Intelligence experts cracked Ian Watkins' password

Paedophiles seeking to hide images in protected computer files have been warned that any password can be cracked.

A laptop seized from the home of Ian Watkins (singer of Welsh rock band Lostprophets) in Pontypridd, South Wales, was locked and police could not open it.

But an expert from the intelligence agency GCHQ was brought in and cracked it.

Watkins, who used a sick reference to his own perversion as his password, was also found to have encrypted files within an encrypted hard drive, all of which eventually delivered up their sordid secrets.

Watkins has been sentenced to 35 years in prison for child sex offenses.

Intelligence experts cracked Ian Watkins' password



The article goes on to say:

He added: "There is a message there to people. That message is: you can encrypt away as much as you like. But do not think you are safe.

"There are people who will find a way into the device and you will be brought to book."

I think it goes without saying that everyone is going to have mixed feelings about this news. Very pleased a pedophile has been caught and brought to justice, but not happy that the authorities have the knowledge to easily break tough software and hardware encryption.

Of course they are not saying what kind of encryption he was using. Was it truecrypt or bitlocker? Ive never heard of either of them being broken until now. But after looking around on the net there seems to be people claiming there are a few ways to do it. I did know there was a way to do bitlocker by tapping into a memory file while the computer was on.

"Experts" lol. A 5 minute search on Google can find you all the software you need to crack any password.

reply to post by CallYourBluff


Yep there are bots out there that can do it very quickly.

-SAP-

CallYourBluff
"Experts" lol. A 5 minute search on Google can find you all the software you need to crack any password.

Cracking full hard drive encryption is not the same a brute forcing a password to a zip file.

PhoenixOD

I think it goes without saying that everyone is going to have mixed feelings about this news. Very pleased a pedophile has been caught and brought to justice, but not happy that the authorities have the knowledge to easily break tough software and hardware encryption.

Well they say they discovered his password, which apparently he didnt make that hard to figure out. Thats not exactly "easily breaking" encryption, its figuring out the right key and unlocking the encryption.

If he used a long string of randomized characters from say a pool of 100 possible characters (a standard keyboard has 98 on it or something), password guessing probably wouldnt have been a viable strategy.

CallYourBluff
"Experts" lol. A 5 minute search on Google can find you all the software you need to crack any password.

Sure, theyll give you the software... but whats not included is 10,000 Starship Enterprise computers to run that software for a million years to exhaust all possible combinations of character strings of x length. And even then, just add 3 more characters on the end, and youll be waiting a billion years instead of a million.

PhoenixOD

CallYourBluff
"Experts" lol. A 5 minute search on Google can find you all the software you need to crack any password.

Cracking full hard drive encryption is not the same a brute forcing a password to a zip file.

edit on 18-12-2013 by PhoenixOD because: (no reason given)

I didn't say it was, but the software is easy to find if you know what you're looking for.

CaticusMaximus

CallYourBluff
"Experts" lol. A 5 minute search on Google can find you all the software you need to crack any password.

Sure, theyll give you the software... but whats not included is 10,000 Starship Enterprise computers to run that software for a million years to exhaust all possible combinations of character strings of x length. And even then, just add add 3 more characters on the end, and youll be waiting a billion years instead of a million.

edit on 12/18/2013 by CaticusMaximus because: (no reason given)

The password was I****kids. Not exactly top secret Government encryption.
Edit to add. High end encryption is cracked every day by people using a single computer. You do not need massive computing power if you know what you are doing.

CallYourBluff

CaticusMaximus

CallYourBluff
"Experts" lol. A 5 minute search on Google can find you all the software you need to crack any password.

Sure, theyll give you the software... but whats not included is 10,000 Starship Enterprise computers to run that software for a million years to exhaust all possible combinations of character strings of x length. And even then, just add add 3 more characters on the end, and youll be waiting a billion years instead of a million.

edit on 12/18/2013 by CaticusMaximus because: (no reason given)

The password was I****kids. Not exactly top secret Government encryption.
Edit to add. High end encryption is cracked every day by people using a single computer. You do not need massive computing power if you know what you are doing.

edit on 18-12-2013 by CallYourBluff because: (no reason given)

I call BS on this. If your claim was accurate Assange's insurance file would have been opened by now. It's the most targeted file in the world to crack, and consequently the best advertisement of proper encryption to date.

"... a sick reference to his own perversion ..." suggests the use of brute-forcing with wordlists. Simply put: common words, or combinations of common words (or words specifically connected in combination with certain crimes) tried one after another (by software, of course). This can be pretty quick and easy, therefore any words from the dictionary (or combination of such, in sentences or whatever) are NOT secure passwords.
That's why services often suggest use of all kinds of special characters, among other things.

After seeing what his password was it wouldn't take very long to crack being only 9 characters long and all lower case

quite often when trying brute force you start off with a dictionary attack (with common variations like password and passw0rd) then on to more complex methods such as brute force lower case then lower+numbers etc

i'm sure gchq have got brute force down to a fine art and such a small password was probably done before lunch

Hi OP, please confirm if possible about the prison.

It was reported that Watkins was shaking during court sentencing. I'm confused as to what prison Watkins is in. A news source mentioned PARK prison. But it seems there are two prisons with that name in Wales.

1. Park Prison, a privately owned prison with high suicide rates. Reportedly the prison has a graphic design workshop. Since Watkins was a graphic designer before singing. New career!

2. Park Hurst prison, a govt prison and also the toughest prison in the British Isles. Housed the Yorkshire ripper and Moor murderer Ian Brady.

reply to post by AsianAlienKungFusion


He'll be under 24x7 watch as i'm sure plenty of people would love to give a shanking so i doubt any soft prison will have the facilities to keep him safe so it'll have to be a high security one probably with its own nonce wing to try and segregate them from the common murderers/rapists etc

reply to post by Aazadan

If your claim was accurate Assange's insurance file would have been opened by now.

Bingo. If cracking passwords were so damn easy they would have cracked that insurance file by now. Their claim that "any password can be cracked" is just completely absurd, nothing but scare mongering for those people who don't know squat about encryption. He used a simple password made of common phrases, of course it was easy to crack. If he had of used a long string of random letters and numbers then it would have been virtually impossible to crack, even with a super computer. Just pointing out the facts.

reply to post by CallYourBluff


So they brute forced his password.

With modern computer hardware especially setup to brute force passwords that probably took 9 seconds.

had the guy used a 20 digit password with a combination of upper case, lower case, numbers and special characters that wasn't a dictionary word he would still be walking around free.

reply to post by AsianAlienKungFusion


i dont think it really matters, hes going to get a good kicking which ever one he goes in.

The truth of the matter is, you don't need to brute force any password. The information can be taken physically from a hard drive. There are many ways to bypass the entire encryption process. It's not as if a hard drive has a dynamic encryption.

PhoenixOD
reply to post by AsianAlienKungFusion

 

i dont think it really matters, hes going to get a good kicking which ever one he goes in.

Not likely, UK prisons are segregated. He will be in with similar company.

CallYourBluff
The truth of the matter is, you don't need to brute force any password. The information can be taken physically from a hard drive. There are many ways to bypass the entire encryption process. It's not as if a hard drive has a dynamic encryption.

You can not lift data physically from a bitlocker encrypted drive , you can not just bypass the encryption thats the whole point of the system

BitLocker ensures that every sector is encrypted with a slightly different key

Which could be called dynamically encrypted.

books.google.co.uk... NzJDCDnQ8&hl=en&sa=X&ei=uta0UvTkMsWw7AbejYGQDA&ved=0CEAQ6AEwAg#v=onepage&q=bit%20locker%20encrypts%20every%20sector&f=false

In prison Ian's new nick name will be Flight 93

Welcome to Shanksville