Question Have Police successfully cracked BitLocker in the past?

Please provide comments and solutions that are helpful to the author of this topic.

S

Studynxx

Level 4
Thread author
Jan 20, 2023
227
I've been trying to find evidence that they have access to some kind of backdoor in BitLocker, but unsuccessful thus far.
 
Bot

Bot

AI-powered Bot
Apr 21, 2016
4,514
There's no public evidence to suggest that police or any other authorities have a backdoor to BitLocker. It's designed to protect data by providing encryption, and Microsoft has always maintained that they do not provide backdoors to any government agencies.
 
  • Like
  • Wow
Reactions: TairikuOkami and Studynxx
TairikuOkami

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
What backdoor, Bitlocker keys are generally stored in MSA, MS proudly admits that it is helping police as per law to access onedrive, outlook and such to help to fight the "crime".
Always encrypt files and file names before uploading them online, that should help you to avoid AI's private files detection, banning the account or facing criminal charges.
blogs.microsoft.com

An update on our approach to tackling intimate image abuse - Microsoft On the Issues

Since 2015, Microsoft has recognized the very real reputational, emotional, and other devastating impacts that arise when intimate imagery of a person is shared online without their consent. However, this challenge has only become more serious and more complex over time, as technology has...
blogs.microsoft.com blogs.microsoft.com

About our practices and your data - Microsoft & Data Law

At Microsoft, we believe customers deserve to understand our policies for responding to government requests for their data. This transparency also helps inform policymakers as they work to modernize laws that impact our customers. In addition to the detailed frequently asked questions (FAQs)...
blogs.microsoft.com
  • Microsoft does not provide any government with direct and unfettered access to our customers’ data, and we do not provide any government with our encryption keys or the ability to break our encryption.
Click to expand...
Note the law talk, they do not provide the direct access, but they can, if asked for it, whether it is related to Patriot Act or hate speech is up for the interpretation by lawyers.
 
  • +Reputation
  • Like
Reactions: roger_m and simmerskool
Vitali Ortzi

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
TairikuOkami said:
What backdoor, Bitlocker keys are generally stored in MSA, MS proudly admits that it is helping police as per law to access onedrive, outlook and such to help to fight the "crime".
Always encrypt files and file names before uploading them online, that should help you to avoid AI's private files detection, banning the account or facing criminal charges.
blogs.microsoft.com

An update on our approach to tackling intimate image abuse - Microsoft On the Issues

Since 2015, Microsoft has recognized the very real reputational, emotional, and other devastating impacts that arise when intimate imagery of a person is shared online without their consent. However, this challenge has only become more serious and more complex over time, as technology has...
blogs.microsoft.com blogs.microsoft.com

About our practices and your data - Microsoft & Data Law

At Microsoft, we believe customers deserve to understand our policies for responding to government requests for their data. This transparency also helps inform policymakers as they work to modernize laws that impact our customers. In addition to the detailed frequently asked questions (FAQs)...
blogs.microsoft.com

Note the law talk, they do not provide the direct access, but they can, if asked for it, whether it is related to Patriot Act or hate speech is up for the interpretation by lawyers.
Click to expand...
If the system didn't reboot it will probably be easy to dump memory with some kind of an attack without a need to request access although they probably have other methods too and if everything fails they can just request legal access from Microsoft or if they are lazy And if Microsoft would have refused some departments have Israeli software that's built for iOS , android , windows etc
With all kinds of methods to crack , bypass etc
 
  • Like
Reactions: roger_m, simmerskool and TairikuOkami
TairikuOkami

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
Vitali Ortzi said:
If the system didn't reboot it will probably be easy to dump memory with some kind of an attack without a need to request access
Click to expand...
Yes, several options are available, pagefile being the main one, removing it at shutdown works till the PC is reset, then it is pointless.
Code: 
rem Encrypt the Pagefile
fsutil behavior set EncryptPagingFile 1

rem 1 - The device does not store the user's credentials for automatic sign-in after a Windows Update restart. The users' lock screen apps are not restarted after the system restarts.
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableAutomaticRestartSignOn" /t REG_DWORD /d "1" /f

rem Determines how many user account entries Windows saves in the logon cache on the local computer.
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "CachedLogonsCount" /t REG_DWORD /d "0" /f

rem 1 - Do not allow storage of passwords and credentials for network authentication in the Credential Manager
reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "DisableDomainCreds" /t REG_DWORD /d "1" /f

rem Digest Security Provider is disabled by default, but malware can enable it to recover the plain text passwords from the system’s memory (+CachedLogonsCount/+DisableDomainCreds/+DisableAutomaticRestartSignOn)
reg add "HKLM\System\CurrentControlSet\Control\SecurityProviders\WDigest" /v "Negotiate" /t REG_DWORD /d "0" /f
reg add "HKLM\System\CurrentControlSet\Control\SecurityProviders\WDigest" /v "UseLogonCredential" /t REG_DWORD /d "0" /f

rem Restrict Delegation of Credentials
rem https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5
reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "DisableRestrictedAdmin" /t REG_DWORD /d "0" /f
reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "DisableRestrictedAdminOutboundCreds" /t REG_DWORD /d "1" /f

rem https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection
reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "RunAsPPL" /t REG_DWORD /d "1" /f
reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "RunAsPPLBoot" /t REG_DWORD /d "2" /f
 
  • Like
  • +Reputation
Reactions: roger_m, simmerskool and Vitali Ortzi
Vitali Ortzi

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
TairikuOkami said:
Yes, several options are available, pagefile being the main one, removing it at shutdown works till the PC is reset, then it is pointless.
Code: 
rem Encrypt the Pagefile
fsutil behavior set EncryptPagingFile 1

rem 1 - The device does not store the user's credentials for automatic sign-in after a Windows Update restart. The users' lock screen apps are not restarted after the system restarts.
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableAutomaticRestartSignOn" /t REG_DWORD /d "1" /f

rem Determines how many user account entries Windows saves in the logon cache on the local computer.
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "CachedLogonsCount" /t REG_DWORD /d "0" /f

rem 1 - Do not allow storage of passwords and credentials for network authentication in the Credential Manager
reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "DisableDomainCreds" /t REG_DWORD /d "1" /f

rem Digest Security Provider is disabled by default, but malware can enable it to recover the plain text passwords from the system’s memory (+CachedLogonsCount/+DisableDomainCreds/+DisableAutomaticRestartSignOn)
reg add "HKLM\System\CurrentControlSet\Control\SecurityProviders\WDigest" /v "Negotiate" /t REG_DWORD /d "0" /f
reg add "HKLM\System\CurrentControlSet\Control\SecurityProviders\WDigest" /v "UseLogonCredential" /t REG_DWORD /d "0" /f

rem Restrict Delegation of Credentials
rem https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5
reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "DisableRestrictedAdmin" /t REG_DWORD /d "0" /f
reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "DisableRestrictedAdminOutboundCreds" /t REG_DWORD /d "1" /f

rem https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection
reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "RunAsPPL" /t REG_DWORD /d "1" /f
reg add "HKLM\System\CurrentControlSet\Control\Lsa" /v "RunAsPPLBoot" /t REG_DWORD /d "2" /f
Click to expand...
They can just implement malware in some controller firmware and give the PC back to y XD
 
  • Like
Reactions: Game Of Thrones, Studynxx, simmerskool and 1 other person
TairikuOkami

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
Vitali Ortzi said:
They can just implement malware in some controller firmware and give the PC back to y XD
Click to expand...
That is the reason I disable AMD PSP, Intel has something similar. I do not mind being paranoid, it pays off in a long run. 🤫

capture_12082024_171848.jpg
 
  • Applause
Reactions: simmerskool
S

Studynxx

Level 4
Thread author
Jan 20, 2023
227
Vitali Ortzi said:
If the system didn't reboot it will probably be easy to dump memory with some kind of an attack without a need to request access although they probably have other methods too and if everything fails they can just request legal access from Microsoft or if they are lazy And if Microsoft would have refused some departments have Israeli software that's built for iOS , android , windows etc
With all kinds of methods to crack , bypass etc
Click to expand...
Wait, are you saying hibernating the PC with BitLocker enabled won't work, and they can still bypass the need for the BitLocker PIN?
 
S

Studynxx

Level 4
Thread author
Jan 20, 2023
227
Vitali Ortzi said:
Ot will have to go through a whole cold boot and that will fully stop only that specific method
The solutions above will partially protect against it
Click to expand...
That means shutting it down, or does it mean shutting it down and then turning off the PSU (there's a switch in the back of the PC)?

And even if that's true, you're saying that there's many other methods we don't know, that agencies like the NSA or police do know about?
 
bazang

bazang

Level 8
Jul 3, 2024
359
Studynxx said:
And even if that's true, you're saying that there's many other methods we don't know, that agencies like the NSA or police do know about?
Click to expand...
Governments and organized cyber criminals have all kinds of methods. They are on a continuous development cycle of probing any aspect of any software and hardware for ways to exploit it. They literally have hundreds of tricks in their rabbit hat.

There is a certain faction of people that believe the opinion below, so they've instigated Microsoft alternatives and at one time there was big drama about BitLocker.

Years back, speculation of a Bitlocker backdoor was all the rage amongst the paranoid and anti-establishment ideologues. The solution was TrueCrypt and then VeraCrypt when the TrueCrypt project s h i t the bed.

TuxTalk said:
MicroSoft is the US Governments lapdog, when the government tells them to bark they will obey.
Click to expand...
(Microsoft is no different than any other software publishers. Ideological people who contributed to FOSS projects meant to be anti-establishment have cooperated with many governments when those governments showed them who is boss. So much for those projects statement of "We will never cooperate! Never!")

I own a company. I could care less what ANY government does to you or anyone else. I am not going to risk my company to defend your data as part of some principle or ideology. Only a fool would not cooperate with the government and thereby bring down an avalanche of really negative consequences. Besides. Who knows. You could be a terrorist or criminal, and I never support them by not cooperating. Essentially, this is a global business policy.

If you worry about being a government getting access to your hard disk, then you've got much bigger problems. Never mind the fact that Dmitry and Igor Lybansky already have all your infos in their global network and gladly sell it to anyone willing to pay.
 
  • Like
  • Applause
  • Hundred Points
Reactions: Sorrento, Oldie1950 and Studynxx
Victor M

Victor M

Level 13
Verified
Top Poster
Well-known
Oct 3, 2022
645
NSA has been known to develop exploits and hacks. For example, NSA has engineered firmware backdoors for old 2002 era PCs and they were leaked. Snowden has found something else I forgot. And NSA has no reason to change their ways. Just be a 'normal' citizen and perhaps they wouldn't bother you.
 
  • Like
Reactions: Game Of Thrones, Oldie1950, roger_m and 2 others

Similar threads

S
    • Wow
Serious Discussion Do we have official - of any date - proof that BitLocker has a backdoor?
Replies
8
Views
499
General Security Discussions
Wrecker4923
Wrecker4923
Gandalf_The_Grey
    • +Reputation
    • Applause
    • Like
Malware News New ShrinkLocker ransomware decryptor recovers BitLocker password
Replies
0
Views
370
Security News
Gandalf_The_Grey
Gandalf_The_Grey
vtqhtr413
    • +Reputation
    • Like
Security News ShrinkLocker: Turning BitLocker into ransomware
Replies
1
Views
1,948
Security News
Vasudev
V

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top