Hacker News new | past | comments | ask | show | jobs | submit login
"Forensics for Prosecutors" mentions backdoor in TrueCrypt (page 15) [pdf] (cryptome.org)
134 points by jhickner on Sept 4, 2013 | hide | past | favorite | 57 comments

The reference to the names "Detective Stu Pitt" and "Detective Laughlin Foo" on the last page has me wondering about this. They both really, really sound like joke names. The similarity to the presenter's name (first slide) from the real North Dakota State Attorney's Association (NDSAA) presentation (http://www.ndsaa.org/Computer_Forensics_for_Prosecutors.pdf) also seems suspicious.

It has the look that somebody took the real NDSAA presentation, tweaked it up, and released it as a hoax.


Here's a site that seems to be hosting the same PDF as part of an article dated 1 April 2013: http://www.techarp.com/showarticle.aspx?artno=770

I dug a little further. Not only is there "Detective Stu Pitt", there's also "Laughlin Foo" for the next day's presentation, and the link at the bottom is for the North Dakota State Attorney's Association, though the only state mentioned (and whose seal is used) is Oregon. This is phony.

took less than an hour for the hoax to be revealed.. :)

A few gems in here besides the TrueCrypt statement, mainly that Apple iCloud and Dropbox are named, and the legal framework is touched upon.

  All cloud stored content are automatically hash-scanned
  and image-analyzed by their service providers and
  infringing content reported to NCMEC (p16)

  Mobile content are automatically scanned when they are
  synced with cloud storage like Apple iCloud or Dropbox.
  Mobile devices that are not cloud-synced can be accessed
  by their respective vendors (p16)
If I am reading this correctly, when you upload something to Apple iCloud or Dropbox, there is a background process which generates a hash of your content, then compares that hash with infringing content? What defense do companies have? What about proof that these claims are true (sources, etc)? Can anyone just leak a document that claims XYZ tech company spies on its users and everyone takes this as fact?

  Vendors are legally and commercially prevented from
  acknowledging their backdoors. Defense will not be
  able to prove their existence (p16)
Great, blanket denial either way! I hope this is a hoax!

You missed a big one there.

    Mobile devices that are not cloud-synced can be accessed 
    by their respective vendors 
Essentially; iOS and Android have a remote backdoor available to the US government.

I think they're speaking about system dumps at the manufacturer level.

For example, I'm fairly confident that the data on Motorola devices can be read completely using USB from bootloader mode without any data modification (using tools like RSD Lite or sbf_flash). By itself that wouldn't get past OS-level encryption, though. That bootloader is entirely Motorola's with functionality and communication protocols dating back to before the pre-Android razr flip phones (from what I could tell back when I was doing battle with the XT720).

On the other hand, passphrases for boot security on mobile devices are often extremely weak (pin or what-have-you) and easy to brute force (assuming there is a backdoor to access the TPM contents or whatever it's called on ARM/OMAP/etc if it uses that sort of thing)


I was thinking... "Wow... why is this guy worried about Dropbox?"

The Dropbox problem is solvable... just don't use Dropbox.

But how are you going to use a phone without using iOS or Android. (All of the other mobile OSes are probably backdoored as well)

I wonder if my next pone should be Mozila-based.

With regards to FileVault for Mac, some friends who used to work as Geniuses at the Apple Store have mentioned having to request special software from corporate that would fix or recover FileVault in some way - they weren't clear and said it was not something they were supposed to talk about. Obviously I'd take the info with a grain of salt, but based on the news lately...

I had an conversation regarding FileVault with the geniuses recently too.

    > Oh we see [your MacBook] has a password, would you be able to write it down here?
    Haha, nope!
    > Any, uh, reason not to?  
From a conversation later on, apparently not many people opt not to give up their keys. I'm not sure why they pushed me to give it up either, the geniuses know full well that they can just boot their diagnostics disk without the password anyway.

Bear in mind that the default setup for Apple's FileVault also sends a copy of the encryption key to Apple too (associated with your AppleID), where presumably there is access granted to the US government also (willing or unwilling).

> Bear in mind that the default setup for Apple's FileVault also sends a copy of the encryption key to Apple too (associated with your AppleID), where presumably there is access granted to the US government also (willing or unwilling).

If anyone else is curious about this see the recovery key sections on http://support.apple.com/kb/HT4790

Well, here is the one for last year. How many times do they have to tell us?


Are we all just going to take this seriously? It's pretty obviously a fake. Just look at the names at the end. Detective Laughlin Foo? Stu Pitt? Neither of which, incidentally, return anything in google aside from this presentation. There's also a clear divergence in style on the backdoor slides, and it reads like a parody.

But the most obvious problem: if the NSA or whoever had a backdoor to truecrypt and Android and iOS, they would not send that information to a local DA office to be leaked.

Please don't set aside critical thinking just because something confirms your biases.

Incessantly cynical distrust of the government is the new blind patriotism.

It is impossible to overmistrust the State. If you could imagine the lows they will go to, you'd be working for them by now.

Is it really impossible? Do you think there is literally really no limit to what they can do or what they will do?

No, but they operate at a scale beyond our comprehension, and use reasoning beyond our comprehension (or mine, anyway!), so it's not too clever to imagine that we can anticipate their limits...

Page 16 has some wonderful lines:

  • “Fruit of the poisonous tree” can be circumvented
    • The use of backdoors cannot be detected or proven
    • Vendors are legally and commercially prevented from
      acknowledging their backdoors. Defense will not be
      able to prove their existence
    • The files can be described as “forensically obtained”

...but how is the prosecution able to prove the files exist on someone's device if they don't have to disclose how they determined that the files were present? If all they have to do is assert that the files exist and were "forensically obtained" then why bother with the backdoor in the first place?

They are required to disclose everything. This slide reads like it was written by someone whose knowledge of criminal procedure comes from TV.

The title page credits the document to a presentation by a detective in Oregon. Have any journalists tried to verify the source and accuracy of this document? It's unclear from the article submission why it was submitted or how the submitter found it.

Edit: I just read the current top comment listing the names of the supposed presenters.

This is of course, completely false in every way. No prosecutor would ever be dumb enough to say any of this.

Could it happen in some off-the-beaten-path courtroom that isn't being watched as closely, and whose defendants are less likely to know that? The title page of the document shows a county in Oregon, and the link at the end to the previous year's presentation points to North Dakota.

This article is pretty interesting:


It claims TrueCrypt is a CIA honeypot.

It is a shame that the Firewire backdoor is still out there. Particularly in Ubuntu.


If you use the link to the last year's presentation on the last page, and download it, you can see last year's presentation was made by "micah smith" (who apparently has become "michael smith" this year).

The entire presentation is clearly a copy of the previous year presentation, with some words changed by some moron with an agenda whose understanding of criminal procedure came from watching too many law and order episodes.

So there's a few possible ways to interpret this..

    * There is an actual hereto-unknown flaw in TrueCrypt's algorithms or implementations of algorithms that can be exploited.

    * They are referring to the only known attack, wherein keys can be recovered from RAM if the volume isn't unmounted correctly.

    * This is FUD designed to push people away from less-breakable encryption and onto software which actually /does/ have backdoors.

    * This is a hoax (pay special attention to the detective's names on the slide)
I'm not sure what to make of it.

Truecrypt is open source. Can anyone find the backdoor?

"Reflections on trusting trust" [1] may be necessary here. When you install Truecrypt, do you download a packaged binary app? Or do you compile it from source? Do you trust your compiler?

Until you know what the backdoor actually _is_, please don't stop just because you audited the source code.

[1] a good summary is at http://en.wikipedia.org/wiki/Backdoor_%28computing%29#Reflec...

A bit of Googling got me:

"Is Truecrypt A CIA honeypot" http://www.privacylover.com/encryption/analysis-is-there-a-b...

Seems like paranoia is looking just in general more plausible today.

Worth mentioning that truecrypt volumes can be hidden inside playable video files. Yes, it's security through obscurity, but hey, it makes me feel a little safer.


Mentioning a steganographic technique implies that you use it, negating the point.

Not completely. How many video files does he have? Where is it stored?

I'm curious now though, do Truecrypt volumes have a magic number, in which case it's still easy to find, or are they fully crypographically random in appearance, making this a known-needle in a large haystack problem?

Truecrypt claims an encrypted volume is indistinguishable from random data. I do not know if this is the case though. Obviously don't give it the file a stupid name or extension like "encryptedfiles.tc" or leave it open in your file history, etc.

It's also pretty suspicious if someone has a file of megabytes of random data.

*speaking hypothetically of course.

The file size will far exceed the normal size of the video - easily detectable.

Anybody ever heard of the "zSearch" software mentioned in the pdf?

After some more digging, found this document: http://www.ndsaa.org/Computer_Forensics_for_Prosecutors.pdf

Which states:

Free product by SA Eric Zimmerman

Random Access Memory Analysis:

* FBI - Salt Lake City, UT

* Distribution - eric[at]feeble-industries.com

* Plug-in live triage via USB

* Virtualization, encryption, mass storage, P2P, Gigatribe, picture & video preview, password gathering, and MORE!

Looks LE agents can request a copy by registering for the guy's phpbb form here (judging by the registration terms, it's not open to the public):


There is more regarding zSearch: "... computer search tool called osTriage/zSEARCH. The search tool allows investigators to find child pornography without damaging the forensic integrity of a computer." http://attorneygeneral.utah.gov/PR_122011.html

This really doesn't sound legit. I suspect they might be thinking of backdooring the truecrypt client, which, really wouldn't make it much of a feat.

The container format itself is really just a giant mathematical mess -- there really isn't anything to backdoor there.

And then the client doesn't exactly dial-out to anything when you mount an encrypted volume. Therefore I would suggest that this is probably a matter of using alternative means of access to the machine in order to patch the client itself.

That wouldn't exactly be worthy of the attention of the NSA, given that truecrypt is open-source.

> The container format itself is really just a giant mathematical mess -- there really isn't anything to backdoor there.

The container itself can actually be 'backdoored' by a malicious client by eg saving a duplicate of the master key, or generating a master key using a deliberately weak RNG.

user: xarball created: 2 minutes ago

Any reason you're using a throwaway?

Israel hires pro-government internet commenters, it'll come out that the US does as well soon, just like everything Israel does "first"

The current downvotes on your comment are why I didn't say "This really doesn't sound legit." instead of what I did (that and there is a genuine possibility for the commenter to have a real reason for using a throwaway).

I was going to add that you can link directly to the page like this: http://cryptome.org/2013/09/computer-forensics-2013.pdf#page...

Works in FF and Chrome in-browser readers.

Then I realized you should really skim every single page, rather than going straight to 15.

Wouldn't any backdoor used in a criminal prosecution have to be disclosed to the defense?

Nope, this is what Ginsburg would call an instruction manual for how to defeat the 4th amendment.

  The use of backdoors cannot be detected or proven

  Vendors are legally and commercially prevented from acknowledging their backdoors. Defense will not be able to prove their existence

Scroll down a bit; all they have to disclose is that the files "were forensically obtained."

I saw that, but I still don't see how that works in a trial. Said evidence will need to be introduced in court. When the witness tries to be cute by giving a vague answer, can't the defense just ask the witness to explain further?

This is entirely false. For gods sake, you have to put lab technicians on the stand for cross examination when they test your blood.

For something like this, a report gets written, and the person who wrote it gets cross examined.

Not everything that looks like it comes from the government really does.

https://github.com/bwalex/tc-play this guy probably knows a thing or two about if it's safe

EDIT: Ignore that. I figured a slide show would not skip slides when you use arrow keys for navigation.

Can I get a direct quote? I'm not seeing any mention of TC on p15 or any other page.

I'll quote it here anyway, for the benefit of other readers -

What’s A Backdoor? • A method to bypass data encryption or security • Does not require the password or passphrase to be known • Saves time, cost and effort to access encrypted or secured data • Allows data to be accessed, copied and even modified without tipping off the owner • Currently available for major encryption software – Microsoft Bitlocker, FileVault, BestCrypt, TrueCrypt, etc • Currently implemented by major cloud storage provider to comply with NCMEC requirements

I laugh at 'white hat' prosecution based culture, there is a serious lack of ethics in the computer security profession.

Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact