Microsoft security tool COFEE spills online
A Microsoft tool designed to help law enforcement staff to rescue data from a suspect’s computer has appeared online. At least one filesharing site has taken it down, raising questions as to how advanced or secretive the tool truly is.
The Computer Online Forensic Evidence Extractor (COFEE) tool, unveiled in April last year, is a USB stick which performs more than 150 tasks in 20 minutes, including decrypting passwords and analyzing temporary data which would be lost if the machine was powered down, for example to be sent to a lab. It’s designed to be easy to use, even by non-experts.
The software was produced with the idea of being available to police around the world without charge. Earlier this year Microsoft set up a deal with INTERPOL to distribute it worldwide, while just last month it licensed the National White Collar Crime Center as a US distributor.
The tool appeared on filesharing site What.cd late last week. The site has now removed the tool, with its staff saying “Suddenly, we were forced to take a real look at the program, its source, and the potential impact on the site and security of our users and staff. And when we did, we didn’t like what came of it. So, a decision was made.”
That’s prompted some speculation that the software must be extremely technically advanced and secretive to be worth removing, which contradicts claims that it’s simply an easy way to carry a collection of tools. The chances are that, in reality, What.cd figured that while you might get away with hosting torrents for material belonging to a movie studio or music library, it’s just not worth the hassle when it comes to the cops themselves.
There have also been several references to reports that it is “illegal” for civilians to use these tools, which makes them sound that much more exciting. In reality, this simply seems to be a case of the software license only covering law officials.
It is possible that the software being out in the wild will give criminals the opportunity to reverse-engineer it and figure out better ways of encrypting or hiding their data. However, Microsoft must surely have foreseen that possibility and decided it’s not a major drawback. After all, the “leak” may have been relatively early in the tool’s existence, but with the greatest respect to millions of totally honest and sensible law enforcement staff around the world, you can’t make software available to officials in 190 countries and seriously expect not a single person to share it with a civilian.
Related Posts:
November 12th, 2009
“At least one filesharing site has taken it down, raising questions as to how advanced or secretive the tool truly is.”
John, you should look up the meaning of “secretive” in the dictionary; this will help you to use the word in its correct context.