DogReader
Lockergnome
Home
Author Avatar

Microsoft Beats Encryption for Law Enforcement

by forsythe on May 1, 2008 at 12:42 pm · Comments
Categorized by General / Related Information

Encryption used to be synonymous with data security. Microsoft has put an end to that notion. In an effort to assist law enforcement, Microsoft has developed a methodology to break encryption:

“Microsoft’s Computer Online Forensic Evidence Extractor, or COFEE, is thumb drive-based tool set to assist in the decryption of data that law enforcement officials suspect is involved in a crime. Microsoft says COFEE does not constitute a back door to its BitLocker encryption, but privacy advocates worry that what can be used can also be abused — especially if it’s all on a tiny, easily-lost thumb drive.”

link: Microsoft Hands Cops a Crowbar for BitLocker

There is an obvious concern for privacy advocates that this effectively removes a tool for safeguarding data. A secondary and perhaps greater concern is that now hackers know that there is a means to circumvent encryption, beyond the previous methodologies. The Microsoft methodology works and is good enough for law enforcement. How soon will this be marketed and sold within the hacker community?

Catherine Forsythe
Director of Operations
FlyingHamster: http://flyinghamster.com/

Tags: , , , , , ,

What do you think?

Lee - May 2, 2008 @ 6:30 am

I have more of a question then a comment. Does this work on Bitlocker only or any encrypting software?

Jzilla - May 7, 2008 @ 6:19 pm

From what I have read about this toolkit
- it contains a collection of forensic tools, a number of which are freely available.
- It doesn’t defeat bitlocker or anyother encryption software, the tools have to be used on a computer that is running i.e. the user has already logged in.
- to access files within an encrypted container or a bitlockered* drive the tools take a snapshot of the running system, hence the user has already used their password to unencrypt the contents.

I don’t see this as anything earthshaking, there are a number of free utilities that will easily create a complete image of a system that is running and logged in, thereby bypassing any encryption that may exist. I may be wrong but from what I can gather if the user has shutdown their computer the tools within the COFEE usb stick will not help them get data out of a bitlockered* drive or encrypted container.

* new term copyright me ;)

What are your thoughts?

RSS feed for comments on this post · TrackBack URI

All Comments and Trackbacks are moderated (unless you're a registered user). Regardless, this page will refresh when your submission is entered.

*
To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-Spam Image