Comments on: 10 Ways to Ensure Your Data is Safe From the Feds

By: Rena

Rena — Sun, 07 Feb 2010 05:06:46 +0000

Don’t forget the possibility of rubber-hose cryptanalysis, AKA wrench cryptanalysis: http://xkcd.com/538/
Mailing your hard drive well in advance and packing a clean, ordinary-looking system is your best bet. Truecrypt also has a nice feature in which you can create two encrypted volumes, with two different passwords, and it will decrypt and boot into one or the other depending which password is used. Your small, ordinary-looking Windows XP install will be told it has the entire disk to itself, but in reality, when it uses more space than was allocated to it, it will be overwriting the other, encrypted volume – which, if it’s ever actually started, is probably a good thing.
You could even have a hidden background process – or better, hacked kernel – that will wipe the encrypted volume in the background while Windows runs. The activity LED might give it away, but if you only wiped the first few sectors containing the keys, the rest is useless, and this should only take a fraction of a second. You might go over some more random sectors with random garbage just to be sure. For extra paranoia, the process can then terminate and wipe itself.

For desktops: the feds these days can splice into the power cord/surge bar, seamlessly switch to battery power, and take the whole system with them, without ever shutting it off. It’s also often possible to read what was left in RAM after the power is lost. The best defence against this would be a kernel module which reacts to A) a “big red button”, B) a large USB device or two being removed, and/or C) a response from a motion sensor, and will stick itself into a small area of RAM, basically disable the rest of the OS, and simultaneously wipe RAM (leaving itself until it’s done) and hard disks.
They can try to take your entire system, complete with all the monitors, printers, keyboards, sound equipment, other servers, etc that’s plugged into it, without ever unplugging anything, but that’s not going to be easy, especially if you’ve got a nice tangled mess of cords running/tied through, to and around the legs/holes in a few large pieces of furniture, plumbing, walls, etc. You can at least get it to where it takes a lot of effort and destruction to remove the machine without it knowing, and that destruction may well be illegal itself. (And if they DO manage to take it all, their battery isn’t likely to run it for long… and they’ll have a heck of a time fitting it all in a vehicle, and getting it back out again, without pulling a cord.)
Best method: multiple machines, in different rooms, on a wired LAN. The bigger the better. They’d have to cut large holes in the walls to take them all. Have fun!
Of course there’s the risk of failure, where you accidentally unplug something and/or something stops working, and your machine just wipes itself all of a sudden. That’s why you kept encrypted backups with strong passwords and key files, scattered in various places, and the only thing you have memorized is the procedure that will ultimately allow you to locate all those keys. Or you could wipe only the keys from the disk, and memorize those, if you’re confident in the encryption.
The feds know their stuff when it comes to encryption, and they certainly aren’t going to encrypt their top-secret stuff with anything they know to be breakable. If they can’t break it on their own machines, they can’t break it on yours either.

For networks: Encrypt your traffic whenever possible. SSH tunnel to a trusted machine in a safe place is best; also look at OTR for IM, use HTTPS wherever possible, etc. Your MAC address generally isn’t sent out beyond the first router, but why risk it? Can you trust the router?

By: Dj

Dj — Mon, 11 Jan 2010 13:32:45 +0000

There are other ways like steganography and better yet, hiding files within files. The files would seem innocuous and works normally, but would actually have hidden files within it.

By: Kaim

Kaim — Sat, 20 Dec 2008 17:21:28 +0000

IP packets don’t contain the mac address, only the destination/source IP address.

By: Bill in Detroit

Bill in Detroit — Sun, 30 Nov 2008 23:12:25 +0000

Mail your working HD (with encryption) ahead of you. Have a fully functional, innocent as a lamb, laptop with you. If you MUST encrypt anything, let it be some downloaded file such as The Clue Train Manifesto. It will stick out like a sore thumb.

The cumulative effect of many, many individuals using encryption and subterfuge with their laptops is to force the various investigative agencies away from ‘dragnet’ searches and make them rely on highly focused pre-screening.

Can anyone direct me to a detailed explanation of how to use PGP / GPG with email? The idea sounds fine, but I’m a little dense about how to implement it.

By: Marcus

Marcus — Fri, 28 Nov 2008 12:43:42 +0000

Just remember that anything you send via post (FedEx,UPS,etc) is subject to customs inspections as well, so be sure to encrypt anything that you send, be it on SD cards or a whole hard drive. It would be trivial for agents to flag the name and address on your identification to hold and inspect any packages that go through postal customs , and it would probably be suspicious to see that you’ve posted a package to avoid taking it across the border (especially so if your laptop isn’t functioning/missing components). So send it early enough that your package passes customs before you do..

By: Alec

Alec — Sun, 23 Nov 2008 09:58:21 +0000

Brandon: You’re right, if you have a router performing NAT, packets leaving it for the internet will have the MAC address of the router, not the PC behind it. Also, changing the MAC address of most routers is easy to do, and if you do change it (or the MAC of your pc) it’s usually trivial to change back — the device’s MAC is permanently hard-coded into the card, the change is within the operating system only.

By: Brandon Ching

Brandon Ching — Sat, 26 Jul 2008 16:11:13 +0000

forstand. Yes, the IP packets will have the MAC address of the switch or router (I’m nearly positive on this…I think). Thanks for the additional “methods.” Alternatively, in almost any OS today (Windows, OS X, and Linux) you can modify your MAC address (using ifconfig in OS X and Linux and through the Connection Properties in Windows). Though be sure to write down the original so you can set it back.

By: forstand

forstand — Sat, 26 Jul 2008 15:12:12 +0000

1, Remove RAM and mail it home. Let them add RAM if they want the computer to boot. No law says your computer has to be operational. Without RAM it will attempt to boot and error out. Defective RAM in the notebook would be even better. Or leave 256 meg for XP or Vista to boot with. Lotsa luck, copper!

2. Encrypt many nonsense files with goofy passwords. Let them waste their time decrypting each one of them.

3. Leave the porn home.

4. Encrypt Mary Had a Little Lamb.mp3 47 times with different passwords and added words.

5. Superglue the RAM door on your notebook closed. See number 1.

6. Mail the power cord and power supply home. Leave for the states with a dead battery.

6a. Carry the wrong charger for your notebook. With any luck it will be an unusual one. Start out with a dead battery.

7. ZIP your files and encrypt the resulting file multiple times with different passwords.

8. SD cards are used for cameras and music players. Buy a lot of cheap ones and add some Mary Had a Little Lamb.mp3 encrypted files. See number 4. Leave one in every luggage pocket. Label them Easter eggs.

9. Use PGP or TrueCrypt encryption. Personally I would trust PGP and TrueCrypt more than the others.

10. Use a Live CD with Linux while on the road for internet access. Use the Live CD to view your internet pictures. Nothing, absolutely nothing, will be saved to your hard drive. No history or cache problems. No Trojans or viruses either.

11. Your computer’s MAC address and internet account can be traced back to you. Use an open WiFi site. Buy a PCMCIA wireless card that will will work with the Live Linux CD (some experimentation might be needed). DO NOT register the card with the manufacturer. Stay anonymous. Pay cash for the card.

(Can a Ethernet connection from a notebook through a portable switch setup for NAT hide the notebook’s MAC address for a hard-wired connection? I would appreciate a response to this. Thanks.)

By: me

me — Sat, 26 Jul 2008 12:46:20 +0000

Anon, NSA has bigger fish to fry and dc3(department of Defense Cyber Crime Center (DC3)) doesn’t care if john smith use hard drive encryption. The FBI cart will only get it if its an ongoing criminal investigation and they are swamped as it is. Neither has the resources and time to taken on our simple laptops.

By: James

James — Sat, 26 Jul 2008 07:15:55 +0000

Actually in a sense one of your options, the one about removing the HDD and mailing it home, is very real and viable. With the ability to have 8, 16 or 32G solid state drives, (SDHC, key fob, etc ) put all the data on those, and ship that home. Then when the TSA, Customs or other Non English speaking organization attempts to search your system, everything looks normal. Additionally you can use something like password safe to hold all of your passwords login names etc. Never store this data on your computer, instead put it on a key drive or other SSD. They can’t get at what isn’t there.