turkish rubberhose cryptoanalysis

[Eugen Leitl]

http://news.cnet.com/8301-13739_3-10069776-46.html

October 24, 2008 8:46 AM PDT

Turkish police may have beaten encryption key out of TJ Maxx suspect

Posted by Chris Soghoian

When criminals turn to disk encryption to hide the evidence of their crimes,
law enforcement investigations can hit a brick wall. Where digital forensics
software has failed to recover encryption passwords, one tried and true
technique remains: violence. It is is this more aggressive form of good cop
bad cop behavior which the Turkish government is alleged to have turned to,
in order to learn the cryptographic keys of one of primary ringleaders in the
TJ Maxx credit card theft investigation.

The 2005 theft of tens of million credit card numbers from an unsecured
wireless network run by TJ Maxx stores has lead to over 150 million dollars
in damages for the company. The two gentlemen behind the heist sold the
pilfered credit card information to others online. Eventually, the stolen
cards reached Maksym Yastremskiy, a Ukrainian citizen, and, according to
media reports, a "major figure in the international sale of stolen credit
card information."

Mr Yastremskiy was later arrested in 2007, while on vacation in Turkey. The
US government has formally requested that Yastremskiy be extradited, and has
charged him with a number of crimes including aggravated identity theft.

According to comments allegedly made by Howard Cox, a US Department of
Justice official in a closed-door meeting last week, after being frustrated
with the disk encryption employed by Yastremskiy, Turkish law enforcement may
have resorted to physical violence to force the password out of the Ukrainian
suspect.

Mr Cox's revelation came in the context of a joke made during his speech.
While the exact words were not recorded, multiple sources have verified that
Cox quipped about leaving a stubborn suspect alone with Turkish police for a
week as a way to get them to voluntarily reveal their password. The specifics
of the interrogation techniques were not revealed, but all four people I
spoke to stated that it was clear that physical coercion was the implied
method.

The Turkish interrogation seemed to have worked as Mr Cox was even able to
share Yastremskiy's encryption password with the audience.

Mr Cox, the Assistant Deputy Chief for the DOJ's Computer Crime and
Intellectual Property Section, made the comments during his keynote talk at
an invitation only event for academic and industry experts focused on
phishing related crimes. This blogger has spoken to four sources, each in
independent interviews, who claim to have witnessed Mr. Cox making such
statements. However, due to the closed-door nature of the event, and fearing
that coming forward publicly would lead to them being blackballed from future
information sharing sessions, no one would go on the record to make their
claims.

If Mr Yastremskiy is successfully extradited to the United States, it is
unclear if the evidence from his encrypted disk could be used against him in
court. It also remains an open question as to how much the US knew about the
alleged beating of Yastremskiy by the Turkish authorities, and when.

If Mr Cox's alleged comments are indeed true, this is alarming news. The
majority of cryptographic tools in use today are designed around the general
assumption that an end-user can refuse to disclose his or her key if the
computer is seized. While password discovery via torture is something that
has been discussed in the academic literature for a number of years (it is
commonly known as rubber-hose cryptanalysis), it has for the most part
remained a theoretical threat. A few tools, such as TrueCrypt, are designed
to resist such attacks, and thus use deniable encryption -- that is, making
it impossible for someone to examine a computer and be able to determine if
there is anything encrypted on the disk. Some tools even allow for multiple
deniable encrypted folders, each with a different password.

Of course, Truecrypt and other tools that have adopted deniable cryptography
do not stop government agents from torturing a suspect. It just means that
they cannot be sure when to stop the beatings, as there could always be one
additional hidden file on the disk.

Multiple requests for comment, by both phone and email to Howard Cox and the
DOJ Office of Public Affairs have been ignored. Similarly, the Turkish
embassy in Washington DC had not responded to a request for comment by press
time.

A Freedom of Information Act request has been submitted for the slides and
notes for Mr Cox's speech, however, this could take months or years before
any information is returned.

Disclosure:

Mr Cox presented at a closed-door session at the Anti-Phishing Working Group
e-Crime summit. I presented at the same conference the next day, at a session
open to the general public. My hotel and airplane ticket were paid for by the
APWG, as part of a scholarship program for graduate students.

In 2006, the FBI investigated me for some of my research into boarding pass
security. While no charges were ever filed, it's reasonable to state that I
have little affection for the DOJ computer crimes section.

Finally, due to the fact that the Turkish government is involved, it is worth
mentioning that I am 50% Armenian by blood. Several generations ago, a number
of my family members died at the hands of the Ottoman Empire (now Turkey). I
do not have an axe to grind in this area, but in the interest of honest
disclosure, I thought it should be mentioned here.