Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!bloom-beacon!oberon!cit-vax!ucla-cs!zen!ucbvax!hoptoad!gnu From: gnu@hoptoad.uucp (John Gilmore) Newsgroups: sci.crypt Subject: Drugs, DES, and the criminal world (A New Connection?) Message-ID: <2954@hoptoad.uucp> Date: Mon, 14-Sep-87 07:53:07 EDT Article-I.D.: hoptoad.2954 Posted: Mon Sep 14 07:53:07 1987 Date-Received: Tue, 15-Sep-87 04:35:49 EDT References: <8709110523.AA14873@csl.csl.sri.com> Organization: Nebula Consultants in San Francisco Lines: 82 [The following appeared in the RISKS digest (comp.risks) v5#35. -- gnu] Date: 8 Sep 87 15:38:00 EDT From: "Jerry Leichter" Subject: Drugs, DES, and the criminal world (A New Connection?) To: "forum" Cc: risks@csl.sri.com, security@rutgers.edu >From "Logged On", by Vin McLellan - Digital Review, August 24, 1987, page 87 Anthony Prince Fairchild is doubtless a colorful rogue. Five years ago, when People magazine reported on a dispute between the Aspen sheriff and the Drug Enforcement Administration (DEA) about lax law enforcement in the Colorado resort town, Fairchild stepped forth - not to deny the DEA's allegations that he was running an Aspen "drug factory," but, rather, to defend eccentricity. "It's not against the law to be bizarre," he told People, which featured a photograph of him leaning back against a nude female mannequin he called Christina. Some may have found Fairchild's face familiar. An engineer by education and trade, Fairchild had also been a model: His Salem-smoking visage has adorned millions of magazines and billboards. He's now 50 years old, but police still call him a "pretty boy." Last month at a pre-trial hearing in San Jose, Calif., Fairchild curled up on a courthouse bench reading Firestarter, while the curious strolled by to check him out. After all, Fairchild had just had his bail changed from $2.5 million to "no bail" out of fear that he would post the money and disappear. "He looks just like Timothy Leary," said an onlooker, referring to the LSD guru the '60s. If Fairchild isn't a legend like Leary, it may be because federal authorities have never publicized the extent of their interest in him, even though they've sought him several times over the years. But after being arrested last November with eight kilos of cocaine, $12,000 in counterfeit money and 85 pounds of high explosives, Fairchild became a topic of rumor in Silicon Valley, in the California drug culture and, oddly enough, among the nation's top security consultants as well. "The guy's got a brain," remarked one California investigator. "You maybe couldn't guess it to see the mess he's in, but he's done a lot of things - legit things - and some say he's just slightly short of being absolutely brilliant." Fairchild's resume indicates success in a half-dozen careers, most recently as an EDP consultant in Silicon Valley. It claims he holds 11 U.S. patents, and states that he was one of the authors of Digital Research's Concurrent PC-DOS. The police say this work record is accurate. Predictably, Silicon Valley police have been among the first to confront the probleme of criminal enterprises that digitally encrypt incriminating records. "There's one case like that every six weeks around here," noted a local police reporter. "It's become quite common." The method of choice is, of course, the Digital Encryption Standard (DES), the cipher approved by the U.S. government for commercial data security. Fairchild used a Winterhalter DES board in a DOS micro to keep what police believe to be an extensive diary of the affairs of a "large international drug ring." Local, state and federal narcotics agents are all very eager to gain access to Fairchild's records. Indeed, Santa Clara, Calif., police reportedly used covert FBI funds to have a privately owned supercomputer grind away at cracking the DES-encrypted data. The attempt was not a big secret. Several EDP security consultants were asked to suggest crypto attacks. What made the DES attack feasible, if still unlikely to succeed, was that the Winterhalter device uses a program to transform a 6-to-16-character password into the 64-bit DES key. The cops got lucky: With a pass through a full English dictionary, and by culling significant names and such from Fairchild's personal history, they were apparently able to guess three of four passwords that were used to encrypt files stored on his micro. The passwords were all eight or fewer characters in length, and all in lowercase letters. The diary file continued to elude their efforts, but the police reasoned that if the DES password for the diary was less than eight characters, a "brute force" approach to finding it was possible. A cryptoanalyst who is a leading consultant for California banks was hired to make the attempt. The supercomputer may have actually been chewing away when the Justice Department stepped in late last month to confiscate copies of the encrypted diary, presumably as evidence in a federal drug case against Fairchild. This pre-empted local authorities from possibly making the big score. -- {dasys1,ncoast,well,sun,ihnp4}!hoptoad!gnu gnu@postgres.berkeley.edu