Macs frustrate the FBI

Daveway

macrumors 68040
Original poster
Jul 10, 2004
3,375
0
New Orleans / Lafayette, La
This is an excerpt from an article on securityfocus.com. The full article can be read here: http://www.securityfocus.com/columnists/215

Dave had some surprises up his sleeve as well. You'll remember that I said he was using a ThinkPad (running Windows!). I asked him about that, and he told us that many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box. In the field, however, they don't have as much money to spend, so they have to stretch their dollars by buying WinTel-based hardware. Are you listening, Apple? The FBI wants to buy your stuff. Talk to them!

Dave also had a great quotation for us: "If you're a bad guy and you want to frustrate law enforcement, use a Mac." Basically, police and government agencies know what to do with seized Windows machines. They can recover whatever information they want, with tools that they've used countless times. The same holds true, but to a lesser degree, for Unix-based machines. But Macs evidently stymie most law enforcement personnel. They just don't know how to recover data on them. So what do they do? By and large, law enforcement personnel in American end up sending impounded Macs needing data recovery to the acknowledged North American Mac experts: the Royal Canadian Mounted Police. Evidently the Mounties have built up a knowledge and technique for Mac forensics that is second to none.
I found that article quite amusing. Just another reason to use a mac
;)
Courtesy to yourmaclife.com for the reference.
 

Sun Baked

macrumors G5
May 19, 2002
14,874
57
Check your date, I think we did this a year ago -- don't know it it's been archived yet.

Edit: of course a year later they're finding that Windows machines (I think) are frustrating them more -- since the huge new database project may be scrapped.
 

mac-er

macrumors 65816
Apr 9, 2003
1,455
0
SFVCyclone said:
yeah, i remember reading this article a LOOOOOOOOOONG time ago.
Just because you have seen it before doesn't mean someone else hasn't.

I had never seen this before. Thanks for posting!
 

puckhead193

macrumors G3
May 25, 2004
9,210
432
NY
Thanks for the article, i sent the link to a friend who wants to major in forensics (also against mac :( )
 

mgargan1

macrumors 65816
Feb 22, 2003
1,219
0
Reston, VA
wouldn't finding info on a mac's HD be the same as on a window's based machine. Both have sectors, both have the same make hd. Maxtor, WD, Seagate... etc. I don't know the big deal about having a mac (in terms of the FBI not knowing how to physically get data off of it).
 

Lacero

macrumors 604
Jan 20, 2005
6,639
2
I have a life, so I'm not the first one to say "REPOST" and put up dumb graphics. This is a great article. Thanks for bringing it up because it was an enjoyable read. Also, with the things happening up north with the 4 RCMP officers, this story should hold some relevance.
 

Candyfingered

macrumors member
Mar 10, 2005
46
0
daveway00 said:
This is an excerpt from an article on securityfocus.com. The full article can be read here: http://www.securityfocus.com/columnists/215



I found that article quite amusing. Just another reason to use a mac
;)
Courtesy to yourmaclife.com for the reference.
Of course the Mac user could just put all their important data in Firevault... then the FBI could get it... after the sun goes NOVA.
 

Candyfingered

macrumors member
Mar 10, 2005
46
0
mgargan1 said:
wouldn't finding info on a mac's HD be the same as on a window's based machine. Both have sectors, both have the same make hd. Maxtor, WD, Seagate... etc. I don't know the big deal about having a mac (in terms of the FBI not knowing how to physically get data off of it).
True, but you have to be able to read those sectors with something... aka the computer. And they don't know how to do that on the Mac. Firevault makes that even harder. Unless the user gives them the password they'll NEVER get the information.
 

Daveway

macrumors 68040
Original poster
Jul 10, 2004
3,375
0
New Orleans / Lafayette, La
Thanks, I like bringing forth new entertaining articles. One thing to note is that when do a forum search to make sure you don't make a repost, results are not always accurate. This is because people will use titles that have nothing with the subject you want to post about. ;)

Back to the article. I'm not a hacking brainiac, but don't you need a PC to hack PC using systems?
 

runninmac

macrumors 65816
Jan 20, 2005
1,495
0
Rockford MI
Candyfingered said:
True, but you have to be able to read those sectors with something... aka the computer. And they don't know how to do that on the Mac. Firevault makes that even harder. Unless the user gives them the password they'll NEVER get the information.
Um... stupid question but how does filevault work and why is it so hard to get into?
 

killuminati

macrumors 68020
Dec 6, 2004
2,405
0
runninmac said:
Um... stupid question but how does filevault work and why is it so hard to get into?
I was also wondering this. I don't understand how it could be that difficult to get info off of macs. And wouldn't the FBI not want the public to know about that?
 

rainman::|:|

macrumors 603
Feb 2, 2002
5,438
2
iowa
Cooknn said:
I have a script that cleans house with srm -mzfv. Can data be recovered after using secure rm?
I think srm uses 7-pass overwriting, which is also known as "only the NSA is more paranoid". Correct me if I'm wrong on this...

And the FBI does have backdoor passwords to many encryption codes... It's considered "vital to national security" to have unfettered access to citizen's data, even if they think it's secure. That said, I don't know if the government has the key to Filevault, which uses a much more sophisticated system than your average encoder... This would truly be the only way to get in without a password, it can't be hacked (yet). Considering how much Apple would undoubtedly like to tap the intelligence market, it wouldn't surprise me if they gave the keys to the FBI, but then again Apple was started by leftist hippies, so who knows. This is all assuming such a backdoor key exists, it may not at all.
 

Cooknn

macrumors 68020
Aug 23, 2003
2,111
0
Fort Myers, FL
paulwhannel said:
People are dying now / Do something you ugly cow / Sorry for myself again / Me, my wallet, and my men / Jesus, I love you / Frank I love you, too / Hit the road together / Get out of the zoo / No exit / Just a pit / Apocalyptic and a zit / Hurry now / Pack your bags / Adieu you món scalawags / Got my sneakers velcroed / Snap my bookbag on / Goodbye little zipcode / How can I go wrong?
Dude that sig is an acid trip :eek:
 

panphage

macrumors 6502
Jul 1, 2003
496
0
paulwhannel said:
And the FBI does have backdoor passwords to many encryption codes... It's considered "vital to national security" to have unfettered access to citizen's data, even if they think it's secure. That said, I don't know if the government has the key to Filevault, which uses a much more sophisticated system than your average encoder... This would truly be the only way to get in without a password, it can't be hacked (yet). Considering how much Apple would undoubtedly like to tap the intelligence market, it wouldn't surprise me if they gave the keys to the FBI, but then again Apple was started by leftist hippies, so who knows. This is all assuming such a backdoor key exists, it may not at all.
Erm...wow. The NSA might be a light-year ahead of civilian cryptographers, and they might not. They absolutely refuse to say a single word about it. But the NSA ain't letting the FBI in on the fun.

And I'm willing to bet (and do everytime I use it) that there aren't backdoors to most of the popular encryption schemes (Like PGP and GPG). That's why the FBI and NSA get pissed when citizens encrypt their data. I don't know where you got the "backdoor" idea, but go do some reading on the history of cryptography. Real "strong encryption" has years and years of dedicated peer review behind it and absolutely no "backdoors". Apple's filevault, being proprietary, is therefore almost certainly less secure than an open and tested system like PGP/GPG. Guys like Bruce Schneier laugh their ass off when a company shows them their "uncrackable" "secret" encryption routines. Security through obscurity does not work here. The math makes it ridiculously hard to crack, not hiding what's going on. That said, I'm not really up on the literature for Filevault. It could be based on a tested and proven routine with mounds of peer review.

And then again, the most common weak link is the meat sitting in the chair. Whether it's choosing your own birthday or "password" for your password or being susceptible to "social engineering", it's almost always easier for someone to crack the user than the encryption.
 

Monkeyman1

macrumors newbie
Dec 29, 2004
10
0
daveway00 said:
Thanks, I like bringing forth new entertaining articles. One thing to note is that when do a forum search to make sure you don't make a repost, results are not always accurate. This is because people will use titles that have nothing with the subject you want to post about. ;)

Back to the article. I'm not a hacking brainiac, but don't you need a PC to hack PC using systems?
Why does everyone get is such a tissy about reposts anyway? It happens. Most users aren't going to go beyond the first page to see if something has been posted.
 

bosrs1

macrumors 6502
Feb 23, 2005
400
0
runninmac said:
Um... stupid question but how does filevault work and why is it so hard to get into?
It's the level of encryption and the fact there is no back door. If you don't remember your password God himself couldn't get the information off let alone the FBI. It would take 4.6 Trillion years to break the encryption. Even if we learn to break such codes exponentially over the next few decades it would take years and years to break in.
 

Rocksaurus

macrumors 6502a
Sep 14, 2003
652
0
California
Lacero said:
I have a life, so I'm not the first one to say "REPOST" and put up dumb graphics. This is a great article. Thanks for bringing it up because it was an enjoyable read. Also, with the things happening up north with the 4 RCMP officers, this story should hold some relevance.
Just voicing my support for Lacero... People who get so upset over reposts just need to take a break from the forums for awhile or something... or just relax. I for one had never seen this, and wouldn't have thought to search for it :p
 

Sun Baked

macrumors G5
May 19, 2002
14,874
57
Rocksaurus said:
Just voicing my support for Lacero... People who get so upset over reposts just need to take a break from the forums for awhile or something... or just relax. I for one had never seen this, and wouldn't have thought to search for it :p
Some of us get quite a bit of entertainment out of people that think reposts are a fun and exciting way to get banned. ;)