Slashdot Mirror
This Laptop Will Self-Destruct
call -151 writes: "Interesting article at wired about how
since 1997, 205 laptops have disappeared from the
British Defense Ministry most with classified info. Oops, left
my laptop on the bus...
So now the plan is to have ``a built-in electronic self-destruct
mechanism that erases a laptop's hard drive if the case is opened by force'' when the code is forgotten, as well as ''a tracking feature that allows a computer gone astray to call home." Maybe we'll see
some of this tech trickle down to other interesting uses ..." Maybe vigilante justice in the future will consist of LoJacked laptops allowed to be stolen, with the Semtex inside blown up via 802.11. Hey -- business method patent ...
now the plan is to have ``a built-in electronic self-destruct mechanism that erases a laptop's hard drive
Windows?
In retrospect I should have patented the idea. I could probably get some decent royalties from assorted intelligence agencies around the world.
If you're from one of aforementioned intelligence agencies, there are lots more ideas where that came from hint hint...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
That way they won't lose important stuff. :P
:)
205 laptops going missing (even if it is since 1997) is still a rather alarming number, considering their contents.
Maybe they should chain them to the owners.
Imagine a boss who wants to avoid confrontation presses a button, nothing says fired like blown off hands and a charred face...
Rehab is for quitters...
"It takes many nails to build a crib, but one screw to fill it."
They may want to consider attaching 15,000 handcuffs at 2 pounds apiece.
One of the main reasons for this is the historical tradition in Britain to rule over peoples and waves, since the days of William the Conqueror. The British have always had a caste system based on gearing the country to wage war, and to rule other countries. The British upper classes are bred to lead over others, even genetically speaking this can be seen - every president of America has been of stout Anglo Saxon extraction.
The result of all this is that the British can exert huge influence abroad, and even today the pax Britannica continues, through our proxies, the Americans, who inherited their ideals from us.
The shining light of Celtic inventiveness and Anglo Saxon ruling and liberty has meant that every corner of the globe has had the values of liberty and democracy enforced upon it. America would not exist were it not for the Mother country.
The secret services are trusted by the British people, as they are composed of boarding school, cricket playing chaps who have been steeped in playing 'the game' since childhood. This tradition is why Britain was aware of the Soviet threat before america, and managed to convince america to join us against the Soviets. Same with Hitler - the Americans were to scared, and thought he was no threat. But Britain nobly stood alone.
In this laptop, we see the traditions of Old England and Empire distilled to a pure essence : Trust noone, treat all fairly and always some first - tho' 'tis no shame to come second, something that our American children have perhaps forgotten.
--
Yahoo has the story about the "missing" laptop here . It seems that A Defence Ministry laptop computer packed with national security secrets had gone missing after an official left it in the back of a taxi. The official had notified police about the missing laptop but nothing has come out of it. Anyway as the story said this is not the first time: In March last year there were reports that agents of MI5, the domestic security service, and MI6, the overseas security service, had lost laptops containing secret information.
Diplomacy is the art of letting people have your way
It would sure help make people honest. Sure, that laptop you're illegally pilfering is probably not rigged to explode in your face... but how can you be sure? Best to just leave it exactly where you found it.
And you could extend this to other items as well. Every retail shop could come equipped with one or several decoy items, so if the place gets ransacked, the thieves would either be trackable, or better yet, you could detonate the payload, either something destructive, or something the equivalant to a dyepack.
-Restil
Play with my webcams and lights here
Hopefully the agents who are losing their laptops aren't doing anything super secretive, lord knows if they lose a typical laptop, imagine what could happen with some super secretive 2inch chip
Shit I could write them a script to do this after three failed attempts, and securely wipe their data beyond comprehension. What they should do is give those agents time off with a suspension, ultimately leading to being fired for incompetence and negligence.
Odd that an MI6 agent would be out bar hopping with her laptop. I know the UK is a bit more relaxed then we are out here in the US, however I still can't grasp losing a laptop, let alone going to a bar with a laptop that had gov secrets on it if I intended to get hammered.
Maybe their government should look into a biometrics fingerprint based system which wipes a laptop on a failed attempt.
By purchasing something like some super elite case, I'm sure those laptops which were stolen will be easier to target the next time around.
privacy for the masses
360 degrees of Karma
We have cameras covering every square inch of Britain so that every individual can be tracked.
But we can't tell you where Agent 69 was last Tuesday when he lost his laptop.
And it's a good thing we've got these cameras to keep track of the IRA, or they'd set up us the bomb.
So we'll give each agent a small thermite bomb in a briefcase instead, and give 'em free roam of the city.
The fuck-up fairy must be workin' overtime.
Is it because its more trendy than a desktop or something? Even if this is the case, who cares? Why does the intellegence community need them? If data is sensitive, even in the slightest, it shouldn't EVER be in a position that it could be accidently LEFT LYING AROUND SOMEWHERE! It should remain confined within a secure guarded perimeter. Even when kept internally it is subject to potential security breaches, networks can be cracked, spies can smuggle out information, etc, but at least thats a far cry than being able to just pick up a 4 pound object and walk away with it and spend all the time you need trying to figure out what you have.
Besides this reason, laptops are fragile, expensive, and rarely contain many user servicable parts. Even if you were going to set up a system in a public environment, would you prefer your potential thief to be forced to lug around 40+ pounds of bulky equipment or be able to slide 4 pounds worth of equipment into a backpack and walk away?
-Restil
Play with my webcams and lights here
Suddenly, the MI5 becomes a bigger bombing threat than the IRA.
+5:offtopic,but anti-American
wouldn't it make more sense to make a program that automatically does a low-level format through a phonecall or something? It could be made into the firmware...so it couldn't be deleted by whoever stole/borrowed/found the computer...i think that would be a little better and safer than an explosive computer....
I think the techies just want an excuse to play with fire though...
The anti-salmon
It seems it would be a lot cheaper, and probably more secure, to just encrypt the hard disk. That way, if someone can get to the disk, it still doesn't do you any good.
uhm you must be a dumb ass... That program is written to remove data according to Department of Defense standards. The script I made just uses it to wipe what I specified.
What part of SECURELY WIPING did you miss out on dumb ass
360 degrees of Karma
There are (at least) three extremely good packages available for performing seamless, convenient, on-the-fly encryption of your hard drives. I can't believe they are stupid enough to not only neglect to use one, but also to propose an unreliable physical 'bomb' to destroy the drive! C'mon!
Scramdisk, E4M, and PGPDisk all create 'virtual' mounted disks on your system, which act just as any normal disk. When you boot up, you run the software, 'mount' the virtual disk (it's a large file on your hard drive), and voila. You have a fully high-strength encrypted volume to use just like you would any other disk. Very, very easy. You can even install your apps there if you want.
The data itself is encrypted on the fly, and stored on fully encrypted form on the disk. Therefore, if the volume was unmounted (say, by rebooting), the data is totally unaccessible. If you just rely on your computer to kick into password-protected 'sleep' mode, or use a password-protected screen saver, you're pretty well covered - the only way you can really get by these things is by rebooting - which unmounts the encrypted disk. Abracadabra.
Everyone in business who travels with a laptop should be using software like this. Scramdisk is, in fact, free (Win98/ME, $20 for NT/2k), and open source! I believe E4M is free, as well (not sure about the source).
Take a look:
Scramdisk
E4M
PGP
Why this stuff isn't more universally used by laptop-travelers, especially government-secret or business-secret toters, is absolutely baffling. Hell, it's even easier to use than public-key encryption.
HebGb
Basically what the manufacturer is working on (it's not available yet) is a motion sensor and alarm, tied in with some form of drive encryption. Move it far enough that it thinks it's being stolen (user-configurable parameters) and it bluescreens the system and won't restart without a 16-digit code; the drive contents are protected because they're encrypted using keys built into the motion sensor system.
This is far from optimal:
Still, at the moment there aren't a lot of other options out there either. I'd expect to see quite a few more products along similar lines cropping up in the next few years.
There are certainly more effective possibilities out there....
One possibility would be a combination of hardware-level drive encryption keys and this sort of motion-sensor setup to keep the system from being stolen while active. Keys would be read from a removable device (iButton- or USBKey-like) as part of the power-up process and would be kept in RAM. Removing the key device would trigger a hardware-level system lock (many notebooks have these already, completely independent of the OS) but the system could keep running. Because the system stays on, it remains easy to step away from it while leaving it well protected - requiring the key to be present for drive access would be much more troublesome, because it would mean either shutting down or hibernating the system or having the OS aware of the protection so disk activity could be prevented without the key. This could be done almost entirely independent of the OS, with a fairly simple interface to make configuration changes.
-- fencepost
fencepost
just a little off
Someone quick call britain and tell them the price of pgpdisk is down to 12 bucks a copy.
sheesh. all our notebook employees run this, and we're not even... setting anyone up the bomb.
Simon did this in 1995 Search the page for the phrase "The Bastard wreaks his terrible revenge" and you'll have your reference.
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
More than likely all these laptops wound up on eBay from broke intelligence agents. I know thats what happens to all the missing laptops from my company.
Last night I shot an elephant in my pajamas. How he got in my pajamas I'll never know.
They may want to consider attaching 15,000 handcuffs at 2 pounds apiece.
I'm sure handcuffs don't weigh that much. 900 grams, tops.
The client uploads and downloads blocks of possible keys to and from a central keyserver - and the "reported" blocks have your email address attached to them. So when the PC's/Laptops were stolen, they contacted Distributed.net, who went through the keyserver logs and found the IP address of the stolen computer. This information was turned over to authorities and the stolen computers were traced to the thieves and returned to their rightful owner(s). I am unaware of whether the distributed.net client(s) were CLI or GUI, or if they were running in "hidden mode". If in hidden mode they'd be invisible to the thief.
It's an interesting (and free) solution to finding stolen laptops... well... as long as the thief goes out onto the internet before wiping the hard drive.. but how many thieves are that saavy?
[Connection closed by foreign host]
There's been a lot of discussion of various ways to encrypt drives for protection, and also of ways to cause drives to self-destruct. The problem with the encryption systems is maintaining the secrecy of the key, when the attacker has access to all the hardware and software. The problem with the self-destruct systems is keeping things sufficiently controlled to destroy the data but not hurt anyone.
The following synthesis makes sense to me: Have the drive encrypted with a symetric-key cipher. Have the key stored in NVRAM or some equivalent. In normal operation, the encryption and decryption is handled transparently. either by software drivers, or (better yet) by the drive controller itself. Because no person needs to know the key, it can be truly random and long enough. To activate the self-destruct, simply erase the key. I don't know much about NVRAM, but I imagine that it is possible to "wipe" it sufficiently that the data can't be recovered. If not, this idea would have to be modified.
In the best-case scenario, all of this functionality is integrated into the drive controller, so that data is encrypted before it's sent to the disk, and decrypted before it's returned to the system bus. This makes life easier for everyone since the encrypted drive system looks just like a normal IDE (or SCSI) system from the outside. More importantly, it means that the key can be stored inside the controller card, and never needs to be made available to any other hardware or software. This minimizes the risk of key compromize, even by a malicious user.
The card would have to support an instruction (or physical connection) whereby it could be signalled to self-destruct. This could be activated by LoJack-style equipment, or what have you.
Once the key's truly erased, the contents of the drive become totally unusable.
Store the primary encryption key on tamper-resistant hardware like an iButton. That's designed to destroy the data onboard if anyone tries to open the case, without the need for messy explosives, and the steel case means the tamper resistance is pretty good.
Then use the passphrase to negotiate with the iButton for the key onboard. Unless you can defeat the tamper-resistance, bang goes any hope of dictionary attacks on supercomputers; you have to try each passphrase against the iButton, and it will impose longer and longer delays between tries. A strong password protocol like SRP will prevent some attacks based on this system.
Now the security from your passphrase is vastly greater. The iButton is pretty dinky and can be kept on your keyring (the thing that has your house keys on it, not a PGP keyring); it's unlikely you'll leave it in the back of a taxi alongside the laptop.
Of course the primary key is a proper high-entropy key (100 bits or more) so there's no hope of a brute force attack.
Does that sound secure enough?
--
Xenu loves you!
As usual, Big Blue has an answer.
Their TravelStar (and DeskStar, too) hard drives support the use of a password. The system's BIOS has to support it, but if it does (like the Dell Latitude's, I think), the hard drive will not permit any read or write commands to data areas. There's a master password which can be set to override the user password, but if you control both, and forget both, the only way to get the hard drive back is to send it a special command which will cause it to erase the entire user-accessible data area, then unlock itself.
Don't bother trying to change the logic board, either -- the passwords and settings are stored on a non-externally-addressable area on the platter.
--
It was a Tivo-like device the brand name to which I will not name. Management explicitly stated they didn't want people to be able to upgrade the hard drive. They also had requirements from the MPAA to incorporate copyright contros so that people wouldn't rip the hard drive out and post episodes of Dharma and Greg on the Internet. Hack or crack, they didn't want it happening. A tiny little speck of thermite to fry the circuitry on the motherboard and hard drive would have done the trick quite nicely. They didn't go for the suggestion, though. I'm rather surprised really. They had the right mindset.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Passphrases are typically low entropy beasts; a brute force attack tends to be effective against them if you can gather a decent wodge of computing power. You can use key stretching to make things harder, but that only gets you so far.
So the point of the primary key and tamper-resistant hardware approach is that the attacker no longer has the option of trying passphrases on their supercomputer. With what I'm suggesting, the only way to try a passphrase is to try and use it to log into the iButton. The iButton gets to decide how often you can try in a given time period, and for how long it'll lock you out if those attempts fail. That's vastly more secure.
Also, you now need two things to break in: the passphrase and the bit of hardware. Even if they've used "password" as their password, stealing the laptop still isn't enough; and you're much less likely to leave the iButton lying around anywhere.
Obviously the passphrase will be hashed as part of the key stretching protocol, and obviously you design things so that even if you can break the tamper-resistance you still have to brute-force the passphrase, but the iButton adds a very significant extra hurdle that could really make the difference for security.
--
Xenu loves you!
In practice, it's tough to put the drive encryption on the disk controller, especially for laptops where the controller's integrated into the motherboard. (Most desktops also integrate it, but you can still run a separate controller board.) Either put it in the disk drivers (so you're writing encrypted blocks to the disk, but not changing the file system code), or else put it in the file system code (which has different limitations, but is much more friendly about keeping encrypted and unencrypted partitions, e.g.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
16 digits? That's only ~48 bits, which is way lame, and doing decent encryption doesn't take any more work. And yes, that does invite use of a credit card number as the key, which maybe safer than some kinds of numbers because you won't leave it on a yellow sticky note next to the computer but is otherwise wildly insecure. (Especially to anybody who wants to spend a few bucks on a credit report :-)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Fundamentally, this is a case of governments shooting themselves in the foot with anti-encryption policies.* While there are encrypting file systems available, including commercial and freeware, they're not universal, hardware support for encryption and encrypted disk drives aren't universal, and lots of products are dumbed down to 40-bit or 56-bit crypto because of US export laws and those of other countries which the US talked into adopting. Many of the policies had the pretense, or sometimes the serious motivation, of keeping Commies from getting crypto, because we all know that Commies can't read math books and write software using them, but in large part they were supported and promoted by civilian wiretapping enthusiasts like the US FBI and the UK Home Secretary, who want to be able to keep track of everything their subjects** do, say, write, read, or look at. Instead, they're endangering the security of their military secrets, making it more likely that Commies and Terrorists can get them from stolen laptops and other unencrypted and underencrypted sources like GSM cell phones.
* OK, it's partly the US government helping the UK government get shot in the foot, but Louie The Freeh and Mr Jack Straw really deserve each other...
* Yes, US Citizens aren't technically subjects, and UK people are subjects of the Queen, not the Home Office, but that's not how the internal police forces *feel* about them....
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks