washingtonpost.com  > Technology > Tech Policy > Security

Page 3 of 3  < Back  

DNA Key to Decoding Human Factor

"If you have a whole hard drive of materials that could be related to the encryption key you're trying to crack, that is extremely beneficial," McNett said. "In the world of encrypted [Microsoft Windows] drives and encrypted zip files, four thousand machines is a sizable force to bring to bear."

It took DNA just under three hours to crack one file encrypted with WinZip -- a popular file compression and encryption utility that offers 128-bit and 256-bit key encryption. That attack was successful mainly because investigators were able to build highly targeted word lists about the suspect who owned the seized hard drive.

How DNA Works
From washingtonpost.com at 6:57 AM

The Secret Service's "Distributed Networking Attack" program consists of 4,000 computers linked together and configured to try different password combinations against a series of encryption keys.

The network is organized hierarchically, according to each computer's processing power and function, with each segment of the network named with a decidedly equine theme.

The machine that tells each segment of the network what to work on is called "Shadowfax," named after the horse in J.R.R. Tolkien's "Lord of the Rings" series.

Underneath Shadowfax are several "Blackhorse" machines that assign jobs to DNA computers in Secret Service-field offices around the country. The computers that actually do most of the computations are called "packhorses."

DNA scours a suspect's hard drive for words and phrases located in plaintext and fetches words from Internet sites listed in the computer's Web browser logs. DNA technicians then load the suspect's encrypted data into the system, while Shadowfax tells the Blackhorse computers how to distribute the workload of testing the keys against the word lists and execute any subsequent brute-force attacks against the targeted encryption keys.

-- Brian Krebs

Banking Rules Address Theft Of Customers' Private Data (The Washington Post, Mar 24, 2005)
Critics Question Impartiality of Panel Studying Privacy Rights (The Washington Post, Mar 11, 2005)
Hackers Target U.S. Power Grid (The Washington Post, Mar 11, 2005)
More Security News

Other encrypted files, however, are proving far more stubborn.

In a high-profile investigation last fall, code-named "Operation Firewall," Secret Service agents infiltrated an Internet crime ring used to buy and sell stolen credit cards, a case that yielded more than 30 arrests but also huge amounts of encrypted data. DNA is still toiling to crack most of those codes, many of which were created with a formidable grade of 256-bit encryption.

Relying on a word-list approach to crack keys becomes far more complex when dealing with suspects who communicate using a mix of languages and alphabets. In Operation Firewall, for example, several of the suspects routinely communicated online in English, Russian and Ukrainian, as well as a mishmash of the Cyrillic and Roman alphabets.

The Secret Service also is working on adapting DNA to cope with emergent data secrecy threats, such as an increased criminal use of "steganography," which involves hiding information by embedding messages inside other, seemingly innocuous messages, music files or images.

The Secret Service has deployed DNA to 40 percent of its internal computers at a rate of a few PCs per week and plans to expand the program to all 10,000 of its systems by the end of this summer. Ultimately, the agency hopes to build the network out across all 22 federal agencies that comprise the Department of Homeland Security: It currently holds a license to deploy the network out to 100,000 systems.

Unlike other distributed networking programs, such as the Search for Extra Terrestrial Intelligence Project -- which graphically display their number-crunching progress when a host computer's screen saver is activated -- DNA works silently in the background, completely hidden from the user. Lewis said the Secret Service chose not to call attention to the program, concerned that employees might remove it.

"Computer users often experience system lockups that are often inexplicable, and many users will uninstall programs they don't understand," Lewis said. "As the user base becomes more educated with the program and how it functions, we certainly retain the ability to make it more visible."

In the meantime, the agency is looking to partner with companies in the private sector that may have computer-processing power to spare, though Lewis declined to say which companies the Secret Service was approaching. Such a partnership would not endanger the secrecy of their operations, Lewis said, because any one partner would be given only tiny snippets of an entire encrypted message or file.

Distributed.net's McNett said he understands all too well the agency's desire for additional computing power.

"There will be such a thing as 'too much computing power' as soon as you can crack a key 'too quickly,' which is to say 'never' in the Secret Service's case."

< Back  1 2 3

© 2005 TechNews.com