Slashdot Mirror
Microsoft Helps Police Crack Your Computer
IGnatius T Foobar writes "Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that "may have been used in crimes." It basically bypasses all of the Windows security (decrypting passwords, etc.) in order to eliminate all that pesky privacy when the police have physical access to your computer. Just one more reason not to run Windows on your computer."
I sure don't want investigators to find my child pornography!
I guess I'll have to go with Ubuntu, although it's probably expensive, and I haven't worked out the illegality of those torrents people are posting.
Seems to me that if all you need to do to get full access to anyones computer (anyone running Windows that is) is a Microsoft made device; that is a serious security flaw.
The Long Now Foundation
Like we are surprised-
Reverse engineering and (more) malicious usage in 3... 2... 1.
They're already selling these online. Just check the box next to "I certify I'm a cop. Seriously, I am." and it's all yours for $19.95.
Cue the "if you have nothing to hide..." responses (and possibly some Hans Reiser jokes).
[b.belong('us') for b in bases if b.owner() == 'you']
The summary and article in one word:
FUD
...bypasses all of the Windows security... All of the Windows security - I can't even fathom how complex that device must be, that sure is a lot of security to bypass.How is this different than anybody else cracking a Windows box ;-)
This article poses a question I've always wondered about. Do most criminal investigations of the computer-related nature have experts that are well-versed in multiple operating systems? Seeing as to how this is government, I would guess the answer is "no," and that is partly why we have this... uhh... "benefit" from Microsoft to aid our investigators.
Makes me curious as to what would happen if, for some reason, my computer were seized and the police booted up to an Ubuntu welcome screen... heh...
Proudly supporting the Libertarian Party.
The article is extremely vague, but I don't see where this assertion came from. It sounds like they're distributing USB drives with a collection of cracking and monitoring tools; like what any self-respecting 1337 h4x0r carries around with him. If that's correct, there's no reason to think the same thing couldn't be done for Linux.
What I'm listening to now on Pandora...
All linux boxes come with a depleted uranium case that prevents physical access to the machine.
There's no way this could fall into the hands of someone unsavory. Newp.
Whack a Catgirl: You know you want to!
My PC is going on eBay.
I'll game on a console from now on, and get a laptop that is compatible with Ubuntu.
Finally had enough. Come see us over at https://soylentnews.org/
This sounds like the ultimate exploit. MSFT is hardly going to close these security holes. I wonder when copies of this USB drive (and network-enabled variants of the attacks) will be employed by malware and botnet vendors.
Two wrongs don't make a right, but three lefts do.
So, the sheer fact that there is a device that can do this also means that anybody can do this because the methods are in place for bypassing security. It's only a matter of time before someone spends enough energy to develop a device that can do this (outside of Microsoft).
The implications of a device like this are scary to say the least. Although I'm not a Microsoft hater, this alone is more than enough to make me take a second look at options other than Microsoft Windows.
...it's just one more nail in the coffin of being "allowed" to use OSS. After all, if you have nothing to hide then you have nothing to fear, and only criminals would use OSS that would allow them to evade government snooping.
I'm sure some lobbyist is sitting with a Congressional staffer right now, explaining how requiring Windows on every computer is essential to the War on Terrorism.
You are in a maze of twisty little passages, all alike.
In the past, if I wanted to get information from another Windows machine, all I had to do was stick it in my Windows machine, log in as Administrator on my machine and change the permissions on the old hard drive. Then I could access all of the information, and bypass the Windows security from the other machine. The only thing I couldn't do is access some of the information that is actually stored in data files (such as IE's cache), even though it looks like a regular directory when ran within it's own windows installation. This is not new stuff.
It's going to be called Windows 7, right?
Say hello to my little sig.
But this sounds okay to me. The police won't be using it without a warrant, as then they couldn't use any evidence they found against you in court. At least that's how the courts are supposed to work. If they are already allowed to look through your house for evidence, why not the computer? And if you're a smart criminal, you're not going to trust Windows security. If you're a dumb criminal, you deserve to get busted.
I can see potential for abuse, but police can abuse the handguns, handcuffs, flashlights, etc. they carry as well.
Now, such a device getting away from the police... That could be a problem.
unless the hardware itself is secured and tamper-resistant enough (ie cost of successfull tampering is higher than value of data).
This has always been true.
i wish i had known about this during last months pwn to own contest.
Then i'd be running ubuntu on my cracked and pwned vista machine right now, instead of runnung ubuntu on my purchased and formatted vista machine.
-I only code in BASIC.-
News at 11!
I wonder if some jurisdictions will begin requiring this, in the sense that if someone is using a system that does not support easily bypassing security that will be enough for 'probable grounds'.
It is dangerous to be right when the government is wrong.
Disable Autorun, that way the automated tool can't start. ;)
And if the USB software interacts with the computer while the OS is running, how can that be considered untainted evidence? AFAIK computer forensics rely on having snapshots of the machine with no possible interference from the OS and running programs.
Jonah HEX
Horror & SciFi Erotic Nudes
Anyone can boot from a Knoppix live CD and mount NTFS drives in Linux and poke around. NTFS security is not applied under Linux so you can have a look at anything you want. I don't see how this is a big deal.
The only thing that might be a problem is browsing the registry, but I wonder if wine's regedit can load native Windows registry hives. If so, then all Microsoft has done is taken existing Linux functionality and made it user friendly for the police.
Speaking of which, anyone wanna place bets as to how long it takes for this tool to spread across p2p and torrent sites?
"Where do you want to go today?"
Jail?
that all the "device" does is speed up what the police were already able to do. Sounds like a PR stunt.
I want to be retired when I grow up.
Oh the humanity.. thinking that the police forces of these African countries are more concerned with murder and rape!
Priorities, people!
Ok - in principle I think this is a bad thing but.. We already know that you're guilty until proven innocent now - anything that can speed up the time from accusation to aquital for innocent suspects is a good thing. Also this development will hopefully put the brakes on the UK gov's plans for increasing the time you can be be held without charge to 42 days - their excuse was that it takes a long time to obtain computer evidence. Of course it won't take long for this device to be found on the black market - another reason to move away from Windows, or is the plan to brand anyone who uses a non-windows OS as a possible criminal?
I've had the following tool in my collection for a long time: http://home.eunet.no/pnordahl/ntpasswd/bootdisk.html
It's quite easy, boot up the computer from that disk and you can reset the passwords in a few minutes. Linux-based too for that matter.
FTFA:
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer. It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
Apparently just some tools-on-a-disk. If it can bypass the encrypted file systems and other secure stuff, then there is a problem and the so-called "NSA-key" is not just myth (http://en.wikipedia.org/wiki/NSAKEY).
Custom electronics and digital signage for your business: www.evcircuits.com
I really doubt that it can decrypt your passwords, other than a brute force attack. Maybe the trivial passwords on word 2003 files and the like.
Anything else you can easily do when you have physical access to the computer.
locally stored passwords for websites have been crackable for a while now, and in Windows Server has been disabled by default for this reason.
User login passwords for Windows itself is something else and you can't "just decrypt" them.
Apart from that, it just sounds like MS have provided a bunch of analysis tools.
Is this really news or am I missing something here?
throw new NoSignatureException();
Unless there's a huge public backlash before then, I predict that Customs will roll these out to every major airport within the year.
...who was a computer forensics expert/consultant.
He said that if one is going to use one's computer as an aid to their criminal career, use a Mac. The RCMP and all the rest were completely ignorant when it came to the Mac OS as well as everything else not Windows.
Guaranteed! This comment 100% Anthrax free!
The only thing I use Windows for is to run TurboTax and games. And I'm wondering about the TurboTax even.
But all hope is not lost -- running Windows on a hypervisor would be a bit more secure -- at least you can restart with the same snapshot, eliminating any attempts to embed a rootkit or snooping ware.
But really, with Linux these days, who needs Windows?
Ruby Neural Evolution of Augmenting Topologies
This sounds too scary to be true - and if true, it won't be long for this to be reverse-engineered.
Bypassing passwords/security: that sounds like a built-in back door. Not a security flaw: "this bug is a feature". And those back doors if confirmed to exist will be found soon.
The most unbelievable part is "decrypting passwords". Since when is the actual password stored, instead of a cryptographic hash of it? If decryption were possible, they are using a two-way encryption and a secret key is somewhere hidden in Windows. Every single copy of it. And that I can't believe, really. I call hoax. Still it won't make me use Windows anytime soon.
For local data privacy, I would use TrueCrypt, not Windows EFS. Use Full Disk Encryption on TrueCrypt, and their COFEE thumbdrive won't be of any help.
No unix using a non-encrypted file system is secure if you have physical access to the machine...Why would you assume it's any different with Windows?
I'd just boot knoppix and mount the partition. There, I have access to all the files. That goes for windows AND unix/linux.
If you really depend on the password for anything other than stopping casual or remote access, you're just fooling yourself.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
...a USB drive that boots something like Knoppix with NTFS file system support! ;)....
People have been using that to recover data from broken and otherwise defective Microsoft Windows boxes for a long time now...
Naturally they don't want police to have to carry around Knoppix CDs.
Intron: the portion of DNA which expresses nothing useful.
Since when has physical access to a machine ever been safe for any operating system? Also, it's not like Microsoft programmed in back doors for law enforcement; they are just bundling their version of script kiddie hacks.
"It basically bypasses all of the Windows security (decrypting passwords, etc.) in order to eliminate all that pesky privacy when the police have physical access to your computer."
WOW; that's a really biased summary. Here's what the article actually says:
"The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer."
Between those lines, I do not see what you see...
If I were a CIO, I'd want to make sure that either I could decrypt and analyze all the bits in my enterprise, or that nobody outside my enterprise could.
In other words, if there is a back door and I don't have it, the OS is not welcome in my shop.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Isn't the same old story? If you can't fix it, sell it! Vulnerabilities are now being 'sold' as police investigator tools. What next? Also, if you read the EULA for Vista (Probably applies to XP also) Microsoft can already access any files on any machine remotely, so long as it has an active internet connection. I think it was also determined recently as a part of that there is a special root login that only Microsoft has for all Windows machines giving more access than a normal administrator. Remember, they own it, and you lease the right to use it. :)
Want Big Business out of government? Take away the incentive and start by getting government out of big business!
This is huge! Windows passwords aren't enough to secure my porn! Call the government! Call nasa! Call a lawyer! This is an outrage!
Seriously. Does anyone here NOT know how to pull all the data off a windows machine without a password? I can think of a half-dozen ways to do it, and there is plenty of commercial software out there if you wanted to purchase some.
If someone has physical access to your machine, it is NOT secure. This is why people use encryption.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
So how long do you think it will be before the files on these thumb drives show up on TPB?
So as soon as a law enforcement type plugs this into the Bad Guy's computer, a virus is installed on the thumb drive and gets installed on every other machine that the drive is plugged into. (Like Mr. Law Enforcement's own desktop!!!)
Great Idea(tm) (:-)
Imagine the TSA was using these. Every businessman's computer would be owned. If the virus also disabled the detection systems, our Bad Guy could also attack other bad guy's systems. He'd rule the world... Bwa Ha Ha Ha....
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
With the right tools you can read files regardless of permissions, change passwords, add users, etc, almost anything. Building a linux live cd which can read most file formats and ignores ACL's and that's not even counting the various and sundry tools available which allow you to change even a root password to a machine you've forgotten the credentials to.
If the cops or anyone else has your PC they have access to anything on it that's not ecrypted, whether Microsoft wins some quick PR with law enforcement by making it easy for them or not. This is essentially a non story.
I hate MS as much as the next guy, but I have to admit MS has the lead over Linux in the field of community service. If the Linux community cared about society as much as MS did, there would be much less crime.
OK... So where can we download that tool? I got a couple of FUBARed computers which could definitely be saved with something like that.
No big deal. It's a USB keyboard with only an "I agree" button, and it's stuck.
Seriously though, I'm curious to know more about what exactly this does. At first I assumed this was typical
Spelling mistakes, grammatical errors, and stupid comments are intentional.
Anybody have a torrent of the files on this thumb drive? Might be fun to play with! ;-)
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I'm all for protecting personal privacy, but if investigators are using these tools to comb through your PC, you don't need to stop using windows - you need to stop committing crimes.
As someone in computer forensics, this type of tool is supposed to be used after the police have gotten access to your hard drive via court order.
Man, if I got an electron microscope and enough time, I can find your data. I understand people are worried about using this outside of the legal frame of the law, but as computers get more and more used to commit crimes we shouldn't be upset with the tools that are used but how they are being used.
Part of modern computer forensics is preserving as much of the state of the computer as possible BEFORE power is lost.
Granted, the state is in constant flux, but the cops really do want to grab any and all RAM-resident security keys, the contents of RAM disks, data not yet fully saved to files, etc.
The wet dream of a computer forensics expert is a computer he can put into hibernation without risking the loss of any data that has a "I'm going into hibernation mode, I better erase myself" detector.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
hmm.
I have a compact distro on a thumb drive that I can boot on, mount ntfs vfat and rifle through a computer should I wish - but this sounds like its more comprehensive then that. And if it is designed for widespread cop usage then it must be extremely user friendly as well. And TFA implies you do not even need to power down the PC.
So.. I would a guess an auto run application that is designed from the bottom up the bypass security, promote to admin rights, scan for files matching keywords, copy log files, backup fat, scan partition information, mount any unmounted partitions, get internet history, scan for deleted files, log torrent trackers. Hell there is an awful lot that could be obtained quickly and then analyzed later on once saved on the thumb drive. It could even alert officers for clear violations to prompt for arrest.
Clever little toy.
1. its going to help drive a lot of people to not use Windows - I already do not.
2. If windows had a rigorous and well implemented security system this would not be possible in any case.
3. Its an open challenge to the wares communities to copy and reverse engineer
4. It promotes the belief that there must be back doors into Windows that this gizmo utilizes.
5. I guarantee that something like this will become the norm at customs/airports for a lot of cases if it is fast enough - something on the lines of hold on sir, please plug your PC into this for 30 seconds whilst we scan for illegal behavior
6. Running Linux will simply open you to suspicion and a more in depth analysis.
And was one of the easiest things that Microsoft has ever done.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
If you use TrueCrypt or other similar products to encrypt the entire hard drive I don't think this doohickey will be very effective. My laptop uses an encryption product for the entire hdd and when I boot into Ubuntu LiveCD I can't see a thing.
Bottom Line: Encrypt the entire thing and be done with it. Truecrypt FTW!
the future is but past forgotten
Here are the top four password recovery tools for Windows according to about.com's article.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
The cops busted the thieves as they were still on my property and with the loot. Although the thieves did not have enough time to crack my laptop, the police kept it for forensic analysis instead of returning it immediately.
Lesson for anyone reading this post: Use secure wipe when buying a used laptop and encrypt if you value your privacy. It is probably standard police procedure to snoop in people's files whenever the opportunity presents itself. I am grateful for recovering my laptop but its feel like a second violation with such intrusive methods.
...along with the Geneva convention. It's all part of the new world order.
If you don't have anything to hide, then you won't mind me looking through your briefcase.
First, US as world policeman with Bush/Cheney/Rumsfeld leading the charge . Now, MS as internet policeman, with Ballmer/Smith leading the way.
Advice to Jerry Yao: ditch all MS products.
In unrelated news, it is now a felony not to run Windows on your machine, and Linus Torvalds has gone into hiding.
Life would be easier if I had the source code.
You'd always have to shut it down, image the drive, and then run your test against the image. If you ever so much as boot the image and use the device at that point, you've still just changed a shit load of files during the boot up process and a lawyer may still be able to get you off.
This device is only helpful if it contains a standalone script that can be pointed to a set of files on a write-blocked drive. Blindly letting it have full read/write access to any drive would be instant not-guilty result.
Unless this device gets some hefty certs, I'd be surprised if any law enforcement agency that reports to the public courts would ever use this device as reported.
When I said you should have your computer dual boot, with networking disabled on the windows side (which is how my PC was set up before the power supply burned out last week) so you wouldn't get viruses, spyware, and other nasties on your PC I was modded "troll".
Now the summary says "Just one more reason not to run Windows on your computer."
I guess the submitter was trolling? But at any rate, it seems to me that since Windows can't read hda, as long as you keep your terrorism plans, drug dealers' phone books, child pornography, and stolen state secterts off the windows side of your computer you're safe, right?
Wrong. If I have physical access to your machine I can probably get in pretty easily, and I'm no security expert. The cops have the funding to hire top notch guys who WILL decode that drive.
I can't for the life of me figure out why Microsoft would produce this tool, as it only makes them look bad. If someone made a Linux tool to crack windows, the Microsoft apologists and astroturfers would be screaming "FUD!"
The malware boys wil get a copy and make it so it works online. What fun!
(as one slashdotter's sig says, "karma: excellent. Try again, modboy!")
-mcgrew
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
All those little snippetts/reports over the years about "backdoors/trapdoors" into Windows aren't seeming so far fetched today?? Microsofts stock value starts to slip...OH!! time to market to the government for security! Just another day in the USSA.
...as in, selling the means to bypass copy protection?
rj
Investigators can probably find anything on your computer no matter what O/S you use.
Microsoft just made it alot easier.
He who knows best knows how little he knows. - Thomas Jefferson
is that a program CAN be written to bypass all windows security using a dongle.
hmmm
The Kruger Dunning explains most post on
This is not something new people, I can dump your RAM from my USB key already(After a reboot!) and go through for whatever I'd like.
http://tourian.jchost.net/shadow/liveusb/boot.png
http://tourian.jchost.net/shadow/liveusb/memoryremenance.png
http://tourian.jchost.net/shadow/liveusb/memoryremenance-filecarving.png
http://citp.princeton.edu/memory/
http://mcgrewsecurity.com/projects/msramdmp/ (The MS isn't for microsoft)
www.isoHunt.com
Not sure what the big deal is.
If you are a computer forensic investigator you already have many available tools (EnCase, etc) to do the same thing, not to mention the obvious linux based free tools (Helix, etc) that let you pound away on a computer (or captured image) and get whatever you want off it.
Keeping your computer completely secure is about as practical as copyright owners keeping their data totally protected. Its always an escalating two way battle and the winner is just the one who's willing to go the farthest with it, but nothing is 100% safe.
Privacy and DRM are both doomed for the same reasons.
Get over it.
-- Senior Software Engineer, Attorney appearance services, locallawyerapp.com.
"We're doing this to help ensure that the Internet stays safe."
Thank God! I'd hate to have someone murder me over the internet!
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
I don't get it. Let's stop throwing out the Men in Black Helicopters theories and Bill gates is Trampling My First Amendment Rights crap. If a computer is held for evidence in a child porn case, for example, then why would anyone here have a problem with a tool that makes it easier to collect said evidence from the computer to prosecute the offenders?
Let's forget there are already plenty of tools available to do this. So bitching about this is just farking stupid in the first place...
I turned in a client over a year ago for possession of child porn. I don't have one regret in doing so. When I turned the kid's computer in, I saw first-hand how carefully the police treat such things in order to preserve all evidence. If there's a tool out there that makes this process easier to nail people, then I say go for it. Stop bitching. No one's out to nail you for your WaRez.
It basically bypasses all of the Windows security
Windows has security?
Just because it CAN be done, doesn't mean it should!
If you have physical access to a computer, you can read the hard disk of any computer now -- Windows or otherwise -- without some special gizmo. All you need is a Linux live CD, or something like that.
Frankly, I don't understand the need for this gizmo in the first place.
Proverbs 21:19
On the black market?
Imagine the chaos this will produce once someone sells it off and its modified to work over a network!. Money talks and we all know the man is just as corruptible as the consumer. Sorry I meant citizen.
Well this is a good time and excuse to finally really try to wheen myself off windows.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Crime is cool!
when someone else has your passwords.
To decide how harmful something is, you need to consider the worst thing it will do. Obviously, the police don't need this cracker kit from the soft to boot knoppix and read your unencrypted cruft they want what you consider safe. That might be SatanicPuppy's kiddie porn but there's real potential for abuse here.
Without privacy, you get political and economic abuse. For instance, the people who kept Code Pink, aka political opposition, out of Canada by falsifying information in a database would also love to know who else to harm by reading their contacts at the border. Microsoft would love to read the business secrets or their competitors.
The bootom line is that Microsoft has just admitted it's systems are backdoored so that they can get passwords. Those systems and anything made by Microsoft is suspect - don't use it if you value your business, privacy or freedom.
This has probably been possible since XP SP2, if not shortly thereafter.
And suspect that at some point the 'police' will 'accidentally' or 'inadvertantly' leak this to the outside, and woops, there it is...
The only unanswered questions are:
- Is this 'feature' part of foreign language versions? I expect these governments will be interested in this feature...
- What other government agencies will have access to this tool, and under what circumstances?
Well, we can be pwned with a warrant, want, or secret finding.
Again, as if we didn't know this was possible. So much for secrecy in Windows. Get yer Ubuntu running, gang, and your PGPDisk. I recommend the full disk encryption option as best.
deleting the extra space after periods so i can stay relevant, yeah.
crack this criminal's e-mail about torture.
Cordially,
Kilgore Trout
Use a VMware machien that has it's disk file loaded on an ecrapted partition and have the machyne itself installed on a encrapted partition, but hide the VMware machine files on a partition that is mounted to a folder name deep within the windows file system so it can't easily be seen. Let them pull your data, all of it will be from your normal "clean" parition on your C drive, do some regualr surfing on the main machine and keep a seprate clean E-mail account on it as well. When their little keys finds nothing of interest you can get away with anything with your Virtual Desktop and they can't prove a thing!
Tsukasa: All I really want, is to be left alone...
Discussions there led to the creation of COFEE. I normally make coffee before I start discussions. one lump or two ?
.....this is the body .....
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
It's _when_ it will be used. Console access with nifty commands isn't new or earth shattering. Access with a feature set of brainless tools is something different.
:)
Legitimate investigations aside; I can see the benefits here. I'm curious how tools like this would apply to other types of searches.
Using live CD's or rebooting from CD/source is slightly more technical and hugely invasive to forensics (to the point of completely destructive many would agree), so the effect is that MS is selling a collection of hacking tools designed to make investigations easier.
By extension, if its easier, I think it could gain some momentum for gray area investigations or researches.
- traffic stops
- border/us customs
- Oh, you want to be a big brother/foster parent?
I dunno, I could have had an extra cup of 'Extremist' this AM also.
Hell i want one, no more uac prompts in Vista. This would be a benefit too all sa's if they had one.
make sure to read that both ways... not only should a computer-savvy person be perfectly capable of doing this, there shouldn't be anything in the way to STOP them from doing this. They SHOULD be able to do this. Being able to access a drive's contents externally can save your ass if you hose the O/S / boot sector / whatever. Getting around basic password systems that are only meant to prevent unauthorized access when already in the same system is something that is -by design-. If you don't want the contents available even if hooked up to a secondary machine, or even to forensics, then you should encrypt the thing (keeping in mind that if you then screw something up, you may be SOL.)
Hit the nail on the head, even when not using the heart-string tugging example of child porn. If the polive have physical posession of your computer, that means they have already secured a search warrant and have every right to get in to your computer and look through your stuff. And, frankly, they should. There is not a single privacy issue with this tool.
Here is the original link if anyone wants it: http://scissec.scis.ecu.edu.au/wordpress/conference_proceedings/2006/forensics/Proceedings_Forensics2006.doc
If you scan down about 15% of the way down, there is a blurb about COFEE mixed in with the rest:
Interestingly, this article if from 2006. So COFEE has been around for 2 years already. Fascinating that we are just hearing about it now.
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
According to the article it can be attached to an actively networked pc allowing a search without rebooting, if this is true, they could access data in locations that they have do not have a search warrant for... right?
Please excuse my typo. The article *IS* from 2006, not "if". I gotta proofread more carefully. (When are we gonna get an edit feature Slashdot?)
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
Well, computer games are not exactly art, but anyway. In CSI:Hard Evidence, one of the tools you can use to gather evidence at the places you visit is a USB pendrive that can find "encrypted files" in any computer.
From TFA:
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.
Who the hell owns your computer? What happened top the 4th and 5th ammendment?
This is totally unacceptable. Even using an "encypted volume" on Windows, I bet the password is stored in a format which will be decrypted by the tools on this device.
I use Linux, and while my system is on a UPS, it is also on a switch that I can turn off quickly and my home volume is encrypted.
Listen, in our browser history, regardless of how straight and narrow you may live, exists pictures and words that can be used against you in the court of public opinion. Even a recent picture by Fran Lebovitz of a 15year old girl on major news outlets could be called kiddie porn to the press.
The police and government use terror and public destruction to intimidate would-be criminals or people who have the mind to speak against them. It is best not to have your personal data as something they can use against you.
Just remember this:
"If you give me six lines written by the most honest man, I will find something in them to hang him."
Cardinal Richelieu (1585)
This only goes to show just how insecure Windows is. Sure under Linux you can easily reset the root password on an encrupted drive, but that tool also will supply you with the passwords the people were using easily!
I'd like to see a comparison of how easy a Windows vs Linux machine is to crask passwords without internet access or using a rainbow table.
Since a computer (or the evidenciary data) has to be in pristine condition to stand up in a court of law, the current process is to make an identical, bit-by-bit exact copy of the drives and RAM, and examine those in a lab setting, apart from the suspect computer.
I wonder if this little MS device follows those rules or is it invasive, and leaves tracks like regular commands would??
"Yes, I have a Disaster Recovery Plan. It's called my Resume"
Today, information is valuable. People and companies expend effort to protect their information. The more the government seeks access that information, the more people will expend resources to protect that information.
This leads to waste.
If you are really paranoid, use Truecrypt.
WHERE DO I GET ONE????
who, other than the police, knows about and can use this?
"We're doing this to help ensure that the Internet stays safe."
Bit like doing something to help ensure the sky stays filled with Unicorns, eh?
Because these drives won't get stolen and duplicated, so criminals can comb through your PC. Nosir.
No tyrant thrives when every subject says no.
"Just one more reason not to run Windows on your computer." ...whaaat? oh come on...soo absurd, yet I bet the /. crowd just eats it up...
A more realistic closing statement might be "Just one more reason to ensure you use encryption if you value privacy" - considerably more fair.
The fact that there is an intentional back door, even if it's for 'law enforcement' purposes, means that all the Windows claims of security are meaningless. It's a pretend security.
If I manufacture locks, and and put in a glitch so that it will unlock if you shake/tap it a certain way, then I'm not making a lock, I'm making a device 'similar to a lock'.
God this pisses me off. How long until these devices end up on ebay? Or a knock-off gets out into the public's hands.
Utter bs. I love that my Windows password is not one-way hashed. That's why my personal stuff I wouldn't want a thief to see is in a TruCrypt hidden volume. And this is also why I no longer bring my laptop with me when I cross the border into the USA. Stupid.
...yet
(Although it's amazing how many former coffee drinkers misspell coffee.)
I agree, but people won't move from Windows until the alternatives get a library of games/software comparable to Windows, and solve stupid issues like these:
http://linux.slashdot.org/article.pl?sid=08/04/28/012238
I'm a techie/developer and even I find Linux confusing.
you haters are so pathetic...
It's nothing new. While other products might not be Microsoft made, there are tools out there. UBCD (Ultimate Boot CD) comes with a utility for blanking XP passwords (I don't know if theres one for Vista yet, but if not, there will be soon). I've used it to blank passwords on US Army Secret computers (FYI, I work for the army and had permission) that users had lost their password to, took me 10 minutes max. Windows isn't/hasn't been secure. While I shake my finger at MS for providing a back door to anyone that allows access to others data (and I'm sure it's only a matter of time until this gets leaked to a torrent site), it's not exactly groundbreaking.
... its not my computer. Some guy just ran through here a few seconds ago and handed it to me. I've never seen any of this Goatse stuff before.
Have gnu, will travel.
this will show up on the torrents by next week!!
This is a very good thing for Linux and the Open Source community for the following reasons:
Finally we have 100% proof that Microsoft have been lying all along when denying there is a security backdoor in Windows.
Now we know beyond doubt that you just can't trust any Microsoft-developed security system to even be intended to be fully secure.
This will ensure all worldwide military, and most (non-US) government departments will be obliged to migrate away from Windows and other Microsoft products simply for security reasons.
The first big business bust made with evidence gained by COFEE will ensure the rest of the commercial world will shortly follow.
What happens when you are innocent and the thumb drive contains malware/spyware?
...How long before some hacker group gets their nefarious hands on this 'plugin'?
OSS Community; Code me a viable alternative to Outlook and Office PRONTO, so I can use Linux! (And no, OO is no option, it is TeH SuX0000rrrZZ)
Presumably Sting is helping the RIAA find illegal downloads of "Message In A Bottle"?
Gentoo Linux - another day, another USE flag.
My 14yo neighbor kid did it in half the LEO's time using his $15 512mb USB loaded w/ Linux distro. We'll bring you more exciting revelations as they become available, STAY TUNED!
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
The kids call it 'pwning' or 'fragging' these days.
A Windows password cracker is *not* news.
That Microsoft is *actively* aiding and abetting police cracking personal computers is news. (Spoonfeeding police the information and tools is a more apt description.)
Does this crack BitLocker? Trusted Computing? Does the cracker work at the *hardware* level?
In all honesty, I don't know why it always ends up stirring an anti-microsoft apple/linux/unix fanboi debate. Every operating system is open to forensics, the fact microsoft threw a product together to help the police win cases with less effort or knowledge is a good thing. Who wants to go through the trouble of pulling out a hard drive, toss a write blocker, open encase/adftk etc and document a billion boring steps and try and stay awake doing long boring searches anyways. Who says lazy can't win!!!
FUCK the POLICE!
I really look at this as more of a security issue than a privacy one. I think its less about privacy because one would have to assume in order to place this device on your computer police would have to have the correct authorization (ie: a warrant). I'm more concerned about the security implications of a device that simply plugs in and extracts all that information. However, I guess this would require physical access to the machine, and generally speaking, once someone has physical access, you're done for anyway.
Microsoft USA and China Technology Center (CTC) working together to assure the states future. Eat your heart out Mother Russia (MR)! What M$ lacks in desirability will always be the need for Viagra free Corporatists'/Politicians' functionality!
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Wow, the anti-MS fanboys are really running out of ammo.
I also read Windows is compatible with more hardware then any other OS on the market. That's surely a security hole and a reason to run linux!
So pretty much all the USB drive has to do is turn on the computer.
Of course, nobody is going to argue that it wasn't already easy to get the files off a Windows box when you have physical access to it. The part that makes this bad is that Microsoft intentionally added backdoors to their security features, and then gave the key to a whole bunch of people, without telling anybody. As a result, most home users and an awful lot of businesses are now using software with backdoors in it.
Also, remember that only ONE key ever has to be lost, stolen, pirated, etc., for every Windows box in the world to have its security compromised. Considering how common data theft is these days, I'd bet that there's already more than one copy floating around. The chance that this stuff will eventually turn up in malware (if it hasn't already) is VERY high.
Just so every one out there knows... And I am in no way supporting or rejecting M$ on this matter. But it is a flaw in USB Security... Every Day Millions of people plug in an USB device, do their business, and pull out the device. No OS warnings or anything.
Also the same in Linux.
That being said I have a USB Device called Blackdog Linux. found here http://www.projectblackdog.com.
This little guy is quite remarkable. When inserted into any USB port he fires up a functioning Linux Server complete with FTP and all the bells and whistles.
Now the interesting thing about this is it could be configured to automagically transfer files from the host HD to virtually anywhere as the slave linux OS uses the host network for internet access. Heres the scary part of this... this can be done without notice to the user of the host pc.
I don't know how careful the NIST actually evaluates the items to be certified, but if it is anything like the ISO 9000 certification a previous employer of mine got there will be holes you can drive a truck through ;-)
C - the footgun of programming languages
Comment removed based on user account deletion
Oh, you take me back to the good old days of Quake and Quake II when I ran the Springfield Fragfest site!
I guess I did get killed over the internet. A lot! Damn but it's dangerous in here.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Let's put all the amusing pokes and prods at Windows security aside for a minute, and be ruthlessly blunt:
The moderator who posted this story is either:
a) A complete idiot, effectively; hugely ignorant on the topic
b) A troll
c) All of the above
Seriously, the article is (from the way it's represented on Slashdot) just absurd.
Microsoft made a device to help law enforcement agencies extract data off computers under investigation? What's the big surprise? This is an obvious move for Microsoft, lest it want to look uncooperative with law enforcement agencies, or leave more territory up for grabs by non-Microsoft OS's and tools, as many posters have pointed out. I have no doubt Microsoft has helped law enforcement agencies extract data off Windows computers in the past, via providing technical expertise, this is clearly just the latest offering in this area.
The quote "basically bypasses all of the Windows security" is pulled out of thin air, or maybe someone's rectum. After reading the article, the closest I can find to this quote is: "The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer."
It has tools that can cut the time it takes to gather digital evidence? So does every Linux distribution out there, and 10-fold if it's aimed at the pentest (penetration testing) area.
It can decrypt passwords? Possibly, there's numerous different hash's employed on Windows of varying strength. Frankly, I think it's more likely it just changes the passwords to something else (this is conjecture, but an obvious idea, and likely an easier solution).
Analyse a computers internet activity? Well that's a real challenge. Mount the computers partitions, look at the browsers history and cache.
Analyse data on the computer? As easy as above, if not easier. FAT32 has no file system level security at all. If it's NTFS, you'll bypass most security mechanisms anyway just by mounting under linux, or any other OS with NTFS support. The only feature I can think of that may create difficulty would be EFS (Encrypting File System), but I'm not sufficiently versed on EFS to really make an informed comment.
So what's the bottom line? This story is pure, unfiltered, undiluted FUD.
ALL computers that are physically accessible are potentially far more vulnerable to exploitation than when attacking from a remote source. The OS is more or less irrelevant. From what I've read, all this device does is get past basic, everyday Windows security by bypassing the OS. Not novel, not difficult, and something easily done on most Linux Live-CD's.
So what would make this story interesting? As some people have said, a backdoor. Is this implied in the actual linked article? No. Is it likely? IMO, no. Why? Because if such a backdoor became public, the damage to Microsoft could potentially be gigantic and a PR nightmare of epic proportions. If such a backdoor was being used, I doubt they'd be distributing it in bulk to supposedly "More than 2,000 officers in 15 countries". Plenty of opportunity there to nab a device and get reverse engineering.
Is this an angry border-line rant? Yes.
But it's true AND it is obvious.
Thanks.
First, whoever wrote that article has NO clue what the hell they are talking about. No set of tools for taking information about a live/running system is going to take the place of a full disk image and analysis by a tool like Encase. Furthermore, this sounds like nothing more than a set of tools for gathering information on a running system. Since most of the tools that digital forensics investigators utilize for live system analysis for Windows boxes were part of the Winternals suite that Microsoft acquired, I doubt this is anything all that special. I'll probably have access to one sooner or later, as I am a forensic investigator in the private sector with friends in the law enforcement world, and I'm not expecting anything earth shattering. But this article is clearly FUD written by someone who thinks computers are magic.
Remember the Alamo, and God Bless Texas...
Police help Microsoft crack your Windows computer's competition.
Wrap as many coils of insulated copper wire as you can around the drive.
If and when someone comes to get your data, switch this wire to 110ac right away. Not only will the magnetic field wipe your drive clean, it can also set the machine on fire.
"Does anyone here NOT know how to pull all the data off a windows machine without a password?"
You're not understanding the implication here. They can do it without rebooting. In otherwords, they plug it into a running windows machine and they can gain access.
Otherwise there would be no point. You can always image the drive to make a perfect copy. This is better because *YOU NEVER KNOW*.
Think of the implications here in terms of Microsoft's ability to get through any security, either remotely or via physical access.
Sorry to attach this to your +5 post but I wanted this to get seen:
http://www.microsoft.com/presspass/features/2008/apr08/04-28CrantonQA.mspx
From the ms press release:
"COFEE, a preconfigured, automated tool fits on a USB thumb drive. Prior to COFEE the equivalent work would require a computer forensics expert to enter 150 complex commands manually through a process that could take three to four hours. With COFEE, you simply plug into a running computer to extract the data with the click of one button --completing the work in about 20 minutes."
Its little more than an automated tool that can be run by 'joe-beat-cop' instead of sending a forensics computer expert along. It doesn't do anything that couldn't already be done.
This all... MUCH ADO ABOUT NOTHING!!
To be honest the reason why anyone would use Linux in face of such an incredible disclosure would be because they value their privacy. I've been saying for the past couple years that privacy is important no matter what.
With Ubuntu (or Linux in general) you aren't going to be making it easier for a company such as Microsoft to build such a tool which can and will be abused more than you can possibly imagine.
With Linux the privacy is protected by disclosure. You disclose your coding so that millions of eyes can see it. No surprises can crop up for this sort of thing because people have seen the code. No special facilities will be built that will allow companies to allow other entities undisclosed access to your computer.
I don't want to hear the shit about how if you aren't guilty you shouldn't be worried. That's absolute bullshit. You protect your privacy to keep others from invading your privacy in the future.
With Microsoft Windows you have your privacy violated all the time (especially in Vista). You let this go and down the road you are probably going to find more nefarious aspects to that privacy violations such as the ability of the federal government to invade undetectably into your computer.
It is my right to say what is disclosed about me and what I say to others in private conversation. Our laws were written to put the burden on the government to prove their cases and our laws are there to permit us to protect ourselves against self incrimination. These are there to keep government agencies from misusing their power, which happens regularly.
You give up your privacy today you give up your children's privacy tomorrow and they may not feel the same way about it as you do. And consider that our federal government has been monitoring all electronic and digital communications for some time without warrants is just one aspect of you allowing them to do it because you feel you have nothing to hide. Well, the vast majority of American's don't have anything serious to hide, but that's not enough reason to justify this blanket ability to invade
You can lead a man with reason but you can't make him think.
So if Microsoft is willing to give this device to police i'm pretty sure they would give it to the feds. Thus negating the possibility of not telling a border patrol officer your login password for your laptop.
http://tech.yahoo.com/blogs/null/90325
If they really want to know what's on your hard drive, your choice of operating system will matter less than your ability to hold your breath.
I would hate an edit feature. That is what proofreading is for. Once you commit your post that should be it. I can't tell you how many times I've been in forums that allow editing of posts and suddenly I don't know what anyone is talking about simply because I showed up late. One person makes a comment, other people discuss, then that person edits his post to something else.
Not only that, it would be horrible for avoiding the trolls. All they would need to do is get a +5 informative on a post then edit it to be a link to a virus filled site or something else.
Stop Global Warming!
Just say no to irreversible processes!
Or just one more reason not to commit crimes.
Beauty is in the beholder of the eye.
Do you know if this distro is available publicly? I'm really interested in it because by default it blocks write access to IDE devices. Would be a great help in rescuing disks (something I do too much of sadly).
Great thougth! In my case, the comp is setting next to the only escape route (the window) and if the guy actually got away (having to jump over the 21" monitor and out the window) he would be seriously injured!
Whats the ignition point of thermite? Maybe I can sandwich it betwen the proc and heatsink, and just turn off the fan in software to ignite it!
How much is your data worth? Back it up now.
Allways zipcrypt with a plausible deniability folder. For instance, I work in a field where occasionally I have to have demographics on my comp. so, I encrypt a file, called *demographics.zip in it I put ... wait for it.
Demographics!
Then one tiny file is actually a textfile attached to an encrypted zip file with a txt extension. If you open the text file, it looks like text, for the first 30 or so pages, and then it looks as if it's corrupted. Yank your text, rename file, open, enter password, ahh 20G of pron is safe from wife.
Unless she sneaks up behind you, in which case your sol. Luckily for me, she just asks why I keep opening Mr. Andersons file.
How much is your data worth? Back it up now.
Free, European full disk encryption!
http://www.ce-infosys.com/english/downloads/free_compusec/index.html
I killed da wabbit -Elmer Fudd
I worked with the tool at one point. Its just a collection of already existing tools that allow some access to info without a reboot. You should look up other forensic tools and see what are out there, because what MS has provided is nothing new. Both EnCase and AccessData provide tools that can run from a thumb drive, dump your ram, and dump your HD to another device. They also have the ability to mount and browse your registry, hard drive (from images), and carve out info from your deleted files, as well as crack passwords.
In short, this isn't anything that they can't already do
"Just one more reason not to run Windows on your computer."
Yup, as once that tool is hacked/stolen into software and available on a USB drive, there won't be one computer that's safe.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
"...in order to eliminate all that pesky privacy when the police have physical access to your computer." Sorry, but the Search Warrant is what eliminates all your "peaky privacy", not something from Microsoft. And before you even think of the word "Patriot Act", any agency utilizing that act to search doesn't need anything from Microsoft. Believe it or not, criminals use computers too, and smaller agencies can use all the help they can get.
That is a dumb fucking idea to collect evidence with proprietary software.
Theoretically, a proprietary forensic software like this could be used to produce fake evidence and frame innocent people?
edit should reset the score
Interestingly, this article if from 2006. So COFEE has been around for 2 years already. Fascinating that we are just hearing about it now.
You must be new around here.
Edit should also be limited to a short time period.
Ok, well in the first place any unencrypted data is just stupid. So dont be stupid.
Encrypt using PGP (public domain), free, http://www.pgpi.org/. Yeah its from 2002, but it still works. Access to this site may be blocked by your ISP or your gov't network.
Other tools exist, including not-free, such as the "improved" PGP product from here, http://www.pgp.com/downloads/desktoptrial.html
But if you go with the "improved" PGP product, you may want to read this first: http://securology.blogspot.com/2007/10/pgp-whole-disk-encryption-barely.html
Other options exist, including:
http://www.cypherix.com/cryptainerle/
http://www.truecrypt.org/
http://www.drivelock.com/
http://americas.utimaco.com/safeguard_easy/
Among Others.
My personal favorite, however, is to disk-encrypt an external drive, one which connects via USB or FireWire, and which is NOT connected to the desktop or portable 99% of the time, and never when on-line. That is, whenever online, ensure the external drive is unplugged, and whenever the external drive is plugged in, ensure the network connection is unplugged - Not Just Disabled. Air Gaps are hard to hack remotely.
For most usage, I use a desktop machine with a removable boot disk. Such as:
http://www.startech.com/item/drw115atabk-Black-Professional-ATA-133-Drive-Drawer-with-Shock-Absorbers.aspx
http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&N=2000150043+50001849&name=Athena+Power
This way, the box is the same, and I just rotate specific boot disks for specific purposes. With different encryptions and access methods and passwords. Often, the other boot disks are in a different location than the desktop machine. I find that I need several disks, such as "Business", "Research" (web browsing), "Gaming" and so on. Thus when I am playing an online game, there is zero chance that my business data is being hacked as it is physically on a different disk, that is on a shelf, and is not in the machine. The online gaming community is full of hackers and hacker wanna-bes. Anyone playing an online game should assume their machine contains keyloggers and screen capture tools, and probably also has a proxy on it that remote-broadcasts everything one does on that machine including screen shots every five seconds using the built-in microsoft image service.
Its worth mentioning that if one uses the exact same disk in different trays for different boot disks, having the same size, same vendor, and bought at the same time, most machine identification systems will believe that only a single disk is in use, via remote sensing, if it ever comes to that.
Of course, my financial data and health care data is never on a machine that is ever online. For that I use an old clunker machine, never updated or patched, never online, and backed up weekly to an external drive and cd-roms.
As for online-banking and online-healthcare, well, these solutions are really really really very very very profitable for the Banks and the Health Care providers. They are also very much unsecured. Oh, wait, the server can be secured, yes. However, unless you are using a CISCO VPN, with a random key encryption, the data flow to the server, and from the server back to you, is not secured. Nor is your desktop, laptop or handheld machine secured. Many of these systems require encrypted pages to be saved to your hard disk. These can easily be retrieved and unencrypted days, weeks or even months later. Few people clean these "temporary" files. None of these online systems, with the exception of the above mentioned Cisco VPN, with random key encryption (requires a small stand alone device into which you enter a number or password) can be considered even partially secure. Online Banking just is not secure. Online health care and insurance systems are simply not secure. You are placing your financial, personal, or health care data at risk by using these systems.
And you agree to this risk of loss, in the fine print, of the user agreements for all of t
And those same agencies use weapons that they might not want civilians to own.
"It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator CAN [emphsis added] scan for evidence on site."
Regardless of which, they will still disconnect and confiscate. They will follow the tenet "You don't let the murder keep the gun", ignoring the fact that they're depriving the (gun/computer) owner of ownership rights despite not having shown that the person and/or particular device was actually involved in any wrong doing. Remember Steve Jackson's G.U.R.P.S Cyberpunk vs. the Secret Service? There's been a great deal of progress in clone-imaging the machines since then, but they still confiscate. Making it even more unnecessary will not stop it, because law enforcement seek as much as possible to inflict punishment in its attempt to leverage a guilty verdict against the guilty. In the process they fuck the innocent over because their violation of ownership rights happens outside the venue of judicial oversight and remains allowed even when placed in that venue.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Ubuntu Hardy Heron using the alternative installer allows full disk encryption with a passphrase during the install. http://www.phoronix.com/scan.php?page=article&item=873&num=1 Debian has had this since Etch I think. Slackware and SUSE also have a good set of docs on how to set up full disk encrytion. Not as easy as Ubuntu or Debian though. Actually it is more a fully encrypted root partition. The /boot needs to unencrypted to function. You can use an integrity checker to ensure this is not tampered with.
There is no excuse in 2008 for not using encryption.
And use a real operating system. Not Windows!
"Flags are bits of colored cloth that governments use first to shrink-wrap people's brains..."
...not to use Windows?