PDA

View Full Version : The FBI can't crack hard drive encryption



SMOKEU
17th December 2010, 21:09
In an announcement sure to please encryption happy folks, the FBI is not able to decrypt a hard drive.

The hard drive is that of Daniel Dantas, a banker who is currently suspected of fraud. Decryption techniques were used by both the FBI and Rio De Janeiro police.

Encryption basically scrambles your hard drive making it impossible to access anything on it without a password. When the correct password is given all the data is reorganized making it possible to view and edit files.

The program used to encrypt the harddrive is called "TrueCrypt" and is available free online HERE.

Decryption was first attempted by police in Rio De Janeiro in 2008 but was handed to the FBI after it failed. The FBI attempted a "dictionary" attack that uses common passwords and police data to try to force it's way through.

Currently there is no law in Canada the USA or Brazil that would force manufacturers or the suspect to give the password.


http://www.geek-juice.net/2010/06/fbi-cant-crack-hard-drive-encryption.html

Gremlin
18th December 2010, 00:15
That's pretty funny, even more so as I have been using the software for years. Some client laptops also have the software to keep vital data more secure.

Just don't attempt to encrypt your OS partition aye? Create a crypt within a partition and put files inside.

pete376403
19th December 2010, 20:23
Pointsec encrypts the OS partition and is reportedly uncrackable. (Any opinions on this?) Pointsec themselves say there is no way to recover a drive if the password is unknown. One of my customers uses it, and I heard the NZ Police were looking at using it as well.
Not free, though

phaedrus
19th December 2010, 22:29
unbreakable encryption eh?
http://imgs.xkcd.com/comics/security.png

p.dath
20th December 2010, 07:52
Interesting, I didn't know that some Intel CPUs had AES instructions built into them.

RideLife
20th December 2010, 07:53
how do I encrypted, or even just put a password on my Silicon Power memory stick?
Nothing I try seems to work. Do I need to password it Before I put any info on it?
Thanks.
Racey.

Slyer
20th December 2010, 08:19
Try the truecrypt program like in the original post.

Usarka
20th December 2010, 08:32
Currently there is no law in Canada the USA or Brazil that would force manufacturers or the suspect to give the password.



There's been lots of changes to our laws in this area, i'd be surprised if we'd have the right to remain silent on passwords if suspected of something dodgy...... (anyone know for surez?)

Gremlin
20th December 2010, 11:36
Since they can't torture you, depending on how naughty you have been, you still don't give them the password.

I use it myself, and for clients, to secure company files and information.

Ronin
20th December 2010, 12:03
There was an article on this not long ago. What they did was get a court order requirering the release of the key. When the suspect would not give it to them they simply threw him in jail for contempt. Interesting thing contempt. It can be indefinate.

Juzz976
20th December 2010, 12:33
In an announcement sure to please encryption happy folks, the FBI is not able to decrypt a hard drive.

The hard drive is that of Daniel Dantas, a banker who is currently suspected of fraud. Decryption techniques were used by both the FBI and Rio De Janeiro police.

Encryption basically scrambles your hard drive making it impossible to access anything on it without a password. When the correct password is given all the data is reorganized making it possible to view and edit files.

The program used to encrypt the harddrive is called "TrueCrypt" and is available free online HERE.

Decryption was first attempted by police in Rio De Janeiro in 2008 but was handed to the FBI after it failed. The FBI attempted a "dictionary" attack that uses common passwords and police data to try to force it's way through.

Currently there is no law in Canada the USA or Brazil that would force manufacturers or the suspect to give the password.


http://www.geek-juice.net/2010/06/fbi-cant-crack-hard-drive-encryption.html


Good news for you then, wont have to worry about them finding your jail bait stash.

SMOKEU
20th December 2010, 12:37
Good news for you then, wont have to worry about them finding your jail bait stash.

I have nothing to hide. It's not kiddy porn so I'm not doing anything illegal.

http://www.reddit.com/r/jailbait

Juzz976
20th December 2010, 12:50
I have nothing to hide. It's not kiddy porn so I'm not doing anything illegal.

http://www.reddit.com/r/jailbait

I know, it just seems more incriminating when you have to defend yourself.

ahh well, must go get my daily wheelie fix....

imdying
20th December 2010, 15:56
Don't tell them you won't give them the password, tell them you have forgotten it. One they can nail you on, the other they can't prove one way or the other.

p.dath
20th December 2010, 15:56
I'm reasonably sure that some legislation came into force last year in New Zealand that requires you to divulge any encryption keys when ordered by the court (which the Police can request).

Failure to comply with the court order could easily result in jail time.

So you have to decide between an indefinite stay in jail, or giving up the encryption keys.

Slyer
20th December 2010, 16:56
What if you don't remember them?

SMOKEU
20th December 2010, 19:01
So you have to decide between an indefinite stay in jail, or giving up the encryption keys.

Are we still talking about NZ?

p.dath
20th December 2010, 19:03
What if you don't remember them?

You'll have to convince the Judge. I think "I can't remember" won't be very convincing.


Are we still talking about NZ?

Yes. Getting more draconian.

onearmedbandit
20th December 2010, 23:37
You'll have to convince the Judge. I think "I can't remember" won't be very convincing.





It would be up to the court to prove that you can remember, and short of stealing your thoughts in your dreams Inception stylz I don't see how they could do that.

tigertim20
20th December 2010, 23:58
There's been lots of changes to our laws in this area, i'd be surprised if we'd have the right to remain silent on passwords if suspected of something dodgy...... (anyone know for surez?)

something about your right to remain silent in NZ, and in the USA, you have a constitutional right not to say anything that might incriminate yourself. remember, the burden of proof lies with the accuser. so fuck them.

gammaguy
21st December 2010, 03:03
so the logical conclusion of that is a jail full of child pr0n owners who "forgot"their passwords:shutup:

which throws up an interesting question-at what stage of disc data recovery(assuming a password has not been forthcoming) does a fragmented bunch of data become a crime?

Usarka
21st December 2010, 07:01
something about your right to remain silent in NZ, and in the USA, you have a constitutional right not to say anything that might incriminate yourself. remember, the burden of proof lies with the accuser. so fuck them.

Nope - we don't have a constitution in NZ. Laws can be made at any time to override old ones.

Just found an article here http://www.nzherald.co.nz/nz-government/news/article.cfm?c_id=144&objectid=10689847

I only gave it a quick skim but at a glance it looks like you can remain silent if it's going to incriminate yourself, but you have to hand it over if it might incriminate someone else. My immediate thought is then that if you don't hand it over you are impliciltly confessing guilt.

p.dath
21st December 2010, 07:31
It would be up to the court to prove that you can remember, and short of stealing your thoughts in your dreams Inception stylz I don't see how they could do that.

Negative, that law does not work that way. You don't have any right to remain silent, and they don't have to prove guilt. I think the burden of proof is "suspicion". So if they can establish reasonable suspicion then it is game over.

Mental Trousers
21st December 2010, 08:10
You don't have to remember your encryption keys. Most of them are too long to reliably memorize. So the way to make sure the bad men don't get hold of them is to set up something automated, either a cronjob, or a check when the machine is rebooted, a dead man's switch, whatever and if the check fails the keys are deleted.

onearmedbandit
21st December 2010, 08:24
Negative, that law does not work that way. You don't have any right to remain silent, and they don't have to prove guilt. I think the burden of proof is "suspicion". So if they can establish reasonable suspicion then it is game over.

So what you are telling me, is that if your passwords, which were long complex strings of random numbers and letters therefore virtually impossible to remember, were destroyed in a fire for example and you have no chance of remembering them, then how the fuck does 'you don't have any right to remain silent' going to help your case then. So, will they hold you indefinitely?

SMOKEU
21st December 2010, 08:32
so the logical conclusion of that is a jail full of child pr0n owners who "forgot"their passwords:shutup:

which throws up an interesting question-at what stage of disc data recovery(assuming a password has not been forthcoming) does a fragmented bunch of data become a crime?

The government doesn't really have any way of finding kiddy porn on someones computer unless they deliberately snoop around on that persons computer looking for evidence. Going on Google and typing in "child porn torrent downloads" is likely to arouse suspicion.

Ronin
21st December 2010, 09:25
The government doesn't really have any way of finding kiddy porn on someones computer unless they deliberately snoop around on that persons computer looking for evidence. Going on Google and typing in "child porn torrent downloads" is likely to arouse suspicion.


Hahahahahahaha. You just keep on believing that.

p.dath
21st December 2010, 17:15
So what you are telling me, is that if your passwords, which were long complex strings of random numbers and letters therefore virtually impossible to remember, were destroyed in a fire for example and you have no chance of remembering them, then how the fuck does 'you don't have any right to remain silent' going to help your case then. So, will they hold you indefinitely?

All encryptions I have used require a human input to use them. Could be a pass key. Could be a finger print. Could be a smart card. Could be a one time key.

If you refuse the provide the mechanism to decrypt the data when a court has ordered you to hand them over then you can go to jail.

p.dath
21st December 2010, 17:18
The government doesn't really have any way of finding kiddy porn on someones computer unless they deliberately snoop around on that persons computer looking for evidence. Going on Google and typing in "child porn torrent downloads" is likely to arouse suspicion.

Perhaps you are not familiar with an electronic interception warrant?

Most ISPs have the capability to mirror a users data to another port for collection, and this can also be done under an electronic interception warrant. Personally, I like using the free Wireshark to analyse the traffic dumps.

There is plenty of software out there that installs like a root kit, so you can not tell it is installed, then can monitor your machine - which can be legally installed with an electronic interception warrant.