Cracking Bin Laden's Hard Drives

http://mobile.informationweek.com/10996/show/8efc97f666be9a1bcc5a74ce853c5ff1/

According to the New York Times, "the team found a trove of information and had the time to remove much of it: about 100 thumb drives, DVDs and computer disks, along with 10 computer hard drives and five computers. There were also piles of paper documents in the house."
....

According to Hoglund, the effort to recover Osama bin Laden's data likely started with--and was part of--the raid, in a process that's known as battlefield exploitation, which seeks to extract as much data as possible while in the field. That's because it's much easier to extract information from a computer that's still running. Even if a hard drive employs encryption, if the drive is still mounted, then it's vulnerable. Furthermore, if the team can take physical memory RAM snapshots of a live device, this can help crack any encryption.
...

Interestingly, both the data on the recovered devices as well as the devices themselves may provide valuable clues. That's because every USB storage device has its own serial number, which can be retrieved from any computer to which it's been connected. "You're able to track that USB device in every system it's touched," said Lee. That may help analysts better understand how the courier network operated, especially if the storage devices match up with previous PCs that they've encountered.

The raid on Osama bin Laden's compound reportedly lasted 38 minutes, and recent accounts suggest that the facility may have been secured relatively quickly. That would have left time for computer specialists to go to work.

"To process a computer that's in a running state, you're probably talking about 15 to 30 minutes," said HBGary's Hoglund. "A guy has a toolkit--a hardened briefcase, he sits down, plugs it in," and it provides him with a full view of what's on the RAM chips, and also allows him to image the hard drive. In addition, a subset of the information can be transmitted via VSAT--a very small, two-way satellite communications system--to intelligence analysts in for immediate study.

I'm kind of surprised that OBL would locate operational computers in his residence.

I'd sure like to know what kind of intel we're getting from those drives...and I'm sure there are many others with a vested interest who are even more interested, as well.

:hi:

Bake

There will be some murderers IDd with this info.

Pigheaded

OBL's 'friends' are most likely thinking about saving their own asses rather than executing some revenge for what his sorry ass got. It's the best explanation I can think of for why there have not been any terrorist actions since the kill.

The military and intel guys are also trying to get the associates running and moving, even if that means going to ground. You tell them "We have shitloads of intel to sift through." The nervous ones immediately assume they're on the list, so to speak, while the others go low-key.

We already saw one guy turn himself in.

I think you're right.

You're really surprised he "would locate operational computers in his residence"?

edit: spling

I can't remember the source now. I'm sure the NSA will crack that encryption tout de suite.

The guys who get the data and make sense of it all.

How are they gonna do next season?

:shrug:

Seriously. The NSA can break whatever encryption that was used. Yes, they can...

No need to commandeer anything. Just send the stuff over there and they'll break it down for you. Probably, it's already there.

Nobody has any idea of their capabilities. I worked there in the late 1960s, and they could already do the most amazing things. I can't imagine what they're capable of 40 years later.

No secrets.

Take 1-2 hours tops, I would bet that they already have the key code. If it is a personal encryption, 1-3 days.

Oneshooter
Armed and Livin in Texas

by a head-on attack unless there is a built-in backdoor. The NSA is good, but they can't sidestep mathematics.

I don't think people realize just how powerful modern encryption has become.

most of the top end encryption algorithms cannot be broken (unless there is some quantum supercomputer..even then it might take years).
Even though they are "mathematically" impervious to decryption using brute force, often the clients/users make some silly mistake (use a stupid/guessable key) or have other faulty practices which enable the hacker/cracker to crack the code.

"GWBIsMyBFF" and you're in.

because they were the only ones who really knew what they were doing back then. Things have changed significantly. Digital encryption is now an extensively studied field and as a result, the government is now using encryption techniques that were developed publicly.

The only way the NSA could reliably break modern encryption schemes would be to (a) employ computing techniques that are radically different (like quantum computing); (b) use computing hardware that is *profoundly* more powerful than anything publicly available; or (c) exploit some fundamental mathematical weakness that no mathematician or cryptographer outside of the NSA has discovered. A and C are both theoretically possible but highly unlikely, and B is almost certainly impossible.

Bottom line is I think people tend to overestimate/mythologize the NSA's capabilities. They are undoubtedly good, but I would guess they rely more on exploiting human error than on raw codebreaking.

And the computer security research dudes said that you are naked, no matter what kind of encryption.....

We are PWNED.....

Strong encryption algorithms are available in the public domain in lots of places. Anyone can download a program like TrueCrypt. If you use it properly with a long password, it simply can't be cracked. No computer has the horsepower to brute force it.

It sucks in this case, but overall I like the idea of being able to encrypt things so that no one can read them. It's one of those classic trade-offs. It makes life easier for criminals and terrorists, but it makes life hard for police states.

There are lots of "alternative" methods of breaking encryption: side-channel attacks, backdoors, flaws in the cryptosystem implementation, human error, etc. But if we assume none of that is available to us, then most modern digital encryption techniques are *very* difficult to break, even for the NSA.

Computer security dudes get paid to be paranoid, but if computer encryption really didn't work, they would be out of a job...

C is hardly a possibility nowadays cos most encryption algorithms are public and have been tested to death by mathematicians & cryptographers. They have poured over the algorithms for years in order to find backdoor or faults and are yet to find any.
Contrary to popular belief, public encryption algorithms are more secure than the so called "secret" algorithms..as the secret ones have not been as rigorously tested as the public ones.

Serpent-Twofish-AES sequential encryption would probably defeat any supercomputer in this world(as you rightly pointed out...even with Quantum computers it would take months)




^^this!
Took computer security as elective in college and the professor was an ex-NSA guy. He had more than 10 years experience in the NSA and he pretty much said the same thing.More than 90% of the code-breaking is due to finding back-doors or exploiting other weaknesses(human and mechanical)

good stuff. excellent. thanks

on that hard drive.

Now, it all makes sense!

They couldn't even crack Assange's insurance file.

Properly used public encryption algorithms (like AES) are virtually unbreakable (can be proven mathematically to be so!) unless the one who encrypts makes some(of the many possible) mistakes he can make, which would give the decryptor an easy way in.

it would have taken the Fastest supercomputer in the world more than a a million years to even have a few% chance of decrypting Assange's file.

Not a valid source.

This presentation by MIT students is a very good example of how systems can be hacked.

Today's encryption algorithms are mathematically impervious to decryption(even using the world's fastest supercomputer will take millions of years). The only way to hack/decrypt such stuff is to hope
1 The encoder made some(of the many possible) mistakes that could be made...which negate the effectiveness of the algorithm
2 There is some backdoor(either hardware/software) which allows the hacker/decryptor to bypass the algorithm
3 Attack the hardware instead of the software and try to see if some hardware faults/bugs/bad practices can be used to short-circuit the decryption process

The following presentation gives a Very good step-by step example of how MIT students were able to hack the subway pay-card systems.
They mostly exploit the 3 ways given above to succeed.


PS: on second thoughts, I have edited the link out. Google it, the MIT university hosts it

edit to add: (I see you've since deleted the link to Defcon_Presentation.pdf)

I took the link out cos I didn't want to share it openly on forums...after all its supposed to be only used for 'educational' purposes :P