|
|
Microsoft spills COFEE on your secrets
Author: Gareth HalfacreePublished: 30th April 2008
Tim Cranton demonstrates the COFEE device for Interpol executive Jean-Michel Louboutin.
The COFEE – a somewhat laboured acronym for Computer Online Forensic Evidence Extractor – is a USB mass-storage device which started trials at law enforcement agencies across the US last June. Containing a toolkit of approximately a hundred and fifty commands, the software included on the drive is capable of decrypting passwords, copying the Internet history log, and accessing files owned by any user on the computer.
Microsoft general counsel Brad Smith has described the unit, which the company is offering free of charge to verified law enforcement officers, as something the company invests “substantial resources in, but not from the perspective of selling to make money. We're doing this to help ensure that the Internet stays safe.”
The article goes on to mention that the COFEE device “eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power, and potentially losing data. Instead, the investigator can scan for evidence on site.” What isn't mentioned in the article, however, is whether the evidence gathered by the toolkit is actually suitable for law enforcement purposes.
When a computer is seized by an investigating team, the first thing that happens is the hard drive is cloned – usually using a special device which is incapable of writing to the source drive. This keeps the chain of evidence clean, and prevents any claims of tampering being entertained should the case reach a courtroom. A device which requires you to make modifications to a suspicious system before you have a clean copy of the data seems like a potential mistrial to me.
But, what do I know? Clearly, Microsoft thinks its on to a winner with the law enforcement crowd – and if they're using the gratis COFEE, then selling the cops additional software isn't such a hard task. Not that I'm cynical or anything.
Anyone here suddenly feel the need to start using TrueCrypt, or is anything which helps bring digital criminals to justice a laudable project? Share your thoughts over in the forums.
Related articles on bit-tech.net
Comments (44)
problem solved!
Issue with truecrypt is ... if that key requires the pc not to be turned off, your system drive will still be mounted.. thus no protection given.
Only because we as a society has rolled over and accepted a loss of liberty for the sake of added 'security'.
What was in Benjamin Franklin said?
"Any society that is willing to give up a little liberty to gain a little security will deserver neither and lose both."
you got that from playing the most educational game in the world, Civ 4, didn't you? hehe.
i think that so long as this is used for law enforcement reasons then fine. as the subtitle said, not a problem if you've got nothing to hide.
"Of all tyrannies a tyranny exercised for the good of its victims may be the most oppressive.
It may be better to live under robber barons than under omnipotent moral busybodies.
The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those
who torment us for our own good will torment us without end for they do so with the approval of their own conscience."
Then don't worry about it. I doubt law enforcement agencies have the time or resources to investigate what linux distro's you've downloaded from bit-torrent or what porn you were looking at last night.
There are so many millions of internet users, it just isn't practical to scan us all. In reality this will probably be used in ongoing or prolonged investigations, where Police IT techs would have torn apart the harddrives in question to get the data back.
What does scare me is what else MS may be up to.
He's not joking. :D
the whole things a bad idea but how long before this piece of equipment is standard at airports etc so that customs/airport security can check your laptop for dodgy files etc.
Now if only more of my hardware and all my games worked in linux I would switch back.
This is yet another nail in the coffin containing my desire to stick with MS OSes.
I'll be on Linux soon without a doubt. :)
Yeah, those yaks look tasty. :D
But for every action is an equal and opposite reaction. MS creates COFEE, some hacker creates DECAFF (Data Evidence Collecting and Analysing Fiend F***er).
:)
Good stuff! But it practically writes itself, right?
(I have nothing to add that hasn't been said already. +1 on CS Lewis quote.)
not a big deal at all.
I wouldn't mind a copy of this. That way when I'm fixing peoples computers I can instantly get full access.
I see this getting out there and widespread quickly, nothing but bad in my mind.
http://community.winsupersite.com/blogs/paul/archive/2008/04/30/sorry-conspiracy-buffs-there-s-no-windows-back-door.aspx
Apparently it is just a conspiracy and does not exists.
According to that post, it does exist (which it does - hence the picture of the Microsoft bod demonstrating it), but it can't bypass BitLocker encryption. Which the original article never claimed it could - it bypasses account passwords, not encryption.
Because "if you're not doing anything wrong then you've got nothing to hide" thinking is just what we need in today's society.
Except that we have plenty of corrupt police officers.
Except that this software WILL be leaked.
Except that the leaked software WILL be used by crackers, malware writers, botnet admins, etc.
Thurrott's article to which GoodBytes linked says that this article is completely wrong due to some severe misinterpretation of statements and facts. I have no idea which is true, and honestly don't care as I would never trust anything except open-source security apps like TrueCrypt for truly sensitive data (and I'd absolutely set it to automatically un-mount the device after a couple minutes of inactivity). If this software doesn't exist as described, good. If it does, it's just another reason that validates my having stopped using Windows for any personal activity. In either case, the above thinking is irrational and dangerous.
Government minister: "wow great, now I don't have to worry if I leave my laptop in the back of a taxi"
Microsoft: "look how easy our security is to break"
Government minister: "Wait... what?"
There is no chance of this staying out of evil hands, I give it a few weeks before it is leaked/duplicated
and personally, I'm not worried.
I do daily backups, which cannot be read except after going through about 6 levels of various types of encryptions with failsafes, and if someone tried to use the USB stick for command access, my laptop would do a 7 pass wipe of the drive in about 12 seconds (its an ssd)
also, yes, everything on my computer is legal, but I like my privacy. =p
I think "the man" should search your computer if only because you think you have something worth hiding :)
Since when did having things you don't want to share with the world make you suspect? :|
shame gov computers don't have that......
not wanting everyone to know your business is fine and is protected by the european convention on human rights anyhow...
employing 6 levels of encryption and setting everything to delete is so out of the norm as to be by its nature suspicious.
and i raise your eyebrow with a
and "the man" already knows whats on here, and its his reguations that are the cause for half the security. B)