An interesting article today on how the FBI cracked a hidden partition truecrypt volume that had a 30 character password.
http://www.theregister.co.uk/2015/08/04/truecrypt_decrypted_by_fbi/
So what happened and how is this possible? I personally don't think truecrypt has been broken or compromised. I think there are a few possible ways of how this hidden partition was cracked.
Option 1:
The feds more than likely had this guy under surveillance for months and since this could clearly be a national security issue they could have been authorized to compromise his pc using a zero day exploit like the ones recently exposed by the hacking team leak. Keyloggers more thank likely would have played a pivotal role in cracking the 30 character password so quickly.
Option 2:
He was using a password manager to manage all his passwords and had a weak master password and the feds managed to crack it.
Option 3:
To protect user data from compromise he obviously had to plug that hard disk into a system to remove the classified docs from the server that contained it. Users have no right to privacy on these types of systems. Maybe the FBI didn't crack anything at all. It is possible to have DLP software that quitely monitors all metadata transferred to removable mediums that offer no form of encryption to give the users the appearance that no file transfers are monitored when a simple query would be able to tell the feds exactly what was copied into the hidden partition.
No comments:
Post a Comment