• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Terrorist sues HP after HP's encryption fails to keep data from the FBI

Schadenfroh

Schadenfroh

Elite Member
Stolen from Brandon

Michael Crooker's attempt at redemption gets tossed out of court

Michael Crooker had his lawsuit concerning Hewlett-Packard's DriveLock encryption software tossed out of court. Crooker had his Compaq laptop seized by FBI agents in 2004 after bomb-making materials were found at his home. He claimed that the FBI then used an HP-provided hack to break the DriveLock encryption used on the hard drive even though he had no evidence to back up those claims.

Not surprisingly, the FBI's attempts to break the encryption succeeded and incriminating evidence was found on the laptop. Crooker's contention is that HP shouldn't have provided the FBI with the means to break the encryption on his hard drive. From the Hartford Advocate:

"Even if it´s the CIA and the NSA, it´s wrong for HP to say, 'we can´t help you if you lose your password´," he said. "It´s causing people to hide things on their computers, and they´re not secure."

Crooker argues that by providing the FBI with a way to circumvent DriveLock, and claiming the system was impenetrable when there was actually a backdoor, HP committed a breach of contract.

Despite the evidence found on the laptop that could have be used to incriminate Crooker on explosives charges, he was not jailed under those terms. Instead, he was placed in jail for two years for a single firearms charge. The man has a rap sheet six pages long that goes all the way back to 1970:

A six-page rap sheet included in his firearms charge file lists arrests going back to March 1970, when he was 16 and committed an armed robbery while wearing a ski mask, according to the Springfield Republican. In 1977, he was accused of threatening to kill President Gerald Ford; he was cleared, but convicted of mailing death threats to the police chief of Southwick, Mass., where he grew up, and to a probation officer. In 1986, he was charged with rape and attempted murder; the charges stemmed from a phone argument with his wife, he says, and were dropped. In 1993, he plead guilty to a conspiracy to possess guns, witness tampering -- he admits he blew up a witness´s car -- and IRS fraud. He and an accomplice had filed about 70 false tax returns and pocketed the refunds.
Click to expand...
 
When did they provide a guarantee that your data was secure. If he thought the US gov't couldn't crack him, he deserved to get pwnt.
 
at first glance it looks like he's sueing HP because their program failed.
But he's sueing because HP provided a crack to the FBI. I dont know how solid his argument is. It seems weak at best, but hey, I'm no lawyer.

Originally posted by: So
When did they provide a guarantee that your data was secure. If he thought the US gov't couldn't crack him, he deserved to get pwnt.
Click to expand...

HP cracked him, not the govt
 
From the HP website

"There is no "back-door" that can be used without the correct password and unauthorised individuals will find the data on your hard drive impossible to access."

I'd say there's obviously a back door if HP has software that can break the encryption.
 
Originally posted by: TheChort
at first glance it looks like he's sueing HP because their program failed.
But he's sueing because HP provided a crack to the FBI. I dont know how solid his argument is. It seems weak at best, but hey, I'm no lawyer.

Originally posted by: So
When did they provide a guarantee that your data was secure. If he thought the US gov't couldn't crack him, he deserved to get pwnt.
Click to expand...

HP cracked him, not the govt
Click to expand...

He made that claim with no evidence to back it up.
 
Originally posted by: LikeLinus
From the HP website

"There is no "back-door" that can be used without the correct password and unauthorised individuals will find the data on your hard drive impossible to access."

I'd say there's obviously a back door if HP has software that can break the encryption.
Click to expand...

That's not entirely true. If HP's software uses a small key length for the encryption it can be cracked fairly easily.
 
Originally posted by: Kaervak
Originally posted by: LikeLinus
From the HP website

"There is no "back-door" that can be used without the correct password and unauthorised individuals will find the data on your hard drive impossible to access."

I'd say there's obviously a back door if HP has software that can break the encryption.
Click to expand...

That's not entirely true. If HP's software uses a small key length for the encryption it can be cracked fairly easily.
Click to expand...

And they are selling this as a business solution?

It wasn't cracked. It says that HP provided a hack that allowed them to break it. If the FBI was just going to crack it, what's the point of going to HP? It's a two password system.
 
I'm more interested in the "unauthorized individuals" part. It seems to me that it is standard in most agreements/disclosures that promises of privacy make an exception when it comes to criminal activity (hence the FBI for example has some access to the information though obviously it has to be specifically targeted to certain individuals or organizations).
 
Originally posted by: LikeLinus
From the HP website

"There is no "back-door" that can be used without the correct password and unauthorised individuals will find the data on your hard drive impossible to access."

I'd say there's obviously a back door if HP has software that can break the encryption.
Click to expand...

Notice the loophole? "unauthorized individuals"

HP just said "Oh, the FBI? well they are authorized individuals.

case closed.
 
Originally posted by: LikeLinus
From the HP website

"There is no "back-door" that can be used without the correct password and unauthorised individuals will find the data on your hard drive impossible to access."

I'd say there's obviously a back door if HP has software that can break the encryption.
Click to expand...


brute force maybe
 
Originally posted by: acemcmac
Blowfish FTW
Click to expand...
Yeah, just generate an absurdly long key length and providing there's no backdoor built in, I don't care how much computing power the government has, they're not going to crack it by bruteforce.
 
Originally posted by: halik
Originally posted by: LikeLinus
From the HP website

"There is no "back-door" that can be used without the correct password and unauthorised individuals will find the data on your hard drive impossible to access."

I'd say there's obviously a back door if HP has software that can break the encryption.
Click to expand...


brute force maybe
Click to expand...

It could be any number of things. It's why the FBI would choose to go to HP to have them crack it. It's obvious there is a backdoor of some kind. The FBI has more than enough talent to crack this drive.

The guy doesn't deserve anything, but he's got a valid point. If HP does have a backdoor to hack into your drive and they sell this "secured" equipment to businesses...that represents a problem.
 
I'm not a conspiracy wacko or anything but it wouldn't surprise me if they had back-doors to any and all commercial encryption.

If not then probably the math wizards to figure it out.
 
Originally posted by: spidey07
I'm not a conspiracy wacko or anything but it wouldn't surprise me if they had back-doors to any and all commercial encryption.

If not then probably the math wizards to figure it out.
Click to expand...

You've been watching waaay too many movies my alien friend.
 
Originally posted by: LikeLinus
Originally posted by: Kaervak
Originally posted by: LikeLinus
From the HP website

"There is no "back-door" that can be used without the correct password and unauthorised individuals will find the data on your hard drive impossible to access."

I'd say there's obviously a back door if HP has software that can break the encryption.
Click to expand...

That's not entirely true. If HP's software uses a small key length for the encryption it can be cracked fairly easily.
Click to expand...

And they are selling this as a business solution?

It wasn't cracked. It says that HP provided a hack that allowed them to break it. If the FBI was just going to crack it, what's the point of going to HP? It's a two password system.
Click to expand...

Where are you seeing this? 😕 I see that he CLAIMS they did that with no basis for those claims. I don't see where it says that they actually did that.
 
I dont know if you guys read Digital Fortress by Dan Brown.... this whole issues reminds me of that book
 
Originally posted by: LikeLinus
Originally posted by: halik
Originally posted by: LikeLinus
From the HP website

"There is no "back-door" that can be used without the correct password and unauthorised individuals will find the data on your hard drive impossible to access."

I'd say there's obviously a back door if HP has software that can break the encryption.
Click to expand...


brute force maybe
Click to expand...

It could be any number of things. It's why the FBI would choose to go to HP to have them crack it. It's obvious there is a backdoor of some kind. The FBI has more than enough talent to crack this drive.

The guy doesn't deserve anything, but he's got a valid point. If HP does have a backdoor to hack into your drive and they sell this "secured" equipment to businesses...that represents a problem.
Click to expand...
I completely agree.

Bad HP, FBI or not.

 
Originally posted by: narcotic
Originally posted by: spidey07
I'm not a conspiracy wacko or anything but it wouldn't surprise me if they had back-doors to any and all commercial encryption.

If not then probably the math wizards to figure it out.
Click to expand...

You've been watching waaay too many movies my alien friend.
Click to expand...

which part, the math wizards, the backdoors to all commercial encryption software or both?

I wouldn't doubt they have a backdoor or the encryption algorithm so they can reverse engineer it. I honestly wouldn't doubt that they have people/devices that can crack this stuff.
 
Originally posted by: So
When did they provide a guarantee that your data was secure. If he thought the US gov't couldn't crack HP encryption, he deserved to get pwnt.
Click to expand...

fixed. If you use high end encryption software and are very smart about it, you can keep your drive safe until the dawn of quantum supercomputers . . . . .
 
Originally posted by: LikeLinus
It wasn't cracked. It says that HP provided a hack that allowed them to break it. If the FBI was just going to crack it, what's the point of going to HP? It's a two password system.
Click to expand...

HP could have provided them with detailed info about the algorithm, providing cryptologists with an attack algorithm, without having a backdoor or cracking it for them.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top