A powerful set of tools specifically designed to circumvent security on computers running the Microsoft Windows operating systems was released to law enforcement and military intelligence staff in the U.S and other foreign countries by Microsoft in the summer of 2007.
The USB device was dubbed COFEE which stands for Computer Online Forensic Evidence Extractor. COFEE is said to contain over 100 software programs that allow the holder to quickly discover passwords, decrypt files and folders, view recent Internet activity and a great deal more. On piece of functionality allows evidence to be gathered while the computer is still connected to the Internet or other network. All you have to do is plug COFEE into a USB port of a running computer and the data extraction begins with the click of a mouse. Some security professionals and privacy advocates are concerned that Microsoft has created a secret back door within Windows. This is a concern the Microsoft has denied.
Nearly 400 people from more than 80 agencies in 35 countries attended the conference where Microsoft provided training on this tool. COFEE seems to be an easy to use, automated computer forensic tool that can be used by investigators in the field. However, one has to wonder how fast one of these devices will find their way to the darks side and in the hands of criminals. I would bet within hours of the initial distribution of this device, a bounty was established payable to the first person to deliver COFEE into the hands of the bad guys.
The attendees were shown how to use the device and other technologies that can help them fight cybercrime as well as help them investigate traditional crime with an online component. They were also instructed on topics that covered how to collect evidence from PDAs running Windows CE and how to gather evidence from Microsoft's online services and products like Hotmail and Windows.
Distribution: More than 2,000 law enforcement and intelligence officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States have received the device.
Development: COFEE is said to have been developed by a former Hong Kong police officer who now works for Microsoft.
Professional hackers and cyber weapons designers are smarter than you think. They have their own versions of COFEE and in all likelihood they are much better than the Microsoft tool. In fact, one professional hacker said, "If it works as good as other Microsoft applications - no one has anything to worry about." I bet they get the old "Blue Screen of Death as well."
The risk of tools like this being used by criminals and our enemies is very real. So is the potential misuse of these capabilities and the threat that it poses to privacy. That being said, given the current state of cyber crime and the threat of cyber terrorism and the looming risk of cyber war, the military, intelligence organizations and law enforcement needs all the help they can get. As I have said many times before, one person's tool is another's weapon.
-- Kevin Coleman
