PS3s Catch Perverts
Activate the Nonce Detector!Published 16/11/2009 at 10:00 by Tuffcub
What a remarkable chunk of hardware the PS3 is, it does games, Blu-ray, internet, video chat, helps cure cancer and now is using its little grey cell processers to catch perverts. Claude E. Davenport, a senior special agent at the U.S. Immigration and Customs Enforcement Cyber Crimes Centre says,
“Bad guys are encrypting their stuff now, so we need a methodology of hacking on that to try to break password. The Playstation 3 – it’s processing component – is perfect for large-scale library attacks.”
By ‘library attacks’ he means using the PS3 to check the 281,474,976,710,656 possibilities of a six digit password, not that they are going to fling an armed PS3 in to a perverts book club.
The agency network of PS3s can process 4 million passwords a second and at $300 a console, much cheaper than the server combination they used previously. Once the PS3 network has cracked the code then the encrypted files can be used as evidence to catch the paedophiles.
Source: AxcessNews
Comments
Please note that all comments are the opinion of the individual author and not TheSixthAxis.
toutski | 16/11/2009 10:03
Legend
4116 TSA Points | Member since: Oct 2008
Phew.. I just checked this to see if I had been caught…
I jest…
Gastos84 | 16/11/2009 11:51
Team TSA: Writer
3860 TSA Points | Member since: Apr 2009
LOL
jonny_bolton | 16/11/2009 10:03
Chooses The Impossible
1984 TSA Points | Member since: Oct 2008
What an incredible piece of hardware indeed.
Person678 | 16/11/2009 10:05
BOOM! Headshot!
1782 TSA Points | Member since: Jan 2009
They use Phat PS3s apparently since they install Linux.
cheekyMcB | 16/11/2009 10:23
Member
694 TSA Points | Member since: Feb 2009
Lets hope they don’t get YLOD then as they can’t replace them unless they buy secondhand
DeathByNumbers | 16/11/2009 10:37
Member
430 TSA Points | Member since: Jul 2009
what do you mean? If a fat ps3 ylod’s they give you a slim? I thought they would still have loads of fat ps3 refurbs.
TheShepanator | 16/11/2009 17:16
Member
541 TSA Points | Member since: Nov 2009
They still produce “Fat” PS3s anyway don’t they? Have I missed something?
skibadee | 16/11/2009 19:53
Member
3868 TSA Points | Member since: Oct 2009
im shore you can still buy a fat one i hope if i have to use my insurance at game they give me a fat one back
BrendanCalls | 16/11/2009 10:07
Post Hoc, Ergo Propter Hoc - YOHIMBÉ!!!
1372 TSA Points | Member since: Forever
Two Hundred and Eighty One Trillion, Four Hundred and Seventy Four Billion Nine Hundred and Seventy Six Million, Seven Hundred and Ten Thousand, Six Hundred and Fifty Six.
Thats a lot of passwords
BrendanCalls | 16/11/2009 10:08
Post Hoc, Ergo Propter Hoc - YOHIMBÉ!!!
1372 TSA Points | Member since: Forever
P.S what if they use a 7 digit password instead, surely they have thought of this
Radboud | 16/11/2009 10:07
Member
966 TSA Points | Member since: Nov 2008
“The agency network of PS3s can process 4 million passwords”
Does this say that they can get 4 million passwords in a second? That means they can get 16 billion passwords in an hour. How many passwords are there in the world? Hardly more than that I think with a population of 16 billion people of which at least half would not have any password whatsoever.
BrendanCalls | 16/11/2009 10:14
Post Hoc, Ergo Propter Hoc - YOHIMBÉ!!!
1372 TSA Points | Member since: Forever
Ahh yes but they have to check every single combination for every single person so it might only be that many combinations but they have to check two hundred and eighty billion for every one instance of a password
Raen | 16/11/2009 10:12
Team TSA: Writer
3655 TSA Points | Member since: Mar 2009
You run the figures though. 281,474,976,710,656 being cracked at 4,000,000 a second means you can crack 240,000,000 a minute, 14,400,000,000 an hour or 345,600,000,000 a day. That still takes 814 days to brute force a 6 character password (the worst way of cracking a password by the way, running a dictionary attack is a much better way to start). To be honest who uses a six character password? People who are security conscious (myself included) will use much longer passwords, and the kind of people they’re targeting are likely to be paranoid.
BrendanCalls | 16/11/2009 10:16
Post Hoc, Ergo Propter Hoc - YOHIMBÉ!!!
1372 TSA Points | Member since: Forever
Totally agree, My password is 10 characters in length, using letters and numbers, I’ll give you 5 guesses to get it
DeathByNumbers | 16/11/2009 10:39
Member
430 TSA Points | Member since: Jul 2009
it’s brendan123, you’d better change it now.
carlosfilippsen | 16/11/2009 12:02
Member
1316 TSA Points | Member since: Mar 2009
my password is 16 characters in length, using letters and numbers, I doubt anyone would find out what it is.
DeathByNumbers | 16/11/2009 12:18
Member
430 TSA Points | Member since: Jul 2009
ok 16 characters that’s tough – erm carlosfilippsen1? lmao
hazelam | 16/11/2009 10:32
Member
3833 TSA Points | Member since: Feb 2009
and add in capitalisation and i’m sure the number of possible combinations skyrockets.
Raen | 16/11/2009 11:01
Team TSA: Writer
3655 TSA Points | Member since: Mar 2009
Nah, the source article is looking at 256 possible, which is basically every ASCII character you can have. The number is (in reality) much higher than anything anyone would actually use. If we take 52 letters (including caps), 10 numbers, space and the 31 or so symbols my Dell keyboard has on it (pretty standard) you get 94 inputs which brings the total down to 689,869,781,056 possible 6 character passwords. That means about a day to crack the a 6 character password. However when you go up to 10 it sky rockets to 426,984 years to brute force a password. Based on their input range of the whole of ASCII and a ten character password you get 9,583,696,570 years to brute force it. 9 billion years. For reference the entire Universe is 13 billion years old and the Earth around 4.5 billion years old. And that’s why brute force sucks.
Aitrus | 17/11/2009 10:26
Member
1476 TSA Points | Member since: Sep 2008
But that is the worst case scenario in a brute force attack. You could get lucky and hit the right combination in the first second.
But I agree, brute force is the last resort of password cracking.
teflon | 16/11/2009 12:06
Member
1968 TSA Points | Member since: May 2009
They’ll also have a group of people working on figuring out important dates in their life, names of people important to them and tons of other stuff because, lets face it, people hate using random passwords. They’re so easy to forget.
After all that, they’d also have to try them all again, whilst switching certain letters with numbers that look similar, so that Brendan123 could become Br3nd4nl2E. Then do a dictionary attack, then a dictionary attack with the switching (and all possible permutations of that)…
To be honest, it’s probably easier to use a brute force attack, but they’ll simply be running the brute force attack in addition to all the other possibilities. And you never know when the brute force might work and throw up the password in half an hour…
Raen | 16/11/2009 14:19
Team TSA: Writer
3655 TSA Points | Member since: Mar 2009
Brute forces are easier, but as my above post show they take a LONG time. They’re only really useful as a final solution, and if you have to go to brute force then it’s going to be a password long enough that you’re never going to crack it. Well ‘never’ unless you have a few billion years to play with.
Pemberton_ | 16/11/2009 14:33
Member
224 TSA Points | Member since: Nov 2008
I would highly doubt that if they had gone as far to encrypting their stuff though, that they would be using a weak password that would be susceptible to a dictionary attack.
Bladesteel | 16/11/2009 16:05
Member
277 TSA Points | Member since: Sep 2008
You might think so. But from reading and watching news I have come to one conclusion: criminals are stupid! At least the ones that get caught are. So if you’re already in the polices spotlight (and you’ll have to be for them to use this) you are probably stupid and probably have a weak passwors
Lorcan | 16/11/2009 10:14
Team TSA: Writer
1244 TSA Points | Member since: Oct 2008
It only does Everything.
bunimomike | 16/11/2009 10:16
Member
4606 TSA Points | Member since: Jul 2009
I bet Chris Langham’s cancelled his Christmas PS3 Slim.
Erroneus | 16/11/2009 10:23
Wanted "Trophy Hunter" but was too late.
2955 TSA Points | Member since: May 2009
Erroneus | 16/11/2009 10:24
Wanted "Trophy Hunter" but was too late.
2955 TSA Points | Member since: May 2009
Crap i forgot there isn’t an edit function *doh* Nofi would you kindly delete it
Joe | 16/11/2009 10:31
Member
216 TSA Points | Member since: Aug 2009
Go PS3!
Can we all safely assume that Xbox 360 users are paedophiles that are too scared that if they buy a ps3 it will catch them?
haha
BadBoyBoogie | 16/11/2009 11:04
Let There Be Rock
2689 TSA Points | Member since: Mar 2009
What a versatile piece of kit the PS3 is!! Now adding crime fighting to a seemingly growing list of abilities!!
FRUIT0FDOOM | 16/11/2009 11:13
Member
490 TSA Points | Member since: Aug 2009
This is great. All these added features may end up convincing developers to stop shafting the system with shoddy ports! Seriously, the PS3 seems to be heading in every other direction when right here and now it needs to put more into its gaming and online platform. I really don’t care if my PS3 can fold-at-home or catch perverts or if my 360 can…..erm – fry an egg! They are consoles and should be designed first and formost for gaming.
Raen | 16/11/2009 11:18
Team TSA: Writer
3655 TSA Points | Member since: Mar 2009
But this isn’t Sony changing focus. This is a third party using out-dated consoles (cause you need a Fat for Linux) to do it. This was a decision Sony made many years ago and has little to do with their current direction.
FRUIT0FDOOM | 16/11/2009 11:56
Member
490 TSA Points | Member since: Aug 2009
Sony changed their focus the moment they designed the PS3. Is it a trojan horse for Blu Ray? Is it the “Super Computer” Ken hyped it up to be? Is it a test bed for Cell? An all in one media center? Or a games console? It tries to be too much and I think may suffer for it. Ironically the system that has outsold both consoles is the one that pretty much just focuses on gaming – the Wii. I’m just miffed ‘cos I’d like to see Sony keep Playstation the fantastic gaming platform it has been the past two gens instead of this “it will do everything” attitude from the start of the PS3’s lifecycle. I swear down that if MS turn around at anypoint and say “Windows now on the 360″ it will be out the window!!!
Raen | 16/11/2009 14:28
Team TSA: Writer
3655 TSA Points | Member since: Mar 2009
Disagree that it’ll suffer, mostly because it isn’t suffering. It’s not outsold the 360 yet, but the sales figures month on month are generally pretty close and the average growth rate for both is pretty similar.
Pemberton_ | 16/11/2009 14:25
Member
224 TSA Points | Member since: Nov 2008
I don’t have anything to hide… but my whole system drive is AES encrypted with a 21 character password, featuring both uppercase and lowercase letters with a variety of symbols.
Crack that. :p
Raen | 16/11/2009 14:31
Team TSA: Writer
3655 TSA Points | Member since: Mar 2009
Sure, there’s quite a few attacks that work on the AES algorithm itself, and a few side-channel attacks that work in less than a second on some AES implementations. No encryption is perfect.
Raen | 16/11/2009 14:32
Team TSA: Writer
3655 TSA Points | Member since: Mar 2009
Also this http://xkcd.com/538/
Pemberton_ | 16/11/2009 14:41
Member
224 TSA Points | Member since: Nov 2008
A side channel attack wouldn’t work though? Because that would have to be run off the same system, whereas in my case, the whole system is encrypted? I’m not sure though.
And I don’t have anything on my laptop which would have cause for me to be tortured, but if I did it would be on a hidden OS on a hidden volume.
Raen | 16/11/2009 16:43
Team TSA: Writer
3655 TSA Points | Member since: Mar 2009
Possibly, I’m unsure if they ran the same OS on your hardware off of alternative HDD or some such if they’d get the same side channel effects or not. I think that it could work, but I haven’t done a huge amount of reading on the attack.
If it’s encrypted they don’t know you haven’t got good stuff
Finally anyone smart enough to be running side channels etc… would run forensics and get the hidden volume.
Timesh1993 | 16/11/2009 16:14
Member
1169 TSA Points | Member since: Apr 2009
I want to see a PS3 flying threw the window of a perverts book club!
gazzagb | 16/11/2009 17:53
Master of speling mitakse
2734 TSA Points | Member since: Feb 2009
Should be in the next PS3 ‘it can do everything’ advert!