UNITED STATES NEWS

‘Cold’: FBI, Secret Service failed to crack Josh Powell’s encryption

Jan 31, 2019, 11:00 AM

This still frame image from one of Steve Powell's home videos shows his oldest son, Josh Powell, si...

This still frame image from one of Steve Powell's home videos shows his oldest son, Josh Powell, sitting at his computer in 2003. Josh Powell's use of encryption on his personal files continues to frustrate police investigating the Dec. 7, 2009, disappearance of Josh Powell's wife, Susan Powell. (Caption: West Valley Police Department)

(Caption: West Valley Police Department)

Editor’s note: This is the 12th of a weekly series featuring highlights from a KSL investigative podcast series titled “Cold” that reports new information about the case of missing Utah woman Susan Powell.

WEST VALLEY CITY — An off-the-shelf computer hard drive seized from the basement office of Josh and Susan Powell’s home the day after her disappearance continues to frustrate police more than nine years later.

Warrants filed in the case as far back as Dec. 8, 2009, show police believe the drive could hold evidence related to Susan Powell’s disappearance the day before.

The Western Digital-brand “My Book World Edition” external drive, 1 terabyte in capacity, is locked with encryption. All efforts to crack that encryption have so far failed.

West Valley police suspect this Western Digital external hard drive seized from Josh and Susan Powell’s home on Dec. 8, 2009, might hold evidence related to Susan Powell’s unsolved disappearance. The drive was encrypted and has resisted all efforts to circumvent that encryption. (Photo: West Valley City, Utah police)

The first stop for that hard drive after police took it from the Powell home with a search warrant was the Intermountain West Regional Computer Forensics Laboratory in Salt Lake City.

FBI supervisory special agent Cheney Eng-Tow said the laboratory’s digital forensic experts worked with West Valley police detectives. They produced an exact copy of the drive, called a mirror. Then they attempted to extract information from the mirror using specialized software called a forensic tool kit.

That failed because the drive had been encrypted. Agents tried several methods of circumventing the encryption, from guessing potential passwords to attempting a “brute force” attack.

“You’re just trying combinations from the dictionary, combinations of letters, alpha-numeric characters, and so the longer that password is, the longer it’s going to be before you can break it,” Eng-Tow said.

While serving a search warrant at the South Hill, Wash., home of Steve Powell on Aug. 25, 2011, police looked for any writings that appeared to hold possible passwords. Those potential passwords were entered into Josh Powell’s encrypted digital media, in the hopes of getting past encryption. (Photo: West Valley City, Utah police)

Laboratory analysts also attempted more human approaches, such as using children’s names or birthdates.

“We do break encryption here on cases. Sometimes we’re successful doing it, other times we’re not,” Eng-Tow said. “FBI headquarters has a unit basically that can try and do that as well.”

FBI

On June 22, 2010, 3rd District Judge Robert Hilder signed a warrant allowing the forensics laboratory to send three encrypted devices, including the mirror of that Western Digital hard drive, to FBI headquarters in Quantico, Virginia.

West Valley police asked for court permission in 2010 to provide Josh Powell’s encrypted digital media to FBI headquarters in Quantico, Va. After more than a year, the FBI reported that it was unable to access the devices. (Photo: West Valley City, Utah police)

After more than a year, FBI headquarters returned the drives to Utah. The bureau had been unable to access them.

Case records show West Valley police also requested help from AccessData, the Utah-based software vendor that produced the forensic tool kit program used by the FBI, as well as the U.S. Secret Service.

The city submitted a mirror to the federal agency but in May 2011, the Secret Service reported that it was also unable to crack the encryption.

Decipher forensics

A secrecy order prevented police from discussing the case or their evidence until May 2013, when the Susan Powell case officially became “cold.” By that point, Josh Powell and his brother Michael Powell, who police suspected had knowledge of Susan Powell’s death, had both committed suicide.

In October of 2013, after a judge had lifted that secrecy order, Susan Powell’s father Chuck Cox suggested that police submit a mirror to a Utah company called Decipher Forensics. The lead detective on the Powell case, Ellis Maxwell, spoke with Trent Leavitt from Decipher the following month.

“I explained to Trent that Josh Powell admitted he used a 24 character password … when we seized further digital media,” Maxwell wrote in a later report. “At that time in 2011, Josh admitted and provided one password that was potentially 56 characters long.”

This still frame image from one of Steve Powell’s home videos shows his oldest son, Josh Powell, sitting at his computer in 2003. Josh Powell’s use of encryption on his personal files continues to frustrate police investigating the Dec. 7, 2009, disappearance of Josh Powell’s wife, Susan Powell. (Caption: West Valley Police Department)

Maxwell provided a mirror to Decipher Forensics in December of 2013. Four years later, Decipher had still not succeeded in cracking the drive. Police records revealed Decipher requested and received access to mirrors of all the other computer drives seized from the Powell home in 2009, along with the FBI’s analysis and other case documents.

At that time in 2017, investigators reminded Decipher staff they were prohibited from discussing their efforts under a non-disclosure agreement.

Case files also indicate that on Jan. 4, 2018, police provided yet another mirror of the encrypted drive to a computer systems security expert with Intermountain Healthcare. An IHC spokesman said that employee volunteered his expertise as a private individual and the device in question never entered an Intermountain facility.

Complex password

The most simple solution would have been for Josh Powell to voluntarily provide his password to police. They requested he do so multiple times, but he frequently claimed to have forgotten it.

Because the entire volume is encrypted, there’s no way to know how much data it actually holds or if any of its contents are relevant to the case. Many of Susan Powell’s friends and family members suspect the drive might be the last, best chance of learning what happened to her.

“It’s good maybe to be optimistic like that, but in the end there could be nothing on it of value,” Eng-Tow said. “Is there something on there that is incriminating or not? You’ll never know until you actually get into it and see it.”

United States News

Associated Press

Jimmy Carter becomes first living ex-president with official White House Christmas ornament

WASHINGTON (AP) — Former President Jimmy Carter has another distinction to his name. The 99-year-old is the first of the U.S. presidents to be honored with an official White House Christmas ornament while still living. The ornament was unveiled Wednesday and is the latest in an annual series that the nonprofit White House Historical Association […]

13 minutes ago

Associated Press

Feds accuse alleged Japanese crime boss with conspiring to traffic nuclear material

NEW YORK (AP) — A leader of a Japan-based crime syndicate conspired to traffic uranium and plutonium from Myanmar in the belief that Iran would use it to make nuclear weapons, U.S. prosecutors alleged Wednesday. Takeshi Ebisawa, 60, and his confederates showed samples of nuclear materials that had been transported from Myanmar to Thailand to […]

21 minutes ago

Associated Press

Pennsylvania’s high court throws out GOP lawmakers’ subpoena in 2020 presidential election case

HARRISBURG, Pa. (AP) — Pennsylvania’s highest court ruled Wednesday that Republican state lawmakers can no longer try to enforce a subpoena for election records they issued in 2021 in a quest inspired by former President Donald Trump’s baseless claims of fraud in the 2020 presidential election. The court, in a brief order, dismissed three appeals […]

49 minutes ago

FILE - A hearse and van sit outside the Return to Nature Funeral Home, Oct. 6, 2023, in Penrose, Co...

Associated Press

Colorado lawmakers vote to introduce bill to regulate funeral homes after 190 decaying bodies found

DENVER (AP) — On the heels of two egregious cases of funeral home owners mishandling bodies and cremated remains, Colorado lawmakers aimed Wednesday at trying to shore up the state’s lax regulations that failed to prevent the horrific incidents. A bipartisan House committee unanimously voted in a hearing to introduce a bill that would bring […]

56 minutes ago

Associated Press

Third suspect in plot to kill Iranian American author on US soil extradited to face charges

PHILADELPHIA (AP) — A suspect charged in a plot to kill an Iranian American author and activist has been extradited from the Czech Republic to face charges, the Justice Department said Wednesday. Polad Omarov was arrested by Czech officials in January 2023, when charges were announced against him and two other men in the alleged […]

1 hour ago

Associated Press

Tennessee free-market group sues over federal rule that tightens worker classification standards

NASHVILLE, Tenn. (AP) — A Tennessee free-market nonprofit group on Wednesday joined the ranks of organizations challenging a new Biden administration labor rule that changes the criteria for classifying workers as independent contractors or employees. The Beacon Center of Tennessee filed its federal lawsuit in Nashville on behalf of two freelance journalists, Margaret Littman and […]

4 hours ago

Sponsored Articles

...

Collins Comfort Masters

Avoid a potential emergency and get your home’s heating and furnace safety checked

With the weather getting colder throughout the Valley, the best time to make sure your heating is all up to date is now. 

...

Day & Night Air Conditioning, Heating and Plumbing

Valley residents should be mindful of plumbing ahead of holidays

With Halloween in the rear-view and more holidays coming up, Day & Night recommends that Valley residents prepare accordingly.

...

Canvas Annuity

Interest rates may have peaked. Should you buy a CD, high-yield savings account, or a fixed annuity?

Interest rates are the highest they’ve been in decades, and it looks like the Fed has paused hikes. This may be the best time to lock in rates for long-term, low-risk financial products like fixed annuities.

‘Cold’: FBI, Secret Service failed to crack Josh Powell’s encryption