Suspect Ordered to Decrypt His Own Data

Discussion in 'privacy problems' started by mat4242, May 29, 2013.

Thread Status:
Not open for further replies.
  1. mat4242

    mat4242 Registered Member

    Joined:
    May 29, 2013
    Posts:
    2
    Location:
    Netherlands
    http://www.wired.com/threatlevel/2013/05/decryption-order/

    First off, child pornography is a disgusting crime and anyone involved in the production or distribution of this type of material is not only a worthless human being, but should be rotting away in jail.

    With the above said, this case has far reaching implications for any US Citizen who uses Hard Drive encryption to protect sensitive or personal information.

    If you haven't already read it, here is a link to the court order demanding that this idiot decrypt his own data:

    http://www.wired.com/images_blogs/threatlevel/2013/04/fedswantdecryption.pdf

    Any competent individual would just simply say they forgot the password(s) during the course and stress of the trial.

    I do find it interesting on page 4 (first continuous paragraph) where the prosecution states that the FBI CART and CEAU divisions were UNABLE to break the encryption.

    However, I do find it interesting on Page 5 where the prosecution states that "important data may be lost during attempts to break encryption for a number of reasons. Some high security encryption protocols, such as those the FBI believes Mr. Feldman has employed, automatically lock up, erase stored data or even render themselves non-functional if too many incorrect guesses are made at the password."... Unless the encryption uses a mil-spec format procedure, the so called "erased data" would be recoverable and what FBI guy is going to let a hard drive sit in it's originating computer where the "encryption program" is potentially going to have access to run a wipe program (which takes HOURS to complete). I don't believe there exists any form of stand-alone encryption tool that can wipe a drive while it's been physically removed from its originating computer (feel free to correct me if I am wrong).

    Page 6 goes into more detail defining this data destruction technique as the basis for requiring this guy to decrypt his data. Personally, I'm a long-time user of TrueCrypt and there exists no means by which this can be reliably performed. Truecrypt containers (on a stand-alone USB HD, for example) are passive and I'm unaware how any encryption program could run on a stand-alone drive to render the data useless or non-functional. Correct me if I'm wrong, but the whole basis for the Government's argument is just nonsense..

    On page 17, you'll notice at the bottom it states that this dudes Laptop (storage device "a") was NOT encrypted. Let this be a lesson to anyone who utilizes encryption - if you are going to encrypt a few of your HD's - then you should probably encrypt ALL of your hard drives. It seems they pulled some peer-to-peer usage logs (eMule) from his unencrypted laptop and are using this as evidence to warrant the decryption of his encrypted portable HD's... TrueCrypt whole disk encryption is your friend - unless you are a pedophile. :)

    Page 18, bullet item 17 demonstrates how incompetent and lacking in knowledge the Prosecution really is.... Confusing encryption software that will "destroy your data after too many bad passwords are entered", with a manufacturing warning that "if you forget your password you'll loose your data" is freaking comical!! And these idiots get to decide the fate of our privacy rights and make/change judgments and/or laws concerning them.. Very frustrating. I guess the take-away from this paragraph is that the FBI doesn't have a back-door method for decryption of Western Digital SmartWare encryption Software. Regardless, I will still use TrueCrypt. ;-)

    Page 20 describes just how sick and twisted this guy really is... Personally, I hope this idiot goes to jail and gets ~ Snipped as per TOS ~ every day of his sentence.

    My hope is that everyday normal (ideally non-pedophiles) won't be forced (by precedence of this case) to supply their data encryption passwords under suspicion of wrong-doing while in or attempting to enter the US (or any country for that matter).
     
    Last edited by a moderator: May 29, 2013
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    All of his drives used hardware-based encryption.

    The Maxtor BlackArmor drives use hardware-based encryption. The particular MyBook drives he used also utilize hardware-based encryption. The FBI report talks of the self-destruct, self-erase mechanism being a hurdle. Again, that's only a problem with hardware-based encryption.

    http://computersciencelabs.blogspot.com/2010/11/256-bit-based-hardware-encryption-on-wd.html

    http://www.seagate.com/about/newsroom/press-releases/lock-it-up/

    I understand the disgust at what's being kept secret. But that's not the point here.

    Also, notice that the forensics team pulled up all the external devices and file names because of shellbags.
     
    Last edited: May 29, 2013
  3. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Don't we have a Hardware .vs Software thread here somewhere? :D

    What drive did they decrypt? A Black Armor?

    Somebody got to the Judge, IMO. Maybe not, the decryption of one drive may be a legit tactic, I don't know...we need the Supreme Court to decide something on this subject. You can make it so that you *can't* decrypt your own data.

    PD
     
    Last edited: May 30, 2013
  4. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    It would be ridiculous to NOT point out in this thread what was used. The fact that it involves something in another thread has nothing to do with it.

    It's a simple court order that doesn't mean a thing. You appeal and it will get struck down like all the other similar cases on 5th amendment grounds. It's just a pressure tactic.

    I'm having to hold back my feelings on the actual details of the case because it's revolting. But the legal principles involved are very important.

    `
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I was curious to find out more about the feds efforts. So i got the PDF. I was surprised at these statements.

    jf.png

    We don't know how many wipes he used, or the method/software, but it "seems" to have worked. The PW's recovered from the unencrypted areas, appear to be in regular characters. Unless he used more sofisticated ones for the encrypted drives etc, i would have thought that 8 - 10 weeks was more than enough time to decrypt them. Especially with the tools etc at their disposal ?

    Also from what i've read about other cases in the past, forensics are supposed to clone the original media, & then analyise etc them. The PDF sounds like were analyising the original media ?

    Wonder how this will pan out ?

    It's only fairly recently that a lot of us on here have been made aware of SB's. And this proves how invaluable they "can" to forensics/snoopers etc.

    I missed that ! It's strange he would use a less strong PW on one ?
     
  6. mat4242

    mat4242 Registered Member

    Joined:
    May 29, 2013
    Posts:
    2
    Location:
    Netherlands
    Ok, clearly I needed to better understand Hardware Encryption. o_O Although I have a couple SSDs that have that ability, I always figured the manufacturers imposed a Government required backdoor and thus personally have always gone with open-source software based encryption utilities.

    After reading up on Hardware encryption, isn't this precisely a feature whereby you can NOT clone the drive and perform analysis?
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Ahh, your'e probably right :thumb: But one of the drives was a USB, so that "might" be different ?
     
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    No, you absolutely cannot clone (image) a drive with hardware encryption. The processor is actually embedded (potted) within the casing of the external drives. All encryption is handled on the device. Any tampering of the area around the chip will result in an auto-erase. The cryptoprocessor and the encrypted data are married. Can't have one without the other.

    A discovered backdoor would ruin the enterprise business for these manufacturers. Not to mention they clearly state there are no backdoors. For any company to deploy these and find out there is a backdoor would be grounds for fraud suits against the manufacturer.
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Shellbags are another reason for WDE and especially a hidden OS to boot.

    Windows makes it impossible to conceal your tracks if an adversary gets "hands" on the OS itself.
     
  10. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    For the record, my pointing out the other thread, had nothing to do with the relevance of this one. I wrote that, because I originally thought they got into a hardware encrypted drive and thought it was funny that some preferred hardware over software in that other thread.

    I absolutely agree 100%...what this guy did, is irrelevant. If the Bill of Rights falls, the country falls.

    I still want to know what they "decrypted"? Did they get lucky with his pass scheme on one...but the others are different and they reached the limit before wiping?

    Now think about this: If this was TC, they could image and work on copies till the cows came home. I wonder if the *lack* of destruction, would have given the judge pause over compelling the defendant?

    Finally: Kind of proof that you better just TC the whole darn computer. It seems if there is no other external way for them to know what is on the computer...passwords aren't compelled, IMO.

    PD
     
  11. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Yup...neither does Ubuntu. I found many traces on a default install, with Zeitgeist, etc...

    PD
     
  12. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    The same with Bitlocker and other closed-source implementation of AES 128/256bit encryption.
     
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Looks like Shellbags is turning out to be quite something !

    @ LockBox

    Thanks for the info :thumb:
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Using a LiveCD (no system hard drive) with hardware-encrypted data drives would be quite secure, no?

    I wonder if one can prevent the drive passphrases from being cached in system memory.
     
  15. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Also, don't name your user account *your name*. I love these indictment sheets, etc... They offer up so many clues on what not to do :D

    PD
     
  16. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    A hidden OS won't help if you're compelled to decrypt it or provide the password (rubber hose, jail time). It won't help if you're caught with that hidden OS active either.

    IMO, using WDE for this purpose is little more than a attempt to circumvent the real problem, an OS that stores such data to begin with. Shellbags for example were not a problem until XP. Win 98 and 2000 didn't use them. This is one of the main reasons that some of us don't want to "upgrade" to the latest versions of a spyware OS. Depending on how you define it, security is a double edged sword. Choose your poison.
     
  17. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    You have a point about the fraud suit (if indeed they explicitly state there is no backdoor)...but to just assume a backdoor would ruin a business, this was already debunked here relatively recently.
     
  18. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    The Wikipedia article has a summary on Crypto AG Back-doored machines. This part struck me:
    I'm sure "interrogated" is putting things mildly and what a wonderful way for the company to treat him upon release.
     
  19. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I'm so tired of hearing about the Crypto AG story. This happened 20-30 years ago. Encryption is not just for government cables and the few anymore. It's 2013. There would be a huge difference in the reaction of backdoored encryption products from then until today. Apples and Oranges.
     
  20. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,095
  21. x942

    x942 Guest

    You can always argue you don't have a password. It's not possible to prove your remember something.

    There needs to be laws to protect against this for that reason alone. What if i did forget my pasword? I go to jail because I honestly can't remember it?
     
  22. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I agree with you, but just make it so you don't know a certain part of the pass phrase. Your lawyer and his tech expert can easily convince the judge that the molten, shreded, what used to be a YubiKey...was the only way in. Here's the half I know- "abc123" :D Why'd I do it? Doesn't matter, talk to my lawyer ("psssst...but I did like to photograph myself wearing high-heels...I was embarrassed your honor") :D

    PD
     
  23. x942

    x942 Guest

    Ha! I already do the yubikey part. highly recommended. Would take no more than a few seconds to destroy or "lose" a yubikey.
     
  24. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Is there an Open Source equivalent to yubikey?
     
  25. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    It's just a keyboard, basically. Don't know about open-sourced hardware. It has no sending capabilities. What are you thinking, as far as security vulnerabilities / backdoors?

    PD
     
Loading...
Thread Status:
Not open for further replies.