Feds seek new ways to bypass encryption

The Secret Service reports that gleaning Web passwords can help it crack encrypted files and hard drives, while the Justice Department says suspects can't be forced to divulge passphrases.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
5 min read

SAN FRANCISCO--When agents at the Drug Enforcement Administration learned a suspect was using PGP to encrypt documents, they persuaded a judge to let them sneak into an office complex and install a keystroke logger that recorded the passphrase as it was typed in.

A decade ago, when the search warrant was granted, that kind of black bag job was a rarity. Today, however, law enforcement agents are encountering well-designed encryption products more and more frequently, forcing them to invent better ways to bypass or circumvent the technology.

"Every new agent who goes to the Secret Service academy goes through a week of training" in computer forensics, including how to deal with encrypted files and hard drives, U.S. Secret Service agent Stuart Van Buren said at the RSA computer security conference last week.

One way to circumvent encryption: Use court orders to force Web-based providers to cough up passwords the suspect uses and see if they match. "Sometimes if we can go in and find one of those passwords, or two or three, I can start to figure out that in every password, you use the No. 3," Van Buren said. "There are a lot of things we can find."

Last week's public appearance caps a gradual but nevertheless dramatic change from 2001, when the U.S. Department of Justice spent months arguing in a case involving an alleged New Jersey mobster that key loggers were "classified information" (PDF) and could not be discussed in open court.

Now, after keystroke-logging spyware has become commonplace, even being marketed to parents as a way to monitor kids' activities, there's less reason for secrecy. "There are times when the government tries to use keystroke loggers," Van Buren acknowledged.

As first reported by CNET, FBI general counsel Valerie Caproni told a congressional committee last week that encryption and lack of ability to conduct wiretaps was becoming a serious problem. "On a regular basis, the government is unable to obtain communications and related data," she said. But the FBI did not request mandatory backdoors for police.

Also becoming more readily available, if not exactly in common use, is well-designed encryption built into operating systems, including Apple's FileVault and Microsoft's BitLocker. PGP announced whole disk encryption for Windows in 2005; it's also available for OS X.

Howard Cox, assistant deputy chief for the Justice Department's Computer Crime and Intellectual Property Section, said he did not believe a defendant could be legally forced--upon penalty of contempt charges, for instance--to turn over a passphrase.

"We believe we don't have the legal authority to force you to turn over your password unless we already know what the data is," said Cox, who also spoke at RSA. "It's a form of compulsory testimony that we can't do... Compelling people to turn over their passwords for the most part is a non-starter."

In 2009, the Justice Department sought to compel a criminal defendant suspected of having child porn on his Alienware laptop to turn over the passphrase. (A border guard said he opened the defendant's laptop, accessed the files without a password or passphrase and discovered "thousands of images of adult pornography and animation depicting adult and child pornography.")

Another option, Cox said, is to ask software and hardware makers for help, especially when searching someone's house or office and encryption is suspected. "Manufacturers may provide us with assistance," he said. "We've got to make all of those arrangements in advance." (In a 2008 presentation, Cox reportedly alluded to the Turkish government beating a passhprase out of one of the primary ringleaders in the TJ Maxx credit card theft investigation.)

Sometimes, Van Buren said, there's no substitute for what's known as a brute force attack, meaning configuring a program to crack the passphrase by testing all possible combinations. If the phrase is short enough, he said, "there's a reasonable chance that if I do lower upper and numbers I might be able to figure it out."

Finding a seven-character password took three days, but because there are 62 likely combinations (26 uppercase letters, 26 lowercase letters, 10 digits), an eight-character password would take 62 times as long. "All of a sudden I'm looking at close to a year to do that," he said. "That's not feasible."

To avoid brute-force attacks, the Secret Service has found that it's better to seize a computer that's still turned on with the encrypted volume mounted and the encryption key and passphrase still in memory. "Traditional forensics always said pull the plug," Van Buren said. "That's changing. Because of encryption...we need to make sure we do not power the system down before we know what's actually on it."

A team of Princeton University and other researchers published a paper in February 2008 that describes how to bypass encryption products by gaining access to the contents of a computer's RAM--through a mechanism as simple as booting a laptop over a network or from a USB drive--and then scanning for encryption keys.

It seems clear that law enforcement is now doing precisely that. "Our first step is grabbing the volatile memory," Van Burean said. He provided decryption help in the Albert "Segvec" Gonzalez prosecution, and the leaked HBGary e-mail files show he "went through a Responder Pro class about a year ago." Responder Pro is a "memory acquisition software utility" that claims to display "passwords in clear text."

Cox, from the Justice Department's computer crime section, said "there are certain exploits you can use with peripheral devices that will allow you to get in." That seems to be a reference to techniques like one Maximillian Dornseif demonstrated in 2004, which showed how to extract the contents of a computer's memory merely by plugging in an iPod to the Firewire port. A subsequent presentation by "Metlstorm" in 2006 expanded the Firewire attack to Windows-based systems.

And how to make sure that the computer is booted up and turned on? Van Buren said that one technique was to make sure the suspect is logged on, perhaps through an Internet chat, and then send an agent dressed as a UPS driver to the door. Then the hapless computer user is arrested and the contents of his devices are seized.