backtop

Print E-mail del.icio.us 21 comment(s) - last by mikeyjk.. on May 2 at 8:51 PM

The COFEE USB thumb drive  (Source: CNET)
Microsoft gives out free COFEE to law enforcement

In the age where crime may now be carried out from behind a computer terminal, the world’s largest software maker is lending a hand to law enforcement against cybercrime.

Microsoft said this week it will freely distributing a specially developed USB thumb drive device that is able to quickly extract forensic data from computers used in criminal activities. The device is called COFEE, or Computer Online Forensic Evidence Extractor, which was officially revealed to law enforcement experts on Monday, reported the Seattle Times.

Traditional procedures in cybercrime investigation call for seizure of all computer equipment at the scene of the crime, but the COFEE tool allows for immediate gathering of evidence such as passwords, internet activity and other critical data all without the need to disturb the area. The tool is capable of executing more than 150 commands to access data on a given computer system.

According to CNET, the COFEE tool was originally developed by Ricci Ieong and Anthony Fung, whom are members of the High Tech Crime Investigators Associate’s (HTCIA) Asia South Pacific Chapter. Microsoft did not share the exact contents of the COFEE drive, but did say that it is all composed of publicly available tools.

“The key to COFEE is not new forensic tools,” said Tim Cranton, associate general counsel for Microsoft, “but rather the creation of an easy to use, automated forensic tool at the scene. It's the ease of use, speed, and consistency of evidence extraction that is key.”

Contrary to earlier reports of COFEE being able to defeat Windows BitLocker with access to a backdoor, Microsoft said that it simply isn’t true. “COFEE does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret 'backdoors' or other undocumented means,” added Cranton.

COFEE is currently in use by more than 2,000 officers in 15 different countries, including the U.S., Germany, Poland, New Zealand and the Philippines

Comments     Threshold


Linux?
By Sunbird on 5/1/2008 8:33:31 AM , Rating: 2
So, should people who want to do cybercrimes start using Linux?




RE: Linux?
By SlipDizzy on 5/1/2008 8:57:04 AM , Rating: 2
I'd think it would be better off to have a dual boot environment. That way they may overlook the fact that Linux is installed. Make sure to visit lots of "Care Bear" and "Save The World" sites on your Windows partition so it totally throws them off.


RE: Linux?
By mridion on 5/1/2008 9:00:24 AM , Rating: 2
I thought you would still needs windows to install the spyware used to do cybercrime. Wouldnt using linux make this harder?


RE: Linux?
By PAPutzback on 5/1/2008 9:34:18 AM , Rating: 2
Couldn't we just keep our pcs with us in a VHD on USB key with some good encryption. Or just swallow it when the FBI comes knockin.


RE: Linux?
By SlipDizzy on 5/1/2008 11:24:27 AM , Rating: 4
I don't know what you guys are talking about, I use a typewriter.


RE: Linux?
By reddragon75 on 5/1/2008 11:48:38 AM , Rating: 2
I would think that Microsoft made sure it worked on all OSes except VISTA. It would give them another selling point -> more secure.


RE: Linux?
By TomZ on 5/1/2008 3:44:18 PM , Rating: 2
Correct, as the article states that this toolset does not defeat BitLocker, which is Vista's drive encryption and authentication feature.


RE: Linux?
By Screwballl on 5/1/2008 12:05:13 PM , Rating: 2
Use linux with full disk real time encryption and there is little to no way they are getting the info they need... the PC may be running when they arrive, but to get the info, they need to turn it off, send it to a lab that can extract the information.... and with the real time encryption... by the time they may actually extract one website URL some weeks, moths or years later, you will be walking free due to lack of evidence against you... that is unless you were stupid and used webmail for any incriminating stuff


RE: Linux?
By mikeyjk on 5/2/2008 8:51:58 PM , Rating: 2
Not just criminals but polital dissidents in China and elsewhere.


Secure?
By djc208 on 5/1/2008 9:49:50 AM , Rating: 2
I'd almost prefer this thing have secret back door access to get it's data. Otherwise this tool basically shows how easy it is for someone to collect a whole lot of sensitive information off your Windows PC using freely available software.

So much for Windows security.

The only positive is MS trying to get this into the right hands for free.




RE: Secure?
By darkpaw on 5/1/2008 10:12:20 AM , Rating: 2
It's no harder to access that information off a Linux or Mac box if they are already running. Physical Access = Full Access. Full disk encryption works well if the system is turned off prior to access and the password isn't something trivial.


RE: Secure?
By Reclaimer77 on 5/1/2008 10:53:17 AM , Rating: 2
quote:
So much for Windows security.


No OS is a secure if your PC is seized by authorities.


RE: Secure?
By TomZ on 5/1/2008 3:46:27 PM , Rating: 2
...or bad guys. Physical security of the machine is a requisite for most of the other security present in a typical operating system. There are some exceptions, e.g., Vista BitLocker mentioned above.


RE: Secure?
By GoodBytes on 5/1/2008 12:03:09 PM , Rating: 2
More proper info on the subject:
Read this:
http://community.winsupersite.com/bl...back-door.a...

and this:
http://www.tgdaily.com/content/view/37201/108/

Here is a quote:
[quote]
the device as basically a collection of publically available tools much like live security distributions such as Remote Exploit’s Backtrax CD (a great CD by the way). Cranton added that the device doesn’t contain any new tools, but is rather just an easy to use forensic tool. A Microsoft spokeswoman also told Romano that does not circumvent any operating system protections like Vista’s BitLocker.

So there you have it – Microsoft basically created a USB thumbdrive with a bunch of pre-existing security tools and probably goosed it up with a dialog box interface (Visual Basic anyone??) Not really a big deal from a security viewpoint, but police departments are always strapped for cash and greatly appreciate any free tools they can get.
[/quote]


Hot COFEE
By therealnickdanger on 5/1/2008 7:37:01 AM , Rating: 2
I'm still not sure what this thing does...




RE: Hot COFEE
By albundy2 on 5/1/2008 7:54:06 AM , Rating: 3
duh, it makes cofee. we have usb fridge's, hot plates, eager dog's and now cofee.


RE: Hot COFEE
By tastyratz on 5/1/2008 8:06:25 AM , Rating: 2
no
it gets you in trouble with the parents of America for having a controversial scene


By greylica on 5/1/2008 12:31:39 PM , Rating: 2
For me, it´s microsoft revealing the dark side of their OS, wich can be hacked totally by a simple USB key.

I am thinking what will happen when one or more keys will be in the hands of the criminals itself. It´s simple, they will connect their USB key, and like the ninjas, no one saw.

Microsoft will give tools to the Cia, but also for the criminals.
It´s not uncommon to see lost of laptops and other things from Cia and FBI personell, with sensitive data going trough the wrong hands. What will happen when a criminal start to put their Microsoft Branded USB drives into Cia and FBI computers ?

May CIA and FBI start to use REAL intelligence and get rid of Microsoft (ever weak OSes, proved here now once more) and go to RED HAT like the US military forces ?

The correct procedure is Microsoft never give these kind of tools to anyone, and when FBI or CIA ask for a crack, the computer of the criminal is then sent to Microsoft software factory to be analysed and cracked.

Course, some of us have the knowledge that the hackes already have this kind of tools, because of the always unsolved 1394 and USB weaknesses. But Microsoft starting to sell cracking tools for their own OS ? And about the Anti-Virus, AntiSpyware, Ant-Rootkit, Anti-this, Anti-that ?

Like was said before - " The consumer is in charge. "

(Excuse-me for a bad english...I am really learning to get better in english )




By greylica on 5/1/2008 12:40:36 PM , Rating: 2
OOps I forgot to say. They are giving it for free now. But it may be just the phase two...


Dead mans switch
By Malikhan on 5/1/2008 5:00:04 PM , Rating: 2
I remember a couple years ago there was a little free piece of software that was a dead man's switch. If you didn't put in the right password at some point during boot it would wipe the drive with some sort of really evil formatting.
I tried looking around for it a couple weeks ago to show a friend but couldn't find it.

MS's little thumbdrive of doom is interesting for sure. I wonder how long it'll take for it to get warezed? hehe




By phxfreddy on 5/1/2008 11:32:15 AM , Rating: 1
...it certainly should be!




"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken