X

Child porn defendant locked up after ZIP file encryption broken

Texas man pleads no contest to child pornography charges after government investigator easily gains access to a password-protected ZIP file and allegedly discovers illegal images.

Declan McCullagh Former Senior Writer

Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.

Declan McCullagh

Jan. 16, 2008 3:13 p.m. PT

2 min read

Government investigators were able to easily break the ZIP file encryption that a Texas man allegedly used to conceal illegal images, a recent court case shows.

The investigation of John Craig Zimmerman began when his employer, the Brownsville Fire Department, received an anonymous voice message in February 2007 alleging that Zimmerman was a pedophile and had child pornography on his department-owned work computer. A city programmer named Albert Castillo searched Zimmerman's computer and found adult pornography (technically a violation of department policy but not a crime) on an external hard drive.

What Castillo also found were some password-protected ZIP files titled "Cindy 5." Castillo apparently used a program called Zipkey 5.5 to brute-force at least some of the password-protected files and find images of a partly naked minor.

Homeland Security's Immigration and Customs Enforcement agents were called in, and volunteered that they had information from a previous investigation showing that Zimmerman previously bought a membership on a child porn Web site. (Left unanswered is why, if that was in fact the case, ICE never did anything about it.)

What happened next: Zimmermann's home was raided with a search warrant, additional images he allegedly took himself were found, he was indicted on counts of receiving and possessing child pornography, and he pleaded no contest except to say that the images had nothing to do with interstate commerce. In an opinion dated December 20, U.S. District Judge Andrew Hanen said there was a "rational basis" to assume that child pornography transmissions related to interstate commerce.

I mention this case not to show that there's something remarkable about decrypting one of the older ZIP archives: the symmetric encryption algorithm used has long been known to be anything but secure. Newer WinZip archives, starting with WinZip 9.0, use more secure 128- and 256-bit key AES encryption.

The reason I'm mentioning this case is to argue that as encryption becomes more widespread--it's part of OS X and Vista, after all--police will encounter it more frequently, and not just in cases involving illegal images. And not all encrypted files will be as easy to brute-force. Which means that the outcome of the Boucher case becomes more important than ever.