Microsoft serves COFEE to the police…and a death sentence to employee!?
May 1st, 2008 Drazen Drazic Posted in Bad Stuff, Industry Specialists Talk, Research, WTF, cyber crime |
By Declan Ingram
Upon speculation that Microsoft had build backdoors into Vista, Niels Ferguson, a developer and cryptographer at Microsoft wrote:
“The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data……..Over my dead body“
That’s very reassuring.. Until this was released : “Microsoft device helps police pluck evidence from cyberscene of crime“.
From the article:
“Microsoft has developed a small plug-in device that investigators cancuse to quickly extract forensic data from computers that may have been used in crimes.”
Microsoft General Counsel Brad Smith; “These are things that we invest substantial resources in, but not from the perspective of selling to make money,” Smith said in an interview. “We’re doing this to help ensure that the Internet stays safe.”
Enter COFEE - the Computer Online Forensic Evidence Extractor - a USB thumb drive used to assist Law Enforcement. Specific details are thin, but the usual ’save the children’ arguments have been made.
Well Neils, you may want to talk to some good friends about writing you a eulogy. 
UPDATE: Microsoft has been quick to make statements about this - 2 in fact are listed here. This is rather amusing. The first statement says that the drive is made of “a compilation of publicly available forensics tools” and the second that is “not new forensic tools, but rather the creation of an easy to use, automated forensic tool”
It would have been more convincing if they could get their story straight.. While they have officially denied the use of backdoors or other ‘undocumented’ access I do wonder who has all the “documents”.
May 2nd, 2008 at 8:41 am
I don’t think this is so much a backdoor as an automated/fast way of gathering otherwise-unencrypted information. Even if they do take the encrypted stuff, you’d expect it remains encrypted.
May 2nd, 2008 at 9:48 am
I read the story yesterday & was rather underwhelmed by it all. As underwhelmed as one could be to not even bother with a comment. Or in my case, even a grunt.
But DD has today asked me to comment, and I’m always happy to oblige a good friend.
What is the actual news story here ? That MS may have fibbed ? Knock me over with a feather. My apologies to those with whom I don’t share their moral outrage at such a revelation.
Call me a grumpy old cynic, but I’m not outraged or surprised in the least that someone at MS may have got caught out fibbing. Companies tell fibs all the time. Sometimes they get caught. And they look silly.
The product (COFEE) has been around for a while now. Again, no real story here. Move on, people, nothing to see here !
BG.
May 2nd, 2008 at 10:59 pm
Okay, Silky and BG……both under-whelmed and see nothing wrong here. Fair enough…..
I see some of the dude’s responses in the links and they are out there….conspiracy shit….you’ll always get that!
I remember when the software dudes (MS etc…) first tried to automate licencing checks over the net…..Everyone went nuts that someone over the net could check what you did! The press went nuts..civil libertarians went to town….but hey….it happened!!!
BUT>>>This has a bad smell.
@silky, I don’t know enough to fully comment on all the technical aspects of this.
@BG, Your response was the opposite of what I expected…somewhat. Would you yourself use a USB stick with “unknown” / reliable? software relative to established tools you use now to conduct your investigation? I doubt it given how strict you are and need to be on every “investigation” you do! Does this put FTK and others out of business??!
At present, and with what information is there, I support Dec’s post to question this. If MS has nothing special to ad against what and who they know can already do this, why bring out a magic key?
May 2nd, 2008 at 11:19 pm
Yeah it all starts nice and harmless. If we could all do this before with “open” software, why would Microsoft bother to bring it all together for us and specially and make it available to select organisations? If there is nothing to worry about, why not give it to everyone? In the comments to Dec’s posts, some good questions have been asked.
May 3rd, 2008 at 3:13 pm
Myself & silky “see nothing wrong” ??
Actually, I agreed that MS may have fibbed.
Everyone should expect MS to tell fibs about these kinds of matters. Why ? Because you should also expect that US law enforcement\spooks would *require* backdoors into O/S’s. They do it with phones & telcos, so why are O/S’s any different? They’re not.
Realise also that it might very well be unlawful for MS to disclose those backdoors, given the far reaching secrecy legislation & covert powers that US law enforcement have gained, post 9-11.
Hence my being ho-hum ‘underwhelmed’. I stand by this sentiment. Its simply my perspective, but I respect those who are equally outraged by it all.
As to whether or not I’d use a USB stick with a series of automated tools…. what is the problem with that ?
Tools can be tested and results verified against each other via hashing - MD5 Sha1 etc etc. As long as the tests are recorded, verified, able to be reproduced, can be proven (via hashing) to not alter the original & can withstand rigorous peer review…. I see no problem.
I also doubt it would impact FTK/Encase at all. The more tools, the better !
BG.
May 3rd, 2008 at 3:57 pm
Fair enough BG…maybe I’m just a cynical old bugger.
May 3rd, 2008 at 8:18 pm
May 4th, 2008 at 12:01 am
BG, I totally agree that it is most likley that MS are legally required to backdoor their software and deny it. Your other points also are very valid.
When I posted this I was interested to see people’s reactions, guessing that most people would think “meh, of course they are” which is the standard response for this kind of thing. It is this attitude that I find most concerning. This complacent society continues to give up our rights and liberty in exchange for a sence of security. This being lied to, and told it is for my own good thing just doesn’t sit will with me. I can’t not make a noise about it.
oh, and if they are using USB, they are idiots. Firewire has DMA and is the fully documented backdoor everyone ignores.
May 5th, 2008 at 9:54 am
There’s morality & then there’s reality.
Jokes aside, the world needs people like you, Dec (& Schneier) to take the high moral ground. And question the erosion of our rights. Good on you.
Reality is that post 9-11, many liberties have been exchanged, so they tell us, in the name of so-called ’security’.
Maintain the rage, Dec.
BG.
PS. Ah, and I wouldn’t be so quick to discount the USB thing. Not all pc’s being forensically examined have existing firewire ports, but many these days have USB !