gnu@hoptoad.uucp (John Gilmore) (09/14/87)
[The following appeared in the RISKS digest (comp.risks) v5#35. -- gnu]
Date: 8 Sep 87 15:38:00 EDT
From: "Jerry Leichter" <leichter@venus.ycc.yale.edu>
Subject: Drugs, DES, and the criminal world (A New Connection?)
To: "forum" <forum@yale-bulldog.arpa>
Cc: risks@csl.sri.com, security@rutgers.edu
>From "Logged On", by Vin McLellan - Digital Review, August 24, 1987, page 87
Anthony Prince Fairchild is doubtless a colorful rogue. Five years ago, when
People magazine reported on a dispute between the Aspen sheriff and the Drug
Enforcement Administration (DEA) about lax law enforcement in the Colorado
resort town, Fairchild stepped forth - not to deny the DEA's allegations that
he was running an Aspen "drug factory," but, rather, to defend eccentricity.
"It's not against the law to be bizarre," he told People, which featured a
photograph of him leaning back against a nude female mannequin he called
Christina.
Some may have found Fairchild's face familiar. An engineer by education and
trade, Fairchild had also been a model: His Salem-smoking visage has
adorned millions of magazines and billboards. He's now 50 years old, but
police still call him a "pretty boy." Last month at a pre-trial hearing in
San Jose, Calif., Fairchild curled up on a courthouse bench reading
Firestarter, while the curious strolled by to check him out. After all,
Fairchild had just had his bail changed from $2.5 million to "no bail" out
of fear that he would post the money and disappear. "He looks just like
Timothy Leary," said an onlooker, referring to the LSD guru the '60s.
If Fairchild isn't a legend like Leary, it may be because federal
authorities have never publicized the extent of their interest in him, even
though they've sought him several times over the years. But after being
arrested last November with eight kilos of cocaine, $12,000 in counterfeit
money and 85 pounds of high explosives, Fairchild became a topic of rumor in
Silicon Valley, in the California drug culture and, oddly enough, among the
nation's top security consultants as well.
"The guy's got a brain," remarked one California investigator. "You maybe
couldn't guess it to see the mess he's in, but he's done a lot of things -
legit things - and some say he's just slightly short of being absolutely
brilliant." Fairchild's resume indicates success in a half-dozen careers,
most recently as an EDP consultant in Silicon Valley. It claims he holds 11
U.S. patents, and states that he was one of the authors of Digital
Research's Concurrent PC-DOS. The police say this work record is accurate.
Predictably, Silicon Valley police have been among the first to confront the
probleme of criminal enterprises that digitally encrypt incriminating records.
"There's one case like that every six weeks around here," noted a local police
reporter. "It's become quite common." The method of choice is, of course,
the Digital Encryption Standard (DES), the cipher approved by the U.S.
government for commercial data security.
Fairchild used a Winterhalter DES board in a DOS micro to keep what police
believe to be an extensive diary of the affairs of a "large international drug
ring." Local, state and federal narcotics agents are all very eager to gain
access to Fairchild's records. Indeed, Santa Clara, Calif., police reportedly
used covert FBI funds to have a privately owned supercomputer grind away at
cracking the DES-encrypted data.
The attempt was not a big secret. Several EDP security consultants were
asked to suggest crypto attacks. What made the DES attack feasible, if
still unlikely to succeed, was that the Winterhalter device uses a program
to transform a 6-to-16-character password into the 64-bit DES key.
The cops got lucky: With a pass through a full English dictionary, and by
culling significant names and such from Fairchild's personal history, they
were apparently able to guess three of four passwords that were used to
encrypt files stored on his micro.
The passwords were all eight or fewer characters in length, and all in
lowercase letters. The diary file continued to elude their efforts, but
the police reasoned that if the DES password for the diary was less than
eight characters, a "brute force" approach to finding it was possible. A
cryptoanalyst who is a leading consultant for California banks was hired to
make the attempt.
The supercomputer may have actually been chewing away when the Justice
Department stepped in late last month to confiscate copies of the encrypted
diary, presumably as evidence in a federal drug case against Fairchild. This
pre-empted local authorities from possibly making the big score.
--
{dasys1,ncoast,well,sun,ihnp4}!hoptoad!gnu gnu@postgres.berkeley.edu