Feeds

MS unleashes legal attack dogs to lick up COFEE spill

Cryptonomicon

5 things you didn’t know about cloud backup

Microsoft unleashed its legal attack dogs to remove its leaked forensics tool from a respected security site, it has emerged.

Cryptome.org was issued with a take-down notice shortly after Microsoft's point-and-click "computer forensics for cops" tool leaked onto the web earlier this month. Redmond's lawyers acted over allegations that Cryptome was offering copies of its COFEE computer forensics utility via its website and days after acknowledging the utility was at least briefly available via BitTorrent.

COFEE (Computer Online Forensic Evidence Extractor) is a package of forensics utilities bundled onto a specially adapted USB stick, and is designed to allow police officers to collect digital evidence from a suspect's PC at a scene of crime or during a raid. The technology can be used to recover internet activity, scan files and obtain a list of processes running on an active computer at the scene of an investigation without interfering with the machine.

Redmond makes the utility (actually a bundle of 150 applications) available at no charge to law enforcement agencies via Interpol. The leak of the tool earlier this month created fears that the software might fall into the hands of miscreants and spur the development of countermeasures.

Microsoft responded to these fears by stressing that the utility was a bundle of commercially available applications and that no secret data was leaked. A statement issued on behalf of Richard Boscovich, senior attorney of Microsoft's Internet Safety Enforcement Team, also acknowledged the software had been made available through BitTorrent, a development that meant anyone might have been able to download the software.

We have confirmed that unauthorised and modified versions of Microsoft’s COFEE tool have been improperly posted to bit torrent networks for public download. We strongly recommend against downloading any technology purporting to be COFEE outside of authorised channels – both because any unauthorised technology may not be what it claims to be and because Microsoft has only granted legal usage rights for our COFEE technology for law enforcement purposes for which the tool was designed. Note that contrary to reports, we do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around’ to be a significant concern. COFEE was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world. Its value for law enforcement is not in secret functionality unknown to cybercriminals; its value is in the way COFEE brings those tools together in a simple and customisable format for law enforcement use in the field.

In cooperation with our partners, we will continue to work to mitigate unauthorised distribution of our technology beyond the means for which it’s been legally provided and, again, would strongly discourage people from downloading unauthorised versions of the tool. As always, law enforcement wishing to use COFEE can safely get the latest released version of the tool free of charge through the established channels with both NW3C and INTERPOL by contacting NW3C at www.nw3c.org or INTERPOL.

Microsoft supplied this statement of 11 November two days before firing off its legal nastygram to Cryptome.org on 13 November. Since COFEE was already available via BitTorrent the legal action might seem slightly overboard, though consistent with Redmond's promise to chase unauthorised distribution of the code.

Security experts we quizzed on this point, however, said Microsoft was well within is rights to ask sites to stop offering copies of the tool for download. In any case, Cryptome.org complied with Microsoft's order. Copies of correspondence pertaining to the COFEE take-down order have been posted by Cryptome here. ®

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.