Dec 20, 2009

Data leakage strikes Microsoft's Cofee

Microsoft has confirmed that its crime scene computer forensic software Cofee has been leaked onto the net.

Richard Boscovich, senior attorney of Microsoft's Internet Safety Enforcement Team, said in a statement that the software had been leaked onto filesharing and torrent sites "improperly", and urged anyone who has seen it not to download it.

"We have confirmed that unauthorised and modified versions of Microsoft’s Cofee tool have been improperly posted to bit torrent networks for public download," he said.

"We strongly recommend against downloading any technology purporting to be Cofee outside of authorised channels – both because any unauthorised technology may not be what it claims to be and because Microsoft has only granted legal usage rights for our Cofee technology for law-enforcement purposes for which the tool was designed."

However, he poured cold water on suggestions that the software could be manipulated so that it could be used by criminals to steal information. Earlier this week Graham Cluley, senior technology consultant at Sophos, said that criminals could set up systems that would react when Cofee is being used on their machine.

"That might make life difficult for the computer cops when they try to dash-and-grab data from a suspicious PC," he said.

Boscovich countered, "We do not anticipate the possible availability of Cofee for cybercriminals to download and find ways to ‘build around’ to be a significant concern.

"Cofee was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world. Its value for law enforcement is not in secret functionality unknown to cybercriminals, its value is in the way Cofee brings those tools together in a simple and customisable format for law-enforcement us e in the field."

He added that Microsoft was committed to stopping the leaks and encouraged all parties not to download Cofee illegally.

"In co-operation with our partners, we will continue to work to mitigate unauthorised distribution of our technology beyond the means for which it’s been legally provided and, again, would strongly discourage people from downloading unauthorised versions of the tool," he said.

No comments: