|
Ogla



Registered: 02/16/04
Posts: 11,315
|
Feds forced to get creative to bypass encryption
#14353168 - 04/26/11 01:31 AM (12 years, 9 months ago) |
|
|
stumbled across this article.. http://homelandsecuritynewswire.com/feds-forced-get-creative-bypass-encryption
Feds forced to get creative to bypass encryption
Published 18 March 2011
As increasingly sophisticated encryption technology becomes widely available, federal authorities have been forced to find new ways to conduct surveillance against suspected criminals or terrorists; when federal authorities try to gather evidence on suspects, they frequently encounter PGP encrypted documents that they cannot hack into; authorities are experimenting with several methods to bypass encryption including keystroke logging spyware, seizing the computer while it is still on, and forcing an individual to turn over their passwords to federal authorities; the FBI recently floated a proposal that would force Web-based e-mail servers and social networks to build backdoors so that federal authorities could conduct surveillance, but quickly backed down
As increasingly sophisticated encryption technology becomes widely available, federal authorities have been forced to find new ways to conduct surveillance against suspected criminals or terrorists.
With cyber security fears growing, more software manufacturers are building sophisticated encryption tools into their operating systems like Apple’s FileVault and Microsoft’s BitLocker. Starting in 2005, PGP, a data encryption program, began offering whole disk encryption for Windows and Mac OS X.
Now when federal authorities try to gather evidence on suspects, they frequently encounter PGP encrypted documents that they cannot hack into. Instead authorities have tried using court orders that force Web-based providers to turn over a suspect’s passwords to see if they match.
“Sometimes if we can go in and find one of those passwords, or two or three, I can start to figure out that in every password, you use the No. 3,” said Stuart Van Buren, a U.S. Secret Service agent. “There are a lot of things we can find.”
According to Van Buren, “Every new agent who goes to the Secret Service academy goes through a week of training” in computer technology to learn how to deal with issues like encrypted data and hard drives.
These new technologies, particularly encrypted web-based email systems and social media sites, have confounded the FBI, which says it cannot conduct wiretapping operations on these networks when it has received a court order because of encryption.
To combat this problem, which the FBI calls “going dark,” FBI general counsel Valerie Caproni recently floated a proposal that would force Web based e-mail servers and social networks to build backdoors so that federal authorities could conduct surveillance.
Caproni said the FBI was seeking “a way for police armed with wiretap orders to conduct surveillance of Web-based e-mail, social networking sites, and peer-to-peer communications technology.”
The FBI quickly backed away from mandating backdoors, but did not specify what it planned on doing to address the going dark problem.
“Most our interception challenges could be solved using existing technologies that can be deployed without re-designing the Internet and without exposing the provider’s system to outside malicious activity,” Caproni said.
Authorities are experimenting with several methods to bypass encryption including keystroke logging spyware, seizing the computer while it is still on, and forcing an individual to turn over their passwords to federal authorities. But the latter method has proven ineffective and illegal.
Howard Cox, the assistant deputy chief for the Justice Department’s Computer Crime and Intellectual Property Section, said law enforcement agencies did not have the legal authority to force a suspect to turn over their password.
“We believe we don’t have the legal authority to force you to turn over your password unless we already know what the data is,” he said.
Cox explained, “It’s a form of compulsory testimony that we can’t do… Compelling people to turn over their passwords for the most part is a non-starter.”
Federal authorities have also resorted to using a program that will establish the passphrase after testing every single combination, in what Van Buren calls a “brute force attack.”
He says, if the password is short enough, “there’s a reasonable chance that if I do lower upper and numbers I might be able to figure it out.”
It took three days to determine a seven character password and sixty-two times as long to crack an eight character passphrase.
“All of a sudden I’m looking at close to a year to do that. That’s not feasible,” Van Buren said.
To avoid resorting to this timely method, the Secret Service tries to seize a computer while it is still on so the encryption codes are still in the computer’s memory.
“Traditional forensics always said pull the plug,” Van Buren said. “That’s changing. Because of encryption…we need to make sure we do not power the system down before we know what’s actually on it.”
To guarantee that the computer is on and the suspect logged in, authorities will sometimes contact the individual via Internet chat and then send an agent disguised as a delivery man to the door. The suspect will be arrested and the computer seized.
|
waves


Registered: 04/03/10
Posts: 2,213
|
Re: Feds forced to get creative to bypass encryption [Re: Ogla]
#14353317 - 04/26/11 02:26 AM (12 years, 9 months ago) |
|
|
/
Edited by waves (05/01/11 04:50 AM)
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 21 days
|
Re: Feds forced to get creative to bypass encryption [Re: Ogla]
#14353520 - 04/26/11 04:20 AM (12 years, 9 months ago) |
|
|
Quote:
“We believe we don’t have the legal authority to force you to turn over your password unless we already know what the data is,” he said.
Cox explained, “It’s a form of compulsory testimony that we can’t do… Compelling people to turn over their passwords for the most part is a non-starter.”
Sure you can; just claim that having data is a privilege, not a right, and presto... you can completely ignore the 5th amendment.
-------------------- Just another spore in the wind.
|
teknix
𓂀⟁𓅢𓍝𓅃𓊰𓉡 𓁼𓆗⨻


Registered: 09/16/08
Posts: 11,953
|
Re: Feds forced to get creative to bypass encryption [Re: Seuss]
#14354655 - 04/26/11 11:26 AM (12 years, 9 months ago) |
|
|
Quote:
TheDukeofLizards said: wow...
and i thought this was funny
Quote:
“Every new agent who goes to the Secret Service academy goes through a week of training”
OH NO! a whole week!?! That is enough time to learn pretty much everything there is to know about computers.
Lol, I thought that was funny too.
Try to get the data from a microwaved USB, lol.
|
LateForTheFuture
Old Hand



Registered: 02/24/03
Posts: 845
|
Re: Feds forced to get creative to bypass encryption [Re: Ogla]
#14356146 - 04/26/11 04:34 PM (12 years, 9 months ago) |
|
|
Very informative, and hilarious too! :P
Thanks for the intel and good find...
|
DualReality
Fellow helper.


Registered: 11/10/11
Posts: 45
Loc: The wonderful,SF bay area...
Last seen: 11 years, 8 months
|
Re: Feds forced to get creative to bypass encryption [Re: Ogla]
#15483039 - 12/07/11 10:29 PM (12 years, 1 month ago) |
|
|
Great post.
-------------------- The answers we all seek. Are all know within us all.
|
Viruk
Stranger
Registered: 03/12/06
Posts: 230
|
Re: Feds forced to get creative to bypass encryption [Re: DualReality]
#15588598 - 12/29/11 06:13 PM (12 years, 1 month ago) |
|
|
They have 60ft wired keystroke logging. YES! Using an antenna they can log what you're typing right now, even if it's to a wired desktop that isn't hooked to the internet, with a wired keyboard.
And they just keep getting better at this shit, don't get suspected.
|
dtowntoker
gimme a spliff
Registered: 08/06/11
Posts: 2,368
|
Re: Feds forced to get creative to bypass encryption [Re: Seuss]
#15588880 - 12/29/11 07:15 PM (12 years, 1 month ago) |
|
|
Quote:
Seuss said:
Quote:
“We believe we don’t have the legal authority to force you to turn over your password unless we already know what the data is,” he said.
Cox explained, “It’s a form of compulsory testimony that we can’t do… Compelling people to turn over their passwords for the most part is a non-starter.”
Sure you can; just claim that having data is a privilege, not a right, and presto... you can completely ignore the 5th amendment.
It isn't a right to have data, but it is a right to remain silent, and nothing they can say or do takes that away. Use good passwords, you don't need multiple if you have one good one and the only place it ever is is in your head.
|
nooneman


Registered: 04/24/09
Posts: 14,568
Loc: Utah
|
Re: Feds forced to get creative to bypass encryption [Re: dtowntoker]
#15590629 - 12/30/11 03:08 AM (12 years, 1 month ago) |
|
|
Quote:
dtowntoker said: you don't need multiple if you have one good one
Not true, a lot of places will hand over your passwords to the cops. So, always have multiple unique passwords, especially for important stuff.
|
johnm214


Registered: 05/31/07
Posts: 17,582
Loc: Americas
|
Re: Feds forced to get creative to bypass encryption [Re: dtowntoker]
#15599856 - 01/01/12 05:37 AM (12 years, 1 month ago) |
|
|
Quote:
Seuss said:
Quote:
“We believe we don’t have the legal authority to force you to turn over your password unless we already know what the data is,” he said.
Cox explained, “It’s a form of compulsory testimony that we can’t do… Compelling people to turn over their passwords for the most part is a non-starter.”
Sure you can; just claim that having data is a privilege, not a right, and presto... you can completely ignore the 5th amendment.
Seems to convince a lot of people- I heard this in high school and from all sorts of other people explaining/justifying various government actions: marriage, driver's licensing, et cet. Never seemed like a good argument to me. First it has no constitutional signifigance whatsoever, and second, no justification for the claim that something is a privledge is generally provided.
Quote:
dtowntoker said:
Quote:
Seuss said:
Quote:
“We believe we don’t have the legal authority to force you to turn over your password unless we already know what the data is,” he said.
Cox explained, “It’s a form of compulsory testimony that we can’t do… Compelling people to turn over their passwords for the most part is a non-starter.”
Sure you can; just claim that having data is a privilege, not a right, and presto... you can completely ignore the 5th amendment.
It isn't a right to have data, but it is a right to remain silent, and nothing they can say or do takes that away.
False. You have no such right. You only have a right to not be compelled to testify against yourself in a criminal proceeding.
|
dtowntoker
gimme a spliff
Registered: 08/06/11
Posts: 2,368
|
Re: Feds forced to get creative to bypass encryption [Re: johnm214]
#15605624 - 01/02/12 01:55 PM (12 years, 30 days ago) |
|
|
Actually, it clearly states that in any criminal case that you have the right not to be a witness against oneself. It says nothing about criminal proceedings
|
Ojom
member




Registered: 10/27/99
Posts: 2,148
Last seen: 3 years, 5 months
|
Re: Feds forced to get creative to bypass encryption [Re: johnm214]
#15613338 - 01/04/12 12:23 AM (12 years, 29 days ago) |
|
|
Quote:
dtowntoker said:
Quote:
Seuss said:
Quote:
“We believe we don’t have the legal authority to force you to turn over your password unless we already know what the data is,” he said.
Cox explained, “It’s a form of compulsory testimony that we can’t do… Compelling people to turn over their passwords for the most part is a non-starter.”
Sure you can; just claim that having data is a privilege, not a right, and presto... you can completely ignore the 5th amendment.
It isn't a right to have data, but it is a right to remain silent, and nothing they can say or do takes that away.
False. You have no such right. You only have a right to not be compelled to testify against yourself in a criminal proceeding.
The courts can say what they want, I will go to my grave believing that my right to freedom of speech extends as a right to not speak.
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 21 days
|
Re: Feds forced to get creative to bypass encryption [Re: Ojom]
#15613719 - 01/04/12 03:24 AM (12 years, 29 days ago) |
|
|
> The courts can say what they want, I will go to my grave believing that my right to freedom of speech extends as a right to not speak.
And the courts can toss you in jail until you are ready to be planted in a grave regardless of what you believe. The 1st amendment says that the government is prohibited from restricting your speech. Saying that you can speak is not the same as saying that you don't have to speak, regardless of what you believe. Luckily for you, the authors of the constitution saw this problem and added the 5th amendment that gives you the right to not speak in limited situations.
-------------------- Just another spore in the wind.
|
Anonymous #1
|
Re: Feds forced to get creative to bypass encryption [Re: Viruk]
#15638109 - 01/09/12 01:34 AM (12 years, 24 days ago) |
|
|
Quote:
Viruk said: They have 60ft wired keystroke logging. YES! Using an antenna they can log what you're typing right now, even if it's to a wired desktop that isn't hooked to the internet, with a wired keyboard.
And they just keep getting better at this shit, don't get suspected.
Haha, what?
|
snoot
look alive ∞



Registered: 01/30/05 
Posts: 9,640
Loc: 45º parallel
Last seen: 1 day, 10 hours
|
Re: Feds forced to get creative to bypass encryption [Re: Anonymous #1]
#15711832 - 01/24/12 02:18 PM (12 years, 8 days ago) |
|
|
Quote:
Anonymous said:
Quote:
Viruk said: They have 60ft wired keystroke logging. YES! Using an antenna they can log what you're typing right now, even if it's to a wired desktop that isn't hooked to the internet, with a wired keyboard.
And they just keep getting better at this shit, don't get suspected.
Haha, what?
I think he is talking about Van Eck phreaking or something hard to translate his point.
--------------------
∞ I am incapable of conceiving infinity, and yet I do not accept finity. - Simone de Beauvoir -
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 21 days
|
Re: Feds forced to get creative to bypass encryption [Re: snoot]
#15712771 - 01/24/12 06:02 PM (12 years, 8 days ago) |
|
|
http://edition.cnn.com/2012/01/24/tech/web/judge-defendant-decrypt-laptop/index.html:
Quote:
Judge orders defendant to decrypt laptop
A judge on Monday ordered a Colorado woman to decrypt her laptop computer so prosecutors can use the files against her in a criminal case.
The defendant, accused of bank fraud, had unsuccessfully argued that being forced to do so violates the Fifth Amendment's protection against compelled self-incrimination.
"I conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer," Colorado U.S. District Judge Robert Blackburn ruled Monday (.pdf).
The authorities seized the laptop from defendant Ramona Fricosu in 2010 with a court warrant while investigating financial fraud.
...
The government had argued that there was no Fifth Amendment breach, and that it might "require significant resources and may harm the subject computer" if the authorities tried to crack the encryption.
Assistant U.S. Attorney Patricia Davies said in a court filing (.pdf) that if Judge Blackburn did not rule against the woman, that would amount to "a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible."
...
The judge ordered Fricosu to surrender an unencrypted hard drive by February 21. The judge added that the government is precluded "from using Ms. Fricosu's act of production of the unencrypted hard drive against her in any prosecution."
Depending upon what was on the drive, I think I would take the contempt charge that will follow rather than decrypting the drive. I can't help that I have forgotten the password. If loss of memory was a good enough excuse for Ronald Reagan, then it should be a good enough excuse for me.
-------------------- Just another spore in the wind.
|
yutaka

Registered: 06/12/10
Posts: 544
|
Re: Feds forced to get creative to bypass encryption [Re: Seuss]
#15713559 - 01/24/12 08:35 PM (12 years, 8 days ago) |
|
|
A contempt charge can put you in jail indefinitely, right?
I agree, "forgetting the password" or deleting one of the keys to the encrypted volume would work out for the best if there was incriminating evidence.
I guess the plausible deniability of nesting encrypted drives would be one of the best things to do. Other than the fact that it's often obvious if your drive is missing several gigabytes of space.
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 21 days
|
Re: Feds forced to get creative to bypass encryption [Re: yutaka]
#15714900 - 01/25/12 04:26 AM (12 years, 8 days ago) |
|
|
> A contempt charge can put you in jail indefinitely, right?
No. Six months maximum, without a jury trial.
-------------------- Just another spore in the wind.
|
luvdemshrooms
Two inch dick..but it spins!?


Registered: 11/29/01
Posts: 34,247
Loc: Lost In Space
|
Re: Feds forced to get creative to bypass encryption [Re: Seuss]
#15715032 - 01/25/12 06:42 AM (12 years, 7 days ago) |
|
|
Quote:
Seuss said: > A contempt charge can put you in jail indefinitely, right?
No. Six months maximum, without a jury trial.
I'm sure this guy would have been delighted with six months.
Judge frees Pa. inmate who served record term for delinquent alimony account 14-year contempt sentence ends Saturday, July 11, 2009 By Mari A. Schaefer, Philadelphia Inquirer Free at last AP Photo/Courtesy of Bobbie Chadwick In this family photo, H. Beatty Chadwick poses overlooking Florence, Italy, during an Italian motorcycle vacation in 1992. By summer 2006, Chadwick had spent 11 years in a Delaware County, Pa., county jail where he is charged with contempt of court for failing to turn over some $2.5 million in a messy divorce dispute.
PHILADELPHIA -- H. Beatty Chadwick, imprisoned in Delaware County for the last 14 years, was in the jail library yesterday giving legal advice to female inmates when a prison official walked up and gave him the news.
He was a free man.
Minutes earlier a Delaware County Common Pleas judge issued an order granting Mr. Chadwick's petition for freedom, thus ending his incarceration for contempt of court -- a U.S. record for the charge.
"We want you out of here right away," Mr. Chadwick, 73, said the official told him.
In 1995 -- the year "Apollo 13" was a box-office hit, O.J. Simpson was acquitted of murder and 169 people were killed in the bombing of an Oklahoma federal building -- Mr. Chadwick was a corporate lawyer who grew up in Bryn Mawr and became embroiled in a nasty divorce. In April that year, he was arrested by two sheriff's deputies at his dentist's dowtown Philadelphia office and landed in jail.
A Delaware County judge issued an order to jail Mr. Chadwick for failing to deposit $2.5 million in a court-controlled account that would be used to pay alimony to his ex-wife, Barbara "Bobbie" Applegate.
Mr. Chadwick contended he no longer had the money, saying he lost it in a bad overseas investment. The judge believed he hid the money after divorce proceedings were started. Court-ordered investigations after he was jailed turned up no money.
The couple were married for 15 years. Mr. Chadwick called their marriage happy; she said he was stubborn and controlled her every move.
Efforts to reach Ms. Applegate's attorney, Albert Momjian, yesterday were unsuccessful.
In yesterday's ruling, Judge Joseph P. Cronin said Mr. Chadwick had the ability to comply with the 1995 court order to make the bank deposit and willfully refused to do so. But, after 14 years, Judge Cronin said, the contempt order had lost its coercive effect and instead had become punitive.
At the prison yesterday, when Mr. Chadwick's attorney, Michael J. Malloy, arrived to pick him up, about 50 people -- prison staff, correction officers and inmates -- were gathered inside and out to see him off.
"It was pretty remarkable scene," said Mr. Malloy. He added people were crying, shaking hands and hugging Mr. Chadwick. When he walked out into the brilliant, blue sky day, Mr. Malloy said everyone applauded.
The two packed 14 years of clothes, books, magazines -- including Bon Appetit -- and boxes of legal filings into the backseat and trunk of Mr. Malloy's Honda Accord, and then they drove off.
"I really missed being free and being able to have interactions with other people," said Mr. Chadwick, who was dressed in a dapper green suit and maroon tie for the occasion. "Jail is really a very artificial society."
Later in Mr. Malloy's office, Mr. Chadwick talked about his legal battles, the judicial system, his life in prison and his future.
He said he held no anger about the imprisonment or toward his ex-wife, to whom he has not spoken in more than a decade.
"The dark moments always came when I had a turndown from some court," said Mr. Chadwick, who had repeatedly sought release over the years. He said he kept his spirits up helping others with their legal issues.
For more than six years, Mr. Malloy worked pro bono on the case.
"I always thought if I could take this to a jury, he would have been home in a week," said Mr. Malloy.
When Mr. Chadwick's son, William, 41, walked into the office, the two embraced.
"It was so tough to keep up hopes at these hearings," said William Chadwick.
"We were concentrating so much on getting him out, we haven't thought what we'd do immediately afterward."
Beatty Chadwick will stay at his son's house in King of Prussia until he can set up his own apartment. He has no firm plans beyond that.
"I have to get out and make a living," said Mr. Chadwick, who has no income other than Social Security.
He is considering possibly teaching, trying to see what he can do in a corporate advisory role, and he will try to get his law license reinstated.
"I'm really thinking about what I'm going to do with the rest of my life," Mr. Chadwick said.
He would like to use his "skills and talent and time" to benefit others.
As Mr. Chadwick walked outside to transfer his belongings into his son's Prius, a man driving a car along Veteran's Square in Media honked, cheered and gave the thumbs-up sign, all while hanging out the car window.
"Good job, buddy," said the former fellow inmate, who declined to give his name. "You deserve to be out."
And of course:
http://online.wsj.com/article/SB123137263059962659.html
Quote:
In some contexts, the federal system limits civil-contempt confinement to 18 months. Some states have similar limits. But in other states, judges face few restrictions on how long someone can be held in civil contempt.
And then there is:
http://en.wikipedia.org/wiki/Martin_A._Armstrong
Quote:
Armstrong was jailed for seven years for contempt of court, and only went to trial when the United States Court of Appeals removed Judge Owen from his case in 2007 after Armstrong spent several days in solitary confinement.
-------------------- You cannot legislate the poor into prosperity by legislating the wealthy out of prosperity. What one person receives without working for another person must work for without receiving. The government cannot give to anybody anything that the government does not first take from somebody else. When half of the people get the idea that they do not have to work because the other half is going to take care of them and when the other half gets the idea that it does no good to work because somebody else is going to get what they work for that my dear friend is the beginning of the end of any nation. You cannot multiply wealth by dividing it. ~ Adrian Rogers
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 21 days
|
Re: Feds forced to get creative to bypass encryption [Re: luvdemshrooms]
#15715483 - 01/25/12 10:01 AM (12 years, 7 days ago) |
|
|
> I'm sure this guy would have been delighted with six months.
Difference between civil and criminal contempt, I guess.
-------------------- Just another spore in the wind.
|
|