safe on a server that isn’t your own.

It is imperative that you encrypt your data so that even if some bilious bad-guy breaks into your cloud providers networks all he’ll see are gigabytes of unintelligible garbage.

The crux of CryptSync

Let me show you the joy of encryption.  CryptSync is a blessing.

It has one purpose in life:

To make your personal files virtually impervious to prying eyes.  

It does this by copying files from an ordinary non-encrypted folder to a special encrypted folder in your cloud drive.  If you change files in either folder the tool deftly propagates the update so both folders match.

One serendipitous side effect of using CryptSync is that it uses 7-Zip to encrypt your files so it actually compresses the files; consequently, allowing you to store more in the cloud.

Neat.

Alright enough of my yapping; let’s get going here:

First yank the installer from Sourceforge

Open the executable and zip through the setup wizard.

Install CryptSync

The last time I checked, I didn’t see any smuggleware furtively placed in the installation wizard so you can blindly (and blythly) click through to the end.

The install completed in less time than it takes a lightning bolt to zap the earth;  I was shocked.

Okay, enough of the punny jokes…

When CryptSync opens, put a check in the Start with Windows box near the bottom left of the window and then click the New Pair… button on the opposite side.

We’re going to create the original and encrypted folder pairs so CryptSync can flex its brawn.

CryptSync New Pair

Now here’s the fun part:

Pick the folder where your normal, unencrypted files are stored then browse to the Google Drive, OneDrive or Dropbox folder where you want the encrypted copies to live.

Enter a formidable password then click OK.

CryptSync Sync Pair

Incidentally, for the truly paranoid, you can put a check in Encrypt filenames which means that even if someone guessed your cloud password and logged in they wouldn’t know what kind of files are in the folder (images, spreadsheets, docs, textfiles, logs, who knows?) because the file name lookes like this: d4edie9490d9s90asdk2lk3k23l43k.cryptsync.

Yeah, this will really bristle the bad-guys.  Can you imagine breaking into someone’s cloud account and then seeing a bunch of garbage files with esoteric names that are completely unreadable?

CryptSync Encrypted File Names

I love it.

Look what happened when I grabbed a random CryptSync file and attempted to read it in SublimeText:

Good luck trying to figure that out…

Trying to read an encrypted CryptSync file

This is the obvious advantage of CryptSync.

The only thing I don’t know for sure is the encryption algorithm and bit strength being used to obfuscate the data.  Is it AES 256bit encryption or something weaker such as DES?

If anyone knows please share in the comments.

Anyway…

CryptSync run in the background

Now you can either initiate the sync by clicking Sync files and exit or click Run in the background to force CryptSync to silently monitor the folder pairs and immediately sync any changes.

The neat thing is that you can keep adding new pairs, so in theory, you could actually encrypt all your cloud providers client-side.

The only disadvantage I’ve been able to discover is that having both an original folder and encryption folder can slurp up drive storage; however, that storage was already allocated to your unencrypted files any way so I don’t know if this is a substantive issue.

The Bottom Line

I began this article by asking you how many cloud services you use and then I adduced multiple examples of data breaches.  I did this to convince you why it’s so important to encrypt your files.  I finished by showing you how easy it is to setup CryptSync to scramble your files.

I hope this has been edifying and more importantly I hope I’ve moved you toward getting serious about securing your cloud files.

The convenience of the cloud exposes us to a new mix of threats that were utterly inconceivable 15 years ago.

I exhort you to start encrypting today so that when the inevitable happens and your hapless friends loss all their data, you can with great equanimity- recline in you chair, smile and say, “My stuff is safe; It’s encrypted”

Please share your thoughts in the comments.

About

Connect with Vonnie on Twitter

Posted in Windows, Windows 7, Windows 8, Windows 8.1 Tagged with: , ,
  • Pingback: How to sync files without ever storing your stuff in the Cloud | fixedByVonnie()

  • Ed Force

    What if I don’t want to encrypt the whole folder, just the files that I’m sending to the cloud?

  • I periodically check stability and reliability of this tool. Theorically is a killer application, but if you read official forum you see there are still flows.

    @vonnie If you open a CryptSync file with 7-Zip it reports “Method: LZMA 7zAES”.

  • disqus_FQgrm4l56P

    The only problem with this is that it takes up twice as much space by keeping an encrypted copy and an encrypted copy. I prefer to use a tool that will just open and decrypt on the fly so I don’t need to keep duplicate data on the same computer, especially if you have a large cloud drive.

  • disqus_FQgrm4l56P

    The only problem with this is that it takes up twice as much space by keeping an encrypted copy and an encrypted copy. I prefer to use a tool that will just open and decrypt on the fly so I don’t need to keep duplicate data on the same computer, especially if you have a large cloud drive.