DOJ Cracks Suspect's Hard Drives, Quickly Drops Request To Force Him To Decrypt

from the staying-far-away-from-a-precedent dept

We've been covering the DOJ's case against Jeffrey Feldman, in which they were trying to force him to decrypt some hard drives he had in order to get evidence to be used against him. This is a tricky area of law, because some courts have said that the 5th Amendment protects against being forced to decrypt evidence that can be used against you, while others have gone the other way. In this case, judges went back and forth, and the fight was still being fought.

However, it appears the feds likely cracked Feldman's password for his hard drives, and wasted little time in asking the court to dismiss the application to compel Feldman to decrypt. Basically, they point out that they don't need it any more, because "the government has now successfully decrypted two of Feldman's hard drives," providing it with more than enough evidence to put him in jail for a long, long time. Of course, this undoubtedly makes the DOJ fairly happy, because the last thing it wants right now is a higher court precedent on the books saying that someone can't be compelled to decrypt such data. I'm sure another case will come along to take on this issue before too long, but for now, the government is able to just keep the decks clear of binding precedent.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    wolfy, Aug 30th, 2013 @ 3:40pm

    It just keeps adding fuel to the fire labeled "Revolution".

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Aug 30th, 2013 @ 4:35pm

    How can we trust the decrypted anything and didn't just fabricate evidence? Oh, wait, we can't.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Aug 30th, 2013 @ 4:59pm

    Re:

    They have presumably followed forensic processes and retained the original disk unaltered. If they have decrypted it, then they have the key and they can demonstrate the production of a fresh copy of the disk and unlocking the content on that disk.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Aug 30th, 2013 @ 5:01pm

    Decryption, NSA style

    Parallel construction?

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Aug 30th, 2013 @ 5:07pm

    Re:

    This is why I think everyone should use this practice of full disk encryption, which was likely what Feldman wasn't doing.

    It's difficult or suspicious to plant evidence on a hard drive that is fully encrypted. Because any evidence you plant will not belong to the encrypted partition or be decrypted using the master key used to encrypt it.

    However, if only *some* of it is encrypted, then there is little anyone can do to prevent evidence planting.

    My most likely answer is that the password used on his partition was just "computer" or "password". Which is where the encryption scheme fails most of the time, can't encrypt against shoddy passwords.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Aug 30th, 2013 @ 5:10pm

    Re: Re:

    And nothing is stopping the DoJ, now knowing the suspects encryption password, to decrypt the drive, plant files, and then encrypt it again. It would be child's play.

    I'm not sure what they are trying to accuse him of, I don't believe it's relevant to the question being asked, but any sane person who has watched recent case law shouldn't put any modicum of trust in the DoJ or any prosecutor being employed by the state.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Aug 30th, 2013 @ 5:21pm

    Re: Re: Re:

    What's stopping the Department of Injustice from simply presenting a different encrypted hard drive that they 'cracked' containing whatever information they want it to contain linking him to terrorism or something.

    I doubt the DOJ would do as you say but, unfortunately, it wouldn't surprise me that much if they did.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Paul Renault (profile), Aug 30th, 2013 @ 5:30pm

    Am I the only one who..

    ..is really curious what encryption the 'un-sub' used?

    (I suspect that they cracked it because the password wasn't strong enough.)

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    slinkySlim, Aug 30th, 2013 @ 5:41pm

    Re: Am I the only one who..

    That and/or parallel deconstruction. 30 billion dollars of the nation's money thrown at decryption capabilities for the government must be accessible by other quarters of that same government, no? A trillion guesses a minute seems like it would add up relatively quickly.

    Modern civilization is getting so fucking worked right now. Authorities are abusing their authorities and our DOJ is a trustworthy as a fucking crack head. Actually, they are fucking crack heads, aren't they? Dog hunts.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    PopeRatzo (profile), Aug 30th, 2013 @ 6:36pm

    decryption or description?

    "Hey, we decrypted his hard drive and learned that he was the mastermind behind 9/11, kidnapped the Lindbergh baby and spit on the sidewalk in Midland, Texas in 1998! Crucify him!"

    This surveillance state will end very badly for everyone. And the worst part, it's like a runaway train that nobody wants except a handful of bureaucrats and government contractors. It's that last that's most worrisome, because remember, the companies that get contracts from the government to spy on us, also have other private parties for clients. If they find something while working for the government that can really help their private clients, how long you think that "firewall" is going to last? Maybe on their way to looking for terrorists, they happen to come across the fact that approximately 2 million women are doing internet searches on "breast cancer treatments". How long before that information ends up in the hands of prospective employers looking to make sure future employees don't make a lot of claims on health insurance?

    I'm optimistic, though, at the number of people from all over the political spectrum who are outraged and furious about this immoral spying. There are going to be some interesting crises when the people running the Surveillance State come up against voters who don't want to live under their noses. How long do you think your "Constitution" is going to keep our society intact when they decide elections aren't convenient. Or good for business.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    General Tso's Chicken, Aug 30th, 2013 @ 8:18pm

    Good dreams gone wrong.

    When I was a lot younger technology was cool. Now I see technology is a prison.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Aug 30th, 2013 @ 10:19pm

    Re: Re: Re: Re:

    What's stopping the Department of Injustice from simply presenting a different encrypted hard drive


    Because if under cross examination it came out that the suspect could not have possibly encrypted that drive, the prosecution would have been screwed and probably put in prison.

    It's a factor of denial. Of course the suspect is going to deny illegal content being on the drive, however, if the prosecution can't prove that he encrypted the drive, their case falls apart.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Aug 31st, 2013 @ 12:33am

    I remember hearing that the DOJ cracked the password to his boot encrypted operating system partition. From there they were able to view some of the history logs for his eMule application. Supposedly he was using eMule to download the child porn, because there we underage filenames depicting sexual acts and had their ages in the eMule application folder. It wasn't the actual files, just a log of his download history.

    All bootable OS encryption software I've seen requires a user generated password, before the operating system will boot. So chances are he used a weak password, short on length and with a low entropy.

    Perhaps he was using some propriety encryption software, such as Microsoft's Bitlocker OS encryption software. I'd wager he used a weak password though.

    Which ever agency broke his password, they probably profiled his online and work passwords for password patterns. Which can significantly increase a password guessing algorithm's success rate.

    This is why 'key stretching' is so important for passwords. Key stretching requires a password be hashed hundreds or thousands of times, before storing the final hash value as the key which performs encryption/decryption.

    So if someone tries to guess your password, and your password is stretched uses a 10,000 round PBKDF2 hashing algorithm. Then the cracker's computer will have to hash each guess, 10,000 times before being able to submit the 10,000th hash value for each single password guess. Which slows their guess rates way down.

    I go all out with dmcrypt/LUKS on GNU/Linux. After entering my boot password into LUKS, it takes over a minute to verify if the password is correct. I think it's well over 100,000 hash rounds before it can verify the password.

    Just because you're using key stretching, that doesn't mean long passwords with good entropy aren't still important. Key stretching simply complements strong passwords and slows down the rate of guessing attempts per second.

    Sadly, I haven't seen any options to increase key stretch hashing rounds in TrueCrypt. I'm sure it's possible to adjust, but may require a change to the source code and subsequent recompile.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Aug 31st, 2013 @ 8:08am

    The DOJ is probably completely lying their asses off.

    They produce a 'cracked' drive with evidence that Feldman was a necrophiliac, stolen/abused/returned Abraham Lincoln's corpse then punched some babies in the face, stole their candy, infected it with Anthrax and fed the candy to orphans.

    Feldmans choices:

    Action:
    decrypt the drive and show everyone the files PROVING he didn't do this stuff
    Result- DOJ gets an unencrypted drive

    Action:
    Refuse to decrypt the drive and the judge then has only the DOJ's word to go on that it didn't entirely fake the drive
    Result - Feldman goes to prison on potentially faked evidence.

    Either way the DOJ wins.

    What SHOULD have happened is a neutral third party should have taken control of the drive and given copies of the drive to both parties and would be able to verify or refute if the DOJs cracking key works.

    To be honest the 'original' drive probably had its stickers removed and stuck onto a totally different drive unit by the DOJ by now (They've done worse in other cases).

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    aldestrawk (profile), Aug 31st, 2013 @ 10:59am

    Re:

    When the drives were first seized it is standard forensic practice to calculate a cryptographic hash value across the entire drive. This evidence should have been available early on to the defense. The authorities cannot alter the contents of the encrypted drive without altering that hash value. The only way they could plant evidence in an encrypted drive or volume is to have cracked the encryption right away and plant files and re-encrypt before the initial paper-work is completed.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    aldestrawk (profile), Aug 31st, 2013 @ 11:04am

    They don't need it anymore?

    Back in May one of the drives had been decrypted and law enforcement already had evidence of actual child pornography rather than just e-donkey log files. Only now do they say they don't need to force Feldman to give up a password. Something else is going on.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    aldestrawk (profile), Aug 31st, 2013 @ 12:23pm

    Re: Good dreams gone wrong.

    Ted Kaczynski, is that you?

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Aug 31st, 2013 @ 12:36pm

    seems a rather ridiculous ruling that a person is forced to decrypt information that is then used to incriminate him/her self. how can the 5th not come into play?

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Aug 31st, 2013 @ 6:53pm

    Re: Re: Re: Re: Re:

    "the prosecution would have been screwed and probably put in prison. "

    The day I see U.S. government officials get jailed for breaking the law is the day I'll believe it. Until then only seeing is believing.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Aug 31st, 2013 @ 8:27pm

    An expert witness's first duty is towards the court
    if it came out that they presented evidence that was incorrect then not only with their credibility be shot; but all of the cases they have worked on will be up for review.
    No one here has any evidence to support their claims that the DOJ planted any evidence, or that the password was easy to crack.

    If through examination, or brute-force, the password is found then the child abuse material can be viewed and tied back to the computer.

    If the guy wanted to prove his innocence he could decrypt the drives for everyone. If through a repeatable process the DOJ could show how they decrypted the drives (which can be requested by defence) then what are you all complaining about.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Shawn, Sep 1st, 2013 @ 1:28pm

    forget it?

    Is it even possible to prove someone didn't just forget their password?

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Varsil, Sep 2nd, 2013 @ 11:37pm

    Re: forget it?

    Usually the courts have dealt with stuff like this by assuming that the person actually does remember it, but that they're pretending they've forgotten.

    Which is a pretty nasty little trap to be in if you've actually forgotten the password.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Sep 3rd, 2013 @ 7:28am

    My encrypted hard drive unlocks to the password: "Password". All it is a nice small open source install with lots of free open source text pulled randomly from the internet in various zipped files.
    Oh and on a side note: unlocking it will start the special purge of secret side that has a 32 random character password. Yeah it is a pain to automatic the process that load balances the two encrypted sides but paranoia and tin foil hats give me the strength to keep the crazy going.

    The point is I have the right to act crazy even if it is all legit or not. And few people could really claim that you should automatically be able to recall a 32 random character password - hell most people around the office cannot remember the simple 8 character password after a weekend.

    Finally it is not about me "proving I am innocence". I am innocence until proven guilty. How is all this not self-incrimination?

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    kog999, Sep 4th, 2013 @ 8:36am

    "unlocking it will start the special purge of secret side"

    The first step the feds do is make a copy, the purge wont help much.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This