[Politech] Customs-proofing your laptop: Staying safe at border searches [priv] (fwd from declan at well.com)
Tyler Durden
camera_lumina at hotmail.com
Wed May 4 05:44:21 PDT 2005
I checked out those links...hilarious! Check this out (remember, this gal is
running for Senator of Alabama!):
>On the way to the hotel my cab driver, having heard the conversation
>with the Border Guard, expressed an interest in learning more about my
>work. So I filled him in as much as I could in the few minutes we had
>left. When we arrived at the hotel I had expected to meet my ride who
>had the cab fare, pay the cabbie and embark on my weekend adventure.
She hadn't even brought cab fare, and was expecting another pot head to show
up with it!!!
>However, my ride got a little lost and hadnt made it to our designated
>meeting point yet. I called the cell number I was given but got voicemail.
>I didnt have my credit card on me so I couldnt pay the cabbie.
>He decides that he will wait with me for a little bit and we continue
>our conversation about pot and drug policy.
She went to a foriegn country without cab fare or a credit card! And now the
guy with the money (another pot-smoker) is late, and she's suprised!!!
I'm starting to wonder if this is a hoax.
It IS funny, though.
-TD
>From: Eugen Leitl <eugen at leitl.org>
>To: cypherpunks at al-qaeda.net
>Subject: [Politech] Customs-proofing your laptop: Staying safe at border
>searches [priv] (fwd from declan at well.com)
>Date: Wed, 4 May 2005 10:58:22 +0200
>
>----- Forwarded message from Declan McCullagh <declan at well.com> -----
>
>From: Declan McCullagh <declan at well.com>
>Date: Tue, 03 May 2005 22:42:03 -0700
>To: politech at politechbot.com
>Subject: [Politech] Customs-proofing your laptop: Staying safe at border
> searches [priv]
>User-Agent: Mozilla Thunderbird 1.0 (Macintosh/20041206)
>
>Detecting whether the Feds or any government adversary has placed
>spyware on your computer when "examining" it at a border checkpoint is
>not entirely trivial. It is, however, important for your privacy and
>peace of mind -- especially because computer and PDA searches will
>likely become more popular in time.
>
>Here are some basic suggestions:
>http://www.politechbot.com/2005/04/21/update-on-alabama/
>
>A more advanced one would be to perform a checksum of all the files on
>the hard drive before-and-after through something like this:
>
>% for i in `find / -print`; do md5 $i >> /tmp/new; done ; diff /tmp/new
>/tmp/old
>
>The problem is that even your "diff" utility could be modified so you'd
>need to use a known-good copy from archival media.
>
>Can anyone recommend a checksum'ing utility for Windows and OS X? It
>would be nicer than a command-line interface.
>
>Note, by the way, that Rep. Bono's "anti-spyware" bill exempts police:
>http://thomas.loc.gov/cgi-bin/bdquery/z?d109:h.r.00029:
>
>-Declan
>
>---
>
>Declan,
>
>In response to the Alabama activist who was hassled at the border returning
>from Canada, here is some insight. However, I ask that you PLEASE WITHHOLD
>MY NAME; I know some people who do computer forensics for FBI and I would
>not want them to know it was me writing this.... Thanks.
>
>Feel free to use any of the below in the blog or in the listserv.
>
>
>+ + + + + + + + + + + + + + + + + + + + + + + +
>
>Loretta's experience w/ US Customs is chilling. The fifteen minutes her
>notebook computer was out of view and in government custody is plenty of
>time for an agent to image the drive. Imaging, as you know, is the
>end-to-end bit-level copying of the drive. When properly done, imaging
>bypasses all OS controls, such as file permissions in Linux, BSD, and OS/X,
>and user ownership in Windows.
>
>A drive image affords an analyst plenty of time to examine the drive
>contents without the owner's awareness. The image can be mounted onto a
>device where other programs can reconstruct or reinterpret file systems
>structures of NTFS, ext, FAT, and so on. An analyst mounting an image as
>root or Administrator can see anything.
>
>Do not assume a BIOS password will protect you. The drive can be
>physically removed from a laptop in under a minute.
>
>If the file data is encrypted, a forensic analyst will need to use a
>password cracker to decode the data. This will slow them down, and in all
>but the most pressing cases, will prompt them to move on. However, a
>careless individual may leave their PGP (or similar) key on their drive in
>a text file or in slack or deleted space, giving the agent something to
>work with.
>
>Though encryption is a pain for the user to deal with, this is probably the
>best level of protection. Encryption raises your reasonable level of
>expectation of privacy.
>
>Legal issues raised by this incident potentially include illegal search and
>seizure. Even US Customs still needs a search warrant for your computer,
>and the warrant must state specifically what they are looking for. They
>cannot fish.
>
>If an image was taken of Loretta Nall's drive, there will be a chain of
>custody document for this supposed evidence. Her lawyer can advise as to
>how to file a motion for it. There might also be an incident report, which
>would describe the actions of the agents.
>
>None of the information stolen from Loretta's drive can be used directly in
>a court proceeding. Unfortunately, it probably could be used to confirm
>other intelligence.
>
>There is no device I know of that will allow you to determine if your drive
>has been scanned or imaged. Computer forensics is extremely careful not to
>taint evidence by writing to the drive.
>
>I'd like to see one of those warranty foil labels that fall apart when you
>tamper with them. There must be source for them. Place a label across the
>edges of the drive bay. That way, if the drive is removed, you can at
>least see that it was opened.
>
>The point about government installing bots is well-taken. You may be able
>to md5sum your drive before and after customs, but this capability is
>beyond 99%+ of users.
>
>If possible, do NOT carry a notebook across the border with you if you can
>avoid it. Junior G-Men maybe too tempted to prove their mettle with the
>boss when they see one. For data, pen drives and CD's can be comingled
>with other personal possessions, where they might attract less attention.
>
>Pen drives may be reformatted at will, removing the risk exposure that
>might come with a notebook's Internet cache, slack space, cookie list,
>website history, and so on.
>
>If you MUST take your computer, FLUSH ALL INTERNET CACHE, web site
>histories, search histories, cookies, temp files, recycyle bins, etc. Make
>your own disk image before you go.
>
>Always ask Customs what they are doing, and ask as politely as
>possible. Object if they remove something from your sight - again, as
>politely as possible. Do not get "legal" on them, but do say "I don't
>understand." At least that way they cannot claim you have tacitly waived
>your rights.
>
>-N. G. Zax
>
>
>
>_______________________________________________
>Politech mailing list
>Archived at http://www.politechbot.com/
>Moderated by Declan McCullagh (http://www.mccullagh.org/)
>
>----- End forwarded message -----
>--
>Eugen* Leitl <a href="http://leitl.org">leitl</a>
>______________________________________________________________
>ICBM: 48.07078, 11.61144 http://www.leitl.org
>8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
>http://moleculardevices.org http://nanomachines.net
>
>[demime 1.01d removed an attachment of type application/pgp-signature which
>had a name of signature.asc]
More information about the cypherpunks-legacy
mailing list