Law / Items
Hackers declare war on international forensics tool • The Register
Get Feed- Description
-
Hackers have released software they say sabotages a suite of forensics utilities Microsoft provides for free to hundreds of law enforcement agencies across the globe.
Decaf is a light-weight application that monitors Windows systems for the presence of COFEE, a bundle of some 150 point-and-click tools used by police to collect digital evidence at crime scenes. When a USB stick containing the Microsoft software is attached to a protected PC, Decaf automatically executes a variety of countermeasures.
Decaf boasts a huge variety of user-driven countermeasures against COFEE. In addition to nuking temporary files within seconds of detecting files or processes associated with the investigative tool, Decaf can also clear all COFEE logs, disable USB drives, and contaminate or spoof a variety of MAC addresses. Future versions promise to add features that allow users to remotely lock down protected systems.
The software began seeding on private BitTorrent trackers on Sunday afternoon, and shortly thereafter, it was posted here. The Register wasn't able to immediately analyze the 181 KB executable to confirm it performed as advertised.
The release of Decaf follows the leak last month of COFEE. By the time Microsoft lawyers demanded the removal of COFEE from sites such as Cryptome, the genie was already out of the bottle. To this day, COFEE remains available on Wikileaks.
- Original URL
Comments
Report ThisTwine is about discovering, collecting and sharing the content that interests you. Learn More
JDP
Public Comments
Add a Comment