12-17-2009, 09:33 PM
|
|
|
THREEPEAT!!!
Join Date: Jan 2006
Location: NWMO
Casino cash: $9948214
|
Hackers counteract Microsoft COFEE with DECAF
http://www.geek.com/articles/chips/h...ecaf-20091215/
Quote:
In November Microsoft had an unusual piece of software pirated and released on BitTorrent. It was called COFEE and consisted of a suite of tools used by law enforcement to collect evidence through computer forensics.
Such software was bound to capture the interest of hackers and a month after the original uploading a new suite of tools has been released to counteract COFEE. The name of this protective suite is, of course, DECAF.
COFEE stands for Computer Online Forensic Evidence Extractor and can be plugged into any computer via a USB stick. The 150 or so tools it contains go to work collecting evidence with little or no intervention required by a person other than to remove the USB stick after COFEE has finished.
DECAF works to thwart any evidence collecting carried out by COFEE with a Lockdown Mode. It sits on a Windows machine waiting to detect COFEE. When it does, countermeasures are taken to remove or block the evidence COFEE is looking for. This includes deleting temporary files, clearing any logs COFEE makes, ejecting USB drvies, disabling most types of drives in a system, removing torrent clients, killing processes, shutting down the PC, or providing false information rendering the evidence useless. It is also configurable by the user.
Although remaining anonymous one of the two hackers behind the development of DECAF told The Register:
Quote:
|
"We want to promote a healthy unrestricted free flow of internet traffic and show why law enforcement should not solely rely on Microsoft to automate their intelligent evidence finding."
|
The decafme.org website has appeared a few days after DECAF’s initial release offering up the 181Kb set of tools. Development is also set to continue as it states on the website:
Quote:
|
"Future versions will have text message and email triggers so in case the computer needs to enter into lockdown mode the user can do it remotely. It will also have notification services where in the case of an emergency, someone can be notified (private torrent tracker admins). DECAF’s next release is going to be available in a more light-weight version and/or a windows service."
|
Unless you fear the authorities are about to bust down your door, or you are doing something highly illegal on your PC, then I don’t think you need to install DECAF. It’s usefulness may extend beyond that though and now COFEE is in the wild there’s nothing to stop it being modified to collect other evidence from a machine.
If COFEE can be deployed remotely online then it could become a security threat and DECAF may be the best form of defense. We have no details on how and if it works yet, though, so if you are going to download it do so with caution.
One of the first companies to look at DECAF will of course be Microsoft. If it renders COFEE useless then no doubt it will have to update the tool set and then we get into a cat & mouse game of updates between the two sets of tools.
|
Damn microsoft....can't be trusted
And here's the site for DECAF
http://decafme.org/
|
|
Posts: 19,897
|
|
Hackers counteract Microsoft COFEE with DECAF
Linear Mode
