Russian spies made themselves at home at Microsoft, among other U.S. institutions, and proved that an (arguably) open source disk encryption application is a tough nut to crack.
Those of us who were conscious of international politics in the 1980s and earlier have clear memories of the Cold War, in which the lead actors on either side were the United States of America and the Union of Soviet Socialist Republics. Spy movies focusing on this conflict — rarely a directly violent “war”, thus metaphorically called “cold” — often drew upon the romanticism of such characters as James Bond, and much of President Reagan’s successes as the chief executive officer of the U.S. revolved around his often tense but occasionally collaborative relationship with his Russian counterpart, Mikhail Gorbachev. Two alliances — the North Atlantic Treaty Organization (NATO) and the Warsaw Pact — served primarily as proxies for these two sides of the Cold War. One of the most beloved films of the ’80s was 1984’s Red Dawn, the story of a group of young people who managed to slip through the cracks when a small isolated town was overrun in a Soviet invasion of parts of the United States. Such fans also tend to shudder at the prospect of an upcoming remake of the film.
It is surely with a bit of dramatic — if a bit tongue in cheek — nostalgia that many of us viewed the early reports of a Russian spy ring broken up by the FBI almost 20 years after the USSR ceased to exist and the Cold War was pretty clearly over. The landscape of U.S. national security, it seemed, had changed forever. Gone would be the days of romantic movies of adventure and danger where James Bond and Xenia Sergeevna Onatopp plotting and scheming against each other even as they gave each other smoldering looks. There have been a few films since then that touched on the Cold War, but for the most part it was the end of an era.
Our new alleged Russian deep cover spy ring in the United States seems like an anachronistic bit of out-of-place history. How much the cultural significance of this situation escapes the younger generations is certainly an interesting subject to ponder.
Two developments in this case are perhaps of particular interest to those who deal in the information technology industry in general, and specifically IT security:
Alexey Karetnikov, suspected of involvement in the Russian spy ring, was a Microsoft employee at the time the FBI caught up to him. The inevitable jokes about Microsoft security and the quality of MS Windows Vista have already begun to surface, such as in the comments following TechFlash article, Reports: alleged 12th Russian spy worked at Microsoft. More information is available in other articles.
The FBI ran into a hurdle it could not overcome in its investigation in the form of TrueCrypt, an (arguably) open source software disk encryption application available for MS Windows, Apple MacOS X, and Linux-based systems. Evidently, the primary technique used to try to crack it was a brute force attack on the user’s password, and the failure of the effort speaks well of the importance of strong passwords. Not only the FBI, but Brazilian counterparts as well, spent months in the attempt.
TechWorld’s article, FBI crackers fail to crack TrueCrypt, provides a decent overview of the disk encryption situation. The article might be regarded as a review and recommendation for the use of TrueCrypt for your disk encryption needs, offered by the FBI itself, even if that was not an intentional effect of the FBI’s involvement. A single case does not truly prove anything except that, in this one case, those seeking to crack TrueCrypt security failed — but it is certainly an interesting piece of information to consider when selecting disk encryption software, especially on the MS Windows platform where open source disk encryption choices are fewer and farther between than on open source OSs.