Please Scroll Down to See Forums Below 
muffinmaker
Banned
Computer Expert and FBI/encryption
--------------------------------------------------------------------------------
Hey guys,
Just a tidbit of info here sent to me by a computer geek friend of mine. Apparently a computer security expert attended a seminar earlier this year on computer security and one of the speakers was a FBI agent.
The following is from the security experts web blog detailing Q&A at the seminar as it relates to computer encryption.
Best regards,
MaxRep
PS: anyone interested in keeping up with this computer expert's blog, here is the link:
http://blogs.ittoolbox.com/security/investigator/
__________________________________________________ ______________
A Day in the Life of an Information Security Investigator
Blog Main | Blog Archive | Author Bio | | Connect to this blog
Previous Entry | Next Entry
FBI: Encryption Really Pisses Us Off
Security Monkey (Information Security Investigator) Posted 5/23/2007
Comments (28) | Trackbacks (0)
I spent today dressed up in my monkey incognito suit at the 2007 ISSA Symposium in Phoenix. There were lots of great presentations and interesting security folks to exchange information with.
One presentation was particularly informative and a bit humorous for me.
The information was presented by an FBI Special Agent on the basics of forensics. It was a very good summary - however the best part was the questions asked afterward. This is the part that made me chuckle (those of you that know how I feel about encountering encryption during an investigation know why I'm laughing).
This is a paraphrase of the conversation from my memory and the notes that I made on a drink napkin (that will teach me to not bring my laptop).
Attendee: "How do you deal with encrypted media and information during an investigation?"
Special Agent: *grimaces*
Special Agent: "For the most part encryption is a dead end for us, unless the evidence deals with a matter of National Security / Terrorism."
Attendee: "So what do you do if it involves National Security?"
Special Agent: "We don't work on it. We send it to a sister agency *cough* NSA *cough* that takes care of that for us. They have no problem dealing with such things."
Let me put this into perspective for you all based on the SA's other comments:
1) If an attacker breaks into your systems and encrypts all of your data and the damage is greater than $500k, they'll investigate but they won't recover your data. You are $%@! out of luck.
2) If you're a warez kiddy, KP connoisseur, or gang member and you encrypt your stuff and don't leave the passphrase in an easily recoverable place (and they don't recover the passphrase via social engineering or interviewing techniques), they aren't going to attempt to break your encryption.
3) If you're a terrorist, or threatening the President, or building a dirty bomb... your encrypted data will be put on a special plane and flown to the NSA in a matter of hours. It will be broken. You will be prosecuted/tortured/shot/mysteriously disappear.
~
Some other comments that were interesting:
The FBI still has their "mega contract" with Microsoft. They have infinite Microsoft resources to help them figure out how to get to your stuff if you've used a Microsoft encryption solution.
The FBI has particular trouble with Apple's Filevault encryption if the passphrase is of "excellent" quality. That tells me they have thousands of monkeys doing brute-force attempts on filevault sparseimage files. Interesting.
These comments made me feel better.
It would appear that I'm not the only one that gets rather pissed off when I find an encrypted file or filesystem during a forensic investigation - but I drink much better coffee.
Chief
For tales of my battles with encryption, read my Case Files. You may lose a day or two of productivity.
--------------------------------------------------------------------------------
Hey guys,
Just a tidbit of info here sent to me by a computer geek friend of mine. Apparently a computer security expert attended a seminar earlier this year on computer security and one of the speakers was a FBI agent.
The following is from the security experts web blog detailing Q&A at the seminar as it relates to computer encryption.
Best regards,
MaxRep
PS: anyone interested in keeping up with this computer expert's blog, here is the link:
http://blogs.ittoolbox.com/security/investigator/
__________________________________________________ ______________
A Day in the Life of an Information Security Investigator
Blog Main | Blog Archive | Author Bio | | Connect to this blog
Previous Entry | Next Entry
FBI: Encryption Really Pisses Us Off
Security Monkey (Information Security Investigator) Posted 5/23/2007
Comments (28) | Trackbacks (0)
I spent today dressed up in my monkey incognito suit at the 2007 ISSA Symposium in Phoenix. There were lots of great presentations and interesting security folks to exchange information with.
One presentation was particularly informative and a bit humorous for me.
The information was presented by an FBI Special Agent on the basics of forensics. It was a very good summary - however the best part was the questions asked afterward. This is the part that made me chuckle (those of you that know how I feel about encountering encryption during an investigation know why I'm laughing).
This is a paraphrase of the conversation from my memory and the notes that I made on a drink napkin (that will teach me to not bring my laptop).
Attendee: "How do you deal with encrypted media and information during an investigation?"
Special Agent: *grimaces*
Special Agent: "For the most part encryption is a dead end for us, unless the evidence deals with a matter of National Security / Terrorism."
Attendee: "So what do you do if it involves National Security?"
Special Agent: "We don't work on it. We send it to a sister agency *cough* NSA *cough* that takes care of that for us. They have no problem dealing with such things."
Let me put this into perspective for you all based on the SA's other comments:
1) If an attacker breaks into your systems and encrypts all of your data and the damage is greater than $500k, they'll investigate but they won't recover your data. You are $%@! out of luck.
2) If you're a warez kiddy, KP connoisseur, or gang member and you encrypt your stuff and don't leave the passphrase in an easily recoverable place (and they don't recover the passphrase via social engineering or interviewing techniques), they aren't going to attempt to break your encryption.
3) If you're a terrorist, or threatening the President, or building a dirty bomb... your encrypted data will be put on a special plane and flown to the NSA in a matter of hours. It will be broken. You will be prosecuted/tortured/shot/mysteriously disappear.
~Some other comments that were interesting:
The FBI still has their "mega contract" with Microsoft. They have infinite Microsoft resources to help them figure out how to get to your stuff if you've used a Microsoft encryption solution.
The FBI has particular trouble with Apple's Filevault encryption if the passphrase is of "excellent" quality. That tells me they have thousands of monkeys doing brute-force attempts on filevault sparseimage files. Interesting.
These comments made me feel better.
It would appear that I'm not the only one that gets rather pissed off when I find an encrypted file or filesystem during a forensic investigation - but I drink much better coffee.
Chief
For tales of my battles with encryption, read my Case Files. You may lose a day or two of productivity.
just kidding.
