Wouldn’t the hacker then need to track down your physical computer…steal it…use the bitlocker key…look to see if you actually have any data worth taking etc…?
Sure. It’s not anyone. It’s anyone that can get a warrant. Or anyone that have enough power/underhanded influence to ask them nicely. Or any admin that have access to cloud storage at MS (remember they where caught with some exec having full access to that a while ago). Or any big leak that could exfiltrate these data. And probably a handful of other people, like, someone getting access to your MS account for whatever reason (which kinda happen, seeing how people lose their mail account to phishing/scams all the time) suddenly having access to your keys from there.
If your keys are in a DB somewhere, there’s a lot of way they could get out. Would these ways coincide with someone actually having your drive at hand? Probably not. Still, the key not existing in plaintext in some third party storage close all these holes.
Just to clarify… my question wasn’t “do sleepers exist” it was should we continue to call them sleepers when they have broad access to the administrative branch of the US government.
Yes. But this completely invalidates the encryption. If anyone can decrypt your data without you giving the keys to them, it is not really encrypted.
The encryption key is data, don’t give it to ANYONE. “Two people can keep a secret if one of them is dead.”
Which means it’s useless if always uploaded to MS
You’re confusing two different things here, in a really weirdly obtuse way.
Its not anyone though. Not anyone can get a warrant and demand the keys
Anyone included Microsoft. You’re thinking of the word “everyone”
if Microsoft has the power to give the keys to the feds what happens when Microsoft gets hacked?
Wouldn’t the hacker then need to track down your physical computer…steal it…use the bitlocker key…look to see if you actually have any data worth taking etc…?
or they give the keys or whatever data willingly, and then say they are hacked as an excuse.
Anyone as in “a single person”. They don’t mean everyone has access.
Sure. It’s not anyone. It’s anyone that can get a warrant. Or anyone that have enough power/underhanded influence to ask them nicely. Or any admin that have access to cloud storage at MS (remember they where caught with some exec having full access to that a while ago). Or any big leak that could exfiltrate these data. And probably a handful of other people, like, someone getting access to your MS account for whatever reason (which kinda happen, seeing how people lose their mail account to phishing/scams all the time) suddenly having access to your keys from there.
If your keys are in a DB somewhere, there’s a lot of way they could get out. Would these ways coincide with someone actually having your drive at hand? Probably not. Still, the key not existing in plaintext in some third party storage close all these holes.
what happens when fydor monikov the sleeper agent from the kgb working at the fbi gets a copy of these master keys
KGB is inside the oval office 💀
(I mean they literally deported a Russian dissident back to russia… need say more?)
Are they really sleepers any more?
Yes, according to whistleblowers from the CIA. Russia and China are regularly doing this
Just to clarify… my question wasn’t “do sleepers exist” it was should we continue to call them sleepers when they have broad access to the administrative branch of the US government.