A powerful set of tools specifically designed to circumvent security on computers running the Microsoft Windows operating systems was released to law enforcement and military intelligence staff in the U.S and other foreign countries by Microsoft in the summer of 2007.
The USB device was dubbed COFEE which stands for Computer Online Forensic Evidence Extractor. COFEE is said to contain over 100 software programs that allow the holder to quickly discover passwords, decrypt files and folders, view recent Internet activity and a great deal more. On piece of functionality allows evidence to be gathered while the computer is still connected to the Internet or other network. All you have to do is plug COFEE into a USB port of a running computer and the data extraction begins with the click of a mouse. Some security professionals and privacy advocates are concerned that Microsoft has created a secret back door within Windows. This is a concern the Microsoft has denied.
Nearly 400 people from more than 80 agencies in 35 countries attended the conference where Microsoft provided training on this tool. COFEE seems to be an easy to use, automated computer forensic tool that can be used by investigators in the field. However, one has to wonder how fast one of these devices will find their way to the darks side and in the hands of criminals. I would bet within hours of the initial distribution of this device, a bounty was established payable to the first person to deliver COFEE into the hands of the bad guys.
The attendees were shown how to use the device and other technologies that can help them fight cybercrime as well as help them investigate traditional crime with an online component. They were also instructed on topics that covered how to collect evidence from PDAs running Windows CE and how to gather evidence from Microsoft’s online services and products like Hotmail and Windows.
Distribution: More than 2,000 law enforcement and intelligence officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States have received the device.
Development: COFEE is said to have been developed by a former Hong Kong police officer who now works for Microsoft.
Professional hackers and cyber weapons designers are smarter than you think. They have their own versions of COFEE and in all likelihood they are much better than the Microsoft tool. In fact, one professional hacker said, “If it works as good as other Microsoft applications — no one has anything to worry about.” I bet they get the old “Blue Screen of Death as well.”
The risk of tools like this being used by criminals and our enemies is very real. So is the potential misuse of these capabilities and the threat that it poses to privacy. That being said, given the current state of cyber crime and the threat of cyber terrorism and the looming risk of cyber war, the military, intelligence organizations and law enforcement needs all the help they can get. As I have said many times before, one person’s tool is another’s weapon.
– Kevin Coleman
Glad I use a Mac
John
I would be more interested in examining one of these devices to determine vulnerabilities within the device that would allow evidence hiding, code execution or creating denial of service conditions.
View the following Black Hat 2007 conference presentation slides from Palmer, Newsham, Stamos and Ridders’ “Vulnerabilities in Critical Evidence Collection” for an example of what I am talking about.
Abstract:
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Palmer
Full Text:
http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Slides.BH2007.pdf
Windows… just another reason to support Linux.
TrueCrypt — Free Open-Source Disk Encryption Software
http://www.truecrypt.org/
http://www.truecrypt.org/docs/system-encryption.php
What I am wondering is how in 20 minutes law enforcement is able to get around the encryption Does that sound like a black door to anyone else
China and Russia have far more sophisticated capabilities than that which is contained in this “tool-kit”.
I have seen some pretty clever handywork from those chaps, and trust me, they don’t need any help from Microsoft.
This COFEE is getting far more press than it deserves. Bravo to M$ though, for the PR blitz for handing out a bunch of free utilities to LEOs. I must try that myself someday.
There is a well known backdoor in every PC (including macs) that has a firewire port. Direct memory access bypassing all software based security is regarded as a feature of firewire by MS and Apple. MS has explicitly stated recently that they will not fix this.
Once physical access is gained all security, including encryption, goes out the window.
WHOA, A BACKDOOR TO WINDOWS?!?!?! No really, anybody whose had their computer destroyed by viruses and switched to mac because of it could tell you that
why not just disable your USB ports if you are up to no good on your computer?
Most Viri are programmed by contractors to AV companies. Hence the reason payloads are usually null.
Most Piracy comes from China and Russia, which means they have access to everything as it’s released, it’s a policy and IP law issue, as a result the Russians & Chinese (whose educational systems turn out genius standard kids with nothing to do) often find them selfs playing with computers. Checkout the RBU (government funded hackers in the Kremlin).
As to disk encryption system this may only function for Microsoft Based Encryption, which anyone in the industury will tell you is never used. Good Cryptographic systems for disk based crypto use in hardware accelerators which usually come with vendor propitiatory software, The best ones come out of Canada and Israel, due to the lack of export restrictions on those countries, by default any cryptographic based system manufactured or sold in the United States must contain a back door. (unless its for military use). This is a law under the National Security standards, I have associates of mine that used to design optical carrier grade systems that had first hand experience with this law and it’s enforcement.
To assume otherwise is sheer stupidity.
Scary if in wrong hands.
ID theft to the 7th power?
10th power.
Very scary.
Impact US Intel & expand Hacking– see Die Hard 4.
This sounds similar to the U3 switchblade. U3 is a new design for USB thumb drives that allows some extra features and software to be loaded. However, if you put a proper payload in the USB drive, it can execute some nasty applications; at a counter-hacking competition, an opposing team stole our LM password hashes using this technique.
The reality life is different from the game life. In the game, you can find warm, when you have different they can come to help you all. I also remembered once my number was stolen, although I find later, but my things were lost all. At that time, they gave me a lot of rappelz money to buy things, I was touched. I love you, Rappelz, the same as I love my husband; I have half a mind you.
Many guildwars money is here.
There are four modes to choose from when playing Shaiya. When you first begin playing, only Easy and Normal modes will be available Shaiya money.
I was a sad loss of the same things will be long, so I order to commemorate the my 17 days of the 2moons. I only know that in the game the 2moons dil is very important.
People often said the boyfriend in order to the girlfriend can spend much money to let the girlfriend happy, so now in the game many players spend much money to bought the 2moons gold then send them to their game girlfriend. So in the game I was very admire my friends, they can did many things for their girlfriend, some time they let me affect.
how to do will be aroused the girl