Backdoors Found In Bitlocker, FileVault and TrueCrypt?
Yesterday, Marauderz and I had a discussion about disk and file encryption, and the topic of backdoors came up. Someone mentioned some time ago that Bitlocker has a backdoor for the NSA or law enforcement guys to use. I cannot remember who - it was probably one of the many conspiracy theorists I came across - but I remember he mentioned that he saw a PowerPoint presentation of the backdoor, or something to that effect.
Marauderz being Marauderz, immediately tried to look for the PowerPoint file online but couldn't find it. I wanted to prove that I wasn't bullshitting (if it doesn't exist, well, blame the guy who told me!) so I went scouring for the proverbial pot of gold, even though I haven't actually seen it before.
After a full day of looking everywhere, even in the darknets of Tor, I finally found what I think that guy was talking about - a PDF printout of a PowerPoint presentation that claims that there is a backdoor in Bitlocker. It even confirms that major cloud storage providers were scanning our content for illicit materials, which was something many of us already know. In fact, CNBC reported just two weeks ago that :
Some popular cloud storage providers sweep accounts looking for illegal data. Right now, the focus is on hunting for child pornography, but their terms of service allow for other kinds of files to be considered non grata as well.
"When users place their data with cloud computing services, they lose the ability to maintain complete control of that information," said Lillie Coney, associate director of the Electronic Privacy Information Center (EPIC).
A Maryland man was charged earlier this month with possession of child pornography after authorities were tipped off by the National Center for Missing and Exploited Children (NCMEC). Police say Verizon Online found approximately 23 suspect images during a routine sweep of the man's cloud drive and alerted NCMEC, a non-profit established by Congress and primarily funded by the Justice Department.
Apple — which declined to comment — and Microsoft, along with Verizon Online, state in their user agreements that they reserve the right to actively search stored files.
What's even more worrying is that it seems to claim that there is a backdoor in major disk encryption software like Bitlocker, FileVault, TrueCrypt and BestCrypt. Shocking, I know, since TrueCrypt at least is an open source software. So far no one has been able to discover any backdoor but that's why it's so worrying that an official police presentation seems to claim otherwise.
Now, Americans may live in a country of free speech but in many parts of the world, free speech is a precious commodity, jealously guarded by dictators and oppressive regimes. A backdoor would allow anyone with the access to read, copy, modify and even delete files without the user knowing it. Imagine how much power the government would have over the people. I shudder at the possibilities...
That said, I cannot vouch for the authenticity of the file. It appears to be genuine with a link on the last page to the previous year's presentation, which is actually accessible on the Internet. I will leave it to you guys to judge for yourselves. For those who don't like reading, the interesting bits are on pages 27-33. I have also included the PDF print-out of the presentation as a download in the last page for those who are interested in downloading a copy.
Computer Forensics For Prosecutors (Pages 1-6)
Disclaimer : Based on the fact that the previous year's presentation is still available publicly on the Internet, we're assuming that this presentation is also for public consumption. If this is really meant for law enforcement only, well, let us know and we will gladly remove it. In any case, the copyright of the document belongs to their respective parties. Tech ARP neither owns nor vouches for the contents of this document.
Support Tech ARP!