A system administrator who managed to steal secrets from the US Army could despite the use of the popular encryption program TrueCrypt still be caught. The man was last week sentenced to imprisonment for 10 years. Through the SunSentinel there is now more information on the case to come out.
The American was seconded as a system administrator at an air base in Honduras. From this location, the man approached the classified network without permission from the Ministry of Defence. There he deleted confidential information, including intelligence reports and military plans. Before the files were removed which he copied to his NAS system that was at home.To cover his tracks he removed include log data.
TrueCrypt
The information that the spoils system did he copied three times and remained hidden for two years, said the prosecutor. For the security of its own system, the man used TrueCrypt. He had encryption programs set up so that there was a hidden volume created. In this case, there are two volumes, each with a separate operating system, which are accessed through different passwords. Thus, a TrueCrypt user can relinquish the password from one volume, making the operating system without important data is loaded. The data on the hidden volume remain hidden.
This hidden volume had secured the system with a password of 30 characters, as did an intelligence expert from the army reported in court. In 2011, the system still had an email sent to a friend, stating that the FBI could not crack TrueCrypt.According to the information the FBI expert was in this case it managed to crack the password. How the investigation service has gotten this done is unknown. A known attack on TrueCrypt is the EvilMaid attack . In this case, an attacker with physical access to the encrypted system install a keylogger, which stores the entered password TrueCrypt.
Another possibility is that the system administrator has told his password. In early January of this year closed the system a "plea agreement" with the Department of Justice. Databreaches.net this agreement put online ( pdf ) but about whether or not to crack the TrueCrypt password is not listed here.
No comments:
Post a Comment