washingtonpost.com  > Technology > Tech Policy > Security

DNA Key to Decoding Human Factor

Secret Service's Distributed Computing Project Aimed at Decoding Encrypted Evidence

By Brian Krebs
washingtonpost.com Staff Writer
Monday, March 28, 2005; 6:48 AM

For law enforcement officials charged with busting sophisticated financial crime and hacker rings, making arrests and seizing computers used in the criminal activity is often the easy part.

More difficult can be making the case in court, where getting a conviction often hinges on whether investigators can glean evidence off of the seized computer equipment and connect that information to specific crimes.

How DNA Works
From washingtonpost.com at 6:57 AM

The Secret Service's "Distributed Networking Attack" program consists of 4,000 computers linked together and configured to try different password combinations against a series of encryption keys.

The network is organized hierarchically, according to each computer's processing power and function, with each segment of the network named with a decidedly equine theme.

The machine that tells each segment of the network what to work on is called "Shadowfax," named after the horse in J.R.R. Tolkien's "Lord of the Rings" series.

Underneath Shadowfax are several "Blackhorse" machines that assign jobs to DNA computers in Secret Service-field offices around the country. The computers that actually do most of the computations are called "packhorses."

DNA scours a suspect's hard drive for words and phrases located in plaintext and fetches words from Internet sites listed in the computer's Web browser logs. DNA technicians then load the suspect's encrypted data into the system, while Shadowfax tells the Blackhorse computers how to distribute the workload of testing the keys against the word lists and execute any subsequent brute-force attacks against the targeted encryption keys.

-- Brian Krebs

Banking Rules Address Theft Of Customers' Private Data (The Washington Post, Mar 24, 2005)
Critics Question Impartiality of Panel Studying Privacy Rights (The Washington Post, Mar 11, 2005)
Hackers Target U.S. Power Grid (The Washington Post, Mar 11, 2005)
More Security News

The wide availability of powerful encryption software has made evidence gathering a significant challenge for investigators. Criminals can use the software to scramble evidence of their activities so thoroughly that even the most powerful supercomputers in the world would never be able to break into their codes. But the U.S. Secret Service believes that combining computing power with gumshoe detective skills can help crack criminals' encrypted data caches.

Taking a cue from scientists searching for signs of extraterrestrial life and mathematicians trying to identify very large prime numbers, the agency best known for protecting presidents and other high officials is tying together its employees' desktop computers in a network designed to crack passwords that alleged criminals have used to scramble evidence of their crimes -- everything from lists of stolen credit card numbers and Social Security numbers to records of bank transfers and e-mail communications with victims and accomplices.

To date, the Secret Service has linked 4,000 of its employees' computers into the "Distributed Networking Attack" program. The effort started nearly three years ago to battle a surge in the number of cases in which savvy computer criminals have used commercial or free encryption software to safeguard stolen financial information, according to DNA program manager Al Lewis.

"We're seeing more and more cases coming in where we have to break encryption," Lewis said. "What we're finding is that criminals who use encryption usually are higher profile and higher value targets for us because it means from an evidentiary standpoint they have more to hide."

Each computer in the DNA network contributes a sliver of its processing power to the effort, allowing the entire system to continuously hammer away at numerous encryption keys at a rate of more than a million password combinations per second.

The strength of any encryption scheme is based largely on the complexity of its algorithm -- the mathematical formula used to scramble the data -- and the length of the "key" required to encode and unscramble the information. Keys consist of long strings of binary numbers or "bits," and generally the greater number of bits in a key, the more secure the encryption.

Many of the encryption programs used widely by corporations and individuals provide up to 128- or 256-bit keys. Breaking a 256-bit key would likely take eons using today's conventional "dictionary" and "brute force" decryption methods -- that is, trying word-based, random or sequential combinations of letters and numbers -- even on a distributed network many times the size of the Secret Service's DNA.

"In most cases, there's a greater probability that the sun will burn out before all the computers in the world could factor in all of the information needed to brute force a 256-bit key," said Jon Hansen, vice president of marketing for AccessData Corp, the Lindon, Utah, company that built the software that powers DNA.

CONTINUED    1 2 3    Next >

© 2005 TechNews.com