The FBI failed to break the encryption code of hard drives seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha. The operation began in July 2008. According to a report published on Friday (25) by the newspaper Folha de S. Paulo, after a year of unsuccessful attempts, the U.S. federal police returned the equipment to Brazil in April.

According to the report, the fed only requested help from USA in early 2009, after experts from the National Institute of Criminology (INC) failed to decode the passwords on the hard drives. The government has no legal instrument to compel the manufacturer of the American encryption system or Dantas to give the access codes.


G1 - Not even FBI was able to decrypt files of Daniel Dantas - notícias em English (http://g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html)

Yeah its true that the FBI cannot decrypt hard passworded files/hard drives, however the NSA can but it usually never goes that far since it is expensive. However, if you were a person with high interest, they would send your file to the NSA and have it decrypted.
Thanks for the info.

What helps, is never get a person of interest:)

...however the NSA can but it usually never goes that far since it is expensive....

What are they(nsa) doing with the hdd?
I thought there is no way to decrypt such systems (at least within few years). :confused:

I thought there is no way to decrypt such systems (at least within few years).
Ha you never know what kind of technology is hidden from us.

I thought there is no way to decrypt such systems (at least within few years). :confused:

Nothing's flawless.

I've heard that somewhere... :biggrin:

btw, anon, its futbol-time.

Even if some org didnt have super computers even with secret malware they could steal CPU and bandwidth to do their dirty stuff

Yeah its true that the FBI cannot decrypt hard passworded files/hard drives, however the NSA can

translated, that means the fbi can do it too since they cooperate when necessary or they can simply install another system for this purpose within the fbi


but it usually never goes that far since it is expensive.

which is what they want people to believe, whereas the federal bank prints money as they please and the federal bureau gets it when needed, and the public gets served with a watered down (harmonized, non transparent) version of the truth

what info does one have about truecrypt, their authors, their financial records, donations, connections to the government and so on - one can be pretty sure the government (via intelligence agencies) is very interested to be ahead (or infiltrated/prepared/informed/in control) of anything potentially dangerous (which includes unknown/new technology) to the system

TrueCrypt isn't something I'd trust. Why you ask? Read this Bootkit bypasses hard disk encryption - The H Security: News and Features (http://www.h-online.com/security/news/item/Bootkit-bypasses-hard-disk-encryption-742721.html)

And you think this is a problem by TrueCrypt?

Err, yes? Even if the BIOS is weak to this attack, TrueCrypt should be able to protect it somehow.

This quotation is interesting;



For instance, using Windows' own BitLocker encryption mechanism is said to be a reliable antidote, because an infected MBR's hash value no longer corresponds to the hash value stored in the TPM, prompting the TPM to abort the boot process.
Source - http://www.h-online.com/security/news/item/Bootkit-bypasses-hard-disk-encryption-742721.html

Well, Bitlocker realizes this using additional hardware (TPM), which TrueCrypt doesn't.

Not an excuse to be vulnerable to this attack :gtongue:

TrueCrypt can just implement this feature and be done with it.

TrueCrypt can just implement this feature and be done with it.
And tell all their users without TPM, "Sorry, you can't use us anymore"? :geek:

Pretty much :gsmile:

Better to have true than false security, if you ask me.

Well, then Bitlocker is also not for you as it's closed source. :wink2:

TrueCrypt isn't something I'd trust. Why you ask? Read this Bootkit bypasses hard disk encryption - The H Security: News and Features

THanks for the link, but I don't share your conclusion:

As Shoulder suggested, I don't think TrueCrypt could be incriminated for that. TrueCrypt is an encryption tool, not an anti-malware. For the same reason you could say "don't trust PGP" or even "don't trust Zone Alarm because everyone who stole your HDD with ZA installed can read your data in plain text" ?


Imo, the links you gave doesn't really prove you don't trust TrueCrypt, it shows you don't trust your PC. What could be safe if your machine is compromised ?

In the attacked decribed, the MBR is compromised by an attancker before the user log to is truecrypt. A possible countermeasure could be to boot only from CD.

I already answered to that question. TrueCrypt by nature should be able to protect against that.

I already answered to that question. TrueCrypt by nature should be able to protect against that.


To feed the debate: This question has been discussed on the TrueCrypt forums (http://forums.truecrypt.org/viewtopic.php?t=16862)

Moreover, in saying "TrueCrypt by nature should be able to protect against that" you could be right, and I could have been wrong in speaking about PGP. Indeed in doing some search, I have found that:


PGP Advisory Board

Stoned Boot Attack
Tuesday, August 4th, 2009

Another development that came out this last week at Black Hat is the “Stoned Bootkit” boot-level malware. You can find documentation including the source code at the http://www.stoned-vienna.com/ site.

This is an interesting piece of malware, particularly since it works around the full-disk encryption provided by the open source TrueCrypt application. Despite the excellent paper and presentation on the Stoned-Vienna website, there is a good deal of misinformation about it, even on that site.

(...)

The creators managed to get around TrueCrypt through a clever bit of brute-force. They install themselves as a shim driver above TrueCrypt and below Windows, thus completely bypassing TrueCrypt’s encryption.

The natural question for anyone who uses PGP is whether it would affect a system protected with PGP® Whole Disk Encryption (WDE).

The answer I give is that it would not as written.

PGP WDE has a clever feature in it — WDE prevents you from writing over the MBR. Consequently, it’s impossible to install MBR-level malware on a system with PGP WDE for that simple reason.

This particular piece of malware very cleverly installs itself in the MBR and performs a judo move on TrueCrypt. That particular judo move wouldn’t work on PGP WDE because we protect the MBR. It wouldn’t work on a system that protects the MBR some other way, like with a Trusted Platform Module (TPM). It also doesn’t affect systems that don’t have an MBR at all, like systems that boot with EFI including all Macs.


Stoned Boot Attack (http://blog.pgp.com/index.php/2009/08/stoned-boot-attack/)


But then, we can trust TrueCrypt on systems booting with EFI ? :smile: