http://torrentfreak.com/images/cofeeleak1.jpgCOFEE Forensic Tool Leaks To What.cd, Admins Ban It
November 08, 2009

" Microsoft’s much sought-after COFEE law-enforcement forensic tool has leaked onto the Internet. One user uploaded it to private tracker What.cd to collect a huge 1.6tb bounty. However, in a sensible move, the admins of the site took action to remove the link and ban further sharing of the tool via the site.

“Law enforcement agencies around the world face a common challenge in their fight against cybercrime, child pornography, online fraud, and other computer-facilitated crimes,” says the marketing blurb on Microsoft’s site.

“They must capture important evidence on a computer at the scene of an investigation before it is powered down and removed for later analysis. ‘Live’ evidence, such as active system processes and network data, is volatile and may be lost in the process of turning off a computer. How does an officer on the scene effectively do this if he or she is not a trained computer forensics expert?”

Using COFEE, of course.

The Computer Online Forensic Evidence Extractor (COFEE) is a piece of software designed for the use of law enforcement agencies, and provided to the same free of charge by Microsoft. And, largely because of its mystique, has been a much sought-after piece of code.

Indeed, on the private tracker What.cd, users had offered a huge bounty (a reward for finding and sharing something) of 1.6 terabytes.

During the last day or so, a user – who had only been a member for a matter of weeks – uploaded COFEE.

However, What.cd then took the unusual step of removing the torrent. Not just an unusual step but, in my opinion, a very sensible step indeed.

“Suddenly, we were forced to take a real look at the program, its source, and the potential impact on the site and security of our users and staff,” said What.cd management in a statement.

“And when we did, we didn’t like what came of it. So, a decision was made. The torrent was removed (and it is not to be uploaded here again),” they added.

According to the site’s staff, neither them or their host was threatened by Microsoft or law enforcement. The decision was taken purely on the issue of site and member security.

Of course, the tool is now widely available from other sources and while some are saying that the tool is useless to regular Internet users, there are others who disagree. It certainly won’t take long for a detailed analysis to appear.

There will doubtless be lots of finger-wagging and complaints that this tool has become available in this way, but as with unexpected leaks of anything from software, to movies, to music, rarely is the finger pointed at the initial supplier of the material. That is usually way too embarrassing to reveal. "

:source: Source: http://torrentfreak.com/cofee-forensic-tool-leaks-to-what-cd-admins-ban-it-091108/:view: Homepage: http://torrentfreak.com

Is still can be found in some other trackers ...

In the battle between an individual's right to privacy and an effective means to capture illegal activity done with that computer, I err on the side of privacy.

Ofc, there is the argument that one should just not do illegal things on their computer. However, there has never been a device more thorough in recording our activities, our thoughts, our interests, and much more.

I doubt many of us would feel comfortable being videotaped 24/7 on the off chance that we might do something illegal. The same bad argument can be applied- just don't do anything illegal and you won't have anything to worry about. Right.

I simply do not want that kind of "evidence" available to agents or agencies who would take away our freedom. Even with all of the bad things things that can be done, I want a barrier between individual rights and constant surveillance. I understand that protects some serious scumbags. However, I believe they are in the extreme minority so efforts to catch them should not put us all under scrutiny.

I also do not like the fact that our operating system stores so much information. M$ has shown repeatedly that they cannot be responsible towards consumer rights. I do not want them to be the end decision maker for consumer privacy.

That said, I believe users of Windows have a right to know exactly what M$ has been keeping on our computers and we should have the ability to disable such surveillance.

One thing I worry about is whether this is actually real. From what I have seen from others posts, the program seems relatively simple. Very basic GUI, sends a couple commands to the computer and outputs them in a easy to read format.

Would it really be that hard for someone to program a fake "COFEE" in order to get a nice (big) buffer on one of the most notoriously difficult of sites to seed on?

Or could the authorities simply have given us a severely simplified version in order to track anyone who would download it?

I really just don't see the appeal or motive for any authority to leak something like this. It's extremely dangerous for their career, only to collect some bounty on a petty little torrent site.

Edit, I was wrong it's not worthless to some people, only the truest of truest criminals.

the app must be high tech,if it can break through protections

Edited quote it's not useless

If it is valuable for cops, then someone will be able to take the program apart and be able to make a program that eliminates what it is looking for. That is good, IMO (in light of my above post).

I take back what I said, I've delged deeper into it.

I guess it can break shit apart, but there are hackers who've been doing this for years, and it's a police tool, I mean they've been doing this for years stated in the article even before this program was around.

Computer Online Forensic Evidence Extractor (COFEE) is a modified USB flash drive for investigators for quick extraction of forensic data from computers that are suspected to contain evidence of criminal activity. It allows investigators to search through data onsite as an automated forensic tool. The device, developed by Microsoft, is activated by being plugged into a USB port, and purportedly contains 150 commands that can dramatically cut the time it takes to gather digital evidence (estimates cited by Microsoft state that a job that previously took 3-4 hours can be done with COFEE in as little as 20 minutes. These commands offer such functions as the ability to decrypt passwords, search a computer's Internet activity, and analyze the data stored on a computer — including data stored in volatile memory, which could be lost if the computer were shut down for transport to a lab. Microsoft provides COFEE devices and online technical support free to law enforcement agencies.

COFEE was developed by Anthony Fung, a former Hong Kong police officer who now works as a senior investigator on Microsoft's Internet Safety Enforcement Team. Fung conceived of the device following discussions he had at a 2006 law enforcement technology conference sponsored by Microsoft. The device is used by more than 2,000 officers in at least 15 countries.

A case cited by Microsoft in April 2008 credits COFEE as being crucial in a New Zealand investigation into the trafficking of child pornography, producing evidence that led to an arrest.

In April 2009 Microsoft and INTERPOL signed an agreement under which INTERPOL would serve as principal international distributor of COFEE. University College Dublin's Center for Cyber Crime Investigations in conjunction with INTERPOL develops programs for training forensic experts in using COFEE. The National White Collar Crime Center has been licensed by Microsoft to be the sole US domestic distributor of COFEE.

On November 6, 2009, Microsoft COFEE leaked onto various BitTorrent websites

Microsoft COFEE, Some of the Most Illegal Software You Can Pirate
http://gizmodo.com/5399377/microsoft-cofee-some-of-the-most-illegal-software-you-can-pirate

These commands offer such functions as the ability to decrypt passwords

Has that always been an easy thing to do or is that kinda scary? A lot could be done with that if put in the wrong hands...

There are program out that can decrypt WinRAR passwords, and there are password breakers and password decrypters around...

How do you think you can rip a DVD?

I honestly don't know anything about ripping. I just DL :D

I thought protocols such as https and SSL were made so that... encrypted traffic could be used to prevent prying eyes from sensitive material such as passwords, credit card #s, ect.

What would happen if the best "de-encrypters" were available to the public?

I also, can see this is used for a good think to "trafficking of child pornography"

But you have to think there's Echelon and Tempest....so this is just one of many tools.

If this were ONLY used against pedos, who would not be all for it? However, it will be used against anyone who is under investigation. Who wants all of their computer use exposed and manipulated?

No. There still needs to be a protection of an individual's right to privacy. Otherwise, we'll live in a police state.

Something of interest?

:lol:

Just lurking on IRC chan (a.b.warez) and apparently it's fucked up?

[19:25:21] <Onelouder> that ms cofee release has a bad installer
[19:27:42] * [L^O^L] is now known as |^L^O^L^|
[19:28:46] <dr1v3r> the one that was banned on what? :P
[19:29:45] <Onelouder> ya
[19:30:49] <Onelouder> whoever packaged it fucked it up
[19:31:45] <dr1v3r> Which is why you wait till other ppl cmt on it before leeching ;)
[19:32:50] <Onelouder> meh, I just wanted to see what the hubub was about
[19:33:22] <dr1v3r> Is it worth it?
[19:33:23] <Onelouder> then I realized its just a bunch of programs that have been in windows releases since win nt
[19:33:31] <dr1v3r> guess not :p
[19:33:33] <Onelouder> all packaged for a bunch of dumb cops to use

Well the scene tried to have a crack at it too.

[ MICROSOFT.COMPUTER.ONLINE.FORENSIC.EVIDENCE.EXTRACTOR.V1.1.2-PHASE ] [ 0DAY ] [ Released 19h 36m 33s ago [11/9/2009] ] [ 14.5MB in 10F ] [ NUKED :: not.pred.by.PHASE_stolen.from.p2p_i34.tinypic.com.o7o8l1.jpg ]

How do you think you can rip a DVD?

You can decrypt a DVD because the keys required are well known, all any dvd ripping s/ware does is apply the key to the file and then dump the results into a new file, nobody is cracking anything. I think most winrar crackers use a brute force attack. From what I understand COFEE is a collection of software bundled on a usb stick that grabs a heap of stuff that might be useful in an investigation and dumps it back on to the stick for use as evidence, I don't think it can break any encryption or passwords.

It says it can stating from the WIKI, there working copies out there evident from the screenshot, and there is a decrypting "alogrithim" in it to.

COFEE software that helps law enforcement grab data from password protected or encrypted sources is leaking all over the internet. So not only can you steal the software, but break the law by using it too.