Earlier today FirstAdopter.com pointed out a Washington Post article that explains a new distributed desktop computing system called Distributed Networking Attack used to decrypt data belonging to criminal suspects. The article says that the Secret Service hopes to reduce the time necessary to find encryption keys by “combining computing power with detective work”.
With the persistent threat of terrorist attacks in this country and the history of criminals carrying out information security attacks on the Secret Service itself, I think the agency has a duty to fight back using computationally-intensive techniques such as these.
One particular aspect of this article that I want to point out to Operation Gadget readers is the comment by Jon Hansen, a marketing person from the contractor that helped build the Secret Service DNA system, on the insecurity of passwords chosen by most computer users:
Hansen said AccessData has learned through feedback with its customers in law enforcement that between 40 and 50 percent of the time investigators can crack an encryption key by creating word lists from content at sites listed in the suspect’s Internet browser log or Web site bookmarks.
“Most of the time this happens the password is some quirky word related to the suspect’s area of interests or hobbies,” Hansen said.
This is why a combination of searching a suspect’s data storage devices for unencrypted information about his or her lifestyle is so helpful in creating a focused password-breaking strategy.
I think this is important to note because anyone could mount an attack like this on me or you if they were motivated enough to do it. There’s no question that if you know enough about me, you could come up with a short list of topics from which I might choose my passwords. If the police and security agencies know this, then data criminals do too.