USBKill Transforms a Thumb Drive Into an "Anti-Forensic" Device

Orome1 writes with a snippet from a report at net-security.org; a hacker going by Hephaestos has shared with the world a Python script that, when put on an USB thumb drive, turns the device in an effective kill switch for the computer to which it's plugged in. USBkill, as the programmer dubbed it, "waits for a change on your USB ports, then immediately kills your computer." The device would be useful "in case the police comes busting in, or steals your laptop from you when you are at a public library," Hephaestos explained.

oh the fun

[turkeydance]

we coulda had in school

Re:oh the fun

Stealing all the balls out of all the mouses of all the school computers wasn't enough fun for you? ;)

Re:oh the fun

[TheCarp]

Even back then I knew stealing was wrong.... but unauthorized writing of new files never bothered me.

So I used a race condition I found in the Macintosh security software at school and used it to copy icons of porn over all the desktop icons, so anyone trying to launch word got tits.

And of course, I did it as my person Senior year prank, on the way out the door when all the other classes still had a couple of weeks, on the last day for seniors I slipped unnoticed into the computer lab, did my deed, and slipped out, and walked out of the building.

They never suspected someone without the password did it (a bunch of people had the password of course).

I ran into some of the guys from the lower class years later and got a "wow that was you!"

Re:oh the fun

[Anon-Admin]

Now I feel left out, the Commodore PET's we had in school did not have mice, or hard drives, or usb. Just a keyboard and a 5.25" floppy drive. :(

Re:oh the fun

[OhSoLaMeow]

Now I feel left out, the Commodore PET's we had in school did not have mice, or hard drives, or usb. Just a keyboard and a 5.25" floppy drive. :(

Me, too. Our computer was an IBM 360 model 25. Only so much you can do with that.

Although there was a certain card deck that could print out racy pictures on the line printer....

Re: oh the fun

You can 'poke' a PET and it goes crazy. So I programmed a delay and hit that memory location so all the computers would go nuts in middle of the next class. As it turned out there was no next class and those computers self destructed. We had to make do with fewer computer's for the rest of the year

Re:oh the fun

[baegucb]

With a line printer on those old mainframes, just write a program that prints normally, then have it so page skips for hundreds of times so the paper gets all balled up in the printer (depending on model). I did that by accident when trying to program my first game, a star wars type game. And in assembler you can also stop carriage control and print a line of dashes on the same line, and try to break the paper.

Re:oh the fun

[Fire_Wraith]

Or just have it print "Help, I'm trapped in the network" repeatedly.

At the start of a long weekend when no one's in the school computer lab.

Re:oh the fun

[BasilBrush]

Now I feel left out, the Commodore PET's we had in school did not have mice, or hard drives, or usb. Just a keyboard and a 5.25" floppy drive. :(

You were lucky. Our schools two Commodore PETs had only cassette decks.

Re:oh the fun

And in assembler you can also stop carriage control and print a line of dashes on the same line, and try to break the paper.

You could do that with plain old text files, too: ---<cr>---<cr>---<cr>---<cr>---<cr>...

Re:oh the fun

[Marxist+Hacker+42]

No Lace Cards? I had Apple IIe's to work with, loads of fun to be had there.

The right way to do this:

You might need one stick for every port supporting DMA, as that's how most forensics teams do ramdumps without disturbing the computer itself.

USB 3, eSATA, and Firewire, basically.

Re:The right way to do this:

You're overestimating what this "kill switch" does.

To shut down the computer you pull out the USB stick.
That's it.

No killing.
No detecting forensics.

Just a shutdown switch.

Re:The right way to do this:

Nope, well aware.

To abuse DMA for forensics, you need an open DMA-capable port. To free a DMA-capable port, you'd need to unplug one of these... and you get the point.

Re:The right way to do this:

[silas_moeckel]

So your worried about security but not running something with a working IOMMU?

Re:The right way to do this:

The code doesn't run on the usb stick itself, it runs on the cmoputer. The code just looks for any new usb devices being added or removed and if it sees anything it kills the computer, ergo plug in ram dump device to do the dma and the computer shuts down.

Re:The right way to do this:

To free a DMA-capable port, you'd need to unplug one of these... and you get the point.

Unplug what? the computer? Theres nothing running on the usb drive itself its running on the computer.
Leave as many free DMA-capable ports as you want, once something either tires to use or stops using the port the computer goes down no questions asked.

Re:The right way to do this:

[Gizan]

hes saying that if you keep all your ports filled at all times, and someone removes something to start coping or what-not, then it just shuts down

Re:The right way to do this:

[gatkinso]

I assume that your technique requires that the computer be powered on.

Re:The right way to do this:

You dont need to keep your ports filled with USBKill though, any change plugging or unplugging will result in the computer shutting down

Re:The right way to do this:

[INT_QRK]

This appears to be the functional equivalent of a holding down the power switch, maybe a little quicker. Just what one needs. Well, probably not, but if you're that paranoid, you either have a mental condition or otherwise engage in behaviors that merit paranoia.

Re:The right way to do this:

In addition to running an operating system actually utilizing the working IOMMU, and not just for the network card virtualization.

Re:The right way to do this:

Forensic ram dumps don't trip new hardware detection logic. They use DMA only and copy everything down.

Re:The right way to do this:

[CBravo]

You would be right in the pre-'Frozen Precipitation' era.

Re:The right way to do this:

[Phreakiture]

Never

Fucking

Mind.

Re:The right way to do this:

[myowntrueself]

Forensic ram dumps don't trip new hardware detection logic. They use DMA only and copy everything down.

They have to plug into a port.

Every port is occupied. They have to unplug something to plug their gadget in. When they do that, *poof* pupu go byebye.

Re: The right way to do this:

[kenh]

On trains they call those devices 'dead man switches' - when the engineer's foot comes off the spring-loaded switch, the locomotive slows down.

Re:The right way to do this:

[arglebargle_xiv]

You're overestimating what this "kill switch" does. To shut down the computer you pull out the USB stick. That's it. No killing. No detecting forensics. Just a shutdown switch.

How TF did this make the front page? It's a fscking on/off (well, off-only) switch done via USB. What's next, "Dell introduces amazing new kill switch on latest laptops, labelled 'Power'"?

Re: The right way to do this:

Point taken, but there are times when an old fashioned off switch would be handy. For example, when your os freezes on a laptop, it would save the need to hold the power button down for several eternities.

(or when windows chooses to update right when you really, really need to leave)

Re:The right way to do this:

USB 3? [citation needed]. USB does not share the braindead design of FireWire/Thunderbolt that gives peripheral devices unfettered access to the host's memory. It sounds like you're confusing "DMA" with "unrestricted, remotely-initiated DMA".

I don't doubt that there are many security flaws in existing OSes' USB drivers that could allow a malicious device to break in - but those, unlike FireWire, are bugs that can be fixed, and they have nothing to do with whether the controller happens to support DMA or not.

this already exists

[slashmydots]

Doesn't TrueCrypt support full drive encryption and USB-based hardware keys for decryption? That sounds like all this "invention" does. It doesn't actually kill your computer.

Re:this already exists

[Orestesx]

This is to be used in conjunction with TrueCrypt. The summary is alluding to the arrest of the alleged founder of Silk Road at a public library. He was using a computer with full disk encryption, but they physically separated him from the laptop before he could power it off. Attach this to your wrist, and the machine will be powered off when the USB drive is removed from its port.

Re:this already exists

[slashmydots]

Ohhh so the drive isn't a decryption key, it's just a monitored device and the script basically runs
shutdown /s /t 1
a second after it noticed the USB device has been removed. Clever :D

Re:this already exists

[bluefoxlucid]

Which opens you up to all kinds of high circumstantial evidence prosecution. Evidence that you may have been involved in a crime coupled with a psychotic behavior in which you put your computer data at severe risk to handle an unexpected seizure? If they have weak evidence showing your involvement in a crime, the corroborating behavior provides circumstantial evidence supporting their weak evidence; either by itself may be inadmissible.

Re:this already exists

[Dunbal]

If they have a tactical team breaking into your house you are pretty much fucked on circumstantial evidence anyway... It might mean the difference between 5 years in prison and life in prison though. "We're sure he had 'x' on his hard drive" is a lot weaker than "we found 'x' on his hard drive"...

Re:this already exists

[aaron4801]

The question isn't "is this suspicious behavior," since it clearly is. The real question is, "is this suspicious behavior worse than the gigabytes of evidence that is easily collected without it?" If yes, don't bother; if no, use it.

Re:this already exists

[mysidia]

with a psychotic behavior in which you put your computer data at severe risk to handle an unexpected seizure

Auto locking your computer is not putting your data at risk.

There is a very legitimate concern that you might forget to lock it, and you might become the victim of identity theft if some robber pilfers your computer, when you stepped away for a bit and forgot to lock the screen.

The concern about data theft is also a reason to use full drive encryption, Or even back the system up to an encrypted cloud volume, and make the system detect potential theft such as "unauthorized movement while locked" and respond by wiping out the data volume that is disposable, since it gets backed up daily.

Re:this already exists

[bluefoxlucid]

Thing is, someone wiping their drive isn't evidence of a crime. At the same time, various evidence of a crime--Internet connections, behaviors, associates--isn't going to get you a conviction, at all. When you put these together, you get a different picture: we have a highly-circumstantial pattern of behavior that may or may not prove the suspect was a criminal, and the subject panicked and destroyed the thing that may have but was not certain to contain hard evidence proving that this behavior pattern was indeed linked to criminal activity. From all these inferences, we can strongly infer that the suspect was destroying evidence of some crime, for which we have a good outline of what that crime very well could be.

When you hear quacking, there may be a duck, or a TV. If you find feathers, there may be a duck, or a pillow. When you hear quacking and find feathers all over the fucking place, there is almost definitely a duck there somewhere, even if you can't find it; any other explanation involving there not being a duck is a bigger leap of logic than there being a duck somewhere in the area. US courts recognize these types of connected vague images, and overlay them until you develop a sufficiently clear picture that is sufficiently unlikely to be something else--which, really, if you find a dead body and a murder weapon in a bloke's house, all you have is a pretty fucking strong inference to go against an alternate theory of the mafia framing the guy, so it's the same thing: he's only probably guilty, but we're pretty fucking sure.

Re:this already exists

[mcrbids]

So then the police just cut your hand off. One more reason why biometrics isn't such a great idea.

Re:this already exists

[Orestesx]

It doesn't put your data at risk. It doesn't wipe the drive, it just powers off the machine.

Re:this already exists

[Orestesx]

This doesn't prevent suspicion and it doesn't prevent your from being arrested. The police arrest you and seize your property because they think you've committed a crime - at that point, there's no convincing them that you didn't. This is about avoiding conviction or keeping highly sensitive information secret. Of course, if the information on your computer isn't highly sensitive and you aren't doing anything illegal, and you are not super paranoid about your privacy, then you probably shouldn't be using this, because it is suspicious. This isn't for the general public. This is for people who REALLY need to keep their data secret. Even at the risk of raising suspicion.

Re:this already exists

"Pretty fucking sure" isn't enough to secure a conviction in the US. Likewise, finding a dead body and a murder weapon alone isn't enough to secure a conviction. You actually need a complete body of evidence showing that the suspect committed the crime, beyond a shadow of a doubt.

Re:this already exists

[Spy+Handler]

Attach this to your wrist, and the machine will be powered off when the USB drive is removed from its port.

You mean attach a cord to the USB thumb drive, tie the other end to your wrist, and insert the thumb drive into your computer before using it?

Seems like a hassle. The cord would have to be pretty short for this to work. It might be ok for temporary sessions on a laptop at the public library, but not for daily use with your home desktop (which is likely not on your desk but on the floor).

Someone should make a wireless version. Using a USB wireless mouse with those little snub receivers you plug into the USB port could work.

You leave the snub plugged into the computer. When the mouse is turned on, USB state changes and you have a live USB human interface. Then you type in your disk encryption key and use the computer. If the mouse is turned off OR if the mouse goes out of range of the receiver, USB state changes and computer shuts down. Now you just need to pull the guts out of the mouse and put it on a fashionable wristband or whatever.

Re:this already exists

[Zmobie]

Peter Gibbons once put it best: "This isn't Riyadh. You know they're not gonna saw your hands off here, alright? "

Re:this already exists

[TheCarp]

Actually there is no downside AT ALL to using it.

In the end, the drive still exists, you still have the data. If there is nothing there to find, you can always find a way to cooperate and use the data on the drive. However, this tool lets you do that at your option rather than at theirs.

Re:this already exists

You actually need a complete body of evidence showing that the suspect committed the crime, beyond a shadow of a doubt.

No, beyond a reasonable doubt. "Shadow of a doubt" is TV bullshit.

Re:this already exists

[bluefoxlucid]

Arrest is largely a non-issue; it's conviction I'm talking about. Raising suspicion by these activities can get you a conviction.

Re:this already exists

[Orestesx]

Maybe. But getting caught with incriminating data is almost certain to get you convicted. Think about it this way. You're a defense lawyer. Would you rather explain your defendant's suspicious behavior, or an excel spreadsheet showing how much coke he's sold this month?

Re:this already exists

[ganjadude]

so at home you tie it to the leg of your desk and if the door opens step on the string pulling the usb

Re:this already exists

Circumstantial evidence in your context as

"We're sure he had 'x' on his hard drive" is a lot weaker than "we found 'x' on his hard drive"...

I'm sure they could very well convict an innocent man on that alone, in which case, we need to abolish 'circumstantial evidence' or at least limit its scope.

Re:this already exists

[greenfruitsalad]

i still think the best way to protect your data is not to have your data on the computer. i simply mount a remote volume with a command that doesn't get saved in my .bash_history. you can have all the fun you want with my computers, it won't get you anywhere.

Re:this already exists

[TheCarp]

hmmmm one command not in history? How does that work? Do you use some special launcher for it?

Come to think of it, I do that too using a gnome app (cryptkeeper) but the cryptkeeper config still exists so it doesn't hide where the files are. Of course, its in my home dir which is already encrypted so, there is some defense in depth on that.

Re:this already exists

So then the police just cut your hand off.

Perhaps in North Korea or China, but I'm damn sure the police don't do anything like that in a civilised country where they would simply force you at gunpoint to comply, or if in the UK, you can be found guilty under RIPA section III

Re:this already exists

[Gr8Apes]

We're sure he had ...

Objection - speculation.

Sustained, jury will disregard prosecutor's last statement

IANAL

Re:this already exists

[Dunbal]

IANAL

Me neither so I won't play that game. Maybe the phrasing is different and all sorts of little details and lawyer tricks happen, but the jist is the same. It's one thing to have say IP logs of naughty things crossing the internet to your IP, and actually seeing the file on your hard drive and your fingerprints on the keyboard.

Re:this already exists

Commands that start with a space work exactly the same, but don't show in history.

Re:this already exists

Actually there is no downside AT ALL to using it.

In the end, the drive still exists, you still have the data. If there is nothing there to find, you can always find a way to cooperate and use the data on the drive. However, this tool lets you do that at your option rather than at theirs.

You really think you're going to get that drive back, intact with all the data on it?

And would you trust the hardware or firmware to not be bugged with a keylogger or something even more indidious?

Re:this already exists

[jcoy42]

See the following in the bash man page:

HISTCONTROL A colon-separated list of values controlling how commands are saved on the history list. If the list of values includes ignorespace, lines which begin with a space character are not saved in the history list.

HISTIGNORE A colon-separated list of patterns used to decide which command lines should be saved on the history list. Each pattern is anchored at the beginning of the line and must match the complete line.

Re:this already exists

[JWSmythe]

Saying "We're sure he had..." without evidence is not evidence. They have to have the evidence that he actually *did* have what is claimed.

That's the hard part. They have to gather the evidence to get the conviction. Without evidence, they can't get a conviction. At least if you have a competent attorney. If you have a crappy one, you'll get the 5 years because they talked you into taking a pre-trial plea agreement. That's how innocent people go to jail.

Re:this already exists

[storkus]

Someone should make a wireless version

What I was thinking, too. Like they have on Android (built-in to Lollipop, add-in on older versions) and iOS where the thing will lock (possibly scream) when you and your "security dongle" (which can be anything) walk away from each other.

For this kind of laptop security, I'm thinking a Class-3 bluetooth dongle (1 meter range) or even an IR blaster might work.

Another thing that hit me looking at the code: invoking a gentle "shutdown -h now" may not be fast enough. If you're this paranoid, perhaps you should just force immediate power off (crash dirty with no flushing) and take your chances.

Re:this already exists

[Gr8Apes]

True, but my point was you better have something more than just "I think..."

Re:this already exists

Not really, no. All they need is to show that the trail of information they followed that led to his computer. It's a bit flimsy, but the case that he would have had that information becomes a lot stronger if they have more trails leading to his computer.

The Silk Road guy that got arrested was arrested because they already had the trails leading to his computer. Being able to get at all the information on it just made it easier for them to prosecute. They were going to arrest him eventually. They just really wanted to get access to his laptop to get the final confirmation that would make it a slam dunk case.

Re:this already exists

[goose-incarnated]

Arrest is largely a non-issue; it's conviction I'm talking about. Raising suspicion by these activities can get you a conviction.

"Your worship I had no idea that these were law enforcement officials and I worked under the impression that my [valuable IP/mistress love letters/evidence of infidelity/homosexual porn] on the computer can be stolen from me at any time, hence the need for my security measures."

The problem for the prosecution is that even a semi-intelligent reason, like conspiracy theory paranoia, is enough for the court to chuck the "we think he had evidence on the computer" out of admission/evidence. Just because you have something to hide is no reason to leap to the conclusion that what you were hiding is evidence of a crime. Just because they have a trail that leads to your IP doesn't mean that they get to throw the book at you. If they cannot corroborate their trail then, well, even a lawyer so green he needs mowing is going to at least reduce your term, iff they actually manage to get past that pesky "reasonable doubt" bit. Do not give them more evidence in the naive hope that it can't make things much worse.

This is from someone who represented himself in court on criminal charges for violent crimes in three different districts, with three different prosecutors, in three different years AND was acquitted all three times.

Re:this already exists

[t_ban]

Of course, if the information on your computer isn't highly sensitive and you aren't doing anything illegal, and you are not super paranoid about your privacy, then you probably shouldn't be using this, because it is suspicious. This isn't for the general public.

On the contrary, if enough people start using this that it becomes a fairly common practice, the police can no longer single out one person and claim that their behaviour is suspicious. This absolutely should be adopted by everyone.

Re:this already exists

[TheCarp]

Generally data is supplied in the form of disk images, and large binders full of reports. I have seen the stacks in a friend's office who did some forensics defense work. He basically got paid big bucks to load up images of people's files and explain technology to lawyers.

In fact, if you look back just a few weeks here on /. there was a story about exactly what you are saying....but.... the lawyer caught on and caught the police in the act.... he even said he had NEVER received evidence as physical equipment before, always images, which is why he was suspicious.

Re:this already exists

[Marxist+Hacker+42]

I don't know that anymore.

Re:this already exists

[ultranova]

Which opens you up to all kinds of high circumstantial evidence prosecution. Evidence that you may have been involved in a crime coupled with a psychotic behavior in which you put your computer data at severe risk to handle an unexpected seizure?

How do they prove removing the USB drive caused the shutdown? The script is on the computer and thus unvailable with all other data. The USB drive itself can contain any data, giving you a perfectly nonpsychotic reason to keep it attached to your wrist.

Re:this already exists

[0xG]

Or when you sneeze!

Re:this already exists

[niftymitch]

Which opens you up to all kinds of high circumstantial evidence prosecution. ........

But of interesting value for ANY business or ANY consultant or ANY person or any government employee
that might have valuable data on hardware that might get lost or stolen.

A person might have bank records
A consultant might have trade secret or confidential NDA informatio ....data has value or liability....

Since the presence or absence of such a device in a corporate or government context is a strong
signal that the device is interesting or not I can see ALL portable systems get outfitted with such
a device+software. With modern encryption there may be little need for the exit(SmokeAndFire) of
mission impossible but that is possible.

Re:this already exists

i hate to break it to you but your kid thinks she's a duck and your wife is using pillows to practice murdering you.

was less of a leap of logic than your "its a duck" hypothesis.

Re:this already exists

[EndlessNameless]

They cannot cut your hand off, but they can compel you to swipe your finger to unlock a device. This differs markedly from disclosing passwords or encryption keys, which is considered self-incrimination and is therefore protected.

The Supreme Court has ruled on both scenarios. While the distinction may seem moronic to those of us familiar with technology, it is, nonetheless, the law. Biometrics are legally inferior as a means of protecting data.

Re:this already exists

I was removed from a public library on pressures by an African homeless killer once... but anyway. I was also removed from a McDonalds and my laptop **physically separated** from me... but _funnily_... they did not notice it was recoding audio all the time! I did not notice either, from one McDonalds to the next one, all the way recorded, then these policemen storming and keeping the laptop for a while and then mocking and plotting to keep some of my files and programming code! Which they did, but not from the laptop but from a pair of USB sticks... and I it all went recorded unknowingly! BUT! Doubly funnily enough... since McDonalds plays some very anonymous ambient music, youtube does not let the video be exposed around because THEY DETECTED THE MUSIC! Noie music, but those copyright are SOOOO IMPORTANT...!!! Like some people truly do not know what they are doing or they do not know they do not know what they are doing OR somebody is experiment and has no idea... but something is GOING VERY WRONG AND STINKY AND FISHY, if all those guys are so unknowing about computing to act thus...

Re:this already exists

[bluefoxlucid]

In real life, that doesn't work when there's weight of circumstantial evidence to cast sufficient suspicion for a search, but insufficient suspicion for a conviction. Real cases are structured like, "We saw evidence of X insufficient to convict, and then obtained a warrant to search for concrete evidence of X, and found evidence suggesting the likely destruction of unknown evidence, and find it sufficiently likely that such evidence were linked to this crime and sufficiently unlikely that such evidence never existed or were evidence of a separate crime," and get a conviction.

Re:this already exists

[bluefoxlucid]

Possibly through the circumstantial evidence of your search history, your other behaviors, the innoculous nature of the data on the drive, or the universal legal foundation that circumstances suggest it is more likely than not and within the range of reasonable occurrences.

Re:this already exists

[bluefoxlucid]

Businesses wouldn't use something like this. They'd use your vanilla-style proximity sensor.

Re:this already exists

[goose-incarnated]

In real life, that doesn't work when there's weight of circumstantial evidence to cast sufficient suspicion for a search, but insufficient suspicion for a conviction. Real cases are structured like, "We saw evidence of X insufficient to convict, and then obtained a warrant to search for concrete evidence of X, and found evidence suggesting the likely destruction of unknown evidence, and find it sufficiently likely that such evidence were linked to this crime and sufficiently unlikely that such evidence never existed or were evidence of a separate crime," and get a conviction.

I defended myself in real life(tm) not some tv drama. In criminal cases there is no "sufficiently likely", or "on the balance of probability", etc. It's simply "Is there reasonable doubt?" which gets answered "Yes" if all the evidence is circumstantial. The state has to prove guilt beyond reasonable doubt so uncorroborated circumstantial evidence is not considered.

Regardless, the court is not allowed to infer a criminals guilt; they have to be convinced. Saying "We're convinced based on these suspicious activities" is just asking for an overturn on appeal and no judge wants his judgement overturned - makes him look incompetent.

(Like I said, I've been arrested, tried and acquitted multiple times. In Real Life, not a TV drama. More than once all I've had to do is sum up by saying "the state has failed to prove guilt beyond reasonable doubt.")

Re:this already exists

[bluefoxlucid]

I defended myself in real life(tm) not some tv drama. In criminal cases there is no "sufficiently likely", or "on the balance of probability", etc. It's simply "Is there reasonable doubt?"

I found a murder weapon on you, blood on you, and a dead body in your yard. All of that could be planted, but it is sufficiently likely that you are the murderer.

What do you think "reasonable doubt" is? It's a sufficient probability of some other occurrence--that is, probability of your guilt is lower than a barrier, and probability of non-guilt is thus high.

Regardless, the court is not allowed to infer a criminals guilt; they have to be convinced.

... a conviction *is* the inference of criminal guilt.

(Like I said, I've been arrested, tried and acquitted multiple times. In Real Life, not a TV drama. More than once all I've had to do is sum up by saying "the state has failed to prove guilt beyond reasonable doubt.")

So you are not a lawyer, and only understand consequences and outcome, not nuances or legal strategy.

Of course USB is a perfect system

[OzPeter]

I mean my USB hub never drops my mouse connection or anything like that. So there is no chance of a false positive.

Re:Of course USB is a perfect system

[SecurityGuy]

No real risk, beyond that of inconvenience. All it does is shut your computer down. It's not wiping anything or physically damaging the hardware, it's just turning it off and relying on you using full disk encryption to actually protect your data.

Re:Of course USB is a perfect system

[ckatko]

Actually, if you shutdown at an important time, that could very much be a problem.

I would personally use a better setup with a lower-level protocol. For example, you could use two GPIO pins connected together. If they disconnect for more than x milliseconds, it fails. (A direct physical connection, no protocols, no hubs.) You could use an audio cable with a dedicated sound port (pci/usb soundcards are dirt cheap) and ensure the signal doesn't terminate. You could use a serial port and send a constant stream of characters that if they terminate (or change significantly) it activates the switch.

You could also just lock the screen instead of shutting down for lower security issues. That way a false-positive just means you enter your password. That would probably open them up to scanning your running memory if you were Public Enemy #1, but certainly less likely for most of us.

Of course, it's kind of funny how none of this would stop the NSA from infecting your HDD firmware and owning your internet connected box long before ever knocking on your door.

Re:Of course USB is a perfect system

[gatkinso]

I would imagine that the consequences of the information on the computer being compromised outweighs the inconvenience of an accidental shutdown.

Re:Of course USB is a perfect system

[gatkinso]

It is invoking the poweroff command (shutdown on Apple), not yanking the power. Read the code.

Re:Of course USB is a perfect system

I thought the method of HDD compromise was only through a Windows vector.

Re:Of course USB is a perfect system

[mysidia]

A slight variant, would be on USB device drop/change.... immediately lock screen Beep, and system will hard power off if not unlocked within 15 seconds. Other mitigating measures might also be taken such as purging any sensitive creds from RAM; temporarily shutting off all network interfaces and unloading unnecessary drivers such as Wireless NIC, Firewire, that might present attack surface.

Re:Of course USB is a perfect system

[Moof123]

That is probably a tactic to be used by the authorities. If they get a hold of the laptop and sneak in some piece of hardware to make the USB drop every now and then, the suspect will pretty soon disable it.

Way back when I worked for a 3 letter acronym this was a pretty low tech solution often employed to circumvent alarms of all sorts. Just randomly trigger the alarm a every few hours at night and within a few days it will be turned off out of disgust or at the orders of any cops that have been dispatched the last half dozen times. Now you can waltz in and do your dirty work.

Re:Of course USB is a perfect system

[Ravaldy]

Shutting down the computer even in the middle of writing is the least of your concerns when you are trying to hide information from the authorities or someone else. What you want is to avoid the system being left in a logged in state.

Last I checked you can also reconfigured what your power button does. You can have it so it shutdowns. In some BIOS you can set it so it turns off "AT PSU" style which is an instant power off.

Re:Of course USB is a perfect system

[Ravaldy]

Anytime you are writing you can corrupt data. Windows is easier to corrupt because it's bloated.

Re:Of course USB is a perfect system

or at the orders of any cops that have been dispatched the last half dozen times.

I don't see why the police would say that unless it was repeatedly going off at night ruining people's sleep, besides I always thought the police favored those things as they keep criminals away?

Captcha: Vandal - huh? does Slashdot know something I don't?

Re:Of course USB is a perfect system

Like the movie, How to Steal a Million.

Re:Of course USB is a perfect system

[Lehk228]

that's pure unadulterated bullshit.

i like linux and use it on several of my machines, but windows has much more robust and mature sudden failure disk recovery and consistency (it has to with all the BSODs over the years)

Re:Of course USB is a perfect system

[BootNinja]

99% of all alarms are false alarms. The police don't like wasting resources chasing down false alarms. In most jurisdictions you have to have a permit, which allows a certain number of "free" false alarms, after which you get charged a fee every time they dispatch to a false alarm. for residential alarms it's usually around $50. but for commercial sites I've seen it as high as $500. per dispatch. Furthermore if you are repeatedly having false alarms in a short period of time, the police will generally inform you that they will no longer dispatch to your site until you provide proof that the faulty alarm has been replaced/repaired.

Re:Of course USB is a perfect system

[Ravaldy]

I'm not one of those /. users that will trash Windows because I'm a Linux or Apple fanboy, if anything I'm much closer to being a MS fanboy than any other.

windows has much more robust and mature sudden failure disk recovery and consistency

The fact is that there's a lot more going on with the OS than says Linux. Half written registry keys can spell lots of trouble something Linux doesn't have to worry about.

As for disk recovery and consistency I'd like to get facts on that matter. Last I checked Linux is the preferred platform used in data centers as well as data devices.

Re:Except they just turn the power off

[ckatko]

Then the drive is still encrypted and they can't use it. Am I supposed to end this with, bitch?

Python script, eh?

[ArcadeMan]

Too bad that's not installed by default on the two most used desktop operating systems.

Re:Python script, eh?

[ckatko]

If you don't have access to Python, I feel bad for you, I really do.

That being said, to be more serious, it's not like you can't port the concept to any language, and any port/protocol. You could have it connected to a bluetooth watch/key/anything and if you walk too far from your computer it automatically shuts down.

Re:Python script, eh?

[stooo]

Python is cross platform, you can use it on any OS.

Re:Python script, eh?

You can't use it on a computer that doesn't have it installed. And if it's a scripted language that means you need the interpreter/compiler on the target system to use the script.

Re:Python script, eh?

[Lunix+Nutcase]

Unless you're claiming OS X isn't one of those two aforementioned systems, you're wrong.

Re:Python script, eh?

But this won't work everywhere Python works.

Re:Python script, eh?

[stooo]

Then, install it.

Hyperbole

s/killswitch/shutdown/

Re:Hyperbole

[Wycliffe]

s/killswitch/shutdown/

Yeah, but that's what a normal killswitch that you see on a jetski or a lawnmower does.
Slightly misleading but the point is that if you remove power and have full encryption then they need the password to turn it back on.

Been done

http://etherkiller.org/

Er...all this does is "shutdown -r now"

[xxxJonBoyxxx]

Here's the source:
https://github.com/hephaest0s/...

What's next - a tutorial on how to press the power button?

Re:Er...all this does is "shutdown -r now"

[snowgirl]

It even syncs the disks before shutting down! v_v

Such a non-news story... omg, this this is "interesting" in so far as an odd tool that has little possible use(?)

Re:Er...all this does is "shutdown -r now"

[MrTester]

Are you sure that is the final source?
Is it possible that this is the code for validating the USB interaction and he didn't want to actually brick his computer with every test?

Re:Er...all this does is "shutdown -r now"

Well, that's sort of the point. The Silk Road guy had full disk encryption, but when he was arrested, he didn't have time to push the power button before they grabbed him and separated him from his laptop. With this script and having the USB key attached to his wrist, he would have been able to shutdown his laptop when the feds took his laptop from him.

Re:Er...all this does is "shutdown -r now"

Well, the Github includes notes thanking people for their changes and whatnot and it was last updated 2 hours ago. Not to mention if you look at the code, his Python coding abilities are terrible. I can't imagine what the script would look like if he actually tried to do what TFA implies it does.

Re:Er...all this does is "shutdown -r now"

[fustakrakich]

Ah, so it reboots... Whatever happened to the reset button? We need those back.

Re:Er...all this does is "shutdown -r now"

[zerosomething]

That reboots the machine! use -h at least. geez

Re:Er...all this does is "shutdown -r now"

With this script and having the USB key attached to his wrist, he would have been able to shutdown his laptop when the feds took his laptop from him.

Riiiight, because the cops are idiots and wouldn't notice and cut the string?

Re:Er...all this does is "shutdown -r now"

Not the way cops arrest people today. It's usually with guns drawn and barking orders at the suspect. They'd pretty much have to know before hand about the setup before they could take steps to counter it. Which gets back your point: Yeah, cops are idiots.

Re:Er...all this does is "shutdown -r now"

[Trogre]

Aww, so it's not quite in the same league as an etherkiller then?

Re:Er...all this does is "shutdown -r now"

[goose-incarnated]

With this script and having the USB key attached to his wrist, he would have been able to shutdown his laptop when the feds took his laptop from him.

Riiiight, because the cops are idiots and wouldn't notice and cut the string?

They bust down the door in full riot gear, weapons drawn.... and don't bother to shout "hands up!"? Just how polite are the cops in your district?

Deadmans Switch

[Liquidretro]

So it's a deadman's switch basically.

Re:Deadmans Switch

[DigiShaman]

No. A deadman's switch is when you have a PC constantly asking for password verification ever X amount of minutes. At the time you don't respond when expected, the logic is that you're "dead", and thus commences the process of self-destruction.

Re:Deadmans Switch

[smallfries]

No. A deadman' switch is an idea that has been around in analogue fail-safe systems for a long time. It is typically a device that you have to hold onto in order to keep the machine running. What you describe is one software implementation of that idea, but the GP is correct that this is another.

Re:Deadmans Switch

[DigiShaman]

What this devices is isn't a deadman switch, it's more like a booby trap. It's actively checking for any change in USB port activity.

Re:Deadmans Switch

That's one version of DMS. Another, more physical version, is a spring-loaded switch connected to a detonator, and wired to explode if you let go of the switch... In this case, take action if USB state is altered. You could of course instead of ussuing the shutdown command place a logical 1 on some pin, and have that set off a thermite charge place on top of your drive. False positive then gets a bit more annoying than a mere restart...

Same name, different things - who'da thunk...

Re:Deadmans Switch

It is a deadman switch. It's a device that is automatically activated in the event the operator is incapacitated. The key feature is that it does something to address the problem of the operator being separated from the controls, and puts the operated device into a safe state when this occurs.

Look at other examples of dead man's switches-
-alarm worn on prison guard's belt that activates if turned sideways- if you knock out the guard or tackle him, it automatically alerts
-dongle attached to operator or pedal switch near controls that turns the machine off when the operator leaves the control interface

It's a dead man's switch.

Re:Deadmans Switch

This is _not_ a deadman's switch: if They manage to get the laptop with the key still in it, it keeps working. The essence of the deadman's switch is "if(no action) stop();", the operating principle here is "if(action) stop();"

The action of starting the script and plugging in a USB key may make you feel like you've depressed the "let go and it detonates" trigger, but if you think this is the case and it actually matters you're going to be sorry. Not to say it isn't useful, though. As long as you don't turn your back to an open door you're *probably* going to have time to yank the key. Intriguingly, few years ago a guy got nabbed precisely because he turned his back to the door in a library. The cops pounced before he could close his laptop; A situation that would've been prevented by a deadman's switch.

Re:Deadmans Switch

[cdrudge]

It is a deadman switch. It's a device that is automatically activated in the event the operator is incapacitated.

How is the script guaranteed to run if the operator dies? It doesn't as the drive may never be removed. A deadman switch that may or may not operate isn't a very good implementation.

Re:Deadmans Switch

[chihowa]

The quintessential dead man's switch, the "let go and it detonates" trigger, can also be bypassed by grabbing the dead man's hand (just like your "if They manage to get the laptop with the key still in it, it keeps working" argument). There's nothing in the definition of a dead man's switch that depends on it being unable to be defeated. Fiction throughout the ages is filled with methods of defeating various dead man's switches.

If the key is attached to the user's wrist and the user is separated from the computer without the key being first separated from the user, the switch is activated.

Re:Deadmans Switch

If you use Remote Access to work with data on a server, you don't have to worry about the data so much on a laptop as it is all accessed remotely. That is what SSH/whole disk encryption is for right?

Re:Deadmans Switch

Yeah, think of a guy holding a hand grenade to prevent being shot by an attacker.

Re:Deadmans Switch

Only if the USB dongle is tied to your wrist or similar.

The basic implementation doesn't care if you get separated from the computer, it cares if the set of USB devices connected changes. You could mail the computer across country without triggering this switch, or you could trigger it by trying to install a new printer.

Re:Deadmans Switch

How do you define when the operator dies anyway? Ask a coroner to come in and manually input time-of-death? At some point we are only dealing with abstractions here - don't be absurd.

Re:Deadmans Switch

[schlachter]

This technology has existed for a long time in military communication equipment. Pull the key out and it kills your data/comms.

Re:Deadmans Switch

I remember someone actually doing this, got laid off, and the deadman's tripped. they got him back in as a highly paid consultant, but tracked what he did and discovered that all he did was re-enter the deadman's password.

Re:Deadmans Switch

It's a matter of likelyhood.

A proper industrial deadman switch today requires that you hold it with the right amount of force, push to hard or let go and it activates. However there is always a small chance that the holder "dies" in a way where the lever/switch will still be in the "correct" position with the correct amount of force applied.

It doesn't stop being a deadman switch just because it's not 100% foolproof.

The script is not guaranteed to run. But the likelyhood that the "bad men" that is trying to get your data would either give you time to remove the USB (by wristband or actively pulling it out) OR that they from ignorance attaches some other USB device (for cloning etc.) is rather high.

All in all a pretty decent deadman switch. You'd have to be pretty paranoid to use it in my opinion, but then again... just that you're paranoid....

Re:Deadmans Switch

[goose-incarnated]

No. A deadman's switch is when you have a PC constantly asking for password verification ever X amount of minutes. At the time you don't respond when expected, the logic is that you're "dead", and thus commences the process of self-destruction.

Nope. That's a watchdog of some type. A dead man's switch is activated at the very instant the operator stops interaction (for specific defined values of "interaction"). They're usually constructed out of an actual switch with a spring. You step off, the spring causes the switch to closed/open and that's it.

Re:Deadmans Switch

[EndlessNameless]

A dead man's switch triggers if the operator becomes unresponsive. This script is an entirely different beast---it triggers when the operator or another party *changes* something.

Combining it with a wrist strap is better but still not equivalent. It may work similarly 95% of the time, but it still requires conscious effort for the operator to engage the protection. It will not work if he is asleep or unable to respond quickly enough. A true dead man's switch will trigger without any operator action whatsoever after it is armed.

A true dead man's switch disables the equipment in the absence of active operator involvement; it requires the operator to take constant action, or else it will trigger. The proposed device is merely a quick shutdown tool and a basic anti-tamper measure.

As an example, if the operator were pinned to his desk immediately and unable to move, a dead man's switch would trigger while this device would not. Same thing if he were shot in the back of the head. If operator death does not trigger it, it is definitely not a dead man's switch---literally or figuratively.

works differently in the states.

[nimbius]

"In case the police come busting in" is a condition typically followed by a hailstorm of bullets here in the United States. Afterwards, assuming you have a winning complexion, charges are fabricated and officers exhonorated.

Our prosecution also works similar to a firehose. Typically if youre arrested for loitering or driving while black, youll be charged with resisting arrest and a large slew of other charges that may not even apply to your specific encounter. Once in jail a member of the prosecution team will approach you with a laundry list of offenses and the threat of decades of years in jail. Mercifully they will offer a plea bargain that, should you choose to simply plead guilty, youll only spend a fraction of that time in prison. If you cant afford a lawyer, and dont have a firm grasp of legal proceedings yourself, this option is generally chosen.

Wiping the contents of your laptop, or refusing to give a password in the US, is generally met with unfavourable consequences. Indefinite forcible detention at border checkpoints without charges, for example, befell moxy marlinspike. computing chicanery in general that goes beyond the relm of 'good consumer' will find you hounded to the end of your days, as was the case of the late Aaron Schwartz. Given my options, id rather feign ignorance than quietly activate a duress payload.

Re:works differently in the states.

[infolation]

Wiping the contents of your laptop, or refusing to give a password in the US, is generally met with unfavourable consequences

Better than in the UK, where it's a criminal offence punishable by two years imprisonment. (Regulation of Investigatory Powers Act 2000, Part III)

And people are really locked up for that here.

Re:works differently in the states.

[ScentCone]

"In case the police come busting in" is a condition typically followed by a hailstorm of bullets here in the United States

I see. You live inside a bad television episode? How many hacker apartment door breakdowns followed by "hailstorms of bullets" can you cite from this month, here in this country of over 300,000,000 people? Please be specific.

Re:works differently in the states.

[sideslash]

The abuses you describe have all happened in one form or another, though they're fortunately not the universal experience here.

met with unfavourable consequences

Clearly you favour spellings that add a bit of colour to the Queen's English, eh? OK, just kidding, but it is fun to speculate that you might be from Canada or the UK.

Re:works differently in the states.

"In case the police come busting in" is a condition typically followed by a hailstorm of bullets here in the United States

I see. You live inside a bad television episode? How many hacker apartment door breakdowns followed by "hailstorms of bullets" can you cite from this month, here in this country of over 300,000,000 people? Please be specific.

Not hacker specific. Any police encounter in the US is with guns drawn.

Re:works differently in the states.

You white people do that constantly. Constantly. Why do you need a source for something that happens constantly. You sound like a Republican. Those people always deny reality. They hate us and want us all to die.

Re:works differently in the states.

We're only into the 5th day of this month, moron. Of course you knew that, which is why you were so specific to limit the scope to a month. "Hailstorm of bullets", is a silly exaggeration, but the number of raids on hackers within the last few years isn't.

Re:works differently in the states.

[mrchaotica]

He overstated it a little bit: if you're dealing drugs in 'cyberspace,' they'll just arrest you. It's only 'meatspace' drug dealers that get shot.

Re:works differently in the states.

[Dunbal]

But two years might be better than the alternative.

Re:works differently in the states.

http://www.courierpress.com/news/swat-team-enters-home-people-inside-arent

Basically the police got the IP of some internet trolls, asked the ISP for the address of the IP and got a search warrant. They sent a god damn SWAT team to the address to execute the search. A SWAT TEAM! The front door was open when they arrived but they had to break the glass on the storm door rather than, ya know, just opening it and threw some flash bang grenades, then came in with their guns drawn. Oh... the people were totally innocent, their open WiFi was used by neighbors unknown to them. When they did actually arrest the real trolls they didn't bring in the SWAT team for that.

Here's the video of the raid: https://www.youtube.com/watch?v=wl3PG4LdYoU

This kind of hits home for me because the police came to my house to execute a search warrant before. They had the wrong address, the person they thought lived there didn't live there so they left after explaining I wasn't their suspect. Our interaction was pleasant but if I lived in a location where they used a SWAT team to execute search warrants I would have had to go through that nightmare.

A SWAT team was originally for active shooters and now we are using them to execute routine search warrants.

Re:works differently in the states.

"In case the police come busting in" is a condition typically followed by a hailstorm of bullets here in the United States. Afterwards, assuming you have a winning complexion, charges are fabricated and officers exhonorated.

Our prosecution also works similar to a firehose. Typically if youre arrested for loitering or driving while black, youll be charged with resisting arrest and a large slew of other charges that may not even apply to your specific encounter. Once in jail a member of the prosecution team will approach you with a laundry list of offenses and the threat of decades of years in jail. Mercifully they will offer a plea bargain that, should you choose to simply plead guilty, youll only spend a fraction of that time in prison. If you cant afford a lawyer, and dont have a firm grasp of legal proceedings yourself, this option is generally chosen.

Wiping the contents of your laptop, or refusing to give a password in the US, is generally met with unfavourable consequences. Indefinite forcible detention at border checkpoints without charges, for example, befell moxy marlinspike. computing chicanery in general that goes beyond the relm of 'good consumer' will find you hounded to the end of your days, as was the case of the late Aaron Schwartz. Given my options, id rather feign ignorance than quietly activate a duress payload.

The US isn't the only country that pulls this. Heck, in Canada you can get 5 years for wearing a disguise during a riot.

Re:works differently in the states.

[fustakrakich]

That's right. It never happens. The police always knock three times and leave quietly if nobody answers. You know what's sad about the summary there is that we have to fear the cops as much as any other common thief.

Re:works differently in the states.

[zugmeister]

Too lenient. 25 years minimum with no parole. Attempt to destroy evidence should carry a minimum 50 years sentence, no parole. It's time the civilized world gets its act together and puts computer nerds into place once and for all. Here you are, swapping tall tales and telling each other how to escape investigation, arming the pedophile, equipping the terrorists. General purpose computers should be banned for ordinary citizens: tablets and locked-down devices will do. Put an end to this digital madness. Now.

I have never seen a stronger argument for the creation of a sarcasm tag. I honestly can't tell!

Re:works differently in the states.

And never do they toss flash grenades into baby cribs.

Re:works differently in the states.

[ScentCone]

Why do you need a source for something that happens constantly.

Because everyone knows you're selling a myth that it "happens constantly." That's why you can't point to a list of examples of it happening "constantly" and instead go right for the race card in order to distract.

Re:works differently in the states.

not if you're Hillary Clinton.

Re:works differently in the states.

Strawman arguments are lies.

Re: works differently in the states.

I don't fear common thiefs

Re:works differently in the states.

Sarcasm? I'm not being sarcastic. Computers have long stopped to be hobbyists' toys. First they became worktools, now they are weapons. Weapons must be tightly controlled and civilians shouldn't be allowed to possess them. I do not need a general purpose computer and neither do you. Get an iPad or whatever. End of debate.

Re:works differently in the states.

Either he's being sarcastic, an RIAA employee, or just an uneducated idiot.

Re:works differently in the states.

Go fuck yourself in the ass with a superheated railroad spike you ignorant, xenophobic, authoritarian fuckwad.

Re:works differently in the states.

[edtice1559]

There's a bad joke about a murder suspect testifying in his own defense. The prosecutor asks him if he knows what the penalty is for perjury. The answer is "A lot better than the penalty for murder."

Re:works differently in the states.

Why do you need a source for something that happens constantly.

Because everyone knows you're selling a myth that it "happens constantly." That's why you can't point to a list of examples of it happening "constantly" and instead go right for the race card in order to distract.

No, he can't point to a COMPREHENSIVE list of examples because the police are not REQUIRED TO COLLECT/PUBLISH those figures. If you want anecdotes, hit google yourself.

Re:works differently in the states.

[ScentCone]

If you want anecdotes, hit google yourself.

Ah, so you can't come up with such a pattern either. As expected.

Re: works differently in the states.

I'll have it my way sooner than you think. Say goodbye to your precious computer with the child porn stash, nerdy pedocreep.

Re: works differently in the states.

No. For baby cribs they use frags or thermite.

Re:works differently in the states.

[AmiMoJo]

The worst part is that if you really are a terrorist or paedophile you will take the two years over the punishment for what you really did. What are the chances that when the police realise that you are innocent and they screwed up they flip a few bits in your Truecrypt key so your password doesn't work any more and you go down for a couple of years?

Re:works differently in the states.

[tehcyder]

Unless you're some sort of crusading twat trying to show that you live in a police state, or you have suffered a serious brain injury or something, then the only reason for not giving up the password to your encrypted disk is because what's on there is going to get you more than a couple of years in jail, i.e. you're a criminal.

A criminal using a computer is a criminal.

Re:works differently in the states.

Since you can't seem to use google, try looking at the front page of slashdot for ANOTHER example:
http://news.slashdot.org/story/15/05/06/1424233/two-programmers-expose-dysfunction-and-abuse-in-the-seattle-police-department

Why do you need a source for something that happens constantly.

Because everyone knows you're selling a myth that it "happens constantly." That's why you can't point to a list of examples of it happening "constantly" and instead go right for the race card in order to distract.

No, he can't point to a COMPREHENSIVE list of examples because the police are not REQUIRED TO COLLECT/PUBLISH those figures. If you want anecdotes, hit google yourself.

Ah, so you can't come up with such a pattern either. As expected.

Re:works differently in the states.

[ScentCone]

So, indeed, you can come up with a story. One. We're talking about the assertion that this is a "constant" pattern. You know, hail of bullets, all the time, as described. You're completely failing to establish the existence of this constant event.

Re:works differently in the states.

So, indeed, you can come up with a story. One. We're talking about the assertion that this is a "constant" pattern. You know, hail of bullets, all the time, as described. You're completely failing to establish the existence of this constant event.

Ok, so you are just a total nut then.
1) The link had 500+ examples. Not one.
2) You are the one introducing the "hail of bullets" as a constant, not me. Keep your straw man to yourself. You are also ignorant about the difference between a pattern of abuse and a P=1.0 of abuse.
3) You are willfully choosing not see to any contrary information to the world view you chose to believe in. That's fine. God may send you to hell over it, or God may not exist at all. I don't know that, but I know you aren't listening.

Re:works differently in the states.

[ScentCone]

You are the one introducing the "hail of bullets" as a constant, not me

No I'm not. I'm the one pointing out to the GP who said we see a constant display of cops busting down doors and delivering a hail of bullets that that narrative is total BS. I'm saying it's BS, and you're citing ... nothing that backs up the absurd comic book picture he's painting.

Really?

[Xolotl]

If you're that worried just work on a remote machine in a secure location via an encrypted remote desktop session. Nothing in local ram or disk. Anyway, since when does "kill" equal "shutdown nicely"? *sigh*

Re:Really?

[maliqua]

i believe they're basing it on the motorboat standard of kill switch, you fall out of the boat it turns off

Re:Really?

[Xolotl]

Ok, thanks for the explanation.

Re:Really?

[freeze128]

Why does the shutdown even have to be "nice"? Ripping the power cord from the back of the machine ought to do it.

Re:Really?

Not on a laptop.

.

Usefull...

tying it to your wrist ensure your computer shuts down immediately if your arrested.

So does tying your wrist to a power cord, breaker, fuse.

The serves the same purpose as keeping your foot near the switch of your power bar.

Now if it instamelted your drives then i'd be impressed

Re:Usefull...

Well, there's new thing called a laptop, which has some newfangled technology called like a bartier or battery or some shit like that. I don't know, it all goes way over my head, but as I understand it, it allows you to unplug a computer from the wall without it turning off. I'll tell ya man, it's true what they say, the future is now.

Re:Usefull...

Well, seeing as it goes over your head, you must not understand that batteries are removable.

Re:Usefull...

seems to me the same thing can be accomplished with a string on a battery release or any number of other ways. a software solution is a solution that's likely to fail when you need it most, a physical solution seems more robust.

since this software solution also requires a physical component why introduce all the other potential points of failure which as we all know software has in spades.

Re:Usefull...

Have you tried removing a battery from a macbook?

Re:Usefull...

And are you going to tie that battery to your wrist as well?

Re:Usefull...

So, don't purchase a computer with a non removable battery if thats an issue to you.

Re:Usefull...

[maliqua]

What everyone in this thread is overlooking is it basically does a 'shutdown now'.

trivially could be done with a power button and changing the acpi power settings to shutdown instantly rather than prompt you then shutdown.

The function of this device is grossly overestimated in the comments

Re:Usefull...

Oh wait I thought you said computer. Macbook... lol

Re:Usefull...

[I4ko]

Or could be done with a pin protected smart card on a cord to your wrist. Pull it out and they system is out.

Re:Usefull...

[StikyPad]

A better idea is an RFID reader and an implanted RFID chip. Separate user from computer and shutdown, or better yet, lock and start shutdown timer unless unlocked. A pain in the ass when you want a sammich, or you want to keep downloading files when you're AFK, but security has always required a sacrifice of convenience. Use a separate computer for "everyday" tasks, and one for sensitive tasks.

While this article is targeted at legal seizures, there are everyday uses as well, like preventing theft of your device on the subway from translating into theft of your data, or preventing corporate espionage. Of course it's an arms race, so if deadman's switches ever became common, then thieves will be sure to remove your implant (ouch) or just bring you along. The next step would be implanted computers, and removing or retrieving information from those will raise all sorts of constitutional issues.

Re:Usefull...

A better idea is an RFID reader and an implanted RFID chip. Separate user from computer and shutdown, or better yet, lock and start shutdown timer unless unlocked.

So then the police just have to hold your hand on top of the laptop (perhaps after you've "accidentally" become unconscious) while they image your disk! Brilliant!!

How do you pee?

[mveloso]

How do you pee if this is attached to you? Do you keep a bunch of one-gallon jugs next to your desk?

Re:How do you pee?

[bigfinger76]

Clever users will detach it, I assume.

Re:How do you pee?

[Dr_Barnowl]

If you're going for a pee break, leaving your laptop alone, powered, is a ridiculously stupid thing if you're security conscious.

You power it off, you take it with you.

Re:How do you pee?

[disposable60]

Or at least lock the desktop.

Re:How do you pee?

[smallfries]

So given what it does... You just go

Re:How do you pee?

[canajin56]

It's not a kill switch that destroys your computer. It's a kill switch that shuts it down after flushing the disk cache (under the assumption that, as a career criminal with a vested interest in keeping your evidence locked down, you have an encrypted file system). So if you go use the bathroom, your PC turns off. If you have a SSD it will take you literally several seconds to boot again and remount your encrypted file system. Slightly inconvenient, but much better than if the police are able to rip your laptop away and attach a robotic device / intern that fucks with the mouse to keep the screensaver from unmounting the encrypted file system before they've had the time to duplicate the contents.

Re:How do you pee?

[suutar]

shut down, go to bathroom, come back. If you're using this, you have decided that unattended uptime is not acceptable.

Re:How do you pee?

[xxxJonBoyxxx]

>> Do you keep a bunch of one-gallon jugs next to your desk?

At the homeless-packed library near my office you'd fit right in.

Re:How do you pee?

[maliqua]

But then they'll just forensic your laptop while your gone,

only solution is to bring it with you

Re:How do you pee?

[dissy]

How do you pee if this is attached to you? Do you keep a bunch of one-gallon jugs next to your desk?

Step 1 - You get up and go pee.
Step 2 - You come back to the computer and press the power button.
Step 3 - You continue with whatever it was you were doing before nature called.

Not all that difficult for a select tiny few, though I can see how most people would be confused and bewildered at the requirements.

Re:How do you pee?

I'm not a doctor but I'm guessing you use your penis.

Re:How do you pee?

To pee??? That sounds extremely painful, and then how do you re-attach it when you're done? You'd have to be a surgeon too. No thanks. I'm not detaching mine!

Re:How do you pee?

What if they trace your IP to the bathroom?

Re:How do you pee?

[im_thatoneguy]

You could... you know... remove the wristband or whatever and then move away. However if they are trying to separate you from your PC quickly they might not notice a mono-filament line. You however could easily slip off said monofilament before going to pee.

Re:Except they just turn the power off

[Loconut1389]

usually they do everything they can to keep the power on including splicing into the power cables or pulling the socket from the wall and hooking it up to a phase locking UPS so they can take the computer still powered on. This is usually combined with a mouse wiggler to keep screensavers and sleep from kicking in.

Re:Except they just turn the power off

[Loconut1389]

For reference:

http://www.cru-inc.com/product...

Wouldn't using this if it were seized...

[mark-t]

.... qualify as deliberate tampering with evidence?

Even if you aren't guilty of whatever they were believing that the evidence on the computer would incriminate you for, that's still a crime, and not a very lightly taken one.

Re:Wouldn't using this if it were seized...

It literally just shuts down your computer when you plug in or unplug a USB device. The only thing it does that's anti-forensics is keeps someone from analyzing the memory due to shutting down the system. It doesn't delete logs or overwrite anything. If they can get you for tampering with evidence by using this, then you need a better lawyer.

Re:Wouldn't using this if it were seized...

[DarkOx]

Its kind of grey area. Full disk encryption could itself be though of in those terms. I mean why are ciphering literally every block of information your store? Certainly it must be because you have something to hide right.

If you immediate start destroying the equipment when the cops show up that is a problems but in the case we have a device that has a normal operating behavior of putting itself into a secured state (by shutting down) whenever your wrist leave its proximity. Its not illegal (yet) to use a secure device. I would expect a good lawyer could spin this one to your favor.

Re:Wouldn't using this if it were seized...

[burni2]

It's all about the question that the definition "seized" and "going to be seized". are clearly laid out.

If the tool is installed to automatically prevent access to the data on that pc - you are not tampering with evidence.

The computer does it on it's own. Also when police comes to you, and you see them your pc is not yet seized, so all actions up until the moment when they take something away are ok.

You should not have a remote connection to the pc (via umts modem, infrared or else) that you use to access the PC remotely and delibirately shut this then seized computer down.

However if you would have a system that automaticly modulates a certain flicker pattern onto your incandescent light bulbs(*) light emmissions, that then would be picked up by a light sensor ..

and locks the pc if the certain pattern is missing would be a good antitheft tool wouldn't it ? The easier way is using an IR emitter and an IR receiver (LIRC)

(*) Which is quite easy as it's an ionized gas, and everything what is over 100Hz won't be noticable by you but a sensor can.

Disclaimer:
only personal oppionion, no legal expert, get quallified legal counsel.

Re:Wouldn't using this if it were seized...

[schlachter]

It's not that YOU'RE tampering with evidence.

It's that you have previously setup a PROCESS to secure your information if you become incapacitated.

Re:Wouldn't using this if it were seized...

"You say Potato, I say Spoliation"

Re:Wouldn't using this if it were seized...

[mark-t]

It could be argued that not advising the officers of the existence of this protection measure when they tell you they are going to take your computer would constitute a willful attempt on your part to sabotage their efforts to gather said evidence, and still be considered as tampering with evidence on those grounds.

Of course, if they don''t tell you that's what they are going to do before they go ahead and do it, then yeah... you probably have a pretty strong defense on that point. But I'd typically assume if they are going and seizing someone's property, that they've already shown the applicable warrant, and so you'd know what they are up to before they go ahead and actually take it.

Re:Wouldn't using this if it were seized...

[myowntrueself]

I still think that parking a fucking huge electromagnet right outside the evidence room is the way to go...

Re:Wouldn't using this if it were seized...

Not necessarily. For example, while it's illegal to destroy documents you know or should know are wanted as evidence, it's not illegal to have a standing policy of "delete documents after X days" (baring a more specific regulatory requirement). I think you could argue this system works similarly and has legitimate purposes outside of hiding evidence, particularly if all it triggers is a logout/shutdown and not actual data destruction.

Re:Wouldn't using this if it were seized...

No, not any more than locking your car when you leave it parked on the street. It's simply a measure to prevent information theft. If you refused to provide access later (especially in response to, say a warrant), I'm pretty sure you would have a problem with the authorities. At that point, it's up to you and your lawyer to weigh the consequences of cooperation against non-cooperation. Of course, we in law enforcement know all of you sniveling entitled man-babies in tech would cooperate once we got done with you with or without your over-priced lawyer. Hey Sabu ;)

Re:Wouldn't using this if it were seized...

[schlachter]

I think you'd have to use reverse-psychology....

tell the officer...."ok, you can have the computer, but whatever you do, you can not have that USB Drive."

Then he will grab it and activate your device for you.

Re:Wouldn't using this if it were seized...

[mark-t]

Uh... not quite... if they *DON'T* take the USB drive. as you literally told them, then they still power it off... The suggestion amounts to knowingly telling him to do something that you will definitely cause the computer to lose its RAM content.

It might be better to respond with something that is entirely factual, such as "You won't get anything from the computer by taking the computer from me". Then, if they take the computer, it will still power off... but you could argue that you even warned them that they wouldn't get anything from the computer if they tried to take it from you, so you could not reasonably be held accountable for the tampering of the evidence that they were trying to obtain.

Re:Wouldn't using this if it were seized...

[Agripa]

How would that work with the 5th amendment? Unless you used explosives or a trap or something to protect your data which could cause injury, it would not be covered by the public safety exception.

I'm innocent! Honest!

Nothing says "guilty" to a jury like intentional destruction of evidence.

Re:I'm innocent! Honest!

Proving this tool was used... now there's the rub.

Re:I'm innocent! Honest!

[disposable60]

You have it attached to your person as you are knocked to the floor. Pretty much a slam (your head) dunk (against floor).

Re:I'm innocent! Honest!

How is turning your computer off "destruction of evidence"?

Re:I'm innocent! Honest!

"Your fault for knocking me to the floor. Next time ask politely, and I'll take it off."

Re:I'm innocent! Honest!

[gatkinso]

A usb stick on a neck lanyard is quite common. The stick came out when you tackled me. I wasn't running USBkill. Prove I am lying.

Re:I'm innocent! Honest!

[tehcyder]

How is turning your computer off "destruction of evidence"?

If you were looking at child porn or cracking someone's online bank account, then turning your computer off most certainly destroys the (immediate) evidence of what you were doing.

Just because something has legitimate uses doesn't mean it can't have illegitimate ones as well.

Re:Except they just turn the power off

usually they do everything they can to keep the power on including splicing into the power cables or pulling the socket from the wall and hooking it up to a phase locking UPS so they can take the computer still powered on. This is usually combined with a mouse wiggler to keep screensavers and sleep from kicking in.

So, could you write a driver that detects mouse-wiggling while you're AFK, and kills the computer?

dem haxx0rz

r in ur thumb nao

I thought it would fry the computer or something

[jonr]

I read the introduction, and was expecting a Mission: Impossible-style "This computer will self-destruct in 5 seconds" with smoke and everything...

Hardware solution

Remove the battery and wrap the power cord around your leg. When the cops pull you away from the computer, or delicately unwrap you and try to move it to a battery, it shuts off immediately without any BS.

Re:Except they just turn the power off

Interesting.

Seems to me a locking screen-saver-like app that pops up periodically regardless of whether or not the mouse is wiggling would take care of that. Might be annoying as hell to use, but if you're really worried about the feds, stasi, imperial guard or whomever accessing your computer, it'd be the way to go.

(Along with hardware methods like some kind of RFID reader built in to the keyboard/mouse which locks things up if the RFID ring/bracelet/patch on your hand goes out of range, etc.)

Pretty incorrect description for a dumb script

The script does not need to be "put on a USB thumb drive"....
It just has to run, watching for a specific USB "device" removal.

Non-news, non-genius, just a "smart" idea for specific uses.

Not the first, but more useful for today

[eastjesus]

Reminds me of something I wrote back around 1981. Working with the early IBM PC at the machine code level several flaws surfaced and for fun I packaged them all together in the boot sector of a 5 1/4" floppy which we put in a "break glass" box and put on the wall (There were no hard drives yet, the XT wasn't out yet). If you placed the floppy in the boot drive it would destroy the hardware in a few seconds. First, there was a bit on the original IBM display adapter (mono text only) which would lock the horizontal sweep on the standard IBM monitor forcing the horizontal output power transistor to overheat and burn out. You would see the display image collapse while the monitor would squeal while smoke (literally!) would come out the sides and back, and die with a $200 repair to fix it. Second, there were no stops on the head movement on those original floppy drives - with the right loop they would step out until the heads fell off inside the case with a pair of clunks if you had a 2 drive system. (Not a difficult repair, but you had to know what your were doing and get into the floppy drives themselves to fix it.) Finally, the speaker ran off of a shift register which could be loaded with a really nasty PWM sound and set to free run. With interrupts disabled and the CPU halted, the machine sat there smoking with a very loud nerve-rattling siren, completely dead and unable to boot. It would require major physical repairs to get it working again. The monitor would stink for weeks afterwards.

Re:Not the first, but more useful for today

[schlachter]

I guess that's one way to secure your data! ...wait..it had no HDD??

Re:Not the first, but more useful for today

very loud siren from an at speaker

yeah, no... annoying, maybe. "very loud", unlikely

Re:Not the first, but more useful for today

[eastjesus]

Not an air raid siren, for sure, but you'd be surprised at how loud that little speaker could be driven full bore rail-to-rail with a square wave at resonance with the case. Even when in an enclosed office on the fourth floor it could be heard inside offices in the adjacent office building.

Re:Not the first, but more useful for today

[PRMan]

I used to work at a place that got a virus similar to your code. A user got it from a bad floppy and the EGA monitors kept blowing up (the user's and 2 more I hooked it up to). I finally hooked it to a Hercules monochrome monitor and the screen came up. I looked up the virus on a virus vendor's BBS system and printed removal instructions and removed it.

Why so difficult?

[Lumpy]

Just set up a script on the machine looking for a specific USB device, start shutdown if the device is not present. This is pretty common stuff, hell my old Lenovo laptop has a smartcard slot in it that would do the same thing if the card was removed.

In fact if you look you can find the same thing all over the place for the last decade on many hacking sites, even back in the late 90's this kind of stuff was on the "scene" I had back to back modems in telcom rooms inside boxes that if the box was opened it dumped 110V into the modem logic boards so that when discovered they would self destruct.

Most "hackers" today probably dont even own a buttset.

Re:Why so difficult?

[gatkinso]

Why a specific USB device? This can be used for any device. Also, you can white list devices. Read the code, or is that not old school enough for you?

Re:Why so difficult?

[Lumpy]

Because making it look for ANY device means I can insert another USB device and then disconnect yours.

Re:Why so difficult?

The old "wirebeast" trick, nice to see it come up now and then.

Re:Why so difficult?

As soon as you insert another usb device this shuts the system down... so what was your point?

Re:Why so difficult?

what's that?

Re:Why so difficult?

What was the purpose of the back to back modems? MITM? Wouldn't you have to simulate ringing for incoming calls, or dialtone for outgoing?

A guy once claimed to me that he was able to record 300bps modems on cassette and play it back through a separate modem to extract the data. I wasn't knowledgeable enough about the modulation to know if that was BS.

Re:Why so difficult?

Why wouldn't the code shut off the computer as soon as a new device is connected or disconnected?

Just have an interface (PW protected) that lets the user enable the connection or disconnection of devices.

Re:Why so difficult?

Either of those steps on it's own would cause shut down.

Re:Except they just turn the power off

[SuricouRaven]

All true apart from the 'usually.' Those devices are expensive, and few police forces have specialists trained in their use. This means calling in support from another force and even more expense. This is enough of an issue that they are not used in routine cases - they'll only bring them out if you are either involved in an exceptionally high-severity crime (Child abuse images, terrorism, large-scale narcotics) or if you are specifically suspected of a computer-related crime and they have reason to believe you have taken security precautions that would require the use of such equipment.

Re:Except they just turn the power off

[monkeyzoo]

But no Windows support?

yea every idiot has it

... and php
lol

Explosives

MFW 2015 and not having 4 pound of C4 inside your computer.

so it runs

a minimalist version of windows bob - and the computer commits suicide as the only way out.

I'm playing here anymore. First captcha was 'reactor' and second was 'nubile'. This place looks like a honeypot trap.

Re:Except they just turn the power off

[TheCarp]

Maybe, but, I like this better personally because its more immediate. "USB attached to the wrist" scenario is a clear winner because it means the system is shutting down before they even realize what just happened and they have little or no time to respond, there is precious little they can really do to prevent that stick from being pulled.

In the past a friend of mine and I were musing about a setup like this, but our idea was a bit more drastic and less portable.... no battery at all, and power wired to a switch that opens or closes with the door to the room, so just opening the door to the room would kill the system

Never heard of Xyloc, I guess...

If you and your RFID card (which you have on your person, I'm assuming) get more than 4 feet away from a machine with Xyloc installed, it locks the machine. This has been around for several years. Then you just have to have your drive-encrypted OS wipe itself after x number of failed login attempts.

As opposed to Rube Goldberg over there with the fishing line and the USB dongle. Nice work, Rube. Nobody thought to bring pinking shears.

Re:Never heard of Xyloc, I guess...

[gatkinso]

The fact that you have a Xyloc RFID card on your person is rather telling. Much more so than the fact that there is a USB stick on a neck lanyard laying there on the floor next to the spilled coffee.

Nothing like leaving evidence around (evidence that only serves one purpose).

POLICE!! kill PC! "you need to download update for

you need to download update for your PYTHON AND DOT NET to continue.
lol are you all retarded here?

Re:Except they just turn the power off

[Linsaran]

Yes, I suppose a baton would work well in the immediacy of the moment. However for any country that isn't part of the 3rd world, you can reasonably expect to get your day in court, so saying 'lawyer' might get your head beat in a bit, but it's still probably the right thing to do. Evidence obtained because you got beaten with a baton would be inadmissible in US courts at very least. And given the current publicity about cops using excessive violence these days, I think it's unlikely the police would stoop to those sorts of behaviors against someone who's only resistance to them is not answering self incriminating questions.

Re:Except they just turn the power off

[houstonbofh]

(Along with hardware methods like some kind of RFID reader built in to the keyboard/mouse which locks things up if the RFID ring/bracelet/patch on your hand goes out of range, etc.)

Already exists based on the blue tooth in your phone. Walk up and it logs you in. Walk off and it locks the screen.

Re:POLICE!! kill PC! "you need to download update

Not compared to you, Platform Warrior.

Re:Except they just turn the power off

And already defeated using signal boosters.

All you need is a little box and maybe a can of Pringles to defeat bluetooth present security from up to about half a mile away.

It's already being done with cars that unlock themselves when you are near. All you need to do is change the frequency on the booster and it will work with bluetooth.

In fact, if you have two people and are willing to do a bit of hacking, you can probably do it across a cellular link for virtually infinite range.

Re:Except they just turn the power off

[SuiteSisterMary]

Your honor, they were screaming at me, with guns pointed at me, to 'put your hands up! put your motherfucking hands up, or I will fucking shoot you dead!'

So I put my hands up. I wasn't about to risk death to explain to them that this would cause my computer to shut down.

Re:Except they just turn the power off

[uncqual]

I've wondered why those who care don't wire up a motion sensors inside their servers/desktops as well as sensors to detect obvious case opening and start wiping memory (and perhaps some of the disk as desired to wipe encrypted keys - obviously the file system would be encrypted in these cases) followed by a system reset to make this Law Enforcement attack less successful. Generally, Law Enforcement will move the computer to another site and detecting the exact nature of the sensors and disabling them without tripping the motion sensors could raise the cost/time a lot.

Of course, one doesn't want make the motion sensors too sensitive if one lives in California!

my mom could use that!

[schlachter]

She thinks she turns off her computer by pressing the power button on her monitor. she also calls the internet...AOL.

Re:Except they just turn the power off

Oh really? Just utter the words "child pornography" and everything you ever do to a suspect is fine. In fact, you could get into trouble for NOT torturing it. Some kid's wellbeing is on the line, after all. Usually computer + crime = child porn so neckbeards are fair game. Nobody likes them anyway. They're creepy and unpleasant, and nobody wants them around. Especially around children.

Re:Except they just turn the power off

[TheCarp]

If anyone needs someone to talk on how intimidating such a situation can be, they can just ask my wife, she has ended up in situations like this a couple of times just trying to get to work.

Here in Boston the local public transit (MBTA) thugs have a serious TSA hard on. They actually run random bag swabbing checkpoints at stations. In theory, you can refuse and leave, walk right out. In practice, when my wife tried to say no, she had one officer yelling "we have a resistor" as she was suddenly surrounded by people telling her what to do and found herself being railroaded to the the swabber and into the station....so much for a right to refuse and walk out.

Its amazing how intimidating a gang of armed men yelling at you can be.

Re:Except they just turn the power off

[Bob+the+Super+Hamste]

Sadly in a cases like that I kind of which it would happen to me. I can be a big enough ass hole that I would follow up with a Deprivation of rights under color of law case. As an added bonus you can go directly after the party or parties involved and they don't get government protection. I really wish more people would peruse these types of cases against government officials' overreaches.

Re:Except they just turn the power off

[TWX]

You could get a 240V circuit (hot-hot-ground) and in code violation wire it to a NEMA 5-15 or 5-20 receptacle, and use a power supply capable of handling 240V 60Hz, so that when they splice in they brown-out the machine and it shuts off...

Re:oh the fun - old school style

I had to settle for stealing the ass. principles paddle, the coaches paddle, and stringing them up the flagpole...
with oil paint on the handles - lasts for days...

Re:Except they just turn the power off

[TheCarp]

Oh if I had known enough at the time we would have. Unfortunately it happened a couple of times and she waited a while to tell me, mostly because she knew how mad it would make me and she was right, no sooner did she tell me than I was pulling out my phone and calling up their complaints department.

Pretty quickly they got me to someone at their police department who tried to justify the program etc. I did manage to make him go quiet for a second when I called it a jobs program, he just had nothing at that.

I already have this but with bluetooth.

Much more convenient.

Replaced by a very small shell script

This seemed like a neat idea so I just now wrote a 16-line script to lock my screen whenever any usb device is plugged/unplugged. I'm not that paranoid so I saw no need to shutdown the computer, and I don't often plug/unplug devices so I saw no need for a whitelist, but even if I did implement a whitelist, I can't image it adding up to the 172 lines of code that is in the python version from the fine article.

Power switch?

How is this effectively different than a power switch that would instantly turn the computer off? Remember the good ol' days when OFF turned things off rather than running several minutes of "Shutdown procedure?"

Re:Power switch?

hands up or we'll shoot?

Just close the lid?

Why not just close the lid or move the mouse to the sleep corner or if it's a mac press the sleep button?

Re:Just close the lid?

[Marxist+Hacker+42]

The Macintosh I had no lid.

How is this better than a shorted USB device?

Couldn't you just make a USB device with a short in it and plug it in to any USB port to 'kill' a computer?

Re:How is this better than a shorted USB device?

[Megol]

USB ports are very protected so while you could perhaps destroy a port the computer wouldn't have any problem. But there are ways... http://kukuruku.co/hub/diy/usb...

Also you are talking of something that fucks with the computer when one plug it in, the story is about a device that does something when removed.

re: consequences of not divulging a password

[King_TJ]

Exactly.... All of these tactics that prevent authorities from gaining access to your locked / encrypted data are only marginally effective in most real-world scenarios.

It may be true that nobody can really *force* you to give up a pass-code that you've only stored in your own head. But they don't barge in, confiscate your hardware AND arrest you if they don't feel they've already got a pretty good case against you. (If it really hinges only on them getting to see the data on your computer's drive that's password protected, they don't have enough evidence to arrest and hold you.)

I'd venture to say that in most computer-related arrests made these days, they gathered most of the evidence based on data they were able to see transmitted over the Internet or viewed at a remote destination someone sent it to. (EG. Microsoft's current court case against a guy who they claimed massively pirated copies of Windows 7 by illegally activating them. They've got evidence on the Microsoft activation servers that point to his IP address, uploaded by the computers he was activating. Being unable to see anything on his PC is pretty irrelevant at this point for investigators, I'm sure.)

I have cats

[AndyKron]

This won't work. I have cats.

Better; Use TreVisor

[complete+loony]

Use the same USB trick, but run your OS in a VM under the TreVisor hypervisor. When the USB device is removed simply put the machine to sleep.

TreVisor only stores your encryption key in the debug registers of the processor. It places restrictions on running op-codes to read these registers or to overwrite itself via DMA. It encrypts both the disk and inactive pages of memory.

Once the CPU suspends, the debug registers are lost and you have to enter your passphrase before the guest VM can do anything at all.

Re:Except they just turn the power off

[Agripa]

I assume that when they clip in their backup thingy, it would detect the 240VAC as a fault. If *I* was doing it, I would check the voltages with a multimeter before hooking anything up out of habit.

As far as protecting a system versus this kind of tampering, if it is home built then there are all kinds of things which can be done so that it shuts off when removed from the location.

Re:Except they just turn the power off

[whoda]

The USB is attached to your wrist so the cops are certain to find it and put it in their computer, not so you can shut the system down by raising your hands.

High Tech / Low Tech

[confusedwiseman]

It sounds like the plan is to tether a USB key to your wrist that when you pull away from it the device is removed. This then triggers the machine to shut down, allowing your encrypted drive to be "locked".

Alternatively, you could tie a string to your ankle to the power cord, when you remove that device from the "socket" the machine will also shut down, and has no risk of hanging processes which would delay the "power off"

Re:Except they just turn the power off

[SuiteSisterMary]

Alternatively, just watch some swatting videos on youtube. It's pretty scary.

Couple that with 'no-knock' warrants....

Pretty close use case recently

[Tool+Man]

I forget which case it was, but there was one in the news a little while back. Some dark market guy, living on his Uni campus and doing his thing. Apparently the bust tried to do the DPR thing, but he had an encrypted, battery-less laptop and he was able to yank the power cord out.

Re:Except they just turn the power off

[Wintermute__]

Mercury switches and C4, boo-yah!

(User trips and bumps into the table, kaboom!)

Re:Except they just turn the power off

[Agripa]

Explosives have the disadvantage of lacking non-destructive testing.

My favorite implementation for this sort of thing is a reed switch and externally mounted magnet. Tie the reed switch into the reset signal which is available in two different places, the front panel header and the power supply power good signal, and mount the reed switch so that either a magnet mounted to the floor or table under the chassis or inside of something sitting on the chassis is necessary for proper operation. The reed switch could also be used to disable a USB port though so operation would be through USBKill.

Re:Except they just turn the power off

[Bob+the+Super+Hamste]

Well good on you for at least trying to do something. Far too many people just take it. It is like the people who stop at the door of stores when the anti theft alarm goes off. I just keep walking as I did pay for everything and if they do try to detain me they had better evidence other than the false positive machine at the door because then it becomes a case of false imprisonment. Yet far too many people just take it and don't do anything.

Cross-platform alternative with no dependencies

I hammered out a Golang version of this that works for Windows. It's intended to have zero dependencies and more features. Check it out at https://github.com/alaska/deadman
Any and all contributions welcome.

LOL,sounds good until you grab for that

[Trax3001BBS]

Beer, or cola as the case may be.

Re:Except they just turn the power off

http://en.wikipedia.org/wiki/False_imprisonment#Shopkeeper.27s_privilege

http://lifehacker.com/5853355/know-your-rights-if-a-store-detains-you-for-shoplifting

USB-killer

Maybe this was the goal: http://kukuruku.co/hub/diy/usb-killer