Immediate Vault Immediate Access

Cryptographic Lock Baffles the FBI

encryption

Cryptography: The art of writing or solving codes.

Daniel Dantas: A Brazilian banker whose arrested in 2008 for attempting to bribe a police officer. He is also suspected of money laundering, embezzlement and other financial crimes. More importantly, he has managed to fool not only the South American authorities with his cryptographic locks on his numerous hard drives, but also the FBI.

That’s right — since July 2008, when Dantas was arrested, the FBI and officials throughout South America have tried fruitlessly to decrypt files held on the banker’s hardware (a story I first saw this morning on the Schneier on Security blog).

As The Register, a UK-based newspaper, states:

The files were encrypted using Truecrypt and an unnamed algorithm, reportedly based on the 256-bit AES standard. In the UK, Dantas would be compelled to reveal his passphrase under threat of imprisonment, but no such law exists in Brazil. The Brazilian National Institute of Criminology (INC) tried for five months to obtain access to the encrypted data without success before turning over the job to code-breakers at the FBI in early 2009. US computer specialists also drew a blank even after 12 months of efforts to crack the code.

A full year of diligent work from highly-intelligent code breakers and still nothing? Dantas seems to have chosen the right encryption software and password. We’ve seen that choosing a secure password, though very important, seems difficult for many to do. In an article we ran back in April entitled “The Real Enemy,” we highlighted the ignorance of many password-choosers.

Back in 1990, a Unix password study revealed that the most popular password was “12345.” Today, even with the proliferation of hacking and data security warnings, the most popular password, chosen by 320,000 of all users on RockYou [a web app company], was “123456”-an entire digit longer. This was followed by the 1990 favorite “12345” and then, creatively enough, “123456789” and “password.” About 20% of the people on the site picked from a relatively small pool of only 5,000 passwords. According to the data security firm Imperva, these poor passwords mean that “with only minimal effort, a hacker can gain access to one new account every second or 1,000 accounts every 17 minutes.”

It’s 2010 and it seems only Dantas and a handful of others are successful at securely encrypting their sensitive data. What can we learn from this? Choose better passwords, engage encryption software if necessary — and the FBI isn’t as smart as we think.