E-Mail:
Author Avatar

Microsoft Beats Encryption for Law Enforcement

Thursday, May 1st, 2008
by forsythe

Encryption used to be synonymous with data security. Microsoft has put an end to that notion. In an effort to assist law enforcement, Microsoft has developed a methodology to break encryption:

“Microsoft’s Computer Online Forensic Evidence Extractor, or COFEE, is thumb drive-based tool set to assist in the decryption of data that law enforcement officials suspect is involved in a crime. Microsoft says COFEE does not constitute a back door to its BitLocker encryption, but privacy advocates worry that what can be used can also be abused — especially if it’s all on a tiny, easily-lost thumb drive.”

link: Microsoft Hands Cops a Crowbar for BitLocker

There is an obvious concern for privacy advocates that this effectively removes a tool for safeguarding data. A secondary and perhaps greater concern is that now hackers know that there is a means to circumvent encryption, beyond the previous methodologies. The Microsoft methodology works and is good enough for law enforcement. How soon will this be marketed and sold within the hacker community?

Catherine Forsythe
Director of Operations
FlyingHamster: http://flyinghamster.com/

Tags: , , , , , ,

Tags
Categories

2 Comments

Lee

May 2nd, 2008
at 6:30am

I have more of a question then a comment. Does this work on Bitlocker only or any encrypting software?

Jzilla

May 7th, 2008
at 6:19pm

From what I have read about this toolkit
- it contains a collection of forensic tools, a number of which are freely available.
- It doesn’t defeat bitlocker or anyother encryption software, the tools have to be used on a computer that is running i.e. the user has already logged in.
- to access files within an encrypted container or a bitlockered* drive the tools take a snapshot of the running system, hence the user has already used their password to unencrypt the contents.

I don’t see this as anything earthshaking, there are a number of free utilities that will easily create a complete image of a system that is running and logged in, thereby bypassing any encryption that may exist. I may be wrong but from what I can gather if the user has shutdown their computer the tools within the COFEE usb stick will not help them get data out of a bitlockered* drive or encrypted container.

* new term copyright me ;)

What Do You Think?

 


Anti-Spam Image

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!