UNITED STATES NEWS

‘Cold’: FBI, Secret Service failed to crack Josh Powell’s encryption

Jan 31, 2019, 11:00 AM

This still frame image from one of Steve Powell's home videos shows his oldest son, Josh Powell, si...

This still frame image from one of Steve Powell's home videos shows his oldest son, Josh Powell, sitting at his computer in 2003. Josh Powell's use of encryption on his personal files continues to frustrate police investigating the Dec. 7, 2009, disappearance of Josh Powell's wife, Susan Powell. (Caption: West Valley Police Department)

(Caption: West Valley Police Department)

Editor’s note: This is the 12th of a weekly series featuring highlights from a KSL investigative podcast series titled “Cold” that reports new information about the case of missing Utah woman Susan Powell.

WEST VALLEY CITY — An off-the-shelf computer hard drive seized from the basement office of Josh and Susan Powell’s home the day after her disappearance continues to frustrate police more than nine years later.

Warrants filed in the case as far back as Dec. 8, 2009, show police believe the drive could hold evidence related to Susan Powell’s disappearance the day before.

The Western Digital-brand “My Book World Edition” external drive, 1 terabyte in capacity, is locked with encryption. All efforts to crack that encryption have so far failed.

West Valley police suspect this Western Digital external hard drive seized from Josh and Susan Powell’s home on Dec. 8, 2009, might hold evidence related to Susan Powell’s unsolved disappearance. The drive was encrypted and has resisted all efforts to circumvent that encryption. (Photo: West Valley City, Utah police)

The first stop for that hard drive after police took it from the Powell home with a search warrant was the Intermountain West Regional Computer Forensics Laboratory in Salt Lake City.

FBI supervisory special agent Cheney Eng-Tow said the laboratory’s digital forensic experts worked with West Valley police detectives. They produced an exact copy of the drive, called a mirror. Then they attempted to extract information from the mirror using specialized software called a forensic tool kit.

That failed because the drive had been encrypted. Agents tried several methods of circumventing the encryption, from guessing potential passwords to attempting a “brute force” attack.

“You’re just trying combinations from the dictionary, combinations of letters, alpha-numeric characters, and so the longer that password is, the longer it’s going to be before you can break it,” Eng-Tow said.

While serving a search warrant at the South Hill, Wash., home of Steve Powell on Aug. 25, 2011, police looked for any writings that appeared to hold possible passwords. Those potential passwords were entered into Josh Powell’s encrypted digital media, in the hopes of getting past encryption. (Photo: West Valley City, Utah police)

Laboratory analysts also attempted more human approaches, such as using children’s names or birthdates.

“We do break encryption here on cases. Sometimes we’re successful doing it, other times we’re not,” Eng-Tow said. “FBI headquarters has a unit basically that can try and do that as well.”

FBI

On June 22, 2010, 3rd District Judge Robert Hilder signed a warrant allowing the forensics laboratory to send three encrypted devices, including the mirror of that Western Digital hard drive, to FBI headquarters in Quantico, Virginia.

West Valley police asked for court permission in 2010 to provide Josh Powell’s encrypted digital media to FBI headquarters in Quantico, Va. After more than a year, the FBI reported that it was unable to access the devices. (Photo: West Valley City, Utah police)

After more than a year, FBI headquarters returned the drives to Utah. The bureau had been unable to access them.

Case records show West Valley police also requested help from AccessData, the Utah-based software vendor that produced the forensic tool kit program used by the FBI, as well as the U.S. Secret Service.

The city submitted a mirror to the federal agency but in May 2011, the Secret Service reported that it was also unable to crack the encryption.

Decipher forensics

A secrecy order prevented police from discussing the case or their evidence until May 2013, when the Susan Powell case officially became “cold.” By that point, Josh Powell and his brother Michael Powell, who police suspected had knowledge of Susan Powell’s death, had both committed suicide.

In October of 2013, after a judge had lifted that secrecy order, Susan Powell’s father Chuck Cox suggested that police submit a mirror to a Utah company called Decipher Forensics. The lead detective on the Powell case, Ellis Maxwell, spoke with Trent Leavitt from Decipher the following month.

“I explained to Trent that Josh Powell admitted he used a 24 character password … when we seized further digital media,” Maxwell wrote in a later report. “At that time in 2011, Josh admitted and provided one password that was potentially 56 characters long.”

This still frame image from one of Steve Powell’s home videos shows his oldest son, Josh Powell, sitting at his computer in 2003. Josh Powell’s use of encryption on his personal files continues to frustrate police investigating the Dec. 7, 2009, disappearance of Josh Powell’s wife, Susan Powell. (Caption: West Valley Police Department)

Maxwell provided a mirror to Decipher Forensics in December of 2013. Four years later, Decipher had still not succeeded in cracking the drive. Police records revealed Decipher requested and received access to mirrors of all the other computer drives seized from the Powell home in 2009, along with the FBI’s analysis and other case documents.

At that time in 2017, investigators reminded Decipher staff they were prohibited from discussing their efforts under a non-disclosure agreement.

Case files also indicate that on Jan. 4, 2018, police provided yet another mirror of the encrypted drive to a computer systems security expert with Intermountain Healthcare. An IHC spokesman said that employee volunteered his expertise as a private individual and the device in question never entered an Intermountain facility.

Complex password

The most simple solution would have been for Josh Powell to voluntarily provide his password to police. They requested he do so multiple times, but he frequently claimed to have forgotten it.

Because the entire volume is encrypted, there’s no way to know how much data it actually holds or if any of its contents are relevant to the case. Many of Susan Powell’s friends and family members suspect the drive might be the last, best chance of learning what happened to her.

“It’s good maybe to be optimistic like that, but in the end there could be nothing on it of value,” Eng-Tow said. “Is there something on there that is incriminating or not? You’ll never know until you actually get into it and see it.”

United States News

Associated Press

Columbia University cites progress with Gaza war protesters following encampment arrests

NEW YORK (AP) — Columbia University said early Wednesday that it was making “important progress” with pro-Palestinian student protesters who set up a tent encampment and that it was extending a deadline to clear out, yet standoffs remained tense on the Ivy League campus in upper Manhattan. Student protesters “have committed to dismantling and removing […]

8 hours ago

Associated Press

What to listen for during Supreme Court arguments on Donald Trump and presidential immunity

WASHINGTON (AP) — The Supreme Court hears arguments Thursday over whether Donald Trump is immune from prosecution in a case charging him with plotting to overturn the results of the 2020 presidential election. It’s a historic day for the court, with the justices having an opportunity to decide once and for all whether former presidents […]

9 hours ago

Associated Press

USPS commits to rerouting Reno-area mail despite bipartisan pushback and mail ballot concerns

LAS VEGAS (AP) — The USPS announced on Tuesday it will follow through with its plan to reroute Reno-area mail processing to Sacramento, a move that drew bipartisan ire from Nevada lawmakers while raising questions about the rate at which mail ballots can be processed in a populous part of a crucial swing state. Postmaster […]

11 hours ago

The American and Ukrainian flags wave in the wind outside of the Capitol on Tuesday, April 23, 2024...

Associated Press

Senate overwhelmingly passes aid for Ukraine, Israel and Taiwan with big bipartisan vote

The Senate has passed $95 billion in war aid to Ukraine, Israel and Taiwan, sending the legislation to Biden after months of delays.

11 hours ago

The logo for the Tesla Supercharger station is seen in Buford, Ga, April 22, 2021. Faced with falli...

Associated Press

Tesla 1Q profit falls 55%, but stock jumps as company moves to speed production of cheaper vehicles

Tesla’s stock price surged in after-hours trading Tuesday as the company said it would prioritize production of more affordable vehicles.

12 hours ago

Pages from the United Healthcare website are displayed on a computer screen, Feb. 29, 2024, in New ...

Associated Press

UnitedHealth says wide swath of patient files may have been taken in Change cyberattack

The company said after markets closed that it sees no signs that doctor charts or full medical histories were released after the attack.

13 hours ago

Sponsored Articles

...

DISC Desert Institute for Spine Care

Sciatica pain is treatable but surgery may be required

Sciatica pain is one of the most common ailments a person can face, and if not taken seriously, it could become one of the most harmful.

...

Fiesta Bowl Foundation

The 51st annual Vrbo Fiesta Bowl Parade is excitingly upon us

The 51st annual Vrbo Fiesta Bowl Parade presented by Lerner & Rowe is upon us! The attraction honors Arizona and the history of the game.

...

Collins Comfort Masters

Avoid a potential emergency and get your home’s heating and furnace safety checked

With the weather getting colder throughout the Valley, the best time to make sure your heating is all up to date is now. 

‘Cold’: FBI, Secret Service failed to crack Josh Powell’s encryption