FBI Failed To Break Encryption of Hard Drives

benoliver writes to let us know that the FBI has failed to decrypt files of a Brazilian banker accused of financial crimes by Brazilian law enforcement, after a year of attempts. Five hard drives were seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha in July 2008. (The link is to a Google translation of the original article in Portuguese.) The article in English mentions two encryption programs, one Truecrypt and the other unnamed. 256-bit AES was used, and apparently both the Brazilian police and the FBI tried dictionary attacks against it. No Brazilian law exists to force Dantas to produce the password(s).

Re:is waterboarding next to get the info?

[mangu]

is waterboarding next to get the info?

Since his pockets seem to be deep enough to buy a president of the Brazilian Supreme Court [google.com], not likely.

Validating technology

[gmuslera]

This say plainly that if you encrypt your info with the right, cheaply available technology, not even the FBI could get it, no matter what is it, or who you are. How much time now till some law around criminalizing the use of encryption gets approved?

Re:Wrong Agency

[cool_arrow]

Agree. If they have the capability they're not going to reveal this for a relatively uninteresting financial crime. There is some question regarding the NSA and one of the standards to generate random numbers: http://www.schneier.com/blog/archives/2007/11/the_strange_sto.html [schneier.com]

Re:weird

[Anonymous Coward]

Sure, they can make a law to force people to give up their passwords....

Only if they can make the sentence for breaking that law worse than the penalty for whatever crime the perpetrator is accused of.

This guy is not American

[mangu]

If the NSA could have unlocked it for them, I believe the FBI would have been there in a split second. They probably already asked.

It could even be that the NSA was asked first and failed, then they sent it to the FBI.

Daniel Dantas was involved in many shady operations, including one when the MCI company, which has used some funny accounting, [wikipedia.org] bought Brazilian Embratel [wikipedia.org].

It was the Brazilian federal government which asked the US government for help in cracking that encryption. International cooperation among different countries law enforcement agencies often happens in crimes involving international money laundering, so probably the US state department went to some effort to fing which agency was the most likely to decrypt those disks.

Re:Wrong Agency

[fuzzyfuzzyfungus]

If the key is also stored on the drive, protected only by a password, it isn't merely "not crazy to think that the NSA could have this capability" it is "crazy to think that random script-kiddies do not have this capability".

Most people pick lousy passwords. Brute-forcing them is restricted only by the speed of your hardware(and password-guessing is one of those conveniently parallel problems that scales with almost perfect linearity across however many nodes you want to throw at it).

Either this guy is way above average when it comes to picking good passwords, or the key was, in fact, stored separately and never located, or (tinfoil hat) they actually cracked his password three years ago, didn't find enough evidence to build a case, and would rather "admit defeat", and encourage other malefactors to trust in their encryption, than just admit that they don't have a case....

Re:is waterboarding next to get the info?

[Pharmboy]

In Brazil, proofs produced by illegal means cannot be used

Same in America, and usually, that is how it works. More often than not, however, they are more worried about using the information rather than punishing the offender (ie: to get to his bosses) so they do it anyway, and try to convict without that information. This is mainly the federal government that does this, state governments almost never do this.

Re:Wrong Agency

[edman007]

The AES encryption has been public for a long time, nobody has found anything that would allow anyone to crack it with any computer out there today, the NSA has more stuff available and they still allow Top-Secret material to be protected with AES-256 (it has FIPS compliance), I doubt the NSA would do that if they thought there was any chance that AES could be cracked

Re:Wrong Agency

[Kjella]

If the NSA could have unlocked it for them, I believe the FBI would have been there in a split second. They probably already asked.

You must remember that the NSA is in the national security business. Revealing that AES can be broken would be beyond huge, it'd be bigger than the breaking of the Enigma codes during WWII. It'd also destroy the value, because afterwards everyone would migrate to something else. So even if NSA has that capability it'd be Top Secret and not revealed just to catch this guy. It's something they'd use in secret for signals intelligence and only reveal if it was absolutely necessary in defense of the United States.

Gotta ask, does AES have a backdoors that they can go "compell" an organization to give them the keys to it?

AES itself? No. Any particular encryption software? Possibly, but as TrueCrypt is open source that's unlikely. Same with the full disk encryption in Linux. As pure brute force, there's not enough energy in the sun to break a 256-bit encryption. But there can always be some kind of algorithmic attack. I think for AES256 there was an attack lowering the strength to about AES128 strength. Still plenty strong but you can't knew if there's a better one.

Alternate Partition?

[HTMLSpinnr]

One of the great features of TrueCrypt is the whole alternate partition/segment idea. One password gives access to real data, while another (a duress password) would give some other access to an alternate segment. Put some benign documents in the alternate partition, and then under threat of water boarding, hand out the duress password. Assuming this all works, they find nothing, you go home.

Granted, I'm not encouraging this idea for criminal activity, but rather for truly sensitive data that shouldn't fall into the wrong hands.

Re:is waterboarding next to get the info?

[Tacvek]

Granting immunity is used in a fair number of crimes, but using it as away to force tesitmony frm an uncooperative witness is very rare, Much more common is the witness is perfectly willing to testify in exchange for the immunity. Cases like organized crime are the very reason for the WITSEC program (more popularly known as the witness protection program).

An even bigger problem with attempting to use immunity to compel testimony is that Supreme Court has held that only use immunity is required to compel tesitimony. That means the indivudual can later be prosecuted for the crime, but his testimony of evidence dirived from his testimony cannot be used against him. The only problem is that that should mean that only evidence collected before the testimony should be admissible, because it is impossible to show that evidence later collected was not found based on the testimony, and the courts do not require the police to prove that, so only evidence that was obviously based on the testimony is ever excluded.

Furthermore. If they refuse to testify they are charged with only contempt of court, but if they do testify, and that helps the cops get evidence against him, he is in bad shape. So given the choice he may well accept the contempt charge.

Finally, it can be hard to trust the testimony of somebody forced to testify against their will. Hiding this fact from the jury would be a bad idea because the jury has a right to know any reason why a particular witness may be unreliable. On the other hand, if the jury does know, The testimony really does not help the prosecution much.

Re:Wrong Agency

[Anonymous Coward]

Try all the words that are written in his office. The password may be under the keyboard, it may be also the serial number of the mouse (how many of you use this) ? Of course, it may be only in his memory: for example the beginning of a fairy tale, but there is a good chance that it is written somewhere. Do not use bruteforce, try to be smart: guess like in movies ;-)

Re:Wrong Agency

[tomhudson]

Even with supercomputer time, you're never going to crack anything the length of "the quick brown fox jumps over the lazy dog" (43 characters)

How about this: I don't need to crack YOUR password - I just need to come up with a transform that generates the same output as your password would have.

If I know that somewhere in that block of data is your email address. I can just start doing transforms at every offset - the ones that don't produce a match will quickly get eliminated (>99% will be eliminated on the first byte, ditto for subsequent bytes - think of it as a very efficient sieve of Eratosthenes tilted on edge). The ones that are left, continue. Eventually, I'll have many transforms and start positions that convert the binary data to the target phrase.

So I continue to apply the transform until either:

1. it's obvious that it was just an arbitrary piece of luck - it's not the transform I was looking for
2. I get the "good stuff" - it decrypts the whole block into something that makes sense,

I don't need your pass phrase, I don't need anything more than the maximum cycle length. I won't be able to decrypt all your stuff, but your email and spreadsheet data will probably be doable in a reasonable length of time, given today's hardware.

Re:this is obviously disinformation :)

[Spatial]

'Obviously'? I'd love to hear how an unfalsifiable assumption fits that criterion.

Re:is waterboarding next to get the info?

[ScrewMaster]

In Brazil, proofs produced by illegal means cannot be used (Federal Constitution, Art. 5, Inc. LVI

My guess is that, the next time this happens, it will no longer be considered "illegal means".

I recall a Slashdot article that said England already has a law that requires individual to turn over their passwords to law enforcement. Brazil's government may decide that they need something similar.

Re:is waterboarding next to get the info?

[mwvdlee]

I can only speak for my own country, the Netherlands, but here such things have happenned.

I can't think of any case where physical torture has been used, but emotional abuse has been used to get confessions in a handfull of cases in the past few decades.

Of those, all of the ones I know about ended in dismissal of the case or significantly lower charges and all of them ended up with court cases against the officials using or ordering illegal methods.

The general feeling here seems to be that immoral behaviour is immoral regardless the circumstances.

Red Herring ?

[equex]

So exactly how often does a government agency admit to failure at an issue this big ? I'm reading this as "FBI just managed to break TrueCrypt so we hope all you people use it."

Re:is waterboarding next to get the info?

[Anonymous Coward]

First off, water-boarding isn't torture.

Fuck you, Dick Cheney. We executed Japanese commanders for doing it to American POWs, so it's fucking torture. You'd have realized that if you took your mouth off Glenn Beck's dick long enough to get some oxygen to what passes for your brain.

Just general Slashtard AC paranoia

[Sycraft-fu]

You might notice that there are more than a few paranoid people on this site. They are convinced that the government is extremely evil, oppressive, and thus obviously extremely capable of doing amazing things that nobody else can. So the government can crack all encryption (even though the best research shows that isn't possible), the government can recover data from any harddrive unless you Gutmann wipe it (even though the best research shows a single overwrite screws over any recovery on EPRML drives). They believe the government is so amazingly competent and evil that they can organize thousands of people to plant explosives in the WTC and just make it LOOK like planes brought it down, and keep all that hushed up, and so on.

They believe that AES is "obviously" crackable simply because the public has it. They need no more evidence than that. It is paranoia, not facts, that they operate on.

Personally, I find it highly likely the government can't crack AES. They use it for classified data, it was designed to help secure our nation's financial system against foreign attack (one of the NSA's missions, they aren't only signals intelligence). It is probably the most analyzed crypto system in history, and nobody anywhere has found a major weakness. I'm going to cast in on the "it's secure" side of things.

Are you there, Abby Sciuto?

[grikdog]

Gotta love it. Truecrypt used intelligently is impervious to dictionary attacks. The trick is keyfiles, which can be used together with garden-variety "weak" passwords. It also has hidden volumes, which have a couple of annoying gotchas, which provide "plausible deniability" (it says here). One nice trick with keyfiles is to use steganography to embed a signifant blob of /dev/urandom output into a photograph, which then hides in plain sight along with hundreds or even thousands of other similar photographs (this circumvents keystroke loggers) -- or on a thumb drive or cd-rom. Shred the cd-rom (or smash the thumb drive with a hammer, etc.), and Truecrypt volumes become indecipherable, because the actual key is literally unknown (and unmemorizible by ordinary human brains). Assuming the banker get his drives back (or his backup!), and recovers his copy of the cd-rom bearing the keyfile from his friend in Freeport who thinks it's a bootleg Grateful Dead concert, Truecrypt brings it all back like Lazarus. The Linux version uses an optional cascade of three keys (AES 256, Serpent and Twofish) and the (optional, but recommended) Whirlpool hash algorithm. Steganography is not part of Truecrypt in any version I know.