[Paleopsych] WP: DNA Key to Decoding Human Factor

[Premise Checker]

DNA Key to Decoding Human Factor
http://www.washingtonpost.com/ac2/wp-dyn/A6098-2005Mar28?language=printer

    Secret Service's Distributed Computing Project Aimed at Decoding
    Encrypted Evidence

    By Brian Krebs
    washingtonpost.com Staff Writer
    Monday, March 28, 2005; 6:48 AM

    For law enforcement officials charged with busting sophisticated
    financial crime and hacker rings, making arrests and seizing computers
    used in the criminal activity is often the easy part.

    More difficult can be making the case in court, where getting a
    conviction often hinges on whether investigators can glean evidence
    off of the seized computer equipment and connect that information to
    specific crimes.

    The wide availability of powerful encryption software has made
    evidence gathering a significant challenge for investigators.
    Criminals can use the software to scramble evidence of their
    activities so thoroughly that even the most powerful supercomputers in
    the world would never be able to break into their codes. But the U.S.
    Secret Service believes that combining computing power with gumshoe
    detective skills can help crack criminals' encrypted data caches.

    Taking a cue from scientists searching for signs of extraterrestrial
    life and mathematicians trying to identify very large prime numbers,
    the agency best known for protecting presidents and other high
    officials is tying together its employees' desktop computers in a
    network designed to crack passwords that alleged criminals have used
    to scramble evidence of their crimes -- everything from lists of
    stolen credit card numbers and Social Security numbers to records of
    bank transfers and e-mail communications with victims and accomplices.

    To date, the Secret Service has linked 4,000 of its employees'
    computers into the "Distributed Networking Attack" program. The effort
    started nearly three years ago to battle a surge in the number of
    cases in which savvy computer criminals have used commercial or free
    encryption software to safeguard stolen financial information,
    according to DNA program manager Al Lewis.

    "We're seeing more and more cases coming in where we have to break
    encryption," Lewis said. "What we're finding is that criminals who use
    encryption usually are higher profile and higher value targets for us
    because it means from an evidentiary standpoint they have more to
    hide."

    Each computer in the DNA network contributes a sliver of its
    processing power to the effort, allowing the entire system to
    continuously hammer away at numerous encryption keys at a rate of more
    than a million password combinations per second.

    The strength of any encryption scheme is based largely on the
    complexity of its algorithm -- the mathematical formula used to
    scramble the data -- and the length of the "key" required to encode
    and unscramble the information. Keys consist of long strings of binary
    numbers or "bits," and generally the greater number of bits in a key,
    the more secure the encryption.

    Many of the encryption programs used widely by corporations and
    individuals provide up to 128- or 256-bit keys. Breaking a 256-bit key
    would likely take eons using today's conventional "dictionary" and
    "brute force" decryption methods -- that is, trying word-based, random
    or sequential combinations of letters and numbers -- even on a
    distributed network many times the size of the Secret Service's DNA.

    "In most cases, there's a greater probability that the sun will burn
    out before all the computers in the world could factor in all of the
    information needed to brute force a 256-bit key," said Jon Hansen,
    vice president of marketing for AccessData Corp, the Lindon, Utah,
    company that built the software that powers DNA.

    Yet, like most security systems, encryption has an Achilles' heel --
    the user. That's because some of today's most common encryption
    applications protect keys using a password supplied by the user. Most
    encryption programs urge users to pick strong, alphanumeric passwords,
    but far too often people ignore that critical piece of advice, said
    Bruce Schneier, an encryption expert and chief technology officer at
    Counterpane Internet Security Inc. in Mountain View, Calif.

    "Most people don't pick a random password even though they should, and
    that's why projects like this work against a lot of keys," Schneier
    said. "Lots of people -- even the bad guys -- are really sloppy about
    choosing good passwords."

    Armed with the computing power provided by DNA and a treasure trove of
    data about a suspect's personal life and interests collected by field
    agents, Secret Service computer forensics experts often can discover
    encryption key passwords.

    In each case in which DNA is used, the Secret Service has plenty of
    "plaintext" or unencrypted data resident on the suspect's computer
    hard drive that can provide important clues to that person's password.
    When that data is fed into DNA, the system can create lists of words
    and phrases specific to the individual who owned the computer, lists
    that are used to try to crack the suspect's password. DNA can glean
    word lists from documents and e-mails on the suspect's PC, and can
    scour the suspect's Web browser cache and extract words from Web sites
    that the individual may have frequented.

    "If we've got a suspect and we know from looking at his computer that
    he likes motorcycle Web sites, for example, we can pull words down off
    of those sites and create a unique dictionary of passwords of
    motorcycle terms," the Secret Service's Lewis said.

    DNA was developed under a program funded by the Technical Support
    Working Group -- a federal office that coordinates research on
    technologies to combat terrorism. AccessData's various offerings are
    currently used by nearly every federal agency that does computer
    forensics work, according to Hansen and executives at Pasadena,
    Calif.-based Guidance Software, another major player in the government
    market for forensics technology.

    Hansen said AccessData has learned through feedback with its customers
    in law enforcement that between 40 and 50 percent of the time
    investigators can crack an encryption key by creating word lists from
    content at sites listed in the suspect's Internet browser log or Web
    site bookmarks.

    "Most of the time this happens the password is some quirky word
    related to the suspect's area of interests or hobbies," Hansen said.

    Hansen recalled one case several years ago in which police in the
    United Kingdom used AccessData's technology to crack the encryption
    key of a suspect who frequently worked with horses. Using custom lists
    of words associated with all things equine, investigators quickly
    zeroed in on his password, which Hansen says was some obscure word
    used to describe one component of a stirrup.

    Having the ability to craft custom dictionaries for each suspect's
    computer makes it exponentially more likely that investigators can
    crack a given encryption code within a timeframe that would be useful
    in prosecuting a case, said David McNett, president of
    Distributed.net, created in 1997 as the world's first general-purpose
    distributed computing project.

    "If you have a whole hard drive of materials that could be related to
    the encryption key you're trying to crack, that is extremely
    beneficial," McNett said. "In the world of encrypted [Microsoft
    Windows] drives and encrypted zip files, four thousand machines is a
    sizable force to bring to bear."

    It took DNA just under three hours to crack one file encrypted with
    WinZip -- a popular file compression and encryption utility that
    offers 128-bit and 256-bit key encryption. That attack was successful
    mainly because investigators were able to build highly targeted word
    lists about the suspect who owned the seized hard drive.

    Other encrypted files, however, are proving far more stubborn.

    In a high-profile investigation last fall, code-named "Operation
    Firewall," Secret Service agents infiltrated an Internet crime ring
    used to buy and sell stolen credit cards, a case that yielded more
    than 30 arrests but also huge amounts of encrypted data. DNA is still
    toiling to crack most of those codes, many of which were created with
    a formidable grade of 256-bit encryption.

    Relying on a word-list approach to crack keys becomes far more complex
    when dealing with suspects who communicate using a mix of languages
    and alphabets. In Operation Firewall, for example, several of the
    suspects routinely communicated online in English, Russian and
    Ukrainian, as well as a mishmash of the Cyrillic and Roman alphabets.

    The Secret Service also is working on adapting DNA to cope with
    emergent data secrecy threats, such as an increased criminal use of
    "steganography," which involves hiding information by embedding
    messages inside other, seemingly innocuous messages, music files or
    images.

    The Secret Service has deployed DNA to 40 percent of its internal
    computers at a rate of a few PCs per week and plans to expand the
    program to all 10,000 of its systems by the end of this summer.
    Ultimately, the agency hopes to build the network out across all 22
    federal agencies that comprise the Department of Homeland Security: It
    currently holds a license to deploy the network out to 100,000
    systems.

    Unlike other distributed networking programs, such as the Search for
    Extra Terrestrial Intelligence Project -- which graphically display
    their number-crunching progress when a host computer's screen saver is
    activated -- DNA works silently in the background, completely hidden
    from the user. Lewis said the Secret Service chose not to call
    attention to the program, concerned that employees might remove it.

    "Computer users often experience system lockups that are often
    inexplicable, and many users will uninstall programs they don't
    understand," Lewis said. "As the user base becomes more educated with
    the program and how it functions, we certainly retain the ability to
    make it more visible."

    In the meantime, the agency is looking to partner with companies in
    the private sector that may have computer-processing power to spare,
    though Lewis declined to say which companies the Secret Service was
    approaching. Such a partnership would not endanger the secrecy of
    their operations, Lewis said, because any one partner would be given
    only tiny snippets of an entire encrypted message or file.

    Distributed.net's McNett said he understands all too well the agency's
    desire for additional computing power.

    "There will be such a thing as 'too much computing power' as soon as
    you can crack a key 'too quickly,' which is to say 'never' in the
    Secret Service's case."