FBI Agent: Decrypting Data 'Fundamentally Alters' Evidence

Joseph Cox, reporting for Motherboard: An FBI agent has brought up an interesting question about the nature of digital evidence: Does decrypting encrypted data "fundamentally alter" it, therefore contaminating it as forensic evidence? According to a hearing transcript filed last week, FBI Special Agent Daniel Alfin suggested just that. The hearing was related to the agency's investigation into dark web child pornography site Playpen. In February 2015, the FBI briefly assumed control of Playpen and delivered its users a network investigative technique (NIT) -- or a piece of malware -- in an attempt to identify the site's visitors. [...] According to experts called by the defense in the affected case, the fact that the data was unencrypted means there is a chance that sensitive, identifying information of people who had not been convicted of a crime was being sent over the internet, and could have been manipulated. (Alfin paints this scenario as unlikely, saying that an attacker would have to know the IP address the FBI was using, have some sort of physical access to the suspect's computer to learn his MAC address, and other variables.)

Encryption != Integrity

[TechyImmigrant]

Can we please stop using 'encryption' when we mean 'integrity'. They are not the same thing.
TFS is arguing that integrity has been compromised by removing encryption. BS.

Re:Encryption != Integrity

Hillary Clinton has no encryption.

Re:Encryption != Integrity

[mysidia]

Right.... decrypting does NOT compromise Integrity; so long as the decryption key used is correct AND the decryption method used is the exact reverse of the method originally used to encrypt.

# ls myfile.encrypted
# Cat /usr/local/FBI_Files/Other_File_To_Plant > myfile.decrypted

Does not count as proper decryption. If the decryption algorithm is "Insert spurious data here", then in that case, Integrity is compromised.

Re:Encryption != Integrity

Can we please stop using 'encryption' when we mean 'integrity'. They are not the same thing.
TFS is arguing that integrity has been compromised by removing encryption. BS.

It's probably quite difficult for a layman to differentiate between cryptographic algorithms and what they actually are for. As in the difference between cryptographic hash function, asymmetric crypto and symmetric crypto. Not to mention how something like Diffie-Hellman functions.

It's not even all that easy to understand them as a software engineer, unless you spend quite a while with them. Personally, someone paid me to develop a functional obfuscated crypto core so I have a understanding of a few algorithms and the overall concepts. I also found out that there's some silly BS associated with obsfucated crypto and how stupid requirements for some systems are.

Re:Encryption != Integrity

It's probably quite difficult for a layman to differentiate between cryptographic algorithms and what they actually are for.

It's probably quite difficult for a non-layman too. How do you prove that the result of decryption is equivalent to the original text?

Imagine simple XOR encryption. If you allow a key-size that is the same size as the data length it is trivial to generate a key for each that when applied creates the same result.
If you try to brute force that encryption you will probably encounter a large amount of other legible texts before you encounter one of the two original texts.

Can you prove that this isn't possible with a more advanced encryption? Can you find someone who can prove it?

Re: Encryption != Integrity

Remember the big fuss over DVD keys, and DeCSS, that little bit of code that would unlock region specific DVDs. This bit of code was made illegal to own. Yet it could be reconstructed anywhere without any information being transferred simply by generating a particular prime number (the "forbidden prime number"), saving it as a binary file and then unzipping it. By sheer luck the unzip utility would skip over the unwanted bytes at the end of the file and reconstruct the source code.

Re:Encryption != Integrity

[shellster_dude]

You can prove that it is mathematical infeasible that your decryption, which is a valid file and displays a reasonable result, is NOT the one that the original user was expecting. That number, no matter how you arrive at it, is way, way less likely than a Fingerprint or DNA match being an accidental duplicate of an innocent person, so good luck making that argument to a jury...

Re:Encryption != Integrity

Erm, no.

Given an xor one-time pad algorithm, you can hand me a ciphertext and any arbitrary plaintext, reasonable-looking or otherwise, and I will hand you back the pad that will decrypt that ciphertext to the plaintext you provided.

In other words, given that algorithm, it is absolutely mathematically feasible for someone to say 'Here's the ciphertext and here's the key I used', while lying about it being the key they used, and have the ciphertext 'decrypt' to whatever reasonable-looking plaintext they want the jury to see.

Re:Encryption != Integrity

[rtb61]

Technically it does because from the human jurists point of view. Data goes into magic decryption box and data comes out of magic decryption box and the data is different, how different, hugely different, in fact so different one encrypted file could have gone and another completely different file could come out and not the decrypted other file, just a whole new file, one slipped into the magic decryption box. Likely to remain valid the encrypted file should be submitted and then decrypted with a open source decryption product on a clean box, so as to substantiate the source file was in fact decrypted and just not simply replaced with another file.

Re:Encryption != Integrity

[mysidia]

However, this is no justification for not encrypting.

After all, you can send ENCRYPTED FILE plus FINGERPRINT+MESSAGE DIGEST OF ORIGINAL DECRYPTED FILE digitally signed.

Then you can have your audience copy the message digest And the decrypted file, and satisfy themselves that the decrypted file has the same message digest as the one calculated and sent alongside the original encryption process, and then verify the digital signature.....

Re:Encryption != Integrity

[dwillden]

Actually they do have a point. The data is being changed, from the encrypted form to the cleartext form. The FBI then has to be able to prove that the decryption process did not change the actual content of everything decrypted. We can't just print out and read the encrypted data and see that the email in question actually said "I laundered $3 million dollars worth of hotel towels" rather than "I laundered $3 million dollars for the Russian Mafia". Granted it wouldn't exactly be easy to create a decryption process that would convert random but properly placed bits of text from innocent data to incriminating data without glaring errors.

The key to computer forensics is you have to prove you didn't change the data when you pulled it from the source hardware.

Re:Encryption != Integrity

[StikyPad]

True, but I see the point -- you still have to show that you've done that. You still have to show that the plaintext is, in fact, a result of the ciphertext when a transformation is applied using a given key and not just some plaintext that you've invented.

Re:Encryption != Integrity

[mysidia]

Technically it does because from the human jurists point of view. Data goes into magic decryption box and data comes out of magic decryption box and the data is different

Same deal with any lab test or forensic data extraction, even if the data is not encrypted.

You need multiple independent cryptoforensic experts or experts working for both defense and prosecution to Testify under oath that they've used the supplied/available keys to decrypt and/or extract the data, And the process used is sound.

Under penalty of perjury, they will confirm this is the decrypted version following all proper safeguards, using only the standard decryption algorithms, And they will fully disclose any level of uncertainty in the result of the process.......

Re:Encryption != Integrity

[TechyImmigrant]

>Given an xor one-time pad algorithm

You don't use OTPs for signing.
You don't use OTPs at all, they don't solve the key management problem.

Please keep up.

Re:Encryption != Integrity

[rtb61]

Under penalty of perjury, don't make me laugh, hah hah. There have been repeated and not a little but a huge incidence of perjury being committed by the authorities, exposed and with no prosecution, just a, tut, tut, don't get caught next time, tee, hee. They jury is bound by honour, oath and integrity to verify the validity of the information provided as best a possible. All evidence should be presented in a clear and unambiguous fashion, not a secret vouched for by vested interests. Yeah, sure they will bring back that drip under pressure (expert) should they testify in any other way than the way they have been paid to. Sorry but people paid to lie will lie and then who the fuck decides what is truth. Evidence needs to be presented in such a way that the jury can evaluate it and not just a person paid to ensure the prosecution wins the case, a selected drip under pressure and not an independent expert witness, with proof of independent 'opinion' and that proof should be replicable upon request by another independent expert.

Re:Encryption != Integrity

[TechyImmigrant]

I know what an OTP is. An OTP uses XOR. 'XOR' OTP is just a redundant way of saying OTP.
The context was TFA talking about undermining the integrity of evidence.

Encryption through an OTP or ECB, or CTR or CBC or any other privacy mode does not ensure integrity. There never was a question about that. Stating that you can undermine integrity of a non-integrity mode is tautological.

What is appropriate to require is second preimage resistance. The article really has someone arguing that the process of evidence doesn't have second preimage resistance. So the prosecutor can substitute an alternative plaintext and no one can tell.
 

"Special" Agent needs remedial forensics training

[thoromyr]

“[Had that data been encrypted,] It would still be valid, it still would have been accurate data; however, it would not have been as forensically sound as being able to turn over exactly what the government collected,” Alfin said.

Which is such utter BS its hard to credit. I figured the summary was just the usual flame bait, but unless the article is misquoting the agent that is pretty damning.

Hint: if the hash of the data before and after it is sent remains the same then that satisfies one of the requirements to being forensically sound (specifically, the data will be "accurate" -- unchanged since collection). Does the "special" agent think running it through an SSH tunnel would have altered the data? How about over a VPN connection? Does he not realize that the data was *shock* modified during transit (encapsulation at the very least, quite possibly encoded depending on the nature of the physical links along the way). What a moron.

By his reasoning all digital data is forensically unsound because spinning platters *encode* the data (hint, it isn't the bits and bytes you might think, longer story has to do with run length synchronization issues). And *encryption* is a particular means of *encoding*. So if encryption is "the bad" because it transforms data then all encodings are bad because they all inherently transform data.

No

[cdrudge]

Decrypting data doesn't alter evidence anymore than sequencing DNA evidence alters a blood sample, or sorting a bank transactions into deposits and withdrawls alters a bank statement used for evidence.

Re:No

[Austerity+Empowers]

Doesn't sequencing DNA alter the blood sample? I haven't done it for 20 years, but the original sample was destroyed after gel electrophoresis as an essential part of the process, the dna was literally broken down. Their lab is probably better than what I had in HS, but I think it they also destroy the sample.

Of course you don't use the whole blood sample, you take a bit out of it. But that also "damages" the evidence (in that there's less of it).

It seems like encryption is nothing like that, the original file is completely intact in every way. The question is whether the output is a legitimate decryption of the input. For example my "frameThisFucker.py" script takes the encrypted file, does absolutely nothing with it, and creates a directory of kiddie porn. Not all transformations are valid or useful. He is arguing that such transformations may have occurred outside the chain of evidence, essentially rendering the evidence useless.

Re:No

[myowntrueself]

Decrypting data doesn't alter evidence anymore than sequencing DNA evidence alters a blood sample, or sorting a bank transactions into deposits and withdrawls alters a bank statement used for evidence.

A friend and I once toyed with the concept of software which would 'decrypt' anything you gave it into porn.

Re:No

[PCM2]

On a semi-related note, during the "Zip wars" in the early 90s there was a fake file compression program circulating called NaBoB that claimed to use some sort of quantum compression techniques (all compression algorithms named after quarks) to cause your files to hit "the singularity," where every archive would be reduced to a single byte in size.

Naturally, all it really did was rename your files, hide them, and write a one-byte "archive file" in their places. When you "decompressed" the archive, the full-size files would be restored. Miraculous!

Re:No

[JustAnotherOldGuy]

Naturally, all it really did was rename your files, hide them, and write a one-byte "archive file" in their places.

Lol, just tell people that you have to ship a "manifest" with the 1-byte file, with the "manifest" being coincidentally the same size as the original zipped file. :)

Re:No

[gweihir]

It does. And it is glaringly obvious that it does: The decrypted data has entropy lower by at least the entropy in the encryption key and that entropy was distributed over the bits of the encrypted data. As such, it is fundamentally different. Some basic understanding of what encryption does is required to see this though.

Dumb Criminal

[Tablizer]

What kind of dumbass criminal names a kiddy-porn site "PlayPen"? Call it say "Windows10" or "Zune", then no cop will touch it.

Misleading heading and summary

[Registered+Coward+v2]

The agent didn't say it invalidated forensic evidence just that it wasn't quite as forensically solid but not exactly what was collected:

Had that data been encrypted, “It would still be valid, it still would have been accurate data; however, it would not have been as forensically sound as being able to turn over exactly what the government collected,” Alfin said.

Re:Misleading heading and summary

[fermion]

I think as we require more scientific validity in police work, we see that some of the old assumptions are false. For instance genetics was seen as a sufficient indicator of guilt, but if we apply mathematics we see that it can only be used to prove innocence. This lead us back to question fingerprints and other things. Many of these are good investigative tools, to indentify suspects, create leads, and as part of a package of evidence that can be used to establish guilt.

On the other hand I think it is proper to question if encrypted evidence that was somehow returned to plain text should on it's own establish guilt.

Re: Misleading heading and summary

[ZeroWaiteState]

The government made several absurd arguments in that particular case, of which the "altering" argument was only one. It's sad, because Playpen deserved to be destroyed, not used as a civil liberties test case.

There is a point to be made here

[LichtSpektren]

Suppose the FBI* wanted to present evidence against me in court, which allegedly I transmitted over HTTP, telnet, SSL, or some other insecure protocol. Could I not validly say that the message was forged by a man-in-the-middle? Afterall, it's the digital equivalent of a postcard or billboard posting that's very easily tampered with and forged.

It seems as though the FBI should be cheering for encrypted transmission by default; it means the evidence they collect is (more provably, at least) genuine.


* Let's assume they have a valid and proper warrant here, which usually isn't the case, but let's keep this simple.

Re:There is a point to be made here

[PCM2]

Suppose the FBI* wanted to present evidence against me in court, which allegedly I transmitted over HTTP, telnet, SSL, or some other insecure protocol. Could I not validly say that the message was forged by a man-in-the-middle?

You could say that, but a prosecutor only needs to prove that it was you who transmitted that message "beyond a reasonable doubt." You would be innocent until proven guilty, but "the dog ate my homework" is a pretty weak defense.

Re: There is a point to be made here

[ZeroWaiteState]

Basically, they're still figuring out the hacking thing, and made some amateurish mistakes. In their attempt to secure a conviction, they're trying to retcon some of the stupid things they did into an established law enforcement practice.

Re:There is a point to be made here

[chuckugly]

Sort of seems like the cyber version of an evidence chain of custody issue to me.

Re:There is a point to be made here

[computational+super]

HTTP, telnet, SSL, or some other insecure protocol. Could I not validly say that the message was forged by a man-in-the-middle?

In the interest of pedantry, SSL is not insecure - or rather, it's the only effective defense we have against man-in-the-middle attacks. You also can't actually "transmit" over SSL; SSL just turns an insecure connection into a secure one. You have to do the actual transmitting over a higher-level protocol, like HTTP.

Re:There is a point to be made here

Well no, that's where the defense comes in.
Take letters, for example.

If there's no guarantee your mail will retain its integrity (unencrypted and unsecure), one can easily claim that the letter was opened and incriminating evidence planted. This is why opening mail that does not belong to you is a criminal offense: To help slightly reduce the chance that your data is deliberately mishandled in this way. Every 'hand' (or server, service, database, whatever) your letter (data) went through with no encryption or guarantee of protections whatsoever, could change something.

So, by the time the birthday card for little timmy with 100$ in it got to its destination, the money was removed by a disgruntled worker, the card changed for an application letter to ISIS by that FBI agent whose daughter you broke up with, the destination changed for somewhere in Syria and your return address changed for a warehouse full of childporn VHS.

It was you who transmitted that message, beyond any reasonable doubt.
But it hasn't been your message ever since.

Re:There is a point to be made here

[medv4380]

Yes, but said evidence results in a warrant to search your computer physically. If you then possess the Child Porn then ether you've been setup by a master which you're screwed, or you're probably guilty which you're also screwed.

Re:There is a point to be made here

[DarkOx]

SSL is insecure, all versions of the SSL protocol have serious vulnerabilities, you really need to be using TLS.

Re:There is a point to be made here

[PCM2]

Not this juror. You'd still have to explain to me who conducted the original attack, why, and when -- the latter being the most crucial. If you can't prove when it happened then there's little evidence it happened.

Re:There is a point to be made here

[guruevi]

Worked for Clinton on her espionage charges.

Re:There is a point to be made here

[PCM2]

Mmmmmm, no, my message for Timmy was "Happy Birthday" and $100. If Timmy got an application letter to ISIS then I most definitely did not transmit that message. A transmission took place and Timmy received a message; just not one from me.

I understand that you're trying to explain how a MITM attack works. I'm more trying to explain how evidence works in criminal trials. Just because a message exists doesn't mean I wrote it. You would have to prove that ... not just that an envelope left my mailbox and ended up in Timmy's. For starters, the mere fact that there was $100 in the envelope helps establish motive for someone to want to tamper with it. But you say, "Prove you put $100 in there. Where is it?" But as I am the defendant, the burden of proof is yours, not mine. And it would make sense to any reasonable juror that if I say I sent Timmy a birthday card, I probably did. Even more so if I can produce a receipt from the Hallmark store near my house from three days before the letter was sent. Where's the evidence that I sent something else? What would be my motive?

Re:There is a point to be made here

[computational+super]

Wow, you out-pedantic'ed me. You are correct.

hes not *technically* wrong.

[nimbius]

during brute force attacks, sequential reads from disk into RAM contribute to the overall MTBF and MTTF statistics for the hardware. depending on how old the disk is and how complex the encryption, you could very well end up with a nontrivial number of missing sectors and potentially corrupted data on the disk just from thrashing it for personal gain. depending on the encryption, any writes will also contribute to things like SSD write life...controller actifity like purging deletes or any other administrativa undertaken by the OS as part of housekeeping are also nontrivial during long running attempts to crack asymmetric cryptography.

Re:hes not *technically* wrong.

[Fallen+Kell]

during brute force attacks, sequential reads from disk into RAM contribute to the overall MTBF and MTTF statistics for the hardware. depending on how old the disk is and how complex the encryption, you could very well end up with a nontrivial number of missing sectors and potentially corrupted data on the disk just from thrashing it for personal gain. depending on the encryption, any writes will also contribute to things like SSD write life

Except they don't run the brute force attack on the physical hardware that they confiscated in a search. The very first thing that is done is that the disks are cloned. Copies of the cloned disk image are then used in any attempt to brute force passwords or encryption keys.

Re: THIS case?

You can't pick them like that - you have to use the case that raises the question most directly. And it's always the degenerate undesirables that are used to expand police powers to the detriment of civil society.

Re:"Special" Agent needs remedial forensics traini

[Solandri]

Hint: if the hash of the data before and after it is sent remains the same then that satisfies one of the requirements to being forensically sound

If the data is sent as cleartext, it becomes much, much easier for an attacker to alter the cleartext into a different form which contains a plausible message yet generates the same hash. There's an entire branch of cryptography dedicated to these types of attacks.

If it's transmitted while encrypted, the attacker (assuming he can't break the encryption) has no way to verify that his altered ciphertext which generates the same hash still decrypts into a cleartext message which makes any sense in the context of the original cleartext, much less has been altered to his liking.

While it's not required that this sort of data be encrypted before transmission, it is prudent to do so whenever possible. It drops the chances that the data has been forensically compromised from very small to vanishingly small (it is easier for the attacker to break your encryption).

FBI was talking out of it's ass.

[gurps_npc]

They had access to personal, private information, they should have encrypted it.

Encrypting it does not fundamentally alter it, anymore than making taking a shirt and folding it so that it fits inside an evidence bag fundamentally alters it.

Should they be punished for doing so? Yes. But it should not invalidate their case. Fine them $100 per suspect, and let the evidence in to court.

Re:"Special" Agent needs remedial forensics traini

Not necessarily disagreeing with you here, but after reading the article I could see something to the FBI's arguments.

My understanding is that in this case, the FBI took over Playpen. Let's say that you go to visit Playpen. The FBI has an encrypted record of your visit, which only it has the keys to. How can you counter the evidence supplied by the FBI? What if the FBI's "encryption" method actually spits out false data?

Not the same, and basically not any different from the FBI falsifying evidence, which has nothing to do with encryption. However, I could see, in a very vague sense, there being some legitimate legal questions about whether or the FBI encrypting something taints evidence, because they *have done something to the evidence.*

Someone else brought up the example of DNA sequencing--whether sequencing DNA alters the blood. That's different, because the original specimen is still there. With communication, everything is a copy. It's like the FBI making a copy and storing that.

Anyway, I share your general skepticism of the argument, but also think the FBI's position isn't totally ill-founded. It seems like they were trying to anticipate a nontrivial legal counter-argument that might apply to a slightly different situation.

The Road can change The Traveler

[Pitawg]

If the data is not encrypted, a middle man could have changed it prior to arriving back at FBI headquarters. (Doesn't everyone have a network appliance watching all traffic leaving home to scrub MAC addresses and more in plain text of packets leaving? Red lights? Klaxons? "You have ID data trying to Breach!!" )

It had me wondering on a tangent.... If Stingray's in use, and one of the methods it uses to snoop is to scream louder and force phones to revert to older, not so encrypted communication protocols, how many cell conversations/transactions does that open up for anyone listening in the same area while they spy on one of the thousand phones?

Re:The Road can change The Traveler

[Pitawg]

And all this is moot. Since no privacy can be had on a network connected computer where all can/will be hacked, this also means anything on the networked computer cannot be connected to only the owners/operators. They killed computer evidence in their child preditor descision.

"If I cannot keep LEO off my machine, LEO put the pictures there, or looked after the other Hackers put it there with the same exploit LEO used!"

Re:"Special" Agent needs remedial forensics traini

[thoromyr]

To be properly forensic the data should be hashed on the source machine and the hash verified on the destination. Not doing so is a failure in due diligence and introduces an implicit logical gap in the chain of custody. Now, the reality is that the obligation lies with the defense that something happened causing the data to be altered. And it sounds like they are trying to go that route. It just isn't a realistic defense (meaning it has about a snowball's chance of succeeding).

The real reason for encryption isn't an attempt to ensure the data is not altered, it is to prevent it from being exposed. Any system that is logging/recording what goes through it (hello, NSA) can capture the plain text. Encryption is to provide confidentiality, not integrity.

Re: Maybe it de-alters it.

And thats what most people who dont understand encryption would say. Unfortunately you completely mis understand the mechanisms being used and a binary blob can decrypt to multiple different data sets depending on key and method. Its pretty much impossible to deduce after decryption whether the result is the same as the original or if the result is alternative output.

You can get a binary blob to decrypt to pretty much anything you want by being inventive with keys and algos. Like you, courts have a hard time understanding whats going on.

Re:"Special" Agent needs remedial forensics traini

[thoromyr]

Sorry, I didn't read your whole post so my answer is incomplete. While collisions can be generated, for even semi-modern hashes they involve more than just data changes (e.g., the size of the data is changed as well). A digital chain of custody will record both the hash and the size in bytes. And that does not alter the fact that the burden of proof lies with the defense when making allegations of alteration. That is, the allegations must be specific -- not just a general hand waving that "something could have happened". There is a presumption that evidence has not been tampered with. Breaks in chain of custody are not uncommon and normally have no impact on proceedings other than some additional testimony.

Furthermore, hash collisions are not considered to be an issue by the courts. Fingerprints have a far far greater risk of collision (or simply misidentification) than say md5 and law enforcement has done an effective job of convincing the courts that *fingerprints* are unassailable evidence and now with hashing being vastly better it is considered completely irrefutable.

Again, the purpose of encryption is to protect confidentiality, not provide integrity. While it may have some impact in that regard it is a side effect. Integrity measures (such as documenting the chain of custody, hashing evidence on collection, etc.) are what provide that.

Not realistic

[EndlessNameless]

No one uses one-time pads.

I get that cryptonerds find it fascinating, but in the real world everyone is using AES unless they have legacy crap to support.

Some people may use Serpent or Twofish if they distrust AES, but the result is the same. "Decrypting" any real system with a custom key like that is just not going to happen.

Umm...

[fuzzyfuzzyfungus]

I'm confused by the issue here:

Yes, it is definitely true that digital forensics requires care to not munge the evidence and preserve its integrity; and that gets a lot harder if you are actively attacking a remote host that multiple other people have access to and can potentially also be altering, rather than just shoving an HDD into a write blocker and reading it back; but I'm unclear on why that relates to encryption.

Basically nothing you 'find' on a computer is actually meaningful without a layer of software interpretation(or, for simple formats, one skilled in the art running the algorithm in their head). Why is applying a decryption algorithm to an encrypted file different than, say, trusting an NTFS implementation to accurately take a partition full of meaningless garbage and present you with a filesystem; or a JPEG implementation to tell you whether a given sequence of bits is kiddie porn or not?

It is true that if encryption happens to be what turns a 'seize the server, grab images of the drives' investigation into a 'hack the server in an unknown location, malware the data out on the fly' investigation then, in a weak sense, I suppose that 'encryption' has complicated the investigation; but aside from that it doesn't seem any different than the usual problems with attribution of files, interpretation of formats, and so on.

Re:"Special" Agent needs remedial forensics traini

[ultranova]

If the data is sent as cleartext, it becomes much, much easier for an attacker to alter the cleartext into a different form which contains a plausible message yet generates the same hash. There's an entire branch of cryptography dedicated to these types of attacks.

How many different plausible messages that indicate you're into child porn are there? Much less than possible hashes? Because one of them has to have the same hash as the original message for this attack to be even possible.

Re:"Special" Agent needs remedial forensics traini

[guruevi]

This seems to be a case of a re-explanation of what a tech told him. The 3rd party techs don't hold as much credential in a court as a "special agent" so the agent is in court trying to explain what happened. From the summary I can only establish that in order to "catch" a suspect they inserted a MITM that altered the data so it became identifiable (eg adding the string &FBISUSP=001 to every HTTP query or even every packet) - that allowed them to not touch the servers (maintaining the forensic credibility of the server so they can pursue the operators) and simultaneously see what the person is accessing/traversing in logs and across computers and routers they controlled or even on a suspects computer but in doing so they altered the streams both in and outgoing which could be construed as tampering with the evidence because now every packet has the FBI fingerprints on them and those could've alter the original flow of data (eg it could be argued that the string could cause the servers to return child porn instead of fluffy kittens). Additionally mangling of packets may filter out those spurious strings which would've been avoided by inserting the strings in the encrypted stream instead of out of it (or in a plain text stream).

Re: Maybe it de-alters it.

[Plumpaquatsch]

And thats what most people who dont understand encryption would say. Unfortunately you completely mis understand the mechanisms being used and a binary blob can decrypt to multiple different data sets depending on key and method. Its pretty much impossible to deduce after decryption whether the result is the same as the original or if the result is alternative output.

You can get a binary blob to decrypt to pretty much anything you want by being inventive with keys and algos. Like you, courts have a hard time understanding whats going on.

Just like you can decrypt the encoded contents of a bookie's notebook to frame anyone you like as a bettor.

Re:"Special" Agent needs remedial forensics traini

[Plumpaquatsch]

Not necessarily disagreeing with you here, but after reading the article I could see something to the FBI's arguments.

My understanding is that in this case, the FBI took over Playpen. Let's say that you go to visit Playpen. The FBI has an encrypted record of your visit, which only it has the keys to. How can you counter the evidence supplied by the FBI? What if the FBI's "encryption" method actually spits out false data?

Wouldn't it be easier to just store a completely made up unencrypted record of your visit instead?

Re: THIS case?

[dwillden]

And it's the same degenerate undesirables who fight back on their convictions who establish what protections we do have. Miranda for example was a real scumbag, but his appeal on being interrogated without knowing his rights established the Miranda warnings we can all quote from TV. And incidentally shortly after winning his landmark case that upstanding citizen was stabbed to death in a bar fight.

Re:"Special" Agent needs remedial forensics traini

[cryptizard]

If it is up the FBI then they just use uhh... not MD5. No collisions have ever been found in SHA-1, let alone SHA-256, SHA-512 or SHA-3.

Bad article

[jgoemat]

The article doesn't seem to be about them DEcrypting data, but sending UNencrypted data over the internet that could have been altered en-route to where they collected it. Seems like they had gotten users to install malware and send back (unencrypted) data to the FBI to identify them. The point brought up is that someone else could alter that data en-route to make it seem l ike some innocent (they say "unconvicted" but wouldn't all of the suspects be "unconvicted" before trial?) person may have been involved. Seems like the article was written by someone with little knowledge of computers, the legal system, or the English language.

Re:"Special" Agent needs remedial forensics traini

[jgoemat]

The problem is that the FBI wouldn't want to turn over their private decryption keys and algorithms. "forensically sound" means you can turn over exact details, like mentioned in the transcript they can turn over the exact bit stream received by the FBI, and the defense experts can compile the source code used and run the program on the defendants computer and see that it produces the same exact data. If the FBI turned over an encrypted bit stream of data and not the decryption keys, there would be no link the the unencrypted evidence the FBI wanted to show in court, hence it wouldn't be as forensically sound.

Decrypting Alters stuff

[allo]

Lets assume the most easy encryption, a one time pad for xor encryption.

Now i encrypted something with a block of random data.
I now take your result and xor it with gplv2.txt. Then i store the resulting file as key.xor.
When you find key.xor, you can confirm, the encrypted data was gplv2.txt
When you find the real random key, you get the sensitive data.

If the result is data a, data b or total garbage only depends on the key. For aes the same, every key can decrypt stuff, but only the right one gets the data you want. Most others get random data, though. But prove, that i did not encrypt random data the first time.