Hmm, this was not quite what I expected. The theoretical part of this article was interesting, but I’m not sure the experimental part gives much information about anything. He took a grand total of three international trips during the experiment, which is a lot fewer than I was expecting. I’m not sure I would expect to find anything on a honeypot PC with such a small number of samples.
I mean it’s not a bad story, but it feels like the same story could’ve been written without the mini-experiment, which doesn’t really add any useful data. Although I guess it wouldn’t have had an interesting hook then.
For sure haha. One can do better than he did, though.
For one, he can block evil maid style attacks very cheaply. I’ve done plenty of tamper-evident schemes for that stuff. You can at least know if they opened the case. From there, one can use analog/RF profiling of the devices to detect chip substitutions. It requires specialist, time-consuming skills or occasional help of a specialist to give you black box method plus steps to follow for device they already profiled.
The typical recommendation I gave, though, was to buy a new laptop in-country and clear/sell it before you leave. This avoids risks at border crossings where they can legally search or might sabotage devices. Your actual data is retrievable over a VPN after you put Linux/BSD on that sucker. Alternatively, you use it as a thin client for a real system but latencies could be too much for that.
So, there’s a few ideas for folks looking into solving this problem.
This (and the original article) are a techno solutions to a techno problem that doesn’t really exist.
If you’re a journo doing this, they will look at your visa and say, you claim to be a journalist, but you have no laptop, we don’t believe you, entry denied.
I’m pretty sure even a very open country like NZ will do this to you. (If you claim not to be a journalist and start behaving as one, again, violating your visa conditions (ie working not visiting, out you go).
As to spying on what you have on an encrypted drive….. rubber hose code breaking sorts that out pretty quick.
I grew up in the Very Bad Old days and tend to have a very dim view of the technical abilities, patience and human kindness of the average spook.
I got the idea from people doing it. They werent journalists, though. The other thing people did which might address that problem is take boring laptops with them. They have either nothing interesting or some misinformation. Nothing secret happens on it during trip. Might even use it for non-critical stuff like youtube just so its different when they scan it on return.
I guess like any experiment, it’s nice that somebody tried this. I have to doubt though that anyone would be sophisticated enough to attack somebody’s computer like that, yet not notice that they’ve got an obvious dud. You would think any organization capable of intercepting checked luggage at an airport or breaking into a particular person’s hotel room would have a very good idea of who that person is, what laptop they’re using, what they have on it, etc.
Similarly, if the super-advanced malware he’s worried about exists, nobody is spraying it around onto every laptop that some person checked into a bag or left in a hotel room. It costs big bucks to build and test that stuff, nobody wants to risk getting it noticed and neutralized at the OS level without knowing that they’re going to get something worth the trouble.
Yeah, I don’t think he gets how they work despite being a big target. He’s going to get attacks by the stealthiest ones using stuff he’s never heard of since most stuff in Snowden leaks were around a decade old. Some of those involved implants, peripheral attacks, and emanation attacks. As in, he might have some secret keys he depends on for everything that a person in nearby hotel room was recording with an antenna or just something plugged into outlet. Trivial for people interested in the Intercept.
The only thing that might protect him is obscurity of his setup vs risk they’d want to take or the fact that they might realize there’s no need to spy on him. Most of the leakers blow their cover. There’s limited need to spy on a group receiving leaks from people who blow their cover easily. I mean, NSA or whoever might risk exploits worth over a million dollars a year to find something that ordinary investigation will discover later.
It comes down to whether they think they can really prevent it ahead of time spying on this guy or not. I think most will believe they can’t. If this doesn’t prove out, though, it’s just another opportunity to them to justify subverting our security standards to make the job easier for them. That ranges from increasing their own operational parameters to getting laws passed on escrow or backdoor. Just like with the Four Horsemen of the Infopocalypse. Stopping the bad guys is helpful but they get even more mileage out of terrifying failures. Same shit, different day/Director/Administration.
Hmm, this was not quite what I expected. The theoretical part of this article was interesting, but I’m not sure the experimental part gives much information about anything. He took a grand total of three international trips during the experiment, which is a lot fewer than I was expecting. I’m not sure I would expect to find anything on a honeypot PC with such a small number of samples.
I mean it’s not a bad story, but it feels like the same story could’ve been written without the mini-experiment, which doesn’t really add any useful data. Although I guess it wouldn’t have had an interesting hook then.
I always keep a tiger repelling rock in my laptop bag. So far, zero tigers have attempted to eat my laptop.
Ahh, by the way. Your rock is defective.
It has had the unintentional side effect of repelling sharks.
TLDR: The laptop was not tampered with.
Still a good read though :-)
That he knows of.
It’s impossible to prove… :)
For sure haha. One can do better than he did, though.
For one, he can block evil maid style attacks very cheaply. I’ve done plenty of tamper-evident schemes for that stuff. You can at least know if they opened the case. From there, one can use analog/RF profiling of the devices to detect chip substitutions. It requires specialist, time-consuming skills or occasional help of a specialist to give you black box method plus steps to follow for device they already profiled.
The typical recommendation I gave, though, was to buy a new laptop in-country and clear/sell it before you leave. This avoids risks at border crossings where they can legally search or might sabotage devices. Your actual data is retrievable over a VPN after you put Linux/BSD on that sucker. Alternatively, you use it as a thin client for a real system but latencies could be too much for that.
So, there’s a few ideas for folks looking into solving this problem.
This (and the original article) are a techno solutions to a techno problem that doesn’t really exist.
If you’re a journo doing this, they will look at your visa and say, you claim to be a journalist, but you have no laptop, we don’t believe you, entry denied.
I’m pretty sure even a very open country like NZ will do this to you. (If you claim not to be a journalist and start behaving as one, again, violating your visa conditions (ie working not visiting, out you go).
As to spying on what you have on an encrypted drive….. rubber hose code breaking sorts that out pretty quick.
I grew up in the Very Bad Old days and tend to have a very dim view of the technical abilities, patience and human kindness of the average spook.
I got the idea from people doing it. They werent journalists, though. The other thing people did which might address that problem is take boring laptops with them. They have either nothing interesting or some misinformation. Nothing secret happens on it during trip. Might even use it for non-critical stuff like youtube just so its different when they scan it on return.
TLDR: The laptop was not tampered with in a way he’s foreseen.
To just say the laptop was not tampered with is missing his point completely.
I guess like any experiment, it’s nice that somebody tried this. I have to doubt though that anyone would be sophisticated enough to attack somebody’s computer like that, yet not notice that they’ve got an obvious dud. You would think any organization capable of intercepting checked luggage at an airport or breaking into a particular person’s hotel room would have a very good idea of who that person is, what laptop they’re using, what they have on it, etc.
Similarly, if the super-advanced malware he’s worried about exists, nobody is spraying it around onto every laptop that some person checked into a bag or left in a hotel room. It costs big bucks to build and test that stuff, nobody wants to risk getting it noticed and neutralized at the OS level without knowing that they’re going to get something worth the trouble.
Yeah, I don’t think he gets how they work despite being a big target. He’s going to get attacks by the stealthiest ones using stuff he’s never heard of since most stuff in Snowden leaks were around a decade old. Some of those involved implants, peripheral attacks, and emanation attacks. As in, he might have some secret keys he depends on for everything that a person in nearby hotel room was recording with an antenna or just something plugged into outlet. Trivial for people interested in the Intercept.
The only thing that might protect him is obscurity of his setup vs risk they’d want to take or the fact that they might realize there’s no need to spy on him. Most of the leakers blow their cover. There’s limited need to spy on a group receiving leaks from people who blow their cover easily. I mean, NSA or whoever might risk exploits worth over a million dollars a year to find something that ordinary investigation will discover later.
It comes down to whether they think they can really prevent it ahead of time spying on this guy or not. I think most will believe they can’t. If this doesn’t prove out, though, it’s just another opportunity to them to justify subverting our security standards to make the job easier for them. That ranges from increasing their own operational parameters to getting laws passed on escrow or backdoor. Just like with the Four Horsemen of the Infopocalypse. Stopping the bad guys is helpful but they get even more mileage out of terrifying failures. Same shit, different day/Director/Administration.