
Claim by Bulgarian police that they decrypted a laptop after the data leak? - space-cube
So a couple of weeks ago there was a massive data breach that exposed the private data of millions of Bulgarians. The police confiscated several computers from the prime suspect of the hack but everything was encrypted. He refused to give up any passwords.<p>Today the police claimed they&#x27;ve successfully decrypted one of the laptops. We do not know what encryption exactly was used, though they did call it &quot;strong encryption&quot; and the suspect has years of experience working at OpSec, so he obviously didn&#x27;t use &quot;password&quot; as password or anything like that.<p>How plausible is the police&#x27;s claim that they&#x27;ve successfully decrypted said encryption, especially in such a short time period (~2 weeks)? Is this plausible or unrealistic?
======
LinuxBender
Unless you know all the details, it could be as simple as "give us the
passphrase, or your jail cell will go missing"

There are services that will brute force disk encryption for a fee, but it is
very expensive.

~~~
space-cube
The suspect is currently not in police custody (he was released on bail almost
immediately) and there is no evidence of physical threats. He continues to
maintain his claim of innocence, while the police claim the decrypted drive
incriminates him heavily, so it's unlikely he gave them a password himself.

Can you elaborate about the brute force attacks? I thought if the encryption
is strong enough brute forcing it would not be possible?

~~~
LinuxBender
There are forensic tools that grab {n} number of sectors from the drive image,
then upload it to a cloud that has a massive farm of servers that brute force
the blocks using all known ciphers and strings. Brute forcing anything is
possible, especially if using symmetric encryption only. The CPU cycles (and
cost) to break the passphrase depend on the complexity.

If the disk encryption used a combination of a strong passphrase and a large
key (usb device, etc) then the probability of decrypting the drive becomes
highly unlikely.

Anyway, I am no lawyer, but the person should assume the police are lieing
either way. Their lawyer should have told them this and to keep their mouth
shut. The police could be playing mind games. Mind games are the cheapest way
to decrypt a drive or get someone to admit guilt.

