Intelligence: Reach Back to Clone Captured Hard Drives

Archives

January 31, 2006: Captured PCs, cell phones and PDAs have provided military intelligence officers with some unique challenges. These new technologies bring new sources of information, often in huge quantities. Early on, captured hard drives provided too much information. Getting something useful was like finding a needle in a haystack. In some cases there are problems with passwords and encryption. With all this, there is the central problem of getting useful stuff quickly. Often, the previous owner of the captured laptop got away, and is hustling to make as much of the data on the hard drive worthless, as quickly as possible. The previous owner will want to alert people named on the hard drive, and get plans changed. There is a need for speed in getting the data off the computer and into the hands of people who can act.

In response, intel organizations have developed new tools. Some are variations on stuff already developed for police use. For example, hardware and software to quickly copy ("clone") a hard drive, or to break passwords. The United States government, however, has more resources when it comes to code breaking (passwords and encryption). Another special resource the military has is huge resources (for translation and analysis). Letting the troops out in the combat zone use this is called "reach back" (to people in the U.S., via satellite link), and some powerful tools have been developed to exploit this for cleaning out hard drives. These tools, for obvious reasons, are kept secret.

The goals of these analysis systems are obvious. You want to take a captured laptop and find anything useful on the hard drive as quickly as possible. Fortunately, most Islamic terrorists don't bother much with passwords or encryption (the drug gangs, and gangsters in general, are more into this). So the first military intel people to get their hands on the laptop can boot it up and look for documents containing useful stuff. But shortly thereafter, the hard drive gets vacuumed out and analyzed. Useful hits go right back to the guys who captured the laptop, which can enable them to grab new suspects before the word gets out that the laptop contents are in play.

Intel operations have caused a large number of new tools to be developed, and this continues. The enemy has not responded as energetically as one would expect. Pro-terrorist web sites have discussions of the high-tech tools the Americans use against them. When the terrorists are found using technology to protect their secrets, it usually turns out they got the idea from gangsters they often rely on for support (that usually costs them a lot of money).

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close