bit-tech.net

Microsoft spills COFEE on your secrets

Microsoft spills COFEE on your secrets

Tim Cranton demonstrates the COFEE device for Interpol executive Jean-Michel Louboutin.

If you thought the security features developed by Microsoft were intended to keep your private data private in the face of adversity, think again: according to a report in the Seattle Times the software giant is offering investigatory agencies a device capable of bypassing pretty much every security measure currently built into its Windows operating system.

The COFEE – a somewhat laboured acronym for Computer Online Forensic Evidence Extractor – is a USB mass-storage device which started trials at law enforcement agencies across the US last June. Containing a toolkit of approximately a hundred and fifty commands, the software included on the drive is capable of decrypting passwords, copying the Internet history log, and accessing files owned by any user on the computer.

Microsoft general counsel Brad Smith has described the unit, which the company is offering free of charge to verified law enforcement officers, as something the company invests “substantial resources in, but not from the perspective of selling to make money. We're doing this to help ensure that the Internet stays safe.

The article goes on to mention that the COFEE device “eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power, and potentially losing data. Instead, the investigator can scan for evidence on site.” What isn't mentioned in the article, however, is whether the evidence gathered by the toolkit is actually suitable for law enforcement purposes.

When a computer is seized by an investigating team, the first thing that happens is the hard drive is cloned – usually using a special device which is incapable of writing to the source drive. This keeps the chain of evidence clean, and prevents any claims of tampering being entertained should the case reach a courtroom. A device which requires you to make modifications to a suspicious system before you have a clean copy of the data seems like a potential mistrial to me.

But, what do I know? Clearly, Microsoft thinks its on to a winner with the law enforcement crowd – and if they're using the gratis COFEE, then selling the cops additional software isn't such a hard task. Not that I'm cynical or anything.

Anyone here suddenly feel the need to start using TrueCrypt, or is anything which helps bring digital criminals to justice a laudable project? Share your thoughts over in the forums.

44 Comments

Discuss in the forums Reply
Naberius 30th April 2008, 10:13 Quote
What a load of crap, do we not have any privacy anymore, all the cameras, our data constantly being monitored, just seems that theres nothing we can do in the world without someone else knowing all about it.
MiNiMaL_FuSS 30th April 2008, 10:17 Quote
thats life on the grid.
Fod 30th April 2008, 10:27 Quote
use a mac? or linux?
problem solved!
Buzzons 30th April 2008, 10:33 Quote
Fod , you don't think tools like this exist for either of those OS's?
Issue with truecrypt is ... if that key requires the pc not to be turned off, your system drive will still be mounted.. thus no protection given.
Laitainion 30th April 2008, 10:44 Quote
Quote:
Originally Posted by MiNiMaL_FuSS
thats life on the grid.

Only because we as a society has rolled over and accepted a loss of liberty for the sake of added 'security'.

What was in Benjamin Franklin said?
"Any society that is willing to give up a little liberty to gain a little security will deserver neither and lose both."
Bauul 30th April 2008, 10:47 Quote
I've nothing to hide! I'm proud of my mongolian porn collection!
sotu1 30th April 2008, 10:51 Quote
Quote:
Originally Posted by Laitainion
Quote:
Originally Posted by MiNiMaL_FuSS
thats life on the grid.

Only because we as a society has rolled over and accepted a loss of liberty for the sake of added 'security'.

What was in Benjamin Franklin said?
"Any society that is willing to give up a little liberty to gain a little security will deserver neither and lose both."

you got that from playing the most educational game in the world, Civ 4, didn't you? hehe.

i think that so long as this is used for law enforcement reasons then fine. as the subtitle said, not a problem if you've got nothing to hide.
Boldar 30th April 2008, 11:00 Quote
Sorry but I happen to think CS LEWIS was right

"Of all tyrannies a tyranny exercised for the good of its victims may be the most oppressive.
It may be better to live under robber barons than under omnipotent moral busybodies.
The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those
who torment us for our own good will torment us without end for they do so with the approval of their own conscience."
sotu1 30th April 2008, 11:01 Quote
Actually, thinking about it, this is bound to get into the wrong hands. then it'll suck ass big time and become available through the net or something.
Buzzons 30th April 2008, 11:08 Quote
disable plug and play? :p
PumpAction 30th April 2008, 11:10 Quote
I wonder what the price on one of those sticks will be on the black market? How much access will you gain on a corporate\government network with these? Sounds like this will get reversed engineered/copied at some point and end up on the net unless it somehow isn't possible to copy.
Baz 30th April 2008, 11:12 Quote
not a terrorist/child pornographer/tax cheat/gangster?

Then don't worry about it. I doubt law enforcement agencies have the time or resources to investigate what linux distro's you've downloaded from bit-torrent or what porn you were looking at last night.

There are so many millions of internet users, it just isn't practical to scan us all. In reality this will probably be used in ongoing or prolonged investigations, where Police IT techs would have torn apart the harddrives in question to get the data back.
Cthippo 30th April 2008, 11:48 Quote
Hmmm, still waiting for something to make me think twice about switching to linux. This isn't it.

What does scare me is what else MS may be up to.
Denis_iii 30th April 2008, 11:53 Quote
I believe it time I give Linux another shot.....and I was all ready to give Vista a go
CardJoe 30th April 2008, 12:02 Quote
Quote:
Originally Posted by Bauul
I've nothing to hide! I'm proud of my mongolian porn collection!

He's not joking. :D
Ryu_ookami 30th April 2008, 12:39 Quote
You know the scarey thing about that article isn't that its being given to Law enforcment agencies which is bad enough but that its being given to "investigatory agencies" which could cover any agency govermental or otherwise which has an investigation/information gathering department.

the whole things a bad idea but how long before this piece of equipment is standard at airports etc so that customs/airport security can check your laptop for dodgy files etc.
sadlydefiant 30th April 2008, 12:55 Quote
I knew a Microsoft operating system was far from secure but I had no idea it could be accessed that quick.

Now if only more of my hardware and all my games worked in linux I would switch back.
widmod 30th April 2008, 13:08 Quote
i'm glad i switched to ubuntu :D
airchie 30th April 2008, 13:15 Quote
Quote:
Originally Posted by Buzzons
Fod , you don't think tools like this exist for either of those OS's?
I doubt they do tbh.

This is yet another nail in the coffin containing my desire to stick with MS OSes.
I'll be on Linux soon without a doubt. :)
Nexxo 30th April 2008, 13:27 Quote
Quote:
Originally Posted by Bauul
I've nothing to hide! I'm proud of my mongolian porn collection!

Yeah, those yaks look tasty. :D

But for every action is an equal and opposite reaction. MS creates COFEE, some hacker creates DECAFF (Data Evidence Collecting and Analysing Fiend F***er).
Redbeaver 30th April 2008, 15:08 Quote
i want one of those....... now to see if i can fake a police ID n get into their online forensic team........
E.E.L. Ambiense 30th April 2008, 15:21 Quote
Quote:
Originally Posted by Nexxo
Yeah, those yaks look tasty. :D

But for every action is an equal and opposite reaction. MS creates COFEE, some hacker creates DECAFF (Data Evidence Collecting and Analysing Fiend F***er).

:)

Good stuff! But it practically writes itself, right?
Faulk_Wulf 30th April 2008, 16:07 Quote
No one with a clever "Hot Coffee" comment? :P

(I have nothing to add that hasn't been said already. +1 on CS Lewis quote.)
Buzzons 30th April 2008, 17:24 Quote
LiveCD = 100% data recovery from a linux or windows OS -- boot it in a vm while not powering down the real PC = same thing. This is just a script that will pull data out of set areas, for linux it would be the same as copying /home/user etc

not a big deal at all.
DXR_13KE 30th April 2008, 17:30 Quote
i am thinking of a mix of encryption + virtual machines....
speedfreek 30th April 2008, 17:52 Quote
Quote:
Originally Posted by PumpAction
I wonder what the price on one of those sticks will be on the black market? How much access will you gain on a corporate\government network with these? Sounds like this will get reversed engineered/copied at some point and end up on the net unless it somehow isn't possible to copy.

I wouldn't mind a copy of this. That way when I'm fixing peoples computers I can instantly get full access.

I see this getting out there and widespread quickly, nothing but bad in my mind.
GoodBytes 30th April 2008, 17:55 Quote
Gareth Halfacree 30th April 2008, 18:02 Quote
Quote:
Originally Posted by GoodBytes
Read this:
http://community.winsupersite.com/blogs/paul/archive/2008/04/30/sorry-conspiracy-buffs-there-s-no-windows-back-door.aspx

Apparently it is just a conspiracy and does not exists.

According to that post, it does exist (which it does - hence the picture of the Microsoft bod demonstrating it), but it can't bypass BitLocker encryption. Which the original article never claimed it could - it bypasses account passwords, not encryption.
ch424 30th April 2008, 18:09 Quote
There's quite a bit of over-reaction to this article. As already stated by Buzzons and Gareth Halfacree, you can get full access to windows user files just using any recent Linux live CD and this still doesn't break encryption.
steveo_mcg 30th April 2008, 18:15 Quote
Only difference i can see is that the live-cd would require a reboot, does this?
ZERO <ibis> 30th April 2008, 21:58 Quote
I would like to see a hacker get his hand on one of these and see what he has to say about it's capabilities...
Firehed 30th April 2008, 21:59 Quote
Quote:
Originally Posted by Baz
not a terrorist/child pornographer/tax cheat/gangster?

Then don't worry about it. I doubt law enforcement agencies have the time or resources to investigate what linux distro's you've downloaded from bit-torrent or what porn you were looking at last night.

There are so many millions of internet users, it just isn't practical to scan us all. In reality this will probably be used in ongoing or prolonged investigations, where Police IT techs would have torn apart the harddrives in question to get the data back.

Because "if you're not doing anything wrong then you've got nothing to hide" thinking is just what we need in today's society.

Except that we have plenty of corrupt police officers.
Except that this software WILL be leaked.
Except that the leaked software WILL be used by crackers, malware writers, botnet admins, etc.

Thurrott's article to which GoodBytes linked says that this article is completely wrong due to some severe misinterpretation of statements and facts. I have no idea which is true, and honestly don't care as I would never trust anything except open-source security apps like TrueCrypt for truly sensitive data (and I'd absolutely set it to automatically un-mount the device after a couple minutes of inactivity). If this software doesn't exist as described, good. If it does, it's just another reason that validates my having stopped using Windows for any personal activity. In either case, the above thinking is irrational and dangerous.
Amon 30th April 2008, 23:15 Quote
If this trend continues, their next operating system will be called Open Windows (pun intended).
Cthippo 1st May 2008, 00:32 Quote
Microsoft continues to be the best promoter linux ever had. Who needs to advertise when your competitioin actively drives customers to you?
TheoGeo 1st May 2008, 00:44 Quote
Microsoft: "look how secure our OS is"
Government minister: "wow great, now I don't have to worry if I leave my laptop in the back of a taxi"
Microsoft: "look how easy our security is to break"
Government minister: "Wait... what?"

There is no chance of this staying out of evil hands, I give it a few weeks before it is leaked/duplicated
Buzzons 1st May 2008, 01:19 Quote
not sure if it has been posted but :: http://www.tgdaily.com/content/view/37201/108/ <-- a must read for this article
metarinka 1st May 2008, 06:49 Quote
yah there's nothing on that usb tool that a highschool kid with google and bit-torrent could not also obtain. I mean to use a linux boot cd that had some cracking applications on it (not that I'm a hacker or anything at all). Very useful when people forgot passwords and the likes. It's naive to thinkt hat a stock box on any platform is "secure" in any fashion
Bluephoenix 1st May 2008, 16:27 Quote
I personally still prefer using the firewire DMA trick for system penetration.


and personally, I'm not worried.

I do daily backups, which cannot be read except after going through about 6 levels of various types of encryptions with failsafes, and if someone tried to use the USB stick for command access, my laptop would do a 7 pass wipe of the drive in about 12 seconds (its an ssd)

also, yes, everything on my computer is legal, but I like my privacy. =p
fathazza 1st May 2008, 19:06 Quote
Bluephoenix are you trying to stop industrial espionage or just hiding extremely perverted porn collection.....

I think "the man" should search your computer if only because you think you have something worth hiding :)
Cthippo 1st May 2008, 22:25 Quote
Quote:
Originally Posted by fathazza
Bluephoenix are you trying to stop industrial espionage or just hiding extremely perverted porn collection.....

I think "the man" should search your computer if only because you think you have something worth hiding :)

Since when did having things you don't want to share with the world make you suspect? :|
DXR_13KE 1st May 2008, 23:01 Quote
Quote:
Originally Posted by Bluephoenix
I personally still prefer using the firewire DMA trick for system penetration.


and personally, I'm not worried.

I do daily backups, which cannot be read except after going through about 6 levels of various types of encryptions with failsafes, and if someone tried to use the USB stick for command access, my laptop would do a 7 pass wipe of the drive in about 12 seconds (its an ssd)

also, yes, everything on my computer is legal, but I like my privacy. =p

shame gov computers don't have that......
fathazza 1st May 2008, 23:54 Quote
Quote:
Originally Posted by Cthippo
Since when did having things you don't want to share with the world make you suspect? :|

not wanting everyone to know your business is fine and is protected by the european convention on human rights anyhow...

employing 6 levels of encryption and setting everything to delete is so out of the norm as to be by its nature suspicious.

and i raise your eyebrow with a
Bluephoenix 2nd May 2008, 21:37 Quote
the primary reason is I like my privacy, second reason is my work requires it.

and "the man" already knows whats on here, and its his reguations that are the cause for half the security. B)
sigmaxxx 2nd June 2008, 20:22 Quote
Linux \õ/
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums