Feeds

MS unleashes legal attack dogs to lick up COFEE spill

Cryptonomicon

Boost IT visibility and business value

Microsoft unleashed its legal attack dogs to remove its leaked forensics tool from a respected security site, it has emerged.

Cryptome.org was issued with a take-down notice shortly after Microsoft's point-and-click "computer forensics for cops" tool leaked onto the web earlier this month. Redmond's lawyers acted over allegations that Cryptome was offering copies of its COFEE computer forensics utility via its website and days after acknowledging the utility was at least briefly available via BitTorrent.

COFEE (Computer Online Forensic Evidence Extractor) is a package of forensics utilities bundled onto a specially adapted USB stick, and is designed to allow police officers to collect digital evidence from a suspect's PC at a scene of crime or during a raid. The technology can be used to recover internet activity, scan files and obtain a list of processes running on an active computer at the scene of an investigation without interfering with the machine.

Redmond makes the utility (actually a bundle of 150 applications) available at no charge to law enforcement agencies via Interpol. The leak of the tool earlier this month created fears that the software might fall into the hands of miscreants and spur the development of countermeasures.

Microsoft responded to these fears by stressing that the utility was a bundle of commercially available applications and that no secret data was leaked. A statement issued on behalf of Richard Boscovich, senior attorney of Microsoft's Internet Safety Enforcement Team, also acknowledged the software had been made available through BitTorrent, a development that meant anyone might have been able to download the software.

We have confirmed that unauthorised and modified versions of Microsoft’s COFEE tool have been improperly posted to bit torrent networks for public download. We strongly recommend against downloading any technology purporting to be COFEE outside of authorised channels – both because any unauthorised technology may not be what it claims to be and because Microsoft has only granted legal usage rights for our COFEE technology for law enforcement purposes for which the tool was designed. Note that contrary to reports, we do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around’ to be a significant concern. COFEE was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world. Its value for law enforcement is not in secret functionality unknown to cybercriminals; its value is in the way COFEE brings those tools together in a simple and customisable format for law enforcement use in the field.

In cooperation with our partners, we will continue to work to mitigate unauthorised distribution of our technology beyond the means for which it’s been legally provided and, again, would strongly discourage people from downloading unauthorised versions of the tool. As always, law enforcement wishing to use COFEE can safely get the latest released version of the tool free of charge through the established channels with both NW3C and INTERPOL by contacting NW3C at www.nw3c.org or INTERPOL.

Microsoft supplied this statement of 11 November two days before firing off its legal nastygram to Cryptome.org on 13 November. Since COFEE was already available via BitTorrent the legal action might seem slightly overboard, though consistent with Redmond's promise to chase unauthorised distribution of the code.

Security experts we quizzed on this point, however, said Microsoft was well within is rights to ask sites to stop offering copies of the tool for download. In any case, Cryptome.org complied with Microsoft's order. Copies of correspondence pertaining to the COFEE take-down order have been posted by Cryptome here. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?