If Hard Drive Encryption Is So Powerful, How Were FARC’s Documents Analyzed?.

Anyone following international politics may have heard about Chavez’s latest rant against the western world.  This particular rant—as opposed to his other, regular rants against the western world—stems from a finding by Interpol that confirms the legitimacy of files found in the computers and other digital devices belonging to a now?deceased FARC leader, Raul Reyes.  The Interpol finding is damaging because apparently some e?mails found in the computers imply that the government of Venezuela, at its highest levels, has been supporting FARC, which is considered a terrorist organization by the US and the EU.

 

The devices in question were recovered in March by Colombian security forces, after raiding a Revolutionary Armed Forces of Colombia (FARC) camp in Ecuador.  At the time, there was a lot of talk about the contents of the computers, external drives, and flash drives being encrypted.  Although I haven’t been keeping up with the news, my understanding was that all the devices were protected with full disk encryption.  I remember thinking that anyone trying to analyze the contents of those machines had their work cut out for them, since full disk encryption solutions like AlertBoot are pretty much unbreakable.  I’d imagine the rebel/terrorist organizations that took the time to encrypt stuff would have used the best solution available.

 

That hasn’t stopped the Interpol from trying to break the encryption, though.  They used ten computers, 24/7 for two weeks, according to a statement by Ronald Noble, General Secretary of Interpol.  Did they manage to break the encryption?  Well, the findings would imply so; otherwise, how could Interpol verify the legitimacy of the files?  However, the above setup of ten computers is not enough for cracking encryption.  What’s going on?

 

Upon reading Interpol’s concluding report, I think that full disk encryption was not used on these computers.  Rather, it was file encryption, and it was used on a small number of files.  Whether the specialists were able to gain access to the files is not reported, only that 900-odd files were protected using cryptography.

 

So, were they able to crack the encryption for those 900 files?  My guess is “no.”  However, “no” doesn’t mean that the specialists were not able to gain access to the encrypted information.  There are two methods of attacking an encrypted file: 1) break the encryption key or 2) figure out the password for decrypting the file.

 

Generally, it’s the latter that will be attacked because the former is just too difficult to break.  Ten computers running at all times for two weeks will just not do, assuming something like 256-bit encryption was used.  The weakest link generally tends to be the password a person selects to access the contents of encrypted data, since people tend to choose something that is not truly random, and there is a limit to how many random characters can be memorized by the average person, so passwords tend to be short, in general.  If the encryption system used by FARC allowed someone to enter the incorrect password unlimited times, a simple program could be created by the Interpol specialists to try millions of password combinations in an attempt to gain access to the data, since all they’d need is one good guess.



Comments (0)


Let us know what you think