If the securing of info on your hard-drive is as easy as this
http://boards.straightdope.com/sdmb/showpost.php?p=4595677&postcount=8
How do the police ever get the evidence to convict cyber-perverts et al. ?
Simple answer: encryption can be deciphered. Depending on the algorithm used, though, it just could take a little more time/work than a lot people are willing to put forth.
The purpose of encryption is to jumble up data, to put it in a form that can only be readily deciphered by one (or several select) entity/ies. Focus should be directed to the last part of that sentence, about deciphering. Basically, if you are going to write something in “code,” there needs to be some way of translating that “code” into a readable format, otherwise the information becomes useless (i.e. unretrievable).
I hope that helps clear things up for you.
LilShieste
Thanks LilShieste - but I thought the whole idea of PGP was that the info was un-decypherable without the persons “private key”.
Am I wrong ?
Firstly, criminals are stupid. Never forget that. They think they are smart and will never be caught. That fact that the prisons are filled with millions who thought the exact same thing doesn’t matter to them. Each one thinks “But I’m smarter than them, I won’t be caught.” (Note that there exists a few smart criminals who do in fact get away with things for a long time. They are just “noise” in the data set.)
If you know you won’t get caught, you won’t take any precautions. How about that for “logic”?
Secondly, they are not found due to what’s on their HDs, but during the download process. Police hangout and entice are sorts of pervs to download crap, contact “teens” and so forth.
From that, they get warrants, do searches, etc.
Thirdly, prosecuters lie a lot to get plea bargains. “We found blah-blah on your computer, so we’ll let you plea to X for Y years in jail.” They have been so aggresive at this that a federal appeals court recently threw out a bunch of stuff because of how misleading they’ve been.
good points ftg - especially about the stupidity of criminals. But can you be convicted without any evidence ? E.g. - the smut is there, or so they think, but the police can’t access it.
I’ve never really thought about it, but surely these perverts should get their shit together?
Anyone?
I thought I heard that, when presented with an appropriate search warrant, you are required by law to decrypt or provide correct decryption passwords to law enforcement officers. I may be wrong.
At least as far as the early days of computing go, Clifford Stoll’s (sp?) Cuckoo’s Egg is a very good accounting as to how an East German computer espionage ring was broken. He started looking for a 75-cent accounting error, and wound up working with the whole gamut of our government’s Alphabet soup to break this ring. Great read.
critter42
you can’t break modern encryption, not in a million years, even a trivial key will leave a computer spinning for decades trying to guess the answer, and there is no good reason not to use a 256 or 1024 bit key, or more which quickly gets to the point where every computer on earth running 24 hours a day to break it would not do so before the sun burned out.
The feds recently convicted an organized crime boss on the evidence provided by his encrypted disk. They used a search warrant to install a keystroke logger in his computer. They used another warrant to retrieve it. They got his PGP passphrase from the keystroke logs and then seized his computer as evidence.
Modern encryption cannot be brute-forced in any realistic timeframe, but there are usually ways around that. One common analogy in the security field is that good encryption isn’t a castle wall, it’s a 500 foot pole. You can’t get over the pole, but you can usually walk around it. Unless you do everything else right, encryption is pointless.
And Phase42: You can’t be forced to decrypt your data. This would fall in the category of testifying against yourself. The British tried to pass a law that would make it a crime to not provide your encryption keys, but someone pointed out that you could anonymously email an encrypted file to the Queen, allege that she had kiddie porn on her computer, and she would be sent to jail for not providing the key (which she never had). This would create a catch-22 for the suspect - they can’t decrypt the file because it’s not theirs, and they can’t prove it’s not theirs because they can’t decrypt it.
Encrypting your data can only protect you so much. Yes, it would take an inconveniently long time to brute-force decrypt a pedophiles stash of pornography. However, if the police suspect you have encrypted files on your computer they have better ways of opening the files. All they have to do is arrest the pedophile and search his house. They can use his own computer to decrypt his files. Unless he had the foresight to erase his key, it can be used by the police.
Or they could get warrant to install a keystroke logger. Or use a hidden camera to record keystrokes. Or pose as pedophiles and offer to trade material over the internet. Or pose as minors and offer to meet them in person. Or raid his house look for other evidence besides encrypted files. Unless the guy is unusually careful I’m sure he’s left behind some other evidence besides computer files.
The bottom line is that once the police decide to investigate you you’ve probably allready lost. The main protection is anonymity. Once you’ve blown that you are probably going to make one or more mistakes that will allow the cops to catch you.
Only if he uses an incredibly insecure implementation of his security. Something like PGP encrypts your secret key with a passphrase, so getting physical access to the bad guy’s computer is insufficient. First you’d have to break the symmetric encryption protecting the secret key before you can use that key to decrypt a PGP-protected resource. Some people may write down their passphrase (or passwords to other kinds of systems) but no one saves their passwords in the clear on the same system and expects privacy. Only incredibly insecure systems (e.g. Microsoft Access’s password protection feature) includes the decrypt key in the clear on the same system so you can just go looking for it.
Funny, all this time I thought my main protection was innocence.
seriously, its not as easy as you people are makeing it sound to crack encryption. its not an inconveniently long amount of time, its easly all the time left in the universe.
but even smaller passwords and such are worse than they seem, if you have a 10 charactor password thats several billion combinations… which isn’t SO many really, set a few computers on it and they could turn through all possiblitys in a week. the problem comes in trying to actually do that, its not some trivial thing to set up 50 computers to brute force a password, its not strictly hard, but its not something you can just do at a whim, or the sort of thing a police department is all set up to do. and even the ones that are, pretty much are limited to doing them one at a time with a great investment into each and every encryption, on something that may or may not be evidence.
Just a slight hi-jack here.
If I download something, doesn’t it remain somewhere on my hard drive, even if I delete it?
How about if I just view something. Does it get cashed, able to be found later on?
This is intended to address several of the most recent posts.
Say you are using one of those scam “accelerated download” programs that some ISPs are shilling. (NetZero, AOL, the usual scum.) Is prefetches pages linked to the one you are currently viewing. The contents of those pages are stored on your hard drive in the browser’s cache. Suppose one of those links went to a Russian child porn site. Or even a Dutch site with a legal 17-year old (for them). You now have child porn on your computer. You can be easily convicted, your life ruined forever (once on a sex offender list, you are always on it). Other scenarios include just some stranger (possibly a cop) sending you child porn unrequested. Can you prove you didn’t ask for it? Being innocent doesn’t help if you can’t afford the lawyers and in the meantime have lost you job, your spouse, etc.
Clearing out the cache of your hard drive just makes the space available for reuse and doesn’t go away until it is overwritten. Even then, special systems are available that can recover some overwritten data. You should assume that every single thing that you ever viewed (and a lot you didn’t) on the Internet is still on your hard drive.
Secondly, as in my first reply, crooks are stupid. They hardly ever take precautions like encrypting partitions. So the overwhelming number of cases of crooks caught doing Bad Stuff on the Internet don’t involve encryption.
Thirdly, because no computer program is perfect and the majority are far from perfect, even encryption programs can have bugs that leave passwords or other info lying around the hard drive. Several computers seized in Afghanistan had encrypted files that were decrypted by the fine folks (how ya doing?) at the NSA. Methods are not, of course, broadcast, but sniffing for passwords on the hard drive is a good bet.
Law-abiding everyday citizens have excellent reasons for using encryption. People should use it more often. But just because you are using top-of-the-line software doesn’t make you completely safe.
I have read the book. My oppinion is that Cliff Stoll acted like an idiot. He should secure his network right away rather than leaving it open to catch the hacker.
It wouldn’t make it a very good book though:
" Hacker spotted. Hacker kicked out of system. THE END" 
True indeed.
Thanks all.
How can you recover overwritten data?
“How can you recover overwritten data?”
They do it by disassembyng the hard disk and puting the platters on some special device that can pick up very weak magnetic signals. The idea behind this is that if data has remained on the same portion of the hard disk for long enough, then a single overwrite will still leave some remaining magnetism.
Mind you, this is an extremely expensive and time consuming technique, and it is not guaranteed that any useful information will be retrieved.
Disk wipe programs (like Steganos Suite) can be set up to overwrite the disk several times. I don’t think that data destroyed with several overwritings can be retrieved later.
This is true if you’re brute-forcing the key to something like PGP or AES, but brute forcing isn’t always the most effective way. Some public key systems have certain weak keys. Some implementations may leak key info. Some implementations may not properly use the entire key. Some systems have backdoors left by inept coders. There are many situations where a commercial security application is much weaker than the ideal implementation of the underlying algorithm. If you’re using something that’s been fairly well vetted like PGP, then you’re likely safe from these problems and you’re almost as secure as your key length makes you think you are. If you’re using a disk encryptor whipped up by your little brother after he skimmed “Applied Cryptography”, you’re very likely open to the world even if it uses some secure algorithm at its core.
11 00
11 00
11 00
11 00
11 00
Lets say the above is the "first write". Below we have a rewrite, where the 1s were changed to 0s and the 0s changed to 1`s.
11 00
00 11
00 11
00 11
00 11
00 11
There are still remnants of the “first write” evident in the magnetic structure of the data (at the top) because the device that changes the data on the disk doesnt line up exactly every time. It also doesnt erase the previous data first. With good enough equipment, that data can be read.