Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
EU Technology

EU Device-Cracking Platform To Receive Major Upgrade (therecord.media) 31

The European Union has allocated $4.7 million in funding to upgrade Cerberus, a platform used by EU law enforcement agencies to crack passwords and access encrypted devices. From a report: Developed in 2019 for an initial cost of $2.7 million, Cerberus stands for Child Exploitation Response by Beating Encryption and Research to Unprotect Systems. The platform is a collection of finely tuned algorithms that utilize high-performance computers to crack passwords for devices seized during law enforcement investigations. Sources close to the project have told The Record this week that the new $4.7 million in funding will be used as part of a new project called Overclock, which aims to expand the Cerberus platform with new algorithms that can be used to crack passwords on a broader set of new devices. Once finished, EU law enforcement hopes to be able to expand their digital forensics capabilities in regards to extracting and recovering data from secure devices.
This discussion has been archived. No new comments can be posted.

EU Device-Cracking Platform To Receive Major Upgrade

Comments Filter:
  • the good old "think of the children and open your pockets".

    No sorry, don't waste my money to go after people who own/download forbidden pictures. I don't care and never will. Your stupid children are your responsibility, not mine. Society should not be the parent of your ugly child.

    • Re:Oh yes (Score:5, Insightful)

      by Qwertie ( 797303 ) on Tuesday July 06, 2021 @05:41PM (#61557083) Homepage

      It's not about taking your money, it's about silencing political opposition by making the insinuation that those who are anti-hacking are pro-child-porn. A tool "used by EU law enforcement agencies to crack passwords and access encrypted devices" could be used for a great variety of purposes, some legitimate, but it isn't even guaranteed to stay in the hands of law enforcement, let alone be limited to kiddie porn cases.

      Now, I don't know if the Overton Window has shifted enough for people to freely discuss whether vigorously pursuing porn-downloaders actually does reduce child abuse or not. After all, such would-be downloaders and image-sharers are inherently Bad People, so we Should Assume that hacking into their devices is good for society.

      Probably, though, the tool is mostly used for other purposes and we should talk about those other purposes and not be distracted by the acronym.

      • ."..freely discuss whether vigorously pursuing porn-downloaders actually does reduce child abuse or not"

        Academia has been monitoring this for decades. The answer is yes, arresting people who harm children stops people harming children.

        • by Qwertie ( 797303 )

          The answer is yes, arresting people who harm children stops people harming children.

          In the U.S. and a number of European countries, fictional child porn such as pencil drawings is illegal, as is the possession of said. Also, I have a pet hypothesis that most porn involving people from age 13 to 17 is actually created by people from age 13 to 17. I assume there's an argument to be made that teenagers who take pictures of themselves are harming themselves and other teenagers (and not just because they could

      • The moniker is misleading. Citizen Exploitation... something. Use for law enforcement could be for parking fines, debts, taxes, quarantine breaches etc. In fact we do not know if the data was lawfully required, or under the law of evidence, admissible. What one does know, is the OpenBSD crypto approach will make their jobs harder. What this WILL do is to increase global warming, as everyone adds crypto operations cycles to everything. Or people who have studied chemistry add a DIY self destruct solution, an
    • I totally agree.
      I hate the idea of illegal data, or in other words illegal numbers.
      Go after the producers and people who fund it, not random creeps who are just trying to satisfy their disgusting desires in a non-harmful way by downloading that stuff for free.
  • by Anonymous Coward
    LOL, Child Exploitation Response. This is literally the 'think of the children' argument.
  • News for Nerds who want to know what used to be true but really isn't any more, honest now.
  • by VeryFluffyBunny ( 5037285 ) on Tuesday July 06, 2021 @06:10PM (#61557183)
    This looks like the ideal solution: Make encryption & device security as strong as it needs to be to keep low-level crime at bay but when law enforcement & intelligence agencies need to get at some data on some specific device, they can. When the hardware, software & personnel expertise costs start at $7.4 million & will probably need further upgrades regularly to keep up with upgrades to device security for the foreseeable future, I think that's a fairly good balance between security & privacy, i.e. not cost-effective for dragnet surveillance. I bet most developed countries' police & intelligence agencies already have something like this anyway.
    • Though that's probably going to hide various other programmes they'd prefer not to talk about. But, on the other hand, I do suspect this is a low figure for what they're aiming at...

      More broadly your argument collapses because once the key to encrypted systems get out to the cops, it's going to keep on being used for any purpose that is convenient to the powers that be. Which won't be restricted to serious crime...

      • by VeryFluffyBunny ( 5037285 ) on Tuesday July 06, 2021 @06:38PM (#61557259)

        More broadly your argument collapses because once the key to encrypted systems get out to the cops, it's going to keep on being used for any purpose that is convenient to the powers that be. Which won't be restricted to serious crime...

        I suspect that what they're doing is using undisclosed vulnerabilities, cleverly designed algorithms & sheer brute force to crack encrypted devices. You get one key out of one device that isn't any use on any other devices. It takes big powerful hardware & highly trained, experienced technicians some period of time to crack each device. That's what keeps it targeted - It's expensive, i.e. doesn't scale cheaply.

        • It is eternal cat and mouse, with authorities reliably abusing every advantage they have.

        • by AmiMoJo ( 196126 )

          For the amount they are spending on this it probably doesn't make sense to build their own hardware. They could just rent time on a cloud service that has GPUs like Amazon E2C.

          I did that a while back when I forgot the password to an old backup, but didn't manage to recover the key. You would think that I'd be able to dictionary attack myself but apparently not.

      • > More broadly your argument collapses because once the key to encrypted systems get out to the cops, it's going to keep on being used for any purpose that is convenient to the powers that be. Which won't be restricted to serious crime...

        If there is "THE KEY to encrypted systems", like one key for all iphones, Apple is doing encryption very, very wrong. So wrong, in fact, that it arguably wouldn't be encryption at all, but just encoding, like Morse code or QR code. There is one key to decode Morse code.

    • There is no such range. Non-state entities, like botnets, already are faster

      And you are falsely implying that rightfully catching *some* people would justify terrorizing *all* people.
      It will not only be abused. It already is. NSA employees *did* spy on their love interests and enemies.

      • To me this is the right way, if the protection can be broken then it is going to be, criminals will not be bound by laws stopping people hacking devices. I do oppose intentionally breaking the protection in order allow police to access data.

  • by sdinfoserv ( 1793266 ) on Tuesday July 06, 2021 @06:23PM (#61557209)
    To save our children there must be no private communication between any adults! Every interaction, no matter how banal, must be open to scrutiny. We need active thought police. We need genetic testing to ferret out those with inborn propensity to commit crimes. Only by implementing these measures can we ensure the safety of tomorrows generation!
  • The Christian State, err, I mean, Vatican, has not been invaded and shut down yet.

  • Can't trust that SOB.

    - Commander Shepard

  • So 4.7 million usd, that is almost nothing. Does not sound like a mass surveillance effort. (Remember Snowden?) This may actually be what they are selling.
    • Yeah , this is probably mostly just to build a big fat GPU array , and a facility and staff to run it, to break into hard drives owned by child molsestors or whatever.

      • BS, That GPU array will be mining bitcoin when nobody is looking. BTW that has already happened on MANY supercomputers.
  • As an EU citizen I'm angry at this waste of money to upgrade something that is basically a brute-force engine. An upgrade that (at least theoretically) can be countered simply by upgrading the encryption used by the bad guys, which should be much cheaper for them.

This is the theory that Jack built. This is the flaw that lay in the theory that Jack built. This is the palpable verbal haze that hid the flaw that lay in...

Working...