Microsoft helps law enforcement get around encryption
The growing use of encryption software -- like Microsoft's own BitLocker
-- by cyber criminals has led Microsoft to develop a set of tools that law enforcement
agents can use to get around the software, executives at the company said.
Microsoft first released the toolset, called the Computer
Online Forensic Evidence Extractor (COFEE), to law enforcement last June
and it's now being used by about 2,000 agents around the world, said Anthony
Fung, senior regional manager for Asia Pacific in Microsoft's Internet Safety
and Anti-Counterfeiting group. Microsoft gives the software to agents for free.
While Microsoft can point to wide usage of COFEE, some experts are skeptical
about using that type of tool to recover data, and even the developer of the
product at Microsoft acknowledges that it's not accepted by some users.
Fung, who initiated the creation of COFEE, spent 12 years as a police officer
in Hong Kong, with the final seven dedicated to fighting cybercrime. When he
joined Microsoft, he sought to devise a way that agents could do better at finding
valuable information on computers used by cyber criminals.
When he was an officer, the protocol for handling computer crime was to remove
a computer from the scene of the crime, taking it back to the lab where computer
scientists would search it for information. In many regions of the world this
is still the standard procedure. "At that time everybody followed that
principle, but they knew that once they unplugged the computer, which was the
guideline, a lot of potential information was lost," Fung said.
That's because data on an encrypted system is accessible to police so long
as the criminal has logged on and the PC remains on. But if police shut the
system down, they need to have the criminal's password to get past the encryption
software when the computer boots back up. The release of Vista has accelerated
the problem because BitLocker, a data encryption feature, comes with Windows
Vista Enterprise and Ultimate versions, Fung said.
"Criminals are taking advantage of these technologies like BitLocker,"
Fung said. "BitLocker was the real driving force because it's becoming
ubiquitous." In addition to BitLocker, other hard disk encryption methods,
like one from PGP, also frustrate agents, he said.
While COFEE doesn't break BitLocker or open a back door, it captures live data
on the computer, which is why it's important for agents not to shut down the
computer first, he said.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
