This service provides you with the ability to:
- Recover access to locked business-critical documents.
- Quantify reduction in security risk from discovering and removing weak passwords used throughout your enterprise.
Since 2009, KoreLogic's password cracking team, led by Rick Redman (a recognized expert in sophisticated password cracking), has played a critical role in improving the methods, techniques and tools used to crack password hashes. This expertise is integral to the PRS's ability to unlock hard-to-recover passwords and provide means to easily and repeatably audit enterprise password compliance, where conventional password cracking tools and services often fall short or deliver fewer results.
Examples of PRS In Action
KoreLogic provides PRS to Fortune 500 firms, small businesses and to individuals such as described below:
- Fortune 500 Legal Team: Asked to recover encrypted files from a CD used by a former employee of an acquired company. We reverse-engineered the proprietary encryption used on the CD to gain access to the files.
- Law Firm: A firm was processing thousands of password-protected Microsoft Office and PDF documents for eDiscovery. After the firm's use of a commercial password cracking software proved ineffective, they engaged KoreLogic's PRS. We accomplished more in days than they had managed in months.
- Fortune 500 Food and Beverage Company: Cracked 99.8% of 260,000 password hashes. Passwords complied with documented policies, but those policies did not prevent major trends and predictable user behavior. Also identified administrators abusing their privileges to reuse passwords, evading password history controls.
- Small Business Owner: A couple ran a small business together; one partner did all the bookkeeping and kept all their business and personal financial account information in an encrypted spreadsheet. That partner passed away suddenly. We were able to decrypt that spreadsheet so that their spouse could regain access to their shared accounts.
- A Major Retailer: Leveraged PRS to get an understanding of their user compliance and to satisfy audit requirements. 84% of the organizations' 11,000 user passwords were found in 24 hours, leading to policy change discussions that ended with a revamp of their security policies.
- Taxpayer: A private citizen being audited by the Internal Revenue Service (IRS) urgently needed to access a pair of password-protected PDF files containing information relevant to the audit. After a number of unsuccessful attempts to recall/guess/recover the passwords, the individual turned to the Internet, and his research led him to us. PRS recovered his passwords in a fraction of a compute hour (i.e., mere minutes). Needless to say, the man was extremely grateful for our help.
- Fortune 500 Financial Company: A number of business units within the company under a tight deadline to identify and register all production macros were hindered in their efforts to comply due to protections placed (possibly by the original developers) on production files (predominantly Excel spreadsheets and Access databases). These protections, designed to prevent unauthorized access and/or modification, included file, workbook, worksheet, and macro passwords. In response to the request for help, we adapted PRS to produce a new offering called the Macro Recovery Service (MRS). MRS was subsequently deployed within the client's environment as a web-based, self-serve kiosk. One key factor in our success was our ability to dig into each file protection mechanism and come up with an approach that would have the least impact on the structure/integrity of the original file.
- Not Just Passwords: Flaws identified in the firmware of a peripheral device undergoing black-box security testing lead us to hypothesize that a brute force attack could be mounted against the wireless protocol used to communicate with the host system even though it was protected with 128-bit AES encryption. To confirm our theory, we created a custom attack program and deployed it on PRS's distributed cracking grid. Within two hours, the results were in: the cryptosystem as implemented was broken. The implications were severe (i.e., unauthorized access possible), global in scope (i.e., all devices affected), and invariant over time (i.e., all previous wireless traffic, if captured correctly/completely, could be decrypted at will).
- Not Just Password Recovery: We have been and continue to be open to supporting the research community. In 2014, for example, we conducted a pilot study consisting of four separate trials for a research effort led by Carnegie Mellon's CyLab Usable Privacy and Security (CUPS) team. Results and conclusions drawn from that work are documented in Measuring Real-World Accuracies and Biases in Modeling Password Guessability.
Quantifying The Risk Posed By Weak Passwords
Access to digital assets often depend on passwords chosen by end users - history shows that to be problematic. Despite having otherwise effective security controls, one weak user/administrator password typically is all an attacker needs for a toehold.
PRS helps improve security and compliance by:
- Identifying password patterns which, if eliminated, increases resistance to attack
- Providing insight into how passwords are being chosen by users and how to improve them
- Providing evidence of compliance with your password related policies
- Mapping historical data to trend user and administrator compliance with password policies
Recovery Of Password-protected Files
PRS can recover plaintext passwords for encrypted files (e.g., PDF, Microsoft Office documents, archives such as ZIP, etc.) for any number of possible legitimate uses such as restoring access to password protected documents containing critical information, supporting internal investigations, eDiscovery requests, etc.
Our goal is to make password recovery accessible for everyone from individuals and small businesses to the Fortune 100. Pricing is primarily a function of the amount of processing time desired, which in turn depends on the hash algorithms or file types, urgency, number of accounts or files to be recovered, etc.
- For individuals or one-time engagements, we support payment via PayPal.
- Enterprise customers may prefer to enter into a traditional contract arrangement, use the service on a recurring basis, etc.
- We will require some attestation in writing that you have legal right to the password/file and that you are not engaging or causing KoreLogic to engage in any illegal activity.
- For engagements such as recurring enterprise-wide password cracking and reporting, we may deploy a hardware or virtual appliance on customer premises; contact us for more details.