Nov 102010
 

Guess what?  The cops can’t get access to vital computer files in their investigation of Anglo because …

Go on.  Guess.

Is it because the  Anglo laptops are all broken?

No.  They’re fine.

Is it because the cops keep getting distracted by playing Solitaire and Minesweeper?

No.  They’re serious cops.  Don’t be ridiculous.

Is it because they can’t understand how to switch on the computer?

No.  The ON button is clearly marked.

The reason is because former Anglo executives refuse to give them the encryption passwords.

How about that?

What’s the password?

I forget.

The investigation concerns certain matters I wrote about here in the past:

  • huge loans to Anglo senior executives which were obligingly taken over for a few days by rival bank, Irish Nationwide, the other basket-case, when the auditor came to examine the books
  • loans to ten people for the purchase of Anglo shares to artificially inflate their value
  • overnight transfers of huge amounts — billions — from Irish Life and Permanent to create the impression that Anglo had significant deposits when the accounts were being examined.

It seems like a lifetime away, but when I wrote this post, I was complaining about the government’s plan to inject €3 billion of our money into Anglo.  The figure for Anglo now stands at something in the order of €34 billion, and the total bill to bail out the investors in the banks is estimated at €70 billion, rendering the country bankrupt, in an agreement based on falsified information supplied by the bankers.

Now, when the police are seeking to investigate these extremely grave matters, it turns out that senior Anglo people are not providing them with the assistance they need to uncover the facts.

Quick.  Stop the first fat guy with a beard and a Slayer t-shirt.  Tell him the cops need him urgently to hack into Seanie Fitz’s laptop.  Tell him there’s an extra-large pizza waiting for him when he does the job.

This is a terrible indictment of the investigation.  People who fail to turn over passwords should be arrested and charged.  It shows that the Gardai are not carrying out their job, either through incompetence or direction from government, but either way, we have yet more evidence that Anglo executives are being protected.

________________________

What is the Anglo Secret?

Other posts on Anglo

  27 Responses to “Anglo Executives Refuse to Hand Over Computer Passwords”

Comments (26) Pingbacks (1)
  1.  

    I actually do know a bit about enterprise cryptography.
    There are very few encryption methods that are actually “unbreakable”. Most can be brute forced or reverse engineered. There are exceptions, PGP Whole disk encryption for instance. But notice they talk about specific files. This doesn’t sound like encrypted volumes or even encrypted disks. If this is as simple as MIcrosoft’s own methods of locking their documents i wouldn’t at all be surprised.
    Remember the guards lack of ability at getting a conviction in the Judge Curtin case?
    I’d be VERY interested in which encryption tools they’ve use to lock the files.

  2.  

    Here’s a link to more info on the matter:
    http://www.independent.ie/national-news/anglo-chiefs-facing-quiz-on-missing-passwords-2413749.html

    If it’s only about certain files that have a password on them using Microsoft’s own locks, it’s trivial for an experienced user to crack the password and access the data. A quick search turns up some possible info on this – 40bit encryption, roughly two days to brute force? If you got a cracking tool designed to break that particular type of encryption (illegal, of course) you might do it in less time.

    I’d say the delay is that they need to do this for every one of those files, and it’s taking longer than if they just got the passwords.

  3.  

    It’s the Guards. They don’t know how to do it.

    They urgently need to recruit a teenager of average intelligence.

  4.  

    There was a case in the UK recently where a kid was jailed for 16 weeks for refusing to hand over his 50 Character encryption key for his laptop HD. The cops were unable to crack it and he refused to hand it over.
    It’s the kind of thing you might have to hand off to the NSA.
    Remember wikileaks posted their 256-bit encrypted file confident that it could not be broken.

  5.  

    Well refusing to hand over the passwords will 100% get them charged with obstruction of justice – but “forgetting” the passwords – that’s another matter altogether.

    As for “hacking” the files – it may not be as simple as that. It’s not like they have a prompt to log into the document system, and they need the password for that. It’s the contents of the actual files themselves that’s garbage to the human eye…..even with “weak” 40-bit encryption , to brute force this you end up with somewhere in the region of a trillion versions of the document, only one of which contains the exact original text. Now, you can filter out a lot of the crap if you’re smart enough to be able to distinguish between the known format of the decrypted document (i,e you know it is English text so you can discount results that don’t match a dictionary of english words – but then what if there was a typo in the original document?you’ve just discarded a potentially “good” result!),

    Also if you know the system that was used to encrypt them you can filter out a lot of the results, but ultimataly, unless you know the KEY that was used to encrypt the data (which in this case, is probably their password + a fixed key generated by whatever system did the encryption) you’re screwed because you’ll still have to physically read all the results to tell which is the original document – and then their lawyers will argue that you decrypted it wrong, not legally admissable, etc.

    Brute force is only good for when you’re trying to gain access to a system whereby you generate every single possible password and test it against the system in an automated fashion, without necessarily ever knowing what that password is once you succeed.

  6.  

    Slightly off point;

    “Loans to ten people for the purchase of Anglo shares to artificially inflate their value

    Overnight transfers of huge amounts — billions — from Irish Life and Permanent to create the impression that Anglo had significant deposits when the accounts were being examined.”

    What were the incredibly expensive auditors ( Price Waterhouse Cooper I believe) being paid for if they couldn’t spot anomalies with these huge amounts of money?

  7.  

    That’s not off the point at all. You ask a very pertinent question, to which I haven’t yet heard an answer that makes any sense.

  8.  

    What of any IT audits? No company of any size allows employees (regardless of their standing) to develop and use there own systems, encryption or otherwise. Especially not a bank, FFS.

    Then, I remind myself that we are talking about Anglo Irish…..

    I have to say that I don’t share your disdain for the abilities or professionalism of the investigators, Bock. The wheels of justice may appear to be grinding at a painfully slow rate, but they’re turning all right.

  9.  
  10.  

    BP — My disdain for the Guards’ IT prowess is based on their performance in a number of technical areas, but their incompetence is world class in the area of information technology. I think it’s time for a post on the bumbling, blithering stupidity of the way they use and misuse computers.

  11.  

    How can a probe be underway? Good old Herald, eh? They probably meant an investigation or an inquiry.

    Anyway, what’s it about? Some accountants sending each other schoolboy emails about their female colleagues? I bet that never happened before.

  12.  

    What are the Educational Requirements? (for the garda siochana)

    The educational requirements over the last number of years are as follows:

    Candidates must have obtained in the Leaving Certificate Examination:
    A grade not lower than a B3 at Foundation Level or a D3 at another level in Mathematics.
    A qualifying grade in two languages, one of which must be English or Irish, as follows:
    English: a grade not lower that D3 at Ordinary Level,
    Irish: a grade not lower than C3 at Foundation Level or D3 at another level,
    Other language : a grade not lower than D3 at Ordinary Level, and
    A grade not lower than D3 at Ordinary Level, in not less than two other subjects.
    OR
    The Merit Grade in the Applied Leaving Certificate,

  13.  

    Dear Jesus. Are you sure about that? Not that I’m doubting you, but I’d like to read the thing for myself if you have a link.

  14.  

    Spot the misspelling in the Garda list of educational requirements.

  15.  

    If their passwords are at the same level of acumen as their financial dealings you can pretty much guarantee they are spelled:

    p-a-s-s-w-o-r-d

    Anyone tried that yet?

  16.  

    so after 18 months they still have not got to the most important files.
    I could have sworn I heard months ago that the investagation was almost ready to go to the DPP?
    At this stage if they haden’t paid their TV lisence thry would be in Mountjoy

  17.  

    What a bunch of Muppet,s. People are being sent to jail for not having a TV lisence! And these bastard,s will never be brought before the courts. The morgage holders should withold their payments , and hit them where it really hurts, thats the only powder we have. The dont care if we protest till the cow,s come home, Their is no point in paying for a property you will never own. So stop supporting the fucked up ,crooked system.

  18.  

    There is no technical reason that i can think of that these documents are un-openable.
    Here’s why. And i’m open to technical contradiction on this.
    I think we can straight away discount that these are locked volumes or whole disks that are locked and encrypted. All the language so far indicates that these are files, just files and only files.
    Files are locked in the windows world, which is what Anglo are based on, via two methods.
    First is microsoft’s own encryption, which is brute forceable. Readily so. In fact if you have a small network of computers it becomes trivial.
    Second is third party apps, these are as weak as the keys. Which have to be windows compatible. So, if the documents are THAT IMPORTANT then they would have needed to be reviewed, printed, shared, examined.
    They either will have had to share the key (in this i mean a password, or pgp key or usb key) with more than one person. The keys will either have multiple copies, or will have transited over e-mail. Which means the key’s should exist in more than one place.
    I would attack this in two ways.
    First I would seize all mail servers and backups. I don’t now if this has been done. But surely the gardai should have these forensically stored.
    Second i would seize ALL printers and printer scanners from Anglo. These have memory that can be examined, both hard disk and memory, whole documents can be re-printed if you have the right circumstances.

     I would have also seized all mobile phones, data storage both onsite and off site, all paper notebooks. I would also have attempted to use the base credentials for the main suspects on all popular e-mail, file sharing and social networks. There should have been no rock left unturned to get these fsckers.

    ALL seized systems, laptops, servers, storage et.al should have their free disk space examined for file remnants, since they are a windows world then everything should be recoverable.

    The only killer moment would come if they are using whole disk encryption tools where they’ve “lost” the keys. But even then you can make attempts to brute force.

    All of the above says to me that someone is deliberately blocking this.

  19.  

    Huron, obviously someone is blocking this, by refusing to hand over the keys and most likely pretending that they “forgot” them.

    But brute force on data that contains human-readable data is a long arduous process, as I mentioned in my previous post.
    Even if the files were only encrypted using Microsoft encryption (by the way, which are you talking about, Office encryption or EFS) you STILL have to have access to unencrypted copies of similar documents in order to be able to retrieve any kind of meaningful result. Otherwise, you end up having to physically read millions of potential matches.
    Anyway I seriously doubt that this is the case because that kind of encryption is integrated with the OS – if you can log in as the Windows user who created them, you already have access to the files. No way yould they get away with pretending they forgot their login passwords, and even if they did, an Admin could reset it, so it would be a non-issue.

    Right now, nobody here know where those files were stored, or what system was used to encrypt them. They could just as easily be stored on a unis or linux or sun box, using native file system encryption, or 3rd party encryption.
    A 3rd party encryption service is only as “weak” as its keys in the sense that if you know the key you can decrypt the data. If the key is a PGP key and you don’t have access to the public key to decrypt it, then you’re screwed. Pretty Good Privacy is a hoor to crack.

    btw, a PGP key is just a string of data, not like a USB key that’s a physical thing you can store information on.
    It’s not the same as a password, it has two parts – a public key and a private key. Unless you know the public key, you cannot decrypt the data in any meaningful way.

    Brute forcing PGP with 1,000,000 modern computers would take longer than the time the known Universe has already been in existance…..in virtually every single case where a hacker can somehow obtain a meaningful result from decrypting human-readable data, it is because they have an unencrypted copy of something similar to compare against.
    That’s not the case here, as I understand it.

  20.  

    The someone blocking would not be an Anglo employee IMHO.
    This may be where the bodies are buried.

    Regarding PGP.
    You will not ever be able to brute force a PGP WDE disk unless the passphrase is trivial.
    You can run brute force attacks on PGP WDE. I’ve done it and cracked it, but the passphrase was trivial.

    You are now able to brute force PGP encrypted files. But you’d have to spend maybe 20-30k on hardware and software first and have a bit of time on your hands.

    Agreed on EFS not coming into this as these would be files.
    Anyways, Elcomsoft have a great little tool for decrypting EFS.

    With unencrypted file space, empty space or deleted files, file carvers are freely available. All you’d have to pay for would be the expertise to do the sweeps. The examination of gathered files could be done by anyone. The time taken for deep sweeps would be measured in hours, not days.

    The files, I am surmising are that, files.
    If they were anything else it would have been stated as that somewhere in the media (I believe).
    Files would have to be shareable. Able to be circulated for comment, printing etc.
    So, even with PGP encryption, the keys would be stored in one of two formats.
    Either a circulatable key over e-mail.
    (Anglo being an Exchange house which would support this out of the box, I would hazard a guess that this is the case. This would mean multiple copies of the key stored on receiver and senders machines and also possibly on the mail servers themselves.)
    Or on a USB stick or CD or even floppy.
    The keys would somewhere.
    Either on e-mail or on physical media.

    What should happen is the Garda forensics team should publish bit copy images of the physical media involved on heanet or a torrent site like legaltorrents and let the internet have at it.

  21.  

    The speculation regarding encryption methods etc. is all very interesting.

    However, there is an entirely different principle at the root of this story – that of the right of the citizen to refuse to incriminate themselves. Armani-suited bankers have the right to remain silent, just like honest criminals and scobes.

  22.  

    Good point boldPilot – although the Criminal justice act allows for an adverse inference to be drawn from a witness’ refusal to answer a question. Plus, and perhaps a lawyer could confirm this, as far as I know the right to silence only extends to natural persons and not companies; if the documents are company property and the company itself has had the charges filed against it, then they can’t use that right, since they are bound to act on behalf of the company. But then again, I could be wrong…

    Also, ss far as I understand it , if the people who are being asked for the passwords are not forthcoming, then they will then find themselves charged with obstruction of justice (if not already being charged themselves) and will be found guilty…if they are already being charged with illegal dealings and the documents could serve as evidence that back up the charges, then their refusal to provide the passwords will weigh heavily against them in the final judgement (i.e it will be assumed that the documents DO contain details of their criminal activity)
    Either way, they will be convicted, though perhaps not of what we’d like them to be!

  23.  

    The details of the right to silence are here:

    http://www.citizensinformation.ie/en/justice/arrests/right_to_silence_in_criminal_cases.html

    Much as it chokes me to see these bastards hide behind their constitutional rights, I’m much happier to live in a country where this right is respected, unlike the UK for example (c.f. post No. 4 from Brian).

  24.  

    The details on the right to silence can be found here:

    http://www.citizensinformation.ie/en/justice/arrests/right_to_silence_in_criminal_cases.html

    Much as it chokes me to see these bastards hide behind their constitutional rights, I’d rather live in a country that respects the right to avoid self-incrimination, unlike the UK, for example. (c.f. post No. 4 by Brian)

  25.  

    @Steve 22 “they will be convicted”. I wish I had your optimism. Dont hold your breath.
    @Bold Pilot: you and I know these guys are really tearing the arse out of it. Its a little different,dont you think,when the welfare of a nation is at stake?

  26.  

    Hang on there lads, dont you know there is one law for the rich and another for the poor. Its the same for prisons, they are simply places of detention for poor people. The whole of society is ordered in that manner. Take for instance the NCT car test centres, rich peo0ple never see the inside of one of those places because they were intended only for less well off people, and they must be punished for being less well off. Get your mind working on it for awhile and very soon you will come up with hundreds of examples yourselves ,try it.

Leave a Reply