This story is from a number of years ago. At the time I was still working my way up the IT ladder and in this position I was an on-site admin. My colleague, let’s call him Bob, had more experience and was more like a proper system admin, except that he managed to land probably the cushiest job in the IT landscape. He was getting paid very good money as a full time consultant and had to do almost nothing. He spent his time looking at cars, vacation spots and getting frustrated on tinder. That’s not to say he was lazy, but he did most of his work outside of company hours for his own company and regarded the office hours more as leisure time.

Anyway, we received a mail from the police department that a laptop that had been turned over as evidence in an embezzlement case, could not be opened because the disk was encrypted. An investigator would come by to give us the laptop so that we could decrypt it. The investigation had been going on for over 5 years at that point and we pretty much instantly realized this was unlikely to succeed. So the investigator shows up one day with the laptop and we earnestly try to decrypt it, digging through all potential files that may maintain the correct decryption code. Iirc this was McAfee encryption and we did export the keys on a regular basis, but that was a practice I had introduced after too many codes were lost. Since this laptop was dated from well before my time, I was pretty sure we wouldn’t find the code.

Now Bob did think of a solution, with the caveat that it wasn’t exactly a legal solution. Given we were dealing with the police, we couldn’t really tell them we were about to use illegal methods to provide them potential evidence. When the investigator went on a coffee break, Bob prepared a usb stick that would decrypt the disk, using some obscure piece of software of which I can’t remember the name. When the investigator got back, we told him that we were at wits end and that this could take a long time still. The guy was pretty resigned at that point, as he had been waiting for a couple of hours already, and said that he would leave the laptop with us and come back once it was decrypted.

Bob and I waited until the doors of the elevator closed behind him. I’m pretty sure that by the time he got to the ground floor, we had already bypassed the mcafee screen and were logged on to the laptop. Bob launched the decryption and then we discussed when we should inform the investigator that the laptop was ready for pickup. We didn’t want to make it suspicious and send the info to him right away, but we also didn’t want to wait too long. Bob wanted to milk this thing, as all time spent working on this were bookable hours for him, so we settled on 3 days. So at the end of the week we informed the police the laptop was ready. We got a reply back he would pick it up 2 weeks later. 2 months later he actually did pick it up. I never learned what happened to the investigation.

You are viewing a single thread.
View all comments
2 points

I’m not familiar with the law here. How could the decryption method be illegal when decryption itself is fine?

permalink
report
reply
1 point

The encryption was an old version of the encryption software, for which cracks were available. But the software used to crack it was at a minimum in a legal grey zone. If there was evidence on the laptop that ended up being used and the method of getting that evidence was not legal, the evidence could be thrown out.

permalink
report
parent
reply

Tales from IT

!tales_from_it@lemm.ee

Create post

Tales from IT

Community stats

  • 2

    Monthly active users

  • 1

    Posts

  • 2

    Comments

Community moderators