Comments on: How Travelers Can Protect Their Data https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/ Linux. GNU. Freedom. Fri, 01 Dec 2017 15:29:07 +0000 hourly 1 https://wordpress.org/?v=5.0-alpha-42199 By: James https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110641 Sat, 09 Jan 2010 21:02:16 +0000 http://pthree.org/?p=1217#comment-110641 @Aaron (10): But booting into a functional operating system without any fuss looks a lot less suspicious than a machine that won't boot at all.

I mean, a machine that doesn't boot has a much higher chance of striking someone as suspicious than a machine that boots into a generic looking Windows install. The former wouldn't even require a functional hard drive. If I were an airport inspector, the first thing I'd do with a machine that didn't boot past BIOS boot would be to rip out the hard drive and make sure it wasn't a bomb.

The goal is for your machine to look as completely normal as possible. Attracting any attention at all is bad.

]]>
By: Telco Security Dweeb https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110615 Wed, 06 Jan 2010 15:27:28 +0000 http://pthree.org/?p=1217#comment-110615 Aaron :

Great posting, two quick comments :

(1.) Canadian Border Services is just as bad - if not worse than - DHS, in terms of the "you have no rights, we can inspect every last bit and byte of the data on your laptop and there's nothing you can do to stop us".

The average Canadian is just as apathetic and ignorant about privacy and security as is the average American, they all will happily believe the old lie "if you don't have anything to hide, you have nothing to worry about, when we image your laptop", if this is told to them by an authority figure (like Bush, Obama or Canadian Prime Minister Stephen Harper).

The point is, make sure that you secure your laptop before you enter Canada, as well as when you leave it.

(2.) Although your measures are excellent, remember that some border guards will automatically assume that "you're trying to hide something" if you can't fire up your laptop and log in to it, for them. So I would recommend an alternate approach : simply set up a "dummy" account on your laptop that has nothing but recipes, documents named like "WHY I LOVE THE DHS.DOC" and so on, in its "home" (or "My Documents") folder... then log in to that account when the Border Gestapo demand it.

Meanwhile, of course, your REAL account's data is robustly encrypted. Sure, the Border Gestapo could theoretically image it, but they could do that anyway, with your whole hard drive. Besides, most border guards are idiots, they have no idea that you can have multiple accounts on the PC (you may have to find a way to hide the account names from the GNOME login screen), and even if they do detect these, you can simply say, "sorry these are for other people, I don't even know the password for them". (Why not create a few dummy accounts and then forget the passwords for these? That way it's not a lie.)

Know your enemy. They're on a power trip "because they can", but they're stupid. Play to their weaknesses, not their strengths.

]]>
By: The Art of Being Dorian ยป A Day in the Life of Dorian for 2010-01-04 https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110611 Tue, 05 Jan 2010 17:13:17 +0000 http://pthree.org/?p=1217#comment-110611 [...] Traveling? Protect your data and sanity: http://pthree.org/?p=1217 [...]

]]>
By: Russ https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110604 Tue, 05 Jan 2010 01:09:57 +0000 http://pthree.org/?p=1217#comment-110604 I would say that utilizing a USB boot would add another layer of difficulty for any maid attacker, and another layer of simplicity for you. The system can be configured to not boot at all, or to boot into some type of honey pot OS as many have suggested.

When traveling, keep the USB stick on your person. If you are worried about going through customs, just back it up securely online. Don't bring it with you through customs. Either bring a brand new stick in its packaging, or buy one when you arrive. Boot to a live CD (or honey pot OS) and recreate the bootable USB stick.

The USB stick would contain an encrypted copy of the key that encrypts your hard disk. An attacker would not only need a keylogger to get the password that decrypts your key, but sniff the USB traffic to obtain a copy of the encrypted key. (You would be more vulnerable while recreating the USB stick since you would be entering the passwords in order to download the copy of the encrypted USB stick, insert one time pad here for the truly paranoid).

]]>
By: Russ https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110603 Tue, 05 Jan 2010 00:47:41 +0000 http://pthree.org/?p=1217#comment-110603 I would say that utilizing a USB boot would add another layer of difficulty for any maid attacker, and another layer of simplicity for you. The system can be configured to not boot at all, or to boot into some type of honey pot OS as many have suggested.

When traveling, keep the USB stick on your person. If you are worried about going through customs, just back it up securely online. Don't bring it with you through customs. Either bring a brand new stick in its packaging, or buy one when you arrive. Boot to a live CD (or honey pot OS) and recreate the bootable USB stick.

The USB stick would contain an encrypted copy of the key that encrypts your hard disk. An attacker would not only need a keylogger to get the password that decrypts your key, but sniff the USB traffic to obtain a copy of the encrypted key. (You would be more vulnerable while recreating the USB stick since you would be entering the passwords in order to download the copy of the encrypted USB stick, insert one time pad here for the truly paranoid).

]]>
By: Fargle https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110597 Mon, 04 Jan 2010 16:53:22 +0000 http://pthree.org/?p=1217#comment-110597 Here's a better way I discovered to be able to properly boot up your computer when asked.

I set up my partitions with dm-crypt root partition, a swap partition that's randomly encrypted using /dev/urandom in /etc/fstab, a home partition for my "real" user account, and the rest of the drive is mounted when I want it with TrueCrypt.

When I set up the system, I create a first account that has its home directory on the root partition, with the password the same as the boot-up dm-crypt password on the root. Then, I put some "normal" files in that account's Documents folder, and use it to set up my "real" account, which auto-mounts its separate partition (using pam-mount) as its home directory, and give it a much stronger password. Then I wipe the bash_history for the "fake" account. I also shut off the default account list on the GDM login screen. Finally I change /tmp to be a RAM disk that gets recreated every boot cycle.

So now, if I'm asked to boot, I put in the root partition dm-crypt password and choose the "fake" account to log in with, using the same password. The system comes up and the only thing mounted is the root partition with my "fake account" files in its home directory. Looks fine to anything but the most detailed examination, which you won't get from a TSA agent with no clue, he just wants to see the system up and running.

I think this is much better than saying "my laptop is broken", which is more likely to arouse suspicion. It hasn't been put to the test as yet, though, because I don't really travel internationally any more. If you're REALLY worried, I would use the "fake" account occasionally to surf so there's some Web history for the agent to look at.

All this is a far cry from back in 1995 when I traveled the world with a gym bag full of computer tapes that had to be hand-inspected and nobody ever said boo about, though! Pretty sad world we live in these days.

]]>
By: Links 4/1/2010: Kahel OS Reviewed, Nexus One is Coming | Boycott Novell https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110595 Mon, 04 Jan 2010 15:36:41 +0000 http://pthree.org/?p=1217#comment-110595 [...] How Travelers Can Protect Their Data [...]

]]>
By: solar.george https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110594 Mon, 04 Jan 2010 15:09:32 +0000 http://pthree.org/?p=1217#comment-110594 @Aaron I suppose you could combine it with data security while away by putting your bootloader on a usb stick (and keeping a backup maybe available via ssh so you can make a new usb boot drive from within your "cover" os if your usb gets stolen while away) and having an innocent windows install boot up if you don't use your USB.
Of course this does leave you open to the cover bootloaded being altered because you have to boot off USB.

]]>
By: Aaron https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110593 Mon, 04 Jan 2010 13:40:18 +0000 http://pthree.org/?p=1217#comment-110593 @solar.george That's not a bad idea, but then you're right back to wiping and installing bootloaders, and you might as well just wipe it entirely to keep the OS from booting at all.

]]>
By: solar.george https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110592 Mon, 04 Jan 2010 13:02:50 +0000 http://pthree.org/?p=1217#comment-110592 @Aaron
Maybe you could keep a relatively plain windows install and simply restore its bootloader when going through customs and then restore GRUB when you're through.

]]>
By: Aaron https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110591 Mon, 04 Jan 2010 12:22:44 +0000 http://pthree.org/?p=1217#comment-110591 @Janne That's the points with developing in a virtual desktop behind your work VPN. If there's nothing on your laptop, there is nothing that is lost if the laptop is stolen or the drive is imaged. I think more and more companies will be taking this route with their employees and virtualization farms become more and more commonplace.

@Martin How would you modify the bootloader, so it boots into an unused operating system by default without attracting the attention that another operating system could be installed? I've tried this with GRUB, but have failed at every pass.

]]>
By: Martin https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110590 Mon, 04 Jan 2010 09:51:28 +0000 http://pthree.org/?p=1217#comment-110590 Instead of wiping the boot loader so that the laptop does not boot, thereby attracting attention, would it not be better to be stealthy by setting the machine to boot into an ordinary-looking Windows system from a separate non-encrypted partition?

]]>
By: Tony Yarusso https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110589 Mon, 04 Jan 2010 07:27:00 +0000 http://pthree.org/?p=1217#comment-110589 @Aaron Hey, if I stopped being pedantic people might start to worry. ๐Ÿ˜‰

@Janne That was basically Schneier's suggestion.

]]>
By: Janne https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110588 Mon, 04 Jan 2010 04:54:05 +0000 http://pthree.org/?p=1217#comment-110588 A perhaps better way is to save your old laptop when you get a new one, or get an old one cheap from some second-hand source.

Put a new but cheap drive in it, install the default os, and then only add the public data (your presentation for instance) that you need for the trip. No personal info, no passwords, no confidential or non-public data of any kind.

Then leave it password unprotected, with no encryption or anything. Completely open, easily accessible, but without any data of any value whatsoever. And since it's an old, crufty piece of semi-junk, it doesn't even matter if someone is daft enough to steal it since the hardware is worthless and easy to replace anyhow.

Anything non-public you need to get access on the road, you do through ssh or similar to your real machine safe at home. And if you lose the old laptop, you have an otherwise clean memory stick with the public data you need with you (for presentations, bring it in odb, ppt and pdf formats, and any movie clips as separate files), something you should have in any case.

Make sure you really have nothing at all to hide, and nobody can argue with you when they come away empty-handed.

]]>
By: Aaron https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110587 Mon, 04 Jan 2010 03:17:27 +0000 http://pthree.org/?p=1217#comment-110587 @Roger Ah yes, the hard drive password. I forgot about that. I should add that as an update to the post. Definitely worth mentioning.

@Tony Yarusso Tomato tomahto. ๐Ÿ™‚

@YaManicKill Well, that depends on the BIOS. Some passwords won't prevent the system from booting, others only prevent modifications to the BIOS or boot order. So, it may or may not get rid of the evil maid attack depending on your BIOS configuration.

]]>
By: YaManicKill https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110586 Sun, 03 Jan 2010 23:35:45 +0000 http://pthree.org/?p=1217#comment-110586 Just a quick thing about the evil maid attack. If they do manage to open up your laptop and flash the bios to get the firmware on that...would you not realise when you boot it up and don't have to type in your bios password?

So having a bios password would get rid of the evil maid attack.

]]>
By: Tony Yarusso https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110585 Sun, 03 Jan 2010 22:40:18 +0000 http://pthree.org/?p=1217#comment-110585 Minor point: It's not perjury to lie to a customs officer, as you are not under oath. It is still illegal; just not perjury. (Although it's unlikely that you would be prosecuted for this without some other, larger charge first, but it's still better to refuse to answer than to give a false answer.)

]]>
By: Roger https://pthree.org/2010/01/03/how-travelers-can-protect-their-data/#comment-110584 Sun, 03 Jan 2010 18:20:15 +0000 http://pthree.org/?p=1217#comment-110584 One step you missed out is that many BIOS let you set a hard drive password. That password is stored in the drive itself and is part of the IDE/ATA specification. The password has to be provided to the drive on power on no matter where the drive is plugged in.

Without this step the bad guy doesn't have to crack your BIOS password - they can just pull your drive out (trivial on most laptops), plug it into another machine, clone the drive contents, put the drive back and you'd be none the wiser while they can take as long as needed to crack your passphrase on the duplicate drive.

This will provide yet another hurdle to any bad guy. (You may remember that this was something the original XBox used to do so hackers had to keep the drive powered on moving it between the Xbox and their systems.)

Something else that may be useful is to have an automated script that emails a gmail account/twitters or something similar every hour with IP address+traceroute and similar details. This won't prevent the machine from being stolen, but if it is and they manage to boot into it then you'll at least know that has happened and may have sufficient information to track them down.

]]>