I was expecting a "kill switch" destroying the computer, but that's just a thing that switch off your laptop when unplugged. I guess you could also do this with bluetooth, for example.
"Kill cord" is jargon from jetskis, powerboats and treadmills, which often have a cord you attach to your body that cuts power if you are thrown off. [1]
On Linux there is blueproximity [2] that can lock (and if you like, unlock) your computer based on the proximity of a bluetooth device. My personal experience is that Bluetooth is frustratingly unreliable, and this package was no exception. But it's there if you'd like to try it!
Bluetooth on Linux is an unprecedented abomination.
You’d think most of it would be similar to network interfaces, handled by the kernel with commands such as ip, iptables, etc to configure it?
Wrong! Instead it’s mostly done in userspace and the tools to talk to it are using D-Bus which is an opaque, inconsistent, hard to understand mess which you can’t easily interact with programmatically.
As horrible as BT itself is I’d give the protocol itself a break in this case and focus on the terrible implementation.
D-Bus is not part of the problem... it is just the common bus for communication between user processes. It is in fact a very straightforwards and well implemented specification.
Only in the sense that the bluetooth maintainers never completed the port to D-Bus. So, 25% of what you need to do with bluetooth needs to be done via kernel anyway.
Bluetooth on Linux is a prime example of how open source can fail.
The Bluetooth stack itself is an overcomplicated, terrible specification that leads to most Bluetooth chips have an _incomplete_ port of their own vital functionality.
It isn't shocking that the thing to talk to them isn't complete.
I only tested with my smartphone, as it's the only bluetooth device I reliably carry with me.
I'm sure there are configurations that work - blueproximity probably worked well for its author, or they wouldn't have released it! And I gather Windows offers "Dynamic lock" which locks the screen based on bluetooth.
However, having experienced bluetooth unreliability with Linux, Windows, Android and iPhone; and with mice, GPS receivers, cars, access control systems and sports watches; I am confident the unreliability was not unique to a single bluetooth device.
In theory an adversary could deep-freeze the computer the moment the kill cord activates. Sufficiently cold RAM doesn't loose data immediately when it loses power, allowing the adversary to make a copy and read the decryption keys from RAM.
Though if this is part of your threat model you should be much more concerned about a thousand more mundane problems, like adversaries reconstructing keystrokes from keyboard vibrations that are easily measured with a laser, or reconstructing screen content from reflections on a spoon.
It's pretty common for law enforcement to quickly freeze RAM when busting hackers. I've definitely read of cases where suspects encryption keys were pulled from RAM using exactly this method.
The killcord would have been useful for Ross Ulbricht (Silk Road) who was busted by the FBI after using his laptop in public - they grabbed it while he had it unlocked and didn't have time to put it in suspend.
If you can't prevent the device from powering down, you have less than a minute to freeze the RAM before the contents become useless. This can be done with a can of cold spray.
No idea how long you have to power it back on afterwards, tens of minutes to a couple of hours probably.
That said, the proper "kill switch" operation would be to explicitly wipe the key from memory before powering off (if you want to power off instead of just locking).
> you have less than a minute to freeze the RAM before the contents become useless. This can be done with a can of cold spray.
I wonder what their approach to a laptop with poor serviceability would be. I think it would take me more than a minute to get physical access to the ram of some modern computers.
> Ross Ulbricht (Silk Road) who was busted by the FBI after using his laptop in public - they grabbed it while he had it unlocked and didn't have time to put it in suspend.
That’s pretty smart by the FBI agents to wait until it was unlocked and sneak up and take it. If instead they stormed in guns drawn, all Ross had to do was close the lid and bye bye evidence.
A secure location is an ICBMable location. (Not that anyone realistically has this problem, but “so safe that Bin Laden would still be alive” feels like the right level of overengineering when it comes to OPSEC.)
There's sdmem for Linux boxes. It has a -l and -ll option that makes it reasonably fast. So a combination of a duress encrypted volume, then killing only "sensitive processes", then clearing cache via /proc/sys/vm/drop_caches, then sdmem followed by halt might be reasonable protection. Your second point, though, makes sense. It won't always be someone physically grabbing your PC.
I would expect the unmount of an encrypted filesystem to secure delete the encryption key from memory. My understanding of the memory freezing attacks is that you don't unmount it, you just kill the power by removing the battery.
With this method, you would still be able to freeze the RAM, reboot the computer, dump the RAM, and disassemble the kernel memory, and discover where the disk encryption key was stored: in that location, you'd find all zeroes.
My preferred method is a custom kernel build that does a few extra obfuscation steps before or after encryption on each data block. While you might find my key in ram, good luck decompiling my kernel module based on a bitrotted ramdump. Simply not storing the key contiguously unless there is an actual IO operation going in is a good start - scatter it around the heap so a simple search won't find it.
In reality, RAM doesn't so much instantly lose its contents on power off anyway, the freezing just slows it down. IIRC there are cases of recovering significant portions of RAM a half hour or more after poweroff even without freezing.
You're right, I think an attack could be possible on some computers if the agents act very quickly. I don't think 30 minutes would be possible though, judging from what is said and shown in the original cold boot video:
I agree with your comment, I'm not disagreeing with you. Just offering a story I thought was interesting on a recovery technique that works in theory.
I read an article many years ago (I don't have a link but if you're interested google might find it) before ssd's were mainstream. They took a hdd and did one pass of overwriting it with /dev/zero.
Then they contacted some data recovery companies, told them they accidentally blanked the hdd with one pass, and ask for a quote to retrieve the data.
None of them had any interest in giving a quote or trying to recover the data even though in theory it could be recovered with a microscope or however they do it.
As you said, there are a 1000 more mundane ways that would be cheaper and more reliable than deep freeze.
How long does it take RAM to lose that data though? Most laptops take far more time to remove the ram than a PC and it's soldered down in a lot of cases.
Suprisingly long. I've played around with that a bit a while ago and sometimes up to minutes later you could still recover recognizable bitmaps. But definitely not something you should rely on if you want a bit perfect copy, the first bits start to flip immediately upon power loss, some of them take a lot longer and our brain is pretty good at such reconstruction from noisy data, especially if it knows what it is looking at.
I guess the higher the RAM capacity the shorter it would be because of the decrease in physical cell size.
For using reflections, there's this paper implementing reading screen content from various things like reading glasses, a can of coke or even the user's eye (including a discussion of limitations): http://gauss.ececs.uc.edu/Courses/c6055/extra/reflections.pd...
Right now I can't find something on reading keyboard vibrations with lasers, but here's one doing it acoustically and one doing it via acclerometer of a phone on the table:
> Right now I can't find something on reading keyboard vibrations with lasers, but here's one doing it acoustically and one doing it via acclerometer of a phone on the table:
TrueCrypt shuttered in 2014, though an independent audit didn't find any significant issues in 2015. [0]
VeraCrypt is one of the main forks that has picked up popularity, and has addressed some of the minor concerns of the audit.
The hidden volume hasn't had a high degree of success when it comes to deniability [1]. Some leaks closed, probably not all. With the design, it may not actually be possible to close all the leaks. (Especially as "Stoned" can break the full-disk encryption).
TrueCrypt doesn't use the TPM (and nor does VeraCrypt), because the authors didn't believe it added any security whatsoever (as it can't defend against a hardware keylogger, despite making coldboot attacks harder).
TrueCrypt is vulnerable to coldboot, evil maid and the "Stoned" bootkit. Depending on your security concerns, that might be fine, it might not. Other solutions may be better when dealing with those attacks.
The "plausible" part is what seems not out of the box to me. Some easy way for the decoy image to show recent real looking activity, and an easy way to use the real image. Probably some integration with a VM or container.
I took ready to go to mean "run a command and it spins up a plausible fake system". The tech of TrueCrypt/VeraCrypt, AFAICT, seems sound, but maintaining the contents of the fake system (so it's not an obvious decoy/placeholder) takes more work.
Well, you would probably want some stealth that doesn't provide that makes it less obvious. Like maybe the duress passphrase decrypts everything except a docker container you use for sensitive work, replacing it with a vanilla docker image.
Edit: Ahh, read up a but. I wasn't aware "veracrypt hidden volumes" are already pretty stealthy. Would probably require some work to make it plausible though...like recent faked web browsing history.
The VeraCrypt guide recommends "You should use the decoy operating system as frequently as you use your computer. Ideally, you should use it for all activities that do not involve sensitive data." You don't need to fake it per se, but section off what needs to be in the hidden operating system (rather than a standard VeraCrypt partition). You are therefore revealing real, thus plausible, information, but not the actual subset you want to hide.
Are we going too overboard hiding our fetish video collections? My family members just leave thier dvds lying around, meanwhile Im encrypting every hd I can.
I think waterboarding is more common. For US citizens they're usually stuck with just solitary confinement, which is a working form of torture but is kind of slow.
That would be far too direct and brutal. Put them in prison until they talk and let the inmates know that they are refusing to decrypt their PC. The inmates will soon enough make their own assumptions why and do the beating themselves. Of course protective custody would be an option, but that is just even further isolation and mental torture.
If the FBI traces illegal activity to a cafe / library / wework office, and you're the only one with a kill cord attached to your belt with a carabiner, guess who they're going to target first.
You could get similar outcomes to that if you used FDE and had it power off the machine fully. But then also your cat might ruin your day with one step :purplegirlshrug:
I think most MacBook Pros have some accelerometer functions you can access. I wonder if you could create a util to detect if your laptop was picked up and automatically log you out.
In this case that may not have been useful, assuming law enforcement knows about the cord. Law enforcement will plug in a mouse jiggler (simulated moving USB mouse), having the script detect rogue USB devices and shutting down at that moment would add another layer of protection. I saw that solution a few years back... Maybe this works doubly well for devices with USB and USB-c power connections now... Since law enforcement try to keep power running on machines seized in this way.
How would they know about the cord? Or something more stealthy, like Bluetooth?
I don't think a mouse jiggler would help. A dead-man script would force a fast, ungraceful OS halt. Maybe after emptying some caches and wiping memory.
Whenever I read stuff like this I am forced to wonder just what the fuck people are doing that they feel such a pressing need to hide their data from law enforcement.
I mean, I have plenty of things to hide just like any other reasonably interesting person, but none of it is outright criminal.
There's no shortage of things someone might find morally acceptable themselves while still being potentially criminal. Or grey area stuff, like a business that sells marijuana in a state where it's legal, since the US federal government doesn't consider it legal.
Or use cases like a crypto wallet. Where legality isn't the main concern.
This would be useful outside of "hiding from law enforcement". Plenty of people have jobs where the compromise of their laptop could cause significant damage to their employer or their customers. Many people ready this thread should be taking these precautions.
If you happen to have an opinion that is not shared by the current powers-that-be, law enforcement will be happy to look at your data under any pretense it can cook up.
And they'll be equally fine with - ooops! accidentally, of course! - leaking info that you'd like to stay hidden, even if it's not anything criminal.
In other words, it's just a bunch of self-important tech asshats deluding themselves into believing they are important enough to warrant FBI attention?
Eh, believable, but I think it's more likely a lot of them are evading taxes or committing securities fraud.
I would probably look into it if I was already on some government agency's radar for whatever reason. You've probably broken a ton of obscure laws yourself without knowing it.
Yeah, all reasonable, I just have difficulty believing that the people who post things like the parent are actually involved in any of those activities.
Maybe I sell marijuana in a US state where it's legal, but still have reservations about the Federal government. Or maybe it was just an example and I happen to find the topic interesting.
Have you ever remembered something that you left in a home directory on someone else's server but only after you no longer had access to it? It wasn't sensitive but then, it wasn't something you'd leave in a public place like foo.com/~name, either. You can't convince yourself they had the inclination to just delete all your trash. You know of at least one person who might have gained access (you don't know whether) and he probably would have engaged in some voyeurism. Everyone who knew him after you were gone knew that he was an asshole, and your one brief interaction with this person indicates that's an understatement.
Did that feel good? Well, it was preventable. That's a kind of thing that a reasonably interesting person might want to prevent.
Anyway, this happened. Not that I'm, like, supposed to be reasonably interesting or anything. ;)
Yeah, it's fine to have stuff you want to hide for a lot of reasons. The problem I have with what the parent posted is that the specifically invoke "FBI" as what they're afraid of. That suggests to me that they aren't just hiding embarrassing or private information, but specifically something illegal. Now, as other posters have mentioned, parent could be an activist or something, but frankly I doubt that everyone I've seen post something similar is. I'm left with the conclusion that in addition to being holier-than-thou assholes and pedants, a lot of tech people are also casually engaged in things like tax evasion and securities fraud.
Yeah it is kind of silly. If you aren't truly anonymous, you blow out some of your deniability just by discussing deniability. You said law enforcement and I straw manned another thing today. Great.
I used to have my laptop setup to require my specific Yubikey to be inserted to allow waking from sleep and booting, and when you pulled it out it locked the machine, logged you out, suspended, or shutdown depending on which modifier key you were holding down when you removed it.
Worked pretty well as a "kill switch" when getting up from my desk.
I probably have the udev scripts laying around somewhere.
No, that guide uses PAM and OTP. This [1] is the guide. It uses OpenSC and the smartcard feature of the YubiKey (not all support this but my YubiKey Neo (3rd gen) and YubiKey Nano 4 both do). Neither of them supports FIDO2 though; other than that they are feature rich.
Yes, it does, though I had to set it to lock immediately in System Preferences (triggers immediately the screensaver; first guide you linked explains how to do this). I'm using the Word Of The Day screensaver, so it is really inspiring to get back from grabbing a cup of coffee.
Also, remember you only need to enter the PIN, which I'd argue is a good thing as I don't want to enter my password in public (I don't even know my password out of my head). If you boot up, you need a password of a username to unlock FileVault, but I use a different username for that (who does not have root, though for forensics this is an attack vector).
Isn't USB-C designed to wear out the cable (or dongle) and not the port?
So if you used a Yubikey to log in and out ten times a day, you might need to replace it every three years. Of course you'll make the same amount of connections if you require it only for login, assuming you don't leave it connected.
Lets see. Say you work 5 days a week. That's about 260 days a year (without vacations etc). Say you unlock your device 4 times a day when you work. That is 1040 times a year. Does your device even last 9-10 years? Well, if it is a MacBook, Apple ditched support for all <= 2012 MBPs. Not sure when they did, but this was true at start of last year for sure.
I would definitely unlock my device more than four times a day. Often times my periods of focus last 30 minutes. Half the time that’s a task switch, the other half I get up to walk. This doesn’t account for meetings interrupting me.
Try to get the screen or battery replaced. To be fair, they're easier user serviceable than newer MB(A/P)s. For example, me with my MBP 2015 will have a harder time to service it once it gets EOL (hardware-wise) than you have now with your MBA 2012.
I've replaced the battery twice, last time in september 2019, and this last time it costed me 60 EUR, and the battery life is much better than the original one.
I might want to replace the battery again in the next 3-4 years if I still have this laptop, and you might be right in that this might not be possible, but at least today it is.
Better opsec would have saved him some grief as well.
Before even touching on his habitual use of coffee shops near his residence to run the Silk Road...
> The connection was made by linking the username "altoid", used during Silk Road's early days to announce the website, and a forum post in which Ulbricht, posting under the nickname "altoid", asked for programming help and gave his email address, which contained his full name.
By the time the FBI was watching him and had connected his name to I don’t think there’s a lot that he could have done to avoid arrest.
He would still have gone to prison no matter what (the government can make up evidence), but they may not have been able to seize his Bitcoin without stealing his laptop.
Aside from the much better idea of, you know, not keeping a journal of all of your incredibly illegal activities and attempted hits - this may have actually prevented the government from accessing said journal. He was definitely going to be busted in either case but it could've shaved some years off his eventual sentence.
The hard question is how to put an easy-to-use self-destruction mechanism in an existing machine (only the NSA can make a customized machine), and, at the same time, ensure the safety of the self-destruction mechanism. A self-destruction button is a safety risk if it can be triggered accidentally or maliciously, on the other hand, a secured self-destruction button is a safety risk if it's too hard to trigger.
The NSA laptops have two buttons on one side of the machine, to destruct crypto keys, one needs to open a cover and press two buttons simultaneously. It's a pretty good self-destruction button. But you cannot find it in your laptops.
Or perhaps you can design your kill switch like the Russian nuclear Dead Hand - the automatic nuclear retaliation mechanism is only armed if a safety switch has been explicitly switched on, in peacetime, the switch is turned off to avoid an accidental nuclear apocalypse. But remember to arm the switch every time you travel with your laptop became a question.
If your /boot is on a USB drive and you set up with detached header then the disk can already be 100% random data. On the down side, that USB drive is not very deniable and the system can't be set to destroy it since you probably don't keep it connected. Still, you could boot the machine at home, put it to sleep, leave /boot at home, and wake it up whenever you've reattached this kill cord. If you absolutely need to be able to reboot, use kexec (in theory).
I remember watching a Defcon conference where they tested different methods for destroying a hard drive in place.
And they found that thermite actually doesn't damage the platters (well at least not enough for data to be unrecoverable).
Hard drive platters are surprisingly heat/chemical resistant. I think they found that the best method was to physically destroy the platters.
I remember watching that talk years ago. I was disappointed in the lack of rigor of their conclusions.
The whole point of thermite-based HDD destruction is to get the platens over the Curie temperature so the magnetic field is gone, not to physically destroy them. They point this out in the start, but then never talk about whether this was achieved or not in their experiment (assumably so they could go on to the actual explosives).
It was entertainment, and I'd take any results with a grain of salt.
Making it self-destruct is the easy part, just change "DISPLAY=:0 xscreensaver-command -lock" to "sudo rm -rf /" or whatever you like. It's understandable that the author didn't want to put a destructive command in his example configuration.
Assuming you were actually going to use something like this, you're likely using full disk encryption.
At that point, the better option would be (IMO) to simply blow away the first 2 MB or so of your disk (where the LUKS master key is stored), run a "sync", and execute an immediate "reboot -f" (along with, perhaps, the other options that skip spitting out the warning message, writing an entry to utmp/wtmp or whatever, and so on).
There wouldn't be a real need to actually zero/wipe the entire drive (which would take a bit, even at SSD speeds).
A drive wipe might take too long though, especially if they grab the laptop and shut if off. After a simple shutdown or lock, disk encryption really is the primary protection here.
I will sometimes go to the university library to do some work and I'm always amazed at people who will go to the restroom or something and leave their laptop sitting there without a lock or even logged out.
I always use a kensington lock and lock my screen whenever I have to leave my laptop. If I had a macbook I would be taking it with me. I know the locks won't stop someone who really wants to steal it but with so many unattended laptops sitting around it makes it less likely they will go for mine.
From tidbits in this thread, it sounds like a Veracrypt hidden volume with a distress passphrase, plus a fairly simple dead-man script wouldn't be hard to set up. Something like: kill sensitive processes, drop caches, wipe memory, then panic the kernel.
That's somewhat less convenient, don't you think? This works if you're at the park typing a paper up, or at a Starbucks where all the outlets are in use, for instance.
I'd definitely give chase. To me, it is worth dying for. Not because of the laptop, but out of principle for vigorously fighting these ridiculous crimes. We all need to collectively fight back against crime or it will be normal (as it is now).
Oakland's a bit of a special place. I have friends living there who have been robbed at gun point, for example, and if you go into a Subway the workers are often behind bulletproof glass because they've been held up so often. Chasing a crook in Oakland is just going to get you dead, not change anything there. Not smart.
That was a mistake. Criminals now very purposely run off with just shy of $950. Theft is way up in California.
Meanwhile, in Texas you'd just shoot the laptop thief, either as soon as aware of the imminent theft or as the thief flees. It's fully supported by the law:
Rather than outsourcing the pros and cons of a bill to professionals you employ with time to research it (politicians), you ask millions of uninformed people vote on passing “The Safe Neighborhoods and Schools Act ”?
I’m just assuming the above is not in good faith, but for anyone else that might be persuaded:
You being killed by a criminal over an iPhone or laptop is not going to change anything. Fund your police, vote to change laws enough that they’re spending their time on things that are relevant, and if you’re honestly willing to die for the rule of law, become a police officer.
Otherwise your body will be one more on the list of “people that died for no reason.” It’s not tough, righteous, or whatever else to die for no reason - and even if it were, if you’re going to make a stand and sacrifice your life, make it over something more than a laptop.
> I’m just assuming the above is not in good faith
Not GP, but your assumption is wrong.
It's not about the laptop. It's about standing up for yourself and doing your part towards society. You obviously don't agree with this stance and that's fine, but it's not your place to dictate what values are worth standing up for and what aren't.
I, like GP, fully intend to go after a thief. If he goes after my life, then I go after his. Either he gives up the laptop, or one of us gets killed.
Nothing is ever as simple as that. Not only is it a foolish, immoral and illegal, you've also just communicated murderous intent. Have fun spending 20-to-life in a cell because you thought ultraviolence would be a good way to do your part towards society.
I've had more than my fair share of violent confrontations, and I assure you, no matter how well you think you are prepared, once the metallic taste of adrenaline hits you, all your plans and delusions of grandeur go out the window.
A bit of violence can be acceptable. Murder over property is not.
No I have not. It's your bias that colored it that way. Reread my comment. I never said I want kill a thief for stealing. I simply stated that I will take back what is mine. If, and only if, the thief tries to kill me will I respond in kind.
Again, it has nothing to do with grandeur and everything to d with doing what is right. I will take back what is mine, and threatening my life wont stop me.
I agree with the underlying principle, however force on force is always a dangerous proposition, especially when it's not planned. Even without weapons it can seriously hurt a bystander (you run into a weak or child, he falls down on concrete...), and all bets are off if a gun is drawn (especially in a crowded area).
There's no resolution to the question of "what is the right action in response to the situation" that applies to everyone.
It's always irrational to risk oneself for a principle, that might (or might not) be for the benefit of society.
If you aren't going to do it, fine. I'm not inclined either. But have the grace not to gratuitously criticize those who do. Try not to see them in the dichotomy of heroes or idiots, just as people who provide some leavening to society.
I'm not sure what makes laptop theft any more ridiculous than another crime, but "crime is bad and it should stop" isn't really an ideal that's advanced by getting shot or stabbed and killed.
Someone else resisting a criminal advances my ideal of not being a crime victim, no matter who gets shot or stabbed...so it's bewildering to me why people should say it's stupid. I mean, there's a word for people who slag off those who benefit them, and it is "ingrate".
Ideally we should all stand up to injustice, but maybe try to avoid senseless loss of life over trivial things. If nothing else consider the opportunity cost of not being able to standup later when it might really matter.
Obvious loss of life is extreme and trivial things is subjective, but I think the point stands. There is a practical consideration to be made about what the risk profile is and what the degree of crime is. Clearly charging a man holding a loaded gun because he swiped some gum would be silly. Charging a man with a loaded gun because he’s about to shoot a kid, different set of equations.
"try to avoid senseless loss of life over trivial things"
I do, thanks. I just think it's distasteful, dare I say boorish, to call other people's sacrifice "trivial" when it probably benefits me, even if slightly.
I don't think we live in a world where armed robbers are categorized as gum-stealers and child-shooters and never the twain shall meet. Some people are suspicious of even non-criminals having or using guns, believe it or not.
I'm not saying worship every vigilante as a hero, just accept that disproportionate reactions to antisocial behavior are never going to go away, are a fundamental part of human behavior, and can be stupid from an "economically rational person" perspective and beneficial to society, including you and me, some of the time.
If you call something another person is willing to risk their life for "trivial", you really don't care about their life. It's transparently an insincere reaction to feeling badly about being passive.
A gentle warning: different Linux distros handle UDEV "remove" differently, and incompatibly, so few people actually use this message it's not well tested (try shipping code for a device that DOES need it!).
Debian was a particular problem until they switched to SystemD (which I think is possibly the only udevdaemon that gets it right) - even so some distros (Ubuntu I'm looking at you) screwed up starting the udevdaemon before they mounted root writable meaning that scripts run from it couldn't really do anything useful
Fortunately most distros are switching to SystemD so this will likely work in most places
BTW - a clue for budding writers of UDEV scripts - you can't run daemons directly (udevdaemon will kill them when the scripts that started them exit) - you can use "at now" (after you install at of course) to start a secondary script that will be allowed to start your daemon for you
(that way you can write code that works with all init systems, largely by avoiding them)
I maintain a fork of Upstart that I call startup. It integrates with udev (or busybox's uevent, or any other event source) so you can start daemons based on device events and then supervise those daemons. systemd has something similar where you can place a SYSTEMD_WANTS stanza in a udev rule and it will pull in a systemd unit, but I really dislike that model because it is hard to discover the policy that led to a unit being activated. With startup/Upstart, the policy is in the job configuration itself.
I have a OnePlus 6T with the stock ROM exclusively for my British phone number. On the 25th of December, someone from Canada logged into the GMail account used on that phone, from a OnePlus 3T.
The password was one randomly generated in KeePass (all of them are except for useless websites). They managed to change the password to the account, but seemingly nothing else, so that's just weird.
I received the notification on my other email, and recovered the account, reset the password, replaced with a new one.
---2---
Last week, I opened up a laptop I use for storage (3 drives fit inside, perfect for backups) and noticed a network drive with a Chinese name. It disappeared when I clicked on it. The laptop is always on connected to my router and to a VPN server.
Now I need to completely wipe the phone, root and use a custom ROM, as well as wipe the laptop (and two other computers?), upgrade OpenWRT on the router and change all of the passwords I guess. Yes, I still haven't done it heh.
---
----------->I am curious about your comments on this.<-----------
---
Never had anything really suspicious like this actually happen to me.
I don't even have anything good/useful on my devices, except a Keepass database with passwords to all bank accounts/emails/etc. If that's been opened, I'm a bit fucked, but I'd be receiving notifications on my phone and other emails.
Sounds like maybe a SIM swap attack? In addition to password changes I would look into Google's advanced protection program (https://landing.google.com/advancedprotection/) and get U2F or FIDO2 setup on your account.
Why are you under the impression that accessing your KP database is guaranteed to alert you. I can't imagine how that could possibly be true without the master key being stored in some service running somewhere and you're notified when it's used. Which, well, would explain how your key was compromised. Otherwise it seems highly misleading to assume that no email = no compromise.
Doesn't really matter though, it would've been mitigated by not keeping the KP database decrypted at rest or by using 2FA. Both of which are SOP for hardware token users.
For real, at this point if you don't have a yubi/nitrokey on your keychain, I assume you just don't care about actual account security.
I would assume that whoever that was now has a copy of your keepass database. However, it may be that your computer was simply added to a botnet, in which case the harm done to you personally may be minimal.
Maybe a decade or so ago this would be a good answer. But unless you're one of those ThinkPad people who are still pulling for the X220 to make a come back.... A majority of modern laptops don't have user removable batteries.
Yes, they could still be removed in some cases, but its often not for the feint of heart and not something many people would want to undertake.
Is it really the majority? Or just on macbooks and the high end lines like that? I didn't think my laptops were that old (3-5 years) and they all have removable batteries.
I hadn't thought about it, but I have a newish business class Dell and I don't think it does have a removable battery. On the other hand, I have a Dell laptop from circa 2011 and it does; in fact I got the extra large one that sticks out awkwardly.
Yep. Same effect, really, and in fact this is more likely to be secure because there's a chance that pulling power will damage something or scramble data on disk.
The article's solution is amusing and "cool" but not really secure at all. If you're worried about physical security of devices, don't take them to coffee shops.
shutdown -h now
or the more recent incantation (from memory)
systemctl shutdown
would be less violent.
AFAIK it can't be stopped either, and at least it sync's and umount's filesystems properly.
Violent is the point-- shutdown might be prohibitively slow. Or it'll get stuck waiting to umount a network share. Or maybe, you want the DRAMs to go dark and start losing ASAP, I don't know. If you must, simply precede 'o' with some sequence of 's', 'e', 'u' so it'll go down hard and fast, but still a bit controlled. I find that 'u' succeeds more often if done after 'e'.
FWIW, this is just what I do with the keyboard (but more slowly) when something went wrong enough that I can't even switch to a text VT and recover. Sometimes even 'b' won't hard reset it-- which indicates everything was already hosed, or maybe just the keyboard. Presumably the umount didn't work either, but I gave it a chance.
Ross Ulbricht, who was apprehended at a public library while logged in to various accounts. As I recall a plain clothes agent distracted him while others then tackled him.
According to the book "American Kingpin", they had worked their way into the administration staff for the Silk Road, and used the site admin IM chat to ensure that he was using his laptop and actually signed into his account before rushing him in the library.
Other English speakers I know complain about our orthography: bought, caught, draught, etc. But, yet, here we are with a “word” pronounced “of” and spelled “‘ve”! Now that’s awful orthography!
In my household I'm the English nerd, although I have no degree behind it. I'd correct my wife when she wrote "would of" but then I listened closer when she talked: She wasn't saying "would've" she was saying "would of".
That's when I gave up. There are a million other reasons to love my wife, and her proper use of 'would've' wasn't one of them to begin with :)
She does not. They are the same to her. We're also native speakers from the Reno NV area, which is heavily influenced by Sacramento and San Francisco language.
others have covered the correct full form, but to the issue of the pronunciation, it's not pronounced "would of" it's MISpronounced "would of". You can make any weird confusing pronunciation you want out of anything if you're willing to say it "wrong". The correct pronunciation of the contraction, as another hinted at is basically "would have" without the h and the a becoming an sound "uh" instead of an "ah" sound.
After that incident I basically wrote this program in java that monitors a usb port for a device with a given ID. If it does not find it then it locks the computer.
There are udev rules to defeat this kind of thing, law enforcement use USB mouse jigglers to keep computers awake for example, these can be filtered out and ignored.
> You could just have a usb thumb drive on a retractable lanyard (think RFID badges or DoD Common Access Cards), but what if that thin retractable cord just snaps–leaving the USB drive snugly in-place in the laptop?
You could also just use a thicker cord.
The project, no offense to the author, could be renamed: long USB cable with a magnetic usb attachment.
> As of yesterday, that’s [stolen laptop] a hard attack to defend against.
Which is just wrong; the author did not invent anything here - anyone I’ve known that’s ever been worried about this scenario has implemented it already with <yubikey/access card/arbitrary usb>.
* extra PSA: if you’re worried about this but somehow haven’t already required 2FA for all your accounts and admin access on your laptop, then you should re-evaluate your threat scenarios.
> extra PSA: if you’re worried about this but somehow haven’t already required 2FA...
I’m aware - I’m pointing out that it’s extremely likely you already have a physical device you can attach to a cord/chain/braided-steel-cable and use for the “snatch and grab” scenario. And that a snatch and grab is just so unlikely compared to any other security threat imo.
> We do what we can to increase our OpSec when using our laptops in public. But even then, there’s always a risk that someone could just steal your laptop..."
Couldn't you just pair your computer with your phone (or something that you keep on you) via blue tooth, detect the loss of signal, and then trigger whatever action you'd like to trigger?
I'd like to see a more practical solution for removing disk encryption keys from RAM.
For example, wipe the disk encryption key from RAM, but then pause all disk IO and present some kind of UI to re-enter the encryption key to continue using the system.
Encrypting all of system RAM can also quickly be done - perhaps a kernel module which in the case of a panic encrypts all of system ram with a key derived from your disk encryption key would be handy. Then when the key is available again, ram can be decrypted and processes resumed.
Can someone explain to me in laymen's terms what this does? It renders the motherboard inoperable? Kills the display? How do you recover from this if you ACCIDENTALLY unplug it?
Nitpick, it can do whatever you want it to do that’s possible in software. You’ll be disappointed if you want to have it drill a hole in your hard drive ;)
It appears to simply be a USB plug that works with a simple software driver to automatically log out if the USB is unplugged. The scenario is a snatch-and-grab of the laptop while the user is logged in to a highly-secure, high-value online account.
Not something most users likely need but I can imagine some TLAs being interested in something like this, as it looks pretty inexpensive to implement.
It simply uses udev to identify when the USB device is removed, then executes a linux command of your choosing. In the examples provided, he demonstrates a simple 'lockscreen' and 'shutdown' command.
It's clever, I'll admit, but the name leaves more to be desired with a name like 'buskill'
The article shows two different configurations, one that simply triggers the screensaver with a lock screen, the other to fully shut the machine down. Recovery from both of those is fairly straightforward.
Saw a demo 20 years ago at Infosec(UK) of a company selling a dongle which with corresponding pass, acted as a proximity authentication and locking when you walked away.
Today, most laptops have cameras which can offer the same level of proximity detection if you away from the laptop. That would make this type of solution doable via software that way, albeit a bit more of a software load overhead.
This is a really neat project but it’s also not really a solution to anything.
First, it doesn’t solve for the scenario of person pointing a gun at you and telling you to access your top secret files for them. That will defeat most forms of security and so if physical access is a concern you probably shouldn’t be logging in at your local coffee shop.
Second, a thief who wants your computer for its monetary value isn’t interested in its contents. Your normal drive encryption and screen timeout restrictions have you covered there. They’re gonna wipe your computer, sell it, and move on.
Institutionally purchased hardware is often equipped with zero-touch provisioning (such as Apple Device Enrollment). These products can be bricked at the hardware level they moment they touch the Internet. They’ll need a new logic board, i.e. new soldered on storage, i.e. they’re not even necessarily worth stealing.
Third, the idea of a magnetic connector’s removal locking or bricking your computer seems awfully inconvenient. That’s gonna be constant false positives without a gain in security.
If you’ve got someone who is after you to obtain your secret company info and knows enough to cause mayhem, you’ve got much bigger problems than whether or not your screen is going to lock. They’re also probably going to use social engineering, targeted malware and spyware, not brute force physical access.
It's a solution to situations like https://en.wikipedia.org/wiki/Ross_Ulbricht#Silk_Road,_arres... , where the laptop is taken by people who (a) can legally seize it, (b) can legally search it, but (c) probably can't legally compel you to produce passwords.
The author of the article clearly had that or something very similar in mind when he wrote this piece. It reads exactly like that story (I had the same thought as you).
It's a very good solution for people who don't know you have something like this. Clearly if the FBI (or whatever) knew of the USB kill device, they'd take a slightly different snatch and grab approach. However if the adversary doesn't think or doesn't know you have something like this, then it can be used to great effect.
If they don’t have due process laws they can throw you in jail until you produce the decryption password, and if they turn on the computer and it’s wiped they’ll throw away the key.
If there is no due process, all bets are off and your best defense is to be uninteresting to authorities.
Your first point is moot, because a person could point a gun at you even when you don't have your computer and demand your passwords, or even kidnap you and force you to log on somewhere else. This solution doesn't aim to prevent that kind of thing.
Your second point is moot, because the intent is not to protect the hardware, it is to revoke access to data. A self-destruct protocol is not about preservation of property.
Your third point is moot, because the intent is not to be convenient, the point is to create a dead man's switch.
You're thinking about this from a Consumer/Enterprise standpoint, but that's not what this is for. This would be great for political activists in oppressive countries, as an example.
I agree I think it's a neat project, however you can't say that it's not a solution to anything. The introduction describes a thief snatching and running with your laptop just after you've logged in to your online banking. I think that's a good example of something this solves, even if it's a really narrow use case. Slippery sloping your way to "gun pointed at you" is like saying the lock on my front door doesn't solve for anything because there's a glass window right next to it. BusKill is better for coffee shop thieves than it is top secret gun blazing spies.
Regardless, k_sze posted somewhere else in this discussion xkcd 538 (https://www.xkcd.com/538/) and I have to agree with him.
If you're using a macbook, isn't "Find my mac" enough to erase remotely?, I understand this is a faster disabling mechanism but also a bit inconvenient. I wish there was something even easier, like a tiny usb drive with a remote control
Or still be in possession of your phone, if eysomeone is trying to gain access to the data on your laptop, good chance they will be interested in your phone too
> In less than 60 seconds and with the help of a rubber ducky, the thief could literally cause millions of dollars in damages to your organization.
Kudos for the imagination, but in real life for most developers not vendorizing and auditing their dependencies (+ downloading them all from production) is most likely to cause such havoc (regardless if dozen thousands or millions of damage)...
I imagine this might likely happen in places like security and programming language conferences, especially when you leave your belongings around unattended for a minute or two.
The ideal scenario IMHO would be to have to authorize/reject devices from connecting to your machine (and limiting the scope). I don't know much about USB-C and know it is hard, but I see Apple coming up with something like this in the future (maybe along with Apple Watch detection for quick logout - you can already use it for logging in).
Would this have stopped the FBI getting the Silk Road laptop? I wonder if they're looking out for these things. I know when they take computers that are running, they keep them running and powered on with a portable power supply
Wow, a solution for a problem we never have to worry about in Asia. Why can't your government just crack down on theft so that people can be allowed to use their laptop wherever they want without fear?
On systemd enabled systems, try "loginctl lock-sessions" as udev cmd. It should work on common desktop environments.
If you have something custom try xss-lock to react on the lock-sessions signal.
The connection between the smartwatch and the computer would, in practice, be wireless, which is something the author wants to avoid because it's easier to hack without the victim noticing.
I'm doubtful one exists for android or iOS but I can imagine it wouldn't be that hard to implement with a smartwatch signalling to a phone (instead of a laptop). The only trouble a developer would have with implementing is if they have sufficient access to APIs that might be private and the ability to run a background service using the APIs at a sufficient interval.
The heart rate of your examples are somewhat different compared to an active threat for most people I assume from being in a situation when a crime is taking place. Although, I would be curious to view trials of each situation showing the heart rate measurement with the statistical average result.
Many other potential variables as well. When experiencing this event, how long does it take your heart rate to reach a point it can be identified as worthy of triggering the switch? Is the laptop still in range of your smart watch at that point? Then there's the reliability of the wireless connection and the watches ability to accurately read your heart rate (make sure it's seated correctly).
If this is a situation you're actually concerned about, the approach in the article seems simpler and more foolproof.
I assume you would want the computer to be locked if the watch signal dropped and being concerned enough to desire the feature in question. I'm doubtful one's heart rate isn't increasing in an event of theft and where it wouldn't lock a person out in time before for a person significantly uses the device. There are multiple variables but I can also see the wired approach being futile in situations where a person is pinned down by multiple people.
reminds me of a tragic death the other day where someone in a Starbucks was killed getting flung off a car while he was trying to save his laptop from robbers who grabbed his computer.
There was a story not long ago about an old man who rigged up his front door to trigger a gun of some sort on unexpected entry, and ended up getting killed by it.
This really just sounds like a way to inadvertently brick your computer 999 times out of 1000. Seems like something to secure it to your person would be mostly adequate.
"As of today, we have BusKill. The BusKill solution described in this article can trigger your laptop to self-destruct if it’s physically separated from you."
I was expecting a "kill switch" destroying the computer, but that's just a thing that switch off your laptop when unplugged. I guess you could also do this with bluetooth, for example.