Guy Macon <http://www.GuyMacon.com/> wrote in alt.security.pgp on
Post by unknownPost by Ramon F HerreraIs has been claimed through the media that Interpol helped with the
computers, and they were able to "decrypt" hundreds of files. The
first time I heard this, I though that perhaps the FARC leaders were
using some weak encryption such as the one in ZIP files. How could
Interpol crack something like PGP?
They can't. What they *can* do is guess the passphrase.
Run a dictionary attack with a huge purpose-built dictionary
that includes easy-to-remember substitutions (4ward, FooL,
drowssap, cnffjbeq, asdfghjkl...) and foreign terms, add in
every typable string found on any of the hard drives (including
erased portions), add every phrase from every book and every
scrap of in the place, then add in words that your research
team has been generating (old phone numbers, names of former
lovers, pets...). Run this dictionary attack on a room full
of fast PCs.
That is pretty much what is described in the Washington Post article on the
Secret Service's "Distributed Networking Attack". Any interested
organization can buy the software off-the-shelf from Access Data.
Post by unknownAnd, of course, you do the usual job of offering low-level players
a suspended sentence if they give you a password, fooling them into
thinking someone else is confessing in another room -- standard
police techniques. If possible you use keyloggers or TEMPEST or
a rootkit or a hidden camera that watches the keyboard.
Yep.
Post by unknownChances are reasonably good that you will guess the password
or passphrase. You get to be the leader or a military unit by
being aggressive and skilled at fighting, not by sitting around
reading geeky webpages on how to pick a secure passphrase.
Yes, but every military unit worth its salt has (or /should/ have) procedures
in place to secure its communications (whether stored or in-transit.) It is
the duty of the communications officer to ensure that proper policies and
procedures are enforced.
One cannot expect a group like FARC to have military-grade crypto gear nor
sophisticated tools such as one-time pads, but they should have been able
make use of GPG/PGP, TrueCrypt and similar tools, however the article
implies that didn't make use of such tools. The article talked about
Interpol's experts being able to decrypt 932 files, while the entire haul
was 610GB. It sounds to me like the bulk of their data wasn't encrypted.
Post by unknownAnd, of course, there is the possibility that the police
made up that story so as to panic the ones they didn't catch.
Well, the current head of Interpol is an American, and the U.S. government
has a hate on for Chavez....
* * *
http://www.washingtonpost.com/wp-dyn/articles/A6098-2005Mar28.html
Sidebar:
How DNA Works
From washingtonpost.com at 6:57 AM
The Secret Service's "Distributed Networking Attack" program
consists of 4,000 computers linked together and configured to try
different password combinations against a series of encryption
keys.
The network is organized hierarchically, according to each
computer's processing power and function, with each segment of
the network named with a decidedly equine theme.
The machine that tells each segment of the network what to
work on is called "Shadowfax," named after the horse in J.R.R.
Tolkien's "Lord of the Rings" series.
Underneath Shadowfax are several "Blackhorse" machines that
assign jobs to DNA computers in Secret Service-field offices
around the country. The computers that actually do most of the
computations are called "packhorses."
DNA scours a suspect's hard drive for words and phrases located
in plaintext and fetches words from Internet sites listed in
the computer's Web browser logs. DNA technicians then load
the suspect's encrypted data into the system, while Shadowfax
tells the Blackhorse computers how to distribute the workload
of testing the keys against the word lists and execute any
subsequent brute-force attacks against the targeted encryption
keys.
-- Brian Krebs
* * *
washingtonpost.com
DNA Key to Decoding Human Factor
Secret Service's Distributed Computing Project Aimed at
Decoding Encrypted Evidence
By Brian Krebs
washingtonpost.com Staff Writer
Monday, March 28, 2005; 6:48 AM
For law enforcement officials charged with busting sophisticated
financial crime and hacker rings, making arrests and seizing
computers used in the criminal activity is often the easy part.
More difficult can be making the case in court, where getting
a conviction often hinges on whether investigators can glean
evidence off of the seized computer equipment and connect that
information to specific crimes.
The wide availability of powerful encryption software has made
evidence gathering a significant challenge for investigators.
Criminals can use the software to scramble evidence of
their activities so thoroughly that even the most powerful
supercomputers in the world would never be able to break into
their codes. But the U.S. Secret Service believes that combining
computing power with gumshoe detective skills can help crack
criminals' encrypted data caches.
Taking a cue from scientists searching for signs of
extraterrestrial life and mathematicians trying to identify
very large prime numbers, the agency best known for protecting
presidents and other high officials is tying together its
employees' desktop computers in a network designed to crack
passwords that alleged criminals have used to scramble evidence
of their crimes -- everything from lists of stolen credit card
numbers and Social Security numbers to records of bank transfers
and e-mail communications with victims and accomplices.
To date, the Secret Service has linked 4,000 of its employees'
computers into the "Distributed Networking Attack" program.
The effort started nearly three years ago to battle a surge
in the number of cases in which savvy computer criminals have
used commercial or free encryption software to safeguard stolen
financial information, according to DNA program manager Al Lewis.
"We're seeing more and more cases coming in where we have to
break encryption," Lewis said. "What we're finding is that
criminals who use encryption usually are higher profile and
higher value targets for us because it means from an evidentiary
standpoint they have more to hide."
Each computer in the DNA network contributes a sliver of its
processing power to the effort, allowing the entire system to
continuously hammer away at numerous encryption keys at a rate of
more than a million password combinations per second.
The strength of any encryption scheme is based largely on the
complexity of its algorithm -- the mathematical formula used
to scramble the data -- and the length of the "key" required
to encode and unscramble the information. Keys consist of long
strings of binary numbers or "bits," and generally the greater
number of bits in a key, the more secure the encryption.
Many of the encryption programs used widely by corporations
and individuals provide up to 128- or 256-bit keys. Breaking a
256-bit key would likely take eons using today's conventional
"dictionary" and "brute force" decryption methods -- that is,
trying word-based, random or sequential combinations of letters
and numbers -- even on a distributed network many times the size
of the Secret Service's DNA.
"In most cases, there's a greater probability that the sun will
burn out before all the computers in the world could factor in
all of the information needed to brute force a 256-bit key," said
Jon Hansen, vice president of marketing for AccessData Corp, the
Lindon, Utah, company that built the software that powers DNA.
Yet, like most security systems, encryption has an Achilles'
heel -- the user. That's because some of today's most common
encryption applications protect keys using a password supplied
by the user. Most encryption programs urge users to pick strong,
alphanumeric passwords, but far too often people ignore that
critical piece of advice, said Bruce Schneier, an encryption
expert and chief technology officer at Counterpane Internet
Security Inc. in Mountain View, Calif.
"Most people don't pick a random password even though they
should, and that's why projects like this work against a lot of
keys," Schneier said. "Lots of people -- even the bad guys -- are
really sloppy about choosing good passwords."
Armed with the computing power provided by DNA and a treasure
trove of data about a suspect's personal life and interests
collected by field agents, Secret Service computer forensics
experts often can discover encryption key passwords.
In each case in which DNA is used, the Secret Service has plenty
of "plaintext" or unencrypted data resident on the suspect's
computer hard drive that can provide important clues to that
person's password. When that data is fed into DNA, the system
can create lists of words and phrases specific to the individual
who owned the computer, lists that are used to try to crack the
suspect's password. DNA can glean word lists from documents
and e-mails on the suspect's PC, and can scour the suspect's
Web browser cache and extract words from Web sites that the
individual may have frequented.
"If we've got a suspect and we know from looking at his computer
that he likes motorcycle Web sites, for example, we can pull
words down off of those sites and create a unique dictionary of
passwords of motorcycle terms," the Secret Service's Lewis said.
DNA was developed under a program funded by the Technical Support
Working Group -- a federal office that coordinates research on
technologies to combat terrorism. AccessData's various offerings
are currently used by nearly every federal agency that does
computer forensics work, according to Hansen and executives at
Pasadena, Calif.-based Guidance Software, another major player in
the government market for forensics technology.
Hansen said AccessData has learned through feedback with its
customers in law enforcement that between 40 and 50 percent of
the time investigators can crack an encryption key by creating
word lists from content at sites listed in the suspect's Internet
browser log or Web site bookmarks.
"Most of the time this happens the password is some quirky word
related to the suspect's area of interests or hobbies," Hansen
said.
Hansen recalled one case several years ago in which police in
the United Kingdom used AccessData's technology to crack the
encryption key of a suspect who frequently worked with horses.
Using custom lists of words associated with all things equine,
investigators quickly zeroed in on his password, which Hansen
says was some obscure word used to describe one component of a
stirrup.
Having the ability to craft custom dictionaries for each
suspect's computer makes it exponentially more likely that
investigators can crack a given encryption code within a
timeframe that would be useful in prosecuting a case, said David
McNett, president of Distributed.net, created in 1997 as the
world's first general-purpose distributed computing project.
"If you have a whole hard drive of materials that could be
related to the encryption key you're trying to crack, that is
extremely beneficial," McNett said. "In the world of encrypted
[Microsoft Windows] drives and encrypted zip files, four thousand
machines is a sizable force to bring to bear."
It took DNA just under three hours to crack one file encrypted
with WinZip -- a popular file compression and encryption utility
that offers 128-bit and 256-bit key encryption. That attack was
successful mainly because investigators were able to build highly
targeted word lists about the suspect who owned the seized hard
drive.
Other encrypted files, however, are proving far more stubborn.
In a high-profile investigation last fall, code-named "Operation
Firewall," Secret Service agents infiltrated an Internet crime
ring used to buy and sell stolen credit cards, a case that
yielded more than 30 arrests but also huge amounts of encrypted
data. DNA is still toiling to crack most of those codes, many of
which were created with a formidable grade of 256-bit encryption.
Relying on a word-list approach to crack keys becomes far more
complex when dealing with suspects who communicate using a mix
of languages and alphabets. In Operation Firewall, for example,
several of the suspects routinely communicated online in English,
Russian and Ukrainian, as well as a mishmash of the Cyrillic and
Roman alphabets.
The Secret Service also is working on adapting DNA to cope with
emergent data secrecy threats, such as an increased criminal
use of "steganography," which involves hiding information by
embedding messages inside other, seemingly innocuous messages,
music files or images.
The Secret Service has deployed DNA to 40 percent of its internal
computers at a rate of a few PCs per week and plans to expand the
program to all 10,000 of its systems by the end of this summer.
Ultimately, the agency hopes to build the network out across all
22 federal agencies that comprise the Department of Homeland
Security: It currently holds a license to deploy the network out
to 100,000 systems.
Unlike other distributed networking programs, such as the
Search for Extra Terrestrial Intelligence Project -- which
graphically display their number-crunching progress when a host
computer's screen saver is activated -- DNA works silently in
the background, completely hidden from the user. Lewis said
the Secret Service chose not to call attention to the program,
concerned that employees might remove it.
"Computer users often experience system lockups that are often
inexplicable, and many users will uninstall programs they don't
understand," Lewis said. "As the user base becomes more educated
with the program and how it functions, we certainly retain the
ability to make it more visible."
In the meantime, the agency is looking to partner with companies
in the private sector that may have computer-processing power to
spare, though Lewis declined to say which companies the Secret
Service was approaching. Such a partnership would not endanger
the secrecy of their operations, Lewis said, because any one
partner would be given only tiny snippets of an entire encrypted
message or file.
Distributed.net's McNett said he understands all too well the
agency's desire for additional computing power.
"There will be such a thing as 'too much computing power' as soon
as you can crack a key 'too quickly,' which is to say 'never' in
the Secret Service's case."
(c) 2005 TechNews.com
Baal <***@Usenet.org>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1E92C0E8
PGP Key Fingerprint: 40E4 E9BB D084 22D5 3DE9 66B8 08E3 638C 1E92 C0E8
Retired Lecturer, Encryption and Data Security, Pedo U, Usenet Campus
- --
"Sed quis custodiet ipsos Custodes?" -- "Who will watch the Watchmen?"
-- Juvenal, Satires, VI, 347. circa 128 AD