Slashdot Mirror

← Back to Stories (view on slashdot.org)

DoD Computer Forensics Lab to use Beowulf

Posted by Hemos on from the beowulf-clustering-for-everyone dept.

Doran writes "The U.S. Dept. of Defense is showing off its new $15,000,000 Computer Forensics Lab and it looks like they'll be using a Beowulf cluster to gleen as much info as possible from the computers they confiscate. Here is the story from Nando. An interesting aside is that they seem to be using Clinton's 'approval' last week to allow sale of more powerful encryption software as a justification to ask for $80,000,000 more for the Center. " Beowulf cluster mentioned, but not Linux, oddly enough.

16 of 86 comments (clear)

  1. Homepage for Lab by Anonymous Coward · · Score: 2

    Here is the lab's homepage. Their printed literature has a picture of the Beowulf cluster. I believe it runs Redhat 5.2 with Beowulf kernel mods.

  2. Good questions! by Paul+Crowley · · Score: 2

    1) Yes, the data is encrypted.

    2) The space with your "extra" data in it looks exactly like free space. Ths means that for normal use mounting the drive read-write, you have to use your most secret passphrase or you'll trash some of your "extra" data.

    The site appears to be back up.
    --

    --
    Xenu loves you!
  3. Some questions! by planet_hoth · · Score: 2

    I couldn't get through to your site, it appears to be slashdotted. (go figure!) Anyway I have a few questions...

    What would keep someone from confiscating your drive, dd'ing the whole thing to their own system and reading through it at their leisure with a hex editor? Is the hidden data encrypted in some manner?

    Also, couldn't the bad guys just take a look at the capacity of the drive, subtract how much space they had access to and calculate the amount of data still hidden to them. They wouldn't know *what* was still hidden, but they'd know it was there, right?

    PS: You probably have really obvious answers for these questions, but your site was /.ed, so I couldn't rtfm, remember!

    --

  4. An Interesting Tangent by Adrian+Harvey · · Score: 2

    An interesting tangential point (well, not open source related) is how all the other neat stuff in the lab works, and how you would go about making things *really* unrecoverable... There is an interesting paper on the subject available form Auckland university. Worth a read.

  5. Re:Maybe Linux not mentioned b/c it's not Linux by Apuleius · · Score: 2

    Time to be pedantic: Beowulfs are defined as running on open source software. Piles of PC's, on the other hand, might run other OS's.

    See beowulf.org

  6. Re:My question is.... by D3TH · · Score: 2

    Used to work there. As far as your other question, I can't speak for the guys at fort meade, but the DOD lab has a very good relationship with most of the other intelligence and law-enforcement agencies. You are correct that there have historically been some problems between different agencies, but that has generally been a question of personality conflict rather than true interagency problems. As far as I know, because the charters are so different for the DOD and the other agencies, there is very little duplication of effort. In fact, the main reason for the DOD lab in the first place was to centralize this type of capability in one place rather than duplicating it for each branch of the service, which was the previous way of doing things.

    --
    ---
  7. or use encryption by Wah · · Score: 2

    "Although Ferguson and others declined to discuss specific cases already under way, they described as rare those involving encrypted files. "

    Good scramblers make data recovery in a reasonable amount of time unworkable. They might be able to break it if you only keep the good stuff hidden, but if you keep 2-3 gb of mp3s and text files that say "haw-haw"(Nelson laugh) in the same directory, well, Time rears its everpresent head and they don't get evidence till your bones rot in the ground.

    Why do you think the FBI/CIA/NSA fought so hard to keep encryption under conrol?

    --
    +&x
  8. Hmm. by Kitsune+Sushi · · Score: 2

    I believe there is a mild difference between "more powerful encryption software" and "powerful encryption software". Of course, every part of the U.S. government will use just about any excuse to get more funding, from what I've noticed. What do you expect from the same country where members of Congress decide upon their own salary? Ugh.

    --

    ~ Kish

  9. Actually.. by Kitsune+Sushi · · Score: 2

    Most corporate business works the same way. It's a method to avoid wasting money.. For example, say you're the manager of a bakery in a grocery store, and corporate gives you the numbers you have to conform to in order to stay "within budget".. You have to meet goals for sales, profit margin, and labor. Say your corporate man wants you to stay under 20% labor (just an example), and the first quarter you end at around 19.96% or something. You made it, but just barely. This encourages your corporate man to keep the goal the same (go over your goal.. bad things happen). You end the next quarter with 18%, however, and your corporate man thinks you have become "more efficient", and he could better deploy that money elsewhere. Hence, next quarter your goal is, you guessed it, 18%.

    Not to say that this kind of mentality is necessarily all that intelligent (the people who decide the budgets other people should conform to rarely have /any/ experience doing the job of the people they are slapping these "goals" with, but hey.. that's life), but it's certainly not all that uncommon, and definitely not restricted to the government hive-mind. :)

    --

    ~ Kish

  10. Why am I reading this..? by Kitsune+Sushi · · Score: 2

    So far I have concocted a couple of theories: 1) this is such a well-crafted troll that only one moderator has thus far noticed.. the others got suckered in or 2) there is an anti-Linux conspiracy at work.. I suspect the latter. Ha!

    At any rate, could someone please define for me "the big time"? I remember reading an article not too long ago mentioning that Linux is now being deployed to monitor the phone lines in /two whole states/ in order to make sure they stay up and all that (by the phone company, of course..), and that they have a couple of "hot boxes" (their words, not mine) "just in case".. but that they've never had to use them. This seems a /little/ like "the big time" to me. Anyone care to disagree? Or are your phone lines just not a big deal anymore?

    Yes, I forgot the silly link to the article. It was called "Linux Babysits Phone Lines" or something like that. I think I saw it on Linux.com, though I could be entirely mistaken (if I saw it on Slashdot, like I said, I forgot where I saw it, so leave me alone :). If anyone cares to post the link, it might prove.. helpful.

    As far as spokespeople getting terminology wrong.. They /still/ call crackers the one name they certainly do /not/ deserve. If they get anything else wrong on top of that, I won't be too damn surprised, if you know what I mean.

    Let's see.. "Linux minions".. Yup, definitely a conspiracy..

    --

    ~ Kish

  11. Um, ok.. :) by Kitsune+Sushi · · Score: 2

    Well, obviously. My point being that the grand majority of people who sit on here long enough to get moderator access probably don't run Windows (at least not as their OS of choice :).

    I was suggesting conspirators of a different brand.. Ones who run an OS comporable to Linux, not one that is more popular with the average end-user (guess which..?).

    --

    ~ Kish

  12. Maybe Linux not mentioned b/c it's not Linux by Communomancer · · Score: 3

    As much as I love Linux, I hate to be the one to have to point this out, but the "reason" Linux may not be mentioned is that Linux may not actually be used.

    Beowulf is an OS-independent architecture; PVM and MPI, for example, both run on multiple OSes (even including Win32, IIRC). Now, I'm sure that it's probably running on some form of Unix, but it could just as well be FreeBSD or Solaris as Linux.

    Just thought I'd clarify the point a bit.

    --
    "UNIX" is never having to say you're sorry.
  13. Re:My question is.... by D3TH · · Score: 3

    You need to read the article a little better. This lab isn't just about cut up floppies..... It's a complete digital evidence handling facility. You might be amazed if you knew how much a blood evidence processing facility costs to stand up, for example. I am intimatly familiar with the lab, and know that the money being spent is being put to "good use". The technique for disk-splicing was originally developed to successfully prosecute a murderer. And besides the script kiddies which have been taken out of action, there are a large number of pedophiles, rapists, spies, and just about every other type of criminal you can think of that has been taken down with the help of the lab (which has been in operation (and using Linux) for over 4 years). And yes, the cluster runs Linux.

    --
    ---
  14. Re:My question is.... by Zoltar · · Score: 3

    You are correct, I'm sure they are thinking about many other things other than going after gangs of skript kiddies, but this is probably what John Q. Public wants to hear. I would guess they are concerned with international cyber-warfare as much as anything, but they don't want to scare the un-informed public so they say stuff like:

    "We have a multi-milllion dollar computer center to rid the country from crackers to make sure you can safely buy books from Amazon.com" And the public reads that and feels good about everything.

    OTOH, if they said:

    "We are terrified that a third world country could initiate a form of cyber-warfare on us and wreak havok with our computers and we really don't know what to do, so we are building this multi-million dollar computer center to try to combat that and hopefully drive some competent people to come to work for the government...etc"

    Well...you get the idea..They tell us what they think we want to hear, but I also think they can use this for recruiting purposes to get quality computer hackers to come to work for uncle sam. (Which is not a bad thing)

  15. No surprise. by Apuleius · · Score: 4

    It's not just cracking codes. If you have to find files containing evidence somewhere amidst all those MP3's, those clock cycles running grep and find begin to add up.

    Also, if you're scanning someone's drive for illegal images, it helps to automate a process so a human being doesn't have to mark which are illegal and which are netscape-cached Slashdot icons, for example.

    Finally, in case of a nuked drive, it's useful to the feds to be able to dd if=confiscated-drive of=beowulf and then let it chug along.

    And all of that beats this situation:

    NYT article that says law enforcement agencies routinely seize hundreds of thousands of dollars worth of computers and hard drives as evidence, but have so few computer experts that confiscated equipment can gather dust for months or years until someone decides whether or not they contain criminal information.

  16. If you really want to hide stuff from the Feds... by Paul+Crowley · · Score: 5

    ...you'll need plausible deniability. In other words, you'll need the Steganographic File System just released for Linux. It provides a uniquely powerful form of information hiding: you can type in a passphrase that reveals a certain amount of the disk, and there's no way of telling whether there are other, deeper passphrases that would reveal more. This means that there's no legal duress that can force you to reveal your most secret data.

    However, if the attacker is using rubber hose cryptanalysis, it means there's nothing you can do to convince them, once and for all, that the passphrase you've given them is the real, true, final passphrase. Could be painful...
    --

    --
    Xenu loves you!