15 comments

[ 3.2 ms ] story [ 37.6 ms ] thread
> 198. In the United Kingdom, it is a criminal offence under the Regulation of Investigatory Powers Act 2000 to refuse to hand over an encryption key when required. Care must be taken, however, to ensure that suspects do not seek to evade the provision by utilizing several layers of encryption and multiple keys to protect different data sets. For example, a setting of TruCrypt, a common free encryption tool, allows a suspect to encrypt a hard drive and create two passwords: one for the “clean” drive and the other containing the incriminating material. This can be circumvented by ensuring that the forensic examination of the hard drive takes into consideration whether there is any “missing volume” of data.

If they had actually installed TrueCrypt and created a hidden partition or read the documentation, they would see that the other partition lies about space usage to prevent its existence from being provable

I wonder if someone had it backwards? That is, use the "main" volume for your secret stuff, and show the "hidden" volume for plausible deniability? Because I agree it wouldn't work the other way around.
There's other hints though. For instance, you might start the clean volume and find it hasn't been run for a month. Or, if the volume is being mounted inside another OS, there could be cached paths in various places pointing to the secret volume.

If you're being seriously investigated, you have to work on the cover story and make sure your clean volume looks legit.

Any other problems?
(comment deleted)
Sigh. They create a honeypot to catch terrorists, then "finally hav[e] to dismantle their own website when law enforcement realised that it was also being used to plan attacks against US troops in Iraq."

What? If they know the plan, then ... they act on it. Why would you stop using an information source like that?

Quite simply, they decided it was worse to leave it up and allow the communication as the risk/reward was not sufficient.

The relevant text of that point (listed as 218, but is actually 228):

  For example, a “honey pot” jihadist website reportedly was designed by the [Central 
  Intelligence Agency] and Saudi Arabian Government to attract and monitor terrorist
  activities. The information collected from the site was used by intelligence 
  analysts to track the operational plans of jihadists, leading to arrests before the 
  planned attacks could be executed. However, the website also was reportedly being 
  used to transmit operational plans for jihadists entering Iraq to conduct attacks
  on U.S. troops. Debates between representatives of the [National Security Agency, 
  Central Intelligence Agency, Department of Defense, Office of the Director of 
  National Intelligence and National Security Council] led to a determination that 
  the threat to troops in theater was greater than the intelligence value gained
  from monitoring the website, and a computer network team from the [Joint Task
  Force Global Network Operations] ultimately dismantled it.
I don't think it's very likely that the shutdown stopped them from communicating. Risk/reward? The risk is that the honeypot was the only way they could communicate, and that keeping it alive was the only way these attacks could continue. I don't think this is a very large risk. The reward, however, is foreknowledge of an attack. Maybe they don't think this is very useful knowledge?

In any case, I don't think these were the reasons for taking it down.

Possible, but remember that these are political animals.

How are they going to explain to the American people (or talk-radio hosts) that President Obama authorized a website that was used to plan attacks on U.S. soldiers?

Yes, when law enforcement gets that enmeshed with the plans of criminals, things go sideways. Compare the ATF scheme ("Operation Fast and Furious") for letting illegal gun sales proceed so that criminal gun distributors higher up the food chain could be caught:

http://en.wikipedia.org/wiki/ATF_gunwalking_scandal

When you count all the guns that the US let leak into Mexico over the years, it's hard to justify the operation.

Basically, such an operation deserves a fuller debate and examination of all the consequences. But by their nature, secret operations can't have full debates.

I wonder why they didn't use the honeypot to seed disinformation or selectively edit the leaked military plans.
Maybe because they were afraid such actions would be noticed, and give the game away?
Wow, this as a big industry for hackers. It's only going to get bigger.