10 Ways to Ensure Your Data is Safe From the Feds
By Brandon Ching
On July 25th, 2008
News that our US Customs agents can stop and look through a person’s laptop and digital devices when they enter the country happened to hit me very late. Only yesterday did I actually read an article explaining this gross violation of privacy; US citizen or not. While I would love to go off on the legal, constitutional, and ethical shortcomings of a policy such as this, I promised my editors (read: bosses) I would try to provide a bit more of an upside with my rants, instead of just straight ranting.
Thus I am here today to offer a few recommendations for those of us that still believe in the right to individual privacy. (And a few that might get you into trouble on your next time at the airport.)
As a certified GIAC Computer Forensic Analyst, I have a bit of experience in the methods used by law enforcement to collect and process digital evidence. Thus, here is a list of 10 things that you can do to keep your data protected when either crossing the Gestapo-controlled borders of our fine country or sitting in your home office with a warm mug of hot chocolate:
1. Encryption
Yes, this one may seem obvious, but I am constantly amazed at how many people do not encrypt their data or encrypt it in a less-than-ideal manner. There is (currently) no easy or entirely effective way to retrieve data within a well-encrypted (1024-bit key or greater) archive. Despite the fact that most types of encryption today are considered relatively safe against attack, I would still recommend a tiered approach to data encryption:
-
Your first and most broad layer of protection should be at the system or hardware level. This type of encryption is implemented by either the operating system or hard disk hardware itself. In general, this type of protection is very good. Most current major OS’s either include or offer as an enhancement, the ability to encrypt your entire drive. (This is true of OSX and Vista Ultimate) There are also third-party software packages like TrueCrypt that offer this ability.
Many hard drive manufacturers now also offer hardware-based encryption of their drives. How’s this work? Well, prior to any data being read/written, the hard drive I/O stream is passed through a hardware encryption chip. Thus, there is no way for any unencrypted data to be accidentally written to the disk.
However, keep in mind that both of these methods, while easy to implement, have some downfalls: In order for an OS-level encryption scheme to work seamlessly, the encryption key must be readily available for use. Otherwise, the system would constantly ask you for your password for every file you wish modify, add, delete and move. How does the OS get around this? It keeps the encryption key in memory. To try it yourself, do a memory dump and parse it for your entire key…it will be there. If you can find it, so can the fuzz (usually). (Consider, this is also the method used successfully by hackers trying to break HD-DVD and Blu-Ray encryption.)
As far as hardware encryption is concerned, I don’t entirely trust it. There are a number of recorded instances where the government has successfully “requested” private entities to build in backdoor access to systems it deemed important. Thus, I’m inclined not to fully trust the claims of the manufacturers. (If your whole-drive encryption scheme was backdoored for the government, would you advertise that a vulnerability existed?) For casual, non-the-feds-have-confiscated-my-shit use, this is a good option. But we’re trying to beat the feds here.
-
The next layer of protection would be individual file encryption for your most sensitive files. Programs like GPG, PGP, TrueCrypt and a multitude of others offer solid encryption methods. Most of these programs will also allow you to create encrypted “drives” or self-executing archives that contain many files and can be used to fill USB drives or moved around quite easily. Also, your hard disk key and file level key should be different. (In other words, use different passwords and encryption algorithms!)
I have read a number of threads where people recommend file-level passwords to protect their content. Here’s the story there: These password protection schemes are useless unless there is some form of encryption involved. This means that, in general, PDF, Word, ZIP, and other types of password-only protections are a waste of time—cracking tools are easily available to even casual users with a quick Google search. They’re typically based on two-way encryption schemes and thus, aren’t secure at all.
2. Frequent Free Space Drive Wipes
Most encryption packages also include a method to “wipe” your drive. This is important since we all know that “delete” really doesn’t mean delete. (When you delete a file, the OS just marks that space as “writable” and removes the file’s listing from the file system. It’s still highly recoverable, though.)
A free space wipe forces your hard drive to write either a set or random stream of 1’s or 0’s to all the areas of your drive designated as free space by your OS. (Or basically, over the files you’ve deleted.) If you are using an encryption software package, you may find that there are all kinds of crazy options for drive wiping including impressive titles like, “NSA level data protection, blah, blah, blah” that wipe your drive 7+ times. It’s generally a waste of time—a single wipe with random data is typically all you need. But if you want to feel extra safe, go ahead and run a few more passes over it.
3. Setting Your Browser To Automatically Clear Its Cache & Cookies on Close
I know this one is a pain in the ass since you end up losing all of your logins and such but it makes clearing your internet trail automatic and fast. It would suck if your friend quickly jumped on your computer only to see all the S&M sites in your history from the other day that you forgot to clear. Unless that’s your thing. And maybe their thing. And then you guys could, you know, discuss it. As men do.
It’s a judgment call if this level of protection is worth it for you. At the very least, you need to make sure you follow my next tip and:
4. Password-Protect Your Screen Saver
. This one may be a bit annoying, but it’s nowhere near as frustrating as clearing your browser cache can be. And it’s probably the most important thing you can do to protect your data after encrypting your drive. This one’s simple. Quick instructions follow, for XP users, for Vista users and for OSX users.
Also, get in the habit of locking your screen ANYTIME you leave your desk. It may not seem like much, but from a Five-O investigative perspective, this is a serious pain in the ass. The reason being, if you encrypted your drive like you should, then the investigator has no choice but to pull the plug on your system since they cannot do a live forensic duplication. However, when they later proceed with the duplication after seizing your drive, they will find the drive is encrypted AND they will have lost the volatile evidence in memory. Thus, they will get NOTHING!
Don’t forget to use strong passwords or passphrases. Be clever: pick a line in a song you really like and use the first letter of each word. Better if it has a number. And don’t write your passwords down.
5. Always Wipe the Entire Drive When Giving Away a System or Drive
Again, this should be obvious but it bears repeating: formatting does not overwrite data on the drive, it simply erases any reference to the data. The best method to wipe an entire drive is to attach that drive to an existing system and to wipe the entire drive from there. There are many people out there who buy drives or old systems for the sole purpose of analyzing them for the previous owner’s personal data. We did this as part of my CF training. Fortunately, we didn’t do anything with the private data, but this represents a huge vector for identity theft. If you’re simply tossing a hard drive instead of donating it, go the extra mile: Wipe the drive and then drill several holes straight through it.
Other, Less Savory Data Protection Practices…
All that said, I’ve gone ahead and brainstormed a few ways to give your friendly customs agent a bit of a hazard at getting to your data. Try these at your own risk:
-
Remove the hard drive and mail it home. When customs tries to start the laptop and it won’t boot, tell them it’s idiot proof. (Expect a pistol-whipping or a tasing here.)
-
Leave your computer in sleep mode but take a screen shot of your desktop (with incriminating filenames on the desktop) and make that the background of the login screen. See how many mouse clicks and keystrokes it takes them to figure out that their actions aren’t really doing anything. (Vista doesn’t display your desktop wallpaper when your system is locked, but there are ways to customize your login screen for fun as well.)
-
Pop the keys off the keyboard and move them around to different positions. (Or just use Dvorak.) When they ask for your password, give them a random sting and watch as they try to figure it out.
-
Mail your real laptop home and/or bring a fake/broken laptop. (If you happen to have one on hand. Clearly, we’re being a bit tongue-in-cheek here.) Before you leave, epoxy the lid closed and see how long it takes them to get the lid open. When they ask you how to open it, explain that they have to say a Harry Potter spell to open the laptop. (Expect a tasing here, too.)
-
When it still doesn’t open, tell them you left your wand at home. Or that you just use the battery compartment to store your cocaine. Customs agents are renowned for their wonderful sense of humor.
Popularity: 78% [?]
Tagged with: bitlocking, browser cache, cryptography, customs, data encryption, data protection, encryption, feds, forensics, GIAC, rant, us customs
PRINT
13 COMMENTS
PERMALINKRelated Posts
- Linux CLI Tutorial Part 1—Some Under-Utilized Bash Tools for the CLI Feeble
- Problems In The Cloud: Amazon S3 & SQS Down
- GigaOM Talks to Amazon’s Jeff Bezos about Amazon Web Services
- Trusting In The Cloud: A Call For Post-Mortem As Facebook Loses Notification Settings
- ICANN Kills Domain Tasting, Opens Up Any TLD (.*)
Subscribe 'n Stuff
HTMList.com Recommends
Encryption is only safe with weak adversaries like you and me. Nobody really knows for sure how much computing power the feds have. In the worst case scenario with the U.S. Customs, your laptop can be confiscated and sent to NSA for analysis where your beloved laptop will be analyzed by the same cracking facilities that was built to crack /bin/laden’s communications.
Fortunately, it is not reasonable for us to assume that the government has an unlimited number of supercomputers (or even millions of average computers in clusters) ready and waiting to crack each and every one of our encrypted secrets. While I’m sure the NSA and other three letter government agencies do indeed have massive amounts of processing power at their disposal, I seriously doubt (and it cannot be proven, by any of us at least) they have the amount needed to crack, at minimum, a 1024 bit encrypted archive in a reasonable amount of time.
Even if they did, I would much rather that they focus on cracking Al Qaeda’s codes than reading about my encrypted medical and tax records (and I’m sure they would agree). And seriously, unless you have some major ties to global terrorist organizations, your laptop will never fall into the hands of the NSA…they have much bigger fish to fry.
Unfortunately, it is no longer reasonable to consider the US a free country that does not consider its citizens innocent. I would NEVER compromise a client by giving access to sensitive files over to anyone, much less the US government. Before getting to the border I store the information, encrypted, on a disguised flash drive, wipe the entire hard drive and leave only a boot floppy in the disc drive.
Rather focus on cracking Al Qaedas codes?…that is the entire point of these actions…they think you have Al Qaedas codes. Al Qaeda has succeeded in this regard by making America less free for it’s citizens. They do not need unlimited computers…they only need one to search yours before you feel violated.
Actually in a sense one of your options, the one about removing the HDD and mailing it home, is very real and viable. With the ability to have 8, 16 or 32G solid state drives, (SDHC, key fob, etc ) put all the data on those, and ship that home. Then when the TSA, Customs or other Non English speaking organization attempts to search your system, everything looks normal. Additionally you can use something like password safe to hold all of your passwords login names etc. Never store this data on your computer, instead put it on a key drive or other SSD. They can’t get at what isn’t there.
Anon, NSA has bigger fish to fry and dc3(department of Defense Cyber Crime Center (DC3)) doesn’t care if john smith use hard drive encryption. The FBI cart will only get it if its an ongoing criminal investigation and they are swamped as it is. Neither has the resources and time to taken on our simple laptops.
1, Remove RAM and mail it home. Let them add RAM if they want the computer to boot. No law says your computer has to be operational. Without RAM it will attempt to boot and error out. Defective RAM in the notebook would be even better. Or leave 256 meg for XP or Vista to boot with. Lotsa luck, copper!
2. Encrypt many nonsense files with goofy passwords. Let them waste their time decrypting each one of them.
3. Leave the porn home.
4. Encrypt Mary Had a Little Lamb.mp3 47 times with different passwords and added words.
5. Superglue the RAM door on your notebook closed. See number 1.
6. Mail the power cord and power supply home. Leave for the states with a dead battery.
6a. Carry the wrong charger for your notebook. With any luck it will be an unusual one. Start out with a dead battery.
7. ZIP your files and encrypt the resulting file multiple times with different passwords.
8. SD cards are used for cameras and music players. Buy a lot of cheap ones and add some Mary Had a Little Lamb.mp3 encrypted files. See number 4. Leave one in every luggage pocket. Label them Easter eggs.
9. Use PGP or TrueCrypt encryption. Personally I would trust PGP and TrueCrypt more than the others.
10. Use a Live CD with Linux while on the road for internet access. Use the Live CD to view your internet pictures. Nothing, absolutely nothing, will be saved to your hard drive. No history or cache problems. No Trojans or viruses either.
11. Your computer’s MAC address and internet account can be traced back to you. Use an open WiFi site. Buy a PCMCIA wireless card that will will work with the Live Linux CD (some experimentation might be needed). DO NOT register the card with the manufacturer. Stay anonymous. Pay cash for the card.
(Can a Ethernet connection from a notebook through a portable switch setup for NAT hide the notebook’s MAC address for a hard-wired connection? I would appreciate a response to this. Thanks.)
forstand. Yes, the IP packets will have the MAC address of the switch or router (I’m nearly positive on this…I think). Thanks for the additional “methods.” Alternatively, in almost any OS today (Windows, OS X, and Linux) you can modify your MAC address (using ifconfig in OS X and Linux and through the Connection Properties in Windows). Though be sure to write down the original so you can set it back.
Brandon: You’re right, if you have a router performing NAT, packets leaving it for the internet will have the MAC address of the router, not the PC behind it. Also, changing the MAC address of most routers is easy to do, and if you do change it (or the MAC of your pc) it’s usually trivial to change back — the device’s MAC is permanently hard-coded into the card, the change is within the operating system only.
Just remember that anything you send via post (FedEx,UPS,etc) is subject to customs inspections as well, so be sure to encrypt anything that you send, be it on SD cards or a whole hard drive. It would be trivial for agents to flag the name and address on your identification to hold and inspect any packages that go through postal customs , and it would probably be suspicious to see that you’ve posted a package to avoid taking it across the border (especially so if your laptop isn’t functioning/missing components). So send it early enough that your package passes customs before you do..
Mail your working HD (with encryption) ahead of you. Have a fully functional, innocent as a lamb, laptop with you. If you MUST encrypt anything, let it be some downloaded file such as The Clue Train Manifesto. It will stick out like a sore thumb.
The cumulative effect of many, many individuals using encryption and subterfuge with their laptops is to force the various investigative agencies away from ‘dragnet’ searches and make them rely on highly focused pre-screening.
Can anyone direct me to a detailed explanation of how to use PGP / GPG with email? The idea sounds fine, but I’m a little dense about how to implement it.
IP packets don’t contain the mac address, only the destination/source IP address.
There are other ways like steganography and better yet, hiding files within files. The files would seem innocuous and works normally, but would actually have hidden files within it.
Don’t forget the possibility of rubber-hose cryptanalysis, AKA wrench cryptanalysis: http://xkcd.com/538/
Mailing your hard drive well in advance and packing a clean, ordinary-looking system is your best bet. Truecrypt also has a nice feature in which you can create two encrypted volumes, with two different passwords, and it will decrypt and boot into one or the other depending which password is used. Your small, ordinary-looking Windows XP install will be told it has the entire disk to itself, but in reality, when it uses more space than was allocated to it, it will be overwriting the other, encrypted volume – which, if it’s ever actually started, is probably a good thing.
You could even have a hidden background process – or better, hacked kernel – that will wipe the encrypted volume in the background while Windows runs. The activity LED might give it away, but if you only wiped the first few sectors containing the keys, the rest is useless, and this should only take a fraction of a second. You might go over some more random sectors with random garbage just to be sure. For extra paranoia, the process can then terminate and wipe itself.
For desktops: the feds these days can splice into the power cord/surge bar, seamlessly switch to battery power, and take the whole system with them, without ever shutting it off. It’s also often possible to read what was left in RAM after the power is lost. The best defence against this would be a kernel module which reacts to A) a “big red button”, B) a large USB device or two being removed, and/or C) a response from a motion sensor, and will stick itself into a small area of RAM, basically disable the rest of the OS, and simultaneously wipe RAM (leaving itself until it’s done) and hard disks.
They can try to take your entire system, complete with all the monitors, printers, keyboards, sound equipment, other servers, etc that’s plugged into it, without ever unplugging anything, but that’s not going to be easy, especially if you’ve got a nice tangled mess of cords running/tied through, to and around the legs/holes in a few large pieces of furniture, plumbing, walls, etc. You can at least get it to where it takes a lot of effort and destruction to remove the machine without it knowing, and that destruction may well be illegal itself. (And if they DO manage to take it all, their battery isn’t likely to run it for long… and they’ll have a heck of a time fitting it all in a vehicle, and getting it back out again, without pulling a cord.)
Best method: multiple machines, in different rooms, on a wired LAN. The bigger the better. They’d have to cut large holes in the walls to take them all. Have fun!
Of course there’s the risk of failure, where you accidentally unplug something and/or something stops working, and your machine just wipes itself all of a sudden. That’s why you kept encrypted backups with strong passwords and key files, scattered in various places, and the only thing you have memorized is the procedure that will ultimately allow you to locate all those keys. Or you could wipe only the keys from the disk, and memorize those, if you’re confident in the encryption.
The feds know their stuff when it comes to encryption, and they certainly aren’t going to encrypt their top-secret stuff with anything they know to be breakable. If they can’t break it on their own machines, they can’t break it on yours either.
For networks: Encrypt your traffic whenever possible. SSH tunnel to a trusted machine in a safe place is best; also look at OTR for IM, use HTTPS wherever possible, etc. Your MAC address generally isn’t sent out beyond the first router, but why risk it? Can you trust the router?