Microsoft Issues Takedown Notices Over COFEE

Eugen tips news that Microsoft has sent DMCA takedown notices to several websites to stop them from offering the Computer Online Forensic Evidence Extractor (COFEE) tool for download after it was leaked earlier this month. One of the sites, Cryptome.org, has posted their correspondence with Microsoft over the software. "... Microsoft contacted Network Solutions, which hosts Cryptome, and since John Young, the owner of the website, wasn't too keen on losing his whole website for the sake of a single 15MB file, he removed the download link and sent Network Solutions a notice of compliance."

Can't stop the signal

[Monkeedude1212]

Everything goes somewhere, and I go everywhere.

Once something is leaked you can take down all the websites you want, but you won't stop P2P Sharing.

Re:Can't stop the signal

[wvmarle]

Just put it on a server outside of the USA. Then at least you won't have an issue with DMCA notices.

Re:Can't stop the signal

[Burz]

Once something is leaked you can take down all the websites you want, but you won't stop P2P Sharing.

Indeed, it has already shown up on the anonymous I2P network.

Re:Can't stop the signal

[NoYob]

Sweet!

Unfortunately, the mods didn't get the "Firefly" reference the OP made - Can't stop the signal ... etc..

Ah, pop culture references.

Re:Can't stop the signal

[mysidia]

In this case, it doesn't matter where the website is hosted, since the domain is registered with a US-based registrar, they can always send DMCA notices to the US-based registrar to ask them to "remove the domain name"

Gotta insulate DNS first.

If DNS is protected from takedown, you can have servers all over the world ready to step in with a simple records change.

If not, they just gotta take down DNS, and then it doesn't matter where you put the server, you have to get a new name.....

Re:Can't stop the signal

[Zemran]

??? We do have other DNS servers out here and your government can only try to stop you guys in the US from using them. If a site is removed from your DNS it will still remain on ours and if you change your settings to use our DNS servers you will still be able to access whatever you want.

Re:Can't stop the signal

[mysidia]

It doesn't matter where their DNS servers are.

If their domain is registered with (network solutions) as it is, only Network Solutions holds the auth codes for the domain.

A court can order network solutions to establish a REGISTRAR-LOCK and freeze the domain, i.e. use the ordinary technical means available, to block any transfer attempt.

And then remove delegations to the DNS servers.

In this manner, it doesn't matter where their DNS servers themselves are located, once they are no longer authoritative for the domain, DNS queries will no longer be referred to them.

Re:Can't stop the signal

[Zemran]

I am sure that you believe this but do you really think that those of in the rest of the world would really put up with that? If the US closed a European, Russian or Chinese site for something that is illegal in the US but not in Europe, Russia or China you would break the internet. It is stupid. We have lots of sites that openly provide films, music etc. to those that can read russian without a care for your laws. The Mafiaa would love to stop this but it is outside your control.

Re:Can't stop the signal

[mysidia]

Then they should register their domains through a russian domain registrar that is outside the US jurisdiction, or through their .RU ccTLD.

Because Network Solutions is a US-based competitive registrar, which has to obey any lawful order made by a US court, under penalty of contempt, and has to obey DMCA notices from companies like Microsoft or risk liability.

Registrars are not immune, and the only reason they haven't frozen DNS for the domain is they weren't ordered to, and Microsoft may not have requested it.

Re:Can't stop the signal

[Zemran]

We are at cross purposes as I meant using different different tlds. .su is popular with the real rebels now and they allow cyrillic. ICANN have been trying to close .su for a long time but if it comes to a fight they know that it will just strengthen the alternatives.

Too little, too late?

[Telecommando]

I suspect that anyone who wanted it has already downloaded a copy by now.

Re:Too little, too late?

[Spatial]

I didn't. But I do now.

Re:Too little, too late?

[zoloto]

If you wanted I'm sure somebody like me could produce a link for you.

Re:Too little, too late?

I've never even heard of this program before! Now I'm curious.

BitTorrent, anyone?

Does anyone have a torrent file for this? (And a shasum, perhaps?)

Re:BitTorrent, anyone?

[infolation]

http://www.rapidshare.com/files/304543315/MICROSOFT.COMPUTER.ONLINE.FORENSIC.EVIDENCE.EXTRACTOR.V1.1.2-PHASE-bDk.rar

Re:BitTorrent, anyone?

[Whiteox]

Is the installer broken?
Extracted rar>zip>rar>phase folder. All looks ok but installer comes up with 'parameter incorrect' error.

Re:BitTorrent, anyone?

Try this: http://thepiratebay.org/torrent/5152895/COFEE_-_Microsoft_Forensic_Tools_-FIXED-

CRYPTOME?

[Philip+K+Dickhead]

John fearlessly posts pictures of ECHELON listening posts, Dick Cheney's Secret Bunker, the names of MI5 Moles in the IRA, CIA internal memos and the like.

But they can't take him down on NetSol - which is chock-full of spooks itself!

No, that's only Microsoft, and it's DMCA threat.

So. For how long has Cryptome been a disinformation channel?

Re:CRYPTOME?

Wow, nice first-post whoring.

Re:CRYPTOME?

[johnyoung]

Like the globe, Cryptome got the COFEE files from Torrent and wanted to see what Microsoft and Netsol would do when the copyfilth snoopfest was offered on a plain-sight website easily targeted. It's been several years since the last takedown notice for Cryptome, none since being hosted on Netsol. There's the result: snarf COFEE.

No, the material was not returned to MS, nor was it asked for, nor for log files, nor has MS apologized for Windows being so bloated, unstable, insecure and riddled with backholes for use by TLAs.

COFEE is a diversion and another example of the complicity ingrained in giant corps to aid official and commercial spying through browsers, ftp, http, faulty crypto, leaky data farms, telecomm splitters, juicy NDA contracts and grants to non-profits, internet nodes, not to say OSs, cells, i-pods, household appliances, e-games, porn sites, anything digital missing from this list.

Honestly, aping this noble forum, Cryptome's only purpose is to disinfo slight resistance to the tsunami of edu, com, gov, mil, intel kind.

Re:CRYPTOME?

They were compromised a long time ago. I have stopped taking them seriously ever since I noticed that they were doing the exact same thing other news organizations were doing with the JFK story saying that he "slumped" forward when that dosen't have anything to do with the article at hand. It's a known keyword to avoid harassment by those who are behind the murder.

I can relate.

[Jazz-Masta]

"... Microsoft contacted Network Solutions, which hosts Cryptome, and since John Young, the owner of the website, wasn't too keen on losing his whole website for the sake of a single 15MB file, he removed the download link and sent Network Solutions a notice of compliance."

I can relate to this. Around 2002 I received notice over a few files that a website had on one of my servers. I talked it over with the individual (owner) and he agreed it wasn't worth the effort and removed them. Everyone was happy.

I know /. regularly crucifies people who comply with these notices as wimps, corporate sellouts, etc, but when someone has to put food on the table, and really does not care about the content more than their own livelihood, then there really is no issue. This is why we have wikileaks, etc, so that individuals do not have to bear the brunt of responsibility for hosting these leaked files or other sensitive info.

In the case of COFEE, it was a 'stealing software' issue, and not a 'this is my right to leak this program' issue. Or maybe it is...maybe some reverse engineers can find out COFEE is putting innocent people beind bars?

Re:I can relate.

[Guspaz]

It won't matter anyhow, Microsoft just ignorantly invoked the Streisand effect.

Note to everyone out there faced with a "leak": The best thing to do is NOTHING. By trying to have something removed, it will only be spread more widely.

If Microsoft had simply ignored the incident, Cryptome would have hosted it and the vast majority of people would have never even heard of COFEE. Now, tons of people are downloading it just BECAUSE of the reports of their takedown campaign.

Re:I can relate.

[Nikker]

I would bet this program was 'leaked' as a social experiment to test it out.

1. 1) Let a bunch of curious geeks get interested and run the program
2. 2) Scan their system and send data back to test out this software
3. 3) Show law enforcement how good of a job they can do
4. 4) Get contract for COFFEE
5. 5) Lock in said law enforcement to more copies of windows to use said program
6. 6) Profit

Re:I can relate.

[JWSmythe]

    I've seen several C&D's (Cease and Desist) in my time. Most were for copyrighted photos, where someone had copied them without permission and used them. Depending on the offense and the usage, they were treated from removing the offending pictures, to removing the whole site. The whole site treatment was only if (and only if) they constituted the entire site. The customer was always notified, which kept everyone out of legal trouble.

    As much as we may not like the topic, and have a disregard for the multibillion dollar corp, it's their software, and it was being provided illegally. The C&D was appropriate, and it was handled appropriately. Regardless if it's a guy writing software out of his house and every sale counts towards paying his bills, or one of the biggest companies in the world, it's really not right to just steal their stuff. Obviously it wasn't stolen by cryptome, nor did they turn a profit from providing the software. That's probably what protected them against a very nasty lawsuit.

Re:I can relate.

Dude, that's such utter BS. COFEE was a bit of news on Slashdot without Microsoft doing anything about it. So your protests to the contrary, no, demanding it be taken down is not doing anything to increase anything to increase their exposure, and the only thing being silent will do is create a precedent (not necessarily a legal one, though I wouldn't rule it out) for the next person that Microsoft will tolerate their actions.

But by acting, well, anybody that was going to download it and do anything with it? Chances are they already have. But in the future, if somebody else is in the same position to leak it, maybe they'll think twice about it.

Re:I can relate.

[jonadab]

> It won't matter anyhow, Microsoft just ignorantly invoked the Streisand effect.

Maybe.

> Note to everyone out there faced with a "leak": The best thing to do is NOTHING.

That depends on your goal.

> By trying to have something removed, it will only be spread more widely.

True.

> If Microsoft had simply ignored the incident, Cryptome would have hosted
> it and the vast majority of people would have never even heard of COFEE.

Also true.

> Now, tons of people are downloading it just BECAUSE
> of the reports of their takedown campaign.

Yes. But, speaking as a cynic, how do you know that this isn't why it was leaked in the first place? How do you know Microsoft didn't *plan* to invoke this reverse-psychology failed suppression effect to create buzz?

There's an old saying: there's no such thing as bad publicity. This isn't strictly true in the absolute sense, but it's much *closer* to true than many people realize. If it weren't for bad publicity, Microsoft would hardly have any publicity at all and yet, somehow, they seem to be doing okay, fiscally speaking.

Maybe I'm giving Microsoft too much credit, but it seems possible to me that someone within the organization arranged this on purpose, unofficially of course, as a form of marketing.

Will this henceforth be known...

...as the hot COFEE incident?

Re:Will this henceforth be known...

[shutdown+-p+now]

No. What's hot about it?

Re:Will this henceforth be known...

Mod parent DOWN -1, clueless.

Re:I wrote a perl script

[GhigoRenzulli]

It won't work unless you install perl. And it will scan only one drive. There's room for improvement, at the moment COFEE still performs better.

Still available on TPB....

[Ellis+D.+Tripp]

http://thepiratebay.org/torrent/5156601

Links Still Live

Funny story, just visited cryptome and the files are still downloadable.

Re:Links Still Live

[JWSmythe]

    Check the file contents. The only thing in the zip file is the takedown notice.

   

Re:Links Still Live

Not in the torrent, but I can't seem to connect with any peers.

Re:Links Still Live

[H0p313ss]

Not in the torrent, but I can't seem to connect with any peers.

Sir, please place your hands behind your head and step away from the keyboard.

Re:Links Still Live

    [hint: Try again. Downloaded in 15 minutes, after this story posted.]

Takedown notice...

[Trebawa]

Thus guaranteeing thousands of frantic downloads.

Re:Takedown notice...

Thus guaranteeing thousands of frantic downloads.

Dude, you only have to download it once.

Making it worse

[dandart]

Well, uhhh, you'd better take it down. *slurp slurp*

but did he give it back

But did he email his copy back to Microsoft?

Re:but did he give it back

[Abstrackt]

But did he email his copy back to Microsoft?

No, but he did send them a drawing of a spider.

Re:First Trout

[FatdogHaiku]

Won't anybody think of the pizzas?

I do... way too much... Thinking about a turkey & stuffing pizza right now.
Oh, and maybe a ham, pineapple and jalapeno pizza too.

Want...

[RealRedMist]

I have no idea what this is. I havn't even read the article. But on the basis that Microsoft don't want me to have it, I'm going to hunt it down.

Re:Want...

[JWSmythe]

That's why most people are going to grab it.

    1) They don't want you to have it.
    2) They are making a big deal about it.
    3) (the lesser reason) To see what MS is giving up to LEO.

Available on Freenet

[FreenetFan]

COFEE is available on Freenet, as are most things like this.

Freenet is very usable at the moment. Speeds are pretty good considering the constraints of encryption and anonymity, and there is a lot of filesharing going on.

Re:Available on Freenet

Freenet is very usable at the moment. Speeds are pretty good considering the constraints of encryption and anonymity, and there is a lot of filesharing going on.

And some of the files even relate to stuff other than bestiality, pedophilia, script kiddy tools, and warez!

Re:Available on Freenet

[arth1]

Freenet and other anonymous forwarder schemes arent's secure, unless you already can trust any and all of the nodes you connect directly to. And if you can trust them, you might as well use a network share -- it's much faster.

Why it isn't safe? Funneling. The easiest imaginable (but far from most efficient) version is a cluster of N nodes, where N equals the maximum number of jumps a packet can take, the internal max TTL of the protocol used. The nodes are firewalled in a chain, so that only one end of the chain is open from the outside, and only the other end of the chain can send requests out to the internet. Then those who run the nodes know that any traffic that makes it through to the end of the chain must be from directly connected hosts. It doesn't matter if the TTL is randomized and encrypted in an onion layer; as long as there is a max, even if only one out of a million packets make it to the endpoint host, for all the traffic that does make it, they know the source and the destination.

The problem is that with a design where the next hop gets to choose its next hop, you can't prevent someone from creating funnels where traffic can't go to other nodes, only to other malicious hosts or the outside.

Another problem is if you have a single pipe. Then it's dead easy to sit at your ISP and drop the pipe to you intermittently. When there are outgoing requests when the pipe to you is down, the snoops know that the traffic originates from you. And again, with a funnel, they can find out where the traffic is going. Do they know what the traffic is? Well, they may be the ones that host the materials you try to access, in which case, yes, they do.

And yes, a large portion of the so-called darknets are run by law enforcement agencies and institutions working closely with them. Letting a thousand people getting away with downloading pipe bomb recipes, child porn and sedition against king Dumbledore is apparently acceptable if they can nab one every now and then, and thus justify their own existence.

Re:Available on Freenet

And we have to help you to get child porn exactly for what?

We can get crappy computer forensics software from aptitude repositories already, no need for law enforcement officers, Microsoft and child rapists to get involved at all.

Thank you.

Re:Available on Freenet

[cyclomedia]

I had an idea to solve this problem, and further hide identities in the process.

You (through a nice friendly interface) get it to generate a Pri/Pub key pair. Then the public key is used to both encrypt traffic that is for you AND to id your node on the network. You then send your public key to your trusted friends out-of-band (OOB) e.g. by having a button that exports the key and your current internet-facing IP (grab it automatically from whats-my-ip.com or suchlike) in a way that's dead easy to paste into an email, or save as a .txt to a usb stick and snail-mail. The receiver reverses the process by pasting it into a text box. Once you've both exchanged keys in this way your clients will connect, perform an encrypted handshake to rule out man-in-the-middle attacks and from then on update each other if your IP lease expires.

Of course if both your leases expire when you're both offline you'd have to do the OOB exchange again but that should be nice and easy with the right UI.

The next bit is to hide traffic/routing from snoopers by having you define your upload/download rates (e.g. 32 and 128 KB/s) and have the client constantly communicate with all your friend nodes (so if you have two friends this becomse a constant 16 and 64 each, respectively) all the time with random encrypted garbage. Only inserting real packets when needed. This might not be mega fast but it prevents a malicious snoop node from requesting a large file and then watching who's traffic spikes to traceroute it.

Re:Available on Freenet

[FreenetFan]

It sounds like you aren't very familiar with how Freenet works. There is no "outside" in Freenet - everything is internal. It's not like Tor where you have content hosted in a specific place and Tor just handles the transport - Freenet hosts all the content too.

A file in Freenet won't be stored in one place, it is split into chunks of 32kB and those will be stored all over Freenet, usually highly redundantly.

Freenet is designed so that even if a large minority of nodes are compromised by law enforcement or whoever, it should still be secure.

There are theoretical statistical attacks on Freenet in some circumstances, but Freenet has stronger modes of protection if you are worried about these, and they don't sound like the ones you are describing.

huh?

Unlike ECHELON listening posts, Dick Cheney's Secret Bunker, the names of MI5 Moles in the IRA, CIA internal memos and the like, Coffee is a copyrighted work which falls under DMCA law, which all registrars must respect.

None of which you listed falls under any laws that would prevent their distribution. If someone stumbles upon some intelligence, there is no law preventing someone from disclosing that intelligence, even classified intelligence if you are a civilian.

Re:huh?

[Fantastic+Lad]

Mission Accomplished.

You now believe that copyright violation is the most serious bit of public misbehavior a citizen can get up to. --And, no, I'm not talking about this particular incident, or that particular website, (which I've never even heard of). I'm talking about the national freak-out which began with Napster, and which I was laughing at way back then, but have come to seriously believe may be the crowbar used to justify the final descent into totalitarianism. That's how ludicrous this has all become.

Ooooooh. Somebody didn't watch adverts while downloading a crappy bit of Hollywood. Opiate of the masses, and now the latest excuse to storm your home with the most recent incarnation of the Gestapo.

That and Organic Farming, for equally preposterous reasons. A cat can NOT look at a king and you WILL eat toxic food.

-FL

Re:huh?

[LordLimecat]

Having a belief that copyright laws should be protected does not mean you think that their violations are "the most serius bit of public misbehavior a citizen can get up to". We have laws, you either follow them, or act to change them, or get punished through them. This is how society works.

I'm seeding it now

[Sean]

All versions I could find. Search TPB. And I'm not going to stop.

In response to the notice,

I downloaded a copy of it :D

Serious Stuff

[Fantastic+Lad]

We have laws, you either follow them, or act to change them, or get punished through them. This is how society works.

Yeah, if you believe the brochure version, which only exists on glossy paper in the sales office.

Each of the agencies (and Dick Cheney) mentioned in the post I was responding to are guilty of numerous MASSIVE law-breakings. While Cheney certainly "worked" to change some laws (ugh), for the most part they simply ignored law altogether. And they sure as heck haven't been punished. "Society" in your context basically means, "Plantation Rules for the Sunburned to Follow on Pain of Lash" or "Do As I Say, Not As I Do".

I mean, for crying out loud! --ECHELON basically sucks up information without permission on a much wider scale than any torrent system dispenses information, but hey, that's fine. National Security, right? (Better known as, "Population control so that the elite can keep their cushy positions up in the Big House and not have to fear the exploited masses.")

Anyway, my point was more an expression of amazement at the general irony I saw in the AC's comment. "Yes, yes all that other stuff, but THIS! This is a matter of copyright violation! THIS is a serious issue, sir! Sir!"

Fuck that. It IS a serious issue, but not in the ways it is being presented. After all the bullshit economic semantic posturing is swept aside from the surface, the meta argument, the stone upon which this whole war is being waged is this: "Free Thought" --Are we allowed to share knowledge openly or not?

It's about control of our minds. Free Will versus Slavery.

I know that sounds overly high and mighty, disconnected from "reality" to some people, like an evasion from the hard "here and now", but the "here and now" for such people is a total fabrication built on the brochure bullshit sold to them exactly by the people who are enslaving them. The economy is a giant lie designed to create a legion of debt slaves and a small number of obedient managers of debt slaves. That's all. Nothing more. I'm not even talking metaphorically; that's how it works. Money IS debt. And such people who buy into that scam, who believe in the hard "here and now" are already lost, fallen pawns, content to read their brochures while they are being raped and bled.

-FL