FBI failed to break the encryption code of hard drives seized by federal police

Discussion in 'privacy general' started by duk, Jun 26, 2010.

Thread Status:
Not open for further replies.
  1. duk

    duk Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    28
    Not even FBI was able to decrypt files of Daniel Dantas

    Hard drives were seized by the feds during Operation Satyagraha, in 2008.
    Information is protected by sophisticated encryption system.


    [Original Article] [slashdot.org]

    The FBI failed to break the encryption code of hard drives seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha. The operation began in July 2008. According to a report published on Friday (25) by the newspaper Folha de S. Paulo, after a year of unsuccessful attempts, the U.S. federal police returned the equipment to Brazil in April.

    According to the report, the fed only requested help from USA in early 2009, after experts from the National Institute of Criminology (INC) failed to decode the passwords on the hard drives. The government has no legal instrument to compel the manufacturer of the American encryption system or Dantas to give the access codes.

    The equipment will remain under the protection of the feds. INC expect that new research data or technology could help them break the security codes. Opportunity Group reported that the two programs used in the equipment are available online. One is called Truecrypt and is free. The programs were used due to suspected espionage.

    According to the report, the FBI and the INC used the same technology to try to break the password. It is a mechanism called a "dictionary" - a computer system that tests password combinations from known data and police information. Experts from the INC used this technique for five months, until December 2008, when the discs were sent to the United States.
     
  2. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    No surprise that TrueCrypt encryption held up.
    The larger question is why did the FBI release any information at all about their failure to "break" the encryption?
    Lots of conspiracy to toss around if you are so inclined.
     
  3. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    What was the second freely available program? I never found that detail.
     
  4. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343

    If anyone can break AES, Twofish, or Serpent it would be NSA, not the FBI. I happen to believe the story as told, as I doubt anyone on earth can break any of the three aforementioned ciphers.

    What I find funny about the reporting is they mention the government could, in theory, compel the software makers to "give up the keys." That's quite silly as I'm almost certain Truecrypt has no backdoor in it. And let us not forget that the Truecrypt developers are anonymous. No one knows who they are, thus how could the FBI approach them in the first place? Now, if this was some built-in Windows encryption, I might believe there was a master key. But not Truecrypt (which is open-source and available for anyone to look at the code).

    As for what the other program is, I am assuming it was PGP Desktop or something similar.
     
  5. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    I would concur that AES, Twofish, and Serpent are unbreakable using current technology.
    I also think the FBI doesn't "fear" encryption and in fact would like the "bad guys" to have more faith in it. Blindly trusting that your data is securely encrypted without actually understanding how encryption works leads to security errors.
    Simple passwords and unencrypted temp files come to mind.
    Then if the bad guys are careful there's always keyloggers and TEMPEST.
     
  6. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104
    My conspiracy-radar did "beep beep" upon reading this.
    Good luck gaining offline access through Truecrypt used as a FDE.
     
  7. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    This is no great surprise. I have told this story many times, but almost all police departments and District Attorney (prosecutors) offices have closets full of copies of encrypted volumes/drives they can't open. They are waiting for the day when they think technology will allow them to do so and they can reopen the case. They don't worry too much about these things for long periods of time unless they are for really serious crimes. In one American city, the prosecutors believe the evidence for murder is in an encrypted PGP volume. They have no other evidence, but believe all they need is on this computer. So, for now, it's a so-called, "Cold Case".
     
  8. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    That's pretty interesting and not surprising really. Do you work for a forensics firm?
     
  9. stap0510

    stap0510 Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    104
    Maybe he WAS one of the suspects. :D
    I kid, I kid.
     
  10. Sam Hell

    Sam Hell Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    44
    Location:
    my desk
    Anyone know off hand what version was in use in '08?

    Never mind, I found it at their site. Good day all.
     
    Last edited: Jul 7, 2010
  11. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    No. My thing is anti-forensics.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.