Privacy Advocate Jacob Appelbaum Reports Break-In Of Berlin Apartment

Jacob Appelbaum isn't shy about his role as a pro-privacy (and anti-secrecy) activist and hacker. A long-time contributor to the Tor project, and security researcher more generally, Appelbaum stood in for the strategically absent Julian Assange at HOPE in 2010, and more recently delivered Edward Snowden's acceptance speech when Snowden was awarded the Government Accountability Project's Whistleblower Prize. Now, he reports, his Berlin apartment appears to have been burglarized, and his computers tampered with. As reported by Deutsche Welle, "Appelbaum told [newspaper the Berliner Zeitung] that somebody had broken into his apartment and used his computer in his absence. 'When I flew away for an appointment, I installed four alarm systems in my apartment,' Appelbaum told the paper after discussing other situations which he said made him feel uneasy. 'When I returned, three of them had been turned off. The fourth, however, had registered that somebody was in my flat - although I'm the only one with a key. And some of my effects, whose positions I carefully note, were indeed askew. My computers had been turned on and off.'" It's not the first time by any means that Appelbaum's technical and political pursuits have drawn attention of the unpleasant variety.

Paranoia

[the+eric+conspiracy]

It's not paranoia when they really are out to get you.

Re:Paranoia

It's not paranoia when they really are out to get you.

The distance between paranoia and reality has narrowed considerably.

Re:Paranoia

[cold+fjord]

It is always an interesting question though as to which "they" it is. Appelbaum has access to documents that Snowden leaked. Is it the Russian government trying to get their hands on the full cache of documents that Snowden leaked, assuming they don't have it already? Germany is crawling with Russian spies. Is it the German government looking for more information on US and British activity? Chancellor Merkel brought a former intelligence officer into her government recently. Is it the US government? Is it the Iranian government looking for ways to avoid detection of its agents? Is it another nation, impatient to see if there are any revelations about intelligence involving it but not wanting to wait for newspaper publication that may never come? Is it another advocacy group looking for information to share in the limelight? Is it another hacker group looking for clues as to how to avoid government surveillance of their activities, or for information they can crib into attacks? It is criminal gangs looking for information that can be exploited in many ways - making a profit and avoiding police surveillance? Is it a former lover looking for revenge? All that can be said is that he claims that something happened, but what it means is very much an open question. Various people will claim to know that it was this, or that, but Appelbaum doesn't know exactly what, how could anyone else but the perpetrators.... if they exist?

Re:Paranoia

Burglars wouldn't bother to touch the computer unless they were going to steal it.

Re:Paranoia

[cold+fjord]

Snowden ally Appelbaum claims his Berlin apartment was invaded

Appelbaum ... is one of the few people with access to some of the data held by former NSA contractor Edward Snowden.

You tell me.

Re:Paranoia

[CanHasDIY]

I guess that depends on which group accuses him of having CP on his machine, here in a week or two.

Re:Paranoia

[morethanapapercert]

Criminals skillfully disabling alarm system after alarm system, entering and leaving with next to no trace are the stuff of jewel heist movies. For decades, the advice of experts has been to make things difficult (not impossible) for thieves to steal your stuff. That's because thieves are usually a) lazy b) stupid c)) feeding a habit or d) some combination thereof. As a rule, they are looking for the quick score. The will not spend hours disabling alarms in order to steal your TV/computer/jewellery/etc when there are numerous other apartments in the same building or homes in the same neighbourhood that don't have that protection.

Even if we stipulate, for the sake of argument, that some criminal did break into his home in this manner, that leaves us the obvious question of why the fuck wasn't anything taken? Thieves takes things, that's pretty much the definition! Whoever broke in could have taken all of his valuables, but didn't. Ergo, he, she or they weren't interested in valuables.

Then there is the fact that it would appear that some care was taken to leave minimal traces of the illicit visit. Again, this is not the behaviour of your typical burglar. B&E guys know that most of the time cops won't bother with the whole forensic fingerprints, DNA analysis etcetera. As long as they don't leave clear prints in obvious places, the cops will usually just file a report and move on. It is just not cost effective to spend tens of thousands of department funds to pursue your typical B&E.

The only logical conclusions we can make here is that:

a) The perpetrator(s) were far more skilled and patient than your average burglar

b) They weren't after fence-able valuables

c) They were interested in something they thought he had that none of his neighbours had.

d) Based on the access to his computers, what they were interested in was electronic data of some sort.

e) Given his long standing political views, he may have been investigated by the German intelligence community on general principles, but given his well known connection to Edward Snowden, it is highly probable that he was being investigated by someone with a strong interest in that situation.

f) Virtually all of the groups with access to people with those skills and with a strong interest in the Snowden case are state actors, mostly in the covert community.

I'll concede that there is a small chance that some private sector group might be involved with this. There may be a group on the scale of Anonymous that also acts on the real world/physical level and is (therefore) more paranoid about associating themselves with any actions. One could hypothesize that such a group was looking for data so that they could reach out and help Snowden with his agenda without leaving any clues for other agencies to follow as to how they found him, but I think that is a very low probability. (it would make for a great plot for some cyberpunk novel though wouldn't it?)

There's going to be more of this to come.

[dclozier]

As we improve our ability to keep private things private the government's orginizations will find it easier to snoop by gaining physical access first. There's no doubt we're on the slippery slope. I have to wonder, which orginization broke into his apartment? Or maybe it was a combined effort and they are sharing in the information gained, if any.

Re:seems a little bit sloppy

[wjcofkc]

Just because they are spooks doesn't make them competent.

Re:For the Lulz

Common tactic of the German Stasi https://en.wikipedia.org/wiki/Stasi#Zersetzung

Four alarm systems and not a single camera?

[grumbel]

Come on, he installed four alarm system and didn't bother with a single surveillance camera? I am not saying that there wasn't somebody in his apartment, but it's hard not to think this might have just been a case of a malfunctioning alarm system and a whole bunch of paranoia on top. If the government is after you, at least make sure you get some pretty pictures of them, cams are cheap these days.

Re:Four alarm systems and not a single camera?

[spacefight]

He has pictures. https://twitter.com/ioerror/status/394042003928776704

Re:seems a little bit sloppy

[cold+fjord]

You can't overlook the possibility that they were leaving a message, whoever it was.

Re:Perceptions

[cold+fjord]

It's surprising that there are still some people in the USA who are surprised that your spooks are generally perceived, all over the world, to be criminals.

It is surprising that some people are unable to conceive of the idea that many nations would like to get their hands on the information that Snowden took, and which Appelbaum has access to. For all you know it could be Russians, Chinese, Iranians, Germans, French, Israelis, Swedes, or just about any other country's agents. That is before you consider criminal gangs or hacker groups. Your imagination is far too limited to consider the range of possibilities.

Re:seems a little bit sloppy

[Jawnn]

So someone managed to turn off three alarm systems, but didn't think to make sure that the contents of the apartment were all left in the same position that they found them?

Only if your aim was to hide the fact that you were ever there.

BIOS Attacks

[TechyImmigrant]

Plug in UEFI bootable USB stick.
Turn off
Turn on
Keylogger and remote backdoor installed.

So those machines are toast. He needs new ones.

Re:BIOS Attacks

[SuricouRaven]

And then go over the EFI boot partition, and find some way to compare the firmware with the file from the manufacturer's site. If they have been compromised, don't pass up the chance to document exactly how it was done.

Re:BIOS Attacks

Or, he could be real savvy;

Use a computer of a different architectural type, (Say ARM or PPC) and an EEPROM programmer. Clamp the connector onto the compromised system's UEFI bios, and dump it.

Compare the dump against the vendor's stock image.

Note the differences, Decompile the differences.
Report on the hows and whys of the keylogger.

Reflash the bios with the vendor's stock image, then nuke all harddrives from orbit. (Harddrives also contain updatable firmware, which may be harder to ensure are in a sane condition.)

Re:BIOS Attacks

[TechyImmigrant]

I'd swap out the keyboards as well. Just sayin'

Time for some counter-espionage

[dutchwhizzman]

This computer holds the latest and greatest they have in espionage software and possibly hardware. I'd say get it thoroughly examined so we know what to look for on other machines.Make good forensic copies of anything that is able to hold data in the device and only work on copies of copies so you'll always be able to start from scratch if you mess up or want to prove your findings.

Ugh...

[koan]

None of your hardware can be trusted any longer, your apartment is bugged, and man do I feel for you having to clean it up.

Re:seems a little bit sloppy

[AK+Marc]

My desktop computer moves when I make hardware changes. The dust is medium and consistent. Someone moving the computer to clone a drive or plug something in the back will make it so I can tell, unless they can also clean it and age the dust 8 months. You don't have to be OCD to notice changes. It just helps.

He must be doing something right

By the sound of it, he's doing a lot of things right. Read his bio. I'm very glad and thankful there are still brave men left.

Re:seems a little bit sloppy

[Nyder]

My desktop computer moves when I make hardware changes. The dust is medium and consistent. Someone moving the computer to clone a drive or plug something in the back will make it so I can tell, unless they can also clean it and age the dust 8 months. You don't have to be OCD to notice changes. It just helps.

I use the same excuse as a reason not cleaning my apartment.

This was a message

[argStyopa]

Sure, there are probably some surveillance things tossed in mainly "to be found", but the fact is that a break-in like this - where 3/4 of the systems weren't even turned back on is either a) laughably amateur, or b)(more likely) a deliberate message TELLING him he's under surveillance.

If he's practicing even moderately good security measures, he's likely beyond all but governments' ability to crack. And if they're after him, there are few things that he could do to PREVENT such surveillance.

Re:seems a little bit sloppy

[jd]

Very true. Instill an element of fear in someone who you know will talk about it, creating an element of fear over the wider community. PsyOps. Which we know governments practice.

The Russians know no more than the rest of us - Snowden has made it clear he gave all documents to others, and this is extremely believable. It makes it pointless to limit damage - or even establishing what damage there is to be limited - by capturing or killing him.

Re:seems a little bit sloppy

[icebike]

So someone managed to turn off three alarm systems, but didn't think to make sure that the contents of the apartment were all left in the same position that they found them?

They might have had no alternative but to turn off the three alarms. After all a loud ringing alarm will soon bring investigators of one sort or another.

Who knows just how persnickety his staged positioning of items in the room might have been. That magazine might overlap that envelope on the table "just so", and he could have had photos on his smartphone that he could match better than even a professional team could restore.

Re:seems a little bit sloppy

[icebike]

But turning the computers on is just plain gross incompetence.

Turn the computer off/reboot into a forensic linux cd/dvd, examine the hard drive, do what you want, switch some system files for files more under your control, then hope he doesn't notice you've done these things.... then follow his computer activity/trail, his tor activities....

No "security researcher and hacker" would have his computer set up to boot from the CDrom, or have his bios un-password protected, or his hard drive unencrypted. If they were "Really Good" at computer forensics they might have simply removed the drives cabled them up and cloned them, encrypted partitions and all. (It would be impossible to add their own versions of software to an encrypted drive. Of course this assumes he's not running Windows).

If done right, and everything put back in place, the only thing he would have to determine that the "computers" were turned on would be the power on count in the drive's SMART data.

Of course, he could have gone old-school, and placed a tuft of cotton fuzz in the fan vent. Someone who uses 4 alarms might just be that careful.

Re:Worry about planted nasties

[VortexCortex]

Your web browser will download anything from anywhere the pages you visit tell them to. Even if you browse only encrypted sites the site itself can be trivially exploited via XSS, SQL injection, or the zero-day exploits purchasable on the black market. Now, some of the pages you've been browsing can contain hidden <iframe> tags or if JS is enabled XMLHTTP Requests to download child porn. You'll never see the images, but there it is: an ISP record that your computer regularly made requests to child porn sites and downloaded kiddie porn. The spy agencies can simply put CP on your systems remotely, and give them "probable cause" to search. A physical copy would be quite a nice touch.

This isn't a hypothetical warning. I clean up servers linking to CP about 3 times a year. The government doesn't even have to do anything but make possession of certain strings of 1's and 0's illegal. Then the angsty teen skiddies with a copy of Metasploit inject the illegal pictures to ordinary sites in protest that sexting pics of themselves is illegal. Now, your Internet history clears after a period of time, so if it's not in there right now, it could have been and probably still resides on your drive's free sectors. You should be using whole drive encryption for this reason alone -- Although that doesn't rid the ISP record of your apparent obsession with disgusting perverse illegal imagery.

A police state has two prime tools:
0. Ensure it's impossible to obey every law.
1. Selective enforcement of the law.