back to article GCHQ was called in to crack password in Watkins child abuse case

It was operatives at British intelligence agency GCHQ who cracked the password on the laptop of "determined paedophile" Ian Watkins, a court heard on Tuesday. The evidence heard in court related to child abuse images held in cloud storage, whose password the GCHQ unit had to "crack" to gain access to them. Ian Watkins, 36, …

COMMENTS

This topic is closed for new posts.
  1. Mondo the Magnificent
    Pint

    Fai play...

    If government resources like GCHQ have the resources needed to help crack passwords and secure the imprisonment a demented paedophile, then it's resources well used

    Kudos to the collaboration between the police, CPS and GCHQ for helping get this guy behind bars and keeping children from [future] harm.

    1. Yet Another Anonymous coward Silver badge

      Re: Fai play...

      Because a government resource like GCHQ also has the resources to place the files there and request that the hosting company generate logs that show they were there for years.

      I look forward to the discovery of lots of Alex Salmon's online files if the vote looks tight.

      1. Phil O'Sophical Silver badge
        FAIL

        Re: Fai play...

        lots of Alex Salmon's online files

        In an article about mistaken identity, that is such a telling comment.

      2. N2

        Re: Fair play...

        Agreed, then they should chop his knob & bollox off.

        The sooner they start dishing out much harsher sentences for this sort of crime the better.

        1. Dave 126 Silver badge

          Re: Fair play...

          Yeah, because that's an attitude that will really make people who feel such urges seek professional help before they act on them.

          Look: None of us want any children to come to harm, so maybe we'll look calmly at the best ways of preventing it. Should that mean repressing our desire for revenge, then so be it.

    2. Anonymous Coward
      Anonymous Coward

      Re: Fai play...

      Yes, as long as a single paedophile is put away, I too see nothing wrong in living in an electronic Panopticon ._.

    3. Anonymous Coward
      Anonymous Coward

      Re: Fai play...

      >> The revelations about the spook agencies' work against crime – especially GCHQ's role in helping children under threat – comes at a time when the respective agencies sorely need a bit of good PR in the wake of disclosures about mass surveillance <<

      Ah, yes. It so feels me with confidence and joy to hear them congratulating themselves about their latest mission creep.

  2. Suricou Raven

    'cracked the password'

    So, that means either:

    - The files were encrypted, and GCHQ had to either brute force the password or apply some secret super-math or backdoor technique. Brute forcing is quite possible, if it was a weakish password.

    or

    - The files were just stored somewhere overseas, and it was easier to call in GCHQ than to go through the paperwork of an international warrant.

    or

    - The files were stored somewhere, a simple warrant would probably have sufficed, but someone on the political side wanted to give GCHQ a chance to share in the glory and help improve their reputation by helping convict not just a real criminal, but a pedophile - the most loathed and hated of all criminals.

    1. Lamont Cranston

      Re: 'cracked the password'

      Accounts from other sources suggest that it was a rather weak (not to mention distasteful) password, although I've seen it reported as the password to his laptop, rather than cloud locker.

      If the crack wasn't performed by a pair of scruffy oiks, in a darkened room, accompanied by blaring techno choons, I'll be sorely disappointed.

      1. Bob Hoskins

        Re: 'cracked the password'

        As it was NTAC I'm fairly certain it was accompanied by plenty of child porn.

      2. Dan 55 Silver badge

        Re: 'cracked the password'

        If it was the password to his laptop then it was in all probability his Windows password which is relatively easy to get hold of. The automated software they use to scan hard drives probably displays it at the click of a button.

        1. Anonymous Coward
          Anonymous Coward

          Re: 'cracked the password'

          If it was the Windows password then the Police would have done it themselves.

          1. Anonymous Coward
            Anonymous Coward

            Re: 'cracked the password'

            Given that he has pleaded guilty to physical acts of abuse the IT part is largely irrelevant to the outcome.

            Possession, or not, of abuse images pales into insignificance having attempted to rape a baby. So, even if the cloud account or laptop hadn't been cracked he was going away for a long time.

            So, the cooperation with the US and GCHQ appear to be an attempt at window dressing.

    2. S4qFBxkFFg

      Re: 'cracked the password'

      "someone on the political side wanted to give GCHQ a chance to share in the glory and help improve their reputation"

      It would be interesting to know when GCHQ were asked for their assistance, in relation to the Snowden stories coming out.

    3. wolfetone Silver badge

      Re: 'cracked the password'

      The files were stored somewhere, a simple warrant would probably have sufficed, but someone on the political side wanted to give GCHQ a chance to share in the glory and help improve their reputation by helping convict not just a real criminal, but a pedophile - the most loathed and hated of all criminals.

      I fear it's this scenario, and GCHQ were mentioned to repair the damage done to them by Snowden. With the public (nearly) fully aware of what GCHQ have done without our consent or knowledge, if it's painted that good comes from their actions, the public at large will be happy for it to continue.

      Remember back to when Lee Rigby died, Nick Clegg came out and said if the Government had passed the "snooping" laws, his death would have been prevented. We all know it wouldn't have made a difference, and I think the mention of GCHQ in this matter has been done in the same vien.

      For me, I don't care who caught him or whatever. The main thing is that this "person" (hard to find the appropriate right word for the c**t) will be behind bars and made to pay for his actions, along with the "mothers".

  3. Piro Silver badge

    Does anyone else think that 'paedophile' is not strong enough to describe this guy?

    After all, it's not illegal to be a paedophile, until we step into the realm of thought crime, but it certainly is illegal to be a child molester.

    This guy is a sick and twisted individual of the highest order. Drugs to babies? Baby rape? Goodness.

    It's this kind of thing that will help GCHQ gain favour, but I think this actually shows how inept they are: you might do well to notice the fact that people for the last few years, including ex-girlfriends, have notified the police of the fact he was a paedophile before, and said that he watched child porn all the time.

    That sounds like damning evidence easily available, but it seems PC Plod is terrible at seeing what's in front of him.

    See: Jimmy Savile.

    1. Anonymous Coward
      Anonymous Coward

      Re: Does anyone else think that 'paedophile' is not strong enough to describe this guy?

      He was alright.

    2. Anonymous Coward
      Anonymous Coward

      Re: Does anyone else think that 'paedophile' is not strong enough to describe this guy?

      I needed to weigh in and say you're right about it not being a crime. (Otherwise it would be a crime to be a misanthrope or a sociopath.)

      The British REALLY need to learn the proper words and apply them correctly.

      He was a child molester; there's a big difference between the two.

      It would be like saying a unicycle and an oil ocean supertanker are the same thing.

      1. Anonymous Coward
        Anonymous Coward

        Re: Does anyone else think that 'paedophile' is not strong enough to describe this guy?

        I suspect I'll be badly downvoted for asking this question, but here goes:

        What confidential support agencies can a "paedophile" turn to before it turns to child molestation? Can you go to your GP and get realistic help for this condition before it turns into criminal activity? Villifying these people in the press, locking them up in prison, publishing their details on a register, restricting where they can live are all reactionary measures after a crime has been comitted and lives of both the victim and the criminal blighted.

        I speak as someone that was once abused as a 7-year old, and wish that there was someone sympathetic there to help the man in the first place, rather than punish him afterwards.

        1. S4qFBxkFFg

          Re: Does anyone else think that 'paedophile' is not strong enough to describe this guy?

          I think the idea that it's possible to change/"cure" someone's sexuality isn't credible, except in the nuttier congregations in places like USA/Uganda.

          You're probably looking at trying to help people channel their sexuality into exclusively legal activities, which I expect is bloody difficult when you're dealing with an attraction to children under the age of consent.

          Imagine if a law was passed tomorrow criminalising any sort of sexual activity with adults, and possession of drawn/photographed/videoed pornography featuring adults. Also imagine that breaking those laws was regarded as worthy of a lynching by the majority of the population. I do not know what I would do in that situation, but it would probably depend on whether it was easier for me to drive to a very high bridge/cliff or get a shotgun license.

          For most people, trying to help paedophiles live non-offending lives, surely falls in the "too difficult to even attempt" category.

          Also, no politician is going to touch it with someone else's sterilised 10-foot pole.

        2. Anonymous Coward
          Anonymous Coward

          Re: Does anyone else think that 'paedophile' is not strong enough to describe this guy?

          I don't know about the UK, but in the US doctors/psychiatrists are required to report patient conversations which suggest the patient might be interested in children. They are also required to lie to the patient about doing this. It's a "think of the children" exemption to the normal ethics rules.

          It means only a real idiot would seek help.

          1. Anonymous Coward
            Anonymous Coward

            Re: Does anyone else think that 'paedophile' is not strong enough to describe this guy?

            AC 1550 here again:

            S4qFBxkFFg:

            I agree with your point that homosexuality can't currently be cured; I and many other people indeed believe that it's not an illness that has to be cured. This is largely because it's practised between consenting adults (excepting rape which is wrong irrespective of gender). Child molestation is not practised between consenting adults as (in most cultures) a child cannot give consent, so the relevance of your analogy ends there. I deliberately took great care in my first post to not describe it as cure or change, but help and support.

            AC 1618:

            If the US has already broken the golden covenant of patient confidentiality, then I fear that paedophilia is now indeed a thought crime there.

            These people should be supported and helped by society, like any other mental illness patient should be. Unfortunately, mentally unwell people are already poorly cared for in the UK, and I doubt that at present, paedophiles would even ever get that level of help and support. Rather than "too difficult to attempt", I think it will simply take time for society to accept view it as an illness, and treat it as such in a confidential and timely manner.

            1. Anonymous Coward
              Anonymous Coward

              @AC 1550 here again

              The previous analogy is good. The only reason you don't find it so is because in our society it isn't acceptable. In other societies it is, for example, acceptable to take a child as a bride without her consent and do as you wish with her. In other times it was also acceptable to take a young boy as a lover, I believe it still is in some places. These examples are in reference to males but let's not forget that women can be paedophiles too.

              Sexuality is built in, it cannot be cured and I did note your use of the word help. The best help is isolation from the target of desire. In prison paedophiles are ideal prisoners, generally they do not beat up, steal from or rape other prisoners. Their particular vice is denied them so they behave. It's also in their interest to behave well in order to get early release and have access to children again. Once out on the street THEY WILL reoffend. Paedophiles know this more than anyone and those who are in prison and really want help ask not to be released.

              So it seems the only 100% effective method to help them is to remove them from society. Some, as mentioned will welcome this, most will not so they will not seek help.

          2. Irony Deficient

            legally mandated exceptions to patient confidentiality

            Anonymous Coward of 16:18 GMT, I am aware of such exceptions in instances such as actual abuse of children or dependent adults, or (for physicians only) of injuries due to gunshots, ice picks, &c., but I was not aware of such an exception because a patient “might be interested in children”, nor that there would be a requirement for the medical person to lie about having to report such information. Do you know the name of the law that requires these actions?

        3. Anonymous Coward
          Anonymous Coward

          Re: Does anyone else think that 'paedophile' is not strong enough to describe this guy?

          The Lucy Faithfull foundation offer a number of services in this regard.

        4. Anonymous Coward
          Anonymous Coward

          Re: Does anyone else think that 'paedophile' is not strong enough to describe this guy?

          > What confidential support agencies can a "paedophile" turn to before it turns to child molestation?

          I don't know in England and Wales, but in countries where medical confidentiality is dictated by law (e.g., France, Germany, various bits of Central Europe), any medical practitioner is duty-bound to help. As with other examples of asocial behavioural tendencies, they should be eventually directed to a psychologist or psychiatrist depending on the country.

        5. Anonymous Coward
          Anonymous Coward

          Re AC @ 15:50

          In my opinion, the British came to a big fork in the road where reality took a left but they hung a sharp right.

          They try so hard not to deal with the problem and shun any viable solution.

          Take drawings. They're illegal here, which is something I'm vehemently against. (No, I do not condone the banning, criminalization or censorship of victimless speech, thought or expression.)

          Esp. since it criminalizes Japanese anime/doujinshi/hentai/manga/visual novels/etc. (Yay for an awesome culture!)

          Take lolicons (those who harbor an attraction to young anime characters), lolicons are not pedophiles, in the same way that pedophiles are not child molesters. (Only if they carry out the latter do they become that. Please, people, try learn the difference between this already...)

          Real child abuse is _abhorrant_ and illegal for a very good reason. (It has an actual victim.)

          But drawings?

          "Well these drawings are illegal for a reason!"

          Yeah, people like yourself said the same thing about homosexuality sixty plus years ago.

          "It corrupts! They'll encourage you to go out and do X!"

          You mean like how everybody who plays video games where you can kill people winds up a serial killer?

          I mean, murder's a crime, how is say... killing people in Battlefield or whatever is any less abhorrant than actual murder? Shouldn't you be banning those?

          Money corrupts as well, shouldn't you ban that? And what about libraries? (Libraries contain books, and books give you knowledge, and knowledge is power, and power corrupts, and corruption is a crime...)

          (I actually remember a comment on slashdot a few years back from a girl who had been sexually abused as a child, she said that those who can't tell the difference between a drawing and an actual child are no different from the ones who abuse real children.)

          And then there's Paul Beresford MP who wants to make textual depictions of child abuse illegal (so that's Romeo & Juliet and Lolita gone...), which I think is currently being discussed or put through?

          Time for a random example:

          --------------------------

          Say somebody invented the holodeck from TNG (granted that won't ever happen for the forseeable future), and people use to have sex with holographic children; you'd have the inevitable cries of "THINK OF THE CHILDREN!" from Cameron and the Daily Mail reading ilk, demanding some kind of system put in place to prevent that.

          So, what? You'd prefer child molesters go out and abuse actual children? Instead of acting out their fantasies/lust/whatever in a situation where nobody is getting hurt?

          I'd prefer that child molesters do that rather than go an harm an actual child.

          But no, let's keep on being counterproductive and pretend we actually have the children's safety in mind when we clearly don't.

          I don't ever want children, and even if I did, I would never want to raise them in this country.

          "Hey, have a good day at school! But don't say this, or think that, or draw this, or do that..."

          1. Graham Marsden

            @AC 23:44 - Re: Re AC @ 15:50

            > In my opinion, the British came to a big fork in the road where reality took a left but they hung a sharp right.

            And David Cameron is now going even *further* to the Right because he wants to criminalise "Rape" Porn so that *anything* which appears to be non-consensual (even if it's simulated and acted) could get you up to three years in jail!

            Bravo, Call Me David, another Thought Crime for the statute books!

          2. Lamont Cranston

            @AC 23:44

            I'm not big on banning books/drawings/holodecks, either, but could the arguement not be made that sexually graphic depicitions of minors in such media risks normallising the treatment of children as sexual objects?

            Works like Lolita and Romeo & Juliet are not intended to arouse, but a holodeck simulation, wherein you could screw underagers, would appear to have no other context, and thus encourages users to regard such behaviour as acceptable.

            1. Anonymous Coward
              Anonymous Coward

              Re: @AC 23:44

              By that logic, porn normalizes the treatment of women as sex objects.

              And what about things like Cherub statues? Or pantings of children from the 1700s? Or Mapplethorpe images?

              As for the holodeck, that's just a means of recreation, like if you decided you wanted to go fishing on a lake without the hassle of a journey. (Or something.)

              But you would have a certain, small minority of people using it for abuse of holographic children, though.

              1. Lamont Cranston

                Re: @AC 23:44

                Porn does normalise the treatment of women as sex objects (hey, this'll be a popular point of view). The erotic context of cherub statues seems to have passed me by, however.

                @Graham I think that GTA puts its content in context (and it's BBFC certificate indicates that it's intended for an audience who can appreciate that) - I certainly wouldn't argue that child/sexual abuse is something that should never be tackled by the arts, but I'd view with suspicion anyone who enjoyed themselves in a rape simulator.

            2. Graham Marsden
              Thumb Down

              @Lamont Cranston - Re: @AC 23:44

              "could the arguement not be made that sexually graphic depicitions of minors in such media risks normallising the treatment of children as sexual objects?"

              Sure, you can make that argument. Just like you can argue that GTA normalises beating people up and stealing their cars for fun...

      2. Suricou Raven

        Re: Does anyone else think that 'paedophile' is not strong enough to describe this guy?

        Using the term in this way does a disservice to those people who feel a sexual attraction to children but do not act on it - but then, the majority has spoken. To deliberately avert a change in definition of any word is a very difficult task. Just look at the futile efforts to save the word 'hacker.'

    3. Anonymous Coward
      Thumb Down

      Re: Does anyone else think that 'paedophile' is not strong enough to describe this guy?

      >this actually shows how inept they are

      How does the police not taking action when informed of a crime show ineptness at GCHQ?

      1. Piro Silver badge
        Pint

        Re: Does anyone else think that 'paedophile' is not strong enough to describe this guy?

        @Chris W

        Because apparently they've been reading internet logs and emails for years, and he was supposedly very active online in certain seedy areas.

        It was more an amusing piece of cynicism, jokingly expecting GCHQ to have known already. Presumably they were too busy using their powers to track piracy.

  4. Anonymous Coward
    Anonymous Coward

    Rainbow tables

    A decent PC can use rainbow tables and crack any password in short order. However, back doors make things much easier.

    I remember the first ZIP password breaker I ever used. It had a built in five second delay to make it look like it was doing a lot more than it really was.

    1. Anonymous Coward
      Anonymous Coward

      Re: Rainbow tables

      "A decent PC can use rainbow tables and crack any password in short order."

      Really, so all cryptography is useless, you could have told us earlier!!!!

    2. Lee D Silver badge

      Re: Rainbow tables

      Early ZIP passwords were just that - passwords. They didn't do any sort of proper encryption. You could break them because they were very poor security. If you can find one that old that only uses PKZIP/WinZIP passwords, you can demonstrate this to yourself. Beware: We're talking OLD.

      The file format has moved on since those days and now does AES and all sorts. They still call it a ZIP file even though it's different. Try finding a "ZIP breaker" now - they all just rely on brute-force searches because there is no other option, and they take YEARS to crack anything that resembles a real password. Use a modern version of WinZIP and then try these things (Elcomsoft etc.?) and see how far you get even with a password you know.

      And rainbow tables only help in hashes, not encryption. You have to have a stored, hashed, accessible copy of his password somewhere. Hint: Windows gives up passwords all too easily if you know how, and you can bypass any password but BitLocker in literally minutes (and that's just the boot-from-disc time, nothing to do with speed of cracking).

      A top of the line supercomputer still cannot beat AES in a reasonable time. Nobody has ever demonstrated it to be able to. Your home PC ain't going to do anything against proper encryption (e.g. TrueCrypt, Bitlocker etc.) without having access to a key, even if you let it run for centuries.

      As such, the chances are that the lack of the word "encryption" in this article means just that - they broke his Windows / Linux password on his computer, a feat possible by anyone with physical access within minutes. They did not break encryption at all. If the guy used TrueCrypt (which has come up in several terrorism related court cases and no-one has yet ever claimed to have been able to decrypt it without co-operation of the keyholder), this article wouldn't exist.

      Whenever you hear the word "crack" or "hack", you have to think about what's being proposed and what holes there are. I can bypass the password on any Windows networking machine you like within minutes, so long as the machines are not encrypted. Hell there are tools to do that. Finding out what the password actually WAS is harder but not impossible. But cracking encryption by brute-force - that's something that you're not going to do on your home PC.

      That's *WHY* the law mandates that personal and sensitive data is stored encrypted. Because I can then literally hand you my server hard drive and, without the password, you can do NOTHING with that data. See the Wikileaks "insurance" file, etc.

      When you confuse hashes and encryption, passwords and encryption keys, and all of these (including brute force password searches) with "cracking", it means that you just don't understand cryptography.

      1. Anonymous Coward
        Anonymous Coward

        Re: Rainbow tables

        Er, sorry to burst your bubble but elcom soft and others have tools to easily break bitlocker and truecrypt.

        If your laptop is seized whilst powered on then you are screwed!!!! And i wouldn't trust M$ to NOT have back door access into bitlocker. Despite their assurances.

        Truecrypt is closed source and cant be independantly audited to ensure it is as secure as they porport it to be.

        1. Yet Another Anonymous coward Silver badge

          Re: Rainbow tables

          Unless elcom have made some amazing breakthroughs in maths that the NSA/CIA/KGB/MMB are unaware of - they cannot 'break' the encryption they can only brute force it by guessing your password.

          Bitlocker almost certainly has a backdoor, and given Microsoft's history of security it is probably "NSA123".

          Currently Truecrypt is probably your safest bet for keeping things secret. Don't worry they will just convict you of something else instead or accidentally shoot you on the tube if they can't break it.

          Truecrypt is open source and can be built entirely from source. The binary download most people use is signed so that it can be loaded as a device driver on MSFT. The source does contain a binary blob which contains the initiialisation vectors of some of the crypto routines but you are free to replace them with your own.

          There is a project underway to validate Truecrypt's source. Even if there are no deliberate backdoors it is still possible that mistakes have been made in the implementation.

          1. Anonymous Coward
            Anonymous Coward

            Re: Rainbow tables

            You are so wrong. Go on, fire up trucrypt. Run the elcom soft decryption tool. It doesn't need to brute force anything. Whilst the laptop is on then the decryption key IS HELD IN RAM. If in suspend, the key is STILL there only now its in the hibernation file.

            And this is what the tools attack.

            Do some fucking reading before spouting shit.

            1. Lee D Silver badge

              Re: Rainbow tables

              So when you have physical access to a computer running encryption software which has been "unlocked" for you, and then placed into hibernate (particularly, not standby), and your hibernate file is stored on an unencrypted partition, and the Truecrypt option EXPRESSLY DESIGNED to stop you doing this has been unchecked, you can access the key. (I'm ignoring the "in memory" bit because that means you have access to memory buses on a similarly unlocked-then-suspended machine, and/or administrative privileges on the unlocked machine in order to run a program).

              Er.... yes. I have no denial of that. But that's NOT what's going to happen on any system I've ever built.

              Please note that the Elcomsoft website, again, give three possibilities of situations it can help in.

              1) Your hibernate scenario. Let me know how that works out when I don't allow my computer to hibernate. Notice that Truecrypt also has an option to dismount encrypted volumes on hibernate (it's in their FAQ for goodness sake!). Elcomsoft acknowledge on their own site that this basically stops such an attack. I also have that option enabled. And I have my hibernate file (that is unused anyway) stored on an encrypted partition. Again... good luck!

              2) Memory dump files. Let me know how you intend to get one of those from me (note: You'd have to run a program with privileges on my machine, which would require my TrueCrypt password).

              3) A FireWire attack. Let me know how that works out on my non-FireWire PC (precisely because the protocol allows all FireWire devices to have arbitrary DMA access to the entire memory space of the computer without protection). And, again, the machine needs to be left in suspend or you to have physical access WHILE it's operational for it to work.

              The problem with Elcomsoft is that they don't lie... as such. They just make you think they are a lot better than they are. Read their site carefully and, AGAIN, just try these tools they point you too.

              The first time someone showed me NTPASSWD, I didn't believe them. So I tried it. And it worked. I've done the same with Elcomsoft utilities over the years, precisely TO test whether what they claim is true. And although they don't "lie", as such, they omit a lot of truths or hide them behind footnotes. I'm sure they help a lot of people out of holes, but those people aren't doing things securely in the first place. A password on an Office document is not secure. A traditional ZIP file (that someone can open without third-party tools) is also not secure. These things they can help with.

              But anything that involves AES is either going to need side-channel attacks (e.g. malicious FireWire devices on a system with physical access that's still running and has encrypted partitions currently mounted), or brute-force cracking that'll take longer than you'll be alive.

              Don't go Googling for this stuff. TRY IT. Actually try and do it. Because, if nothing else, then you'll know how to properly secure your own machines against just such things as you contend. And you won't sound so much of an idiot when your entire premise is based on the absence of a well documented and recommended option in the TrueCrypt FAQ.

        2. Anonymous Coward
          Anonymous Coward

          Re: Rainbow tables

          "Truecrypt is closed source and cant be independantly audited to ensure it is as secure as they porport it to be."

          https://github.com/syglug/truecrypt

        3. Anonymous Coward
          Anonymous Coward

          Re: Rainbow tables

          Rubbish, Truecrypt is open source and is currently being audited. http://www.theregister.co.uk/2013/11/18/truecrypt_audit_founder_qanda/

          1. Lee D Silver badge

            Re: Rainbow tables

            Please, try the Elcomsoft tools you praise.

            Because if it's more than WInZIP 8.0 version ZIP, it's basically AES brute-force. The page says so, read it carefully. On "old" ZIP's, yes, they work, because ZIP passwords were a load of junk, like WEP keys. Nothing to do with "encryption" at all, same for Microsoft Word/Excel passwords, NTLM hashes, etc. (Oh, look, guess what Elcomsoft do tools for...).

            Do it. Prove me wrong. Make an AES-encrypted ZIP file with a 20-letter password and then fire the Elcomsoft tools at it WITHOUT ANY PASSWORD HINTS. Come back in a few thousand years.

            And brute-force is easy. It's trivial. I can write the code for you now. You just try every password possible.

            The problem is that there are potentially billions of possible passwords and only one works. The code is a loop, probably only a few dozen lines of code at best. The problem is that it takes MILLENIA to actually execute against a real password.

            The latest Windows Truecrypt binary has, I believe, be verified against the source. The only differences are compile times and compile-time paths (i.e. the name of the folder that the programmer put his source code in). The actual published source conforms to the actual published, signed binary. And the actual published source is there for anyone to poke at. The same can't be said for BitKeeper or a variety of other security products. That doesn't mean it is secure, or isn't secure. It just means they are a hell of a lot more open about what the product does than anyone else and that's the kind of people you should be trusting your data to.

            Please, if you're going to comment on something, actually TRY IT first.

          2. Anonymous Coward
            Anonymous Coward

            Re: Rainbow tables

            So up until ohh, last week, it HASNT been audited and is therefore (until confirmed otherwise) as unsafe as any other system.

            Which is what i said.

  5. Anonymous Coward
    Anonymous Coward

    The cult of celebrity. Seems some people will do anything to have some sort of friendship or relationship with a sicko celeb.

  6. Fihart

    Now they've done that.....

    ...can they now turn their attention to the Cryptolocker scam. Clearly the public will take a less dim view of GCHQ following this paedo case -- they can gain similar kudos by saving small businesses from ruin or being extorted.

  7. Anonymous Coward 101

    After the recent sex and drugs scandal involving Paul Flowers, this story helps us to get things in perspective.

  8. Anonymous Coward
    Anonymous Coward

    "discovered that Watkins had "If***kids" set as his password"

    I call bullshit on that, nobody is that stupid, I mean nobody.

    Just a PR stunt to retain whatever credibility GCHQ has left.

    1. hazzamon

      You could make the password as incriminating as you like and it won't put you in jail any longer - you still need to crack it to get to the real evidence. The only dumb mistake he made (apart from molesting kids) was choosing a password vunerable to a simple dictionary attack.

      Also, Gary Glitter was dumb enough to take his laptop in for repair at PC World...

    2. Crisp

      Re: nobody is that stupid

      You'd be surprised how cocky some criminals will get.

  9. Chris G

    Sentencing

    I wonder just what kind of sentence this pondslime is going to get?

    I just hope it involves dying I prison (don, t care how).

    Certanly I hope it is not a relatively short sentence followed by some time with an ankle cuff and weekly reporting to the local nick.

    1. NumptyScrub

      Re: Sentencing

      While I understand the sentiment, volunteer to have your name put on the Sexual Offenders Register and see how cosy life remains even without a token sentence and ankle-cuff period. Once someone in your neighbourhood gets wind that you might be a paedo (or rapist) and word spreads, you'll probably find you have to put a glazier on speed dial, and keep more than one fire extinguisher in the house at all times. Don't even think about getting a swift half in the local either, you'll more likely end up with a swift kicking instead.

      There are people around in this country who rightly or (more likely) wrongly feel far more strongly about sex offenders than even you do, and are also perfectly happy to risk incarceration themselves to "get some justice done". Given the charges he has plead guilty to, this Watkins guy is fucked even if they just give him a suspended sentence and a £20 fine, in my opinion.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sentencing

        >perfectly happy to risk incarceration themselves to "get some justice done".

        Yes, it's nice that the UK has finally hit the Snowtown Murders level, esp. with the death of that guy a while back.

        /sarcasm

        Vigilantiism really needs to be a life sentence.

    2. Anonymous Coward
      Anonymous Coward

      Re: Sentencing

      > I wonder just what kind of sentence this pondslime is going to get?

      This is the sort of braindead comment that people have been posting on Twatter and other places. How exactly is it going to help anyone?

  10. Salts

    Sick Bastard, locked up

    Good!

    GCHQ - Political haymaking, it worries me that the police do not have the ability to get a PFY with Orphcrack, rainbow tables and other tools to be able to do this themselves, calling in GCHQ for political reasons just adds delay to getting this scum of the streets.

    But few will question it, after all a real bit of scum has been taken out.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sick Bastard, locked up

      A huge assumption that PFY or Orphtcrack would have doen the job, the Police have access to these just like you do!

      1. Anonymous Coward
        Anonymous Coward

        Re: Sick Bastard, locked up

        More to the point, how come the accused hasn't been charged with refusing to reveal his password?

        1. Anonymous Coward
          Anonymous Coward

          Re: Sick Bastard, locked up

          Because, from the sounds of it, this was an authentication key (which are protected by law) and not an encryption key.

  11. Turtle

    Why are the names of the two female accomplices being kept secret?

    Anyone know? I don't understand this at all as they *did* plead guilty.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why are the names of the two female accomplices being kept secret?

      Because having them named may identify victims or compromise an ongoing investigation?

      They could also be minors although that sounds rather unlikely.

    2. A Non e-mouse Silver badge

      Re: Why are the names of the two female accomplices being kept secret?

      May be they are related to some of the abuse victims?

    3. Brenda McViking

      Re: Why are the names of the two female accomplices being kept secret?

      Because once they were known it would provide an easy link to the young victims, who are entitled to lifelong anonymity under UK law.

  12. bear_all
    Thumb Up

    Right first time to catch a monster.

    I'd like to think this was all the departments working together to make sure that anything found was water tight and didn't give a single loop hole (what that could possibly be) to let a monster walk.

    Nothing would have been worse than getting the evidence and then finding out that it was some how tainted.

    Draft in GCHQ evey time for me.

  13. John Smith 19 Gold badge
    Meh

    Finally the actually manages to arrest *before* they died of old age.

    Yes his crimes are monstrous,

    As were those of Jimmy Saville

    As were those of Cyril Smith.

    But then he did not have the protection of a large network of people to cover for and protect him.

    If you actually believed the UK are the "Paedo Isles" you'd expect a case like this every day.

    And yet that does not happen.

    Perhaps there just aren't that many child molesters out there?

    1. Anonymous Coward
      Anonymous Coward

      Re: Finally the actually manages to arrest *before* they died of old age.

      I don't know, the Daily Mail tells me that they're lurking under my bed and in my closet...

  14. David 45

    Blimey, or words to that effect.

    GCHQ doing something useful for society? Well......THERE'S a turn-up for the books!

    1. Anonymous Coward
      Anonymous Coward

      Re: Blimey, or words to that effect.

      Allegedly.

  15. Anonymous Coward
    Anonymous Coward

    What??

    Two things baffle me about this:

    How on earth can someone attempt (and fail) to rape a baby... twice? What does that even mean? Normally I would assume all he did is make a "date" to molest a baby that didn't even exist or something, but in this case it sounds like there was more to it.

    There are some things that just don't belong in cloud storage and then there are things that really, really don't belong in cloud storage. Extremely incriminating video falls squarely in the latter category. How could anyone be that stupid?

  16. Anonymous Coward
    Anonymous Coward

    The STASI's big mistake

    was not to use the 'think of the children' defense.

  17. smiths121

    Assumptions all rounf

    Cloud storage.....password - I am feeling quite negative - I assume this means they asked the Online Storage Provider (OSP) for the password. The alternative is even worst.

    Apologies to those who feel strongly about thesubject of the data, I admire a clever hack as much as the next techie - particularly for good causes, the article is lacking in detail.

    Call me niave ( hello my name is niave) if this was enrytped before saving to the cloud, surely the key would be on the computer to retrieve the data stored (a nuaghty boy that stores images without wanting to look or a naughty boy that can remember a 255 characters string), or legally has to be given up. More info is needed.. Is this a clever hack worthy of "hats off" regardless of motivation or who? Did someone handed over keys under UK law? Or the now increasing familiar "the bastards" can hack encryptoin algorthitm Y?

    Non-emoitenal curious minds wish to know.

    Simon

    More details please for the benefit of all readers, whether they live under a percieved facism regime or not

    1. diodesign (Written by Reg staff) Silver badge

      Re: Assumptions all rounf

      Given the vile encryption password he used, anyone with a twisted enough mind could have guessed it (or a rainbow table hit it).

      C.

      1. Adam 1

        Re: Assumptions all rounf

        Or a keylogger installed on his PC while he was out.

  18. Mike Bailey

    Just checked the password and according to the website howsecureismypassword the password could have been cracked in just 22 mins so im guessing no super computer was needed here.

    1. Bernard M. Orwell
      Stop

      Careful! I'm not sure you want to be typing that into a browser under any circumstances!

  19. Anonymous Coward
    Anonymous Coward

    "For he's a jolly good felon"

    Oh dear, not the end of the world, but I bet he can see it from where he is ;-)

This topic is closed for new posts.

Other stories you might like